SecureIS is a java web application that processes, stores, and organizes security information pertaining to an information system that processes confidential data. The security information, processed by SecureIS, deals with security decisions made by security personnel as they evaluate information system components with regard to security concerns. The security personnel must determine the need for security, evaluate security requirements applicability to information system components, and select security solutions. Security solutions are people, hardware, software, and procedures that perform a security function that protects component belonging to the information system. Security requirements are a set of specifications and guidelines established by the director of central intelligence to protect intelligence data. The SecureIS system provides a framework that allows an organization to adhere to the Director of Central Intelligence Directive 6/3 (DCID 6/3).

SecureIS allows an organization to

1. Enter the components of an information system, that require a security concern.
2. Establish the level of protection required for the information with respect to its level of confidentiality, data integrity, and the data availability.
3. Determine the applicability of each security requirement to each item of the information system and provide a rationale for this decision.
4. Define and attach security solutions (Compliance items) for each security requirement for each item of the information system.
5. Add a rationale to support a Compliance Item's capability to satisfy or not satisfy each security requirement.
6. Produce reports that show the security status of the information system.

SecureIS stores security information in its database to keep track of changes and adjustments to the information system. SecureIS provides a variety of features to aid in maintaining information system components, DCID 6/3 security requirements, Compliance Items implemented by the organization to meet the security requirements, and the reporting needed to establish the organizations compliance with DCID 6/3.