Chief Information Officer

NCTC Speeches, Testimonies and Interviews

Chief Information Officer

IC Technical Specifications

CVE Encoding Specification for Role

Overview

This IC enterprise CVE encoding specification defines XML elements and attributes, associated structures and relationships, cardinality requirements, and permissible values for the role attribute as defined in the IC Enterprise Attribute Exchange Between IC Attribute Services Unified Identity Attribute Set (UIAS) Technical Specification.

 

This specification provides a set of values to characterize the entity’s (person or non-person) authorized position, job, or area of responsibility that ties membership to the function that the entity needs to perform the expected task.

 

This specification supports Executive Order (EO) 13526, Classified National Security Information which “prescribes a uniform system for classifying, safeguarding, and declassifying national security information”, across national security disciplines, networks, services, and data.

 

Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.

 

This specification is maintained by the IC Chief Information Officer via the Data Standards Coordination Activity (DSCA) and Common Metadata Standards Tiger Team (CMSTT).

 

Technical Specification Downloads

 

Latest Approved Public Release:

 

Mission Requirements

 

This CES defines the Role CVEs and contains the approved namespaces and associated taxonomies for the Role attribute and the valid values for populating the components of a role. It provides a common encoding (e.g. common understanding) and foundation for the UIAS attribute role. It also describes the generic format and lexicon for the role attribute. This format and lexicon is used to create specific taxonomies for a given namespace.

 

Although useful in and of itself, the intended use of this specification is to be incorporated into other specifications, in particular UIAS. For this purpose, role is defined by the use of formal language known as ABNF (Augmented Backus-Naur Form). This specification defines rules that explicitly define the content of ABNF which are used to provide a formal description independent of any particular technology.

Chief Information Officer

IC Technical Specifications

IC Enterprise Attribute Exchange Between IC Attribute Services Unified Identity Attribute Set

Overview

IC Enterprise Attribute Exchange Between IC Attribute Services Unified Identity Attribute Set (UIAS) codifies the minimum set of enterprise-level authorization attributes that IC elements are expected to provide if they participate in the Intelligence Community Unified Authorization and Attribute Service (UAAS) architecture. It provides a common, consistent way to identify IC enterprise authorization attributes of IC persons produced by, stored within, or shared throughout the IC’s TS/SCI information domain. The name, definition, cardinality, and controlled vocabulary for each attribute are defined in order to promote interoperability between UAAS-compliant attribute services established by participating IC Agencies. The set of authorization attributes described in the specification is designed for implementation within products and servers that are capable of supporting the Encrypted Mode option of the OASIS SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based Systems, Committee Specification 01.

This specification is maintained by the IC Chief Information Officer via the Data Standards Coordination Activity (DSCA) and Web Services Security Working Group (WSS WG).

Technical Specification Downloads

Latest Approved Public Release:

Mission Requirements

IC Enterprise Attribute Exchange Between IC Attribute Services Unified Identity Attribute Set establishes detailed requirements for enterprise-level authorization attributes that IC elements are expected to provide if they participate in the Intelligence Community Unified Authorization and Attribute Service federation. Its function is to facilitate the availability, accuracy, and standardization of these attributes across the IC TS/SCI enterprise, building a consistent basis for the exchange of this information between IC Elements.

Defining the mandatory minimum set of IC enterprise authorization attributes and values for sharing through the IC UAAS federation supports consistent and assured information sharing across the enterprise. The IC UAAS supports Attribute-Based Access Control (ABAC) to promote on-demand access to information and other resources by IC users and services and reduces authorization vulnerabilities by strengthening the access control decision process.

The primary audience for this document is the implementer and/or administrator who must configure an Attribute Service to meet the requirements for participation in the IC UAAS federation. The audience for this document also includes those responsible for implementing and managing the capabilities that create, provide, modify, store, exchange, search, display, or further process IC enterprise authorization attributes. 

Chief Information Officer

IC Technical Specifications

Intelligence Community Only Need-To-Know

Overview
 

This XML Data Encoding Specification for Intelligence Community Only Need-To-Know Profile (ICO-NTK.XML) provides detailed implementation guidance to limit dissemination of appropriately tagged information solely to members of the Intelligence Community (IC). Certain information is only permitted to be disseminated to and accessed by members of the IC. This profile defines a specification that uses NTK for conveying the requirement to limit dissemination.

 

This is the first release of the specification and therefore provides no backward capability.

 

Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.

 

The IC Chief Information Officer maintains this specification via the Data Coordination Activity (DCA) and Common Metadata Standards Tiger Team (CMSTT).

 

Technical Specification Downloads

 

Latest Approved Public Release:

 

Mission Requirements

 

This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community. Many of these requirements are articulated in IC Directives.

 

This specification includes design features that address:

  • Defines the use of elements and attributes from NTK, associated structures, relationships, requirements, cardinality, and permissible values for representing ICO-NTK data concepts using XML.
  • Defines how information is disseminated to and accessed by members of the IC.
  • Discusses relationship between ICO-ACES and ADD re mapping

Chief Information Officer

IC Technical Specifications

Unified Identity Attribute Set - Attribute Practice Compliance Statements

Overview

This Attribute Practice Compliance Statements for the Unified Identity Attribute Set (UIAS-APCS) provides concise direction to Intelligence Community (IC) elements required by Intelligence Community Standard (ICS) 500-30, Enterprise Authorization Attributes: Assignment, Authoritative Sources, and Use for Attribute-Based Access Control Of Resources, to produce an Attribute Practice Statement (APS) for each Attribute Service (AS) of an IC element.

Compliance with an Attribute Practice Compliance Statement (APCS) document ensures interoperability and consistently applied attributes in dynamic Information Technology (IT) environments including the Intelligence Community Information Technology Enterprise (IC ITE). An APCS alleviates the need for each IC element to produce an APS and ensure compliance with ICS 500-30, and IC Enterprise Attribute Exchange Between IC Attribute Services Unified Identity Attribute Set (UIAS.XML).

This UIAS-APCS has a dependency on UIAS.XML. Citations for the Controlled Vocabulary Enumeration (CVE)s are covered in the UIAS.XML technical specification and should be complied with in accordance with the needs and practices of the responding organization, and that such compliance should also designate the reasoning for compliance approach or its variations. The UIAS.XML MUST be consulted in conjunction with this document.

This specification is maintained by the IC Chief Information Officer via the Data Standards Coordination Activity (DSCA) and Common Metadata Standards Tiger Team (CMSTT).

Technical Specification Downloads

Latest Approved Public Release:

Mission Requirements

As the IC environment evolves, the user base grows with more diverse membership with unique data sources per member entity. The IC's move to a simplified architecture for access control and authorization is predicated on ABAC and an IC Authorization service being trustworthy. This drives an increased need to better understand attribute provisioning and ensure that all IC elements provision and maintain access control and authorization related attributes consistently. This document specifies compliance statements to confirm that enterprise identity attributes are consistent with the attributes defined in the UIAS.XML technical specification and that IC elements maintain attributes consistent with Appendix C of ICS 500-30, Operation of ASs and AAS. Compliance with the ICS 500-30 will ensure that all IC elements provision and maintain attributes for availability, accuracy, consistency, privacy, confidentiality, and integrity across persona lifecycles.

Chief Information Officer

IC Technical Specifications

Web Service Security

Overview

The High Level Guidance for Web Service Security (WSS-HLG) provides guidance to solutions architects and developers on how to consistently approach circumstances for which security solutions are required. This document focuses on security fundamentals essential to designing and building secure solutions that involve web services focusing on approaches for access control, use of assertions, security markings, confidentiality, integrity, and non-repudiation. The WSS-HLG provides solution approaches at a high level, intended to provide an understanding of information security fundamentals essential to such solutions, for the purpose of building both secure and interoperable approaches that are consistent across the IC.

 

The High Level Guidance for Web Service Security (WSS-HLG) provides important guidance for building and integrating with web services solutions in an interoperable, secure, and consistent manner. As there is a great number of standards, technical mechanisms, and capabilities that can be used for building web services security solutions, it is important that solutions architects understand the tradeoffs, risks, and benefits of approaches. It is critical, from a security and interoperability perspective, that security mechanisms are applied in a consistent manner, and this document provides needed guidance in the areas of access control, assertion passing, security markings, confidentiality, integrity, and non-repudiation.

 

The intended audience of this information guidance document is project managers, software architects, network architects, and developers who develop and integrate with web services. This document provides guidance in areas that will be important in satisfying security requirements and information security goals in a secure and interoperable manner.

 

Technical Specification Downloads

 

Latest Approved Public Release:

  1. Atom Data Encoding Specification for Content Discovery and Retrieval Result Sets (DOD)
  2. RR: End-to-End Identity Propagation
  3. RR: Security Markings
  4. Information Transport Service Messaging Service

Subcategories

CIO Sidebar

Related Documents

Intelligence Reform and Terrorism Prevention Act of 2004

Executive Order 13354 National Counterterrorism Center
NCTC Attorney General Guidelines

First Responder Toolbox