DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVE NO 1/16 SECURITY OF COMPARTMENTED COMPUTER OPERATIONS
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP87B01034R000500150005-0
Release Decision:
RIPPUB
Original Classification:
C
Document Page Count:
6
Document Creation Date:
December 16, 2016
Document Release Date:
August 11, 2005
Sequence Number:
5
Case Number:
Publication Date:
May 18, 1976
Content Type:
REGULATION
File:
Attachment | Size |
---|---|
![]() | 405.39 KB |
Body:
Approved For Release 2005/08/24 : CIq RDP87B01034R000500150005-0
CONFIDENTIAL DCID No. 1/16
DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVE NO. 1/161
SECURITY OF COMPARTMENTED COMPUTER OPERATIONS
(Effective 18 May 1976)
Pursuant to Section 102 of the National. Security Act of 1947, Executive
Order 11.905 and National Security Council, Intelligence., Directives, and in order
to ensure uniform protection of sensitive comparfinented information2 when such.
information is stored and/or processed in remotely accessed resource-sharing
computer systems, minimum security requirements are established for the
utilization of such computer systems in a compartmented mode of operation.
These requirements are equally applicable within the Intelligence Community,
and to contractor and non-Intelligence Community government systems handling
sensitive compartmented information.
The diversity and complexity of such computer systems now in place in
the Community and those already designed for future placement may not pro-
vide for compliance with the requirements of this directive.in their entirety..
Recognizing both the validity of the requirements and the difficulty involved
in their application to currently installed and already designed systems, the
extent to which the requirements of this directive are applied to such systems
is left to the determination of each National Foreign Intelligence Board member
in view of his ultimate responsibility for the security of sensitive compartmented
information.
1." This directive supersedes DCID 1/ 16 , effective 7 January 1971.
The term "sensitive compartmented information" as used in this directive
is identical with its use in DCID No. 1/14, effective .13 May 1976. It
is intended to include all information and material bearing special Intelli-
gence Community controls indicating restricted handling within Community
intelligence collection programs and their end products for which Com-
munity systems of compartmentation are formally established. The term
does not include Restricted Data as defined in Section 11, Atomic Energy
Act of 1954, as amended. .
10
1SIT;"JE ;iE SO!JfCES C ~~ Thy,
AND ~.4E:;~1j~3AM @d Fo Release 2005/08/24 :EG~`A-RDP87BO1034
25
CONFIDENTIAL
? DCID No. 1/16
? Approved For Release 2005/08/24: CIA-RDP87B01034R0005Q0150005-0
Nothing in this directive shall supersede or augment the requirements
on the control, use and dissemination of Restricted Data or Formerly Restric
Data made by or under existing statutes, directives and Presidential policy.
Whenever- Restricted Data or Formerly Restricted Data is involved in any com-
partmented operation of remotely accessed resource-sharing computer systems,
appropriate personnel and physical security procedures and controls shall be
implemented. (See Section 11, 141, 142.e., 1414.a., b., c. and d., 143, and
145, of the Atomic Energy Act of 1954, as amended.)
1. Purpose
This directive prescribes the basic policy concerning the security aspects
of utilizing remotely accessed resource-sharing computer systems in a compart-
mented mode of operation. It specifies the conditions and prescribes minimum
security requirements under which such systems may be operated. Further
it assigns the responsibility for the security analysis, test, and evaluation as
well as for the accreditation of such systems to individual National Foreign
Intelligence Board members.
2. Definitions
a. Remotely Accessed Resource-Sharing Computer System: A
system which includes one or more central processing units, peripheral
crevices, remote_ terminals, communications equipment and interconnects.
links, which allocates its resources to more than one user, and which
can be entered from terminals located outside the computer center.
b. Compartmented Mode of Operation.. Utilization of a remotely
accessed resource-sharing computer system for the concurrent processing
and/or storage (a) of two or more types of sensitive compartmented
information or (b) of any type of sensitive compartmented information
with other than sensitive compartmented information. System access
is afforded personnel holding Top Secret clearances but not necessarily
all the sensitive compartmented information access approvals involved.
c. Controlled Top Secret Environment: Total system protection
and control from a physical, technical and personnel security stand-
point in accordance with the minimum requirements for the processing
and handling of Top Secret material.
d ... System Accreditation: Approval by a National Foreign Intelli-
-gence Board member for a remotely accessed resource-sharing computer
system to be operated in a compartmented mode within a controlled Top
.Secret environment as defined above.
2
CONFIDENTIAL
Approved For Release 2005/08/24: CIA-RDP87B01034R000500150005-0
CONFIDENTIAL DCID No. 1/16
Approved For Release 2005/08/24 CIA-RDP87B01034R000500150005-0
3. Policy
a. Remotely accessed resource-sharing computer systems shall
not be utilized for the concurrent processing and/or storage of two
or more types of sensitive compartmented information, or of any type
of sensitive compartmented information with other than sensitive com-
partmented information unless the total system is secured to the highest
classification level and for all types of sensitive compartmented infor-
mation processed or stored therein, except as provided for below:
(1) Such systems may be operated in a compartmented mode
if maintained in a controlled Top `Secret environment as defined
herein and provided that at least the minimum requirements
identified in this directive are implemented and made a part of
system operations;
(2) Upon the determination by a National Foreign Intelligence
Board member in unique situations that immediate implementation
of the minimum requirements will significantly impair his mission
effectiveness, he may temporarily exempt specific systems operating
in a compartmented mode from compliance; however, every National.
Foreign Intelligence Board member authorizing such an exemption
must strive for the earliest feasible attainment of the minimum re-
quirements- identified in this directive.
b. Judicious implementation of the basic requirements set forth
below dictates a need to test and evaluate their effectiveness when
applied to a specific system as a basis for accreditation of that system.
Each National Foreign Intelligence Board member is responsible for
conducting such testing and evaluation and has the authority to accredit
systems within the purview of his responsibility for compartmented
operation based on their meeting the requirements specified in this
directive. Such accreditation shall be subject to periodic review of the
security of system operation.
4. Minimum requirements
a. All remotely accessed resource-sharing computer .systems
accredited for compartmented operation shall contain the following
security capabilities as an absolute minimum:
(1) Information System Security Officer (ISSO): Each
National Foreign Intelligence Board member shall appoint a
CONFIDENTIAL
Approved For Release 2005/08/24: CIA-RDP87BO1034R000500150005-0
Approved For Release 2005/D99911&k-Tk$7B01034R00050015000@-(AID No. 1/ 16
security officer for each computer system operating in a compart-Aft
mode within the purview of his responsibility. The ISSO
is specifically responsible for ensuring continued application of
the requirements set forth in this directive, for reporting security
deficiencies in system operation to the National Foreign Intelligence
Board member and for monitoring any changes in system operation
as they may affect the security status of the total system.
(2) Personnel Security and System Access Control Measures:
Unescorted access to the computer center shall be limited to personnel
with a predetermined need and holding Top Secret clearances as
well as access approvals for those types of sensitive compartmented
information stored and/or processed by the system. Other personnel
requiring access to the computer center area shall be properly
escorted. A record shall be maintained of personnel who have
access to the computer center. Access to and use of remote terminals
shall be limited to designated personnel holding Top Secret clearances
and access approvals for all compartriiented information designated for
input/output at that terminal. Administrative approvals, not requir-
ing substantive briefings, may be granted for access to the computer
center and/or remote terminals when access to all sensitive com-
partmented information stored and/or processed in the system is not
operationally required. Aft_t
(3) Physical Security Protection: Physical security require-
ments for the computer center and remote terminal areas shall be
determined by the classification and types of sensitive compartmented
information involved. The physical security of the computer center
areas shall be based on prescribed requirements, as implemented by
each National Foreign Intelligence Board member for the most demand-
ing sensitive compartmented information stored or processed by the
system; each remote terminal shall be protected in accordance with
the requirements for Top Secret information and for all sensitive
compartmented information designated for input/output at that terminal.
Those terminals designated for the input/output of sensitive compart-
mented information shall be in areas approved at least as temporary
work areas for the sensitive compartmented information involved while
operating in a compartmented mode.
(4) Communications Links: The communications links between
all components of the system shall be secured in a manner appropriate
for the transmission of Top Secret sensitive compartmented information.
Approved For Release 2001?$iEtkW4WP87B01034R000500150005-0
Approved For Release 20'05/08/2LfA-RDP87B01034R000500150Q0II No. 1/16
(5) Emanations Security Aspects: The vulnerability of system %
operations to exploitation through compromising emanations shall be
considered in the process of system accreditation. Evaluation of the
risks associated with the computer center and the remote terminal
areas as well as related control measures shall be accomplished
within the appropriate agency.
(6) Software/Hardware Controls: Compartmentation of information
stored and/or processed in the system shall be based on the features
outlined below. Measures shall be implemented to provide special
controls over access to and/or modification of these features.
a_. Security Labels: Security classification and other
required control labels shall be identified with the information
and programs in the system to ensure appropriate labeling of
output,
b. User Identification/Authentication: System operation
shall include a mechanism that identifies and authenticates
personnel accessing it remotely. This mechanism shall con-
sist of software and/or hardware devices, manual control
procedures at terminal sites, and other appropriate measures
designed to validate the identity and access authority of system
users.
c. Memory Protection: Hardware and software control
shall be exercised by the system over the addresses to which
a user program has access.
d_.. Separation of User/Executive Modes of Operation: The
user and executive modes of system operation shall be separated
so that a program operating in user mode is prevented from
performing unauthorized executive functions. Controls shall be
implemented to maintain continued separation of these modes.
e. Residue Clean Out: Measures shall be implemented to
ensure that memory residue from terminated user programs is
made inaccessible to unauthorized users.
f. Access Control: Effective controls shall be implemented
to limit user and terminal access to authorized information and.
programs as well as to control read and/or write capability.
Approved For Release 2005/08/24: CIA-RDP87BO1034R000500150005-0
CONFIDENTIAL DCID No. 1/ 16
Approved For Release 2005/08/24: CIA-RDP87B01034R00050,0150005-0
g. Audit Trail Capability: Each system shall produce irk
a secure manner an audit trail containing sufficient informatio.a
to permit a regular security review of system activity.
(7) Individual Security Responsibilities: All users of the system
shall be briefed on the need for exercising sound security practices
in protecting the information stored and processed by the system,
including all output. Users shall be informed that the system is
operating in a compartmented security mode and that the receipt of
any information not specifically requested shall be reported immediately
to the ISSO.
3. Review date
This directive shall be reviewed within three years from date of issuance
and modified in the light of developments in computer security.
George Bush
Director of Central Intelligence
Approved For Release 2005/08/24: CIA-RDP87B01034R000500150005-0