DCID 6/3 is the certification and accreditation process used by federal agencies working on intelligence projects (e.g., the CIA). Specifically, information technology projects that require that anyone working on them has a Top Secret, Sensitive Compartmentalized Information (SCI) clearance use the DCID 6/3 process. DCID stands for Director of Central Intelligence Directive and 6/3 refers to the process described in section 6, part 3 of the compendious Director of Central Intelligence Directives.5 The certification and accreditation process that the Intelligence Community (IC) used before DCID 6/3 came along was called DCID 1/16.

The DCID 6/3 model is based on certification and accreditation performed on information systems that are characterized by Protection Levels (PL), and DCID 6/3 defines five different protection levels. DCID 6/3 deals only with classified information and its PL model helps ensure that only properly cleared people have access to classified information. Although the DCID 6/3 model was designed for classified information and intelligence work, it is publicly available for review, and any agency or private organization can adopt the methodology, and customize it according to their own unique requirements.The DCID Standards Manual, which defines the DCID 6/3 certification and accreditation process, can be found on the Federation of American Scientists Web site at www.fas.org/irp/offdocs/dcid-6-3-manual.pdf

The DCID 6/3 C&A process must also comply with the DCID 6/3 policy manual.The DCID 6/3 policy manual can be found on the Web at www.fas.org/irp/offdocs/DCID_6-3_20Policy.htm.

Many of the requirements for IC certification and accreditation are based on physical security, since classified information must always be physically secured. Aside from physical security, the IC puts a lot of emphasis on encryption. The emphasis in these two areas is what really sets apart DCID certification and accreditation from the other C&A methodologies.