Additional Resources

Additional Resources

NIEM  NIEM—the National Information Exchange Model —is a community-driven, standards-based approach to exchanging information. NIEM connects communities of people who share a common need to exchange information in order to advance their mission.

 

The National Information Exchange Model (NIEM) is a community-driven, standards-based approach to exchanging information. Diverse communities can collectively leverage NIEM to increase efficiencies and improve decision making.

 

It was started by a handful of organizations supporting state and local government to overcome the challenges of exchanging information across state and city government boundaries.

 

This grassroots effort, called the Global Justice Information Sharing Initiative, set into motion the creation of a seamless, interoperable model for data exchange that could solve a range of information-sharing challenges across a variety of government agencies. After a two-year effort, the first pre-release of the Global Justice XML Data Model (GJXDM) was announced in April 2003.

 

Parallel to the GJXDM effort was the stand up of the U.S. Department of Homeland Security. The mention of metadata in the president’s strategy for homeland security in the summer of 2002 got the homeland security community to begin working towards standardization.

 

These collaborative efforts by the justice and homeland security communities—to produce a set of common, well-defined data elements for data exchange development and harmonization—lead to the beginnings of NIEM.

 

Built upon GJXDM's success and lessons learned from utilizing it, NIEM was launched in 2005, uniting key stakeholders from federal, state, local, and tribal governments to develop and deploy a national model for information sharing and the organizational structure to govern it.

 

NIEM was formally initiated in April 2005 by the chief information officers of the U.S. Department of Homeland Security and the U.S. Department of Justice. In October 2010, the U.S. Department of Health and Human Services joined as the third steward of NIEM.

 

Since 2005, NIEM has issued four releases: 1.0 in 2006, 2.0 in 2007, 2.1 in 2009, and 3.0 in 2013.

 

All 50 states and the majority of federal agencies are using (at varying levels of maturity) or considering using NIEM.Through North America Day efforts, NIEM exchanges are being developed to allow for a more efficient and consistent method of sharing important public health and safety information, representing a significant first step in the development of a borderless network of information exchange between the U.S., Canada, and Mexico.

 


NIEM in Action

A national program, NIEM is supported by and used within all levels of government for a broad set of missions including but not limited to justice, homeland security, international trade, human services, and cyber. Robust communities of practitioners use NIEM to ensure that when information is exchanged between various systems, it is standardized and commonly understood for quicker and more effective use. NIEM is included in the overall data strategies for Colorado, Indiana, and New York City.

 

Data sharing through NIEM helps government agencies advance their missions and improve the quality of their service to the public, improving lives. By reducing data processing time, NIEM quickly puts actionable information in the hands of decision makers and decreases response time. The information exchanges developed using NIEM result in reusable artifacts that reduce future development costs, resulting in cost avoidance. 

 

NIEM is sponsored by the U.S. Department of Justice, the U.S. Department of Homeland Security, and the U.S. Department of Health and Human Service

The Common Information Sharing Standards (CISS) program provides standards for:

  • Technology implementation
  • Information sharing processes
  • ISE products

The CISS program focuses on two types of standards:

Functional standards

These standards are rules or guidelines for creating and sharing reports or other documents. An example of a functional standard developed by ISE mission partners is the Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI). The ISE-SAR Functional Standard includes the business rules and formats for exchanging SARs that were agreed to both by operating organizations (frontline law enforcement) and privacy and civil liberties advocacy groups.

 

Information Sharing-Related Federal Initiatives

 

Global Standards Council
Joint Counterterrorism Assessment Team (JCAT) (formerly Interagency Threat Assessment and Coordination Group, ITACG)
High Intensity Drug Trafficking Areas (HIDTA) Program
Open Government Initiative
Federal Data
National Strategy for Trusted Identities in Cyberspace
DHS Support to State and Major Urban Area Fusion Centers
Critical Infrastructure Sector Partnerships
Department of Homeland Security Quadrennial Homeland Security Review
Department of Homeland Security Information Sharing Strategy
FBI’s InfraGard Program
NIEM Program Office

Technical standards

These standards are the schemas or frameworks that enable technical data exchanges between systems. Learn more by checking out blog posts about technical standards.

 

Learn more about the most common information standards:

 

Standards-Based Approach: Identify the benefits of developing a structured, standards-driven approach to information sharing

 

National Information Exchange Model (NIEM): Discover how NIEM connects communities of people who share a need for access to information

 

Standards & Interoperability: Information about more standards options, how to implement them, and standards development organizations that focus on information sharing and safeguarding

Information Systems Security

Reciprocity of information technology (IT) system security certification among agencies is important for ensuring efficient and effective information sharing. Several initiatives sponsored jointly by National Institute of Standards and Technology (NIST), the Committee on National Security Systems (CNSS), and the Office of the Director of National Intelligence (ODNI) have made considerable progress in updating and harmonizing federal security standards and processes, setting the stage for future extensibility to state, local, tribal, and private sector partners.

 

With the issuance of NIST Special Publication 800-53 in August 2009 and CNSS Instruction 1253 in October 2009, the Intelligence Community (IC), Department of Defense (DoD), and civilian federal agencies, for the first time, have adopted a common set of security controls that form a de facto national baseline for all federal information systems. "Recommended Security Controls for Federal Information Systems and Organizations" are available on the NIST website and "Security Categorization and Control Selection for National Security Systems" is available on the Committee for National Security Systems. Alignment of these controls and further issuance of publications relating to risk management and security assessment will enhance interoperability among federal agencies. Although agency certifiers and accreditors will tailor requirements to their own environments, using the same standards will enable reciprocity – agencies accepting each others’ systems security testing – when interconnecting systems.

 

The alignment and harmonization of federal information systems security standards will, in turn, present state, local, tribal, and private sector partners with a single, predictable security goal to meet. Harmonized standards will also enable implementation of reciprocity policies, not only among federal agencies and systems, but with state, local, tribal, and private sector partners as well, thereby reducing the time - and cost - required to interconnect systems.

 Identity, Credential, and Access Management (ICAM)

Properly identifying and authenticating users of IT systems is a necessary condition for trusted operations. The Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance, Part A, was developed by the Identity, Credential, and Access Management Subcommittee (co-chaired by the General Services Administration and DoD) of the Federal CIO Council in November 2009. This document provides a common segment architecture and associated implementation guidance for use by federal agencies as they continue to invest in ICAM programs. The FCAM segment architecture will serve as an important tool for providing awareness to external mission partners and will drive the development and implementation of interoperable solutions. The Global Federated Identity and Privilege Management (GFIPM) and the Trusted Broker systems are two approaches in use today that work toward interoperating under the ICAM umbrella.

 

When fully implemented, ICAM will close identified security gaps in the areas of user identification and authentication, encryption of sensitive data, and logging and auditing. It supports the integration of physical access control with enterprise identity and access systems, and enables information sharing across systems and agencies with common access controls and policies. Leveraging the digital infrastructure in a secure manner will enable the transformation of business processes, many of which are vital to the security of the United States.

 

In addition to important progress in aligning access management procedures, PM-ISE sponsored ground-breaking work with NIST and the Department of Homeland Security (DHS) to develop an automated means to evaluate access management policies. Using new algorithms to electronically translate policies and regulations in natural language into automated instructions, NIST developed a pilot system that evaluates multiple policies, identifies gaps and contradictions, and reveals the actual access that results from overlaying more than one policy. As more and more information passes through many mission partners and systems, each with different access policies, the significance of automating access polices will be increasingly necessary to ensure efficient and appropriate access.

Updated Policy for Handling Classified Information

Improving protection and expanding access are complementary, not conflicting, goals. The policy governing the handling of classified national security information has undergone significant revision over the past year designed to ensure that classification is not a barrier to providing information to those who need it in a timely way. On December 29, 2009, following a presidentially-mandated 90-day review, the administration released Executive Order (EO) 13526, which governs the handling, marking, and eventual declassification of Classified National Security Information. The new order replaces EO 12958, and provides more "accurate and accountable application of classification standards and routine, secure, and effective declassification".

 Expanding Discovery and Access in the Intelligence Community

The IC has continued the transformation of information sharing by implementing IC Directive (ICD) 501, "Discovery and Dissemination or Retrieval of Information." This policy promotes responsible information sharing by distinguishing between discovery (obtaining knowledge that information exists) and dissemination or retrieval (obtaining the contents of the information). The policy directs all IC elements to fulfill their "responsibility to provide" by making intelligence discoverable by automated means by authorized IC personnel. It also establishes procedures for gaining access to information that has been discovered and resolving disputes if access is denied.

 

Through the implementation of ICD 501, the IC has made considerable progress on improving information sharing by enabling discovery of disseminated analytic products through the creation of the Library of National Intelligence (LNI). LNI uses a combination of attribute-based access, tagged data, and auditing to promote secure information sharing of more than three million intelligence products.

 

Metadata tagging - information about other data - is crucial to ICD 501 implementation and is the linchpin to the effective management of data throughout the intelligence cycle. It facilitates discovery, retrieval, and protection. The IC is using XML as the standard for metadata implementation, and most IC elements are meeting IC metadata standards required to submit products to the LNI.

 

The Value of the Library of National Intelligence
 

People with a mission need are increasingly able to conduct a single search of the IC's disseminated analytic products, covering 99% of the included product lines, compared to the past where users had to visit over 50 different websites to discover the same information.

 

The next steps include making the LNI more complete and timely while improving the quality of the metadata in the LNI, which will further improve the ability of users to search for disseminated analytic products as well as developing a secure repository for discovery of sensitive intelligence products by authorized IC personnel.

  • Establishment of a National Declassification Center
  • Measures to address the problem of over-classification
  • Greater emphasis on sharing classified information among those who need it, including a redefinition of the "need to know" principle and less restrictive rules for sharing classified information between agencies
  • Provisions that ensure greater openness and transparency in the government's classification and declassification programs

Structured, standards-driven approaches to technology and enterprise data management are the foundation for responsible information sharing that protects privacy, civil rights, and civil liberties. Standards provide a common lexicon to enable information exchanges.

 

The ISE Common Information Sharing Standards (CISS) program provides standards for technology implementation, information sharing processes, and products for the ISE. The CISS program focuses on two types of standards:


Functional standards

 

These standards are rules or guidelines for creating and sharing reports or other documents. An example of a functional standard developed by ISE mission partners is the Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI). The ISE-SAR Functional Standard includes the business rules and formats for exchanging SARs that were agreed to both by operating organizations (frontline law enforcement) and privacy and civil liberties advocacy groups.


Technical standards

 

These standards are the schemas or frameworks that enable technical data exchanges between systems. Learn more by checking out blog posts about technical standards.


Links to ISE Guides and Best Practices:

The ISE mission is to:

 

• Advance responsible information sharing to further counterterrorism, homeland security, and counter weapons of mass destrcution missions.

• Improve nationwide decision making by transforming from information ownership to stewardship

• Promote partnerships across federal, state, local, and tribal governments, the private sector, and internationally

 
The ISE drives mission progress along two core focus areas:

 

• Integrating stakeholders into the domestic nexus of national security and public safety

• Enhancing core information sharing frameworks developed, refined, and tested through more than a decade of terrorism-related information sharing

 

Click on the mission areas below to read ISE mission success stories.

 

megaphone-icon

 

State & Regional

laptop-icon

 

Cyber Security

computer-icon

 

Domain Awareness

conversion-icon

 

Interoperability



files-icon

Sensitive but Unclassified

user-icon

Identity, Credential, & Access Management

gavel-icon

Counterterrorism

training-icon

Performance

 

NOTICE: The ISE Core Awareness Training (CAT) is temporarily unavailable.  The CAT supplemental material can be found here.


 

The ISE Core Awareness Training Course is designed for federal agency ISE partners and provides a broad overview of the underpinnings of the ISE, its mission partners, its impact on the Nation’s security, and includes a significantly expanded discussion on privacy, civil rights, and civil liberties protections for the ISE.

 

Upon course completion, you will understand the purpose, process and benefits of information sharing and you will possess the necessary tools to implement information sharing practices on an individual, organizational, and community-wide scale.

 

Information sharing is fast becoming an essential competency in the national security profession. It is currently on track to become a standard employee performance evaluation criteria, and an integral element of agency incentive programs. The ISE Core Awareness Training Course is designed to ensure that you will succeed as an active participant in the world of information sharing.

Together, we can leverage information sharing practices for a safer and more secure America.

FEATURES

HSIN Videos

Homeland Security Information Network users explain how the trusted network supports their homeland security mission operations to share sensitive but unclassified information.

ISE Training

Core Awareness Training provides an overview of the ISE and includes a significantly expanded discussion on privacy, civil rights, and civil liberties protections.

Privacy

ISE mission partners at all levels of government work to put safeguards in place to ensure the protection of privacy, civil rights, and civil liberties of citizens.