The Director of Central Intelligence Directive (DCID) 6/3 outlines the security requirements that must be met before an Information System (IS) can be accredited to process Sensitive Compartmented Information (SCI). An IS includes any telecommunications and/or computer-related equipment or interconnected system or subsystems of equipment that is used in the acquisition, storage, processing, management, movement, control, display, switching, interchange, transmission, or reception of voice and/or data (digital or analog); it also includes software, firmware, and hardware.
Tapestry IA Practitioners can assist in determining the appropriate set of technical and non-technical safeguards necessary for a System to be DCID 6/3 compliant and accredited. Tapestry specifically offers the following services:
- Administrative, Procedural, Environmental, Physical and Personnel Security Requirements
- Certification and Accreditation
- Determination of the Appropriate Levels of Concern and Protection
- Identification of the Interconnection System Requirements
- Specification of Technical Security and Assurance Requirements
- Determination of the Required Documentation and Testing Activities
- Draft of an Appropriate Systems Security Plan
- Validation of Current Security Posture
- Forwarding of the Certification Package to the Cognizant Designated Accrediting Authority (DAA)