1993-09-29 - Re: Orange book, the NSA, and the NCSC

Header Data

From: tcmay@netcom.com (Timothy C. May)
To: erc@apple.com
Message Hash: 783dfb8075cd4c1fa49dc50087b8c9f4f2fef38095ef92d105512470ca8ba79d
Message ID: <9309291855.AA19302@netcom3.netcom.com>
Reply To: <m0oi5rq-00022EC@khijol>
UTC Datetime: 1993-09-29 18:56:46 UTC
Raw Date: Wed, 29 Sep 93 11:56:46 PDT

Raw message

From: tcmay@netcom.com (Timothy C. May)
Date: Wed, 29 Sep 93 11:56:46 PDT
To: erc@apple.com
Subject: Re: Orange book, the NSA, and the NCSC
In-Reply-To: <m0oi5rq-00022EC@khijol>
Message-ID: <9309291855.AA19302@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


I mentioned NSDD-145 and Ed Carp asked for more information:

> > Savage Road is the actual address of the Agency; Fort Meade per se is
> > huge. NCSC as created in 1984 as part of NSDD-145 (National Security
> > Decision Directive-145, a very important one). Prior to that date it
> > had been called the DoD Computer Security Center, located smack dab in
> > the center of SIGINT City.
> 
> Why is Directive 145 important?  <curious>

National Security Decision Directive 145 (NSDD-145) was signed by
Reagan in 1984 as the "National Policy on Telecommunications and
Automated Information Security."

It extended the charter of the NSA from just the protection of
government information (I'm talking about the COMSEC part of NSA, of
course) to commercial, non-gov't information as well. The "Commercial
COMSEC Endorsement Program" (CCEP).

(I believe COMSEC, Communications Security, has since been changed to
INFOSEC. One thing the Agency does is to frequently change the names
of groups, departments, functions. Security by bureaucracy I guess.)

You may recall that the Feds said around this time that DES was
basically dead, that the CCEP would result in a new line of crypto
systems...several companies, including Cylink, Intel, etc., developed
products for inclusion on the Evaluated Products List (EPL).

NSDD-145 also created the NCSC, as noted earlier. As everyone knows,
"DOCKMASTER" is a not-especially-secure machine used by
NCSC-affiliated researchers and vendors to send mail, etc. The
frequent comments about how the NSA/NCSC is "on the Net" are hardly
revelatory. Many machines are on the Net, and you can surely bet that
the important machines are not.

(And of course various nets exist. Milnet (or MILNET, or whatever) is
one, and various successors to the old AUTOVON and AUTODIN command and
control nets.)

The National Computer Security Act came later, circa 1987.

I have a lot more stuff in my files, but this ought to satisfy the
casually curious.

-Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: PGP and MailSafe available.
Note: I put time and money into writing this posting. I hope you enjoy it.





Thread