NSA COMMENTS ON PROPOSED REVISION OF DCID 1/11

? , Approved For Release 2007/11/02 : CIA-RDDP87B01034R000500100017-2 a NSA review completed ATTACRMENT NSA COMMENTS ON PROPOSED REVISION 'OF DCID 1/11 AA Paragraph I.a.s 1. We recommend substitution of the word "minimum for tho word "uniform". Rationale: Some programs require extraordinary security controls to protect the intelligence, intelligence information and intelligence sources and methods involved. Uniform standards could result in overly stringent controls being applied to some programs and less than adequate controls being applied to others. Minimum standards, on the other hand, can be made more stringent when necessary. 2. The term "intelligence information" is inadequate to set in proper perspective the total role of the DCI and heads of Intelligence Community departments and agencies. Footnote 2 is equally defective. This subparagraph is so essential to a major mission of the LOCI and the Committee that it should be studied further to ensure its adequacy. Rationale: The drafters of the proposed revision have apparently selected the definitions in E.Q. 12036 as the Intelligence Community/ U.S. Government standard definitions. The definitions in the Glossary of Intelligence Terms and Definitions, June 15, 1978, sanctioned by the NFIS and the DCI, have far more appropriate definitions. These should be scrutinized so that more acceptable definitions are formulated for use in the DCID.. We note the definition of "intelligence information" proposed in the draft DCID is one of three alternate definitions in the Glossary. Additionally, the definition does not include "intelligence" or the E.O. 12036 definition of "intelligence product". This is a major segment of the DCI's security responsibility which in our view would be left in limbo if the proposed definition is used. 5. Paragraph l.b.: We recommend that the phrase "protection of intelligence documents" be substituted for the phrase "protection of intelligence information". The retention of the word "information" in this phrase expands the role of the Committee into areas not its responsibility. Rationale: E.O. 12065 permits the DCI primacy in "matters pertaining to intelligence sources and methods". The retention of the word "information" abrogates Section 3-403, Section 4-201, Section 5-2 and others which prescribe for the government the Information Security Program. Additionally, other DCI Committees This enclosure is classified CLASS KIED BY 4 CONFIDENTIAL in its entirety. REVIEW ON - 1 -,- p ' 1!, Ir- IJ I'm C %J I i Approved For Release 2007/11/02 : CIA-RDP87B01034R000500100017-2  Approved For Release 2007/11/02 : CIA-RDP87B01034R000500100017-2 have charter responsibilities for information security policies, standards, practices and dissemination procedures. This version ignores this and in effect takes over a responsibility it should not have. For example, the SIGINT Committee is now responsible for establishing policies, procedures and channels for the protection of SIGINT information. The SECOM should restrict its responsibility to the establishment of minimum and detailed standards for the technical security of that information - e.g., the wrapping, transshipment, marking, safeguarding, etc. of documents containing SIGINT information. C. Paragraph ]..f.: Recommend this paragraph be reworked to delete the words "special access programs governed by Section 4-2 of Executive Order 12065", and the words "within a framework of administrative simplicity". Rationale: Section 4-201 states that the DCI is responsible for "matters pertaining to intelligence sources and methods". As written, subparagraph f could be interpreted as giving the SEC_Oi carte,-blanche control over all government special access programs many of which have no direct relationship to the responsibilities of the DCI. The statement concerning administrative simplicity is in our opinion inappropriate for a document of this kind and adds nothing. Paragraph l . g. We propose that instead of adding "or communicated" to this subparagraph that all delimiters be deleted and it be changed to read: "Reviewing, formulating and recommending to the Director of Central Intelligence, policies, requirements and procedures to protect intelligence data in ADP systems and networks". Comment: We recognize that DCID 1/16 does not include policy on ADP systems that are dedicated to telecommunications functions. This exception was deliberate and occurs for two reasons: a. In the past, the policy governing the functional area of telecommunications has been made by the C?MSEC community. b.. DCID 1/16 is written for the general case and does not differentiate requirements based on functional areas. Rationale: 1. This wording does not single out the specific functions being performed on the data by the ADP systems and therefore it does not implicitly bind the subcommittee. C F CoTI L Approved For Release 2007/11/02 : CIA-RDP87B01034R000500100017-2  Approved For Release 2007/11/02 : CIA-RDP87B01034R000500100017-2 V#400 `ay" . 'S a a XW^V mom. a M a s ,rr- ye 2. The cc raunications of data is integral to the definition of a network. 3. The present wording and. exception of DCI-O 1/16 is in consonance with this wording. E. Paragraph 2.a.: Recommend the word "uniform" be changed to "minimum" and delete the word "information" in the last line and substitute, ", intelligence sources and methods". Rationale: See paragraphs A.I. and 2, and B, above. F. Paragraph 2.c.: Recoat?nend this paragraph be deleted. Rationale:. These are properly functions of department and agency heads as stated in Section 5-4, E.O. 12065. G., Paragraph 3.b.: Recur send this subparagraph be deleted and the current version be retained. Rationale: We disagree in the inclusion of "shall" (2nd line) as well as the term "intelligence information". it is the SIO's responsibility to determine what shall be investigated. We have stated in foregoing paragraphs our objection to the term "into llig information". The proposed paragraph impinges upon the prerogrtti rer - and responsibilities of NFIB members and of the DZRNSA as set toxt%g in the CISR with respect to C?MINT compromises and possible compro . H. Attachment 2: Paragraph 1 - Recommend rewrite as proposed in paragraph-D., above .. 1. Attachment 3: Paragraph 1, line 3 - recommend inserting the word "technical" "~. before the word "guidance". Rationale: See paragraph B, above. The role of the Security Committee should be limited to the technical aspects of security in support of the security responsibilities assigned to other DCI committees. Page 1, bottom of page. The footnote in the existing DCID 1/1l dealing with compartmented collection programs operated on an Executive Agent basis should be restored. 4 F -4 D I A L Approved For Release 2007/11/02 : CIA-RDP87B01034R000500100017-2  Approved For Release 2007/11/02 : CIA-RDP87B01034R000500100017-2 Rationale: Such programs are recognized in Executive Crder 12036. Resporasibil ties for these programs are assigned in the same document. K. Attachment 3: Paragraph 2, line 1 - recommend adding "technical" following "maintain". Rationale: The same as in paragraph 3.e., above. L. Attachment 3: Following paragraph 2. The paragraph in the existing DCXD 1/11 that assigns the Committee the responsibility to furnish techni cal guidance and assistance to other DCI committees and executive agents should be restored. Rationale: This is a basic function of the Security Committee and it should be emphasized. M. Attachment 3: Paragraph 2.c. - Recommend changing "information" to "document". Rationale: The same as that provided in paragraph B, above: N. Attachment 3: Paragraph 5, line l -- Recommend adding "in coordination with the appropriate DCI corttmittee" following "policies". Rationale: This phrase is carried in the existing DCID 1/11. The role and security responsibilities of these committees in this W rill 1- 1 T I A L Approved For Release 2007/11/02 : CIA-RDP87B01034R000500100017-2  Approved For Release 2007/11/02 : CIA-RDP87B01034R000500100017-2 RWJTING AND RECORD SHEET Chief, CSG TO: (Offic*r designation;, room number, a building) CIA Member SECOM FORM 610 usea r e tour 0--79 SECOM-D-693 24 October I. COMMENTS (Number each comment to show from whom 0 ocross ca wmn after ",?h comment.) 24? - espouse o: " X979 Approved For Release 2007/11/02 : CIA-RDP87B01034R000500100017-2