[Federal Register Volume 60, Number 28 (Friday, February 10, 1995)]
[Notices]
[Page 8100]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 95-3408]



=======================================================================
-----------------------------------------------------------------------

OFFICE OF MANAGEMENT AND BUDGET


Draft Security Tenets for the National Information Infrastructure

AGENCY: Office of Management and Budget.

ACTION: Notice and request for comments.

-----------------------------------------------------------------------

SUMMARY: OMB is publishing these draft Security Tenants for the 
National Information Infrastructure (NII) on behalf of the Security 
Issues Forum of the Information Infrastructure Task Force. The Tenets 
were developed by the Forum to help support the secure use of the NII. 
The Forum is chaired by OMB. OMB has not adopted these Security Tenets 
as policy, but is publishing them in the belief that they are worthy of 
public discussion.

DATES: Comments should be submitted no later than April 11, 1995.

ADDRESSES: Comments should be sent to the Security Issues Forum c/o the 
Office of Information and Regulatory Affairs, Office of Management and 
Budget, Room 10236, Washington, DC 20503. The Tenets can be downloaded 
from the IIFT gopher/bulletin board system: 202-501-1920. The IITF 
gopher/bulletin board can be accessed through the Internet by pointing 
your gopher client to IITF.DOC.GOV or by telnet to IITF.DOC.GOV and 
logging in as GOPHER. Electronic comments may be sent to 
[email protected]. (Note: e-mail address is A1, not AL.

FOR FURTHER INFORMATION CONTACT:
Ms. Virginia Huth, NII Security Issues Forum, Office of Management and 
Budget, Washington, DC 20503. Voice telephone: 202-395-3785. Facsimile: 
202-395-5167. E-mail: [email protected]. (Note: e-mail address is A1, 
not AL.)

SUPPLEMENTARY INFORMATION: Government has an important public mission 
to support the secure use of the NII. In order for the support to be 
effective, the Government must cooperate with the private sector and 
with the public-at-large in setting legal and policy ground rules for 
security in the NII. The Security Issues Forum provides leadership for 
Federal NII security activities. The Security Tenets are an early step 
in the development of an ``NII Security Plan'' to define the security 
requirements for the NII and to determine needed policy, technology, 
and managerial controls, and what the Federal role will be to assure 
that those needs are fulfilled. The NII Security Plan will also 
incorporate the security principles developed by the Organization for 
Economic Cooperation and Development.
Sally Katzen,
Administrator, Office of Information and Regulatory Affairs.

Security Tenets for the National Information Infrastructure

    Security is a critical component of the National Information 
Infrastructure (NII). NII participants must have confidence that the 
NII is a trustworthy, reliable system, or they will not use it.
    NII security includes the integrity, confidentiality, and 
availability of the NII and of the information in the NII. In general, 
people who use the NII want to know that their information goes where 
and when they want it to, and nowhere else. From this general 
proposition flow five security tenets that the NII should provide the 
people who use it.
    (1) The ability to control who sees (or cannot see) their 
information and under what terms;
    (2) The ability to know who they are communicating with and that 
information received comes from who it says it is from;
    (3) The ability to know that information stored or transmitted is 
unaltered;
    (4) The ability to know when information and communication services 
will (or will not be) available; and
    (5) The ability to block unwanted information or intrusions.
    Two conditions attach to these security tenets:
    (1) None of these tenets is absolute. For each tenet there may be 
valid societal reasons--such as an emergency or a need to protect 
another's rights--that cause the tenet to be conditional in some 
manner.
    (2) Each tenet requires NII participants to take responsibility for 
establishing the terms and conditions under which they will exchange 
information. The distributed and empowered nature of this technology 
demands a greater level of responsibility. Education of NII 
participants is thus a critical task.

[FR Doc. 95-3408 Filed 2-9-95; 8:45 am]
BILLING CODE 3110-01-M