News release: “A groundbreaking new policy from the Office of the Director of National Intelligence changes how the intelligence community and, by influence, the entire federal government will build, validate and approve information technology systems. The policy requires common security controls and risk management procedures – a unified approach to enhance collaboration. Intelligence Community Directive 503 covers a lot of ground, but two key details stand out: There will be a single certification and accreditation process, which means all systems must follow the same authorized security requirements. Systems managers, the policy adds, should accept security risks when necessary to yield a decision advantage from timely and accurate intelligence. Those measures will make it easier for the IC to adopt cutting-edge technology. They also foster reciprocity as well as information sharing. If one IC element certifies a system or major application, then others in the community can trust that it is secure without spending more time and money to duplicate tests.”