PROBLEM AREAS IN THE AUTOMATIC DATA PROCESSING ENVIRONMENT
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP89B01354R000100120010-7
Release Decision:
RIFPUB
Original Classification:
U
Document Page Count:
2
Document Creation Date:
December 21, 2016
Document Release Date:
May 30, 2008
Sequence Number:
10
Case Number:
Content Type:
MEMO
File:
Attachment | Size |
---|---|
![]() | 98.43 KB |
Body:
Approved For Release 2008/05/30: CIA-RDP89BO1354R000100120010-7
FOR OFFICIAL USE ONLY
Op-92C2/dts
Ser 3803P92
MEMORANDUM FOR THE CHAIRMAN, COMPUTER SECURITY WORKING
GROUP, UNITED STATES INTELLIGENCE BOARD
SECURITY COMMITTEE
Subj: Problem Areas in the Automatic Data Processing
Environment
Ref: (a) IBSEC-CSWG-M-2 dated 2 Jul 1968
1. In response to reference (a), the following Navy
problem areas within the ADP environment are identified:
a. Multi-level, remote terminal ADP installations.
The ADP security area of greatest concern to the
Navy, and for which the first priority of effort is
recommended, concerns those problems generated by third
generation computer equipment with its online, remote
terminal, time sharing and multi-level capabilities.
Specific problem areas include:
(1) Protection at Boundaries - to insure that no
information is passed to or accepted from any portion of
the system at a security level not commensurate with the
certification of that portion of the system. (Should
include a determination of the acceptable level of risk
for failure of this security function.)
(2) Identification of classification - an
adequate means of notifying users of the classification
level of the information furnished to them by the system.
(3) Recei tin - to include a method (i.e., a
log of transactions) indicating that classified informa-
tion provided any user by the system.
(4+) Certification - the procedure for certifying
a multi-security level system and the requirement for re-
certification when changes in the hardware or software
occur.
(5) Remote devices - the physical security and
access control required a remote input and output device
installations.
DEPARTMENT OF THE NAVY (?, l)P
OFFICE OF THE CHIEF OF NAVAL OPERATIONS
WASHINGTON, D.C. 20350
Approved For Release 2008/05/30: CIA-RDP89BO1354R000100120010-7
Approved For Release 2008/05/30: CIA-RDP89B01354R000100120010-7
Op-92C2/dts
Ser 3803P92
(6) Inadvertent dump - the protection necessary
against intentional ntampering, spurious altering or loss
of data.
b. Collateral problems.
Associated with those security problems unique to
multi-level, remote terminal ADP installations are security
problems also common to earlier computer systems. These
problems have already been solved or resolved by the Navy
out of necessity, and it is recommended that initially they
be examined in connection with the multi-level, remote
terminal problem. Policy developed could then be applied
to other ADP systems when more effective security is
provided or when uniformity in security measures between
the various government agencies is desired. These collat-
eral security problems include:
(1) Downgrading and declassification of discs,
drums and tapes
(2) Personnel access control
(3) Security identification of stowed data
(4) Contracting for computer services,
(5) TEMPEST
(6) Marking of output
(7) Stowage of tapes, drums and discs
Very re ctfully,
RO ERT C. ALLEN
Navy Member
Computer Security Working Group
Approved For Release 2008/05/30: CIA-RDP89B01354R000100120010-7