Intel chiefs define C&A standards
- By Jason Miller
- Mar 30, 2007
The Office of the Director of National Intelligence and the Defense Department have defined the seven areas they plan to standardize for certification and accreditation of IT systems.
A group of implementation teams will determine how agencies will use the new policies, said Dale Meyerrose, ODNI's chief information officer and associate director of national intelligence. (GCN recently hosted a roundtable on sharing intelligence. See Page 34.)
Meyerrose announced four of the areas at the FOSE trade show; ODNI and DOD made the other three public last week.
DOD and ODNI will:
- Define a common set of trust levels so both departments share information and connect systems more easily.
- Adopt reciprocity agreements to reduce systems development and approval time.
- Define common security controls using the National Institute of Standards and Technology's Special Publication 800-53 as a starting point.
- Agree to common definitions and an understanding of security terms, using the Committee on National Security Systems 4009 glossary as a baseline.
- Allow senior risk executives to base an enterprise view of all factors, including mission, IT, budget and security.
- Operate IT security within the enterprise operational environments, enabling situational awareness, and command and control.
- Institute a common process to incorporate security engineering within lifecycle processes.