NATIONAL TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY (NTISS) DIRECTIVE 900, GOVERNING PROCEDURES OF THE NATIONAL TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY COMMITTEE

Declassified in Part -Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 EXECUTIVE SECRETARIAT ;. ROUTING SLIP STAT D/ICS DDI X(Fo~, D/oc) 5 FPh R ~; Declassified in Part -Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 NTISSC OFFICE OF THE CHAIRMAN NATIONAL TELECOMMUNICATIONS AND INFORMATION fVfTEMS LECURITV COMMITTEE NTISSC 1-85 1 February 1985 MEMORANDUM FOR THE MEMBERS AND OBSERVERS, NATIONAL TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY COMMITTEE SUBJECT: National Telecommunications and Information Systems Security (NTISS) Directive 900, Governing Procedures of the National Telecommunications and Information Systems Security Committee 1. The enclosed NTISS Directive 900 establishes the governing procedures for the National Telecommunications and Information Systems Security Committee. It also delineates the Committee's relationship with the Executive Agent, the National Manager, and the Steering Group. The directive has been reviewed by all Committee members; comments received on an earlier draft were closely reviewed and, where appropriate, incorporated in the enclosed version. 2. I regard this new NTISS Directive as reflective of the spirit and intent of the NSDD 145. It establishes the forum for devising, coordinating, and carrying out those initiatives necessary to ensure the integrity of our tele- communications and information systems. 3. I intend to submit NTISS Directive 900 in its current form to the Executive Agent, along with my recommendation for endorsement, by 13 February 1985. Should any member or observer wish to discuss this document with me, I urge you to do so at your earliest convenience. DONALD C. LATHAM Chairman Encl: a/s ~ Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 NTISS DIRECTIVE 900 DATE: , N~'ISS ~~ ~~ GOVERNING PROCEDURES OF THE NATIONAL TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY COMMITTEE Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 EXECIITIVB AGENT FOR NATIONAL TELECOIKMUNICATIONS AND INFORMATION SYSTEMS SECURITY National Security Decision Directive 145, dated 17 September 1984, superseded PD/NSC-24, dated 16 November 1977, while reaffirming the Secretary of Defense as the Executive Agent for Communications Security and expanding the role to include Telecommunications and Information Systems Security. It established a National Manager, the Systems Security Steering Group, and the National Telecommuni- cations and Information Systems Security Committee (NTISSC) as an operating level interagency group. The accompanying Directive establishes the operating procedures for the NTISSC and its two permanent subordinate subcommittees and defines the interrelationship between and among the Committee, the Systems Steering Group, the Executive Agent, and the National Manager.- This Directive supersedes National Communications Security Directive, dated 20 June 1979. Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 NTISS Directive No. 900 Date: GOVERNING PROCBDQRBS of the NATIONAL TBLECONIlKUNICATIONS AND INFORMATION SYSTEMS SBCQRITY COMMITTEE ' Section I - Bstablishment and Purpose 1. National Security Decision Directive (NSDD) 145, entitled "National Policy on Telecommunications and Automated Information Systems Security,"dated September 17, 1984, establishes initial national objectives, policies, and an organizational structure to guide the conduct of national activities directed toward safeguarding, from hostile exploitation, systems which process or communicate sensitive information, establishes a mechanism for policy development, and assigns responsibilities for implementation. The Directive, Section 3, establishes a senior level steering group, an interagency group at the operating level, an executive agent, and a national manager to implement these objectives and policies. The National Telecommunications and Information Systems Security Committee (NTISSC) is established to operate under the direction of the Steering Group to consider technical matters and develop operating policies as necessary to implement the provisions of NSDD 145. 2. The purpose of this National Telecommunications and Informations Systems Security Directive is to establish the operating procedures governing the NTISSC and subordinate bodies as well as delineate the interrelationships between and among the Committee and the Systems Security Steering Group, the Executive Agent, and the National Manager. NSDD-145, Section 4, creates and specifies one of the responsibilities of the Systems Security Steering Group (the "Steering.Group"), will be to monitor the activities of the operating level National Telecommunications and Information Systems Security Committee (the "Committee") and provide guidance for its activities. ? Section II - Membership and Officers. 1. The National Telecommunications and Information Systems Security Committee.(NTISSC) shall be chaired by the Assistant Secretary of Defense for Command, Control, Communications and Intelligence., ASD(C3I), and be composed of voting representatives from the departments, agencies, or entities ("organizations") of those~Federal Government officers designate~3 in NSDD 145, Section 5, and listed in this Directive as Appendix A. Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 2. Federal Government officers, listed in Appendix A, shall designate a "representative" to serve on and attend to Committee functions, meetings, or activities. Alternate representatives will be permitted provided that advance written notification be provided to the Chairman. This written notification must identify the alternate, state that the individual will be empowered to speak for the department or agency he/she is representing and indicate the appropriate security clearance. 3. The Committee may make recommendations to the Steering Group on Committee membership. The Committee will also establish criteria and procedures for permanent observers from other departments or agencies affected by specific matters under deliberation. Qualified observers may attend Committee meetings and participate in Committee activities upon invitation of the Chair. 4. All organizations represented on the Committee, or invited to participate, shall accredit in writing to the Chair, their representatives or observers for participation in the Committee. 5. Personnel participating in the activities of the Committee, and subordinate bodies, shall possess, as a minimum, a TOP SECRET SI and TR security clearance. Written verification of security clearances shall be submitted to the Executive Secretary. Section ICI - Subordinate Bodies of the PTISSC 1. The Committee shall have two permanent subordinate bodies: a Subcommittee on Telecommunications Security and a Subcommittee on Automated Information Systems Security. The subcommittees shall interact closely and any recommendations concerning implementation of protective measures shall combine and coordinate both areas as appropriate. The permanent subcommittees shall be comprised of representatives from the. organizations which are represented on the Committee. 2. The Committee may establish such other permanent and. temporary subordinated bodies as necessary to discharge its . activities and responsibilities. These bodies may be composed. of representatives or other individuals as. the-Committee shall? select, and mu$t be established.by~majority vote of the Committee. 3. Subordinate body procedures and specific responsibilities shall be governed by separate charter. Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 4. The Committee or the Chair, as appropriate, shall provide guidance to ensure the effective functioning of subordinate bodies. - 5. -The Committee shall have a permanent Executive Secretariat composed of personnel of the National Security Agency and such other personnel from organizations represented on the Committee as are requested by the Chair. Section IV -.Activities and Responsibilities 1. The activities and responsibilities of the NTISSC are directed by NSDD-145. In order to execute these activities and responsibilities the NTISSC shall: a. develop, through attendance and participation in meetings or other activities specific operating policies, objectives, and priorities as may be required to implement NSDD- 145. b. provide telecommunication and automated information systems security guidance to the departments and agencies of the government. c. submit annually to the Steering Group an evaluation of the status of national telecommunications and automated information systems security with respect to established objectives and priorities. Included in the evaluation will be Committee finding on the threat to and evidence of the exploitation of Government, and Government contractors telecommunications and automated information security systems. d. identify systems which handle sensitive, non- government information, the loss and exploitation of which could adversely affect the national security interest, for the purpose of encouraging, advising and, where appropriate, assisting the private sector in applying security measures. e. approve the release of sensitive systems technical security material, information, and techniques to foreign governments or. international .organizations with the concurrence. of. the director of Central Intelligence for those activities which he manages: ~ ' f. establish and maintain a national system for promulgating the operating policies, directives, guidance, and disseminating advisory information which may be issued pursuant to NSDD-145. The Executive Secretary will be responsible for maintaining the NTISS issuance system in conformance with Appendix B. Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 g. establish permanent and temporary subcommittees as necessary to discharge the Committee responsibilities and monitor, provide guidance and direction to the subordinate bodies of the Committee. ' h. make recommendations to the Steering Group on ? Committee membership and establish criteria and procedures for permanent observers from other departments or agencies affected by specific matters under deliberation, who may attend meetings upon invitation of the Chairman. ? i. interact with the National Communications Systems Committee of Principals established by Executive Order 12472 to ensure the coordinated execution of assigned responsibilities. 2. The representatives to the Committee shall: a. be fully empowered to act on Committee matters on behalf of their respective organizations; b. serve as their organizations' point of contact for Committee and other matters related to the NTISSC; c. provide complete and timely staffing of Committee actions within their organizations; d. provide, through attendance and participation in Committee meetings, or other functions, their respective organizations' positions on matters bt~fore the Committee; e. serve as representatives to subordinate Committee bodies at the discretion of their organizations and provide guidance to other individuals from their organizations serving on subordinate bodies; f. provide reports, comments, or recommendations to the Committee, as required, through the Executive Secretary; q. ensure that their respective organizations are apprised of Committee matters and other activities related to the~Committee. 3. The Chair, in addition to the responsibility to keep the Executive Agent informed of significant current matters under consideration by the Committee, shall: meetings; a. convene, vreside over, and adjourn Committee b. receive frsm and distribute to the Committee reports, comments, and recommendations through the Executive Secretary; `, Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 c. endorse, sign, or otherwise certify actions of the Committee; and d. provide, through the Executive Secretary, the necessary support for Committee activities, including the timely dissemination of meeting announcements, proposed agendas, current membership rosters, and minutes of Committee meetings. 4. The Executive Secretary shall: a. assist and provide support to the National Manager as Executive Secretary to the Systems Security Steering Group; b. provide administrative support to the Committee and maintain official records of Committee meetings and other activities, including the assignment of serials for documents submitted to the Committee for consideration; c. distribute correspondence to the Chair and representatives of the Committee, tl:~~ Executive Agent, the National Manager, or other government organizations, as appropriate; d. establish and maintain a national system for promulgating the operating policies, directives, guidance, or other issuances, which may be required pursuant to NSDD-145 or as the Committee or the Chair so require; and e. maintain a current roster of the names and security clearances of all participants in the Committee and subordinate bodies, either permanent or temporary. 5. The NSA shall provide facilities and support to the Executive Secretariat as required and other organizations represented on the Committee shall provide facilities and support as requested by the Chair, through the Executive Secretary. Section O - meetings 1. The Chair of the Committee shall not convene a meetinq unless~a quorum is present. A quorum shall constitute the. .presence of one more than one hslf of the representatives. 2. The Committee shall meet at the call of the Chair or, upon request?to the Chair by a majority of its representatives. The Committee should meet at least once each calendar quarter, however, a minimum of two Committee meetings shall be convened each calendar year. At the final meeting each calendar year, the Committee shall establish a tentative schedule of meetings for the forthcoming year. ~ Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 3. Agenda items for Committee meetings will be submitted to the Chair through the Executive Secretary and all .timely submitted agenda items shall be included on the agenda: All agenda items will be taken in the normal order of business of the meeting for which proposed, unless withdrawn by the sponsor or otherwise disposed of by vote of the representatives at the meeting. The Executive Secretary shall distribute supporting material for agenda items for review by the membership prior to meetings provided that such material is submitted to the Executive Secretary sufficiently in advance of the meeting. 4. Subordinate bodies shall meet at the call of their respective Chairs or as established by Charter as necessary to' accomplish assigned tasks. 5. Except in emergency circumstances, notice of scheduled Committee meetings and proposed agendas shall be provided by the Executive Secretary ten calendar days prior to the meeting date. Additions to published agendas require approval by .the meeting participants. 6. Minutes of all Committee meetings shall be prepared by the Executive Secretary and submitted to the representatives for review no later than ten working days following the meeting. The minutes shall, as a minimum, describe and record the vote on each decision made in the meeting. 7. Minutes, summaries, or reports, as appropriate, of subordinate body meetings shall be prepared by the Chair of each subordinate body. Copies shall be provided to the Executive Secretary of 'the Committee no later than twenty calendar days following each ,meeting or the final meeting, as appropriate. Section VI - Doting 1. All representatives to the Committee shall have one vote each on matters before the Committee. The Chair shall vote in the event of a tie. All issues before the Committee will be decided, and recommendations and decisions made, by a majority vote of the representatives present and voting. Minority or dissenting views shall be recorded at the request of any representative. ~ ~ . 2. Voting may be conducted by mail, barring written objection from any representative, in which case the .Chair may call a special meeting to conduct the vote. . 3. Representatives who are absent from a meeting may subsequently register, through the Executive Secretary, a formal position for the record with the Chair. Such action shall not affect the outcome of any formal vote. Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 4. Observers to the Committee shall neither cast votes nor be considered in determining a quorum. 5. Representatives shall neither promise nor cast proxy votes. Section VII - Reporting Procedures 1. The Chair shall forward to the Committee and or Steering Group decisions, recommendations, findings, and recorded minority or dissenting views. 2. Representatives to the Committee shall forward, through the Executive Secretary, to the Chair copies of such implementing issuances for their respective organizations as may be required by the promulgation of NTISS policies, directives, or instructions. 3. Subordinate body reports and recommendations .shall be submitted, through the Executive Secretary, to the Chair for appropriate action. The receipt of reports and recommendations by the Chair shall not signify approval. Following receipt by the Chair, the reports and recommendations shall be reviewed, formally approved or disapproved, and forwarded, as appropriate. Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 Appendix A National Telecommunications and Information Systems Security Committee Membership In accordance with Section 5 of NSDD-145, the National Telecommunications and Information Systems Security Committee shall be chaired by the Assistant Secretary of Defense for Command, Control, Communications and Intelligence. Representatives Membership of the Committee shall be comprised of a voting representative of each of the following: Assistant to the President for National Security Affairs The Secretary of State The Secretary of the Treasury The Secretary of Defense Director, Office of Management and Budget The Attorney General The Secretary of Commerce The Secretary of Transportation The Secretary of Energy Director of Central Intelligence Chairman, Joint Chiefs of Staff Director, National Security Agency Administrator, General Services Administration Director, Federal Bureau of Investigation Director, Federal Emergency Management Agency The Chief of Staff, United States Army The Chief of Naval Operations The~Chief of Staff, United States Air Force Commandant, United States Marine Corps Director, Deferse.Intelligence Agency Manager, National Communications System Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 NATIONAL TELECOMPIUNICATIONS AND INFORMATION SYSTffiKS SECORITY (NTISS) ISSOANCB SYSTEM A National Telecommunications and Information Systems Security (NTISS) issuance system is established for purposes of promulgating objectives and policies, issuing directives and guidance, and disseminating advisory information. As a minimum, the System shall include: 1. NTISS Policies: May be issued by the Steering Group or the Committee through the respective Chair subsequent to approval by the members. Policy issuances reflect statements of national goals and objectives which are applicable to and binding upon the departments and agencies of the government. NTISS policies shall be issued in the following series: 001-099 General - applicable to telecommunications security (COMSEC), information systems security (COMPUSEC), and systems security countermeasures (TEMPEST). 100-199 COMSEC ' 200-299 COMPUSEC 300-399 TEMPEST 400-499 Reserved 2. NTISS Directives: These issuances are directive upon departments and agencies of the government and are promulgated by the Executive Agent, or the Chair when so delegated by the Executive Agent. Directives shall be coordinated among the rer~resentatives. Directives shall be numbered as follows: 500-599 General 600-699 COMSEC 700-799 COMPUSEC 800-899 TEMPEST 900-999 Administrative Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 3. NTISS Instructions: These issuances provide instructional guidelines and establish technical criteria on specific security matters for implementation by Committee representatives within their respective organizations. They shall be promulgated by the National Manager subsequent to coordination with the Committee and are applicable to and binding upon departments and agencies of the government. Instructions shall include technical, or implementation guidelines, restrictions, and procedures that are generally applicable to the conduct of telecommunications security and automated informations security programs or activities. They shall be numbered as follows: 1000-2999 General 3000-4999 COMSEC 5000-6999 COMPUSEC 7000-8999 TEMPEST 9000-9999 Administrative 4. NTISS Advisory and Information irtemoranda: These issuances shall provide advice, assistance, or information of general interest to all applicable departments and agencies on matters of telecommunications security and automated information systems security and shall be issued by the National Manager. They shall be numbered as follows: GENERAL/1-(YR) -- one-up series?by year COMSEC/1-(YR) -- one-up series by year COMPUSEC/1-(YR) -- one-up series by year TEMPEST/1-(YR) -- one-up series by year Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 NATIONAL TELECONIIrIQNICATIONS AND INFORMATION SYSTEMS SECURITY COL~ITTSE CHARTER for the SUBCO[~lITTEB ON AUTOMATED INFORMATION SYSTEMS SECURITY The National Policy on Telecommunications and Automated Information Systems Security (National Security Decision Directive 145) authorizes and directs, the establishment, under the National Telecommunications and Information Systems Security Committee (NTISSC), of a permanent Subcommittee on Automated Information Systems Security (SAISS). In accordance with the policies of NSDD-145 and the Governing Procedures of the NTISSC, this Charter specifies the organization, responsibilities, and mission of the SAISS. Matters under the cognizance of the SAISS and subject to the deliberations and actions of the SAISS include automated information systems security and other such related areas as may be determined by the subcommittee to be appropriate. 1. The Subcommittee shall be composed of one voting represen- tative from each organization represented on the NTISSC. One alternate for each principal representative to the SAISS shall be designated to act with plenary powers in the absence of the principal. Representatives, alternates, and observers shall have a TOP SECRET clearance. 2. Departments, Agencies and other government organizations committed to expeditious implementation of national automated information systems security policy, and which are not repre- sented on the NTISSC, may be invited by the Chair, NTISSC to ' participate ~in SAISS activities. Each such organization may be represented on the SAISS by~an observer, who shall have all rights and privileges of representatives, except the right to vote. 3. The SAISS Chair will be the Director, National Computer' Security Center. The. NTISSC Secretariat also will serve as the secretariat to the SAISS. 4. The representatives to the SAISS should meet at least once per quarter each calendar year or more often at the call of ,the Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 Chair or at the request of a majority of the representatives, but not less than two times per year. A tentative agenda for each subsequent year shall be established by the Secretariat before the end of the last quarter of the current calendar year. S. The permanent subcommittee shall have as its procedures the following: a. The SAISS will reach decisions on matters within its cognizance by majority vote. The Chair shall vote in the event of a tie. Dissenting, views, with supporting rationale, may be provided by any representative, brought to the attention of the NTISSC Secretariat, and forwarded to the full Committee. b. Subjects for consideration by the SAISS may be referred to it by the NTISSC or by any representative to the SAISS or observer. The Secretariat will at least annually specifically solicit issues from the representatives to the SAISS for the forthcoming year. c. The Chair will publish an agenda and summary minutes of the SAISS and its subordinate bodies which shall be the official record of business. The agenda shall be provided 10 working days before each meeting and the minutes within 10 working days after each meeting. d. Such other procedures as may be required to conduct the chartered activities of the SAISS may be determined by the SAISS membership. 6. The SAISS is empowered to establish such temporary subordinate bodies as may be necessary to accomplish its responsibilities under the provisions of this Charter. Such bodies will establish their own procedures, but be established only for such definite term as the SAISS designates. 7. The SAISS is responsible to the full NTISSC membership for, and reports to the NTISSC. Chair on: a. Developing, formulating and .recommending, for approval and establishment by the NTISSC, specific operating policies, objectives, and priorities, affecting matters-under the cognizance of the SAISS as may be required to achieve the broad automated information systems security policies and objectives established by NSDD-145, or such guidance as may be subsequently issued.by the Systems~Security Steering Group. b. Developing a program to work with the private sector in accordance with NSDD-145. L Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 c. Providing a forum for the interchange of information among NTISSC member organizations, their subordinates and representatives, on all aspects of automated information systems security. d. Evaluating annually the status of automated information systems security with respect to established objectives and policies and submit that evaluation to the Chair, NTISSC. Included in the evaluation will be information on the threat to and evidence of exploitation of Q.S. Government and government contractor automated information systems. e. Developing automated information systems security guidance for NTISSC to provide to the departments and agencies of the government. Guidance refers to direction, decision, instruction or advice which concerns automated information systems security standards, criteria, equipments, and applications. f. Interacting with other permanent or temporary subcommittees of the NTISSC as necessary to combine, coordinate o~ advise on the implementation of security or protective measures where appropriate. This interaction shall take into consideration the differing levels of technology which may prevail among or between countermeasures systems. g. Providing status reports and identifying actions and subjects which require the attention of the NTISSC in support of promoting and expediting the implementation of automated information security programs throughout the government and, insofar as it impacts on the exchange of classified or sensitive information between industry, the government, and the private sector. h. Performing or carrying out other responsibilities relating to automated information systems security as may be directed by the NTISSC. 8. The Charter, Chairmanship and activities of the SAISS will be reviewed annually by the NTISSC. Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 NATIONAL TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY COMMITTEE CHARTER _ for the SUHCOIrIIrIITTEE ON TELECOMM[1NICATIONS SECURITY The National Policy on Telecommunications and Automated Information Systems Security, (National Security Decision Directive 145) authorizes and directs the establishment, under the National Telecommunications and Information Systems Security Committee (NTISSC), of a permanent Subcommittee on Telecom- munications Security (STS).. In accordance with the policies of NSDD-145 and the Governing Procedures of the NTISSC, this Charter specifies the organization, responsibilities, and mission of the STS. Matters under the cognizance of the STS and subject to the deliberations and actions of the STS include telecommunications technology, secure voice systems, secure record and data systems, space and satellite telecommunications systems, weapons and strategic defense telecommunications systems, command and control telecommunications systems, compromising emanations, and other such related areas as may be determined by the Subcommittee to be appropriate. The Subcommittee also subsumes the responsibilities of the former National Communications Security Committee Subcommittee on Compromising Emanations. 1. The Subcommittee shall be composed of one voting represen- tative of each organization represented on the NTISSC. One alternate for each principal representative to STS shall be designated to act with plenary powers in the absence of the principal. Representatives, alternates, and observers shall have a TOP SECRET clearance. 2. Departments, Agencies and other government organizations committed to expeditious implementation of national telecommuni- cations security policy, and which are not represented on the NTISSC, may tre invited by the Chair, NTISSC to participate in STS activities. Each such organization may be represented ori?the STS by an observer, who shall have all rights and privileges of representatives, except the right to vote. 3. The Chair of the STS shall be the 'Assistant Secretary, Electronic Systems and Information Technology, Department of the Treasury. The NTISSC Secretariat also will serve as the secretariat to the STS. Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 4. The representatives to STS should meet at least once per quarter each calendar year or more often at the call of the Chair or at the request of a majority of the representatives, but not less than two times per year. A tentative agenda for each subsequent year shall be established by the STS Secretariat before the end of the last quarter of the current calendar year. 5. The permanent Subcommittee shall have as its procedures the following: a. The STS will reach decisions on matters within its cognizance by majority vote. The Chair shall vote in the event of a tie.. Dissenting views, with supporting rationale, may be provided by any representative, brought to the attention of the NTISSC Secretariat, and forwarded to the full Committee. b. Subjects for consideration by the STS may be referred to it by the NTISSC or by any representative to STS or observer. The Secretariat will at least annually specifically solicit issues from the STS representative for the forthcoming year. c. The Chair will publish an agenda and summary minutes of the STS and its subordinate bodies which shall be the official record of business. The agenda shall be provided 10 working days before each meeting and the minutes within 10 working days after each meeting. d. Such other procedures as may be required to conduct the chartered activities of the STS may be determined by the STS membership. 6. The STS is empowered to establish such permanent or temporary subordinate bodies as may be necessary to accomplish its responsibilities under the provisions of this Charter. Such bodies will establish their own procedures, but be established only for such definite term as the STS designates. 7. The STS is responsible to the full NTISSC membership for,. and reports to the NTISSC Chair on: a. Developing,~formulating and recommending, for approval and establishment by the NTISSC, specific operating policies, . objectives, and priorities, affecting matters under the cognizance of the STS, as may be required to achieve the broad telecommunications security policies and objectives established by NSDD-145, or such guidance as may be~subsequently issued by the Systems Security Steering Group. b. Developing a program to work with the private sector in accordance with NSDD-145. Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0  Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0 c. Providing a forum for the interchange of information among NTISSC members on all aspects of telecommunications security. d. Evaluating annually the status of telecommunications systems security with respect to established objectives and policies and submit that evaluation to the Chair, NTISSC. Included in the evaluation will be information on the threat to and evidence of exploitation of U.S. Government and government contractor telecommunications systems. e. Developing telecommunications systems security guidance for NTISSC to provide to the departments and agencies of the government. Guidance refers to direction, decision, instruction or advice which concerns telecommunications security standards, criteria, equipments, and applications. f. Interacting with other permanent or temporary sub- committees of the NTISSC as necessary to combine, coordinate or advise on the implementation of security or protective measures where appropriate. This interaction shall take into consideration the differing levels of technology which may prevail among or between countermeasures systems. g. Providing status reports and identifying actions and subjects. which require the attention of the NTISSC in support of promoting and expediting the implementation of~telecommuni- cations security programs throughout the government and, in so far as it impacts on the operations of related communications between industry, the government, and the private sector. h. Performing or carrying out other responsibilities relating to telecommunications security as may be directed by the NTISSC. 8. The Charter, Chairmanship and activities of the STS will be reviewed annually by the NTISSC. ~ Declassified in Part - Sanitized Copy Approved for Release 2012/05/14 :CIA-RDP87M00220R000100170021-0