ISE to focus on common IT security framework for intell

One of the main goals in the next year for the program manager for the Information Sharing Environment (PM-ISE) will be to finalize the common information technology security framework and cross-domain solutions to ensure systems across the 16 intelligence agencies are secured similarly.ISE will work with the Defense, Homeland Security, Justice and State departments in addition to the Office of the National Director for Intelligence to deploy the framework and cross-domain solutions, according to ISE’s report to Congress, released Sept. 13.The report details PM-ISE’s accomplishments in fiscal 2007 in meeting the Intelligence Reform and Terrorism Protection Act of 2004 requirements, and some of its plans for 2008. The law created the PM-ISE.The report “highlights major accomplishments and areas of significant progress achieved since the ISE’s implementation plan’s delivery, while laying the foundation for long-term management of the ISE,” the report states.Along with the security framework, ISE is seeking approval of an information assurance model.The report states that the security framework will use the work done by ODNI and DOD chief information officers to standardize the certification and accreditation (C&A) processes for IT systems at the two organizations. Dale Meyerrose, ODNI CIO, said earlier this month at an intelligence community conference that he and DOD CIO John Grimes are working out the details of the C&A policy.“It should be released by Dec. 31,” he said. “The intelligence community has signed off and now we want to coordinate with DOD.”Meyerrose added that the goal of the policy is for users to balance risk and cost. He said a few main elements include defining the common criteria of what goes into C&A and what reciprocity between DOD and ODNI means.ISE also has signed an agreement with DOD’s Unified Cross Domain Management Office to coordinate the transfer of information across security classification levels by making the technology and tools available to more users.In addition to the security framework, model and processes, ISE issued its enterprise architecture framework to help coordinate the development of information-sharing systems and reuse existing components.The office also developed and proposed Common Terrorism Information Sharing Standards that address business processes for reporting suspicious activity.“This standard…will assist the nationwide integration and information sharing of possible intelligence gathering or pre-operational planning activities related to terrorism, especially across federal, state and local levels through state and major urban area fusion centers,” the report states.Another significant milestone ISE said it met was proposing a new framework for sensitive but unclassified data, called controlled but unclassified (CUI).The framework describes policies and standards for designating, safeguarding and disseminating information on terrorism, homeland security and law enforcement.ISE officials also developed a five-year transition strategy to move to CUI framework. The report states the CUI standards are in the final interagency review process.