Intel chiefs define C&A standards

The Office of the Director of National Intelligence and the Defense Department have defined the seven areas they plan to standardize for certification and accreditation of IT systems.

A group of implementation teams will determine how agencies will use the new policies, said Dale Meyerrose, ODNI's chief information officer and associate director of national intelligence. (GCN recently hosted a roundtable on sharing intelligence. See Page 34.)

Meyerrose announced four of the areas at the FOSE trade show; ODNI and DOD made the other three public last week.

DOD and ODNI will:

  • Define a common set of trust levels so both departments share information and connect systems more easily.
  • Adopt reciprocity agreements to reduce systems development and approval time.
  • Define common security controls using the National Institute of Standards and Technology's Special Publication 800-53 as a starting point.
  • Agree to common definitions and an understanding of security terms, using the Committee on National Security Systems 4009 glossary as a baseline.
  • Allow senior risk executives to base an enterprise view of all factors, including mission, IT, budget and security.
  • Operate IT security within the enterprise operational environments, enabling situational awareness, and command and control.
  • Institute a common process to incorporate security engineering within lifecycle processes.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.