DIRECTOR OF CENTRAL INTELLIGENCE SECURITY COMMITTEE COMPUTER SECURITY SUBCOMMITTEE

Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070007-2 Director of Central Intelligence Security Committee Computer Security Subcommittee 1. The one hundred and seventy-second meeting of the DCI SECOM Computer Security Subcommittee was held at McLean VA on 17 April 1985, and was attended by the following persons: Executive Secretary Major Jack Freeman, Army NSA Mr. James Schenken, US Secret Service IA , CIA Mr. Carl Martz, Navy SECOM 2. The first item discussed was the development of security guidelines for personal computers (PC's). The discussions between Mr. Dennis Steinauer (NBS) and the Subcommittee were reviewed, and it was noted that DIA had recently published an internal document on the use of PC's. The NSA member offerred the opinion that it provided a good foundation for the task we wished to assign to NBS. She went on to propose essentially a three-tiered approach for the desired guidelines; the resulting documents(s) need to address the needs and concerns of managers, users, and system planners alike. There was some discussion on how to proceed, especially in light of the existence of both the NBS and the DIA documents. It was agreed that a meeting would be set up with Mr. Steinauer, at which he would be given whatever PC guidelines existed within the community, as well as relevant policy guidance (i.e., DCID 1/16, DIAM 50-4). We would ask him to produce three deliverables; one for managers, one for users, and one for planners. The NSA member agreed to set up the meeting with Mr. Steinauer, in NSA spaces, and further agreed to inform any interested members so that they could also attend. 3. The Chairman reported several items of interest. Specifically; - OMB believes that under NSDD-145 they have the authority to conduct surveys. Accordingly, we should expect to see one on computer security, and another on communications security. - group (under thel lactivities) has produced a technology forecast paper. 4.I lintroduced who will be replacing Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070007-2  Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070007-2 5. Mr. Martz reported on his work on the collection requirements. He noted that the current statement of the requirement needs to be officially extended. offerred to take care of the required paperwork. Mr. Martz reported that, although the collection requirements have been articulated, they have not, however, been implemented. He stated that the computer security requirement was still "riding on the back of the technology transfer requirements". Thus, we are not able to test the collection requirement statement because it has, in effect, never been implemented. He also stated that he will be requesting $95k for fy86 in order to keep his activity alive. 6. Mr. Martz brought up the issue of the multiplicity of accreditation authorities who contribute to the final approval of any contractor installation. He felt it was an "administrative nightmare" trying to bring together the accreditation of "walls, people, and computers". Especially since the individual accreditation responsibilities may span several different agencies. He raised the problem of how to identify a procedure for keeping track of what gets accredited , why, and how. The primary question is, "how do certification/accreditation of facilities and processing get combined to produce a final accreditation?". 7. The next meeting was scheduled for 21 May 1985 at 0930 at McLean VA. The Chairman asked the members to be prepared to discuss tasks for fy86. Executive Secretary Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070007-2