SUGGESTED AGENDA TOPICS AND COMMENTS ON PROPOSED PROCEDURES FOR THE NTISSC AND ITS TWO PERMANENT SUBCOMMITTEES

Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170028-8 F0'ITROL N0.E $y ~m2 ! ROSS REF: RIOR PAPERS 04 THIS SUBJECT: NO YES PRIOR CORRES SENT T0: 0THER CO ?E'TS : EXECJTI~! EGISTRY FILE NO: L - /// L7 Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170028-8  Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170028-8 MEMORANDUM FOR: xecu ive Secretary, National Telecommunications and Information Systems Security Committee, National Security Agency FROM: James H. Taylor Executive Director, CIA SUBJECT: Suggested Agenda Topics and Comments on Proposed Procedures for the NTISSC and Its Two Permanent Subcommittees REFERENCE: Chairman, NTISSC Ltr (COMSEC 1-2/150), dtd 5 Oct 1984, Subject: NTISSC Representation 1. This memorandum provides a suggested agenda item and comments on the proposed procedures for the National Telecommunications and Information Systems Security Committee (NTISSC) and its two permanent subcommittees. The Executive Director, CIA, will represent the DCI, including his Intelligence Community responsibilities. 2. We recommend that a comprehensive telecommunications and automated information systems security threat briefing be provided to the NTISSC, including a summary of the security vulnerabilities in DOD systems which were identified in a recently completed survey for the SECDEF. 3. We reviewed the proposed charter for the NTISSC and its two permanent subcommittees and believe that the changes noted in the attachment provide clarification and ensure consistency with the NSDD. We particularly note that paragraph 7e of the proposed Subcommittee on Automated Information Systems Security (SAISS) charter defines guidance to include program and budget matters. NSDD/145, however, makes a clear distinction in the program and budget responsibilities of the System Security Steering Group, the Executive Agent, and the National Manager with respect to automated information systems security vice telecommunications security. Automated information security program and budget recommendations, for example, are only to be reviewed in aggregate. Therefore, we believe that it is inappropriate for the SAISS to provide program and budget guidance to the departments and agencies. Our concerns can be accommodated by changing the second sentence of paragraph 7e of the SAISS charter to read as follows: IINri ACCTFTFn Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170028-8  Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170028-8 "Guidance as defined herein refers to a policy, direction, decision, instruction or advice which concerns planning or applying automated information systems security requirements, standards, criteria, and equipments." ^ 4. I look forward to participating in the first meeting of the NTISSC on James H. Taylor Attachment: a/s Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170028-8  Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170028-8 SUBJECT: Suggested Agenda Topics and Comments on Proposed Procedures for the NTISSC and Its Two Permanent Subcommittees Distribution: Orig - Adse (Return to ICS/IHC) 1 - EXDIR/CIA 1 - DC I 1 - DOCI 1 - D/ICS Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170028-8  Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170028-8 Recommended Changes to the NTISSC and Its Two Permanent Subcommittees o Change last sentence of paragraph 7, Section VII, of the NTISSC charter to read: "Following receipt by the chair, the reports and recommendations shall be forwarded to the full NTISSC for review, formal approval or disapproval, and forwarded as appropriate." Rationale: Clarification of roles and responsibilities of NTISSC o Change last two sentences of paragraph 5a of the proposed operating procedures of both subcommittees to read: "The chair shall vote in the event of a tie. Dissenting views, with supporting rationale, may be provided by any representative, brought to the attention of the NTISSC Secretariat, and forwarded to the full Committee." Rationale: Clarification of voting procedures and handling of dissenting views o Delete the specific identification of the chairman of the subcommittees and replace with: "The Chairman of the NTISSC, with the concurrence of a majority of the NTISSC voting members, will nominate the chairmen of the subcommittees." Rationale: To ensure future flexibility in determining chairmen of sucommittees. Also, should be accomplished by memorandum from the NTISSC Chairman rather than included in the charter. o Insert the following sentence at the beginning of paragraph 3, Section II, of the NTISSC charter: "The Committee shall make recommendations to the Steering Group on Committee membership." Rationale: Consistency with NSDD/145 o Delete the first nine words of paragraph 1, Section VII, of the NTISSC charter and insert the following: The Committee shall submit annually an evaluation of the status of national telecommunications and automated information systems security with respect to established objectives and priorities. Included in the evaluation will be . . . ." Rationale: Consistency with NSDD/145 o Replace paragraph 4, Section VII of the NTISSC charter with corresponding language from paragraph 5b(4) of NSDD/145: "The Committee shall identify systems which handle sensitive, non- government information, the loss and exploitation of which could adversely affect the national security interest, for the purpose of encouraging, advising and, where appropriate, assisting the private sector in applying security measures." Rationale: Consistency with NSDD/145 UNCLASSIFIED Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170028-8  Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170028-8 o Insert in second paragraph, first line of STS charter after the word matters, "relating to telecommunications security" so that this paragraph reads: "Matters relating to telecommunications security under the cognizance of the STS and subject to the deliberations and actions of the STS include . . . ." Rationale: Consistency with NSDD/145 o Change the second sentence, paragraph 7e, of the SAISS charter to read: "Guidance as defined herein refers to a policy, direction, decision, instruction or advice which concerns planning or applying automated information systems security requirements, standards, criteria, and equipments." Rationale: Consistency with NSDD/145 nwri ^CCTCTGn Sanitized Copy Approved for Release 2010/06/08: CIA-RDP97M00248R000500170028-8