COMPUTER SECURITY ACT OF 1987, PUBLIC LAW 100-235, 8 JANUARY 1988

Declassified in Part- Sanitized Copy Approved for Release 2013/08/28: CIA-RDP91B00390R000200120018-6 IZettrIrrAL 25X1 25X1 25X1 25X1 25X1 1 6 AUG NU MEMORANDUM FOR: Chief, Technical Security Staff/OIT FROM: SUBJECT: REFERENCE: Director of Security Computer Security Act of 1987, 100-235, 8 January 1988 Public Law Ltr for DCI from GAO dtd 18 Jul 88, Same Subject, ER 88-28504 1. The referenced letter from GAO indicates that GAO has been tasked with ascertaining the extent to which federal agencies are complying with the requirements of the Computer Security Act of 1987, Public Law 100-235, 8 January 1988. In a May 1988 memorandum, the Office of Management and Budget (OMB) requested our comments on the draft Guidance for Preparation and Submission of Security Plans for Federal Computer Systems Containing Sensitive Information as required by the Computer Security Act. In our 27 July 1988 response to OMB we advised that after reviewing the draft Guidance we determined that the Agency is exempt from the provisions of the Act under Section 3,(3),(A) of the Act. That section of the Act specifically excludes systems covered under Section 3502 of title 44, U.S.C. Also, Intelligence Systems are excluded under Section 2315 of title 10, U.S.C. 2. In addition, we pointed out that the Applicability section of the Guidance states that the Act and the Guidance do not apply to computer systems continuously protected by standards used to secure classified information. We stated that all Agency Systems which process sensitive information are so protected. 3. Our response to GAO should specify that, for the reasons cited above, the Agency is exempt from the provisions of the Computer Security Act of 1987. SS15.1aLNTTX1 Declassified in Part- Sanitized Copy Approved for Release 2013/08/28: CIA-RDP91B00390R000200120018-6 2E, Declassified in Part- Sanitized Copy Approved for Release 2013/08/28: CIA-RDP91B00390R000200120018-6 ? CON FI2fttrr IAL 25X1 . If you have any questions, contact Chief, Policy Branch, Policy and Plans Staff, OS, on .OS/PB/PPS !Distribution:: Orig - Adse! 1 - D/OS Chrono! (t)- PPS Chronot - OS Registry! 25X1 ( 11 Aug 88)! ? STAT 2 CONF NTIAL Declassified in Part- Sanitized Copy Approved for Release 2013/08/28: CIA-RDP91B00390R000200120018-6