OSO COMMUNICATIONS UPGRADE PROGRAM (S)
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP88-00893R000200040008-1
Release Decision:
RIPPUB
Original Classification:
S
Document Page Count:
4
Document Creation Date:
December 16, 2016
Document Release Date:
July 18, 2005
Sequence Number:
8
Case Number:
Publication Date:
April 5, 1983
Content Type:
MFR
File:
Attachment | Size |
---|---|
![]() | 228.32 KB |
Body:
SECRET
Approved For Ref'ase 2005/08/02: CIA-RDP88-00893ROQ9200040008-1
5 April 1983
ME i0RANDt? I FOR THE RECORD
SUB7ECTs 0S0 Communications Upgrade Program (S)
1. Pursuant to a request by DDS&T/080, the manuals and docu-
ments relating to their impending Communications Upgrade Program
(CUP) have been reviewed. The intention of the CUP is to replace
the existing Remote Data Terminal, which was designed by OC, with
a new data and message switching computer system- eral recom-
mendations were made to subsequent 25X1
to the review. The purpose or this Memorandum for the Record is
to document those recommendations. (S)
2. In the draft documents prepared by the contractor which
were reviewed, computer security had not been adequately
addressed. Therefore, it was recommended that the system
security features and acceptance testing be based on the specifi-
cations of a 33 Trusted Computing Base (TCB) as contained in the
Department of Defense Trusted Computer Evaluations Criteria (Final
Draft, 27 January 1983), with the exception of those
dealing with mathematical modeling. Also provided to 25X1
was a list of some of the computer security features w ch were
recommended for other communications computer switching systems.
Attached to this memorandum is a list of those features. (S)
3. Although the primary objective was to review the project
from a CCiSEC point of view, several other recommendations were
made as a result of the discussions with 0S0. First, the project
would benefit if an OC programmer were assigned full time to the
project to work with the contractor and provide an insight into
communications requirements and methodology. Second, COMSEC
should continue to work closely with the project office to ensure
the system adheres to good communications and computer security
practices. Lastly, the Concept document contains a number of
errors which indicate that the contractor does not have a firm
grasp of communications requirements, formats, and procedures.
25X1
WARNING NOTICE
INTELLIGENCE SOURCES
OR ME` RODS INVOLVED
Approved For Release 2005/fj9RE4-IDP88-00893R000200040008-1
Approved For Release 206EC-RDP88-00893ROM200040008-1
SUBTEC': z 090 C?mtmunications upgrade Program (s)
4. With regard to this last point, several personal recom-
mendations were offered. Approximately three pages of notes
relating to the Concept document and which dealt with communi-
cations computer design s and
procedures were given to However,
prior to passing the notle I-_ was explained that they were per-
sonal suggestions and they should not be considered official COD
recommendations since they did not deal directly with CMSEC
matters. (C)
Attachments
As stated
Cc $ DDS&t`/490/Css
SECRET
25X1
Approved For Release 2005/08/02 : CIA-RDP88-00893R000200040008-1
SECRET
Approved For Release 2005/08/0 A-RDP88-00893RON200040008-1
Attachment to 090 Cc munications Upgrade Program (9)
Security Considerations for computer Systems
The system should incorporate sufficient checks so as to prevent
the compromise of classified information, to insure the integrity
of all information and software within the system, and to prevent
the unauthorized or inadvertent modification of the system software.
(C)
Memory Integrity
Techniques should be employed which will accurately and reliably
ensure the integrity of the documents and data stored in memory.
Sufficient checks shall be employed to prevent the transmission
or manipulation of corrupted data. If a reliable and approved
technique is not available, the operator should visually scan the
outgoing data to ensure its integrity. (C)
Off line Mass storage
A read/write scheme should be employed which will ensure the
integrity of both software and data which is transferred to or
from offline mass storage. Sufficient measures should be
employed to ensure that the operator in immediately notified and
system operation terminated whenever the integrity of data or
software is in doubt. No software, which is read from disk,
shall be executed if an error is detected during the read opera-
tion. (C)
Local User Authentication
Procedures should be employed which will accurately and reliably
authenticate all local users who attempt to access the system. (C)
-Remote System identification
Prior to the transmission of any data to a remote system, the
identity of the remote user must be established. This process
may be performed manually or through the use of automated func-
tions. (C)
25X1
Approved For Release 2000/08Q2" l-RDP88-00893R000200040008-1
Approved For Release 905 REJ- CIA-RDP88-00893R 0200040008-1
Attachment to 094 Communications Updrade Program (8) continued
Message Validation
Validation of all message formats which are processed by the
system must be accomplished either manually or by the com-
munications system. Areas of concern area improper formatting of
a message, inadvertent transmission of unvalidated messages,
failure of any spill to operator instruction, and validation of
message integrity (straggler protection). (C)
Audit Trails
The system must produce an audit trail (e.g. logs) containing
sufficient information to permit a regular security review of the
system, (C)
Degraded Operation
Any degraded mode of operation needs to include all security pre-
cautions and capabilities which are specified for normal opera-
tion. Whenever the system has degraded to the state under which
the proper operation of the security features cannot be ensured,
the system must be disabled and/or removed from service. (C)
memory Buffers
All memory buffers/pages should be cleared subsequent to each
use, (C)
SECRET
Approved For Release 2005/08/02 : CIA-RDP88-00893R000200040008-1