[Federal Register Volume 60, Number 28 (Friday, February 10, 1995)] [Notices] [Page 8100] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 95-3408] ======================================================================= ----------------------------------------------------------------------- OFFICE OF MANAGEMENT AND BUDGET Draft Security Tenets for the National Information Infrastructure AGENCY: Office of Management and Budget. ACTION: Notice and request for comments. ----------------------------------------------------------------------- SUMMARY: OMB is publishing these draft Security Tenants for the National Information Infrastructure (NII) on behalf of the Security Issues Forum of the Information Infrastructure Task Force. The Tenets were developed by the Forum to help support the secure use of the NII. The Forum is chaired by OMB. OMB has not adopted these Security Tenets as policy, but is publishing them in the belief that they are worthy of public discussion. DATES: Comments should be submitted no later than April 11, 1995. ADDRESSES: Comments should be sent to the Security Issues Forum c/o the Office of Information and Regulatory Affairs, Office of Management and Budget, Room 10236, Washington, DC 20503. The Tenets can be downloaded from the IIFT gopher/bulletin board system: 202-501-1920. The IITF gopher/bulletin board can be accessed through the Internet by pointing your gopher client to IITF.DOC.GOV or by telnet to IITF.DOC.GOV and logging in as GOPHER. Electronic comments may be sent to [email protected]. (Note: e-mail address is A1, not AL. FOR FURTHER INFORMATION CONTACT: Ms. Virginia Huth, NII Security Issues Forum, Office of Management and Budget, Washington, DC 20503. Voice telephone: 202-395-3785. Facsimile: 202-395-5167. E-mail: [email protected]. (Note: e-mail address is A1, not AL.) SUPPLEMENTARY INFORMATION: Government has an important public mission to support the secure use of the NII. In order for the support to be effective, the Government must cooperate with the private sector and with the public-at-large in setting legal and policy ground rules for security in the NII. The Security Issues Forum provides leadership for Federal NII security activities. The Security Tenets are an early step in the development of an ``NII Security Plan'' to define the security requirements for the NII and to determine needed policy, technology, and managerial controls, and what the Federal role will be to assure that those needs are fulfilled. The NII Security Plan will also incorporate the security principles developed by the Organization for Economic Cooperation and Development. Sally Katzen, Administrator, Office of Information and Regulatory Affairs. Security Tenets for the National Information Infrastructure Security is a critical component of the National Information Infrastructure (NII). NII participants must have confidence that the NII is a trustworthy, reliable system, or they will not use it. NII security includes the integrity, confidentiality, and availability of the NII and of the information in the NII. In general, people who use the NII want to know that their information goes where and when they want it to, and nowhere else. From this general proposition flow five security tenets that the NII should provide the people who use it. (1) The ability to control who sees (or cannot see) their information and under what terms; (2) The ability to know who they are communicating with and that information received comes from who it says it is from; (3) The ability to know that information stored or transmitted is unaltered; (4) The ability to know when information and communication services will (or will not be) available; and (5) The ability to block unwanted information or intrusions. Two conditions attach to these security tenets: (1) None of these tenets is absolute. For each tenet there may be valid societal reasons--such as an emergency or a need to protect another's rights--that cause the tenet to be conditional in some manner. (2) Each tenet requires NII participants to take responsibility for establishing the terms and conditions under which they will exchange information. The distributed and empowered nature of this technology demands a greater level of responsibility. Education of NII participants is thus a critical task. [FR Doc. 95-3408 Filed 2-9-95; 8:45 am] BILLING CODE 3110-01-M