Chief Information Officer
IC Technical Specifications
CVE Data Encoding Specification for US Agency Acronyms
Overview
This CVE Data Encoding Specification for US Agency Acronyms (USAgency.CES) defines detailed implementation guidance for using Extensible Markup Language (XML) to encode US Agency data. This CVE Encoding Specification (CES) defines the XML elements and attributes, associated structures and relationships, mandatory and cardinality requirements, and permissible values for representing US Agency data concepts using XML. Versions 1 and higher of this CES can be utilized with a Trusted Data Format (TDF) structure and valid PUBS instances that use a TDF wrapper. A TDF instance may conform with multiple DES simultaneously assuming none of the criterion are in conflict.
This CES lists and defines a set of US Agency Acronyms (with their definitions) in various Controlled Vocabulary Enumeration (CVE) file formats for use by agencies in the IC Enterprise. It contains valid acronyms for use within the IC Enterprise for IC Agency publishing organizations, agencies, and Cabinet Offices.
This specification contains tagging structures for information resource metadata, mixed textual and media content found in the body of publications, source reference citations, classification and control markings, and knowledge assertions.
Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.
This specification is maintained by the IC Chief Information Officer via the Data Standards Coordination Activity (DSCA) and Common Metadata Standards Tiger Team (CMSTT).
Technical Specification Downloads
Latest Approved Public Release:
- CVE Encoding Specification for US Agency Acronyms (V2022-JUL - Standalone Package)
- CVE Encoding Specification for US Agency Acronyms (V2022-JUL - Convenience Package)
- CVE Encoding Specification for US Agency Acronyms (V2022-JUL - Light Package)
Mission Requirements
This specification defines & baselines a Controlled Vocabulary Enumeration for US Agency acronyms / definitions and establishes allowable US Agency Acronym values for the IC Enterprise.
This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community. Many of these requirements are articulated in IC Directives 208, 209, 500-21, 501, 710, and ICPM- 2007-200-2 among others.
This specification is designed to support the Intelligence Community Information Technology Enterprise (IC ITE) Increment 1 Implementation Plan.
This specification supports common understanding and use of US Agency Acronyms to enable overall information sharing strategies and policies of the IC as established in relevant law, policy, and directives.
IC Implementations shall conform to this specification and MUST adhere to all normative aspects of the specification.
Chief Information Officer
IC Technical Specifications
ORCON Need to Know Access
Overview
This Access Control Encoding Specification for ORCON (OC-NTK.ACES.XML) defines detailed implementation guidance for providing access utilizing OC (Originator Controlled) data. This Access Control Encoding Specification (ACES) defines the use of combinational logic between data and user/entity attributes. This logic is intended to be used in the decisional process of access control decisions based on XML elements and attributes that represent OC data concepts and the associated user attributes.
The Access Control Encoding ORCON specification (OC.NTK.ACES.V1) furthers IC Enterprise goals by codifying mappings and combinational logic between data attributes and user/entity attributes to facilitate consistent enterprise-wide Boolean access decisions. Historically, access control decisions have been made in local environments based on local interpretations of agreements and policies resulting in decisions that are not uniform across the entire enterprise. OC-NTK.ACES hopes to reduce the need for such local interpretations and further the goal of improving data exchanges and processing of information by documenting and encoding the enterprise interpretation. OC-NTK.ACES provides both abstract and concrete guidance for making access control decisions. The generic abstract guidance is intended to be used in various contexts for making informed access decision logic, but it is the goal of OC-NTK.ACES to also provide concrete guidance in appendixes or separate annexes for certain contexts.
Data assets on the enterprise may be marked with a dissemination control of ORCON, or originator controlled. Persons or NPEs wishing to access or distribute such data must first be granted the ability to do so by the originator of the data asset. Access control systems need to be able to determine the meaning of the attributes related to ORCON on data assets as well as the relation between those attributes and the attributes that belong to entities in order to make informed available and accurate dissemination decisions.
This is the first release of the specification and therefore provides no backward capability.
Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.
The IC Chief Information Officer maintains this specification via the Data Coordination Activity (DCA) and Entity Specification Tiger Team (ESTT).
Technical Specification Downloads
Latest Approved Public Release:
Mission Requirements
This specification depends upon the following specifications:
- XML Data Encoding Specification for Need-To-Know (NTK.XML.V8+) version 8 or higher
- XML Data Encoding Specification for Originator Control Need-To-Know Profile (OC-NTK.XML v1+) ~ OC-NTK.XML
- XML Data Encoding Specification Information Security Markings (ISM.XML v9+)
- XML CVE Encoding Specification for US Government Agency Acronyms
This specification defines & baselines Access Control Encoding for OC (Originator Controlled) and establishes allowable use of encoding logic values between data and user/entity attributes for the IC Enterprise.
This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community. Many of these requirements are articulated in IC Directives 208, 209, 500-20, 500-21, 501, 710, and ICPM) - 2007-200-2 among others. This specification is designed to support the Intelligence Community Information Technology Enterprise (IC ITE) Increment 1 Implementation Plan. This specification supports common understanding and use of access control encoding for originator controlled mappings to enable overall information sharing strategies and policies of the IC as established in relevant law, policy, and directives.
Chief Information Officer
IC Technical Specifications
Information Security Marking Access
Overview
This Access Control Encoding Specification for Information Security Markings (ISM.ACES) defines detailed implementation guidance for providing access to documents based on ISM data. This Access Control Encoding Specification (ACES) defines the use of combinational logic between data and user/entity attributes. This logic is intended to be used in the decisional process of access control decisions based on XML elements and attributes that represent Information Security Markings (ISM) data concepts and the associated user attributes.
The ISM.ACES specification furthers IC Enterprise goals by codifying mappings and combinational logic between data attributes and user/entity attributes to facilitate consistent enterprise-wide Boolean access decisions. Historically, access control decisions have been made in local environments based on local interpretations of agreements and policies resulting in decisions that are not uniform across the entire enterprise. ISM.ACES hopes to reduce the need for such local interpretations and further the goal of improving data exchanges and processing of information by documenting and encoding the enterprise interpretation. ISM.ACES provides both abstract and concrete guidance for making access control decisions. The generic abstract guidance is intended to be used in various contexts for making informed access decision logic, but it is the goal of ISM.ACES to also provide concrete guidance in appendixes or separate annexes for certain contexts.
The presence of ISM data attributes within a data asset specifies that the data asset be controlled by the rules in this ACES and any contextually relevant annexes of this document. This ACES has no need to express information beyond what is already expressed in the ISM attributes. As such, no specific Need-to-Know (NTK) Profile is necessary. This specification describes the mapping of dissemination related data attributes to a user's/person's attributes or a Non-Person Entity’s (NPE's) accreditation that are determined to be sufficient for access and can be used to make informed available and accurate dissemination decisions.
The IC Chief Information Officer maintains this specification via the Data Coordination Activity (DCA) and Entity Specification Tiger Team (ESTT).
Technical Specification Downloads
Latest Approved Public Release:
- Access Control Encoding Specification for Information Security Markings (V2021-NOV - Standalone Package)
- Access Control Encoding Specification for Information Security Markings (V2021-NOV - Convenience Package)
- Access Control Encoding Specification for Information Security Markings (V2021-NOV - Light Package)
Mission Requirements
This specification depends on the LATEST technically sound, approved version of XML Data Encoding Specification for Information Security Marking Metadata (ISM.XML)
This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community. Many of these requirements are articulated in IC Directives 208, 209, 500-20, 500-21, 501, 710,and ICPM) - 2007-200-2 among others.
This specification is designed to support the Intelligence Community Information Technology Enterprise (IC ITE) Increment 1 Implementation Plan.
This specification supports common understanding and use of access control encoding for originator controlled mappings to enable overall information sharing strategies and policies of the IC as established in relevant law, policy, and directives.
Chief Information Officer
IC Technical Specifications
CVE Encoding Specification for ISM Country Codes and Tetragraphs
Overview
This CVE Encoding Specification for ISM Country Codes and Tetragraphs (ISMCAT.CES) defines detailed implementation guidance for using Extensible Markup Language (XML) to encode IC Enterprise ISM Country Codes and Tetragraphs data. This Controlled Vocabulary Enumerations (CVEs) Specification defines the use of XML elements and attributes for ISMCAT data, associated structures and relationships, mandatory and cardinality requirements, and permissible values for representing ISMCAT data concepts using XML. Versions 1 and higher of this Controlled Vocabulary Enumerations (CVE) can be utilized as metadata when dissemination of information is limited solely to members of the Intelligence Community.
IC Enterprise encoding specifications use Controlled Vocabulary Enumerations (CVEs) to define allowable values for various elements and attributes used and over time, several encoding specifications became dependent on the same list of values, and dual (or more) maintenance was required to keep the lists aligned. Any changes to a specification's CVEs caused an entire new version of that specification to be created. In order to remove the need for dual maintenance and to remove the need to revision a specification when a CVE was updated, a new type of encoding specification, the CVE Encoding Specification, was created to decouple the vocabulary from the specifications.
This specification contains tagging structures for information resource metadata, mixed textual and media content found in the body of publications, source reference citations, classification and control markings, and knowledge assertions.
Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.
The IC Chief Information Officer maintains this specification via the Data Standards Coordination Activity (DSCA) and Entity Specification Tiger Team (ESTT).
Latest Approved Public Release:
- CVE Encoding Specification for ISM Country Codes and Tetragraphs (V2022-NOV - Standalone Package)
- CVE Encoding Specification for ISM Country Codes and Tetragraphs (V2022-NOV - Convenience Package)
- CVE Encoding Specification for ISM Country Codes and Tetragraphs (V2022-NOV - Light Package)
Mission Requirements
This encoding specification defines how to implement the abstract data elements in the IC.ADD in a particular physical encoding (e.g., data or file format).
This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community. Many of these requirements are articulated in IC Directives 208, 209, 500-20, 500-21, 501, 710, and ICPM- 2007-200-2 among others.
This specification is designed to support the Intelligence Community Information Technology Enterprise (IC ITE) Increment 1 Implementation Plan.
This specification supports common understanding and use of access control encoding for originator controlled mappings to enable overall information sharing strategies and policies of the IC as established in relevant law, policy, and directives.
IC Implementations shall conform to this specification and MUST adhere to all normative aspects of the specification.
Chief Information Officer
IC Technical Specifications
Intelligence Community Only Access Control
Overview
This XML Data Encoding Specification for Intelligence Community Only (ICO.ACES) defines detailed implementation guidance for providing access to ICO data. This specification profile is applicable to the Intelligence Community (IC) and information produced by, stored, or shared within the IC.
This is the first release of the specification and therefore provides no backward capability.
Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.
The IC Chief Information Officer maintains this specification via the Data Coordination Activity (DCA) and Entity Specification Tiger Team (ESTT).
Technical Specification Downloads
Latest Approved Public Release:
Mission Requirements
This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community. Many of these requirements are articulated in IC policy:
- Intelligence Community Information Technology Enterprise (IC ITE) Increment 1 Implementation Plan
- Intelligence Community Directive (ICD) 501, Discovery and Dissemination or Retrieval of Information within the IC
- Intelligence Community Standard (ICS) 500-21, Tagging of Intelligence and Intelligence-Related Information
- Intelligence Community Directive (ICD) 208, Write for Maximum Utility
- Intelligence Community Directive (ICD) 209, Tearline Production and Dissemination
- Intelligence Community Policy Memorandum (ICPM) 2007-200-2, Preparing Intelligence to Meet the Intelligence Community’s Responsibility to Provide
This specification includes design features that address:
- Addresses the standardization of EA
- Codifies mappings and combinational logic between data attributes and user/entity attributes to facilitate consistent enterprise-wide Boolean access decisions.
- Defines both abstract and concrete guidance for making access control decisions. Addresses components of Control decision(s).
- Addresses components of Control decision(s).