News Articles

News Articles

The U.S. intelligence community will be relying to a greater degree on commercial technologies to meet its current and future requirements, including some that formerly were the purview of government laboratories. And, because much of the community’s research is applied research, it will select its budgeting priorities based in part on how well the commercial sector can fill in some technology gaps on its own.
The Honorable James R. Clapper, Director of National Intelligence (DNI) will deliver the commencement address to National Intelligence University graduates on Friday, July 26, 2013.
Thursday, 25 April 2013 14:49

Top U.S. Spy: Don’t Blame Us for Boston

Congressmen are already lining up to label the Boston Marathon bombing as yet another failure of the U.S. intelligence community. The head of America’s 16 spy agencies has response for the Capitol Hill critics: back off.
Tuesday, 23 April 2013 10:23

RR: End-to-End Identity Propagation (2)

Chief Information Officer

IC CIO Enterprise Integration & Architecture

REST Service Encoding Specification for Identity Propagation


This technical specification applies to non-SOAP-based web services over HTTP and provides guidance for REST-based services in an environment that does not utilize a Security Token Service (STS).

(U) This specification provides a mechanism to track a sequence of requestor identifier(s), from the initiating requestor to the final called service, providing "end-to-end" visibility of the requestor(s) in the transaction sequence.

The solution provided by this specification provides a mechanism for conveying identity in an interoperable manner. The specification does not by itself provide integrity, confidentiality or non-repudiation of the requestor identity or identities over the service chain. This specification will, however, address how these security goals can be accomplished by using this specification in combination with other security mechanisms.

Current Version

  • REST Service Encoding Specification for Identity Propagation (RR-ID.V1) 17 July 12

Tuesday, 23 April 2013 10:23

Information Security Marking Access3

Chief Information Officer

IC CIO Enterprise Integration & Architecture

Information Security Marking Access


This Access Control Encoding Specification for Information Security Markings (ISM.ACES) defines detailed implementation guidance for providing access to documents based on ISM data. This Access Control Encoding Specification (ACES) defines the use of combinational logic between data and user/entity attributes. This logic is intended to be used in the decisional process of access control decisions based on XML elements and attributes that represent ISM data concepts and the associated user attributes.

The Access Control Encoding ISM specification (ISM.ACES.V1) furthers IC Enterprise goals by codifying mappings and combinational logic between data attributes and user/entity attributes to facilitate consistent enterprise-wide Boolean access decisions. Historically, access control decisions have been made in local environments based on local interpretations of agreements and policies resulting in decisions that are not uniform across the entire enterprise. ACES OC hope to reduce the need for such local interpretations and further the goal of improving data exchanges and processing of information by documenting and encoding the enterprise interpretation. ACES OC provide both abstract and concrete guidance for making access control decisions. The generic abstract guidance is intended to be used in various contexts for making informed access decision logic, but it is the goal of ACES ISM is to also provide concrete guidance in appendixes or separate annexes for certain contexts.

The presence of ISM data attributes within a data asset specifies that the data asset is controlled by the rules in this ACES and any contextually relevant annexes of this document. This ACES has no need to express information beyond what is already expressed in the ISM attributes. As such, no specific NTK Profile is necessary. This specification describes the mapping of dissemination related data attributes to a user's/person's attributes or a NPE's accreditation that are determined to be sufficient for access and can be used to make informed available and accurate dissemination decisions.

This is the first release of the specification and therefore provides no backward capability.

The IC Chief Information Officer maintains this specification via the Data Coordination Activity (DCA) and Entity Specification Tiger Team (ESTT).

Technical Specification Downloads

Latest Approved Version

Previous Versions Currently Mandated in the Baseline [ER2 and DISR]

Retired Versions

  • None

Mission Requirements

This specification depends upon the following specifications:  XML Data Encoding Specification for Need-To-Know (NTK.XML.V8+) version 8 or higher

This specification defines & baselines Access Control Encoding for OC (Originator Controlled) and establishes allowable use of encoding logic values between data and user/entity attributes for the IC Enterprise.

This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community. Many of these requirements are articulated in IC Directives 208, 209, 500-20, 500-21, 501, 710,and ICPM) - 2007-200-2 among others.

This specification is designed to support the Intelligence Community Information Technology Enterprise (IC ITE) Increment 1 Implementation Plan.

This specification supports common understanding and use of access control encoding for originator controlled mappings to enable overall information sharing strategies and policies of the IC as established in relevant law, policy, and directives.
Page 35 of 50