Intel chiefs define C&A standards

The Office of the Director of National Intelligence and the Defense Department have defined the seven areas they plan to standardize for certification and accreditation of IT systems.

A group of implementation teams will determine how agencies will use the new policies, said Dale Meyerrose, ODNI's chief information officer and associate director of national intelligence. (GCN recently hosted a roundtable on sharing intelligence. See Page 34.)

Meyerrose announced four of the areas at the FOSE trade show; ODNI and DOD made the other three public last week.

DOD and ODNI will:

  • Define a common set of trust levels so both departments share information and connect systems more easily.
  • Adopt reciprocity agreements to reduce systems development and approval time.
  • Define common security controls using the National Institute of Standards and Technology's Special Publication 800-53 as a starting point.
  • Agree to common definitions and an understanding of security terms, using the Committee on National Security Systems 4009 glossary as a baseline.
  • Allow senior risk executives to base an enterprise view of all factors, including mission, IT, budget and security.
  • Operate IT security within the enterprise operational environments, enabling situational awareness, and command and control.
  • Institute a common process to incorporate security engineering within lifecycle processes.

Featured

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected