COMPUTER SECURITY SUBCOMMITTEE OF THE UNITED STATES INTELLIGENCE BOARD SECURITY COMMITTEE

// Declassified in Part- Sanitized Copy Approved forRelease2013/08/23 : CIA-RDP89B01354R000400530013-6 /1 .., L) CJ- ...,-- C-O-N-P-I-D IBSEC-CSS-M-73 25 May 1973 COMPUTER SECURITY SUBCOMMITTEE OF THE UNITED STATES INTELLIGENCE BOARD SECURITY COMMITTEE Minutes of Meeting Held at CIA Headquarters Langley, Virginia 25 May 1973 1. The seventy-third meeting of the Computer Secu- rity Subcommittee of the United States Intelligence Board Security Committee was held between 0930 and 1145 hours on 25 May 1973 in Room 4E-64, CIA Headquarters Building. In attendance were: Mr. Frank M. Machak, State Alternate Mr. Carl R. Lambert, Navy Member Captain Frederick R. Tucker, Air Force Member Mr. Michael F. Murphy, Treasury/USSS Member 2. The security level of the meeting was TOP SECRET SI/TK. 3. Approval OfMinutes: The minutes of the 11 May 1973 Subcommittee meeting (M-72) were a...roved as written. STAT STAT STAT STAT Declassified in Part - Sanitized Copy Approved for Release 2013/08/23: CIA-RDP89B01354R000400530013-6 Declassified in Part - Sanitized Copy Approved for Release 2013/08/23: CIA-RDP89B01354R000400530013-6 ,ka C-0-N-F-I-D-E-N-T-I-A-L 4. Computer Security Subcommittee Status: The Chair- man related that the discussion of the CSS status regarding maintaining the present Subcommittee versus a staff under the IC Staff was brought to the attention of the Security Committee. The Security Committee indicated that any such proposal was at this time premature in view of the USIB structure study now underway. The SECOM directed the CSS to get on with the task of writing a policy paper. At this juncture the CIA Member asked whether the policy paper detail- ing the sanitization of storage media should be completed prior to resumption of efforts on the general Computer Secu- rity Policy Paper. The Chairman advised that sanitization procedures would be incorporated in the comprehensive policy paper, thus precluding the necessity of a separate document. 5. Planned Intelligence Community Computer Security Policy Paper: The Chairman raised for discussion again at the instant meeting the proposal to use the substance of the DoD computer security directive and manual as a basis for developing a community policy paper on computer security. Some discussion took place at the meeting concerning this approach, at the conclusion of which it was the consensus of the Subcommittee that the DoD papers would serve as a good starting point. 6. The Chairman indicated that he would reformat the contents of the DoD directive and manual to serve as a basic draft upon which to build. Copies of this reformatted draft should be available to Subcommittee members at the next meeting. 7. Proposed Sanitization of the DCID No. 1/16: Noting the requirement for disseminating at least substantive portions of DCID No. 1/16 to contractors in order to ensure appropriate protection for sensitive compartmented information processed at contractor locations, the Chairman reported on his proposal to the Chairman, USIB Security Committee to release the DCID. The Chairman, SECOM chose the option of preparing a sanitized version of the Directive which would be purged of its DCID format. 2 Declassified in Part - Sanitized Copy Approved for Release 2013/08/23: CIA-RDP89B01354R000400530013-6 Declassified in Part - Sanitized Copy Approved for Release 2013/08/23: CIA-RDP89B01354R000400530013-6 C-O-N-F-I-D-E-N-T-I-A-L 8. At the instant meeting the Chairman disseminated copies of a proposed sanitized version which not only deleted reference to the USIB structure but also omitted the waiver provisions of the original Directive by simply suggesting that problem cases be discussed with the cognizant approving authority. At the request of the Chairman, the Subcommittee noted the contents of the paper and agreed that it could be forwarded to the Security Committee for approval. The Chairman will forward it to SECOM with a proposed cover memorandum to be used in its dissemination; this dissemina- tion cover will identify it as a sanitized version of DCID No. 1/16 for the use of contractors and other agencies where copies of the DCID itself are not required, but where the protection of sensitive compartmented information in computer operations is needed. 9. COINS Security Panel: The Chairman reported on his attendance the previous day at the meeting of the COINS Security Panel. He mentioned that the Panel has been re- structured with as Chairman and as full-time Security Officer for COINS. He also called attention to the announcement that COINS budgeting is allow- ing for a significant increase in funding for security research and development with reference to COINS. 10. Next Subcommittee Meeting: The next meeting of the Subcommittee is scheduled for 22 June 1973 at 0930 hours at CIA Headquarters. Chairman Computer Security Subcommittee C-O-N-F-I-D-E-N-T-I-A-L STAT STAT Declassified in Part - Sanitized Copy Approved for Release 2013/08/23: CIA-RDP89B01354R000400530013-6