CIO Council releases info-sharing guide

"Federal Enterprise Architecture Security and Privacy Profile"

Related Links

Federal managers received new policy guidelines this week to help them minimize risks when sharing sensitive information online.

The guidelines, issued by the federal Chief Information Officers Council, are supposed to help federal decision-makers balance the often-conflicting demands to guarantee information security and privacy and against demands to carry out their agencies' missions.

Members of the council developed the business-oriented guidelines with help from officials at the National Institute of Standards and Technology, the Office of Management and Budget and from several industry groups. Information sharing among agencies increasingly puts government officials at risk of data security and privacy violations, according to the groups' security experts.

For federal managers who are developing new information systems, the guidelines urge thinking about data privacy and data security as early as possible and at the highest levels possible. In an era of extensive information sharing, "information assurance specialists by themselves can no longer be charged to protect enterprise resources," the guidelines state.

If agency managers follow the guidelines, they will find security and privacy controls affecting all aspects of information systems development and operations, including how they measure their systems performance, engineer workflow, design directory information, achieve interoperability and exchange data.

"It's a good tool to help people think about security and privacy," said Venkatapathi Puvvada, chief technology officer at Unisys' Global Public Sector division and chairman of the Industry Advisory Council's Enterprise Architecture Shared Interest Group (SIG), which helped create the new guidelines.

Puvvada said the guidelines provide a business context for systems-level security standards that NIST officials have developed.

In graphic terms, the Federal Enterprise Architecture Security and Privacy Profile described in the guidelines is a layer that touches all five reference models in the Federal Enterprise Architecture, a document that federal officials throughout the government use to coordinate their information technology decisions and promote information sharing.

Among other things, the guidelines offer definitions of electronic privacy and other frequently misunderstood concepts.

Members of several organizations worked on the profile, among them officials from OMB, NIST, the consulting company Booz Allen Hamilton Inc., the Industry Advisory Council Security Committee and Mitre Corp., a nonprofit systems engineering research group.

Featured

  • CLOUD
    pentagon cloud

    Court orders temporary block on JEDI

    JEDI, the Defense Department’s multi-billion-dollar cloud procurement, is officially on hold, according to a federal court announcement Feb. 13.

  • Defense
    mock-up of the shore-based Aegis Combat Information Center

    Pentagon focuses on research, cyber in 2021 budget request

    The Defense Department wants to significantly increase funds for research, cyber, and cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.