**************************************************************************
Security Bulletin 9225                  DISA Defense Communications System
October 7, 1992             Published by: DDN Security Coordination Center
                                      (SCC@NIC.DDN.MIL)   1-(800) 365-3642

                        DEFENSE  DATA  NETWORK
                          SECURITY  BULLETIN

  The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security
  Coordination Center) under DISA contract as a means of communicating
  information on network and host security exposures, fixes, and concerns
  to security and management personnel at DDN facilities.  Back issues may
  be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.112.36.5]
  using login="anonymous" and password="guest".  The bulletin pathname is
  scc/ddn-security-yynn (where "yy" is the year the bulletin is issued
  and "nn" is a bulletin number, e.g. scc/ddn-security-9225).

**************************************************************************

           TAC Access Control Policy Circular Announcement

    A circular describing TAC Access and related policies will soon
    be released in conjunction with the release of DDN Management 
    Bulletin #101, which describes MILNET TAC user validation and 
    registration. This circular will define the areas of respon-
    sibility for procuring TAC Access and make public the official 
    policies and procedures regarding the administration, processing,
    validation and distribution of MILNET TAC Access Cards.

    The "TAC Access Control Policy Circular" will apply to all
    Service and Agency host and gateway administrators who are 
    authorized to submit requests for TAC Cards. The circular will
    be provided to other addresses for general information and 
    guidance.

    The Circular will consist of seven parts each of which will 
    describe the various aspects of TAC Access in detail. Among 
    those topics discussed will be the following:

        * policies for authorization and administration
          of network access via a TAC,

        * procedures for ensuring network security and
          preventing unauthorized TAC Access,

        * proper procedures for using TAC Access Cards,

        * a description of the re-registration process and
          its function relative to TAC Card issuance,

        * updated policies and procedures related to
          quarterly Guest TAC Cards.

	In addition to the information outlined in this Circular,
	please refer to the following DDN Management Bulletins for
	further discussion of procedures and policies relating to
	TAC Usage and TAC Card issuance:

	   * DDN Management Bulletin #37, 16 Dec 87, DDN Node Site
	     Coordinator (NSC) and Host Administrator Duties

	   * DDN Management Bulletin #94, 16 Mar 92, MILNET/NIC
	     Re-registration Schedule and TAC Card Expiration

	   * DDN Management Bulletin #101, 24 Sep 92, MILNET TAC
	     User Validation and Registration

    All gateways,concentrators, or routers that are directly
    attached to the MILNET (i.e., those that have a 26 network 
    address) have designated administrators that are registered 
    with the NIC. These administrators have primary responsibility 
    for requesting/authorizing TAC Access Cards. The gateway admini-
    istrators have the option of delegating this authority to the host 
    administrators of systems that access MILNET via their gateways.
    These host administrators must also be registered with the NIC. 
    Users applying for TAC access cards must contact their local host 
    administrators or the NIC to determine the required signature 
    authority for their site.

    Hosts that are directly connected to MILNET (those that have a 
    network address of 26) also have designated administrators that 
    must be registered with the NIC. These host administrators have the 
    authority to request TAC access cards.  However, some MILNET hosts
    that are currently direct-connected are being disconnected and 
    moved behind gateways/concentrators. The administrators of such hosts
    must be delegated the authority to request TAC access cards by the
    administrator of the gateway that provides their connection to
    MILNET (in accordance with the Draft TAC Access Control Policy 
    Circular).

    This delegation of authority will allow administrators of hosts
    behind gateways/concentrators to register their users to their local
    hosts and to request TAC Access Cards for them. Users of hosts that
    have moved behind gateways must be re-registered so that they will 
    appear in the NIC database as associated with the correct host and
    gateway. Therefore, all administrators of hosts moving behind gateways
    MUST coordinate with the administrator of their gateway/concentrator
    and with the DDN NIC Registrar to arrange the re-registration of 
    their TAC users BEFORE the host on which they are currently registered
    is disconnected.

****************************************************************************
*                                                                          *
*    The point of contact for MILNET security-related incidents is the     *
*    Security Coordination Center (SCC).                                   *
*                                                                          *
*               E-mail address: SCC@NIC.DDN.MIL                            *
*                                                                          *
*               Telephone: 1-(800)-365-3642                                *
*                                                                          *
*    NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST,   *
*    Monday through Friday except on federal holidays.                     *
*                                                                          *
****************************************************************************