SECURITY RESPONSIBILITIES IN INTERAGENCY COMPUTER TERMINAL LINKS

Approved For Release 2008/05/21: CIA-RDP89BO1354R000100090005-7 UUNIIULN I IAL MEMORANDUM FOR: Chairman, USIB Computer Security Subcommittee SUBJECT : Security Responsibilities in Interagency Computer Terminal Links 1. The policy paper prepared by the Computer Security Subcommittee under the subject "Security Responsibilities in Interagency Computer Terminal Links" has been coordinated with the appropriate components of the Central Intelligence Agency. 2. CIA concurs in the concept of this paper; however, a few suggestions were offered to further clarify the intent of the paper: (1) It was suggested that the definition might be more simply stated as follows: "Interagency computer terminal links con- nect a computer in one USIB agency to a central processing unit in another USIB agency." (2) It was also suggested that the definition be reworded to reflect situations wherein a terminal may not be connected directly to a central processing unit, but may be connected to a computer system through a switch; i. e. COINS. CONFIDENTIAL Cia Approved For Release 2008/05/21: CIA-RDP89BO1354R000100090005-7  Approved For Release 2008/05/21: CIA-RDP89BO1354R000100090005-7 GUNFIULN I SAL b. Policy: (1) It is felt that the policy statement may be too broad and could result in one agency dictating procedures to the other agency which may not be consistent with the other agency's internal standards and controls. To eliminate this possibility, the following changes are recommended: (a) The security level (e. g. Secret, Top Secret, Etc. ) for the operation of remote terminals will be specified by the agency operating the central processing unit to which the terminal is connected; (b) The agency installing and operating the remote terminal will insure that this security level is maintained in its use of the remote terminal device. The above suggested changes would bring this policy paper under the context of present security regulations as now practiced in the USIB environment for control of classified information; thus confusion as to the actual requirements for the handling of shared infor- mation would be prevented. c. General: (1) It may be wise to include guidance for the situation wherein a terminal may be con- nectable to more than one USIB agency and the security requirements differ. CONFIDENTIAL Approved For Release 2008/05/21: CIA-RDP89BO1354R000100090005-7  Approved For Release 2008/05/21: CIA-RDP89BO1354R000100090005-7 GUNFIULN I IAL (2) It was suggested that the policy should also cover a case where a computer system of one agency is linked to the computer system of another agency. CIA Member Computer Security Subcommittee CONFIDENTIAL Approved For Release 2008/05/21: CIA-RDP89BO1354R000100090005-7