ODNI, DOD agree on security certification processes

2 agencies will implement 7 new policies

DOD, spy agencies expand sharing plans

Related Links

The intelligence community and the Defense Department have agreed to accept each other’s processes for certifying and accrediting (C&A) information technology systems, laying the foundation for more complete and faster information sharing.
The reciprocity agreement was one of seven moves made by Dale Meyerrose, the  Office of the National Director for Intelligence’s chief information officer, and DOD CIO John Grimes to more closely align the two departments’ processes. As they begin to implement the new procedures, the effect on other intelligence agencies and civilian agencies will be significant, experts say.

The new C&A policies could improve security while also reducing the burden of testing and preparing documentation, said Glenn Schlarman, a former Office of Management and Budget official who specialized in security and privacy issues.

Meyerrose unveiled four of the seven areas to be covered by ODNI’s C&A review initiative in a speech at the FOSE trade show March 22 in Washington, D.C. Meyerrose’s and Grimes’ offices have been revamping these processes since June 2006, when they deemed the current C&A procedures obsolete.

“Many elements on the surface seem like common sense,” Meyerrose said. “But they are tearing down walls and building up partnerships.”

In addition to C&A reciprocity, working groups will tackle the other six areas. One will establish accepted criteria for systems accreditation between DOD and ODNI. DOD and ODNI have yet to sign off on the other three areas, Meyerrose said.

Meyerrose also said the government will establish a single architecture for C&A and protection levels for handling classified data will be standardized across the government.

The new C&A policies form the rules of the road for the new information superhighway, said James Carafano, a senior fellow at the Heritage Foundation. “This is the trench work that needs to be done,” he said.

Director of National Intelligence Mike McConnell recently named Meyerrose as the information sharing executive for the entire intelligence community. This gives him seniority to Ambassador Thomas McNamara, program manager of the Information Sharing Environment.

“We have to get past the idea of information sharing as ‘If you show me yours, I will show you mine,’ ” Meyerrose said. ODNI also will establish a Library of National Intelligence to help collect and evaluate existing information, regardless of classification.

“Our job is not to improve the IT in the intelligence community… our job is to improve the intelligence community with IT,” Meyerrose said.
Although experts agree that ODNI and DOD needed to take these steps, Congress will have to step up its oversight to ensure success.
Carafano said oversight is one area that has been lacking because no single committee is responsible for monitoring information sharing issues.

Schlarman echoed Carafano’s call for increased oversight.
“I would want to see an independent third party verify actual performance on this,” Schlarman said, because some within DOD and the intelligence community have, from time to time, greatly overstated their state of security and their expertise.”

Wilson P. Dizard III is a senior writer for 1105 Government Information Group, which owns Federal Computer Week.
ODNI, DOD organizing cross domain dataThe Unified Cross Domain Management Office (CDMO) is creating a baseline set of about 14 data gatekeepers, formerly known as high assurance guards, as a core group of cross-domain solutions (CDSs). The solutions will be used by both the intelligence community and the Defense Department.
The CDMO consists of four divisions:
  •  Policy and plans.
  •  Life cycle risk management.
  •  Resources and strategies.
  •  Community outreach.
Awareness of the importance of the CDMO’s work is trickling deeper through the intelligence community and DOD, said Edward Bryant, the office’s chief technical director, who spoke last week at the FOSE trade show in Washington, D.C. “More [program managers] are coming in [offering their CDSs for approval] and saying, ‘We didn’t know you were serious.’ ”
                                                                                     — Wilson P. Dizard III

The Fed 100

Read the profiles of all this year's winners.


  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group