The RAND Report R-609-1 was commissioned by the Deputy Director in June 1967 according to www.linuxsecurity.com. The report was to study and recommend solutions that would unsure the protection of classified information while allowing multi-level access along with computer sharing capabilities. The report was broken down into four sections. First, the nature of the problem was identified. This identified security problems from the computer systems to lack of security and potential threats. The second part looked at policy considerations and gave recommendations. This section dealt with systems personnel to information structure and ended with system certification recommendations. The third section detailed technical recommendation while the last section detailed management and administrative controls.
With the increased and wide spread use of computers in the military, a need for procedures we due. These procedure recommendations revolved around technique and security which had not previously existed on such a broad scale. Even with the large scale of operations, there still needed to be some privacy around the system and data that was shared or accessed. Through this study, batch, multiprogramming, and time-shared processing were all recommended for different levels of access and control. Three types of threats to system security were identified. These are accidental access of data, deliberate access of data, and a physical attack on the system. There were recommended safeguards to protect from all three vulnerabilities. This protection had to be identified and secured by the system designer so not gaps were missed. These gaps could be in the software, hardware, communication of information and general lack of organization or the organization itself. There were recommended