The following document was released by the White House on December 19, 2012.
National Strategy for Information Sharing and Safeguarding
- 24 pages
- December 2012
Our national security depends on our ability to share the right information, with the right people, at the right time. This information sharing mandate requires sustained and responsible collaboration between Federal, state, local, tribal, territorial, private sector, and foreign partners. Over the last few years, we have successfully streamlined policies and processes, overcome cultural barriers, and better integrated information systems to enable information sharing. Today’s dynamic operating environment, however, challenges us to continue improving information sharing and safeguarding processes and capabilities. While innovation has enhanced our ability to share, increased sharing has created the potential for vulnerabilities requiring strengthened safeguarding practices. The 2012 National Strategy for Information Sharing and Safeguarding provides guidance for effective development, integration, and implementation of policies, processes, standards, and technologies to promote secure and responsible information sharing.
Our responses to these challenges must be strategic and grounded in three core principles. First, in treating Information as a National Asset, we recognize departments and agencies have achieved an unprecedented ability to gather, store, and use information consistent with their missions and applicable legal authorities; correspondingly they have an obligation to make that information available to support national security missions. Second, our approach recognizes Information Sharing and Safeguarding Requires Shared Risk Management. In order to build and sustain the trust required to share with one another, we must work together to identify and collectively reduce risk, rather than avoiding information loss by not sharing at all. Third, the core premise Information Informs Decisionmaking underlies all our actions and reminds us better decisionmaking is the purpose of sharing information in the first place. The Strategy focuses on achieving five goals:
1. Drive Collective Action through Collaboration and Accountability. We can best reach our shared vision when working together, using governance models that enable mission achievement, adopting common processes where possible to build trust, simplifying the information sharing agreement development process, and supporting efforts through performance management, training, and incentives.
2. Improve Information Discovery and Access through Common Standards. Improving discovery and access involves developing clear policies for making information available to approved individuals. Secure discovery and access relies on identity, authentication, and authorization controls, data tagging, enterprise-wide data correlation, common information sharing standards, and a rigorous process to certify and validate their use.
3. Optimize Mission Effectiveness through Shared Services and Interoperability. Efforts to optimize mission effectiveness include shared services, data and network interoperability, and increased efficiency in acquisition.
4. Strengthen Information Safeguarding through Structural Reform, Policy, and Technical Solutions. To foster trust and safeguard our information, policies and coordinating bodies must focus on identifying, preventing, and mitigating insider threats and external intrusions, while departments and agencies work to enhance capabilities for data-level controls, automated monitoring, and cross-classification solutions.
5. Protect Privacy, Civil Rights, and Civil Liberties through Consistency and Compliance. Integral to maintaining the public trust is increasing the consistency by which we apply privacy, civil rights, and civil liberties protections across the government, building corresponding safeguards into the development of information sharing operations, and promoting accountability and compliance mechanisms.
As we execute the Strategy together, we will harness our collective resolve to treat information as a national asset, make it discoverable and retrievable by all authorized users, and arm those charged with preserving the security of our Nation. Only as we work together, hold ourselves accountable, and take concerted ownership of advancing our goals, will we achieve the safety and success our country rightfully demands and fully deserves.
The following objectives capture the highest five priorities of the Administration in achieving the information sharing and safeguarding goals of this Strategy.
1. Align information sharing and safeguarding governance to foster better decisionmaking, performance, accountability, and implementation of the Strategy’s goals.
2. Develop guidelines for information sharing and safeguarding agreements to address common requirements, including privacy, civil rights, and civil liberties, while still allowing flexibility to meet mission needs.
3. Adopt metadata standards to facilitate federated discovery, access, correlation, and monitoring across Federal networks and security domains.
4. Extend and implement the FICAM Roadmap across all security domains.
5. Implement removable media policies, processes and controls; provide timely audit capabilities of assets, vulnerabilities, and threats; establish programs, processes and techniques to deter, detect and disrupt insider threats; and share the management of risks, to enhance unclassified and classified information safeguarding efforts.
Additional Priority Objectives
The remaining objectives represent additional priority activities for departments, agencies, and other stakeholders to advance the goals of this Strategy.
6. Define and adopt baseline capabilities and common requirements to enable data, service, and network interoperability.
7. Provide information sharing, safeguarding, and handling training to appropriate stakeholders using a common curriculum tailored to promote consistent, yet flexible, and trusted processes.
8. Define and implement common processes and standards to support automated policy-based discovery and access decisions.
9. Establish information sharing processes and sector specific protocols, with private sector partners, to improve information quality and timeliness and secure the nation’s infrastructure.
10. Develop a reference architecture to support a consistent approach to data discovery and correlation across disparate datasets.
11. Implement the recommendations and activities of the Federal IT Shared Services Strategy among appropriate stakeholders to facilitate adoption of shared services.
12. Refine standards certification and conformance processes enabling standards-based acquisition among departments and agencies, standards bodies, and vendors to promote interoperable products and services.
13. Promote adherence to existing interagency processes to coordinate information sharing initiatives with foreign partners, as well as adopt and apply necessary guidelines, consistent with statutory authorities and Presidential policy to ensure consistency when sharing and safeguarding information.
14. Create a common process across all levels of government for Requests for Information, Alerts, Warnings, and Notifications to enable timely receipt and dissemination of information and appropriate response.
15. Complete the implementation of the NSI programs in the National Network of Fusion Centers and Federal entities while expanding training and outreach beyond law enforcement to the rest of the public safety community.
16. Achieve the four Critical Operational Capabilities, four Enabling Capabilities, and other prioritized objectives, across the National Network of Fusion Centers to enable effective and lawful execution of their role as a focal point within the state and local environment for the receipt, analysis, gathering and sharing of threat-related information.
National security stakeholders across the government, guided by our shared Principles, can now act in concert to accomplish these priority objectives and build implementation plans to realize the goals of this Strategy. As we execute the Strategy together, we will harness our collective resolve to treat information as a national asset, make it discoverable and retrievable by all authorized users, and arm those charged with preserving the security of our nation with all information available to drive decisions that protect our country and its people. Only as we work together, hold ourselves accountable, and take concerted ownership of advancing our goals, will we achieve the success our country rightfully demands and fully deserves.