Chief Information Officer
IC Technical Specifications
Fine Access Control
Overview
Any IT system performing entity authentication may use this specification to determine if a given entity should be granted access to a specific piece of data.
This specification applies to the IC, as defined by the National Security Act of 1947, as amended, and ICS 500-27, Collection and Sharing of Audit Data, and such other elements of any other department or agency as may be designated by the President, or designated jointly by the Director of National Intelligence (DNI) and the head of the department or agency concerned, as an element of the IC. Joint and Coalition forces may use this specification but it is not required.
Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.
This specification is maintained by the IC Chief Information Officer via the Data Services Coordination Activity (DSCA) and Common Metadata Standards Tiger Team (CMSTT).
Technical Specification Downloads
Latest Approved Public Release:
- CVE Encoding Specification for Fine Access Control (V2022-NOV - Standalone Package)
- CVE Encoding Specification for Fine Access Control (V2022-NOV - Convenience Package)
- CVE Encoding Specification for Fine Access Control (V2022-NOV - Light Package)
Mission Requirements
Information sharing within the national intelligence enterprise relies on the ability to discover and access intelligence content from any location, at any time, with as few restrictions as possible. ICD 501 empowers analysts, operators, and collectors with a wide range of capabilities for discovering, using, and sharing content within the IC and with partners. This authority comes with great responsibility, a responsibility that must be tracked, analyzed, and reported on.
The auditing of person and non-person entities within the IC protects the nation from abuse, voluntary or involuntary disclosure, as well as insider and outside threats. The audit specification is derived from the fundamental mission requirement to track and audit the discovery and access of intelligence content and information resources within the IC enterprise.
Chief Information Officer
IC Technical Specifications
Community Shared Resources
Overview
This IC enterprise data encoding specification defines detailed implementation guidance for Community Shared Resources (CSR) to sub-set the large possible combinations of specification versions. CSRs are systems or services that live on the enterprise and are made available for use by the community. This specification defines the minimum relationship sets of specifications mandatory for consuming systems (CSRs that receive data), and the allowed relationship sets for production systems (CSRs that transmit data).
This standard supports Executive Order (EO) 13526, Classified National Security Information which "prescribes a uniform system for classifying, safeguarding, and declassifying national security information," across national security disciplines, networks, services, and data.
Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.
This specification is maintained by the IC Chief Information Officer via the Data Services Coordination Activity (DSCA) and Common Metadata Standards Tiger Team (CMSTT).
Technical Specification Downloads
Latest Approved Public Release:
Mission Requirements
All systems at the enterprise level need to be able to send and receive with a common vocabulary to permit understanding. Since the decoupling of the IC Technical Specifications from one another, permitting them to revision independently, the potential combinations of versions of the specifications that can be mixed and matched together have grown exponentially. This puts a large burden on data producers and consumers on the enterprise to be able to produce and/or interpret all possible combinations. The ever-growing number of combinations leads to a need to have a minimal number of sets of combinations that CSRs must be able to produce/consume to relieve them of the infeasible burden of being able to produce/consume all possible combinations.
Chief Information Officer
IC Technical Specifications
CDR: Manage Component (Manage Service)
Overview
This IC enterprise service encoding specification defines requirements and provides guidance for the realization of the Content Discovery and Retrieval (CDR) Manage Component (Manage Service) as a RESTful web service and as a web service using the SOAP style binding. The Manage Component, as defined by the IC DoD CDR Specification Framework (CDR-SF), serves as the primary mechanism to manage CDR resources, where a CDR resource is defined as one explicitly created and used to support CDR functions.
The content of this specification describes the Manage Service's behavior, interface and other aspects in detail, providing enough information for Manage Service providers and consumers to create and use CDR-conformant Manage Services. Specific uses of the Manage Service, such as to create, read, update, delete, and search for Saved Searches, will be elaborated as profiles in the corresponding documents for those uses.
This standard supports Executive Order (EO) 13526, Classified National Security Information which "prescribes a uniform system for classifying, safeguarding, and declassifying national security information," across national security disciplines, networks, services, and data.
Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.
The IC Chief Information Officer maintains this specification via the Data Coordination Activity (DCA) and Common Metadata Standards Tiger Team (CMSTT).
Technical Specification Downloads
Latest Approved Public Release:
Mission Requirements
The Manage Service provides a coordinated set of functions that enables service consumers to create, read, update, delete, and search for instances of any defined type of CDR resources. The CDR resource type corresponding to specific uses of Manage is associated with a Uniform Resource Identifier (URI), where the Web-accessible resource accessed through that URI will identify the structure and semantics of the CDR resource type designed for that use (i.e., Query Management (QM) defines the Saved Search type as the CDR resource relevant to that use).
For all uses, The CDR resource description comprises the characteristic description metadata that aids in the discovery of CDR resource instances. Some of this description will be generated as part of the resource creation or update, while other description data will be supplied by someone with responsibility for the resource. It is anticipated that a basic description vocabulary appropriate for any CDR resource will contain a general set of properties while the description vocabulary associated with a particular resource type will add additional properties. The ability to save and retrieve resource instances over time will require implementers to adopt a persistence mechanism, which this document refers to as a CDR Resource Collection.
Chief Information Officer
IC Technical Specifications
Geopolitical Entities, Names, and Codes
Overview
This CVE Encoding Specification for Geopolitical Entities, Names, and Codes (IC-GENC.CES) defines detailed implementation guidance using several encoding formats including XML, CSV and JSON to encode IC-GENC.CES controlled vocabulary. This CES defines the XML elements and attributes, associated structures and relationships, mandatory and cardinality requirements, and permissible values for representing IC-GENC data concepts using a variety of formats.
This specification supports ISO-3166-1 (which replaced FIPS 10-4), moving from a two-character country code base to a three-character code. This profile is considered to be the authoritative set of country codes and names for use by the Federal Government for information exchange. Although GENC will use ISO-3166 code elements whenever possible, they may be modified where necessary to comply with U.S. law and U.S. government recognition policy.
This specification provides a subset of the permissible GENC codespaces and code values that are used in the IC. Specifically, this specification only utilizes the short Uniform Resource Number (URN) based codespaces with the three-character codes.
Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.
The IC Chief Information Officer maintains this specification via the Data Coordination Activity (DCA) and Common Metadata Standards Tiger Team (CMSTT).
Technical Specification Downloads
Latest Approved Public Release:
- CVE Encoding Specification for Geopolitical Entities, Names, and Codes (V2021-NOV - Standalone Package)
- CVE Encoding Specification for Geopolitical Entities, Names, and Codes (V2021-NOV - Convenience Package)
- CVE Encoding Specification for Geopolitical Entities, Names, and Codes (V2021-NOV - Light Package)
Mission Requirements
Many IC encoding specifications use Controlled Vocabulary Enumerations (CVEs) to define allowable values for various elements and attributes. However, over time several encoding specifications became dependent on the same list of values and dual (or more) maintenance was required to keep the lists aligned. Changes to a specification's CVEs also caused an entire version of that specification to be created.
To prevent these two situations from occurring, a new type of encoding specification, the CVE Encoding Specification (CES), was created to decouple the vocabulary from the specifications. Each CES contains one or more CVEs and optionally a master schema defining.
Chief Information Officer
IC Technical Specifications
CDR: Specification Framework
Overview
This Content, Discovery and Retrieval (CDR) Specification Framework document provides guidance for ensuring consistency and interoperability in the development of CDR Service Specifications. Generally, it describes the structure and content for CDR Service Specifications including the description of their key characteristics and a decomposition of key behaviors in the context of various environmental and technical considerations.
This CDR Specification Framework document is intended to provide both CDR Service Specification developers/authors and CDR service developers/implementers guidance for developing and implementing CDR Service Specifications. Specifically, this Specification Framework describes the Interface models and related behavior for each Service Specification and how they should be codified. For CDR Service Specification developers/authors, the framework provides the structure and content guidance for how CDR Service Specifications should be documented. For CDR service developers/implementers, the framework provides the common implementation and behavior guidance that, coupled with a specific CDR Service Specification, enables the realization of a CDR service.
This specification supports Intelligence Community Directive 501 (ICD 501), Discovery, Dissemination or Retrieval of Information within the Intelligence Community, which establishes policies for (1) discovery, and (2) dissemination or retrieval of intelligence and intelligence-related information collected, or analysis produced by the Intelligence Community.
This specification framework is maintained by the IC Chief Information Officer via the Services Coordination Activity (SCA) and Content Discovery and Retrieval Integrated Product Team (CDR IPT).
Technical Specification Downloads
Latest Approved Public Release:
Value Proposition
This CDR Specification Framework describes in greater detail the CDR Components and capabilities presented in the CDR Reference Architecture. It is meant to provide guidance in enough detail to enable interoperability among independent implementations without otherwise constraining the implementation itself. In this vein, this document describes inputs and outputs to each component in the context of the expected behavior that clarifies what is needed as inputs, outputs, and other effects that are expected to be produced. It does not, however, specify the details of the internal implementation processing.