National Information Assurance Policy on Enterprise Architectures for National Security Systems [open pdf - 157KB]
"Public Law 107-347, E.-Government Act of 2002, requires the development of enterprise architectures within and across the Federal Government, and the provision of information security protections commensurate with the risk and magnitude of the harm resulting from information systems' corruption. Information Assurance (IA) is the protection of information in information systems (IS). IA provides a level of security to assure the right information gets to the right people at the right time by ensuring the availability, integrity, authentication, confidentiality, and non-repudiation of that information. When communicating National Security Information (NSI) between government organizations, it is the responsibility of both parties to ensure the security of that information. This is accomplished through the inclusion of coordinated IA requirements in those organizations' enterprise architectures. However, in today's environment, information systems that handle NSI are operating in different Federal Departments and Agencies whose security needs and architectural requirements vary. These combined factors present great hurdles in simultaneously achieving the necessary degree of information assurance with the greatest degree of information sharing, as the national security community moves towards a net-centric environment. This policy is the central policy to coordinate and clarify the development and integration of IA components of enterprise architectures across the CNSS community, focusing on the Federal Enterprise Architecture (FEA) as the framework to make this integration possible. It enumerates responsibilities and requirements for Federal Departments and Agencies in their development of collaborative, integrated IA components of enterprise architectures that handle NSI."
CNSS Policy No. 21
Committee on National Security Systems: http://www.cnss.gov/