MINIMUM REQUIREMENTS FOR SYSTEM SECURITY
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP87T00623R000200070014-4
Release Decision:
RIPPUB
Original Classification:
K
Document Page Count:
5
Document Creation Date:
December 22, 2016
Document Release Date:
November 17, 2010
Sequence Number:
14
Case Number:
Content Type:
REPORT
File:
Attachment | Size |
---|---|
![]() | 168.88 KB |
Body:
Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070014-4
Chapter II
Minimum Requirements
for
System Security
As established in this chapter, the genera]. standards, t}~e system security
requirements for automated data processing systems (hereinafter referred to
as the system), and the criteria for evaluating a system's ability to
protect intelligence information wil]_ be uniformly applied throunhout the
NFiB Community.
II.l. General Security Standards
Il.l.a. Information System Security officer - An lnforrnation system
Security officer (iSSn) will be appointed for each .11~Y system proc~ssinp,
intelligence information. The ISSG is responsible fur ensuring compliance
with the security standards established in this Regulation as well as the
implementing directives promulgated by the responsible authority. The TS~;~
will monitor any changes in system operation that may affect. the security
status of the total system, report major security deficiencies in system
operation, and provide system accreditation staterne.nts and recommendations
to the responsible authority.
TI.7_.a. When a system is approved to process collatE~ral information up to
but excluding Top Secret, all personnel requiring unescorted access to
either the central computing facility or the magnetic methcuri ty
classification level of the collateral information h~>ing processed by th~~
system. All personnel requiring unescorted accF+ss to a remote
terminal/terminal area must have a valid security clcararrce for the highest
security classification of the information designated for input/out.piit rat
the assigned terminal.
II.2.b. When a system is approved to process Top Secret collateral
intelligence information, all personnel. rnquirin~.>, ~rnoscortc>~l access to
either the central comlxiting facility or magnetic stor~~ge facility mast
have a valid Top Secret clearance, and ;rll p~>r~;,~nnel rc?q~ii_ring unescorted
access to a remote terminal/terminal wren must have a valid security
clearance for the highest security classificnt.ion of the information
accessible through the assigned terminal
II.2.c. When a system is approved to process sensitive ~ompartmen*cri
Information (SCI), all personnel requiring nnc>scorted access ro thc> central
comlaiting facility or magnetic media storage facility must h~, security
approved in accordance with DCID 1/14 and havc> t-ormal access approval. for
each SCI program being processed by the system, ;ind all T~ersonnel requiring
unescorted access to a terminal/terminal aria mu 5t he security approved for
the highest security classification of information acc,>5~?ihic~ tttrongh nc~~
assigned terminal.
Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070014-4
Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070014-4
TI.3.a. All system users must be briefed on the need for exercising sound
security practices to protect the intelligence information processed by the
system. Users will be informed of the security classification Level r;t
which the system is operating and the security requir?ments for that level.
II.3.a. The processing of intelligence information at any level requirFrs
that the Need-to-Know criteria he rigidly enforced. That is, even thrnigh
all personnel are appropriately cleared, not all personnel shall
automatically have authorization to see or use all of the data hfrinn
processed.
II.3.b. Approval for unescorted visits to a system approved to process
intelligence information will be requested in advance via appropri,:~tf~
command channels. In all cases, the requF~st must indicate that the per ,on
to make the visit possesses a valid secnriry cla~aranee, is access
approvable for any SCT data being processed, and has an est.?~hlished ne~~d-
to-know.
II.3.c. Administrative approvals (i.e., those not requiring suhstantive
briefings) may be used to grant persons escorte-i ~iccess to the cc~ntr-:l
computing facility and remote terminal areas when, and only when, snc'i
persons do not require access to the intelligence information heini;
processed.
TI.4 Physical Security
7I.4.a. When used for the processing of cnllatcrIli};c>nc~ infnrmrattr~n
the central computing facility and any remote terminal areas must hr~
secured in a manner commensurate with thc~ classificati~r~ ~f thy' information
being processed by the system.
II.4.b. When used for the processing of Top Secret and~~r SCT intc~llinc~ncc>
information, the central computing facility and any remote terminal :;revs
must be secured in accordance with the provisions of I}ETC Physical Security
Standards for SCIFS, NFIB/NFIC-9.1/47.
TI.S. Communications Security. - Commmunications ' in'?:s used to tran:ami t
intelligence information between system components or systems must hr~
secured in accordance with appropriate communications sec~irity directi~~es
for the security level and SCT control. channel(sl of r_ht information
designated for transmission.
TI.6 Emanations Security - The w lnernhility of :~ specific system"s
operation to exploitation of compromising emanation=. must he determined
during system configuration. For new procurements, gui~'nnce on equipment
TEMPEST characteristics should be obtained from the appropri,~tc
comnninications security office, and equipment known to have acceptahlr~
TEMPEST profiles should be selected. i>tirini; the system accreditation
process, appropriate communications security dirnctivns will. ho impiementc>d
for all security elements.
TI.7. System Acquisition - Secure system criteria required to mcc>t th,>
general security standards and system securtty requirements set forth in
this Regulation, or system features/capabilities ova i 1 ~~hl e from ndv~anced
state-of-the-art technology, wilt be included as mandatory in procnr~~m~~nt
requests for all new systems which will process or handle inteltit;c~n~~>
information. Vendor s~.ibmissi_ons for either the development of int~~str?at~~~1
Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070014-4
Sanitized Copy Approved for Release 2010/11/17 :CIA-RDP87T00623R000200070014-4
systems or the delivery of hardware systems rmist includes a review of how
the system satisfies the security-relaters spc~ci.fications inclrlded.
II.S3. Systems Maintenance
II.R.a. All vendor maintenance personnel ,rho service automate!i systr~ms used
for the processing of intelligence information shall possess a security
clearance commensurate with the hi};hest classi.firation level of th,:~
information being processed and access approvahlf, for all SC? hc~inq
processed.
II.R.b. All uncleared vendor maintenance personnel. will be monstnrerl nt all
times by a system knowledgeable indi~!idual poss~~ssinn, a v.:rl id ser?nri ry
clearance and access approvals for the hi i;hest sE~cnri ty cl nss i f i c?at i nn ,~.nri
SCT control channel(sl of the information being processed.
II.R.c As a rule, the use of. remote diagnostic links for the m.~intenancr~ of
systems processing classified intelligence information is prohibited. T'~~~
NFIB member may, however, grant exceptions nn a rase-by-casn basis provided
all channels to data storage devices are riisablr~d, intc'rnnl rnE~mory ,rn~',
memory buffers are cleared (both before and after th~~ use of the di~? nostic
capability), and a separate operatinn system is Wised d~iring the diaQnnsrir?
procedure.
Sanitized Copy Approved for Release 2010/11/17 :CIA-RDP87T00623R000200070014-4
STAT
Sanitized Copy Approved for Release 2010/11/17 :CIA-RDP87T00623R000200070014-4
Next 10 Page(s) In Document Denied
Q
Sanitized Copy Approved for Release 2010/11/17 :CIA-RDP87T00623R000200070014-4
Sanitized Copy Approved for Release 2010/11/17 :CIA-RDP87T00623R000200070014-4
Sanitized Copy Approved for Release 2010/11/17 :CIA-RDP87T00623R000200070014-4