DIRECTOR OF CENTRAL INTELLIGENCE SECURITY COMMITTEE COMPUTER SECURITY SUBCOMMITTEE

Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070048-7 Director of Central Intelligence Security Committee Computer Security Subcommittee 11 June 1980 DCISEC-CSS-M132 1. The one hundred and thirty-second meeting of the Computer Security Subcommittee was held on 5 June 1980, at McLean, Va. The meeting was convened at 0930, and attending were: IA Chairman cutive Secretary Alternate DIA Alternate Mr. Lynn Culkowski, Air Force NSA Mr. James Studer, Army Mr. Edward Springer, Department of Energy Mr. Robert Graytock, Department of Justice Mr. Eugene Epperly, OSD(P) Resource Management Staff CIA IA CIA Special Security Center 2. In response to requests from the Chairman, CIA presented a briefing on the Community-Wide Computer-Assisted Compartmentation Control System (also known as the 4C Program). The system was originally motivated by the desire to provide for centralized management of APEX access authorizations, and to eliminate the redundancy of registries and software presently dedicated to managing this data. The 4C System will consist of at least two independent ADP systems (the 4C Computer Center, and the Computer Center), and will contain three basic data structures: - current personnel data, providing active access authorizations and restrictions - archival data, providing an historical trace of personnel accesses granted, restrictions, denials of access, etc. - facility data, which will provide data on facility clearances and storage capability. The main features/aspects of the system covered were the ability to perform on-line certification of personnel, the relationship of the archival data to the current files, how archival data is input and used, and the implementation and operational management of the 4C System. There was also discussion of the potential use of the facility data base, although this aspect of the system seems to be less well-defined than the others, and there still exist some questions on its full utility. Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070048-7  Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070048-7 The briefing generated many questions and a great deal of discussion on system implementation, management, and even on details of technical design and software implementation. Specifically, there was a good deal of interest in the area of the internal access control policy defined for the various 4C data bases, and how the policy was to be enforced in the hardware/software systems which implement the 4C Program. 3. Due to the length of the briefing and the ensuing discussions, the vote on the minutes of the previous meeting (DCISEC-CSS-M131) was postponed. However, one correction to those minutes should be noted: item 5 should read, "Mr. Epperly (OSD) provided copies of the proposed SECDEF policy, 'ISM Requirements for the Security of Word Processing Systems', which has been approved by the OSD for coordination". 4. The next meeting was scheduled for 0930 on 17 July 1980, at the in McLean, VA. Sanitized Copy Approved for Release 2010/11/17: CIA-RDP87T00623R000200070048-7