LETTER TO THOMAS F. CONNOLLY FROM WILLIAM J. CASEY

Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7 DOCUMENTS. CROSS-REFERENCE ATTACHED:'PLEASE TRY NOT TO REMOVE FROM DOCUMENTS THANKS.., Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7  STAT Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7 Next 1 Page(s) In Document Denied Iq Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7  Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7 DOC.U.MENTS CROSS-REFERENCE ATTACHED: PLEASE TRY NOT TO REMOVE FROM DOCUMENTS THANKS... Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7  Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7 STAT ~ J!VI AM T*ANSMNTAL 1iOe =Rw son shy rum number. Inltiala Data i 4. File Note and Ratum For Clearance Per Conversation nested For Correction Prepro Re* rcutate For Your information See Me imrasti nature inetlon Justi TP2A /ttr~ It -jI-V) O-OA STAT STAT DO NOT use this- form as a RECORD of approvals, concurrences, disposals, clearances, and similar actions FROM: (Nam., o% symbol, Agency/Post) Room No.-81de. S's O0FTIONAL FORM 41 (Rev. 7-76) VPMIt (i{1 C0% 101-11.206 Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7  I Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88G01116R000901030002-7 DDA 86-1228 11 July 1986 MEMORANDUM FOR: Chairman, Intelligence Information Handling Committee William F. Donnelly CIA Representative to NTISSC SUBJECT: Proposed Policy: "Protection of Sensitive, But Unclassified Information in Federal Government Telecommunications and Automated Information Systems" REFERENCE: Multi-Adse memo fm Chairman, IIHC, dtd 9 July 1986, Sane Subject 1. The draft policy on sensitive information as written is acceptable. 2. Please consider this the response for the Agency. It is written on behalf of the Comptroller and the Executive Director to whom you directed queries. STAT William F. Donnelly ORIG:DDA:WFDonnelly:be Distribution: 0 - Adse 1 - ER 1 - EA/EXDIR 1 - COMPT 1 - DDA Subj 1 - DDA Chrono DCI EXEC REG (3 fl - ~' /U~ 1~/Ii Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88G01116R000901030002-7  Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7 Central Intelligence Agency Washington, D.C. 20505 10 July 1936 STAT Brenda tells me that you retained your NTISSC hat, so I guess this is yours. Feel free to answer direct. EA/Executive Director Let me know if you need any leg work Comptroller received a copy but is bowing out of action. Would appreciate a copy of whatever goes Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7  Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7 STAT STAT Iq Next 1 Page(s) In Document Denied STAT Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7  Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88G01116R000901030002-7 The iircchnr of Ceatrnl Intenitemwe le/dligeocs Community staff OCIACS 9 Jr1y 1 44173 006 MEMORANDUM FOR: ee Distribution FROM: 'Chairman, Intelligence Information Handling Cammittee Subject: Proposed Policy: "Protection of Sensitive, But Unc ossified information in Federal Government TelecotmwnieatioA and Automated Information Systemms" i 1. Hacked that ..o ..,& Ar _ . _ _ 1, - - .--- - ? ........ attached draft policy statement for sensitive, but unclassified info..ction prepared by the National Telecommunications and Information Systems urity Committee (NTISSC) established by NSDD-145, The Systems Security S ring Group, established by NSUD-145 to oversee Its implementation, inst ted the Chairman of the 1111SSC to develop this policy. 2. The drat policy was developed and revised by the subcommit -s of the NTISSC in respon e to recommendations provided by the NTISSC members ip. The NTISSC recommend d approval of this policy at its last meeting. We id appreciate recei my your coanments, including specific recommended c s in line-in, line-ou form with supporting rationale, not later than COB 14 July 1986. STAT Attachment: Draft Policy on Sensitive Information i UNCLASSIFIED Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88G01116R000901030002-7  Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88G01116R000901030002-7 THE WHITE HOUSE WASHINGTON July 1. Its MEMORANDUM FOR LIEUTENANT GENE National Manager NTISSI E. GOON THE HONORABLE DONALD C. LATHAM Chairman, NTISSC THE HONORABLE RONALD I. SpIERS Under Secretary of State for Mana t MR. ROBERT M. XIMMITT General Counsel Department of Treasury MR. JOHN N..RICHARDSON Senior Special Assistant to the Assistant to the Attorney General and Chief of Staff Department of Justice MR. PHILIP A. DUSAULT Acting Associate Director National Security and International b faitaj OMB VICE ADMIRAL EDWARD A. BURKHALTER Director Intelligence Community Staff SUBJECT: Proposed Policy: 'Protection of Sensfti,e, but Unclassified Information in Federal ernaant Telecommunications and Automated Infco cation Systems' At the first NSDD-145 SSSG Meeting in December, Chairman, NTISSC was instructed to prepare a m19eh siv policy for the pr~nis~e protection of sensitive, but unclassi led information handled by Federal Government telecoa~u cations and automated information systems and to leave the determination of what is sensitive to national inter sts to the heads of Government Departments and Agencies, a entities.' The encloed draft Ted o jed draft policy statement for sensitive, t unclassi- intion prepared by the NTISSC, is forward for your review and comment. Request your concurrence and/or comments by July 15, 1986. Attachment Tab A Draft Policy Af IV I !K-" Rodn y B. McDani Executive SecrIt ry National Security Council Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88G01116R000901030002-7  Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88G01116R000901030002-7 PROTECT FED TION OF SENSITIVE, BUT NCLASSIFIEO INTO ERAL GOVERNMENT TELECOMMUNICATIONS AND A TIa11 IN INFORMATION SYSTEMS CC SECTION I - POLICY Federal Departments and Agencies shall ensure that elecom- munications and automated information systems handl nq sensitive, but unclassified information, will roteinformation to the level of threat of exploitationt that associated potential damage to the national interest. the Federal Government is also required to which communicate or process protect thos systems provided to it by its citizens easovellaas cinancial data information while in the possession of U.S.~rover p at Departments and Agencies and entities. at zens, commercial business of the UnitedeState;.ciNat ional interests include, but are not limited to, the wide range of human, financial, industrial, agricultural, technol icalirnd law enforcement government information and assets o the United States in addition to national defense andf~ qe relationslmatters. adversely' affect the nationalnioation systems, e 0 %Aft, de or unauthorized manipulations orealterationiof,whichdu i its telecommunications or processing via federal gove "t communications or automated i t Sensitive, but unclassified government information s information, the loss ni SECTION II - DEFINITION SECTION III - APPLICABILITY This policy applies to all Federal Executive Branch' Departments and Agencies, entities and contractors vhieh electronically transfer, store, process, or conmuni ate sensitive, but unclassified Federal Government information. SECTION IV - RESPONSIBILITIES This policy assigns the responsibility to the heads! of Federal Government Departments and Agencies for determining? what information is sensitive, but unclassified= and for providing systems protection of such information which is electronically communicated, transferred, processed, or stored on government communications and automated information systems. Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88G01116R000901030002-7  Declassified in Part - Sanitized Copy-Approved, for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7 Federal Government Department and Agency heads shat s a. Determine which of their Department's or Agency's information is sensitive, but unclassified. b. dentify those categories of informati ~` obty generate ,nd those categories of information they obey on the public which warrant tain from communication or processinroviation as sensitive du;ing their or automated information systems. Thi. determinat ionishoulds be based on the Department's or Agency's rem policies, and experience, and those by ?.de,aties, statutes, as well as National Manager m~sad by Fede~l potential adversaries have targete. guidance on aloes that c. Identify the systems which electronically process, store, transfer, or communicate sensitive, unclassified information. d. Determine in coordination with the National Manager, as.appropriate, the threat to and the vulnerability; of those identified systems andf ',e. Develop, fund and implement a telecommunications and automated information security program, to the extent consistent with their mission responsibilities and in coordination with the National Manager, as appropriate, to satisfy their security or protection requirements. The National Manager shall provide guidance and assistance to Government Departments and Agencies to identify and' their telecommunications and automated information ysstaftsnt protection needs, and to develop the necessary secs ity architectures. Declassified in Part - Sanitized Copy Approved for Release 2013/05/08 : CIA-RDP88GO1116R000901030002-7  Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7 STAT STAT Iq Next 1 Page(s) In Document Denied STAT Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7  Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7 The ninct.x of Ceatai IMSNI saN STAT lMsNi ice CanwwnilY Staff EI/IC$ f July 1i-411) MDSORANDiM FOR: ee Distribution FROM: Chairman, Intelligence Information Handling Commit Subject: Proposed Policy: "Protection of Sensitive, But Unc assifled Information in Federal Government Telecommeunication and Automated Information Systems" I attached draft policy statement for sensitive, but unclassified info tion prepared by the National Telecommunications and Information Systems urity Committee (NTISSC) established by NSDD-145. The Systems Security S ring Group, established by NSUO-145 to oversee its implementation, inst ted the Chairman of the IISSC to develop this policy. 2. The drat policy was developed and revised by the subcommit s of the NTISSC in respon e to recommendations provided by the NTISSC members lip. The NTISSC recommended approval of this policy at its last meeting. We ld appreciate recei my your comments, including specific recommended C s In 1. Vice Admiral Burkhalter asked that we prepare a response on line-in, line-ou form with supporting rationale. not later than COB 14 July 1986. Attachment: Draft Policy on Sensitive Information UNCLASSIFIED a~& Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7  Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88G01116R000901030002-7 ` MEMORANDUM FOR LIEUTENAN T GENERAL WILLIAM B. O0CM N ational manager, NTISS THE HONORABLE DONALD C. LATH AM Chairman, NTISSC THE HONORABLE RONALD I. SpIE*S Under Secretary of State for Mana t MR. ROBERT M. RIMMITT General Counsel Department of Treasury MR. JOHN N. . RICRARDSON Senior Special Assistant to the Assistant to the Attorney General and Chief of Staff Department of Justice MR. PHILIP A. DUSAULT Acting Associate Director National Security and International A fairs] OMB VICE ADMIRAL EDWARD A. BURXRALTER Director Intelligence Community Staff SUBJECTt Proposed Policy: 'Protection of Sens$ti e, lut Unclassified Information in Federal ern ,nt Telecommunications and Automated InfCorsatioq S stems' At the first NSDD-145 SSSG Meeting in December, 1995, the Chairman, NTISSC was instructed to prepare a cow re policy for the protection of sensitive, but unclassI led information handled by Federal Government telecoomu cations and automated information systems and to leave the determination of what is sensitive to national inter sts to the heads of Government Departments' and Agencies, &&I entities.' The enclo4ed draft policy statement for sensitive, it Unclassi- fied info ation prepared by the NTISSC, is forward for your review and comment. Request your concurrence and/or comments by July 15, 1986. Attachment Tab A Draft Policy THE W HITE HOUSE WA$KSNSTo$ 46 49 July 1, its 5 104re I ROV! 14 Af - L4Y a. Mc i44 ftecutive Secr tarn National Secur ty Coil Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88G01116R000901030002-7  Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88G01116R000901030002-7 ? ? PROTU FE T TION OF SENSITIVE, NUT UNC sIrIZO I W0* ERAL GOVERNMENT ?ELECCIOIUNIGITION$ An A Tjf IN ...e %D INFORMJ I SECTION I - POLICY Federal Departments and Ag Munications and automated infoormationlsystems handl leeosf- sensitive, but unclassified information, will prote$t9that information to the level of threat of exploitation tbo associated potential damage to the national interes ?. Federal Government is also required to "so which communicate or process personal and financial ncial daiat~ provided to it by its citizens as well as company sletery information while in the Possession .._.._p - - ---- -- --.--~~ -U" enLiLlls. vLL 1 Fan it - DEFINITION Sensitive, but unclassified government information s information, the loss, misuse, destruction, or the unauthorized manipulation or alteration of which duclnq its telecommunications or processing via federal govers*snt communications or automat d e information systems, c adversely' affect the national into comercial business of the United States. einati nal Interests include, but are not limited to, the wide range of ie human, financial, industrial, agricultural, technol law enforcement government information and assets o the United St6tes in addition t o relations natters national defense and fign . SECTION III - APPLICABILITY This policy applies to all Federal Executive branchi Departments and Agencies, entities and contractors Which electronically transfer, store, process, or cawuni ate sensitive, but unclassified Federal Government information. SECTION IV - RESPONSIBILITIES This policy assigns the responsibility Departments and Agenciesiforadetermining of tederal information is sensitive, but unclassified= and for o~rldiag systems protection of such information which is el Conically communicated, transferred, processed, or stared an rapt communications and automated information systems. Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88G01116R000901030002-7  Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7 Federal Government Department and Agency heads ahal a. Determine which of their Department's or flieney's information is sensitive, but unclassified. b. dentify those categories of inforaat generate tnd those categories of information i Lhey ~eY the public which warrant they obtain from protection as sensitive duping their communication or processing via government tel or automated information systems. This deteraiati sl~obl enatl Sh ulda be based on the Department's or A9ed ncy's responsibi ities, policies, and experience, and those imposed statutes, as well as National Manager by one al potential adversaries have targeted. guidance on a,ets that c. Identify the systems which electronically store, trensfer, or communicate sensitive, unclassified rocesse information. d. Determine in coordination with the National Manager, as appropriate, the threat to and the vulnerabilitylof those identified systems and= 'e. Develop, fund and implement a telecoasrunication? and automated information security program, to the extent consistent with their mission responsibilities and in coordination with the National Manager, as appropriate, to satisfy their security or protection requirements. The National Manager shall provide guidance and assistance to Government Departments and Agencies to identify and at their telecommunications and automated information stems protection needs, and to develop the necessary seed ty architectures. Declassified in Part - Sanitized Copy Approved for Release 2013/05/08: CIA-RDP88GO1116R000901030002-7 4