INTELLIGENCE COMMUNITY COMPUTER SECURITY POLICY - INITIAL DRAFT (YOUR MEMO 21 JAN 1974)

Approved For Release 2008/05/13 :CIA-RDP89B01354R000100150003-2 STAT Approved For Release 2008/05/13 :CIA-RDP89B01354R000100150003-2  Approved For Release 2008/05/13: CIA-RDP89B01354R000100150003~2 ,,i,~ DEPARTMENT OF THE AIR FORCE HEADQUARTERS UNITED STATES AIR FORCE WASHINGTON, D.C. 20330 REPLY TO ATTN OF: IN (7601 AINTELG/INYE) /VI 15 FEB 1974 Intelligence Community Computer Security Policy - Initial Draft (Your Memo, 21 Jan 1974) TO: Central Intelligence Agency Attn: Chairman, Computer Security Subcommittee 1. The initial draft prepared by the Ad Hoc Task Team has been reviewed and cannot be supported.. The majority of the specific security requirements outlined are currently covered by DoD Directives which implement various DCID Dir- ectives, i.e., physical security, personnel security, and emanations security. The balance of the security require- ments, except the hardware/software requirements, are normal data processing installation (DPI) operating procedures. The specifications for the hardware and software require- ments in the context of the draft paper are currently beyond the state-of-the-art; probably are not attainable in the next decade; and will require the unnecessary expenditure of limited resource funds. 2. To assist in the development of a functionally useful paper, I have attached the final draft of an Air Force Reg- ulation on "Security Requirements for Automated Data Pro- cessing (ADP) Systems". Certain references and definitions will require revision; however, the structure, content, and concept of assignment of responsibilities could be used to develop a policy paper which will be extremely beneficial to the intelligence community. It is realized that several requirement areas contained in the Ad Ho.c Task Team draft are contained in the draft Air Force Regulation; however, the approach is different. 3. This draft Air Force Regulation was developed to be the instrument which would be the first step in the organization of a comprehensive approach to the Computer Security problem. This is based on a Computer Security Plan similar to the plan previously provided to the Chairman by the Air Force representative. A number of distinct documents would be developed to address related problem areas such as future hardware/software design requirements; R&D effort for secure operating systems; establishment of methodologies, techniques and procedures, and other related items. Underwrite Your Country's Might - Buy U.S. Savings Bonds Approved For Release 2008/05/13: CIA-RDP89B01354R000100150003-2  Approved For Release 2008/05/13: CIA-RDP89B01354R000100150003-2 4. A related area which should be addressed by the sub- committee concerns the fact that the technical advances and sophistication of todays computer systems have outdated the manual handling and control systems developed for compart- mented information years ago. I -~ - ~~~~~~: W1LLlA~~M P. ~O~SE~I, Cannel, ~;i,def, Data Ma~na~ement Branccy ~.i:e~s (~ana~~ment Divisro~ , Approved For Release 2008/05/13: CIA-RDP89B01354R000100150003-2