DCID - Director of Central Intelligence Directive 6/3
Helping Federal Agencies Meet IT Security Mandates for Protecting Intelligence Data
The Challenge
Protecting intelligence information is vital to our national security. The DCID 6/3 standard establishes the procedures required for the proper management of sensitive and classified information to ensure its confidentiality, integrity and availability.
For government and commercial organizations that transmit, process and store intelligence information, DCID 6/3 require agencies to develop, implement, and maintain a System Security Plan (SSP) over time. Critical elements of any successful SSP include the continuous gathering of system event information, regular activity-log reviews from all security-relevant elements, and the long-term protected storage of the information. Performing such actions manually is costly and impractical; an automated solution is the only reasonable answer.
The Solution
Sentinel has been accepted as a valid solution for meeting auditing requirements for systems accredited up to and including Protection Level 3. Sentinel can monitor system activity, aggregate and report critical event data against the DCID 6/3 requirements, and help track remediation efforts when a system goes out of compliance, ensuring Federal agencies and their contractors that their secure systems are DCID 6/3 compliant and remain that way.
With its ability to support large, complex and disparate technology environments that generate thousands of event records per second, Sentinel addresses the nine Audit categories across each of the five DCID 6/3 Protection Levels, enabling you to demonstrate proof that your organization is monitoring IT controls for effectiveness.
| Audit Group | Associated Protection Levels | Novell Solution |
| Audit 1 | PL-1, PL-2, PL-3, PL-4, PL-5 | Sentinel can ensure that all audit data includes date/time, network location, impacted systems and actions associated with the event. Sentinel captures data associated with logons and logoffs, access attempts to security-relevant objects and directories, and all activities at the system console by privileged and non-privileged users. Sentinel captures and stores audit trail data for weekly review, and also prepares data for long-term (5-year) storage. |
| Audit 2 | PL-2 | Sentinel tracks all actions (events) within designated system(s) and can associate users to those actions to establish individual accountability. Sentinel captures the output of pen testing tools and intrusion detection devices to enable regular review of IT controls. |
| Audit 3 | PL-2, PL-3, PL-4, PL-5 | Sentinel software is an audit reduction and analysis tool. |
| Audit 4 | PL-3 | If access control system is automated, Sentinel enables the creation of an audit trail that captures changes to the mechanism's list of user access permissions. |
| Audit 5 | PL-3, PL-4 | Sentinel captures the output of pen testing tools and intrusion detection devices to enable regular review of IT controls. (see also Audit 2) |
| Audit 6 | PL-4, PL-5 | Sentinel collects activity log data that supports tracking of:
|
| Audit 7 | PL-4 | Sentinel monitors auditable events in real-time, and can be configured to the ISSO to violations of security policies. Sentinel can initiate a response and recovery workflow, which tracks security incidents from notification through resolution. |
| Audit 8 | PL-5 | Sentinel captures the output of pen testing tools and intrusion detection devices to enable regular review of IT controls. (see also Audit 2) |
| Audit 9 | PL-5 | (see also Audit 8) |