Identity and Access Management:
Collaborative Approaches to Novel Use Cases
Nate Lesser, Deputy Director
National Cybersec...
ENERGY SECTOR USE CASE:
IDENTITY AND ACCESS MANAGEMENT
3Cloud Identity Summit 2014
OVERVIEW
Goals
‣ Authenticate individuals and systems
‣ Enforce authorization control policies...
Cloud Identity Summit 2014 4
SILOS
IT network OT network Physical system
Cloud Identity Summit 2014 5
THE IT-OT DIVIDE
Cloud Identity Summit 2014 6
HIGH-LEVEL ARCHITECTURE
Cloud Identity Summit 2014 7
COLLABORATORS
ABOUT THE NCCOE
Cloud Identity Summit 2014 9
STRATEGY
Vision
‣ A secure cyber infrastructure that inspires technological
innovation and fo...
10Cloud Identity Summit 2014
TENETS
Standards-based
Modular
Usable
Repeatable
Open and transparent
Commercially available
Cloud Identity Summit 2014 11
REALIZED SECURITY
Realized security = security controls + security gains from ease of use
	
...
Cloud Identity Summit 2014 12
APPROACH
We seek problems that are:
‣ Broadly relevant
‣ Technology-based
‣ Addressable with...
Cloud Identity Summit 2014 13
REFERENCE DESIGNS
Use cases
‣ Sector-specific challenges
‣ Identified through industry engag...
Cloud Identity Summit 2014 14
MODEL
Engage
‣ Work with community of interest to define problem
Explore
‣ Map security char...
Cloud Identity Summit 2014 15
MODEL
Form small community
of interest
Provide input and
feedback to NCCoE
Expand
community
...
Cloud Identity Summit 2014 16
CORE PARTNERS
BUILDING BLOCK:
ATTRIBUTE BASED ACCESS CONTROL
18Cloud Identity Summit 2014
OVERVIEW
Goals
‣ Enterprise to enterprise identity federation
‣ Enable access control decisio...
Cloud Identity Summit 2014 19
HIGH-LEVEL WORKFLOW
Cloud Identity Summit 2014 20
HIGH-LEVEL WORKFLOW
Cloud Identity Summit 2014 21
DEFINITIONS
Sources
‣ Authorization and Attribute Services Committee Glossary
‣ FICAM
‣ FIPS...
Cloud Identity Summit 2014 22
HIGH-LEVEL ARCHITECTURE
Next
nccoe@nist.gov	
  240-­‐314-­‐6800	
  
9600	
  Gudelsky	
  Drive	
  
Rockville,	
  MD	
  20850	
  
hCp://nccoe.nist.g...
Upcoming SlideShare
Loading in …5
×

CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Novel Use Cases

818 views

Published on

Nate Lesser

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
818
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
32
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CIS14: NSTIC - Identity and Access Management Collaborative Approaches to Novel Use Cases

  1. 1. Identity and Access Management: Collaborative Approaches to Novel Use Cases Nate Lesser, Deputy Director National Cybersecurity Center of Excellence Cloud Identity Summit 2014 July 20, 2014
  2. 2. ENERGY SECTOR USE CASE: IDENTITY AND ACCESS MANAGEMENT
  3. 3. 3Cloud Identity Summit 2014 OVERVIEW Goals ‣ Authenticate individuals and systems ‣ Enforce authorization control policies ‣ Unify IdAM services ‣ Protect generation, transmission and distribution Business value ‣ Reduce costs ‣ Increase efficiency
  4. 4. Cloud Identity Summit 2014 4 SILOS IT network OT network Physical system
  5. 5. Cloud Identity Summit 2014 5 THE IT-OT DIVIDE
  6. 6. Cloud Identity Summit 2014 6 HIGH-LEVEL ARCHITECTURE
  7. 7. Cloud Identity Summit 2014 7 COLLABORATORS
  8. 8. ABOUT THE NCCOE
  9. 9. Cloud Identity Summit 2014 9 STRATEGY Vision ‣ A secure cyber infrastructure that inspires technological innovation and fosters economic growth Mission ‣ Collaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs
  10. 10. 10Cloud Identity Summit 2014 TENETS Standards-based Modular Usable Repeatable Open and transparent Commercially available
  11. 11. Cloud Identity Summit 2014 11 REALIZED SECURITY Realized security = security controls + security gains from ease of use  
  12. 12. Cloud Identity Summit 2014 12 APPROACH We seek problems that are: ‣ Broadly relevant ‣ Technology-based ‣ Addressable with multiple commercially available technologies
  13. 13. Cloud Identity Summit 2014 13 REFERENCE DESIGNS Use cases ‣ Sector-specific challenges ‣ Identified through industry engagement Building blocks ‣ Technology-specific challenges ‣ Identified through public engagement
  14. 14. Cloud Identity Summit 2014 14 MODEL Engage ‣ Work with community of interest to define problem Explore ‣ Map security characteristics to standards, controls and best practices ‣ Circulate drafts and incorporate feedback Partner ‣ Invite technology vendors to collaborate in our labs Build ‣ Collaborate on design components ‣ Incorporate feedback from experts in technology community Show ‣ Demonstrate reference designs
  15. 15. Cloud Identity Summit 2014 15 MODEL Form small community of interest Provide input and feedback to NCCoE Expand community of interest Submit feedback on use cases to NCCoE Offer insights on use cases Community Of Interest Support deployment, revision and maintenance of products as part of the practice guide Collaborate to develop reference designs Evangelize on behalf of reference design and practice guide Deploy, test and provide feedback on the reference design Provide regular feedback on use case builds Technology Partners Submit letters of interest Speak at sector- specific events Work with COI to identify cybersecurity challenges Host sector- specific workshop Review & circulate pre-release use cases Revise & publish draft use cases Revise use cases & invite participation from technology partners Receive technology partners letters of interest Demonstrate reference designs Discuss improvements & modifications Publish reference design and practice guide Develop composed reference design Form build teams Sign CRADAs Host partner day
  16. 16. Cloud Identity Summit 2014 16 CORE PARTNERS
  17. 17. BUILDING BLOCK: ATTRIBUTE BASED ACCESS CONTROL
  18. 18. 18Cloud Identity Summit 2014 OVERVIEW Goals ‣ Enterprise to enterprise identity federation ‣ Enable access control decisions for previously unknown users ‣ Demonstrate security capabilities that support a wide range of enterprise risk postures Business value ‣ Simplified identity management ‣ Shared IT resources across multiple enterprises ‣ Reduced risk through granular access control
  19. 19. Cloud Identity Summit 2014 19 HIGH-LEVEL WORKFLOW
  20. 20. Cloud Identity Summit 2014 20 HIGH-LEVEL WORKFLOW
  21. 21. Cloud Identity Summit 2014 21 DEFINITIONS Sources ‣ Authorization and Attribute Services Committee Glossary ‣ FICAM ‣ FIPS 201 ‣ NCCoE ‣ NIST SP 800-37-1 ‣ NIST SP 800-63-2 ‣ OMB M-04-04 ‣ RFC 4949
  22. 22. Cloud Identity Summit 2014 22 HIGH-LEVEL ARCHITECTURE
  23. 23. Next nccoe@nist.gov  240-­‐314-­‐6800   9600  Gudelsky  Drive   Rockville,  MD  20850   hCp://nccoe.nist.gov  

×