DCID 6/3 Securing Advanced Technology IS report

This report analyzes the results of the web application scan to detect possible violations of the security requirements for safeguarding interconnected information systems, and for safeguarding information systems that employ advanced technologies. It will help you detect possible violations of the requirements presented in steps 3, 4, 5 and 8 of the accreditation process.

Why it matters

This U.S. federal directive establishes the security policy and procedures for storing, processing, and communicating classified intelligence information in information systems. Because intelligence information is a vital asset to the effective performance of U.S. national security roles, it is essential that this information be properly managed, and that its confidentiality, integrity, and availability be ensured.

This policy applies to all United States government organizations, their commercial contractors, and Allied governments' ISs that process, store, or communicate intelligence information.

Accreditation process

The "Protecting Sensitive Compartmented Information Within Information Systems" Manual issued by the DCI provides 11 steps required for accreditation of an Information System. These steps are:

  1. Determine Level of Concern
  2. Determine Protection Level
  3. Determine Interconnected System Requirements
  4. Identify Technical Security and Assurance Requirements
  5. Determine Required Documentation and Testing Activities
  6. Write the System Security Plan
  7. Validate Security in Place
  8. Testing against Security Requirements
  9. Prepare Certification Package
  10. Forward Certification Package
  11. Accreditation Decision by the DAA