Solved by verified expert:Please read National Security Decision Directive Number 145 (NSDD-145) signed by President Reagan on 17 September 1984 (White House, 1984), and write an 800 word summary and reaction paper in APA format, including citations to the paper and a “works cited” section which must include at least the directive itself. Please note that this will be automatically run through “TurnItIn dot Com”, so please be sure that it will not appear to be plagiarized.Works Cited:White House. (1984). National Security Decision Directive Number 145 (NSDD-145): National Policy on Telecommunications and Automated Information Systems Security. 1-11. Washington, D. C,: White House.The File is attached to which reaction paper is to be written
nsdd_145.pdf
Unformatted Attachment Preview
,
THE WHITE HOUSE
UNCLASSIFIED
WASHINGTON
Sep t e mber 17, 1984
National
Vi~ective
Secu~ity
Numbe~
V~ci&icn
145
NATIONAL POLICY ON TELECO?-l”-!UNICATIO~S
AND AUTOMATED INFORMATION SYSTE!1S SECURITY
(U)
Recent advances in microelectronics technology have st i mulated
an unprecedented growth in the supply of telecorr~unications and
information processing services within the goverrnent and
throughout the private sector. As new technologies have been
applied, traditional distinctions between teleco~~ unications
and automated information systems have begun to disappear.
Although this trend promises greatly improved efficiency and
effectiveness, it also poses significant security challenges.
Telecorr~ unications and auto~ ated information processing s y stems
are highly susce p tible to interception, unauthor i z e d electronic
access, and related forw.s of technical exploitation, as well as
other dimensions of the hostile intelligence threat. The
technology to exploit th e se electronic systems is widespread
and is used extensively by foreign ~ations and can be e mployed,
as ~ell, by terrorist groups and criminal elements. Gov ernrr.ent
systems as well as those ~hich process the private or
proprietary information of US persons and businesses can become
targets for foreign exploitation.
(U)
Within the government these syste.ms process and communicate
classified national security information and other sensitive
information concerning the vital interests of the United
States.
Such information, even if unclassified in isolation,
often can reveal highly classified and other sensitive
information when taken in aggregate. The compromise of this
information, especially to hostile intelligence services, dces
serious damage to the United States and its national security
interests. A comprehensive and coordinated approach must be
taken to protect the government’s telecommunications and
automated information . systems against current and projected
threats.
This approach must include mechanisms for f o rmulating
policy, for overseeing systems security resources programs, and
for coordinating and executing technical activities.
(U)
This Directive: Provides initial objectives, policies, and an
organizational structure to guide the conduct of national
activities directed toward safeguarding systems which process
or communicate sensitive information from hostile exploitation;
establishes a mechanism for policy development; and assigns. ,~J,~J~
UN
Ur~i§SlFMb..
CLASSiFfEC
~la.J:~”tu.f=-
Dec!aS5:lied.’ Re~easej on a’IJ~ JA
ur.de~ P•ov;; icr.s ot E J 1L2~~– –
by s . T1ilty, Nali0nai Sec:.!rity c,.;:.. :: •i
responsibilities for implementation.
It is intended to assure
full participation and cooperation among the various existing
centers of technical expertise throughout the Executive Branch,
to promote a coherent and coordinated defense against the
hostile intelligence threat to these systems, and to foster an
appropriate partnership between government and the private
sector in attaining these goals. · This Directive specifically
recognizes the special requirements for protection of
intelligence sources and methods. It is intended that the
mechanisms established by this Directive will initially focus
on those automated information systems which are connected to
telecommunications transmission systems.
(U)
1.
Objectives.
Security is a vital element of the
operational effectiveness of the national security activities
of the government and of military combat readiness.
Assuring
the security of telecorrmunications and automated information
systems which process and corrmunicate classified national
security information, and other sensitive government national
security information, and offering assistance in the protection
of certain private sector information are key national
responsibilities.
I, therefore, direct that the government’s
capabilities for securing teleco~munications and automated
information systems against technical exploitation threats be
maintained or improved to provide for:
a.
A reliable and continuing capability to assess
threats and v ulnerabilities, and to i mplement appropriate,
effective countermeasures.
b.
A superior technical base within the goverr.ment
to achieve this security, and support for a superior technical
base within the private sector in areas which c omplement and
enhance sovernment capabilities.
c.
A more effective a·pplication of government
resources and encouragement of private sector security initiatives.
d.
Support and enhancement of other policy objectives for national telecommunications and automated inforr:-.ation
systems.
(U)
2.
Policies.
In support of these objectives, the
following pollcies are established:
a.
Systems which generate, store, process, transfer
or communicate classified information in electrical form shall
be secured by such means as are necessary to prevent compromise
or exploitation.
b.
Systems handling other sensitive, but unclassified, government or government-derived information, the loss of
which could adversely affect the national security interest,
UNCLASSfFIEt
~tf1F·~+1″1_~
.,.~I’~CLASSlFIED
shall be protected in proportion to the threat of exploitation
and the associated potential damage to the national security.
c.
The govern;;,ent shall encourage, advise, and,
where appropriate, assist the private sector to:
identify
systems which handle sensitive non-government information, the
loss of which could adversely affect the national security;
determine the threat to, and vulnerability of, these systems;
and formulate strategies and measures for providing protection
in proportion to the threat of exploitation and the associated
potential damage.
Information and advice from the pers·pective
of the private sector will be sought with respect to
implementation of this policy.
In cases where implementation
of security measures to non-governmental systems would be in
the national security interest, the private sector shall be
encouraged, advised, and, where appropriate, assisted in undertaking the application of such measures.
d.
Efforts and programs begun under PD-24 which
support these policies shall be continued.
(U)
3.
Implementation.
This Directive est a blishes a senior
level steer1ng group; an interagency group at the operating
level; an executive agent and a national ~anager to implement
these objectives and policies.
(U)
4.
Systems Security Steering Group.
a.
A Systems Security Steering Group consisting
of the Secretary of State, the Secretary of the Treasury, the
Secretary of Defense, the Attorney General, the Director of
the Office of Management and Budget, the Director of Central
Intelligence, and chaired by the Assistant to the President for
National Security Affairs is established. The Steering Group
shall:
(1) Oversee this Directive and ensure its
implementation. It shall provide guidance to the Executive
Agent and through him to the National Manager with respect to
the activities undertaken to implement this Directive.
(2)
Monitor the activities of the operating
level National Telecommunications and Information Systems
Security Corr~ittee and provide guidance for its activities in
accordance with the objectives and policies contained in this
Directive.
(3)
Review and evaluate the security status of
those telecommunications and automated information systems that
handle classified or sensitive government or government-derived
information with respect to established objectives and
priorities, and report findings and recorr~endations through the
National Security Council to the President.
‘
-)oo.o(· •,… – .- – – ·.
… ;, .., ,,,..
.._t’·~-.v~~ .. lt
–p!wl. . ~ ;._
(4)
Review consolidated resources program and
budget proposals for telecommunications systems security,
including the COt-~SEC Resources Program, for the VS Government
and provide recorrrrendations to O!lli for tte normal budget review
process.
(5)
Review in aggregate the program and budget
proposals for the security of automated information systems of
the departments and agencies of the government.
(6)
Review and approve matters referred to it
by the Executive Agent in fulfilling the responsibilities
outlined in paragraph 6. below.
(7)
On matters pertaining to the protection of
intelligence sources and methods be guided by the policies of
the Director of Central Intelligence.
(8)
Interact with the Steering Group on
National Security Telecor.~unications to ensure that the
objectives and policies of this Directive and NSDD-97, National
Security TelecorrJnunications Policy, are addressed in a
coordinated manner.
(9)
RecorrJ1lend for Presidential approval additions or revisions to this Directive as national interests may
require.
(10) Identify categories of sensitive
non-government information, the loss of V.’hich could adversely
affect the national security interest, and recommend steps to
protect such information.
(U)
b.
. The National Manager for Telecommunications and
Information Systems Security shall function as executive
secretary to the Steering Group. · (U)
5.
The National TelecorrJ1lunications and Information
Systems Secur1ty Comm1ttee.
a.
The National Telecommunications and Information
Systems Security Committee (NTISSC) is established to operate
under the direction of the Steering Group to consider technical
matters and develop operating policies as necessary to imple- ·
ment the provisions of this Directive.
The Committee shall be
chaired by the Assistant Secretary of Defense (Command, Control,
CorrJ1lunications and Intelligence) and shall be composed of a
voting representative of each me~ber of the Steering Group and
of each of the following:
The Secretary of Commerce
The Secretary of Transportation
The Secretary of Energy
CON.£,
E.~ ED
. • +G’I:J.
;~ !~~t~
·…· ~: … .·-… ;-·s~.:?st’IED
Chairman, Joint Chiefs of Staff
Administrator, General Services Ad.r.1inistration
Director, Federal Bureau of Investigation
Director, Federal Emergency ~anagenent Agency
The Chief of Staff, United States Army
The Chief of Naval Operations
The Chief of Staff, United States Air Force
Cornmandan t, United States 1-!ar ine Corps
Director, Defense Intelligence Agency
Director, National Security Agency
Manager, National Communications System
(U)
b.
The Corrmittee shall:
(1)
Develop such specific operating policies,
objectives, and priorities as may be required to implement this
Directive.
(2)
Provide teleco~1unication and automated
information systems security guidance to the departments and
agencies of the government.
(3)
Submit annually to the Steering Group an
evaluation of the status of national telecorr~unications and
automated information systems security with respect to established objectives and priorities.
(4)
Identify systems which handle sensitive,
non-government information, the loss and exploitation of which
could adversely affect the national security interest, for the
purpose of encouraging, advising and, where appropriate,
assisting the private sector in applying security measures.
(5)
Approve the release of sensitive systems
technical security material, information, and techniques to
foreign governments or international organizations with the
concurrence of the Director of Central Intelligence for those
activities which he manages.
(6)
Establish and maintain a national system
for promulgating the operating policies, directives, and
guidance which may be issued pursuant to this Directive.
(7)
Establish permanent and temporary subcommittees as necessary to discharge its responsibilities.
(8)
1-1ake recommendations to the Steering Group
on Committee membership and establish criteria and procedures
for permanent observers from other departrr:ents o~ agencies
affected by specific matters under deliberation, who may attend
~eetings upon invitation of the Chairman.
( 9)
Interact with the National Communications
System Committee of Principals established by Executive Order
UNCLASS~FIED
. , . • . , ,CQt)l.fl DENT.l,AL
_. . -~ – ~; · ..-,.,”‘~.-rf.. · .. ~ ·~. . . – ·’ . . . ‘ – ~
_ee~tE-tnrt!TlAt:
_:NCLASSiFIED
12472 to ensure the coordinated execution of assigned responsibilities.
(U)
c.
The Commit tee shall have tv;o subcor.c~lli t tees, one
focusing on telecorr~unications security and one focusing on
automated information systems security.
The two subcomm~ttees
shall interact closely and any recommendations concerning·
impleffientation of protective ffieasures shall combine and coordinate both areas where appropriate, while considering any
differences in the level of maturity of the technologies to
support such implementation. However, the level of mattirity of
one technology shall not impede implementation in other areas
which are deemed feasible and important.
(U)
d.
The Committee shall have a permanent secretariat
composed of personnel of the National Security Agency and such
other personnel from departments and agencies represented on
the Committee as are requested by the Chairman.
The National
Security Agency shall provide facilities and support as
required.
Other departments and agencies shall provide
facilities and support as requested by the Chairman. (U)
6.
The Executive Agent of the Government for
Telecommunications and Information Systems Security.
The
Secretary of Defense is the Executive Agent of the Government
for Corr~unications Security under authority of Executive
Order 12333. By authority of this Directive he shall serve an
expanded role as Executive Agent of the Governrr;ent for
Telecommunications and Automated Information Systems Security
and shall be responsible for implementing, under his signature,
the policies developed by the NTISSC.
In this capacity he
shall act in accordance with policies and procedures
established by the Steering Group and the NTISSC to:
a.
Ensure the development, in conjunction with
NTISSC member departments and agencies, of plans and programs
to fulfill the objectives of this Directive, including the
development of necessary security architectures.
b.
Procure for and provide to departments and
agencies of the government and, where appropriate, to private
institutions (including government contractors) and foreign
governments, technical security material, other technical
assistance, and other related services of corr~on concern, as
required to accomplish the objectives of this Directive.
c.
Approve and provide minimum security standards
and doctrine, consistent with provisions of the Directive.
d.
Conduct, approve, or endorse research and
development of techniques and equipment for telecorr~unications
and automated information systems security for national
security information~
UNCLASS~FiED
e.
Operate, or coordinate the efforts of, government technical centers related to telecor.~unications and
automated information systems security.
f.
Review and assess for the Steering Group the
proposed teleconununications systems security programs and~
budgets for the departments and agencies of the government for
each fiscal year and recorr~end alternatives, where appropriate.
The views of all affected departments and agencies shall be
fully expressed to the Steering Group.
g.
Review for the Steering Group the aggregated
automated information systems security program and budget
recommendations of the departments and agencies of the US
Government for each fiscal year.
(U)
7.
The National Manager for Telecommunications Security
and Automated Information Systems Security. The Director,
National Security Agency is designated the National Manager for
TelecorrJ11.unications and Automated Information Systems Security
and is responsible to the Secretary of Defense as Executive
Agent for carrying out the foregoing responsibilities.
In
fulfilling these responsibilities the National ~~anager shall
have authority in the name of the Executive Agent to:
a.
Examine government teleco~~unications systems
and automated information systems and evaluate their vulnerability to hostile interception and exploitation.
Any such
activities, including those involving monitoring of official
telecommunications, shall be conducted in strict compliance
with law, Executive Orders and applicable Presidential
Directives. No monitoring shall be performed without advising
the heads of the agencies, departments, or services concerned.
b.
Act as the governm~nt focal point for cryptography, telecommunications systems security, and automated
information systems security.
c.
Conduct, approve, or endorse research and
development of techniques and equipment for telecommunications
and automated information systems security for national
security information.
d.
Review and approve all standards, techniques,
systems and equipment$ for telecommunications and automated
information systems security.
e.
Conduct foreign communications security liaison,
including agreements with foreign governments and with
international and private organizations for telecommunications
and automated information systems security, except for those
foreign intelligence relationships conducted for intelligence
purposes by the Director of Central Intelligence. Agreements
shall be coordinated with affected departments and agencies.
UC II ill
lliw0
·-“”””I ·-‘r.~ :o~:
n ~.,.f. … ~ -·~r~
“”””ci”‘-6-~~~..::;.r;c.:r
f.
Operate such printing and fabrication facilities
as may be required to perform critical functions related to the
provision of cryptographic and other technical security
material or services.
g.
Assess the overall security posture and
disseminate information on hostile threats to telecommunications and automated information systems security.
h.
Operate a central technical center to evaluate
and certify the security of telecommunications systems ·a nd
automated information systems.
i.
Prescribe the minimum standards, ~ethods and
procedures for protecting cryptographic and other sensitive
technical security material, techniques, and information.
j.
Review and assess annually the
telecommunications systems security programs and budgets of the
departments and agencies of the government, and recommend
alternatives, where appropriate, for the Executive Agent and
the Steering Group.
k.
Review annually the aggregated automated
information syste~s security program and budget recommendations
of the departments and agencies of the US Govern:..ent for the
Executive Agent and the Steering Group.
1.
Request from the heads of departDents and
agencies such information and technical support as may be
needed to discharge the responsibilities assigned herein.
m.
Enter into agreements for the procurement of
technical security material and other equipment, and their
provision to government agencies ·and, where appropriate, to
private organizations, including government contractors, and
foreign governments.
(U)
8.
The Heads of Federal Departments and Agencies shall:
a.
Be responsible for achieving and maintaining a
secure posture for telecommunications and automated information
systems within their departments or agencies.
b.
Ensure that the policies, standards and
doctrines issued pursuant to this Directive are i~plemented
within their departments or agencies.
c.
Provide to the Systems Security Steering Group,
the NTISSC, Executi~e Agent, and the National Manager, as
appropriate, such information as may be required to discharge
responslbilities assigned herein, consistent with relevant law,
Executive Order, and Presidential Directives.
(U)
9.
Additional Responsibilities.
a.
The Secretary of Commerce, through the Director,
National Bureau of Standards, shall issue for public use such
Federal Information Processing Standards for the security of
information in automated information syste~s as the Steering
Group may approve. The Manager, National Communications
System, through the Administrator, General Services
Administration, shall develop and issue for public use such
Federal Telecommunications Standards for the security of
information in telecommunicati …
Purchase answer to see full
attachment
