Home > Compliance > DCID 6/3 Compliance
Print PagePrint this Page

DCID 6/3 Compliance


What is DCID 6/3?
On June 5, 1999, the Director of Central Intelligence issued directive 6/3 (DCID 6/3) titled "Protecting Sensitive Compartmented Information Within Information Systems." It establishes the security policy and procedures for storing, processing, and communicating classified intelligence information in information systems. An implementation manual corresponding to DCID 6/3 was published on May 24, 2000.

Who is affected by DCID 6/3?
The directive applies "to all United States government organizations', their commercial contractors', and Allied governments' information systems that process, store, or communicate intelligence information."

What are the requirements of DCID 6/3?
Because intelligence information is vital to the effective performance of national security roles, it is essential that this information be properly managed, and that its confidentiality, integrity, and availability be ensured.

To that end, DCID 6/3 advocates the use of NSA-approved cryptography:
"Cryptography is a critical tool used to protect confidentiality of data, to assure the authenticity of information, and to detect the alteration of information." (1.G.1)
"Cryptography may also be used to separate compartments or protect 'need-to-know' among cleared users on classified systems." (1.G.2) The directive requires systems to have specific features in place to operate at certain Protection Levels (1-5). These include access controls, identification and authentication procedures, data storage and transmission methods, and more.
Data Transmission. Regarding the transmission of intelligence data, DCID 6/3 mandates the implementation of data protection schemes. At all Protection Levels, approved data protection methods include the distribution of information "using NSA-approved encryption mechanisms appropriate for the classification of the information."
Separation of Data. DCIC 6/3 also mandates that "information transmissions of different security levels shall be segregated from each other" and lists encryption as a method for separating the data.
How do organizations comply with DCID 6/3?
All systems must be certified and accredited in compliance with the requirements stated in the associated implementation manual. The compliance process consists of interdependent phases and steps whose scope and specific activities vary with the information system being certified and accredited.

To protect intelligence data in motion, DCID 6/3 compliance requires information systems that deliver robust encryption and separation of the data.

What are the penalties for DCID 6/3 non-compliance?
Failure to comply with DCID's data security provisions could jeopardize government contracts.

How does CipherOptics help?
CipherOptics CipherEngine assures the confidentiality, authenticity, and integrity of data in motion on any network. Our approach to protecting both your network and your data is to deny access to everyone, permit by exception. With that as our driving force, our solutions provide you with both encryption and authentication of all your critical information on the LAN or Wireless LAN.

Using powerful 256-bit AES encryption that is approved by the NSA for "sensitive" information, CipherOptics network encryption appliances authenticate networks and packets and protect data. Using the robust secure hash algorithm SHA-1, our network encryptors verify the integrity of the data, rejecting any packets that have been manipulated or altered. Secure hash also thwarts unauthorized intrusion at the network level. The network encryptor's deterministic firewall feature can reject any packets that lack the proper encryption-based authentication of a trusted endpoint. This effectively blocks all unauthenticated traffic from outside the network.

In support of DCID 6/3, CipherOptics CipherEngine can also use encryption to separate data of different security levels that travel on the same network (cryptographic segmentation).

CipherOptics network encryptors are FIPS-140-2-compliant and available on government buying vehicles. They are field-proven in some of the most security-conscious networks in the world, and are the preferred solution of many agencies for securing high-speed IP networks. Customers include the Social Security Administration, Department of Energy, Department of Agriculture, the U.S. Coast Guard, NASA, U.S. Army and the National Security Agency.

To discuss how CipherOptics can help you can comply with DCID 6/3, call 1-877-878-6655 and speak directly with a CipherOptics encryption specialist or feel free to ask us a question.

Learn More About:
Scope of Audit Reduction
Application Domain Security
Network Encryption

Helpful Resources
DCID 6/3 Policy
DCID 6/3 Manual