Intel data protection levels to be standardized
The federal government is poised to adopt a common array of data protection levels and criteria by which the secrecy rankings are to be determined, according to Dale Meyerrose, CIO of the Office of the Director of National Intelligence.
The newly standardized security rankings will replace a patchwork of varying methods the Pentagon, the intelligence community and other agencies have adopted for assuring the technical protection of secret data, Meyerrose said today during remarks at an Association for Federal Information Resource Management event.
The AFFIRM audience of federal IT managers and vendor executives clapped when Meyerrose announced that protection levels and criteria would be made uniform across the government.
The new set of protection levels and criteria flow from the intelligence community’s project
to reform certification and accreditation methods. That reform process, which has included an unprecedented level of public involvement, soon will generate a total of seven major changes to federal IT security rules, Meyerrose said.
“The particulars of those seven major changes we are still working out, but there are seven major departures from existing security doctrine,” Meyerrose said.
“I’ll give you one of them because we have pretty much already worked it out, although I won’t tip my hand on the solution,” he added.
“As most of you know, if you deal with the intelligence business, there are five protection levels (we call them PLs); if you deal with the DOD business, there are six; if you deal with NIST processes, there are four; [and other agencies have other numbers]. We are all going to use the same criteria and the same number.” At that point, the audience applauded.
“That is one of the seven. There is some controversy about some of the other [six changes]. I am glad of that, because it represents a change that bothers some folks—which means that we are getting some real change on that.”
Connect with the GCN staff on Twitter @GCNtech.