ISE to focus on common IT security framework for intell

One of the main goals in the next year for the program manager for the Information Sharing Environment (PM-ISE) will be to finalize the common information technology security framework and cross-domain solutions to ensure systems across the 16 intelligence agencies are secured similarly.

ISE will work with the Defense, Homeland Security, Justice and State departments in addition to the Office of the National Director for Intelligence to deploy the framework and cross-domain solutions, according to ISE’s report to Congress, released Sept. 13.

The report details PM-ISE’s accomplishments in fiscal 2007 in meeting the Intelligence Reform and Terrorism Protection Act of 2004 requirements, and some of its plans for 2008. The law created the PM-ISE.

The report “highlights major accomplishments and areas of significant progress achieved since the ISE’s implementation plan’s delivery, while laying the foundation for long-term management of the ISE,” the report states.

Along with the security framework, ISE is seeking approval of an information assurance model.

The report states that the security framework will use the work done by ODNI and DOD chief information officers to standardize the certification and accreditation (C&A) processes for IT systems at the two organizations. Dale Meyerrose, ODNI CIO, said earlier this month at an intelligence community conference that he and DOD CIO John Grimes are working out the details of the C&A policy.

“It should be released by Dec. 31,” he said. “The intelligence community has signed off and now we want to coordinate with DOD.”

Meyerrose added that the goal of the policy is for users to balance risk and cost. He said a few main elements include defining the common criteria of what goes into C&A and what reciprocity between DOD and ODNI means.

ISE also has signed an agreement with DOD’s Unified Cross Domain Management Office to coordinate the transfer of information across security classification levels by making the technology and tools available to more users.

In addition to the security framework, model and processes, ISE issued its enterprise architecture framework to help coordinate the development of information-sharing systems and reuse existing components.

The office also developed and proposed Common Terrorism Information Sharing Standards that address business processes for reporting suspicious activity.

“This standard…will assist the nationwide integration and information sharing of possible intelligence gathering or pre-operational planning activities related to terrorism, especially across federal, state and local levels through state and major urban area fusion centers,” the report states.

Another significant milestone ISE said it met was proposing a new framework for sensitive but unclassified data, called controlled but unclassified (CUI).

The framework describes policies and standards for designating, safeguarding and disseminating information on terrorism, homeland security and law enforcement.

ISE officials also developed a five-year transition strategy to move to CUI framework. The report states the CUI standards are in the final interagency review process.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.