INQUIRY FROM DIRECTOR OF SECURITY, FEMA

Sanitized Copy Approved for Release 2010/08/24: CIA-RDP87SO0869R000400230005-3 .IYiY l AMA i ..n Ii A wed n 1 ?I T-11-~s Deft 3 ) ~'q-3 TAO: (Name. office symbol, room number, building, cy/ t) Initials Data 2. 3. 4. a File Not. and Return 1 For Clearance Per Conversation f Requested For Correction Prepare Reply irculate For Your Information See Me ment Investigate Signature lCkiordination ; se this form as a RECORWof approvals, concurrences, disposals, clearances, and similar actions FROM: (Name, ors. symbol, Agency/Post) Room No.-Bldg. OPTIONAL FORM 41 (Rev. 7-76) Prescribed by GSA FPYR 141 ) 101-11.206 Sanitized Copy Approved for Release 2010/08/24: CIA-RDP87SO0869R000400230005-3  Sanitized Copy Approved for Release 2010/08/24: CIA-RDP87S00869R000400230005-3 Federal Emergency Management Agency Washington, D.C. 20472 VAR 0 3 1983 Director Office of Security STAT Director of Security Central Intelligence Agency As I become more involved in efforts to enhance security programs here at FEMA, I frequently recall your observations about short average experi- ence time of staffs. I have a slightly different problem. My staff is very small, long on narrow aspects of security and short on scope. I have no expertise in many of the security disciplines, one of which is physical/ technical. You recall my mentioning that FEMA was seeking to build facilities to NFIB/NFIC-9.1/47 SCIF standards at headquarters and in our ten regional centers. One element of the SCIF standards calls for intermittent ACM inspections. Another calls for compliance with DCID 1/16 for computer security. Recognizing that ACM resources are tight around the community and in view of the fact that I have not yet been able to secure an in-house capa- bility, I am considering the possibility of contracting for this service. Two questions: First, would you accept the results of contracted ACM inspections of SCIFs? Second, are there any standards to which such inspections must be done and any guidance I could have as to what to do in the event a technical penetration is located? In connection with computer security, would you be able to provide me with a few copies of DCID 1/16 and any subsequent guidance you may have issued in this most important and rapidly growing field. Again, I enjoyed meeting you and may I offer the full hospitality of FEMA if you find opportunity to accept my invitation to visit. Sincerely, Arlan Kinney Os 3 QS';13 Sanitized Copy Approved for Release 2010/08/24: CIA-RDP87S00869R000400230005-3  Sanitized Copy Approved for Release 2010/08/24: CIA-RDP87SO0869R000400230005-3 STAT Sanitized Copy Approved for Release 2010/08/24: CIA-RDP87SO0869R000400230005-3