In accordance with CNSSP No. 22, “Information Assurance Risk Management Policy for National Security Systems” and the strategy established by the Comprehensive National Cybersecurity Initiative (CNCI), this Directive assigns responsibilities, and establishes the minimum criteria for the development and deployment of capabilities for the protection of National Security Systems (NSS), as defined in Reference d, from supply chain risk.
Threats to Federal information systems are rising as demands for sharing of information and intelligence between Federal Departments and Agencies increase. It is essential that the Federal Government devise an approach that addresses both challenges without compromising the ability to achieve either objective. Developing a common governance framework and set of Identity, Credential, and Access Management (ICAM) capabilities that enhance the security of our systems by ensuring that only authorized persons and systems from different Federal components have access to necessary information is a high priority. The Federal Identity, Credential and Access Management (FICAM) Roadmap and Implementation Guidance was developed to address the need for secure information sharing capabilities across the breadth of the Federal Government.
Over the past ten years, the Federal Government has made concerted advances in the development and implementation of Identity, Credential, and Access Management (ICAM). This progress includes capabilities designed to promote interoperability, assured information sharing, and efficiencies of scale across all agencies within the Federal Government. Recently, several high-visibility events have focused attention on classified networks with a renewed emphasis on information protection within the information sharing paradigm. Organizations must strive to ensure responsible sharing and safeguarding of classified information by employing advanced capabilities that enable a common level of assurance in information handling and sharing while ensuring the interoperability required to satisfy mission requirements.
The Committee on National Security Systems (CNSS) is issuing this policy to help agencies better safeguard National Security Information (NSI) during wireless transmission and delivery, while stored on mobile systems, and while stored on fixed systems that can be accessed by wireless media. It addresses the use of wireless technologies in areas where NSI is discussed or processed. It also assigns responsibilities for improving the security posture of the Executive Departments and Agencies (D/A), and provides references for a minimum set of security measures required for the use of wireless technologies in a national security environment.