ISB MEMORANDUM OF AGREEMENT

Sanitized Copy Approved for Release 2011/06/09: CIA-RDP88G01332R000100010010-9 -2071 December 8, 1986 MEMORANDUM FOR: Director of Information Technology FROM: SUBJECT: Ed: William F. Donnelly, Deputy Director for Administration ISB Memorandum of Agreement I fully support the proposed initiatives outlined in the attached Memorandum of Agreement from the Information Systems Board off-site conference. Please provide routine, periodic reporting to the ISB through me on the items marked *1* through *4* in the attachment. A copy of this memorandum is being sent to the Director of Communications since item *4* is a joint OIT-OC action. William F. Donnelly Deputy Director for, Administration cc: D/OC DISTRIBUTION: Original - Addressee w/att 1 - D/OC w/att 1 - DDA Subject w/att 1 - DDA Chrono w/att 1 - EXA/Chrono w/att Sanitized Copy Approved for Release 2011/06/09: CIA-RDP88G01332R000100010010-9  Sanitized Copy Approved for Release 2011/06/09: CIA-RDP88G01332R000100010010-9 MEMORANDUM TO: Information Systems Board FROM: Executive Director SUBJECT: Memorandum of Agreement The Information Systems Board met for a two da conference on Thursda and Friday, 6-7 November 1986. Attending were: (ExDir), (D/OIR), (CAMS), Ed Maloney (D/OIT (D/OC), (D/Compt, for the ADDS&T), D/OIR, (DC/lMS) (ORD), (O/ExDir), and (ISB Executive Secretary). The Board discussed the following issues and agreed on the listed actions. (The Chairman established the action due dates in parentheses). The Board also agreed that these decisions and actions should be publicized throughout the Agency in order to provide maximum guidance and direction to employees. Statement of Commitment - (ISB ACTION) The Board agreed to draft and publicize an information technology statement to provide broad Agency-wide guidance and direction (by January 1987). The first draft of that statement is appended, and will be discussed (at the ISB meeting on 8 December). Security - The Board called for a comprehensive set of security standards for systems, rules for system users, a realistic program of investment and procurement to support and enforce the standards and rules, and protected funding for the investment and procurement program. (DDA ACTION) On behalf of The Board, the Chairman asks the DDA: (1) to form a task force to review security standards and rules for automated systems and users and prepare a statement detailing individual, component, and central service security responsibili- ties (by February 1987), (2) to suggest serious and immediate upgrades to our auditing program as our first line of defense (by February 1987), (3) to fix responsibility clearly for a comprehensive Headquarters Information Technology Security Program, and (4) to undertake a thoughtful program of continuing education for all employees on the rules and responsibilities of automated system use. (OIT ACTION) Recognizing the complex issues presented by local electronic media storage capabilities inherent in personal computers, The Board further asked that OIT study the technical feasibility and desirability of methods other than encryption for securing PC storage media -- such as using "diskless" PC's or secure, remote local storage--(by March 1987). Responsibility - The Board was in general agreement on the division of labor between the providers and customers of information services, describing that division as a "federal system" in which some computing services are centrally controlled, maintained and directed, and some are locally controlled by the components. Sanitized Copy Approved for Release 2011/06/09: CIA-RDP88G01332R000100010010-9  Sanitized Copy Approved for Release 2011/06/09: CIA-RDP88G01332R000100010010-9 CONFIDENTIAL Page 3. *2* (OIT ACTION) The Board asked OIT to prepare a draft ISB Policy Statement (by February 1987) on customer support detailing the responsibilities mix between the central services and the components, and the responsibilities of individual employees and vendors. (OIT ACTION) As a first step toward resolving some important data storage issues, the Board agreed that OIT should draft a proposal (by February 1987) for archiving stored data in order to relieve some of the immediate pressure on direct-access storage. Human Resources - (ISB ACTION) The Board intends to "actively monitor" the Agency Compensation Task Force's efforts to redo the compensation system for information technology specialists. In particular, the ISB will urge the task force to consider greater responsibility and flexibility for line supervisors in controlling and managing personnel resources. Compatibility - The Board determined that the issue of compatibility and the need to comply with cooperatively agreed-upon technical standards is a fundamental issue for the Agency. Several decisions were made as a result. (1) It will be Agency policy not to approve procurement of any information technology systems which do not meet connectivity and other technical standards ado ted b the Customer Standards Group (CSG). All equipment pro- cured under which requires D/OIT and C/ISSD approval, must meet these standards regardless of intended uses. The Board accepts the responsibility for reviewing all requests not resolved by the D/OIT for exceptions to the agreed-upon technical standards. (2) (OIT/CSG ACTION) On behalf of the ISB, the D/OIT will task the Customer Standards Group to develop criteria under which systems seeking exception to the Agency's standards will be judged. (3) (OIT/CSG ACTION) The D/OIT will also task the CSG to identify a handful of potentially useful advanced technical solutions of interest to the components as test-beds in order to ensure continuing innovation and evolution in our systems. (4) (OIT/CSG ACTION) The Board will continue to monitor the efforts of the Customer Standards Group in establishing technical and service standards and asks OIT and the CSG to give wide publicity to these criteria and standards once adopted. (5) (OIT/CSG ACTION) The Board asks OIT and CSG to brief it on plans for accomplishing these tasks (at the December 8, ISB meeting). (ORD ACTION) Recognizing that there is a need for compartmented text processing capabilities which must be separated from the central systems, the Board endorsed the formation of an inter-directorate group, chaired by ORD, to investigate such requirements and to draft criteria for such systems in order to limit the number of different solutions to a handful of the most generally useful (by March 1987). Planning and Management - (OIT/COMPTROLLER ACTION) The Board agreed to an OC and Comptroller recommendation to extend the Comptrollers "Tab 13" process -- Sanitized Copy Approved for Release 2011/06/09: CIA-RDP88G01332R000100010010-9  Sanitized Copy Approved for Release 2011/06/09: CIA-RDP88G01332R000100010010-9 CONFIDENTIAL Page 4. whereby components can detail their communications requirements for the coming budget years and OC analyzes the cost of these -- to include data processing requirements beginning this year. *4* (OC/OIT ACTION) The Board welcomed OIT and OC's offer to cooperatively create a resource model of Agency world-wide networks and systems by 1 February to be used to support planning and budget preparation. (ISB/COMPTROLLER ACTION) The ISB will review all new information technology initiatives at its meeting on February 2. The Comptroller will make available one page descriptions of these initiatives for ISB review, together with an initial evaluation of these proposals. Sanitized Copy Approved for Release 2011/06/09: CIA-RDP88G01332R000100010010-9