Intel chiefs define C&A standards

The Office of the Director of National Intelligence and the Defense Department have defined the seven areas they plan to standardize for certification and accreditation of IT systems.

A group of implementation teams will determine how agencies will use the new policies, said Dale Meyerrose, ODNI's chief information officer and associate director of national intelligence. (GCN recently hosted a roundtable on sharing intelligence. See Page 34.)

Meyerrose announced four of the areas at the FOSE trade show; ODNI and DOD made the other three public last week.

DOD and ODNI will:

  • Define a common set of trust levels so both departments share information and connect systems more easily.
  • Adopt reciprocity agreements to reduce systems development and approval time.
  • Define common security controls using the National Institute of Standards and Technology's Special Publication 800-53 as a starting point.
  • Agree to common definitions and an understanding of security terms, using the Committee on National Security Systems 4009 glossary as a baseline.
  • Allow senior risk executives to base an enterprise view of all factors, including mission, IT, budget and security.
  • Operate IT security within the enterprise operational environments, enabling situational awareness, and command and control.
  • Institute a common process to incorporate security engineering within lifecycle processes.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected