Subscribe to ODNI news via emailSubscribe via RSStumblr offtwitter off 2Like ODNI on FacebookView ODNI photos on FlickrVisit ODNI’s YouTube Channelscribd off

Organization

IC Only Access Control

Chief Information Officer

IC CIO Enterprise Integration & Architecture

Intelligence Community Only Access Control

Overview


This XML Data Encoding Specification for Intelligence Community Only (ICO.ACES) defines detailed implementation guidance for providing access to ICO data. This specification profile is applicable to the Intelligence Community (IC) and information produced by, stored, or shared within the IC.

This is the first release of the specification and therefore provides no backward capability.
Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.

The IC Chief Information Officer maintains this specification via the Data Coordination Activity (DCA) and Entity Specification Tiger Team (ESTT).


Data Encoding Specification Downloads

Latest Approved Version



Mission Requirements


This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community. Many of these requirements are articulated in IC policy:

  • Intelligence Community Information Technology Enterprise (IC ITE) Increment 1 Implementation Plan
  • Intelligence Community Directive (ICD) 501, Discovery and Dissemination or Retrieval of Information within the IC
  • Intelligence Community Standard (ICS) 500-21, Tagging of Intelligence and Intelligence-Related Information
  • Intelligence Community Directive (ICD) 208, Write for Maximum Utility
  • Intelligence Community Directive (ICD) 209, Tearline Production and Dissemination
  • Intelligence Community Policy Memorandum (ICPM) 2007-200-2, Preparing Intelligence to Meet the Intelligence Community’s Responsibility to Provide

This specification includes design features that address:

  • Addresses the standardization of EA
  • Codifies mappings and combinational logic between data attributes and user/entity attributes to facilitate consistent enterprise-wide Boolean access decisions.
  • Defines both abstract and concrete guidance for making access control decisions. Addresses components of Control decision(s).
  • Addresses components of Control decision(s).

DOMEX

Chief Information Officer

IC CIO Enterprise Integration & Architecture

Document and Media Exploitation

Overview


This XML Data Encoding Specification for Intelligence Document and Media Exploitation (DOMEX.XML) defines detailed implementation guidance for using Extensible Markup Language (XML) to encode DOMEX data. This Data Encoding Specification (DES) defines the syntax, protocol and conventions for representing DOMEX data assertion and concepts using XML within the use of a Trusted Data Format (TDF) Object or Collection. This specification applies to the DOMEX Community which is comprised of Intelligence Community (IC), Department of Defense (DoD), Department of Homeland Security (DHS), and Department of Justice (DoJ) components conducting or providing support to the conduct of DOEX operations, activities, and functions. This specification defines the metadata standards for the uniform exchange of DOMEX.

This is the first release of the specification and therefore provides no backward capability.

Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.

This specification is maintained by the IC Chief Information Officer via the Data Coordination Activity (DCA) and Common Metadata Standards Tiger Team (CMSTT)

Technical Specification Downloads


Latest Approved Version


Mission Requirements


This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community. Many of these requirements are articulated in IC Directives.

This specification includes design features that address:

  • Detailed implementation guidance on using XML to encode DOMEX data.
  • Relationship between IC, NMEC
  • Relationship between XML Data Encoding Specification for TDF and DOMEX
  • Normative vs Informative Conformance issues
  • Version Policies
  • XML Namespace Policy
  • Version Numbering
  • Defines relationship between XML structures to abstract terms defined in the ADD
  • Additional guidance for encoding data in specific situations
  • Addresses relationship between TDO (payload and assertions), TDC, TDF and DOMEX
  • TDO Format Overview: relationship between TDF and Metadata Assertions
  • TDC Format Overview: relationship between DTC and TDO
  • DOMES schema namespace and respective elements
  • Various Date specifications: entryDate; dateAccessed....lastModifiedDate, etc.
  • Specification of Locations/Coordinates

Information Security Marking Access

Chief Information Officer

IC CIO Enterprise Integration & Architecture

Information Security Marking Access

Overview

This Access Control Encoding Specification for Information Security Markings (ISM.ACES) defines detailed implementation guidance for providing access to documents based on ISM data. This Access Control Encoding Specification (ACES) defines the use of combinational logic between data and user/entity attributes. This logic is intended to be used in the decisional process of access control decisions based on XML elements and attributes that represent ISM data concepts and the associated user attributes.

The Access Control Encoding ISM specification (ISM.ACES.V1) furthers IC Enterprise goals by codifying mappings and combinational logic between data attributes and user/entity attributes to facilitate consistent enterprise-wide Boolean access decisions. Historically, access control decisions have been made in local environments based on local interpretations of agreements and policies resulting in decisions that are not uniform across the entire enterprise. ACES OC hope to reduce the need for such local interpretations and further the goal of improving data exchanges and processing of information by documenting and encoding the enterprise interpretation. ACES OC provide both abstract and concrete guidance for making access control decisions. The generic abstract guidance is intended to be used in various contexts for making informed access decision logic, but it is the goal of ACES ISM is to also provide concrete guidance in appendixes or separate annexes for certain contexts.

The presence of ISM data attributes within a data asset specifies that the data asset is controlled by the rules in this ACES and any contextually relevant annexes of this document. This ACES has no need to express information beyond what is already expressed in the ISM attributes. As such, no specific NTK Profile is necessary. This specification describes the mapping of dissemination related data attributes to a user's/person's attributes or a NPE's accreditation that are determined to be sufficient for access and can be used to make informed available and accurate dissemination decisions.

This is the first release of the specification and therefore provides no backward capability.

The IC Chief Information Officer maintains this specification via the Data Coordination Activity (DCA) and Entity Specification Tiger Team (ESTT).

Technical Specification Downloads

Latest Approved Version



Mission Requirements


This specification depends upon the following specifications:  XML Data Encoding Specification for Need-To-Know (NTK.XML.V8+) version 8 or higher

This specification defines & baselines Access Control Encoding for OC (Originator Controlled) and establishes allowable use of encoding logic values between data and user/entity attributes for the IC Enterprise.

This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community. Many of these requirements are articulated in IC Directives 208, 209, 500-20, 500-21, 501, 710,and ICPM) - 2007-200-2 among others.

This specification is designed to support the Intelligence Community Information Technology Enterprise (IC ITE) Increment 1 Implementation Plan.

This specification supports common understanding and use of access control encoding for originator controlled mappings to enable overall information sharing strategies and policies of the IC as established in relevant law, policy, and directives.

Information Security Marking Country

Chief Information Officer

IC CIO Enterprise Integration & Architecture

Information Security Marking Country

Overview


This XML CVE Encoding Specification for ISM Country Codes and Tetragraphs (ISMCAT.XML) defines detailed implementation guidance for using Extensible Markup Language (XML) to encode IC Enterprise ISM Country Codes and Tetragraphs data. This Controlled Vocabulary Enumerations (CVEs) Specification defines the use of XML elements and attributes for ISMCAT data, associated structures and relationships, mandatory and cardinality requirements, and permissible values for representing ISMCATdata concepts using XML.  Versions 1 and higher of this Controlled Vocabulary Enumerations (CVE) can be utilized as metadata when dissemination of information is limited solely to members of the Intelligence Community.

IC Enterprise encoding specifications use Controlled Vocabulary Enumerations (CVEs) to define allowable values for various elements and attributes used and over time, several encoding specifications became dependent on the same list of values, and dual (or more) maintenance was required to keep the lists aligned. Any changes to a specification's CVEs caused an entire new version of that specification to be created. In order to remove the need for dual maintenance and to remove the need to revision a specification when a CVE was updated, a new type of encoding specification, the CVE Encoding Specification, was created to decouple the vocabulary from the specifications.

This specification contains tagging structures for information resource metadata, mixed textual and media content found in the body of publications, source reference citations, classification and control markings, and knowledge assertions.

This is the first release of the specification and therefore provides no backward capability.
Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.

The IC Chief Information Officer maintains this specification via the Data Coordination Activity (DCA) and Entity Specification Tiger Team (ESTT).


Technical Specification Downloads

Latest Approved Version



Mission Requirements


This encoding specification defines how to implement the abstract data elements in the IC.ADD in a particular physical encoding (e.g., data or file format).

This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community. Many of these requirements are articulated in IC Directives 208, 209, 500-20, 500-21, 501, 710, and ICPM) - 2007-200-2 among others.

This specification is designed to support the Intelligence Community Information Technology Enterprise (IC ITE) Increment 1 Implementation Plan.

This specification supports common understanding and use of access control encoding for originator controlled mappings to enable  overall information sharing strategies and policies of the IC as established in relevant law, policy, and directives.

IC Implementations shall conform to this specification and MUST adhere to all normative aspects of the specification.

Need-To-Know Metadata

Chief Information Officer

IC CIO Enterprise Integration & Architecture

Need-To-Know Metadata

XML Data Encoding Specification for Need-To-Know Metadata


This Data Encoding Specification (DES) defines the XML elements and attributes; associated structures and relationships; mandatory and cardinality requirements; and permissible values for representing NTK metadata associated with an information resource or part of an information resource using XML. NTK.XML can be incorporated into other Data Encoding Specifications.

NTK metadata facilitates automated systems making a “need-to-know” (NTK) access determination about an information resource. These metadata are used to represent the system-specific properties assigned to an information resource that will be used, in conjunction with information about the user, and possibly other information, to determine the user’s access to the data. A single information resource may include multiple occurrences of these metadata in order to specify NTK information according to multiple, different access systems.

Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.

This specification is maintained by the IC Chief Information Officer via the Data Coordination Activity (DCA) and Common Metadata Standards Tiger Team (CMSTT).


Data Encoding Specification Downloads:

Current Version:


Mission Requirements

Information sharing within the national intelligence enterprise frequently relies on being able to determine an individual’s NTK as one component in determining whether to allow access to data. The enterprise will increasingly rely on NTK metadata to allow users and systems to find and access a wide-range of data throughout the enterprise. A successful information sharing enterprise depends on the ability of data creators and or providers to specify means by which NTK can be established in a manner to facilitate discovery and access via automated means.

This DES provides a common specification for the means by which a data producer can encode, in their data, the information that an access system needs in order to determine how to grant access. This DES enables a comprehensive capability to appropriately protect data across the enterprise while also allowing access by individuals having appropriate NTK. The nature of the information to be encoded will vary system by system and could include lists of individuals or groups permitted access, descriptions of subject matter in terms defined by the access system, or other traits to be used in evaluating the access an individual has to the data.

This DES provides that common specification. Currently the particulars of any access system’s data needs are not defined. Details for specifying access information and documenting access parameters for particular access systems are to be added in the near future. The systems for which access information will be recorded and constrained will be expanded as their applicability’s are identified to the enterprise.

You are leaving DNI.gov

You have selected to open
http://www.anotherwebsite.com

If you would like to not see this alert again, please click the
"Do not show me this again" check box below