ODNI finalizing new C&A policy documents

The Office of the Director of National Intelligence is moving closer to finishing the revision of the intelligence community and Defense Department’s certification and accreditation (C&A) policies.

ODNI will issue Intelligence Community Directive (ICD) 503 to replace Director of Central Intelligence Directive (DCID) 63, which details the C&A process and how intelligence agencies should perform the process. Sherrill Nicely, ODNI’s deputy associate director of National Intelligence for Intelligence Community Information Technology Governance, said Nov. 7 that the document is in the final approval stage and should be issued by Dec. 31.

“The C&A process is not very different from the National Institute of Standards and Technology’s risk management framework,” Nicely said after her keynote speech at the E-Gov Institute’s Security conference in Washington. The E-Gov Institute is owned by Federal Computer Week’s parent company, 1105 Media.

About six DOD and intelligence offices already are testing the new C&A processes, Nicely said. For instance, the Defense Intelligence Agency is using the new procedures for building A-Space, a social networking portal for intelligence analysts.

“DIA had already certified and accredited many of it systems that it is using to build A-Space so why not accept it?” she asked. “In the past we wouldn’t have accepted their C&A, but with the reciprocity we can.”

Nicely said the tests will help “shake things out” and help agencies understand what to expect from the new processes.

“We expect the number of pilots to increase quite a bit after Jan. 1 and then we will do more training,” she said.

While ODNI and DOD officials are awaiting final approval on ICD-503, another group is finalizing the updated security control catalog and impact assessment portion of the C&A process.

Nicely said she expects those to be released after Jan. 1.

In the meantime, she said, intelligence agencies still should follow the old manuals detailed in DCID-63.

“We still are working on the transition plan and will ask the community for a plan of action and milestone to move to the new process,” Nicely said. “We will not require systems to be reaccredited to the new process until they must be reaccredited.”

She also added that the Open Source Center would be a major beneficiary of the new C&A process.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.