Government DOD


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • This is going to be a busy panel, as we have 4 speakers vice 3, so we'll be targeting about 10-12 mins per speaker to allow sufficient time for Q&A. Each of the Service reps/speakers will be talking to their Service's enterprise approach for Identity and Access Management and I thought it would be great for you to close the session on your work around Federated Identity Management with other organizations on behalf of DoD. It's likely that each of the Service reps may touch upon their goals for federation, which should be a nice segue for your discussion. Will this work for you? Thanks, Gordon . Identity Management, alone, is very broad and has Many Moving Components and Uses. It is complex and important to mission success. Tracking - Good Guy, Bad Guys, and the Others (Blue, Red, Grey) Recognition - Categorization Logical and Physical Access - and many supporting systems Hand Held Devices for Gates, Ship Boardings, Checkpoints Multiple Supporting Technologies: Biometrics, PKI, Smart Cards (tokens) Ranges Visual (Flash Pass) thru Electronic Authentication with Biometrics Digital Signature (support Paperless Operations) Static and Dynamic Authorization Rules associated with the Info, Service, Privilege
  • The main points from the slide include: Many enterprises are investing their resources in this federated capability needed by all of us (synergy of our combined multi-billion dllar investments). Federated Governance of this Identity Federation is working (self-regulation). It is also a model for Info Sharing Federation Governance. Progress has come from working together (going alone is a very poor choice) Reference Notes: Entities Cross-Certified wth FBCA: Fed PKI XCert Status is located at: SAFE Status is located at: Higher Education Bridge: Participants: Dartmouth College, University of Alabama - Birmingham University of California - Office of President, University of Wisconsin - Madison Duke University
  • Talking Points: IdAM Collaboration mechanisms are postured to make common progress : DoD/IC PKI Tiger Team Coordinate and align on hardware authentication solution Develop comprehensive PKI solution for our mission partners DoD/IC Authorization and Attribute Services Tiger Team (AATT) Co-Chairs: NSA and DOD/CIO Advance Dynamic Policy-Based Sharing Capabilities Cover Tiger Team Provide recommendations on the use & protection of identities At the Federal Level, OMB and Federal CIO Council have mechanisms, The main Bodies are: Federal Identity Credentialing Committee Federal PKI Policy Authority Policies are Foundational ; Information Technologies can Accommodate Them.. Consistent, Clear, US Gov Polices for Sharing and Collaboration are the rules that drive the Dynamic Policy-Based Sharing Capabilities (aka ABAC/ICABAAD) ISC and the ISE can both exploit and further these successes . Read the words from the slide.
  • Government DOD

    1. 1. Secure Information Sharing and Collaboration for the Extended Enterprise Create an Information Advantage for our People and Mission Partners Paul D. Grant Special Assistant for Federated Identity Management and External Partnering DoD CIO Co-Chair, Federal Identity, Credential and Access Management Subcommittee [email_address] Transglobal Secure Collaboration Program May 20, 2009
    2. 2. Transglobal Secure Collaboration Program US Government Participation <ul><li>Since 2003 </li></ul><ul><li>TSCP Executive Forum (aka CIO Forum) </li></ul><ul><ul><li>Dave Wennergren </li></ul></ul><ul><ul><li>Dr. Peter Alterman </li></ul></ul><ul><li>TSCP Governance Board </li></ul><ul><ul><li>Paul Grant & Judy Spencer </li></ul></ul><ul><ul><li>Others as Needed </li></ul></ul><ul><li>TSCP US Gov Mail List (Approx 120+ folk) </li></ul><ul><li>Room to Improve our Participation in Sub-Groups </li></ul>
    3. 3. Key Conceptual Threads In DoD Information Sharing Strategic Plan <ul><li>Extended Enterprise </li></ul><ul><ul><li>All Internal and External Participants Required for Mission Success </li></ul></ul><ul><ul><li>Facilitates Collaborative and Coordinated Decision Making </li></ul></ul><ul><ul><li>Shared Situational Awareness and Improved Knowledge </li></ul></ul><ul><li>Federation </li></ul><ul><ul><li>Autonomous Organizations Operating Under a Common Rule Set for a Common Purpose </li></ul></ul><ul><ul><li>Legally Binding Framework Policies, Standards and Protections to Establish and Maintain Trust </li></ul></ul><ul><li>Information Mobility </li></ul><ul><ul><li>Dynamic Availability of Information. </li></ul></ul><ul><ul><li>Enhanced or Impeded by Culture, Policy, Governance, Economics and Resources and Technology and Infrastructure </li></ul></ul><ul><li>Trust / Trustworthiness </li></ul><ul><ul><li>Cornerstone of Information Sharing is Trust in Partner Enterprises </li></ul></ul><ul><ul><li>Trusting Policies, Procedures, Systems, Networks, and Data </li></ul></ul>Threads permeate Assured Information Sharing activities
    4. 4. Interoperable @ test level; HE Bridge dormant Participants: AstraZeneca Bristol-Myers-Squibb Genzyme GlaxoSmithKline Johnson & Johnson Merck Nektar Organon Pfizer Procter & Gamble Roche Sanofi-Aventis Federal Bridge Certipath (Aero/Def ) SAFE (Bio/Pharma) Higher Education Identity Federations Cross Certified: D of Defense D of Justice Gov Printing Office D of State D of Treasury USPS Patent & Trademark Ofc DHS VeriSign DoD ECAs Verizon Business State of Illinois ACES (IdenTrust & ORC) DEA CSOS Participants (TSCP) Cross Certified: Boeing Lockheed Martin Northrop Grumman Raytheon EADS/Airbus BAE Systems CSP: Exostar, SITA, ARINC Pending: MoDUK Other TSCP: Rolls Royce Finmechannica April 2009 Cross Certified at “Commercial Best Practices” Level Shared Service Providers VeriSign, Inc. Verizon Business Operational Research Consultants, Inc. The Department of the Treasury Entrust Managed Services U.S. Government Printing Office PKI Bridges Red: eAuth Level 4 Memo- July 22, 2008 Fed Bridge Status: PIV Fielding Status: Federal Common Policy Root
    5. 5. New Committee Structure CIO Council Architecture & Infrastructure Best Practices IT Workforce Privacy Information Security & Identity Management Security Program Management Identity, Credential, & Access Management Network & Infrastructure Security Security Acquisitions Roadmap Development Team Federal PKI Policy Authority Federation Interoperability Working Group Architecture Working Group Citizen Outreach Focus Group
    6. 6. ICAM Mission <ul><li>Fostering effective government-wide identity and access management </li></ul><ul><li>Enabling trust in online transactions through common identity and access management policies and approaches </li></ul><ul><li>Aligning federal agencies around common identity and access management practices </li></ul><ul><li>Reducing the identity and access management burden for individual agencies by fostering common interoperable approaches </li></ul><ul><li>Ensuring alignment across all identity and access management activities that cross individual agency boundaries </li></ul><ul><li>Collaborating with external identity management activities through inter-federation to enhance interoperability </li></ul>Co-Chairs: Paul D. Grant, DOD & Judith Spencer, GSA
    7. 7. Enabling Policy and Guidance The Mandate: HSPD-12 August 27, 2004 The Standard: FIPS-201 February 25, 2005 The Implementing Guidance: OMB M-05-24 August 5, 2005 Federal PKI Common Policy Framework The E-Gov Act 0f 2002 The Implementing Guidance: OMB M-04-04 December 16, 2003 The Technical Spec: SP 800-63 June 2004 The Government Paperwork Elimination Act 0f 1998 Federal Bridge Model Policy The Implementing Guidance: OMB M-05-05 December 20, 2004 The Implementing Guidance: OMB M-00-10 April 25, 2000 Special Publications Technical Specs.
    8. 8. ICAM Roadmap and Implementation Project Overview <ul><li>Scope includes the following high-level elements: </li></ul><ul><ul><ul><ul><li>Segment Architecture, including tools, methodologies and transition plans, that address current ICAM needs and outlines a target future state </li></ul></ul></ul></ul><ul><ul><ul><ul><li>ICAM priorities in sufficient detail to facilitate budgetary planning </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Guidance and best practices for agencies deploying ICAM solutions </li></ul></ul></ul></ul><ul><li>Ultimate Goal : To produce and maintain the: </li></ul><ul><li>“ Federal Identity, Credential and Access Management (FICAM) Roadmap and Implementation Guidance” document. (in two phases) </li></ul>
    9. 9. Phase 1 The Federal ICAM Segment Architecture <ul><li>The Federal ICAM Segment Architecture will be developed as Phase 1 of the FICAM Roadmap and Implementation Guidance </li></ul><ul><ul><ul><ul><li>Phase 1 is to be drafted May, released June, 2009 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Using Federal Segment Architecture Methodology (FSAM) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Phase 1 materials will be compiled into the FICAM Roadmap and Implementation Guidance document </li></ul></ul></ul></ul><ul><li>Federal ICAM Segment Architecture Purpose: </li></ul><ul><li>The purpose of the Federal Identity, Credential, and Access Management (ICAM) segment architecture is to provide federal agencies with a consolidated approach for implementing government-wide ICAM initiatives. The use of enterprise architecture techniques will help ensure alignment, clarity, and interoperability across agency ICAM initiatives and enable agencies to eliminate redundancies by identifying shared ICAM services across the Federal Government. </li></ul>
    10. 10. <ul><li>Phase 2 includes the development of ICAM best practices and implementation guidance. This work is the extension of the Phase 1, and will include sections on: </li></ul><ul><ul><ul><ul><li>Identity Proofing and Background Investigations </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Physical Access </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Logical Access </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Role of PKI </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Use of Digital Signatures </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Federation and Information Sharing </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Other Credential Types and Interoperability </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Acquisition Guidance </li></ul></ul></ul></ul><ul><li>Estimated Completion: September 2009 </li></ul><ul><li>Product: “Federal Identity, Credential and Access Management (FICAM) Roadmap and Implementation Guidance” document </li></ul>Phase 2 Implementation Guidance
    11. 11. Personal Identity Verification (PIV) Cards for Non-Federal Issuers <ul><li>Basis for PIV Card Trust </li></ul><ul><li>Well-defined standards </li></ul><ul><li>A compliance regimen that ensures parties adhere to the well-defined standards </li></ul><ul><li>Relying Party verification that allows relying parties to verify compliance when trusting and </li></ul><ul><li>Secure components inherent to the PIV Card </li></ul><ul><li>Situation </li></ul><ul><li>PIV Cards, by definition, are issued only to/by the Federal Government </li></ul><ul><li>Organizations external to the U.S. Federal government have expressed a desire to establish identity credentials that are interoperable with the Federal PIV card. </li></ul><ul><li>They want a card that is: </li></ul><ul><ul><li>Technically compatible / interoperable with the PIV system </li></ul></ul><ul><ul><li>Capable of Trust in the Federal environment </li></ul></ul>
    12. 12. Published PIV Interoperability for Non-Federal Issuers Guidance <ul><li>PIV Interoperable – cards that meet the technical standards to work with PIV infrastructure elements such as card readers and are issued in a way that allows federal relying parties to trust the cards at AAL-4. </li></ul><ul><li>PIV Compatible – cards that meet the technical specifications so that PIV infrastructure elements, such as card readers, are capable of working with the cards, but the credential itself has not been issued in a way that assures it is trustworthy by federal relying parties. </li></ul>
    13. 13. Next Steps <ul><li>Publish ICAM Roadmap & Implementation Guide </li></ul><ul><ul><li>Includes IDM Segment Architecture </li></ul></ul><ul><li>Promote activities of Citizen Outreach Focus Group </li></ul><ul><ul><li>Develop solution set recommendation for submission to CIO Council (6 month effort) </li></ul></ul><ul><li>Continue Outreach Activities </li></ul><ul><ul><li>Liberty Alliance Partnership </li></ul></ul><ul><ul><li>Higgins Project </li></ul></ul><ul><ul><li>Transglobal Secure Collaboration Program </li></ul></ul><ul><ul><li>Educause (post-secondary education) </li></ul></ul><ul><ul><li>AFEI Identity Protection and Privilege Management Forum </li></ul></ul>
    14. 14. Summary <ul><li>Strong Identity and Access Management Are Foundational to Secure Information Sharing and Collaboration </li></ul><ul><li>Shared Guidance is Improving: Much Room for More Improvement </li></ul><ul><ul><li>Clear, Concise, Consistent, Published </li></ul></ul><ul><ul><li>For Ourselves and Our Mission Partners </li></ul></ul><ul><li>Mission Partners are Fielding Strong Identity Credentials (PKI) as well as Creating Federations for Sharing & Collaboration </li></ul><ul><li>Progress Depends on Public-Private Partnering </li></ul><ul><ul><li>Domestically and </li></ul></ul><ul><ul><li>Internationally </li></ul></ul>