CIOs release updated guide to information sharing

The CIO Council has released a third version of its Federal Enterprise Architecture Security and Privacy Profile (FEA SPP), which helps agencies safeguard information they share with others.

The 63-page document describes best practices for program executives to use in complying with security and privacy requirements. It also suggests ways to integrate those requirements into major information technology purchases.

“As agencies implement the FEA SPP, they will find opportunities to share resources and capabilities across domains, programs and agencies,” according to the new document.

It addresses 34 areas of information security and data privacy using a three-step approach. The first step is identifying a program's importance and requirements, the second is analyzing the program to gauge costs and savings, and the third is requesting funding.

The CIO Council released two previous versions of the security and privacy profile in July 2005 and August 2004. The third version, unlike the previous two, has been tested and modified. Validation tests included four-month trials conducted at the Justice Department and Department of Housing and Urban Development.