ISE Management Plan

The ISE Management Plan provides tools and info that can help agencies and organizations responsibly share information.

1 Governance and Policy

Governance and policy are used to drive the ISE toward coordinated and integrated resources and successfully implementing of the objectives of the National Strategy. Success depends upon all ISE partners participating in ISE governance processes and adopting or aligning policies that will ensure that we are working together in our implementation efforts, at all levels of government and in the private sector.

1.1 Governance

Governance facilitates sharing and safeguarding of information by providing structure for the development and implementation of policy. The two primary senior governance bodies for ISE Stakeholders are the Information Sharing and Access Interagency Policy Committee (ISA IPC) and the Senior Information Sharing and Safeguarding Steering Committee (Steering Committee). These forums facilitate governance for responsible information sharing and safeguarding for all ISE partners at the level of the Executive Office of the President, in accordance with Presidential Policy Directive (PPD) 1, Organization of the National Security Council System and Executive Order 13587.

1.1.1 Information Sharing and Access Interagency Policy Committee

The ISA IPC is co-chaired by the National Security Staff’s Senior Director for Information Sharing Policy and the Program Manager for the Information Sharing Environment. While membership of the ISA IPC is restricted by law to federal departments and agencies, the ISA IPC scope includes all levels of government. ISA IPC subcommittees and working groups include federal, state, local, tribal and territorial mission owners as well as private sector partners. To ensure the candid and timely discussion of information sharing challenges that require policy action, the ISA IPC and its subsidiary groups are exempt from the Federal Advisory Committee Act.

The ISA IPC is guiding the implementation of each of the National Strategy’s 16 priority objectives. Each priority objective is assigned a steward, or governance body responsible for directing, managing and monitoring implementation of the priority objective. The subcommittees of the ISA IPC are working to implement the objectives of the National Strategy, and in so doing develop goals that are approved and monitored by the ISA IPC. Representatives from ISE agencies, our ISE mission partners, chair these governance bodies and help to formulate implementation plans for their assigned objective(s). These plans are vetted with ISE stakeholders through the ISA IPC and include control milestones and performance measures that allow the ISA IPC to monitor National Strategy implementation. Subcommittees of the ISA IPC may formally charter working groups or create Tiger Teams to focus on narrower issues within a portfolio.

For more information on how to participate in National Strategy implementation, or for information on the current structure and activities of the ISA IPC, contact your agency’s representative or PM-ISE’s Management and Oversight Division at ISE.gov/contact.

1.1.2 Senior Information Sharing and Safeguarding Steering Committee

The President established the Steering Committee in Executive Order 13587 to exercise overall responsibility and ensure senior-level accountability for interagency development and implementation of policies and standards regarding the sharing and safeguarding of classified information on computer networks.

The Steering Committee is co-chaired by senior representatives from NSS and the OMB E-Gov office. Membership includes representatives from Departments of State, Defense, Justice, Energy, and Homeland Security, the Office of the Director of National Intelligence, the Central Intelligence Agency, and the Information Security Oversight Office within the National Archives and Records Administration.

The Classified Information Sharing and Safeguarding Office (CISSO), which is a component of the office of the PM-ISE, provide executive secretariat functions for the Steering Committee and collects data from agencies on the progress and performance of their safeguarding efforts. This data informs the Steering Committee’s Annual Report to the President, which provides the White House an account of information sharing and safeguarding successes and challenges.

The current priorities of the Steering Committee are outlined in Priority Objective 5 of the National Strategy: "Implement removable media policies, processes and controls; provide timely audit capabilities of assets, vulnerabilities and threats; establish programs, processes and techniques to deter, detect and disrupt insider threats; and share the management of risks, to enhance unclassified and classified information safeguarding efforts." If you would like more information, please contact the CISSO at ISE.gov/contact.

1.1.3 Convening/Liaison

Because the office of the PM-ISE is in a unique position to facilitate responsible information sharing across the whole of government, we play a neutral role when negotiating between mission interests of ISE stakeholders. The capability to convene stakeholders provides opportunities for constructive exchanges in a shared setting, as well as active listening among organizations with different missions, authorities, and resources. PM-ISE fills the role of honest broker to help non-federal players develop their requirements and inject them into national policy deliberations. When there are asymmetries between stakeholders, PM‑ISE’s ability to aggregate the concerns of less influential stakeholders is critical to the ultimate success of shared solutions. For example, PM-ISE’s facilitation of interactions between and among individual fusion centers and their federal partners has increased the collective voice of the network of fusion centers. Additionally, a key role for PM-ISE and governance bodies is to identify technologies, capabilities, and services that can be shared across the ISE with the intent to leverage individual agency initiatives for the greater good.

ISE Stakeholders and priorities are often discussed in the Federal CIO Council, the Committee on National Security Systems, the Domestic Security Alliance Council, and other interagency forums. The office of the PM-ISE often works on behalf of agencies to clarify governance relationships, share ideas and deconflict tasks across these forums. For information on how to appropriately interface with these bodies, contact the PM-ISE Management and Oversight Division at DNI-PM-ISE-EXECSEC@dni.gov.

Fusion Centers and Private Sector Come Together on Cybersecurity

Agencies are undertaking new and emerging information sharing initiatives beyond traditional terrorism and homeland security missions. One example is ISE best practices and solutions supporting the cybersecurity mission and the priorities of the White House National Security Staff Cyber Directorate. PM-ISE, with the National Fusion Center Association and the International Association of Chiefs of Police, convened stakeholders from law enforcement, homeland security, emergency management, information technology, and the private sector to clarify requirements for sharing both tactical and strategic cybersecurity information and to plan pilots for demonstrating these capabilities. For more details on this and other information sharing pilots, please contact the PM-ISE Mission Programs Division at ISE.gov/contact.

1.1.4 Implementing Responsible Information Sharing and Safeguarding Governance in Your Organization

Effective and responsible information sharing and safeguarding requires strong commitment and participation from ISE partners. Developing effective internal governance structures, designating a senior information sharing and safeguarding executive in your organization, and developing information sharing goals aligned with the National Strategy are all practical measures to ensure that information sharing and risk management goals are fully integrated in your day-to-day operations.

Mature governance structures also adhere to a performance management cycle that is results-oriented, enforces accountability, and allows data-driven decisions on technology investments and other initiatives. Agencies should have a means to apply the goals and activities of the National Strategy to support their internal efforts and establish means to track and document the benefits of those activities. Effective agency governance structures also enable agencies to offer and reuse capabilities and services for sharing across the environment, consistent with an interoperable architecture approach.

To get started, make contact with the governance bodies that serve your community. See ISE Building Blocks or for more information please contact the PM-ISE Management and Oversight Division at ISE.gov/contact.

Benefits of Participation in ISE Governance Processes

Your involvement in ISE governance bodies provides opportunities to advise the NSS and the PM‑ISE and to coordinate with other departments and agencies as we develop and implement guidelines, policies, processes, practices, standards, and tools. Your involvement will help identify gaps in policies, technologies, programs and systems used by federal departments and agencies to share and safeguard information and will ensure that any initiatives developed to address these gaps include your equities. Through this involvement, the ISE’s annual planning process (described later in Figure 2) will be informed by your needs, challenges, and opportunities and you can share and reuse best practices from other ISE partners. As the ISE is implemented and expands to new missions and new categories of information, based on White House direction, your involvement will guide and support that growth, and ensure good stewardship of resources by sharing and reusing ISE solutions.

Examples of Effective Governance

Office of the Director of National Intelligence

The ODNI leadership is committed to information sharing across the 16 agencies of the Intelligence Community (IC). The DNI’s 2011-2015 Strategic Intent for Information Sharing provides the framework to improve responsible and secure information sharing across the IC and with external partners and customers. It supports the DNI’s strategic goal to “Drive Responsible and Secure Information Sharing,” and is consistent with both the National Intelligence Strategy and the Administration’s priorities for information sharing and safeguarding. The ODNI oversees the implementation of the strategy’s goals through the IC Information Sharing Steering Committee—the IC’s executive-level information sharing governance body. The IC Information Sharing and Safeguarding Executive is a member of both the ISA IPC and the Steering Committee, and collaborates very closely with PM-ISE to identify best practices for information sharing across the federal government. ODNI makes responsible information sharing a priority and gives weight to their information sharing initiatives—backing them with the authority of their most senior leaders. ODNI and National Counterterrorism Center (NCTC) senior leadership, such as the Civil Liberties Protection Officer, serve in key leadership roles on ISA IPC subcommittees and working groups.

Federal CIO Council

The Federal CIO Council (Council) promotes and advances the use of interagency shared services for commodity information technology, support, and mission services. The Council has created a Federal Shared Services Implementation Guide that provides information and guidance on the provisioning and consumption of shared services in the Federal Government. The guide provides agencies with a high-level process and key considerations for defining, establishing, and implementing shared services to help achieve organizational goals, improve performance, increase return on investment, and promote innovation. The Council develops and maintains valuable tools, services, and data for CIOs and other federal IT workers—like the Federal Shared Services Implementation Guide—primarily through three core committees: 1) Innovation, 2) Portfolio Management, and 3) Information Security and Identity Management. These groups oversee short-term projects and deliverables as well as longer-term initiatives aimed at informing federal IT strategy. By working within a structure that combines formal committees, short-term agile working groups, and communities of knowledge experts, the Council is poised to help address the most relevant and pressing IT issues across the Federal CIO community.

1.2 Policy

Policy provides direction on mission, budget, and strategic priorities. It serves to standardize processes and coordinate activities; to promote the use of innovative solutions and best practices; and to communicate guidance between leadership and operational components.

The ISE is built upon two levels of policy: ISE-wide policy frameworks and agency-specific policies developed to address ISE requirements.

1.2.1 ISE-wide Policy

ISE-wide policy frameworks are important because ISE initiatives regularly span some or all of our partner communities—from federal agencies, to state and local law enforcement, to private sector owners and operators of critical infrastructures—requiring partners to develop policies that comply with the broader requirements of ISE participation within their own authorities and missions.

The ISE Policy Lifecycle, as depicted in Figure 1, outlines the steps for developing, implementing, and evaluating policies, and lays out best practices for ISE partners to use for their agency-specific policy development and implementation.

Figure 1: The ISE Policy Lifecycle
ISE policy lifecycle

Proposals to share data across entities often encounter a familiar refrain: “There’s a legal problem – we can’t share the information.” The ISE policy framework cannot address specific scenarios, but does provide an approach for addressing information sharing legal challenges, and more importantly a forum to discuss these challenges. The ISA IPC is working on best practices and tool kits for data aggregation and related information sharing agreements to define common approaches for these challenges. The conversation begins with the mission and authorities that already exist within departments and agencies at all levels of government. The ISE relies on the expertise and advice from counsel within each department or agency to ensure that ISE policy meets the letter and intent of legal requirements. Additional detail on this legal and policy approach for responsible information sharing can be found on ise.gov.

1.2.2 Implementing ISE Policy in Your Organization

The success of the ISE depends upon ISE Stakeholders implementing policies for responsible information sharing that support their missions and are compliant with ISE-wide frameworks. For example, general ISE guidance has been provided to agencies to integrate information sharing responsibilities into employee performance assessments Performance Evaluation Element in Employee Performance Appraisals (ISE-G-105) and to mandate the use of Core Awareness Training (ISE-G-104) across ISE mission partners. It is incumbent upon ISE Agency leadership to issue and implement internal policies that comply with this guidance.

Below is an example of how an ISE-wide policy requirement has been implemented by ISE mission partners through agency-specific policies.

Sharing Information and Protecting Privacy, Civil Rights, and Civil Liberties

As envisioned by IRTPA and stated in Homeland Security Presidential Directives 6 and 11, “the policy of the United States Government is to share terrorism information to the full extent permitted by law”. IRTPA requires information sharing activities to be conducted in a manner consistent with the provisions of the Constitution and applicable laws, including those protecting the legal rights of all Americans.

In 2006, in response to the privacy and civil liberties requirements outlined in IRTPA, the White House issued a set of policies and procedures to protect the information privacy and legal rights of Americans during information sharing activities. The ISE Privacy Guidelines establish the standards by which both Federal and non-Federal ISE partners must protect the privacy, civil rights, and civil liberties (P/CR/CL) of individuals through the development and adoption of agency-specific written P/CR/CL protection policies.

Since 2007, federal agencies and non-federal ISE mission partners made significant progress in developing agency-specific P/CR/CL protection policies consistent with the ISE Privacy Guidelines and in integrating P/CR/CL protections into ISE activities and programs. Today, nearly all federal agencies have developed and issued written P/CR/CL policies compliant with the ISE Privacy Guidelines. As of April 2011, all federally recognized state and major urban area fusion centers had completed P/CR/CL protection policies.

Benefits of Participation in the ISE Policy Process

Participation in the ISE policy process enables mission partners across communities to uniformly understand and apply ISE requirements while retaining flexibility to address their own mission requirements and authorities. A uniform approach also contributes to trusted partnerships, where one agency can be confident sharing information with another, if they are confident in that agency’s adoption of ISE requirements. This facilitates more efficient sharing of information and awareness of protected information.

The following example illustrates the benefits of ISE-wide policy frameworks.

Federal Resource Allocation Criteria (RAC)

The Federal Resource Allocation Criteria (RAC) [ISE-G-112] provides federal agencies with objective criteria and a coordinated approach to determine how to prioritize and allocate resources to the National Network of Fusion Centers, as called for in the 2007 National Strategy for Information Sharing (NSIS).

The goal of this policy is to enhance the effectiveness of federal support to the National Network of Fusion Centers. In the face of increasing demands and limited resources, the prioritized resource allocation established through the criteria in the RAC policy enables the federal government to concentrate resources to improve the efficiency of its support to fusion centers.

To develop and issue the RAC policy, DHS and PM-ISE worked together—via the ISA IPC’s Fusion Center Subcommittee—to create consensus among all stakeholders on how federal resources are to be prioritized and allocated, bringing transparency into the process. An analysis of current policies revealed that no policies existed to sufficiently address these issues.

PM-ISE issued the RAC as ISE guidance on behalf of the ISA IPC’s Fusion Center Subcommittee in 2011; and in our FY2014 ISE Implementation Guidance, we directed all ISE agencies to “deliver to DHS an inventory of all the steps agencies have taken to align resource decisions to the Federal RAC policy.” DHS then, through the ISA IPC’s Fusion Center Subcommittee, which they co-chair with the FBI, developed and distributed the “Federal RAC Policy Implementation Questionnaire” to ISE agencies. The responses to this questionnaire have provided a better understanding of the extent to which federal resources are deployed to fusion centers. Based on that feedback, the ISA IPC’s Fusion Center Subcommittee is in the process of developing a RAC implementation plan to better inform partners on budgetary and programmatic decisions when expending federal resources to the National Network of Fusion Centers.

For more information on how to work with PM-ISE to develop your own responsible information sharing policies, or to discuss how to ensure your policies comply with broader ISE frameworks, please contact the PM-ISE Management and Oversight Division at ISE.gov/contact.

Go to the next section: 2 Budget and Performance