ODNI, DOD agree on security certification processes

2 agencies will implement 7 new policies

DOD, spy agencies expand sharing plans

Related Links

The intelligence community and the Defense Department have agreed to accept each other’s processes for certifying and accrediting (C&A) information technology systems, laying the foundation for more complete and faster information sharing.
 
The reciprocity agreement was one of seven moves made by Dale Meyerrose, the  Office of the National Director for Intelligence’s chief information officer, and DOD CIO John Grimes to more closely align the two departments’ processes. As they begin to implement the new procedures, the effect on other intelligence agencies and civilian agencies will be significant, experts say.

The new C&A policies could improve security while also reducing the burden of testing and preparing documentation, said Glenn Schlarman, a former Office of Management and Budget official who specialized in security and privacy issues.

Meyerrose unveiled four of the seven areas to be covered by ODNI’s C&A review initiative in a speech at the FOSE trade show March 22 in Washington, D.C. Meyerrose’s and Grimes’ offices have been revamping these processes since June 2006, when they deemed the current C&A procedures obsolete.

“Many elements on the surface seem like common sense,” Meyerrose said. “But they are tearing down walls and building up partnerships.”

In addition to C&A reciprocity, working groups will tackle the other six areas. One will establish accepted criteria for systems accreditation between DOD and ODNI. DOD and ODNI have yet to sign off on the other three areas, Meyerrose said.

Meyerrose also said the government will establish a single architecture for C&A and protection levels for handling classified data will be standardized across the government.

The new C&A policies form the rules of the road for the new information superhighway, said James Carafano, a senior fellow at the Heritage Foundation. “This is the trench work that needs to be done,” he said.

Director of National Intelligence Mike McConnell recently named Meyerrose as the information sharing executive for the entire intelligence community. This gives him seniority to Ambassador Thomas McNamara, program manager of the Information Sharing Environment.

“We have to get past the idea of information sharing as ‘If you show me yours, I will show you mine,’ ” Meyerrose said. ODNI also will establish a Library of National Intelligence to help collect and evaluate existing information, regardless of classification.

“Our job is not to improve the IT in the intelligence community… our job is to improve the intelligence community with IT,” Meyerrose said.
Although experts agree that ODNI and DOD needed to take these steps, Congress will have to step up its oversight to ensure success.
Carafano said oversight is one area that has been lacking because no single committee is responsible for monitoring information sharing issues.

Schlarman echoed Carafano’s call for increased oversight.
“I would want to see an independent third party verify actual performance on this,” Schlarman said, because some within DOD and the intelligence community have, from time to time, greatly overstated their state of security and their expertise.”

Wilson P. Dizard III is a senior writer for 1105 Government Information Group, which owns Federal Computer Week.
ODNI, DOD organizing cross domain dataThe Unified Cross Domain Management Office (CDMO) is creating a baseline set of about 14 data gatekeepers, formerly known as high assurance guards, as a core group of cross-domain solutions (CDSs). The solutions will be used by both the intelligence community and the Defense Department.
The CDMO consists of four divisions:
  •  Policy and plans.
  •  Life cycle risk management.
  •  Resources and strategies.
  •  Community outreach.
Awareness of the importance of the CDMO’s work is trickling deeper through the intelligence community and DOD, said Edward Bryant, the office’s chief technical director, who spoke last week at the FOSE trade show in Washington, D.C. “More [program managers] are coming in [offering their CDSs for approval] and saying, ‘We didn’t know you were serious.’ ”
 
                                                                                     — Wilson P. Dizard III

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.