DCID 6/3 Compliance

The Director of Central Intelligence Directive (DCID) 6/3 establishes the security policy and procedures for storing, processing, and communicating classified intelligence information in information systems. To achieve compliance with DCID 6/3, agencies must ensure that information is safeguarded at all times and that appropriate security measures are in place to ensure the confidentiality, integrity and availability of that information.

Lumension Endpoint Security and Vulnerability Management Solutions Enable Agencies to Comply with DCID 6/3

Lumension’s Endpoint Security and Vulnerability Management Solutions ensure that agency information is secured in compliance with DCID 6/3 requirements.

Lumension® Data Protection, Lumension® Endpoint Protection and Lumension® Vulnerability Management Solutions ensure that agency information is secured in compliance with DCID 6/3 requirements.

Lumension’s solutions ensure the confidentiality and integrity of agency data by:

Enforcing granular application and removable device usage policies
Enforcing encryption when data is copied to removable media
Providing detailed auditing information including the flow of data read from or written to a removable device and all application and device access attempts, including administrator actions
Discovering all enterprise IT assets and vulnerabilities and providing actionable information
Remediating vulnerabilities to ensure that system and data exposure is minimized
Enterprise-wide reporting of all patch and remediation activities to ensure that desired security postures are maintained

Lumension’s security management solutions include:

Lumension® Application Control - Policy-based enforcement of application use to secure your endpoints from malware, spyware and unwanted or unlicensed software.
Lumension® Device Control - Policy-based enforcement of removable device use to control the flow of inbound and outbound data from your endpoints.
Lumension® Patch and Remediation - Proactive management of threats through automated collection, analysis, and delivery of patches (all major operating systems and applications) across heterogeneous networks.
Lumension® Scan - Complete network-based scanning solution enables assessment and analysis of threats impacting all network devices.
Lumension® Security Configuration Management - Out-of-the-box regulatory and standards-based assessment to ensure endpoints are properly configured.
Lumension® Enterprise Reporting - Robust data warehouse that enables easy creation and sharing of reports on all aspects of your remediation efforts in support of policy compliance.
Lumension® Content Wizard - Create custom remediation packages to address configuration issues, remove unauthorized files and applications, address Zero-day threats, patch custom software and more.

Through vulnerability assessment, remediation and endpoint control, Lumension’s solutions complement an organization’s DCID 6/3 compliance strategy by implementing the proper safeguards around the confidentiality, integrity and availability of intelligence information:

DCID 6/3 Requirements	How Lumension Solutions Address DCID 6/3 Requirements
Intelligence information shall be appropriately safeguarded at all times, including when used in information systems, which shall be protected. Safeguards shall be applied such that: (1) individuals are held accountable for their actions (2) information is accessed only by authorized individuals and processes (3) information is used only for its authorized purpose(s) (4) information retains its content integrity (5) information is available to satisfy mission requirements (6) information is appropriately marked and labeled	Lumension’s Endpoint Security and Vulnerability Management solutions ensure that intelligence information is appropriately safeguarded: Lumension’s Security Management Solutions ensure that intelligence information is appropriately safeguarded: Assure user compliance with endpoint security policies governing application and device control. Detailed auditing capabilities ensure that individuals are held accountable for their actions with regards to application and removable device usage. Enable temporary or scheduled removable device access per established policies. Record filename or complete file that is read from and/or written to a removable device to contain data leakage. Enable agencies to define and enforce policies regarding which users or user groups have access to specific applications and/or removable devices. Enforce granular device control permission settings, including read/write, scheduled access, temporary access, online/offline, I/O bus type, HDD/non-HDD devices and more. Prevent unwanted and malicious code from executing on agency systems, protecting content and system integrity. Discover IT assets that are vulnerable to exploitation Remediate vulnerabilities rapidly to prevent systems and data from being exposed Automatically enforce mandatory baselines across agency endpoints to ensure that critical vulnerabilities are patched
Appropriate security measures shall be implemented to ensure the confidentiality, integrity, and availability of that information. The mix of security safeguards selected for systems that process intelligence information shall ensure that the system meets the policy requirements set forth in this policy and its implementation manual. a. Information systems security shall be an integral part of all system life-cycle phases for all systems. b. The security of systems shall be reviewed whenever changes occur to missions, information systems, security requirements, or threat, and whenever there are significant adverse changes to system vulnerabilities. c. Appropriate authorities, as defined in the Manual, shall be immediately notified of any threats or vulnerabilities impacting systems that process their data. d. All ISs are subject to monitoring consistent with applicable laws and regulations, and as provided for by agency policies, procedures, and practices. As a minimum, monitoring will assess the adequacy of the confidentiality, integrity, and availability controls.	Lumension’s Security Management Solutions ensure the confidentiality, integrity and availability of intelligence information: Enable only authorized applications or removable devices to be accessed on agency machines. Secure sensitive agency data by encrypting data that is moved onto a removable device. Remove the risk of large pieces of confidential data leaving the network by enabling restrictions on the amount of data copied to a removable device on a per-user basis Reduce risk on unwanted files from entering or leaving the network by controlling the types of files that are moved to or from removable devices. Assure consistent monitoring and reporting of application and device usage or attempts by authorized and unauthorized users, including administrator actions. Record filename or complete file that is read from and/or written to a removable device to contain data leakage. Discover IT assets that are vulnerable to exploitation Remediate vulnerabilities rapidly to prevent systems and data from being exposed Automatically enforce mandatory baselines across agency endpoints to ensure that critical vulnerabilities are patched

DCID 6/3 Requirements

How Lumension Solutions Address DCID 6/3 Requirements

Intelligence information shall be appropriately safeguarded at all times, including when used in information systems, which shall be protected. Safeguards shall be applied such that:

(1) individuals are held accountable for their actions
(2) information is accessed only by authorized individuals and processes
(3) information is used only for its authorized purpose(s)
(4) information retains its content integrity
(5) information is available to satisfy mission requirements
(6) information is appropriately marked and labeled

Lumension’s Endpoint Security and Vulnerability Management solutions ensure that intelligence information is appropriately safeguarded:

Lumension’s Security Management Solutions ensure that intelligence information is appropriately safeguarded:

Assure user compliance with endpoint security policies governing application and device control. Detailed auditing capabilities ensure that individuals are held accountable for their actions with regards to application and removable device usage.
Enable temporary or scheduled removable device access per established policies.
Record filename or complete file that is read from and/or written to a removable device to contain data leakage.
Enable agencies to define and enforce policies regarding which users or user groups have access to specific applications and/or removable devices.
Enforce granular device control permission settings, including read/write, scheduled access, temporary access, online/offline, I/O bus type, HDD/non-HDD devices and more.
Prevent unwanted and malicious code from executing on agency systems, protecting content and system integrity.
Discover IT assets that are vulnerable to exploitation
Remediate vulnerabilities rapidly to prevent systems and data from being exposed
Automatically enforce mandatory baselines across agency endpoints to ensure that critical vulnerabilities are patched

Appropriate security measures shall be implemented to ensure the confidentiality, integrity, and availability of that information. The mix of security safeguards selected for systems that process intelligence information shall ensure that the system meets the policy requirements set forth in this policy and its implementation manual.

a. Information systems security shall be an integral part of all system life-cycle phases for all systems.
b. The security of systems shall be reviewed whenever changes occur to missions, information systems, security requirements, or threat, and whenever there are significant adverse changes to system vulnerabilities.
c. Appropriate authorities, as defined in the Manual, shall be immediately notified of any threats or vulnerabilities impacting systems that process their data.
d. All ISs are subject to monitoring consistent with applicable laws and regulations, and as provided for by agency policies, procedures, and practices. As a minimum, monitoring will assess the adequacy of the confidentiality, integrity, and availability controls.

Lumension’s Security Management Solutions ensure the confidentiality, integrity and availability of intelligence information:

Enable only authorized applications or removable devices to be accessed on agency machines.
Secure sensitive agency data by encrypting data that is moved onto a removable device.
Remove the risk of large pieces of confidential data leaving the network by enabling restrictions on the amount of data copied to a removable device on a per-user basis
Reduce risk on unwanted files from entering or leaving the network by controlling the types of files that are moved to or from removable devices.
Assure consistent monitoring and reporting of application and device usage or attempts by authorized and unauthorized users, including administrator actions.
Record filename or complete file that is read from and/or written to a removable device to contain data leakage.
Discover IT assets that are vulnerable to exploitation
Remediate vulnerabilities rapidly to prevent systems and data from being exposed
Automatically enforce mandatory baselines across agency endpoints to ensure that critical vulnerabilities are patched

DCID 6/3 Compliance

Lumension Endpoint Security and Vulnerability Management Solutions Enable Agencies to Comply with DCID 6/3

Next Steps

Newest Resources

Related Videos

Solutions

It's Time to Think New