Published: 04 March 2015

Chief Information Officer

IC Technical Specifications

Web Service Security

Overview

The High Level Guidance for Web Service Security (WSS-HLG) provides guidance to solutions architects and developers on how to consistently approach circumstances for which security solutions are required. This document focuses on security fundamentals essential to designing and building secure solutions that involve web services focusing on approaches for access control, use of assertions, security markings, confidentiality, integrity, and non-repudiation. The WSS-HLG provides solution approaches at a high level, intended to provide an understanding of information security fundamentals essential to such solutions, for the purpose of building both secure and interoperable approaches that are consistent across the IC.

 

The High Level Guidance for Web Service Security (WSS-HLG) provides important guidance for building and integrating with web services solutions in an interoperable, secure, and consistent manner. As there is a great number of standards, technical mechanisms, and capabilities that can be used for building web services security solutions, it is important that solutions architects understand the tradeoffs, risks, and benefits of approaches. It is critical, from a security and interoperability perspective, that security mechanisms are applied in a consistent manner, and this document provides needed guidance in the areas of access control, assertion passing, security markings, confidentiality, integrity, and non-repudiation.

 

The intended audience of this information guidance document is project managers, software architects, network architects, and developers who develop and integrate with web services. This document provides guidance in areas that will be important in satisfying security requirements and information security goals in a secure and interoperable manner.

 

Technical Specification Downloads

 

Latest Approved Public Release:

• Web Service Security High Level Guidance (V1 - Standalone Package (Release Date: 10 Apr 2013))
• Web Service Security High Level Guidance (V1 - Light Package (Release Date: 10 Apr 2013))

Published: 17 December 2013

Chief Information Officer

IC Technical Specifications

Atom Data Encoding Specification for Content Discovery and Retrieval Result Sets (DOD)

Overview

The Content Discovery & Retrieval (CDR) framework enables the use of results sets in service responses. As various service specifications leverage the Atom 1.0 feed syndications format, guidelines must be created to ensure consistent usage across CDR Search REST and SOAP specifications. In addition to the general guidelines for the use of Atom as described at http://www.atomenabled.org and in Atom 1.0 specification itself, this document extends the base specification to support information requirements in the CDR Search component. The guidance provided in this document focuses largely on the use of Atom 1.0 feed syndication format itself and the general format of commonly used extensions.

This specification supports Intelligence Community Directive 501(ICD 501), Discovery, Dissemination or Retrieval of Information within the Intelligence Community, which establishes policies for (1) discovery, and (2) dissemination or retrieval of intelligence and intelligence-related information collected, or analysis produced by the Intelligence Community.

Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package. This specification is maintained by the IC Chief Information Officer via the Services Coordination Activity (SCA) and Content Discovery and Retrieval Integrated Product Team (CDR IPT).

Encoding Specification Downloads

Latest Approved Versions:

• Atom Data Encoding Specification for Content Discovery and Retrieval Result Sets, Version 2 (10 Apr 13)  |  (Light Version)
  
  

Value Proposition

This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community and Department of Defense Enterprise(IC/DoD). Features of this specification are to:

• To provide guidance on leveraging Atom 1.0 as a result set for both the CDR REST and SOAP Search specifications
• Support the implementation of both the IC/DoD Content Discovery & Retrieval SOAP [CDR-SS] and REST [CDR-RS] Interface Specifications for CDR Search.

Published: 18 December 2014

As required by Executive Order 13571, Streamlining Service Delivery and Improving Customer Service, ODNI has developed the following Customer Service Plan, which identifies specific actions that further advance ODNI customer service, including initiatives establish new service infrastructure and  standards – as well as to track performance against those standards.

Emerging communication technologies, including social media and computer and mobile applications, provide ODNI with new opportunities to interact with customers, stakeholders and the general public as well as new avenues to disseminate information broadly that increases public understanding our intelligence integration mission.

ABOUT THE ODNI

Post 9/11 investigations proposed sweeping changes in the Intelligence Community, which resulted in Congressional passage of the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA). The IRTPA created the Office of the Director of National Intelligence to improve information sharing, promote a strategic, unified direction, and ensure integration across the U.S. Intelligence Community.

The ODNI was launched on April 21, 2005. It is led by a Director of National Intelligence, who serves as the head of the Intelligence Community, overseeing and directing the implementation of the National Intelligence Program and acting as the principal advisor to the President, the National Security Council, and the Homeland Security Council for intelligence matters related to

THE ODNI MISSION

The Office of the DNI’s goal is to effectively integrate foreign, military and domestic intelligence in defense of the homeland and of United States interests abroad.  With this goal in mind, Congress provided the DNI with a number of authorities and duties, as outlined in the Intelligence Reform and Terrorism Prevention Act of 2004 including to:
 

• Ensure that timely and objective national intelligence is provided to the President, the heads of departments and agencies of the executive branch; the Chairman of the Joint Chiefs of Staff and senior military commanders; and the Congress.
• Establish objectives and priorities for collection, analysis, production, and dissemination of national intelligence.
• Ensure maximum availability of and access to intelligence information within the Intelligence Community.
• Develop and ensure the execution of an annual budget for the National Intelligence program based on budget proposals provided by IC component organizations.
• Oversee coordination of relationships with the intelligence or security services of foreign governments and international organizations.
• Ensure the most accurate analysis of intelligence is derived from all sources to support national security needs.
• Develop personnel policies and programs to enhance the capacity for joint operations and to facilitate staffing of community management functions.
• Oversee the development and implementation of a program management plan for acquisition of major systems, doing so jointly with the Secretary of Defense for DOD programs, that includes cost, schedule, and performance goals and program milestone criteria.
  
  

U.S. INTELLIGENCE AND ITS CUSTOMERS

The IC serves a wide range of consumers, both within and outside the U.S. Government, with the level of intelligence services varying according to the customers’ responsibilities and the specific circumstances. The IC’s customers include the following:

• The White House, particularly the President, Vice President, and National Security Staff.
• Executive Branch Departments and Agencies, including the Departments of Agriculture, Commerce, Defense, Energy, Health and Human Services, State, Transportation, Treasury, Energy, and others.
• Military united commands, services, and deployed forces.
• The Intelligence Community itself, for IC internal operations, special activities, acquisition, and policy support.
• The Legislative and Judicial branches for oversight and to inform and protect.
• State, local, tribal and territorial officials, especially law enforcement and emergency planning and response personnel.
• The U.S. public, including commercial entities and academia.
• Allied Governments.
• International organizations, especially for such activities as treaty monitoring.
  
  

ETHICAL STANDARDS

As members of the intelligence profession, we conduct ourselves in accordance with certain basic principles. These principles are stated below, and reflect the standard of ethical conduct expected of all Intelligence Community personnel, regardless of individual role or agency affiliation.

Mission We serve the American people, and understand that our mission requires selfless dedication to the security of our Nation. Truth We seek the truth; speak truth to power; and obtain, analyze, and provide intelligence objectively. Lawfulness We support and defend the Constitution, and comply with the laws of the United States, ensuring that we carry out our mission in a manner that respects privacy, civil liberties, and human rights obligations. Integrity We demonstrate integrity in our conduct, mindful that all our actions, whether public or not, should reflect positively on the Intelligence Community at large. Stewardship We are responsible stewards of the public trust; we use intelligence authorities and resources prudently, protect intelligence sources and methods diligently, report wrongdoing through appropriate channels; and remain accountable to ourselves, our oversight institutions, and through those institutions, ultimately to the American people. Excellence We seek to improve our performance and our craft continuously, share information responsibly, collaborate with our colleagues, and demonstrate innovation and agility when meeting new challenges.

Many of these principles are also reflected in other documents that we look to for guidance, such as statements of core values, and the Code of Conduct: Principles of Ethical Conduct for Government Officers and Employees; it is nonetheless important for the Intelligence Community to set forth in a single statement the fundamental ethical principles that unite us – and distinguish us – as intelligence professionals.

CIVIL LIBERTIES

In addition to the personal commitment of every intelligence officer, an expansive network of oversight and compliance mechanisms ensures that IC offers are able to fully perform their duties: to protect our country and to protect the fundamental freedoms upon which our country stands. 

Protecting civil liberties and privacy in the conduct of intelligence activities is a critical part of the IC’s mission. As a community of professionals, we understand that security and liberty go hand in hand. Indeed, in taking the oath of office—to support and defend the Constitution of the United States—we all acknowledge that our duties require that as we safeguard the national security of the United States, we also protect civil liberties and privacy.

ODNI leadership, along with senior officials for civil liberties and privacy in IC elements, Offices of General Counsel, Offices of Inspectors General, and all branches of government work together to ensure that the policies and programs of the IC, comply with the rule of law, and protect civil liberties and privacy.

OPEN GOVERNMENT

The DNI supports the President's commitment to increase transparency, participation and collaboration within the Government and with the American people, as stated in the President's January 21, 2009 "Memorandum on Transparency and Open Government." Therefore the ODNI will continue to make every effort to increase transparency and openness, while also protecting classified and sensitive national security information and intelligence sources and methods from unauthorized disclosures.  ODNI's Open Government Plan describes in detail how the ODNI currently promotes openness. identifies active public disclosure initiatives, and presents new initiatives planned for FY 2014 and beyond, including:

New or Expanded Initiatives Open Data Proactive Disclosures Privacy Whistleblower Protection Websites and Social Media

Ongoing Initiatives Records Management Freedom of Information Act Requests Public Participation Collaboration and Information Sharing

 

ELECTRONIC COMMUNICATIONS

ODNI’s Official Website

The Office of the Director of National Intelligence website (DNI.GOV or ODNI.GOV ) is provided as a public service by the ODNI on behalf of the Director of National Intelligence.

As President Obama noted in his April 27, 2011 Executive Order, “with advances in technology and service delivery systems in other sectors, the public’s expectations of government have continued to rise.”

In keeping with the President’s directive that the federal government should meet or exceed the continually rising expectations, ODNI has taken several steps to ensure the access, openness, reach and reliability of our electronic communications. 

In August 2012, ODNI re-launched its website enhancing the U.S. Intelligence Community’s web presence, enhancing transparency and our ability to provide accurate, up-to-date information to the public.

With content reorganized to better reflect ODNI’s mission to lead intelligence integration and role as the leader of the Intelligence Community, the revamped DNI.gov site includes a number of new features including links to all IC members, intelligence-related news stories, video, photographs, podcasts and subscription content from throughout the IC.

The new DNI.gov was built using an open source content management system. The back-end changes provide a scalable and flexible architecture to empower innovative, efficient distribution of key information while reducing the costs of future investments.


ODNI’s Social Media Initiatives

The President’s Transparency and Open Government Memorandum of January 21, 2009 and the resulting OMB Open Government Directive of December 8, 2009 direct Federal departments and agencies to harness new technologies to engage the public, focusing on the values of transparency, participation and collaboration.

The Digital Government Strategy, released by the White House on May 23, 2012, requires that Federal agencies adopt an “information driven,” customer-centric approach to electronic communications – one that allows the American public to “shape, share and consume information, whenever and however they want it.”

More recently, the Privacy Best Practice for Social Media, released by the CIO Council in July 2013, noted that social media have an important role to play in the Federal Government’s communications strategy and explained that the Federal Government can use social media to share information as well as to enable Federal agencies to learn about issues being discussed by different audiences.

The Office of the Director of National Intelligence (ODNI) maintains an active presence on third-party social media sites and networks, and uses a growing number of new media tools to augment or expand the reach of our official communications originating at www.dni.gov and increase public understanding of the ODNI and the Intelligence Community. Third parties design and operate these sites and the ODNI is only one of many users.

By January 2013 ODNI had expanded its online reach to multiple additional social media channels, in support of the release of the Global Trends 2035 report.  This expansion included the production of the report in multiple electronic formats and its placement in the most popular online ebookstores.  The report was a best-seller and the ODNI’s efforts at greater awareness and electronic accessibility produced the most widely read and reported on Global Trends report in its history.


Signature Initiative: Transparency

In June 2013 President Obama directed the Intelligence Community (IC) to declassify and make public as much information as possible about certain sensitive U.S. Government surveillance programs while being mindful of the need to protect sensitive classified intelligence and national security.

The IC on the Record Database is designed to provide immediate, ongoing and direct access to factual information related to the lawful foreign activities carried out by the U.S. Intelligence Community. The Director of National Intelligence (DNI) has declassified and authorized the public release, via IC on the Record, of thousands of pages of documents relating to the use of critical national security authorities which can be found here: INTEL - IC on the Record Database.

Published: 11 September 2013

The Review Group

Privacy and Comment Policy

Your comments will become part of the official record of the Review Group’s activity and will be retained consistent with applicable policy and legal requirements. At this time, the Review Group is receiving comments only, and will not be responding to submitters. However, we may determine it appropriate to the public debate to post your comments publicly. Accordingly, any personal information you provide in the comments, or in an address or signature block, may be disclosed. Providing a comment is voluntary, and implies your consent to publication of the comment and any personal information contained in it.

Should the Review Group post comments, it will review all comments prior to posting and will not post comments that contain vulgar or abusive language; personal attacks of any kind; offensive terms that target specific groups; spam or comments that are clearly “off topic”; commercial promotions; information that promotes or opposes any political party, person campaigning for elected office, or any ballot proposition; reports of criminal or suspicious activity - if you have information for law enforcement, please contact your local police agency; unsolicited proposals, or other business ideas or inquiries; solicitations for contracting or commercial business; or any claims, demands, informal or formal complaints, or any other form of legal and/or administrative notices or processes.