Certification, Data security, Technology

What is DCID 6/3

DCID6/3 schemeStanding for “Director of Central Intelligence Directive section 6, part 3”, DCID 6/3 represents the C&A (certification and accreditation) methodology used on intelligence projects by federal agencies like the C.I.A. Anyone working on such projects must have SCI clearance (SCI stands for Sensitive Compartmentalized Information). Before DCID 6/3 come to life, another accreditation process was in use-the DCID 1/16.

Dealing with classified information only (as opposed to NIST), DCID 6/3 is based on C&A performed on information systems that use Protection Levels and defines 5 such levels. They are based on an information system's assessed level of concern. They are ranged from PL1 to PL5 in accordance with the level of concern ranging from low to high.

The DCID methodology ensures only cleared, authorized individuals have access to the classified information. Even though DCID is intended to work with classified information only, any company, organization or private agency can actually customize and implement it while is publicly available on the Internet. For anybody interested in the DCID 6/3 documentation, it can be found on the FAS (Federation of American Scientists) website at-www.fas.org/irp/offdocs/dcid-6-3-manual.pdf

In order to implement the DCID certification and accreditation standards, a company must comply with the implementation policy. This is also publicly available on the Internet: www.fas.org/irp/offdocs/DCID_6-3_20Policy.htm. The implementation policy of DCID 6/3 focuses on data encryption and physical security of the information. Is this what really sets apart the C&A under DCID from other forms of accreditation and certification.

A post by Kidal Delonix (3105 Posts)

Kidal Delonix is author at LeraBlog. The author's views are entirely his/her own and may not reflect the views and opinions of LeraBlog staff.
Chief editor and author at LERAblog, writing useful articles and HOW TOs on various topics. Particularly interested in topics such as Internet, advertising, SEO, web development, and business.

One Comment

  1. Why are we still talking DCID 6/3, when it was superseded in 2007? Why oh why can’t we learn to say ICD 503?

    When will the DNI rise to the occasion and say, “Hey, I’m the DIRECTOR of National Intelligence. If you want to accredit an intelligence system, you will use ICD 503; you will use this template; and NO, you may not change it.”

Do you have any questions? Please ask.