Intell community gets new IT policies

The Director of National Intelligence has issued a new information security directive that officials say will improve collaboration in the intelligence community and influence how information technology is used across the government.

Intelligence Community Directive 503 sets IT policy for the intelligence community’s 16 member agencies and elements. It deals with IT system issues such as security, reciprocity, dispute resolution and risk management. The directive also lays out new certification and accreditation principles for compliance by forthcoming information systems or IT items.

The directive “focuses on a more holistic and strategic process for the risk management of information technology systems, and on processes and procedures designed to develop trust across the intelligence community information technology enterprise through the use of common standards and reciprocally accepted certification and accreditation decisions,” the directive reads.

The directive was signed by Director of National Intelligence Mike McConnell on Sept. 15, but was announced on the Office of the Director of National Intelligence’s Web site on Sept. 30. It implements  strategic goals agreed on by the intelligence community’s chief information officer, the Defense Department’s CIOs, the Office of Management and Budget and National Institute of Standards and Technology in January 2007, according to the directive.

Under the new policy, the intelligence community’s CIO will issue standards for IT risk management. In addition, the directive instructs elements of the intelligence community to ensure that accreditation of their systems permits collaboration and information sharing across the community.

Elements of the intelligence community also will be expected to accept the certification of an IT system that was approved by another element, the directive states. The acceptance of certification also extends to systems of other federal, state or tribal agencies, organizations and contractors as long as it was based on standards compatible with those put forward by the intelligence community.

All intelligence community elements will also be expected to accept accreditations for the sovereign information systems of Australia, Canada, New Zealand and the United Kingdom that communicate national intelligence information provided by the United States government.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.