Feds Set Classified Info Sharing Standards
Department of Homeland Security structure and standards will apply to government and private sector entities.
President Obama ordered DHS in a 2010 executive order to create information sharing standards. DHS developed the new policies, which were issued via an 88-page directive, in consultation with the intelligence community, the military, and other federal agencies; state, local, and tribal governments; and private sector organizations. The standards come more than a year after the February 2011 deadline set by the 2010 executive order.
More Government Insights
- Building a Hybrid Cloud in Government: It's not that Complicated
- Secure Access: Next Steps In Identity Management
White PapersMore >>
- Research: Federal IT Priorities: Focus On The Foundation
- Research: Federal Government Cloud Computing Survey
"The need to securely share actionable, timely, and relevant classified information among partners in support of homeland security is critical as we work together to address evolving threats," DHS secretary Janet Napolitano said in a statement. "This directive strengthens this effort by instilling uniformity and consistency in the application of security standards when classified information is shared."
The directive names officials who will be responsible for the oversight of classified information sharing, and sets standards for security clearance, physical security, data security, classification management, security training, and contracting. These standards will apply both in government and in the private sector.
[ Teamwork between private companies and government is crucial to successfully fighting cybercrime. See FBI Director Urges Attack Intelligence-Sharing. ]
DHS will become a central point of authority for oversight and program management of classified information sharing efforts, including qualified accreditation, monitoring, and inspection of facilities that have access to classified information, processing, and documenting security clearances, and developing a training program for safeguarding classified information.
The directive's requirements also include some discussion of IT. For example, it raises the profile of a classified DHS network, the Homeland Secure Data Network, which the directive makes the "primary non-defense, Secret-level classified network" in government.
Some of the requirements may entail additional technology investment by DHS and other agencies. For example, DHS must develop a way to document and track security clearance data. While the directive instructs DHS to "leverage existing security clearance database system[s]" like the Office of Personnel Management's Central Verification System, it notes that system or software modification might be required to meet the directive's standards.
As federal agencies embrace devices and apps to meet employee demand, the White House seeks one comprehensive mobile strategy. Also in the new Going Mobile issue of InformationWeek Government: Find out how the National Security Agency is developing technologies to make commercial devices suitable for intelligence work. (Free registration required.)