DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVE NO 1/16 SECURITY OF COMPARTMENTED COMPUTER OPERATIONS

Approved For Release 2005/08/24 : CIq RDP87B01034R000500150005-0 CONFIDENTIAL DCID No. 1/16 DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVE NO. 1/161 SECURITY OF COMPARTMENTED COMPUTER OPERATIONS (Effective 18 May 1976) Pursuant to Section 102 of the National. Security Act of 1947, Executive Order 11.905 and National Security Council, Intelligence., Directives, and in order to ensure uniform protection of sensitive comparfinented information2 when such. information is stored and/or processed in remotely accessed resource-sharing computer systems, minimum security requirements are established for the utilization of such computer systems in a compartmented mode of operation. These requirements are equally applicable within the Intelligence Community, and to contractor and non-Intelligence Community government systems handling sensitive compartmented information. The diversity and complexity of such computer systems now in place in the Community and those already designed for future placement may not pro- vide for compliance with the requirements of this directive.in their entirety.. Recognizing both the validity of the requirements and the difficulty involved in their application to currently installed and already designed systems, the extent to which the requirements of this directive are applied to such systems is left to the determination of each National Foreign Intelligence Board member in view of his ultimate responsibility for the security of sensitive compartmented information. 1." This directive supersedes DCID 1/ 16 , effective 7 January 1971. The term "sensitive compartmented information" as used in this directive is identical with its use in DCID No. 1/14, effective .13 May 1976. It is intended to include all information and material bearing special Intelli- gence Community controls indicating restricted handling within Community intelligence collection programs and their end products for which Com- munity systems of compartmentation are formally established. The term does not include Restricted Data as defined in Section 11, Atomic Energy Act of 1954, as amended. . 10 1SIT;"JE ;iE SO!JfCES C ~~ Thy, AND ~.4E:;~1j~3AM @d Fo Release 2005/08/24 :EG~`A-RDP87BO1034 25  CONFIDENTIAL ? DCID No. 1/16 ? Approved For Release 2005/08/24: CIA-RDP87B01034R0005Q0150005-0 Nothing in this directive shall supersede or augment the requirements on the control, use and dissemination of Restricted Data or Formerly Restric Data made by or under existing statutes, directives and Presidential policy. Whenever- Restricted Data or Formerly Restricted Data is involved in any com- partmented operation of remotely accessed resource-sharing computer systems, appropriate personnel and physical security procedures and controls shall be implemented. (See Section 11, 141, 142.e., 1414.a., b., c. and d., 143, and 145, of the Atomic Energy Act of 1954, as amended.) 1. Purpose This directive prescribes the basic policy concerning the security aspects of utilizing remotely accessed resource-sharing computer systems in a compart- mented mode of operation. It specifies the conditions and prescribes minimum security requirements under which such systems may be operated. Further it assigns the responsibility for the security analysis, test, and evaluation as well as for the accreditation of such systems to individual National Foreign Intelligence Board members. 2. Definitions a. Remotely Accessed Resource-Sharing Computer System: A system which includes one or more central processing units, peripheral crevices, remote_ terminals, communications equipment and interconnects. links, which allocates its resources to more than one user, and which can be entered from terminals located outside the computer center. b. Compartmented Mode of Operation.. Utilization of a remotely accessed resource-sharing computer system for the concurrent processing and/or storage (a) of two or more types of sensitive compartmented information or (b) of any type of sensitive compartmented information with other than sensitive compartmented information. System access is afforded personnel holding Top Secret clearances but not necessarily all the sensitive compartmented information access approvals involved. c. Controlled Top Secret Environment: Total system protection and control from a physical, technical and personnel security stand- point in accordance with the minimum requirements for the processing and handling of Top Secret material. d ... System Accreditation: Approval by a National Foreign Intelli- -gence Board member for a remotely accessed resource-sharing computer system to be operated in a compartmented mode within a controlled Top .Secret environment as defined above. 2 CONFIDENTIAL Approved For Release 2005/08/24: CIA-RDP87B01034R000500150005-0  CONFIDENTIAL DCID No. 1/16 Approved For Release 2005/08/24 CIA-RDP87B01034R000500150005-0 3. Policy a. Remotely accessed resource-sharing computer systems shall not be utilized for the concurrent processing and/or storage of two or more types of sensitive compartmented information, or of any type of sensitive compartmented information with other than sensitive com- partmented information unless the total system is secured to the highest classification level and for all types of sensitive compartmented infor- mation processed or stored therein, except as provided for below: (1) Such systems may be operated in a compartmented mode if maintained in a controlled Top `Secret environment as defined herein and provided that at least the minimum requirements identified in this directive are implemented and made a part of system operations; (2) Upon the determination by a National Foreign Intelligence Board member in unique situations that immediate implementation of the minimum requirements will significantly impair his mission effectiveness, he may temporarily exempt specific systems operating in a compartmented mode from compliance; however, every National. Foreign Intelligence Board member authorizing such an exemption must strive for the earliest feasible attainment of the minimum re- quirements- identified in this directive. b. Judicious implementation of the basic requirements set forth below dictates a need to test and evaluate their effectiveness when applied to a specific system as a basis for accreditation of that system. Each National Foreign Intelligence Board member is responsible for conducting such testing and evaluation and has the authority to accredit systems within the purview of his responsibility for compartmented operation based on their meeting the requirements specified in this directive. Such accreditation shall be subject to periodic review of the security of system operation. 4. Minimum requirements a. All remotely accessed resource-sharing computer .systems accredited for compartmented operation shall contain the following security capabilities as an absolute minimum: (1) Information System Security Officer (ISSO): Each National Foreign Intelligence Board member shall appoint a CONFIDENTIAL Approved For Release 2005/08/24: CIA-RDP87BO1034R000500150005-0  Approved For Release 2005/D99911&k-Tk$7B01034R00050015000@-(AID No. 1/ 16 security officer for each computer system operating in a compart-Aft mode within the purview of his responsibility. The ISSO is specifically responsible for ensuring continued application of the requirements set forth in this directive, for reporting security deficiencies in system operation to the National Foreign Intelligence Board member and for monitoring any changes in system operation as they may affect the security status of the total system. (2) Personnel Security and System Access Control Measures: Unescorted access to the computer center shall be limited to personnel with a predetermined need and holding Top Secret clearances as well as access approvals for those types of sensitive compartmented information stored and/or processed by the system. Other personnel requiring access to the computer center area shall be properly escorted. A record shall be maintained of personnel who have access to the computer center. Access to and use of remote terminals shall be limited to designated personnel holding Top Secret clearances and access approvals for all compartriiented information designated for input/output at that terminal. Administrative approvals, not requir- ing substantive briefings, may be granted for access to the computer center and/or remote terminals when access to all sensitive com- partmented information stored and/or processed in the system is not operationally required. Aft_t (3) Physical Security Protection: Physical security require- ments for the computer center and remote terminal areas shall be determined by the classification and types of sensitive compartmented information involved. The physical security of the computer center areas shall be based on prescribed requirements, as implemented by each National Foreign Intelligence Board member for the most demand- ing sensitive compartmented information stored or processed by the system; each remote terminal shall be protected in accordance with the requirements for Top Secret information and for all sensitive compartmented information designated for input/output at that terminal. Those terminals designated for the input/output of sensitive compart- mented information shall be in areas approved at least as temporary work areas for the sensitive compartmented information involved while operating in a compartmented mode. (4) Communications Links: The communications links between all components of the system shall be secured in a manner appropriate for the transmission of Top Secret sensitive compartmented information. Approved For Release 2001?$iEtkW4WP87B01034R000500150005-0  Approved For Release 20'05/08/2LfA-RDP87B01034R000500150Q0II No. 1/16 (5) Emanations Security Aspects: The vulnerability of system % operations to exploitation through compromising emanations shall be considered in the process of system accreditation. Evaluation of the risks associated with the computer center and the remote terminal areas as well as related control measures shall be accomplished within the appropriate agency. (6) Software/Hardware Controls: Compartmentation of information stored and/or processed in the system shall be based on the features outlined below. Measures shall be implemented to provide special controls over access to and/or modification of these features. a_. Security Labels: Security classification and other required control labels shall be identified with the information and programs in the system to ensure appropriate labeling of output, b. User Identification/Authentication: System operation shall include a mechanism that identifies and authenticates personnel accessing it remotely. This mechanism shall con- sist of software and/or hardware devices, manual control procedures at terminal sites, and other appropriate measures designed to validate the identity and access authority of system users. c. Memory Protection: Hardware and software control shall be exercised by the system over the addresses to which a user program has access. d_.. Separation of User/Executive Modes of Operation: The user and executive modes of system operation shall be separated so that a program operating in user mode is prevented from performing unauthorized executive functions. Controls shall be implemented to maintain continued separation of these modes. e. Residue Clean Out: Measures shall be implemented to ensure that memory residue from terminated user programs is made inaccessible to unauthorized users. f. Access Control: Effective controls shall be implemented to limit user and terminal access to authorized information and. programs as well as to control read and/or write capability. Approved For Release 2005/08/24: CIA-RDP87BO1034R000500150005-0  CONFIDENTIAL DCID No. 1/ 16 Approved For Release 2005/08/24: CIA-RDP87B01034R00050,0150005-0 g. Audit Trail Capability: Each system shall produce irk a secure manner an audit trail containing sufficient informatio.a to permit a regular security review of system activity. (7) Individual Security Responsibilities: All users of the system shall be briefed on the need for exercising sound security practices in protecting the information stored and processed by the system, including all output. Users shall be informed that the system is operating in a compartmented security mode and that the receipt of any information not specifically requested shall be reported immediately to the ISSO. 3. Review date This directive shall be reviewed within three years from date of issuance and modified in the light of developments in computer security. George Bush Director of Central Intelligence Approved For Release 2005/08/24: CIA-RDP87B01034R000500150005-0