RMF in the Intelligence Community (IC)

The IC is comprised of 16 organizations (see list below) that are collectively involved in the Nation’s intelligence gathering and analysis activities, under the overarching guidance of the Director of National Intelligence (DNI). Information systems that process intelligence information have traditionally undergone Certification and Accreditation (C&A) in accordance with Director of Central Intelligence Directive (DCID) 6/3.

In 2008, the DNI issued Intelligence Community Directive (ICD 503) , in which DCID 6/3 was “rescinded and replaced” by a process based on “standards, policies and guidelines approved by either or both NIST and CNSS”. Thus began the transformation of the IC C&A program to RMF.

Our RMF for Federal Agencies program covers the NIST and CNSS publications that form the basis of the new IC risk management process. Additionally, RMF Resource Center is developing an ICD 503 Training program that specifically addresses transition of IC C&A from DCID 6/3 to RMF. Contact us for more information on this training program, which is scheduled for rollout in the future.

IC Agencies

  • Central Intelligence Agency (CIA)
  • Defense Intelligence Agency (DIA)
  • Department of Energy Office of Intelligence & Counterintelligence
  • Department of Homeland Security Office of Intelligence & Analysis
  • Department of State Bureau of Intelligence & Research (INR)
  • Department of Treasury Office of Intelligence & Analysis (OIA)
  • Drug Enforcement Administration Office of National Security Intelligence (NN)
  • Federal Bureau of Investigation National Security Branch (NSB)
  • National Geospatial-Intelligence Agency (NGA)
  • National Reconnaissance Office (NRO)
  • National Security Agency/Central Security Service (NSA/CSS)
  • US Air Force Intelligence
  • US Army Intelligence
  • US Coast Guard Intelligence
  • US Marine Corps Intelligence
  • US Navy Intelligence