ODNI, DOD detail 7 areas of IT security to make standard

The Office of the Director of National Intelligence (ODNI) and the Defense Department today released the seven areas of certification and accreditation for information technology systems that they will standardize.

The next step is a group of small implementation teams that will begin developing the how the agencies will use these new policies, said Dale Meyerrose, ODNI’s chief information officer and associate director of national intelligence. He was speaking at the FOSE trade show last week in Washington. D.C.

Meyerrose announced four of the seven areas during his speech at FOSE, and today ODNI and DOD made public the other three areas.

DOD and ODNI will:

  • Define a common set of trust levels so both departments share information and connect systems more easily.
  • Adopt reciprocity agreements to reduce systems development and approval time.
  • Define common security controls using the National Institute of Standards and Technology’s Special Publication 800-53 as a starting point.
  • Agree to common definitions and an understanding of security terms, starting with the Committee on National Security Systems 4009 glossary as a baseline.
  • Implement a senior risk executive function to base an enterprise view of all factors, including mission, IT, budget and security.
  • Operate IT security within the enterprise operational environments, enabling situational awareness and command and control.
  • Institute a common process to incorporate security engineering within life cycle processes.

“We need to establish a community environment across security domains, equipped with standard enterprise services and universal data access,” Meyerrose said in a statement.

DOD and ODNI started work on these standard areas eight months ago and included the Office of Management and Budget and other agencies. Meyerrose said the intelligence communities’ certification and accreditation policy was more than 10 years old and when the departments developed it, it took three years to write and four years to coordinate.

“Many elements look on the surface as common sense things,” Meyerrose said at FOSE. “But they are tearing down the walls to build up partnerships.”

He added that because of this process more agency partners are coming into the mix. Meyerrose said agencies such as the Homeland Security and Justice departments are participating in the governance process.

“While this does not solve all issues of information sharing, we did raise the bar,” he said. “We need to get past quantity as the only measure of success and progress, and get to quality of information shared.”

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.