ODNI finalizing new C&A policy documents

The Office of the Director of National Intelligence is moving closer to finishing the revision of the intelligence community and Defense Department’s certification and accreditation (C&A) policies.

ODNI will issue Intelligence Community Directive (ICD) 503 to replace Director of Central Intelligence Directive (DCID) 63, which details the C&A process and how intelligence agencies should perform the process. Sherrill Nicely, ODNI’s deputy associate director of National Intelligence for Intelligence Community Information Technology Governance, said Nov. 7 that the document is in the final approval stage and should be issued by Dec. 31.

“The C&A process is not very different from the National Institute of Standards and Technology’s risk management framework,” Nicely said after her keynote speech at the E-Gov Institute’s Security conference in Washington. The E-Gov Institute is owned by Federal Computer Week’s parent company, 1105 Media.

About six DOD and intelligence offices already are testing the new C&A processes, Nicely said. For instance, the Defense Intelligence Agency is using the new procedures for building A-Space, a social networking portal for intelligence analysts.

“DIA had already certified and accredited many of it systems that it is using to build A-Space so why not accept it?” she asked. “In the past we wouldn’t have accepted their C&A, but with the reciprocity we can.”

Nicely said the tests will help “shake things out” and help agencies understand what to expect from the new processes.

“We expect the number of pilots to increase quite a bit after Jan. 1 and then we will do more training,” she said.

While ODNI and DOD officials are awaiting final approval on ICD-503, another group is finalizing the updated security control catalog and impact assessment portion of the C&A process.

Nicely said she expects those to be released after Jan. 1.

In the meantime, she said, intelligence agencies still should follow the old manuals detailed in DCID-63.

“We still are working on the transition plan and will ask the community for a plan of action and milestone to move to the new process,” Nicely said. “We will not require systems to be reaccredited to the new process until they must be reaccredited.”

She also added that the Open Source Center would be a major beneficiary of the new C&A process.

Featured

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

  • Management
    workflow (Urupong Phunkoed/Shutterstock.com)

    House Dems oppose White House reorg plan

    The White House's proposal to reorganize and shutter the Office of Personnel Management hit a major snag, with House Oversight Democrats opposing any funding of the plan.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.