OCR of the Document

View the Document >>

Office of the Director of National Intelligence, "Federal Partner Access to Intelligence Community Information Technology Systems," June 16, 2017. Unclassified.

UNCLASSIFIED Federal Partner Access to Intelligence Community Information Technology Systems A AUTHORITY The National Security Act of 1947 as amended The Intelligence Reform and Terrorism Prevention Act of 2004 as amended Executive Order EO 12333 as amended EO 13618 National Cornmunications Systerh Directive 3-10 and other applicable provisions of law B PURPOSE This Intelligence Cornmunity Policy Guidance ICPG 1 Defines the process for Executive agencies or departments that do not contain an embedded Intelligence Cornmunity IC element hereinafter referred to as Federal Partners to access IC information technology IT systems containing Sensitive Compartmented Information SCI in accordance with Intelligence Cornmunity Directive ICD 404 Executive Branch Intelligence Customers 2 Sets forth the implementation procedures for Federal Partners to request and gain access to IC IT systems containing SCI information hereinafter referred to as IC IT systems C APPLICABILITY This Guidance applies to the IC as defined by the National Security Act of 1947 as amended and to such elements of any other department or agency as may be designated an element of the IC by the President or jointly by the Director of National Intelligence DNI and the head of the department or agency concerned D POLICY 1 The IC shall ensure intelligence information and access to SCI systems and data is provided to authorized Federal Partners and their employees The process for a Federal Partner and its employees to request access to IC IT systems is identified in Sections E and F 2 The DNI has designated the Director Central Intelligence Agency D CIA to manage the provision of SCI technology connectivity services and support for Federal Partners as a service of cornmon concern on behalf of the IC 3 The DNI or designee in consultation with D CIA or designee may waive restrictions on the requirement for the D CIA to perform this service of cornmon concern if the Federal Partner already has an existing formal relationship with another IC element that provides this service In such cases the IC element shall have the same service provider responsibilities as the D CIA UNCLASSIFIED UNCLASSIFIED E PROCESS FOR FEDERAL PARTNERS TO REQUEST ACCESS TO IC IT SYSTEMS 1 The Federal Partner through the Federal Senior Intelligence Coordinator FSIC is responsible for identifying a need for access to IC IT systems and for submitting an official request for access to the Assistant Director of National Intelligence fOl Partner Engagement ADNVPE Federal Partners that do not have a FSIC must use their official representative to the IC to submit the request to the ADNVPE 2 The ADNVPE shall review the official request within 30 days of receipt from the Federal Partner and determine if the requesting agency has sufficient mission need to warrant access to IC IT systems 3 Provided the ADNVPE approves the Federal Partner' s mission justification for IC IT access the ADNVPE shall submit the application to the Information Security Risk Management Committee ISRMC and D CIA or designee concurrently Each entity shall respond to ADNVPE with their approval or denial within 60 days of receipt of the ADNVPE's approval of the official request a The ISRMC will review the security of the IC I system and submit a recommendation to the IC Chief Information Officer CIO who will approve or deny the request b The D CIA or designee shall confirm that counterintelligence and physical security standards are met by the Federal Partner in accordance with EO 13526 Classified National Security Injormation ICD 703 Protection oj Classijied National Intelligence Including Sensitive Compartmented Injormation and ICD 705 Sensitive Compartmented Injormation Fac ilities 4 Provided the D CIA or designee confirms physical security standards are met including authorizing co-use of an existing SCI facility SCIF or creation of a new SCIF and the IC CIO approves the request then the application will be forwarded to the ADNIIPE to notify the D CIA or designee to initiate the process for the Federal Partner to receive access to IC I systems If the IC CIO or D CIA or designee denies the application then the Federal Partner will not be granted access to IC I systems 5 The ADNVPE must inform the Federal Partner within 120 days of receipt of the official request if their request was approved or denied a If the ADNVPE denies the application as discussed in Section E 2 the Federal Partner has the right to appeal the decision to the Deputy Director of National Intelligence for Intelligence Integration DDNVII b If the IC CIO denies the application or D CIA or designee indicates physical security standards are not met as discussed in Section E 3 -4 then the Federal Partner has the right to appeal the decision A governance board composed of the DDNVII IC CIO and the ADNVPE in consultation with CIA as the Cognizant Security Authority in accordance with ICD 703 shall review the official appeal within 60 days of receipt and all three members of the governance board must approve the application for the Federal Partner to receive access to IC I systems 2 UNCLASSIFIED UNCLASSIFIED ICPG 404 1 6 Federal Partners that were granted access to IC IT systerns prior to the effecti ve date of this Guidance will not need to subrnit an application via the process outlined in Section E however Federal Partners will be required to subrnit a renewal application as outlined in Section H F PROCESS FOR EMPLOYEES OF FEDERAL PARTNERS TO REQUEST ACCESS TO IC IT SYSTEMS The FSIC or official representative to the IC if the Federal Partner does not have a FSIC is responsible for norninating to the D CIA or designee their respective agency's or departrnent's employees for access to IC IT systerns The D CIA or designee will approve or deny the request and will verify the applicant has access to SCI and provide network account access within 30 days of receiving the official nomination if the applicant has SCI access If the applicant does not have SCI access the applicant rnust follow the process in ICD 703 and ICD 704 Personnel Security Standards and Procedures Governing Eligibility jor Access to Sensitive Compartmented Injormation and ther Controlled Access Program Injormation to gain access G PROCESS FOR EMPLOYEES OF FEDERAL PARTNERS TO REQUEST ACCESS TO DATA ON IC IT SYSTEMS 1 The Federal Partner and its employees must receive access to IC IT systerns prior to receiving access to data on IC IT systerns The originating elernent will grant or deny access to its data on IC IT systerns only after receiving an official request frorn the FSIC norninating their ernployees for access to restricted or account-required applications or data 2 The originating elernent rnust receive confirrnation frorn the Federal Partner that all applicable safeguarding requirernents in law and policy are rnet prior to gaining access to the data These requirernents rnay include classification privacy requirements training or other handling restrictions H PROCESS FOR FEDERAL PARTNERS AND THEIR EMPLOYEES TO RENEW ACCESS TO IC IT SYSTEMS 1 Federal Partners rnust have their access to IC IT systerns renewed every five years The FSIC shall subrnit a renewal application to the ADNIIPE who shall review the rnission need and coordinate with the IC CIO and D CIA or designee to verify the security of SCI networks 2 Federal Partners that were previously granted access to IC IT networks and did not receive approval frorn the IC CIO for SCI connectivity rnust have their renewal application reviewed by the ISRMC and approved by the IC CIO at their first renewal no later than five years frorn the effective date of this Guidance in coordination with the ADNIIPE 3 Ernployees of Federal Partners rnust have their access to IC IT systerns renewed every three years at a rninirnurn through their ernploying agency and confirrned by the D CIA or designee The FSIC should subrnit a renewal application to the D CIA or designee who shall review the rnission need 1 PROCESS FOR AUDITING AND MONITORING FEDERAL PARTNERS AND THEIR EMPLOYEES' USE OF IC IT SYSTEMS 1 The D CIA or designee shall a Make available to the Federal Partner audit data on their ernployees' usel activities on IC IT systerns as described in Intelligence Cornrnunity Standard ICS 500-27 Collection and 3 UNCLASSIFIED UNCLASSIFIED ICPG 404 1 Sharing oj Audit Data and ICS 700-2 Use oj Audit Datajor Insider Threat Detection The FSIC 01 official representative if the Federal Partner does not have a FSIC is responsible for ensuring the review of the audit data and the reporting of any violations or abnormalities to the D CIA or designee b Monitor Federal Partners' compliance with ICD 703 ICD 704 and ICD 705 and report any variance to the ADNIIPE and c Monitor Federal Partners' compliance with ICD 502 Integrated Dejense ojthe Intelligence Community Injormation Environment and ICD 503 Intelligence Community Injormation Technology Systems Security Risk Management to include data handling procedures and report any variance to the ADNIIPE 2 IC elements shall ensure the monitoring of activities by employees of Federal Partners on the IC element' s applications in accordance with Executive Order 13587 Structural Rejorms To Improve the Security oj Classified Networks and the Responsible Sharing and Sq eguarding oj Classified Injormation and the Presidential Memorandum National Insider Threat Policy and Minimum Standards jor Executive Branch Insider Threat Programs and report any variance to the FSIC and the D CIA or designee The monitoring may include recurring manual or automated review of content produced discovered processed or received and shall support insider threat rnitigation functions J ROLES AND RESPONSIBILITIES 1 The ADNIIPE shall a Publish the application and renewal forms for Federal Partners and their employees to request access to IC IT systems within 30 days of issuance of this Guidance and make the application forms readily available to IC elements and Federal Partners b Compile a comprehensive list of all Federal Partners with IC IT system access update the list annually and disserninate to IC elements upon request c Compile and retain a comprehensive list of all Federal Partners that requested IC IT access but were denied and update the list annually and d Notify the Federal Partner at least 90 days before their application for renewal of access to IC IT systems is due 2 The IC CIO shall include data on Federal Partners' use of IC IT systems in their report to the DNI on the status of the integrated defense of the IC information environment as required in ICD 502 3 The D CIA as the provider of this service of common concern shall a Provide the ADNIIPE an annuallist of all the employees of Federal Partners who have been granted or denied access to IC IT systems b Monitor employees of Federal Partners' activities on SCI networks to ensure access is consistent with U S legal and policy requirements and report any variance to the relevant FSIC and ODNI 4 UNCLASS IFIED UNCLASSIFIED ICPG 404 1 c Establish a memorandum of understanding reviewed annually delineating responsibilities performed by CIA and the Federal Partner for IC IT access and make this document available to IC elements upon request and d In coordination with the ADNUPE develop a financial agreement with each Federal Partner that receives IC IT systems based on the services provided as required K EFFECTIVE DATE This Policy Guidance becomes effective on the date of signature tZ i Ju I 24'1 Director of National Intelligence 5 UNCLASSIFIED                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu