Abstract

Civilian agencies follow the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). It addresses the concern for Controlled, but Unclassified Information (CUI). The Department of Defense (DoD) will start using the DoD RMF shortly. It addresses DoD’s Global Information Grid (GIG) that includes one unclassified network and three classified networks. The Intelligence Community (IC) Directive 503 (ICD 503) identifies its own unique approach. It minimizes the IC-specific guidance and addresses the security issues associated with interconnected systems.

Each of these methodologies drives FISMA compliance for its respective community. Each recognizes unique requirements. ...