DCID 6/3 Availability High report
This report analyzes the results of the web application scan to detect possible violations of the availability requirements for systems operating in the high protection level outlined in Chapter 6 of the "Protecting Sensitive Compartmented Information within Information Systems" Manual. It will help you detect possible violations of the requirements presented in steps 3, 4, 5 and 8 of the accreditation process. The "high" level means that information must always be available upon request, with no tolerance for delay. Loss of availability might result in loss of life, adversely affect national interests or breach confidentiality.
Why it matters
This U.S. federal directive establishes the security policy and procedures for storing, processing, and communicating classified intelligence information in information systems. Because intelligence information is a vital asset to the effective performance of U.S. national security roles, it is essential that this information be properly managed, and that its confidentiality, integrity, and availability be ensured.
This policy applies to all United States government organizations, their commercial contractors, and Allied governments' ISs that process, store, or communicate intelligence information.
Accreditation process
The "Protecting Sensitive Compartmented Information Within Information Systems" Manual issued by the DCI provides 11 steps required for accreditation of an Information System. These steps are:
- Determine Level of Concern
- Determine Protection Level
- Determine Interconnected System Requirements
- Identify Technical Security and Assurance Requirements
- Determine Required Documentation and Testing Activities
- Write the System Security Plan
- Validate Security in Place
- Testing against Security Requirements
- Prepare Certification Package
- Forward Certification Package
- Accreditation Decision by the DAA