Flexible, Usable, Affordable Solutions to Protecting Intelligence Information

The Intelligence community has very rigorous requirements for protecting sensitive compartmented information within networks and computers. DCID 6/3 specifies:

  • Requirements for an Information System Security Program
  • Guidance on an approach to risk management for systems
  • Technical and administrative security requirements for a system in a given environment
  • Examples of appropriate documentation

Included in these requirements is an eleven step process required to accredit an Information System (IS) before it can be connected to an Intelligence Department network. The eleven steps are:

  1. Determine Levels-of-Concern
  2. Determine Protection Level
  3. Determine Interconnected System Requirements
  4. Identify Technical Security and Assurance Requirements
  5. Determine Required Documentation and Testing Activities
  6. Write the System Security Plan
  7. Validate Security in Place
  8. Testing against Security Requirements
  9. Prepare Certification Package
  10. Forward Certification Package
  11. Accreditation Decision by the DAA

The INTEGRITY Secure Separation Architecture reduces risk and accelerates Intelligence agencies' ability to meet DCID 6/3 in several ways:

  • INTEGRITY has been certified to EAL6+ High Robustness
  • INTEGRITY enables the creation and enforcement of enterprise-wide and system level policies and protocols that control IS access and functionality
  • INTEGRITY-based solutions can be applied to the entirety of the IT infrastructure from desktop to server to network to PDA and more

In achieving EAL6+ High Robustness, much of the certification evidence required by DCID 6/3 has already been generated. The INTEGRITY operating system was certified through an exhaustive process:

  • The INTEGRITY separation kernel was formally modeled and mathematically proven to be correct in enforcing all required security functionality as specified in the SKPP. This modeling and proof was performed by an unbiased third party.
  • The INTEGRITY separation kernel and associated support software were thoroughly analyzed and proven to acceptably mitigate all covert channels (storage and timing)
  • The INTEGRITY software platform was exhaustively tested by an independent Common Criteria Test Laboratory (CCTL), and a complete set of software life cycle design and test documentation was produced
  • The INTEGRITY software platform was comprehensively penetration tested by the National Security Agency

INTEGRITY Global Security offers the following solution set based on the INTEGRITY secure separation architecture. These solutions will enable Intelligence agencies to meet the requirements of DCID 6/3, quickly deploy solutions, and reduce the cost of those deployments.

To learn more about how INTEGRITY Global Security can secure your agency, please call 805.882.2500 or send email.

© INTEGRITY Global Security    |    Site Map    |    Contact Us