Intell community gets new IT policies

The Director of National Intelligence has issued a new information security directive that officials say will improve collaboration in the intelligence community and influence how information technology is used across the government.Intelligence Community Directive 503 sets IT policy for the intelligence community’s 16 member agencies and elements. It deals with IT system issues such as security, reciprocity, dispute resolution and risk management. The directive also lays out new certification and accreditation principles for compliance by forthcoming information systems or IT items.The directive “focuses on a more holistic and strategic process for the risk management of information technology systems, and on processes and procedures designed to develop trust across the intelligence community information technology enterprise through the use of common standards and reciprocally accepted certification and accreditation decisions,” the directive reads.The directive was signed by Director of National Intelligence Mike McConnell on Sept. 15, but was announced on the Office of the Director of National Intelligence’s Web site on Sept. 30. It implements  strategic goals agreed on by the intelligence community’s chief information officer, the Defense Department’s CIOs, the Office of Management and Budget and National Institute of Standards and Technology in January 2007, according to the directive.Under the new policy, the intelligence community’s CIO will issue standards for IT risk management. In addition, the directive instructs elements of the intelligence community to ensure that accreditation of their systems permits collaboration and information sharing across the community. Elements of the intelligence community also will be expected to accept the certification of an IT system that was approved by another element, the directive states. The acceptance of certification also extends to systems of other federal, state or tribal agencies, organizations and contractors as long as it was based on standards compatible with those put forward by the intelligence community. All intelligence community elements will also be expected to accept accreditations for the sovereign information systems of Australia, Canada, New Zealand and the United Kingdom that communicate national intelligence information provided by the United States government.