Friday, September 14, 2007


I have a requirement to say whether the application being accredited contains SAMI data. What the heck is that? I did a google search and found it's an acronym for Sources and Methods Intelligence. That doesn't help me very much. However, if your app. processes SAMI data, you need to retain audit records for 5 years instead of 1. That must mean SAMI is important stuff. I'm still searching and it's taken the better part of half an hour so far.

I just found a defintion inside the definitions section of a DoD manual:
Any classified non-SCI information that has been determined by the Data or Information Owner to need the protection afforded by DCID 6/5 and bears a SAMI marking.

Because the information my app. process is not classified, I can safely say my app. does not process SAMI data. But what does SCI information mean? I'll find that next.

Sensitive Compartmented Information, Classified
information concerning or derived from intelligence
sources, methods, or analytical processes, that is required
to be handled within formal access control systems established
by the Director of Central Intelligence (DCI).
Of course, I'm inserting these definitions in my list of acronyms and glossary.

No comments: