Intelligence Community Directive Number 503: Intelligence Community Information Technology Systems Security Risk Management, Certification and Accreditation (Effective 15 September 2008)   [open pdf - 5MB]

"This Intelligence Community Directive (ICD) establishes Intelligence Community (IC) policy for information technology systems security risk management, certification and accreditation. This policy implements strategic goals agreed upon in January 2007 by the IC Chief Information Officer (CIO), the Chief Information Officers of the Department of Defense (DoD), the Office of Management and Budget, and the National Institute of Standards and Technology (NIST). This ICD focuses on a more holistic and strategic process for the risk management of information technology systems, and on processes and procedures designed to develop trust across the intelligence community information technology enterprise through the use of common standards and reciprocally accepted certification and accreditation decisions. This ICD rescinds and replaces the Director of Central Intelligence Directive (DCID) 6/3 Policy, Protecting Sensitive Compartmented Information within Information Systems, and the associated DCID 6/3 Manual having the same title. It also rescinds the DCID 6/5 Implementation Manual for the Protection of Certain non-Sensitive Compartmented Information (SCI) Sources and Methods Information (SAMI). Appendix E in the DCID 6/3 Manual, Access by Foreign Nationals to Systems Processing Intelligence, shall remain in effect until subsequent issuances supersede it."

Report Number:
ICD-503: Intelligence Community Directive Number 503
Public Domain
Retrieved From:
Office of the Director of National Intelligence: http://www.dni.gov
Media Type:
Help with citations