DCID 6/3 Availability Medium report

This report analyzes the results of the web application scan to detect possible violations of the availability requirements for systems operating in the medium protection level outlined in Chapter 6 of the "Protecting Sensitive Compartmented Information within Information Systems" Manual. It will help you detect possible violations of the requirements presented in steps 3, 4, 5 and 8 of the accreditation process. The "medium" level means that information must be readily available with minimum tolerance for delay, or that loss of availability might result in bodily injury or adversely affect organization-level interests.

Why it matters

This U.S. federal directive establishes the security policy and procedures for storing, processing, and communicating classified intelligence information in information systems. Because intelligence information is a vital asset to the effective performance of U.S. national security roles, it is essential that this information be properly managed, and that its confidentiality, integrity, and availability be ensured.

This policy applies to all United States government organizations, their commercial contractors, and Allied governments' ISs that process, store, or communicate intelligence information.

Accreditation process

The "Protecting Sensitive Compartmented Information Within Information Systems" Manual issued by the DCI provides 11 steps required for accreditation of an Information System. These steps are:

  1. Determine Level of Concern
  2. Determine Protection Level
  3. Determine Interconnected System Requirements
  4. Identify Technical Security and Assurance Requirements
  5. Determine Required Documentation and Testing Activities
  6. Write the System Security Plan
  7. Validate Security in Place
  8. Testing against Security Requirements
  9. Prepare Certification Package
  10. Forward Certification Package
  11. Accreditation Decision by the DAA