The FEA SPP is voluntary guidance applicable to any Federal government agency. It does not provide specific technical requirements, but instead provides best practices and recommendations to promote incorporation of security and privacy into an organization’s enterprise architecture and to ensure appropriate consideration of security and privacy requirements in an agency's strategic planning and investment decision making.
Version 3.0 incorporates a security and privacy control assessment tool, which is intended to be a non-proprietary software product that can be used to identify security controls at the enterprise, segment, and system levels of an architecture and to illustrate how concepts in this document can be put into practice.
The Federal Chief Information Officers Council published the initial version of the Federal Enterprise Architecture Security and Privacy Profile (FEA-SPP) in July 2004, with an update in July 2005. Version 2.0 was published in June 2006 and provided modified steps in the methodology that were based on validation exercises and an assessment of related documents. Work on Version 3.0 started in mid-2008 and its release in mid-2010 represented a further update of the methodology as well as incorporation of key concepts from the federal architecture, security, and privacy communities of practice.
Version 3.0 also supports the implementation of the Obama Administration’s “Open Government” initiative and its underlying principles of transparency, public participation, and collaboration, as well as major federal data sharing initiatives such as Data.gov and the National Information Exchange Model (NIEM) that the Department of Justice is coordinating.