DOD, Intell teams go to work on certification, accreditation

DOD, spy agencies expand sharing plans

The Pentagon and the intelligence community have launched implementation teams to carry out certification and accreditation process reforms, intelligence community CIO Dale Meyerrose said March 22 at FOSE.

Meyerrose, an associate director of national intelligence, said he and Pentagon CIO John Grimes would release a fuller description of the security rule reforms in a declassified version of the procedures.

In the meantime, he named four of the seven areas covered by the new certification and accreditation rules:

• Reciprocal acceptance of certification and accreditation decisions made by different agencies
• Establishment of the same “protection levels” for handling classified data across the Pentagon, intelligence community and civilian agency arenas
• Adoption of like criteria for certification and accreditation across the Pentagon and the intelligence community
• Establishment of a single architecture for certification and accreditation.

Separately, Meyerrose told reporters that the intelligence community and the Pentagon plan to progressively eliminate more than 700 information-sharing systems now used to shift various types of data across classification levels and among compartments.

Referring to the cross-domain solutions (CDSes) that will be left out of the baseline group now being selected by the interagency Unified Cross Domain Solution Office, Meyerrose said, “We will systematically go about unfunding them, using those funds for the support tails of those that remain standing.”

The intelligence community appears to have already chosen 14 CDSes and 11 niche applications for inclusion in a baseline group of the information exchange filters.

Meyerrose noted that not all of the CDSes have program managers. “A lot were bought entities from a company or a corporation.”

Meyerrose also used the speech to unveil a Library of National Intelligence the intelligence agencies are creating to help exploit existing information regardless of classification. “If you are looking for us to build a building and put a librarian at the front door, then you have not got the concept,” he said.

“In fact, the concept is one of a data layer in which you can discover, access, leverage and then exchange [information] across the entire data layer irrespective of classification,” he added.

Meyerrose went on to warmly endorse the approach of furnishing information and functions, such as those provided by cross-domain solutions, as enterprise services.

“We believe virtually anything can become an enterprise service,” he said, “to include identity or data itself.” Providing identity management as an enterprise solution “illustrates the depth and breadth” with which the intelligence community is working to achieve information sharing, Meyerrose said.

Along the same lines, he added that identity management must extend to all the systems and appliances that access intelligence networks, as well as to the individuals who use the nets.

Wilson P. Dizard III is a staff writer for Government Computer News, an 1105 Government Information Group publication.