US Department of Energy ORDER Washington DC DDE 5636 2 SUBJECT SECURITY REQUIREMENTS FOR CLASSIFIED AUTOMATIC DATA PROCESSING SYSTEMS l PURPOSE This order establishes uniform requirements policies and reSponsibilities for the develonment and implementation of a Department of Energy DOE program to ensure the security of information stored in classified automated data processing ADP systems The order implements Office of Management and Budget OMB Circular A-7l as supplemented by Transmittal Memorandum No l of 7-27-78 for classified ADP systems It is to be used in conjunction with DOE l360 2 Computer Security Pr0gram for Unclassified Computer Systems to provide a DOE-wide program for computer security 2 CANCELLATION This order replaces former Energy Research and DevelOpment Administration Manual Chapter 2703 SECURITY OF AUTOMATIC DATA PROCESSING SYSTEMS 3 SCOPE The provisions of this order apply to all elements of the DOE contractors and subcontractors which process store or produce classified data on-an ADP system 4 REFERENCES a OMB Circular A 7l as supplemented by Transmittal Memorandum No 1 Security of Federal Automated Information Systems of 7-27-78 promulgates policy and responsibilities for the development and implementation of computer security programs by executive branch departments and agencies b Executive Order 12065 National Security Information of 6-28-78 authorizes classification of information pertaining to the national security c Atomic Energy Act of l954 as amended hereinafter referred to as the Atomic Energy Act provides the policy to control the dissemination and declassification of Restricted Data RD in such a manner to assure the common defense and security DISTRIBUTION INITIATED All Departmental Elements Federal Energy Regulatory Commission info Office of Safeguards and Security 2 DOE 5636 2 d DOE Order 1360 2 Computer Security Program for Unclassified Computer Systems of 3 9-79 establishes policies and procedures for the DOE unclassified computer security program e National Bureau of Standards NBS Federal Information Processing Standards Publications FIPS PUB 39 Glossary for Computer Systems Security of 2-15-76 defines the technical terms used in this order f FPM Letter 732-7 Personnel Security Program for Positions Associated With Federal Computer Systems of ll-l4-78 provides that positions associated with federal computer systems be annotated with a position sensitivity 5 POLICY It is the policy of DOE that the information in all classified ADP systems be prote se physical security pe security procedural commu ions security and hardware and software security sures consistent with all Federal policies procedures and standards Classified Foreign Intelligence stored in DOE ADP systems will be protected in accordance with Director of Central Intelligence Directive No 1 16 Security of Foreign Intelligence in Automated Data Processing Systems and Networks DEFINITIONS rotect classified data The DOE computer security program This order incorporates the definitions of FIPS PUB creditation The authorization and approval ADP on the basis of a certification by designated technical personnel of the extent to which design and implementation of the system meets previously specified technical requirements for adequate security ADP System Security All of the technological safeguards and managerial procedures established and applied to computer hard- ware software and data in order to ensure the protection of classified information Certification The technical evaluation made as part of the accreditation process that establishes the extent to which a particular computer system or network design and implementation meet a specified set of security requirements U S Department of Energy ORDER Washington D C DOE 5636 2 SUBJECT SECURITY REQUIREMENTS FOR CLASSIFIED AUTOMATIC DATA PROCESSING SYSTEMS 1 PURPOSE This order establishes uniform requirements policies and responsibilities for the develonment and implementation of a Department of Enerqy DOE proqram to ensure the security of information stored in classified automated data processinq ADP systems The order implements Office of Manaqement and Budqet OMB Circular A-7l as supplemented by Transmittal Memorandum No l of 7-27-78 for classified ADP systems It is to be used in conjunction with DOE l360 2 Computer Security Proqram for Unclassified Computer Systems to provide a DOE wide proqram for computer security 2 CANCELLATION This order replaces former Energy Research and DevelOpment Administration Manual Chapter 2703 SECURITY OF AUTOMATIC DATA PROCESSING SYSTEMS 3 SCOPE The provisions of this order apply to all elements of the DOE contractors and subcontractors which process store or produce classified data on an ADP system 4 REFERENCES a OMB Circular A-7l as supplemented by Transmittal Memorandum No 1 Security of Federal Automated Information Systems of 7 27-78 promulqates policy and responsibilities for the develODment and implementation of computer security proqrams by executive branch departments and aqencies b Executive Drder 12065 National Security Information of 6 28-78 authorizes classification of information pertaininq to the national security c Atomic Enerqy Act of l954 as amended hereinafter referred to as the Atomic Enerqv Act provides the policy to control the dissemination and declassification of Restricted Data RD in such a manner to assure the common defense and security DISTRIBUTION INITIATED BY All Departmental Elements Federal Energy Requlatory Commission info Office of Safequards and Security