OSO COMMUNICATIONS UPGRADE PROGRAM (S)

SECRET Approved For Ref'ase 2005/08/02: CIA-RDP88-00893ROQ9200040008-1 5 April 1983 ME i0RANDt? I FOR THE RECORD SUB7ECTs 0S0 Communications Upgrade Program (S) 1. Pursuant to a request by DDS&T/080, the manuals and docu- ments relating to their impending Communications Upgrade Program (CUP) have been reviewed. The intention of the CUP is to replace the existing Remote Data Terminal, which was designed by OC, with a new data and message switching computer system- eral recom- mendations were made to subsequent 25X1 to the review. The purpose or this Memorandum for the Record is to document those recommendations. (S) 2. In the draft documents prepared by the contractor which were reviewed, computer security had not been adequately addressed. Therefore, it was recommended that the system security features and acceptance testing be based on the specifi- cations of a 33 Trusted Computing Base (TCB) as contained in the Department of Defense Trusted Computer Evaluations Criteria (Final Draft, 27 January 1983), with the exception of those dealing with mathematical modeling. Also provided to 25X1 was a list of some of the computer security features w ch were recommended for other communications computer switching systems. Attached to this memorandum is a list of those features. (S) 3. Although the primary objective was to review the project from a CCiSEC point of view, several other recommendations were made as a result of the discussions with 0S0. First, the project would benefit if an OC programmer were assigned full time to the project to work with the contractor and provide an insight into communications requirements and methodology. Second, COMSEC should continue to work closely with the project office to ensure the system adheres to good communications and computer security practices. Lastly, the Concept document contains a number of errors which indicate that the contractor does not have a firm grasp of communications requirements, formats, and procedures. 25X1 WARNING NOTICE INTELLIGENCE SOURCES OR ME` RODS INVOLVED Approved For Release 2005/fj9RE4-IDP88-00893R000200040008-1  Approved For Release 206EC-RDP88-00893ROM200040008-1 SUBTEC': z 090 C?mtmunications upgrade Program (s) 4. With regard to this last point, several personal recom- mendations were offered. Approximately three pages of notes relating to the Concept document and which dealt with communi- cations computer design s and procedures were given to However, prior to passing the notle I-_ was explained that they were per- sonal suggestions and they should not be considered official COD recommendations since they did not deal directly with CMSEC matters. (C) Attachments As stated Cc $ DDS&t`/490/Css SECRET 25X1 Approved For Release 2005/08/02 : CIA-RDP88-00893R000200040008-1  SECRET Approved For Release 2005/08/0 A-RDP88-00893RON200040008-1 Attachment to 090 Cc munications Upgrade Program (9) Security Considerations for computer Systems The system should incorporate sufficient checks so as to prevent the compromise of classified information, to insure the integrity of all information and software within the system, and to prevent the unauthorized or inadvertent modification of the system software. (C) Memory Integrity Techniques should be employed which will accurately and reliably ensure the integrity of the documents and data stored in memory. Sufficient checks shall be employed to prevent the transmission or manipulation of corrupted data. If a reliable and approved technique is not available, the operator should visually scan the outgoing data to ensure its integrity. (C) Off line Mass storage A read/write scheme should be employed which will ensure the integrity of both software and data which is transferred to or from offline mass storage. Sufficient measures should be employed to ensure that the operator in immediately notified and system operation terminated whenever the integrity of data or software is in doubt. No software, which is read from disk, shall be executed if an error is detected during the read opera- tion. (C) Local User Authentication Procedures should be employed which will accurately and reliably authenticate all local users who attempt to access the system. (C) -Remote System identification Prior to the transmission of any data to a remote system, the identity of the remote user must be established. This process may be performed manually or through the use of automated func- tions. (C) 25X1 Approved For Release 2000/08Q2" l-RDP88-00893R000200040008-1  Approved For Release 905 REJ- CIA-RDP88-00893R 0200040008-1 Attachment to 094 Communications Updrade Program (8) continued Message Validation Validation of all message formats which are processed by the system must be accomplished either manually or by the com- munications system. Areas of concern area improper formatting of a message, inadvertent transmission of unvalidated messages, failure of any spill to operator instruction, and validation of message integrity (straggler protection). (C) Audit Trails The system must produce an audit trail (e.g. logs) containing sufficient information to permit a regular security review of the system, (C) Degraded Operation Any degraded mode of operation needs to include all security pre- cautions and capabilities which are specified for normal opera- tion. Whenever the system has degraded to the state under which the proper operation of the security features cannot be ensured, the system must be disabled and/or removed from service. (C) memory Buffers All memory buffers/pages should be cleared subsequent to each use, (C) SECRET Approved For Release 2005/08/02 : CIA-RDP88-00893R000200040008-1