DCID 6/3 Confidentiality Reqs Protection Level 4 report

This report analyzes the results of the web application scan to detect possible violations of the confidentiality requirements for systems operating in protection level 4 as outlined in Chapter 4 of the "Protecting Sensitive Compartmented Information Within Information Systems" Manual. It will help you detect possible violations of the requirements presented in steps 3, 4, 5 and 8 of the accreditation process.

Why it matters

This directive establishes the security policy and procedures for storing, processing and communicating classified intelligence information in information systems (ISs). An information system is any software, firmware or hardware that is used in the acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of voice and data (digital or analog).

This policy applies to all United States government organizations, their commercial contractors, and Allied governments' ISs that process, store, or communicate intelligence information.

Accreditation process

The "Protecting Sensitive Compartmented Information Within Information Systems" Manual issued by the DCI provides 11 steps required for accreditation of an Information System. These steps are:

  1. Determine Level of Concern
  2. Determine Protection Level
  3. Determine Interconnected System Requirements
  4. Identify Technical Security and Assurance Requirements
  5. Determine Required Documentation and Testing Activities
  6. Write the System Security Plan
  7. Validate Security in Place
  8. Testing against Security Requirements
  9. Prepare Certification Package
  10. Forward Certification Package
  11. Accreditation Decision by the DAA