Certification and accreditation reforms gain traction

As orphan data exchange systems face funding axe

The Pentagon and the intelligence community have launched implementation teams to carry out certification and accreditation process reforms, intelligence community CIO Dale Meyerrose said at FOSE today.

Meyerrose, an associate director of national intelligence, said he and Pentagon CIO John Grimes would release a fuller description of the security rule reforms in a declassified version of the procedures.

In the meantime, he named four of the seven areas covered by the new certification and accreditation rules:
  • Reciprocal acceptance of certification and accreditation decisions made by different agencies.
  • Establishment of the same 'protection levels' for handling classified data across the Pentagon, intelligence community and civilian agency arenas.
  • Adoption of like criteria for certification and accreditation across the Pentagon and the intelligence community.
  • Establishment of a single architecture for certification and accreditation.

The security technology process reforms flowed from a largely public review process the Pentagon and the intelligence community launched last June.

Separately, Meyerrose told reporters that the intelligence community and the Pentagon plan to progressively eliminate more than 700 information sharing systems now used to shift various types of data across classification levels and among compartments.

Referring to the cross domain solutions (CDSs) that will be left out of the baseline group now being selected by the interagency Unified Cross Domain Solution Office, Meyerrose said, 'We will systematically go about unfunding them, using those funds for the support tails of those that remain standing.'

The intelligence community appears to have already chosen 14 CDSs and 11 niche applications for inclusion in a baseline group of the information exchange filters.

Meyerrose noted that not all of the CDSs have program managers. 'A lot were bought entities from a company or a corporation.'

Meyerrose also used the speech to unveil a Library of National Intelligence the intel agencies are creating to help intelligence professionals exploit existing information regardless of classification. 'If you are looking for us to build a building and put a librarian at the front door, then you have not got the concept,' the intel CIO said.

'In fact, the concept is one of a data layer in which you can discover, access, leverage and then exchange [information] across the entire data layer irrespective of classification,' he added.

Meyerrose went on to warmly endorse the approach of furnishing information and functions, such as those provided by cross domain solutions, as enterprise services.

'We believe virtually anything can become an enterprise service,' he said, 'to include identity or data itself.' Providing identity management as an enterprise solution 'illustrates the depth and breadth' with which the intelligence community is working to achieve information sharing, Meyerrose said.

Along the same lines, the intel CIO added that identity management must extend to all the systems and appliances that access intelligence networks, as well as to the individuals who use the nets.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group