PLATFORM
SOLUTIONS
FEATURES
COMPANY
RESOURCES
EVENTS
CONTACTLOGIN
BY SOLUTION
Software accreditationCloud compliance & securityDevSecOps Platformmanaged application hosting
BY CLOUD PROVIDER
AWS Gov CloudGoogle Cloud Platform
EVENTS
OFFSET SYMPOSIUMEVENTS
CompanY
About uscareersPartnersnewsroom
Resources
BlogPodcastsCase StudiesVideowebinarsGlossaryNewsletter
PLATFORM
SOLUTIONS
FEATURES
COMPANY
RESOURCES
EVENTS
LOGIN
TALK TO TEAM
 
MAIN MENU
TALK TO TEAM

DoD Impact Level 6 (IL6): What You Need to Know

Chris Bryant
April 27, 2023

All information systems present some level of risk, so to stay ahead of threats the Department of Defense (DoD) implements a classification system for security, with different levels of impact. In this blog, we will be focusing on DoD Impact Level 6 (IL6), its requirements, and how it impacts software delivery to the defense community.

What is DoD Impact Level 6 (IL6)?

DoD IL6 is a high level security classification for data and information systems within the DoD. It is used for systems that contain data that is deemed critical to national security and that require maximum protection against unauthorized access or manipulation.

IL6 most commonly applies to data and systems that involve classified information, such as those related to intelligence, military operations, and other sensitive government activities. This may include systems that contain information related to national security, defense, and intelligence, as well as those that involve critical infrastructure or other high-value assets. Examples of systems that may fall under the IL6 classification include secure communication networks, command and control systems, and systems that support the development and testing of advanced technologies for military or intelligence applications. It is important to note that the specific systems and data to which IL6 applies may vary depending on the particular mission, organization, or program involved.

What are the IL6 Requirements for Data and Information Systems?

DoD IL6 security classification requires strict control and protection of "Secret" information. DoD Manual 5200.01, Volume 2 provides detailed guidance on how to classify, mark, handle, and safeguard such information. The manual specifies that "Secret" information must be protected in accordance with the security controls specified in CNSSI 1253, which includes the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 controls, as well as the application of an IL6 Overlay. Some of the key requirements for IL6 include:

  • Physical security: The system must be protected physically to prevent unauthorized access or damage.
  • Access control: The system must control access to data and resources based on need-to-know and least privilege principles.
  • Audit and accountability: The system must be able to track and audit all actions taken on the system.
  • Risk management: The system must have a formalized risk management program that is used to assess and mitigate risks.
  • Incident response: The system must have a formalized incident response plan that is used to detect and respond to security incidents.
This table compares the pros and cons of IL6 security classification.

How to get DoD IL6 Approval for Commercial Software Companies

Getting approval for commercial software companies to work at the IL6 level can be difficult, as it requires not only meeting the specific security controls but also undergoing a rigorous evaluation and authorization process to achieve an Authority to Operate (ATO). The evaluation and authorization process can take several months or even years, depending on the complexity of the system and the level of risk it presents.

As a high level security classification for data and information systems within the DoD, meeting the requirements of IL6 can provide maximum protection against unauthorized access or manipulation, but it can also be expensive and complex. Commercial software companies seeking approval for IL6 must undergo a rigorous evaluation and authorization process. It is important for organizations working with the DoD to be aware of the security requirements and processes to ensure the protection of sensitive information and compliance with regulations.

To help commercial companies accelerate their delivery of emerging technologies to U.S. and Allied warfighters, Second Front Systems® offers Game Warden®, a DevSecOps platform and secure cloud hosting environment that removes the burden from commercial software companies by enabling them to leverage our security controls and DoD-approved platform to streamline software delivery. Learn more about how Game Warden can help you accelerate the delivery of your software to the DoD and NatSec community by downloading our white paper, or contacting us here.

Software Accreditation
Defense Software
Success Robot illustration
SUCCESS!
DOWNLOAD NOW
Oops! Something went wrong while submitting the form.
Recommended Articles
News

Second Front’s Game Warden Platform Achieves FedRAMP® In-Process Designation and Marketplace Listing

Second Front’s Game Warden Platform Achieves FedRAMP® In-Process Designation and Marketplace Listing
News

Second Front Systems Enables Deployment of Learn to Win to DoD Impact Level 6

Second Front Systems Enables Deployment of Learn to Win to DoD Impact Level 6

Get great content updates from our team to your inbox.

GDPR and CCPA compliant.
Second Front Systems is a public benefit software company accelerating the delivery of mission-critical software-as-a-service (SaaS) solutions to the government.
PlatformGame WardenFEATURESTAlk to teamEVENtsABoutCOMPANYCareersNewsroomGovernmentLEGALDocumentsTERMS OF SERVICEPrivacy PolicyCookie Policy
SolutionsSoftware ACCREDITATIONOffset SymposiumCloud Compliance & SecurityDEvsecops PlatformManaged application hostingBy Cloud ProviderAWS Gov CloudBy CustomerDecision lens
ResourcesBLOGPodcastsCase StudiesVIDEOGlossaryWebinarscontactEventsOffset Symposiumevents
An icon of a location marker.
1207 Delaware Ave Suite 800
Wilmington DE 19806-5225
An icon of an envelop.
info@secondfront.com
301-744-7318
© 2023 Second Front Systems, Inc.