ODNI finalizing new C&A policy documents

The Office of the Director of National Intelligence is moving closer to finishing the revision of the intelligence community and Defense Department’s certification and accreditation (C&A) policies.

ODNI will issue Intelligence Community Directive (ICD) 503 to replace Director of Central Intelligence Directive (DCID) 63, which details the C&A process and how intelligence agencies should perform the process. Sherrill Nicely, ODNI’s deputy associate director of National Intelligence for Intelligence Community Information Technology Governance, said Nov. 7 that the document is in the final approval stage and should be issued by Dec. 31.

“The C&A process is not very different from the National Institute of Standards and Technology’s risk management framework,” Nicely said after her keynote speech at the E-Gov Institute’s Security conference in Washington. The E-Gov Institute is owned by Federal Computer Week’s parent company, 1105 Media.

About six DOD and intelligence offices already are testing the new C&A processes, Nicely said. For instance, the Defense Intelligence Agency is using the new procedures for building A-Space, a social networking portal for intelligence analysts.

“DIA had already certified and accredited many of it systems that it is using to build A-Space so why not accept it?” she asked. “In the past we wouldn’t have accepted their C&A, but with the reciprocity we can.”

Nicely said the tests will help “shake things out” and help agencies understand what to expect from the new processes.

“We expect the number of pilots to increase quite a bit after Jan. 1 and then we will do more training,” she said.

While ODNI and DOD officials are awaiting final approval on ICD-503, another group is finalizing the updated security control catalog and impact assessment portion of the C&A process.

Nicely said she expects those to be released after Jan. 1.

In the meantime, she said, intelligence agencies still should follow the old manuals detailed in DCID-63.

“We still are working on the transition plan and will ask the community for a plan of action and milestone to move to the new process,” Nicely said. “We will not require systems to be reaccredited to the new process until they must be reaccredited.”

She also added that the Open Source Center would be a major beneficiary of the new C&A process.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.