tscp aero bridge

Document Sample
tscp aero bridge Powered By Docstoc
					Transatlantic Secure
Collaboration Program (TSCP)

Briefing for the Federal PKI WG


                                   Washington
                                  13 May 2004




           www.tscp.org
The Defense Business Environment
    • DOD
       – Warfighter – defeats the enemy and keeps the peace
       – Intelligence – knows about the enemy
       – Business – converts $ to defence capability under
         political governance
    • Coalition Allies/Partners
    • Industry Primes/Partners
       – Products
       – Services and support
    • Supply chain
       – Most verticals
       – Increasingly international




                        www.tscp.org
                                                              1
    The collaboration model is changing to adapt to the new industry trends . . .
    the security solution must be equally adaptable and flexible

                                     Previous Collaboration Model                  Emerging Collaboration Model
            1
                 Industry       • National – Collaboration strategy based      • International – Collaboration strategy
                 Structure        on national model of primes, subs, and         based on international model of primes,
STRATEGIC




                                  suppliers                                      subs, and suppliers
 DRIVERS




            2
                 Business       • Product-Centric – Collaboration oriented     • Service-Centric – Collaboration spans
                  Model           around a particular product line and           entire lifecycle and multiple product lines
                                  development phase
            3
                                • Business Unit – Developed to support a       • Extended Enterprise – Collaborations
                Organization      particular line-of-business                    stretches across business units,
                                                                                 company boundaries and international
            4                                                                    borders
BUSINESS
DRIVERS




                Collaboration   • Static – Developed in accordance with        • Dynamic – Rapidly adapts to changing
                   Model          policies and regulations of particular         business model and introduction of new
                                  product line; little change or flexibility     partners
            5

                   Focus        • Function – Collaboration systems             • Value Chain/Life-cycle – Collaboration
                                  developed to support one particular            spans the entire lifecycle with reusable
                                  function (e.g., exchanges, R&D, supply-        data
                                  chain)
SECURITY




            6
DRIVERS




                 Security       • Government – DoD/MoD security                • Commercial – Corporate policies
                 Drivers          regulations and export control policies        designed to protect intellectual capital or
                                                                                 competitive intelligence
            7
                Security        • Network-Centric – Security designed          • Data-Centric – Security built into the
                 Model            around the network (e.g., DMZ,                 data (e.g., data tags/XML)
                                  firewalls)


                                                       www.tscp.org
                                                                                                                          2
Data in the collaborative environment…
• A typical corporation aligns and optimises its processes.
  The internal environment is process-centric.

• Collaborating organisations depend on shared
  information. This environment is data-centric.

• Successful collaboration depends ultimately on
  measurable data quality.
• Standard contractual clauses are needed for data
  quality, metrics and audit.
• Sharing sensitive data requires data segregation
  management

• So, what building blocks do we need to get there, and
  how are we doing?

                       www.tscp.org
                                                              3
                             Collaboration maturity is driven by the depth of
                             information available between partners
                               Levels of Collaboration   Objective                            Attributes of Collaboration

                                                                       Capabilities Being Used             Business Benefit                   Risks
                                                                          Collaborative Product           Improved knowledge          Greater exposure to
                                                                           Design and                       sharing, reducing            intellectual property
                                                                           Development                      product cycle time           loss
HIGH                                Level Four                                                                                          Data corruption/theft
                                                           Product
                                                                                                           Single access to data
                               Extended Collaborative     Lifecycle                                         sources, reducing
                                                                          Enterprise Bus.                  search and
                                     Enterprise          Management        Intelligence                     acquisition time


                                                                          Enterprise Program              Improve and                 Exposure and/or theft
                                                                           Management                       transparency of              of intellectual
Collaborative Capabilities




                                    Level Three                                                             schedules resource
                                                                          Portals/Search Tools,                                         property
                                                          Program          Document Management
                                                                                                            allocation
                                    Contextual           Management                                        Increased access and
                                                                          Peer-to-Peer                     reuse of internal           Transparency into
                                   Collaboration                           Collaboration                    knowledge to                 potentially damaging
                                                                                                            enhance innovation           program management
                                                                                                                                         issues
                                                                          Inter-Enterprise Process    Automate collaborative          Process automation
                                                                           Management /Web              process management               creates greater
                                                                                                        across the enterprise &          interdependencies
                                    Level Two            System-to-        Services
                                                                                                        between organizations            and management
                                                                                                                                         complexity
                                                                           (ERP/SCM/CRM
                                   Collaborative          System           Integration)
                                                                                                       Improve supply chain            Insights into financial
                                                                                                        transparency and open            aspects of the
                                    Commerce             Messaging                                      channels for new                 business model
                                                                                                        partners

                                                                          Office productivity tools
                                                                           B2B Exchanges                   Improving individual        Inadvertent transfer
                                    Level One                              and simple information           team productivity
                                                                           exchange, calendaring                                         of sensitive
                                                                                                            through greater reach
                                                           Simple          and scheduling
                                                                                                            (e.g., e-mail) and
                                                                                                                                         documents
                                Productivity-Centric
                                                          Messaging       E-mail, attachments,             standardization (e.g.,
                                                                                                                                        Viruses
                                   Collaboration                           secure instant                   PDF, .doc)
                                                                           messaging
LOW


                                                                     www.tscp.org
                                                                                                                                                            4
What are Data and Information?
            Security
        Commercial & legal

 Process                       Make Decisions

             10
              0          E
 Information 0           W
                               Support Decisions
                         N
               1st 4th
               Qtr Qtr

                               Transform Data into
 Application
                               Info

                               Facts based on
 Data
                               reality


 Infrastructure                Connect Securely


Need for “Trust” and a “Common Language of Business”
                         www.tscp.org
                                                      5
In a collaborative environment based on Trust, how important
is it ...

 To Trust someone else? (Corporate view)

 To be Trustworthy? (Collaboration view)




                        www.tscp.org
                                                               6
Protecting Sensitive Data – “The Gap”
                                              Few people, little data, low dynamics

National Security

                                      TS
                                                             Rules
                                SECRET


                             CONFIDENTIAL

                                                              No
                    Sensitive but Unclassified               Rules


                                  Public
                                             Lots of people & data, rapid dynamics
                                                               &
              Intellectual Property           Cross-organisation & cross-nation
                              www.tscp.org
                                                                                 7
Background…

The Phase I delivered a guidance framework to enable secure
collaboration
                                                               Framework for Secure
                    Motivation                                     Collaboration
                Defense Collaboration
   The drive by UK MOD, US DoD, industry and
    exchanges to meet collaborative business goals
    requires information to be shared more widely,
    securely, effectively and affordably between US,
    UK and other European nations

   To collaborate successfully, corporations must:
     – Connect securely to collaborative partners
       (secure transport)
     – Know and control who is accessing its data
       externally (authentication)
     – Segregate data by projects and programs
       (authorization)

   The ability to segregate data at all layers
    (network, host, application, data base) is not
    currently being addressed




                                                www.tscp.org
                                                                                      8
  Background…
 The purpose of the Framework was to provide a common
 baseline to setup Secure Collaborative Environments (SCE)

SECURITY                             Government                                                                Personal                                                   Corporate
DRIVERS                              Information                                                             Information                                                 Information                              17 Security Services
                                                                                                                                                                                                                   ? Directory Services
                                                                                                                                                                                                                   -
                                                                                                                                                                                                                   ? Authentication
                                                                                                                                                                                                                   -
                                                                                                          Privacy Act of 1974,
REGULATIONS
                                 EAA/EARITAR,
                                                                                                         EU Directive 95/46/EC,                          Company Specific Policies*
                                                                                                                                                               -                                                   ? Authorization
                                                                                                                                                                                                                   -
                             Export Control Act of 2002
                                                                                                      UK Data Protection Act of 1998                                                                               ? Certificate
                                                                                                                                                                                                                   -
                                                                                                                                                                                                                     Management
                                                             THREE-PHASED RISK MANAGEMENT METHODOLOGY                                                                                                              ? Web Single Sign On
                                                                                                                                                                                                                   -
                                                                                                                                                                                                                   ? Accounting and
                                                                                                                                                                                                                   -
                                                                                          INFORMATION SECURITY                                                                                                       Logging
CAPSTONE
                                                                                                                                                                                          *Not addressed in the    ? Network Encryption
                                                                                                                                                                                                                   -
                                  EXPORT CONTROL                                                                   PRIVACY                               PROPRIETARY*                     DMZ Architecture
                                                                                                                                                                                                                   ? Application Encryption
                                                                                                                                                                                                                   -
                                                                                                                                                                                                                   ? Data Encryption
                                                                                                                                                                                                                   -
                                                                                                       RISK MANAGEMENT                                                                                             ? Infrastructure Security
                                                                                                                                                                                                                   -
                                                                                                                                                                                                                     Management
                                                                                    Handling Information




                                                                                                                                                                                                                   ? Security Monitoring
                                                                                                                                                                                                                   -




                                                                                                                                                      Computer Network
                                                                                                                                                                                                Gold
                                                               Personnel Security
                                         Physical Security




                                                                                      Marking and




ENABLING                                                                                                                                                                                                           ? Virus Scanning
                                                                                                                                                                                                                   -




                                                                                                                                                                          Configuration
                              CONTROLS




                                                                                                                          Data Purging
                GOVERNANCE




                                                                                                            Management




                                                                                                                                                                           Management
                                                                                                                                         Encryption




                                                                                                                                                                           Enterprise
POLICIES,                                                                                                                                                                                                          ? Electronic Mail
                                                                                                                                                                                                                   -
                                                                                                             Identity




                                                                                                                                                          Defence
PROCEDURES.                                                                                                                                                                                                          Filtering
AND
                                                                                                                                                                                              Silver
                                                                                                                                                                                                                   ? Firewalling
                                                                                                                                                                                                                   -
MECHANISMS                                                                                                                                                                                                         ? Application Proxying
                                                                                                                                                                                                                   -
                                                                                                                                                                                            Bronze                 ? Virtual Private
                                                                                                                                                                                                                   -
                                                                                                                                                                                                                     Networking
                                                                                                                                                                                                                   ? Network Segmentation
                                                                                                                                                                                                                   -
                                                                    CERTIFICATION AND ACCREDIATION

                                                                                                           VERIFICATION



                                                                                                                         www.tscp.org
                                                                                                                                                                                                                                            9
The Framework also outlined a conceptual architecture designed
with “trust” zones where the SCE would be contained in the
“Yellow Zone”
                                                                                                                                                                                                             SCE Conceptual Architecture
                                       Prime Contractor
                                                                                                                                                                                                                                                                                              Employee
                                                                                                                                                                                                                                4                                                                                                          Internal
                                                                                                                                                                                                                                  External                                                  Remote Access                                 Application                                      9   Dir      Dir   Dir            9                         9
                                                                                                                        Application                                                                                              Certificate                                                    VPN                                         Servers
                                                                                                                                                                                           Portal                                Management                                                 Concentrators                                                                    Internal                                 Internal
                                                                                                                           Proxy
                                                                                                                                                                                          Servers                                 Servers                                                                                                                                   Business                                 Certificate
                                                                                    DNS Servers                           Servers                                                                                                                                                                                         2
         US                                                                                                                                                                                                                            External                                                         Internal                                                            Databases                               Management
                                                                                                                                         8      15                                  8                                                 Password/                                             16         Password/                                                                                                       Servers                                            11
                                                                                                                                                                                                                                                                                                                                                             3                                                                                                     IDS/Log
                                                                                                                                                                                                                                     Token-based                                                 7    Token-based                               8                                                                                       4
                                                                                                                                             N F
                                                                                                                                             T rs
                                                                                                                                             W II-
                                                                                                                                             E o
                                                                                                                                             R
                                                                                                                                             S
                                                                                                                                             K
                                                                                                                                             O n
                                                                                                                                             U t
                                                                                                                                             F a
                                                                                                                                             D
                                                                                                                                             Y                                  R
                                                                                                                                                                                T rs
                                                                                                                                                                                E o
                                                                                                                                                                                N F
                                                                                                                                                                                W a
                                                                                                                                                                                S
                                                                                                                                                                                K
                                                                                                                                                                                U t
                                                                                                                                                                                D
                                                                                                                                                                                O n
                                                                                                                                                                                F II-
                                                                                                                                                                                Y                                  T rs
                                                                                                                                                                                                                   R
                                                                                                                                                                                                                   E o
                                                                                                                                                                                                                   K
                                                                                                                                                                                                                   N F
                                                                                                                                                                                                                   W a
                                                                                                                                                                                                                   S
                                                                                                                                                                                                                   D
                                                                                                                                                                                                                   U t
                                                                                                                                                                                                                   O n
                                                                                                                                                                                                                   F II-
                                                                                                                                                                                                                   Y                                                                                                                                                                                                                                              Correlation

       NIPRNet                                                                                                                                                                                                                      Authentication                                                   Authentication
                                             Internet
                                                                                                                                                                                                                                        Server                      11                                   Server                                     N F
                                                                                                                                                                                                                                                                                                                                                    S
                                                                                                                                                                                                                                                                                                                                                    K
                                                                                                                                                                                                                                                                                                                                                    E o
                                                                                                                                                                                                                                                                                                                                                    W a
                                                                                                                                                                                                                                                                                                                                                    T rs
                                                                                                                                                                                                                                                                                                                                                    R
                                                                                                                                                                                                                                                                                                                                                    Y
                                                                                                                                                                                                                                                                                                                                                    D
                                                                                                                                                                                                                                                                                                                                                    F II-
                                                                                                                                                                                                                                                                                                                                                    U t
                                                                                                                                                                                                                                                                                                                                                    O n                                              N F
                                                                                                                                                                                                                                                                                                                                                                                                     R
                                                                                                                                                                                                                                                                                                                                                                                                     K
                                                                                                                                                                                                                                                                                                                                                                                                     T rs
                                                                                                                                                                                                                                                                                                                                                                                                     W II-
                                                                                                                                                                                                                                                                                                                                                                                                     E o
                                                                                                                                                                                                                                                                                                                                                                                                     S
                                                                                                                                                                                                                                                                                                                                                                                                     D
                                                                                                                                                                                                                                                                                                                                                                                                     U t
                                                                                                                                                                                                                                                                                                                                                                                                     F a
                                                                                                                                                                                                                                                                                                                                                                                                     O n
                                                                                                                                                                                                                                                                                                                                                                                                     Y                                  K
                                                                                                                                                                                                                                                                                                                                                                                                                                        W II-
                                                                                                                                                                                                                                                                                                                                                                                                                                        S
                                                                                                                                                                                                                                                                                                                                                                                                                                        E o
                                                                                                                                                                                                                                                                                                                                                                                                                                        N F
                                                                                                                                                                                                                                                                                                                                                                                                                                        T rs
                                                                                                                                                                                                                                                                                                                                                                                                                                        R
                                                                                                                                                                                                                                                                                                                                                                                                                                        D
                                                                                                                                                                                                                                                                                                                                                                                                                                        Y
                                                                                                                                                                                                                                                                                                                                                                                                                                        O n
                                                                                                                                                                                                                                                                                                                                                                                                                                        U t
                                                                                                                                                                                                                                                                                                                                                                                                                                        F a                         Engine
                                             Firewall                                                                                                                                                                                                    2                                  14                                                                                                                                                                                  12
                                                         14                                                          14                                                                                                                                                                                                                                                                                                                                            Systems and
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Antivirus 10
                                                                                                                                                                                                                                                               17                                                                                                                                                                                                  Management
                                                                                                        17                                                                                                                                                                                                                                                                                                                              D
                                                                                                                                                                                                                                                                                                                                                                                                                                        N
                                                                                                                                                                                                                                                                                                                                                                                                                                        F
                                                                                                                                                                                                                                                                                                                                                                                                                                        O
                                                                                                                                                                                                                                                                                                                                                                                                                                        U
                                                                                                                                                                                                                                                                                                                                                                                                                                        K
                                                                                                                                                                                                                                                                                                                                                                                                                                        R
                                                                                                                                                                                                                                                                                                                                                                                                                                        T
                                                                                                                                                                                                                                                                                                                                                                                                                                        W
                                                                                                                                                                                                                                                                                                                                                                                                                                        E
                                                                                                                                                                                                                                                                                                                                                                                                                                        NY
                                                                                                                                                                                                                                                                                                                                                                                                                                         R
                                                                                                                                                                                                                                                                                                                                                                                                                                         S     r
                                                                                                                                                                                                                                                                                                                                                                                                                                               I
                                                                                                                                                                                                                                                                                                                                                                                                                                               -
                                                                                                                                                                                                                                                                                                                                                                                                                                               n
                                                                                                                                                                                                                                                                                                                                                                                                                                               F
                                                                                                                                                                                                                                                                                                                                                                                                                                               a
                                                                                                                                                                                                                                                                                                                                                                                                                                               s
                                                                                                                                                                                                                                                                                                                                                                                                                                               t
                                                                                                                                                                                                                                                                                                                                                                                                                                               o
                                                                                                                                                                                                                                                                                                                                                                                                                                                     17              Servers
                                                                                                                                                                                                                                                                                                                                                        O
                                                                                                                                                                                                                                                                                                                                                        U
                                                                                                                                                                                                                                                                                                                                                        N
                                                                                                                                                                                                                                                                                                                                                        D
                                                                                                                                                                                                                                                                                                                                                        F
                                                                                                                                                                                                                                                                                                                                                        K
                                                                                                                                                                                                                                                                                                                                                        R
                                                                                                                                                                                                                                                                                                                                                        T
                                                                                                                                                                                                                                                                                                                                                        E
                                                                                                                                                                                                                                                                                                                                                        W
                                                                                                                                                                                                                                                                                                                                                        NY
                                                                                                                                                                                                                                                                                                                                                         R
                                                                                                                                                                                                                                                                                                                                                         S       F
                                                                                                                                                                                                                                                                                                                                                                 n
                                                                                                                                                                                                                                                                                                                                                                 -
                                                                                                                                                                                                                                                                                                                                                                 a
                                                                                                                                                                                                                                                                                                                                                                 o
                                                                                                                                                                                                                                                                                                                                                                 r
                                                                                                                                                                                                                                                                                                                                                                 I
                                                                                                                                                                                                                                                                                                                                                                 t
                                                                                                                                                                                                                                                                                                                                                                 s
                                                                         O
                                                                         U
                                                                         N
                                                                         D
                                                                         F
                                                                         S
                                                                         T
                                                                         N
                                                                         E
                                                                         R
                                                                         W
                                                                         KY
                                                                          R   F
                                                                              t
                                                                              o
                                                                              n
                                                                              r
                                                                              I
                                                                              -
                                                                              a
                                                                              s                                                                                      F
                                                                                                                                                                     O
                                                                                                                                                                     N
                                                                                                                                                                     D
                                                                                                                                                                     U
                                                                                                                                                                     R
                                                                                                                                                                     N
                                                                                                                                                                     E
                                                                                                                                                                     W
                                                                                                                                                                     K
                                                                                                                                                                     TY
                                                                                                                                                                      R
                                                                                                                                                                      S     r
                                                                                                                                                                            t
                                                                                                                                                                            a
                                                                                                                                                                            s
                                                                                                                                                                            F
                                                                                                                                                                            n
                                                                                                                                                                            -
                                                                                                                                                                            o
                                                                                                                                                                            I                           N
                                                                                                                                                                                                        U
                                                                                                                                                                                                        O
                                                                                                                                                                                                        D
                                                                                                                                                                                                        F
                                                                                                                                                                                                        N
                                                                                                                                                                                                        T
                                                                                                                                                                                                        W
                                                                                                                                                                                                        K
                                                                                                                                                                                                        R
                                                                                                                                                                                                        EY
                                                                                                                                                                                                         R
                                                                                                                                                                                                         S   r
                                                                                                                                                                                                             F
                                                                                                                                                                                                             o
                                                                                                                                                                                                             s
                                                                                                                                                                                                             -
                                                                                                                                                                                                             t
                                                                                                                                                                                                             n
                                                                                                                                                                                                             I
                                                                                                                                                                                                             a
                                                                                                                                                                                                                                                                                                                                                                                                                                                                   Logging &
                                                                                                                                      Web Single Sign                                                                                                                                                                                                                                                                                                              Accounting
                                                                                                                                        On (WSSO)          2         3          5                       1                                                                                                                                           1                                                                                                               Servers
                                                                                                                                                                                                                                                              16
                                                                                                                                                                                                                                                                                       N
                                                                                                                                                                                                                                                                                       U
                                                                                                                                                                                                                                                                                       O
                                                                                                                                                                                                                                                                                       D
                                                                                                                                                                                                                                                                                       F
                                                                                                                                                                                                                                                                                       T
                                                                                                                                                                                                                                                                                       W
                                                                                                                                                                                                                                                                                       E
                                                                                                                                                                                                                                                                                       K
                                                                                                                                                                                                                                                                                       R
                                                                                                                                                                                                                                                                                       NY
                                                                                                                                                                                                                                                                                        R
                                                                                                                                                                                                                                                                                        S    t
                                                                                                                                                                                                                                                                                             s
                                                                                                                                                                                                                                                                                             I
                                                                                                                                                                                                                                                                                             a
                                                                                                                                                                                                                                                                                             o
                                                                                                                                                                                                                                                                                             r
                                                                                                                                                                                                                                                                                             -
                                                                                                                                                                                                                                                                                             n
                                                                                                                                                                                                                                                                                             F
                                                                                                                                                                                                                         External User                                                                                                                                Enterprise
                                                                                         Public Web                                       Policy,                                                                          Store for                 7                                                                                                                Directory                                                                                     6
                                        13  Mail                                         Server Farm                                  Authentication                                                                     External and                                              8                                                                                   Servers
                                                                                                                                           and                                                                                                                                                        Extranet                                                                            Business Intellegence, ERP,                                      Enterprise
                                          Filtering           8                                                                                                                                                           DMZ Users                                                                                                                                                                                                                          Data
                                                                                                                                       Authorization                                                                                                                                                 Application                                                                         Manufacturing, HR, Payroll, and                Data
                                         Appliances                                                                                                                                                                                                Business                                                                                                                                                                                                Warehouse
                                                                                                                                          Servers                                                                                                                                                      Servers                                  Dir          Dir     Dir                    other business systems
                                                                   Db         Db    Db
                                                                                                                                                           9
                                                                                                                                                                 Dir       Dir      Dir
                                                                                                                                                                                             9
                                                                                                                                                                                                    Dir      Dir   Dir                            Partner VPN
                                                                                                                                                                                                                                                 Concentrators                                                                             9                                                            3                                          9                Prime
                                       Managed Security Service Provider                                                                                                                                                             NIPRNet G/W              RLI G/W        P2P G/W
                                                                                                                                                                                                                                                                                                                                                                      Prime Contractor Remote Location                                                            Contractor
                                                                                                                                                                                                                                                                                                                                                                                                                       Employee
                                                                                   F
                                                                                   U
                                                                                   D
                                                                                   N
                                                                                   O
                                                                                   W
                                                                                   E
                                                                                   R
                                                                                   S
                                                                                   K
                                                                                   N
                                                                                   TY
                                                                                    R   o
                                                                                        -
                                                                                        r
                                                                                        F
                                                                                        a
                                                                                        I
                                                                                        t
                                                                                        s
                                                                                        n
                                                                                                                                                          O
                                                                                                                                                          D
                                                                                                                                                          F
                                                                                                                                                          N
                                                                                                                                                          U
                                                                                                                                                          R
                                                                                                                                                          W
                                                                                                                                                          T
                                                                                                                                                          K
                                                                                                                                                          E
                                                                                                                                                          NR
                                                                                                                                                           Y
                                                                                                                                                           S    r
                                                                                                                                                                -
                                                                                                                                                                a
                                                                                                                                                                F
                                                                                                                                                                I
                                                                                                                                                                n
                                                                                                                                                                s
                                                                                                                                                                t
                                                                                                                                                                o
                                                                                                                                                                                                    Incident
                                                                                                                                                                                                    Response
                                                                                                                                                                                                    Tracking
                                                                                                                                                                                                                                     NIPRNet G/W
                                                                                                                                                                                                                                          U
                                                                                                                                                                                                                                          N
                                                                                                                                                                                                                                          D
                                                                                                                                                                                                                                          F
                                                                                                                                                                                                                                          O
                                                                                                                                                                                                                                          T
                                                                                                                                                                                                                                          E
                                                                                                                                                                                                                                          W
                                                                                                                                                                                                                                          K
                                                                                                                                                                                                                                          R
                                                                                                                                                                                                                                          NR
                                                                                                                                                                                                                                           Y
                                                                                                                                                                                                                                           S  n
                                                                                                                                                                                                                                              -
                                                                                                                                                                                                                                              r
                                                                                                                                                                                                                                              s
                                                                                                                                                                                                                                              I
                                                                                                                                                                                                                                              o
                                                                                                                                                                                                                                              t
                                                                                                                                                                                                                                              F
                                                                                                                                                                                                                                              a
                                                                                                                                                                                                                                                              RLI G/W        P2P G/W                                                                                                    Internal
                                                                                                                                                                                                                                                                                                                                                                                       Application
                                                                                                                                                                                                                                                                                                                                                                                         Servers
                                                                                                                                                                                                                                                                                                                                                                                                                     Remote Access
                                                                                                                                                                                                                                                                                                                                                                                                                         VPN                                        WAN
                                                                                                                                                                                                                                                                                                                                                                                                                     Concentrators
                                                                                                                                                                                                                                                                                                       O
                                                                                                                                                                                                                                                                                                       U
                                                                                                                                                                                                                                                                                                       N
                                                                                                                                                                                                                                                                                                       D
                                                                                                                                                                                                                                                                                                       F
                                                                                                                                                                                                                                                                                                       R
                                                                                                                                                                                                                                                                                                       W
                                                                                                                                                                                                                                                                                                       K
                                                                                                                                                                                                                                                                                                       T
                                                                                                                                                                                                                                                                                                       E
                                                                                                                                                                                                                                                                                                       NY
                                                                                                                                                                                                                                                                                                        R
                                                                                                                                                                                                                                                                                                        S   -
                                                                                                                                                                                                                                                                                                            n
                                                                                                                                                                                                                                                                                                            a
                                                                                                                                                                                                                                                                                                            s
                                                                                                                                                                                                                                                                                                            F
                                                                                                                                                                                                                                                                                                            o
                                                                                                                                                                                                                                                                                                            r
                                                                                                                                                                                                                                                                                                            I
                                                                                                                                                                                                                                                                                                            t
                                                                                                       Public Web                                                                                                                                                                                                                 Internal IT
                                                                                                       Server Farm                                                          Customer
                                                                                                                                                                                                                                                                                                                                  Operations
                                                                                                                                                                             Portal
                                                                                                                             Customer                                                         IDS Correlation              Data Feed                                                                                                                                                      T rs
                                                                                                                                                                                                                                                                                                                                                                                          E o
                                                                                                                                                                                                                                                                                                                                                                                          S
                                                                                                                                                                                                                                                                                                                                                                                          K
                                                                                                                                                                                                                                                                                                                                                                                          R
                                                                                                                                                                                                                                                                                                                                                                                          W II-
                                                                                                                                                                                                                                                                                                                                                                                          N F
                                                          DNS Servers         Db        Db        Db                           VPN                                                               Engines                                   Dir       Dir     Dir                                                                                                                          Y
                                                                                                                                                                                                                                                                                                                                                                                          U t
                                                                                                                                                                                                                                                                                                                                                                                          F a
                                                                                                                                                                                                                                                                                                                                                                                          O n
                                                                                                                                                                                                                                                                                                                                                                                          D
                                                                                                                                                     Dir       Dir        Dir                                              Directories
                                                                                                                           Concentrators

             UK
                                       Subcontractor
             RLI                                                                   N
                                                                                   O
                                                                                   U
                                                                                   F
                                                                                   D
                                                                                   R
                                                                                   S
                                                                                   W
                                                                                   T
                                                                                   K
                                                                                   E
                                                                                   NY
                                                                                    R   a
                                                                                        r
                                                                                        n
                                                                                        F
                                                                                        I
                                                                                        t
                                                                                        -
                                                                                        s
                                                                                        o
                                                                                                                                                                                                                                         NIPRNet G/W           RLI G/W       P2P G/W
                                                                                                                                                                                                                                                                                                                     F
                                                                                                                                                                                                                                                                                                                     N
                                                                                                                                                                                                                                                                                                                     O
                                                                                                                                                                                                                                                                                                                     U
                                                                                                                                                                                                                                                                                                                     D
                                                                                                                                                                                                                                                                                                                     N
                                                                                                                                                                                                                                                                                                                     S
                                                                                                                                                                                                                                                                                                                     W
                                                                                                                                                                                                                                                                                                                     R
                                                                                                                                                                                                                                                                                                                     K
                                                                                                                                                                                                                                                                                                                     E
                                                                                                                                                                                                                                                                                                                     TR
                                                                                                                                                                                                                                                                                                                      Y       n
                                                                                                                                                                                                                                                                                                                              F
                                                                                                                                                                                                                                                                                                                              r
                                                                                                                                                                                                                                                                                                                              I
                                                                                                                                                                                                                                                                                                                              t
                                                                                                                                                                                                                                                                                                                              s
                                                                                                                                                                                                                                                                                                                              a
                                                                                                                                                                                                                                                                                                                              o
                                                                                                                                                                                                                                                                                                                              -
                                                                                                                                                     O
                                                                                                                                                     U
                                                                                                                                                     N
                                                                                                                                                     D
                                                                                                                                                     F
                                                                                                                                                     W
                                                                                                                                                     K
                                                                                                                                                     R
                                                                                                                                                     N
                                                                                                                                                     E
                                                                                                                                                     TY
                                                                                                                                                      R
                                                                                                                                                      S    t
                                                                                                                                                           I
                                                                                                                                                           r
                                                                                                                                                           n
                                                                                                                                                           F
                                                                                                                                                           -
                                                                                                                                                           s
                                                                                                                                                           a
                                                                                                                                                           o                                  N
                                                                                                                                                                                              O
                                                                                                                                                                                              D
                                                                                                                                                                                              F
                                                                                                                                                                                              U
                                                                                                                                                                                              W
                                                                                                                                                                                              N
                                                                                                                                                                                              R
                                                                                                                                                                                              K
                                                                                                                                                                                              T
                                                                                                                                                                                              ER
                                                                                                                                                                                               Y
                                                                                                                                                                                               S    -
                                                                                                                                                                                                    I
                                                                                                                                                                                                    o
                                                                                                                                                                                                    r
                                                                                                                                                                                                    F
                                                                                                                                                                                                    a
                                                                                                                                                                                                    s
                                                                                                                                                                                                    n
                                                                                                                                                                                                    t



                                                                                                                                                                                                                                                                                                                                                                                            Business Intellegence, ERP,
                                                                                                       Public Web                                                                                                                                                                                                                                                                          Manufacturing, HR, Payroll, and
                                                                                                       Server Farm                                                        Portal                                                                                                                                                                                                              other business systems
                                                                                                                                                                         Servers

  Internet                                                DNS Servers         Db        Db        Db
                                                                                                                               VPN
                                                                                                                           Concentrators        Dir       Dir       Dir                   Application
                                                                                                                                                                                                                               Design Tools and Extranet
                                                                                                                                                                                                                                    Applications
                                                                                                                                                                                                                                                                                                                     Data
                                                                                                                                                                                            Servers


                                       Supplier
                                                                                   F
                                                                                   N
                                                                                   O
                                                                                   U
                                                                                   D
                                                                                   N
                                                                                   T
                                                                                   W
                                                                                   S
                                                                                   E
                                                                                   K
                                                                                   RR
                                                                                    Y   t
                                                                                        I
                                                                                        r
                                                                                        o
                                                                                        a
                                                                                        n
                                                                                        -
                                                                                        F
                                                                                        s                                                                                                                                                 NIPRNet G/W              RLI G/W    P2P G/W                           O
                                                                                                                                                                                                                                                                                                                F
                                                                                                                                                                                                                                                                                                                D
                                                                                                                                                                                                                                                                                                                N
                                                                                                                                                                                                                                                                                                                U
                                                                                                                                                                                                                                                                                                                N
                                                                                                                                                                                                                                                                                                                K
                                                                                                                                                                                                                                                                                                                S
                                                                                                                                                                                                                                                                                                                W
                                                                                                                                                                                                                                                                                                                R
                                                                                                                                                                                                                                                                                                                T
                                                                                                                                                                                                                                                                                                                EY
                                                                                                                                                                                                                                                                                                                 R    r
                                                                                                                                                                                                                                                                                                                      I
                                                                                                                                                                                                                                                                                                                      a
                                                                                                                                                                                                                                                                                                                      F
                                                                                                                                                                                                                                                                                                                      s
                                                                                                                                                                                                                                                                                                                      o
                                                                                                                                                                                                                                                                                                                      -
                                                                                                                                                                                                                                                                                                                      n
                                                                                                                                                                                                                                                                                                                      t
                                                                                                                                                     O
                                                                                                                                                     U
                                                                                                                                                     N
                                                                                                                                                     D
                                                                                                                                                     F
                                                                                                                                                     E
                                                                                                                                                     W
                                                                                                                                                     R
                                                                                                                                                     N
                                                                                                                                                     T
                                                                                                                                                     KY
                                                                                                                                                      R
                                                                                                                                                      S    I
                                                                                                                                                           r
                                                                                                                                                           t
                                                                                                                                                           a
                                                                                                                                                           F
                                                                                                                                                           o
                                                                                                                                                           -
                                                                                                                                                           n
                                                                                                                                                           s                                  D
                                                                                                                                                                                              N
                                                                                                                                                                                              U
                                                                                                                                                                                              F
                                                                                                                                                                                              O
                                                                                                                                                                                              W
                                                                                                                                                                                              N
                                                                                                                                                                                              R
                                                                                                                                                                                              K
                                                                                                                                                                                              T
                                                                                                                                                                                              ER
                                                                                                                                                                                               Y
                                                                                                                                                                                               S    -
                                                                                                                                                                                                    I
                                                                                                                                                                                                    a
                                                                                                                                                                                                    F
                                                                                                                                                                                                    s
                                                                                                                                                                                                    r
                                                                                                                                                                                                    o
                                                                                                                                                                                                    n
                                                                                                                                                                                                    t




                                                                                                                                                                                                                                                 F
                                                                                                                                                                                                                                                 O
                                                                                                                                                                                                                                                 N
                                                                                                                                                                                                                                                 U
                                                                                                                                                                                                                                                 D
                                                                                                                                                                                                                                                 E
                                                                                                                                                                                                                                                 W
                                                                                                                                                                                                                                                 N
                                                                                                                                                                                                                                                 T
                                                                                                                                                                                                                                                 K
                                                                                                                                                                                                                                                 RR
                                                                                                                                                                                                                                                  Y
                                                                                                                                                                                                                                                  S      t
                                                                                                                                                                                                                                                         F
                                                                                                                                                                                                                                                         -
                                                                                                                                                                                                                                                         a
                                                                                                                                                                                                                                                         n
                                                                                                                                                                                                                                                         I
                                                                                                                                                                                                                                                         r
                                                                                                                                                                                                                                                         o
                                                                                                                                                                                                                                                         s
                                                                                                                                                                                                                                                                                                                                                                                   Legend - 17 Key Security Services
                                                                                                       Public Web
                                                                                                       Server Farm                                                        Portal                                                                                                                                                                                                   (indicated in "Prime Contractor " only)
                                                                                                                                                                         Servers
                                                                                                                                                                                                                                                                                                            Data
  Point to                                                DNS Servers         Db        Db        Db
                                                                                                                               VPN
                                                                                                                           Concentrators        Dir       Dir       Dir                   Application
                                                                                                                                                                                            Servers
                                                                                                                                                                                                                                                                                                                                                                                   1    Directory Services                         10       Infrastructure Security Management

                                                                                                                                                                                                                                                                                                                                                                                   2    Authentication                             11       Security Monitoring

   Point                               Government                                                                                                                                                                                                                                                                                                                                  3    Authorization                              12       Virus Scanning


   Links                                                                           O
                                                                                   D
                                                                                   N
                                                                                   U
                                                                                   F
                                                                                   N
                                                                                   S
                                                                                   R
                                                                                   W
                                                                                   T
                                                                                   E
                                                                                   KR
                                                                                    Y   I
                                                                                        t
                                                                                        n
                                                                                        -
                                                                                        o
                                                                                        s
                                                                                        F
                                                                                        a
                                                                                        r
                                                                                                                                                     O
                                                                                                                                                     U
                                                                                                                                                     F
                                                                                                                                                     D
                                                                                                                                                     N
                                                                                                                                                     R
                                                                                                                                                     T
                                                                                                                                                     W
                                                                                                                                                     K
                                                                                                                                                     E
                                                                                                                                                     NY
                                                                                                                                                      R
                                                                                                                                                      S    t
                                                                                                                                                           a
                                                                                                                                                           -
                                                                                                                                                           n
                                                                                                                                                           s
                                                                                                                                                           r
                                                                                                                                                           o
                                                                                                                                                           F
                                                                                                                                                           I                                  O
                                                                                                                                                                                              N
                                                                                                                                                                                              D
                                                                                                                                                                                              U
                                                                                                                                                                                              F
                                                                                                                                                                                              E
                                                                                                                                                                                              W
                                                                                                                                                                                              R
                                                                                                                                                                                              N
                                                                                                                                                                                              T
                                                                                                                                                                                              KY
                                                                                                                                                                                               R
                                                                                                                                                                                               S    F
                                                                                                                                                                                                    I
                                                                                                                                                                                                    t
                                                                                                                                                                                                    s
                                                                                                                                                                                                    -
                                                                                                                                                                                                    a
                                                                                                                                                                                                    n
                                                                                                                                                                                                    o
                                                                                                                                                                                                    r
                                                                                                                                                                                                                                     NIPRNet G/W              RLI G/W                                           N
                                                                                                                                                                                                                                                                                                                F
                                                                                                                                                                                                                                                                                                                U
                                                                                                                                                                                                                                                                                                                D
                                                                                                                                                                                                                                                                                                                O
                                                                                                                                                                                                                                                                                                                W
                                                                                                                                                                                                                                                                                                                E
                                                                                                                                                                                                                                                                                                                T
                                                                                                                                                                                                                                                                                                                S
                                                                                                                                                                                                                                                                                                                K
                                                                                                                                                                                                                                                                                                                N
                                                                                                                                                                                                                                                                                                                RR
                                                                                                                                                                                                                                                                                                                 Y    -
                                                                                                                                                                                                                                                                                                                      I
                                                                                                                                                                                                                                                                                                                      t
                                                                                                                                                                                                                                                                                                                      s
                                                                                                                                                                                                                                                                                                                      a
                                                                                                                                                                                                                                                                                                                      F
                                                                                                                                                                                                                                                                                                                      o
                                                                                                                                                                                                                                                                                                                      n
                                                                                                                                                                                                                                                                                                                      r
                                                                                                                                                                                                                                                                                                                                                                                   4
                                                                                                                                                                                                                                                                                                                                                                                   5
                                                                                                                                                                                                                                                                                                                                                                                        Certificate Management

                                                                                                                                                                                                                                                                                                                                                                                        Web Single Sign On Policy
                                                                                                                                                                                                                                                                                                                                                                                                                                   13
                                                                                                                                                                                                                                                                                                                                                                                                                                   14
                                                                                                                                                                                                                                                                                                                                                                                                                                            Electronic Mail Filtering

                                                                                                                                                                                                                                                                                                                                                                                                                                            Firewalling

                                                                                                                                                                                                                                                                                                                                                                                   6    Accounting and Logging                     15       Application Proxying
                                                                                                                                                                                                                                           O
                                                                                                                                                                                                                                           U
                                                                                                                                                                                                                                           N
                                                                                                                                                                                                                                           D
                                                                                                                                                                                                                                           F
                                                                                                                                                                                                                                           K
                                                                                                                                                                                                                                           R
                                                                                                                                                                                                                                           T
                                                                                                                                                                                                                                           E
                                                                                                                                                                                                                                           W
                                                                                                                                                                                                                                           NY
                                                                                                                                                                                                                                            R
                                                                                                                                                                                                                                            S    F
                                                                                                                                                                                                                                                 n
                                                                                                                                                                                                                                                 -
                                                                                                                                                                                                                                                 a
                                                                                                                                                                                                                                                 o
                                                                                                                                                                                                                                                 r
                                                                                                                                                                                                                                                 I
                                                                                                                                                                                                                                                 t
                                                                                                                                                                                                                                                 s
                                                                                                       Public Web                                                                                                                                                                                                                                                                  7    Network Encryption                         16       Virtual Private Networking (VPN)
                                                                                                       Server Farm                                                        Portal
                                                                                                                                                                         Servers
                                                                                                                                                                                                                                                                                                                                                                                   8    Application Encryption                     17       Network Segmentation
                                                                                                                                                                                                                                                                                                            Data
                                                                                                                               VPN
                                                          DNS Servers         Db        Db        Db                       Concentrators        Dir       Dir       Dir                   Application                                                                                                                                                                              9    Data Encryption
                                                                                                                                                                                            Servers

                                                                                                   Router      Router

 Legend - Components                                                                                                                         Legend - Trust, Data Storage, and User Sessions Zones
                 Router                            Network IDS Sensor                             Certificate Directory                                         No Trust - Internet Network                                                                                       Collaboration Trust - DMZ
                                                                                                                                                                Data - No data stored                                                                                             Data - Only external user data and portal policy data stored
                      Network
                 Segmentation Device               Server with Host-                                                                                            User - Unauthenticated user sessions permitted                                                                    User - All user sessions must be authenticated. All user sessions are encryupted via VPN and application level encryption
                                                                                            Dir   Directory (LDAP/X500)
        F
        U
        O
        N
        D
        S
        W
        T
        K
        E
        N
        RY
         R   F
             a
             r
             I
             t
             n
             -
             s
             o                                     based IDS Sensor
                 Load Balancer

                                                                                            Db    Database                                                      Public Trust - Public Network                                                                                     Trusted - Corporate LAN
                 VPN Concentrator/                 High-speed Data Line
                 Gateway                           (T1, E1, DS3...)                                                                                             Data - Minimum public web application data stored                                                                 Data - All application data and internal user data stored. The majority of all data stored in this zone.
                                                                                                                                                                User - Unauthenticated user sessions permitted from all zones                                                     User - No user session permitted from YELLOW Zone. Only employee user sessions permitted via VPN or LAN.
                                                      WAN/Internet/P2P                            Server
                 Firewall Cluster                     Networks




                                                                                                                                                 www.tscp.org
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     10
 Phase 2 Requirements…

The Governance Board provided statements of requirement to
develop guidance framework documents
                                              Summary of Key Requirements
              Export Control Guidance                                             CIDM Framework Guidance
Enable secure exchange of export control data in a        Design an affordable, manageable and scaleable identity management
  manner that complies with US, Canadian, UK laws             framework for collaboration
  and regulations, with a view to extending operation
                                                            Provide identity proofing within and across the organizations
  to other European countries and Australia
                                                            Support role management within and across the organization
Monitor and control the onward transmission of
  export controlled data                                    Provide interoperable yet manageable identity schemas that can be
                                                              utilized by a wide range of organizations
Disallow unauthorized access to data
                                                            Protect the intellectual and proprietary data through identity proofing
Provide an affordable, manageable and scaleable             and role management
  mechanism to monitor, control the access to and
  transfer of data, and audit compliance                    Enable collaborative access to sensitive information controlled for
                                                              purposes of national security (e.g. UK RESTRICTED and US
Provide manageable and cost effective mechanisms            Controlled Unclassified Information)
  for ongoing verification of authorized users and
  support accreditation requirements for sharing of         Comply with privacy regulations
  export controlled information                             Support digital signature or other requirements for contractually binding
Address legacy export controlled data in new                agreements
  environment                                               Identify affordable CIDM technical solutions to collaborative
Develop recommendations that can be implemented             participants that find PKI cost-prohibitive while building technical
  using current technologies                                  solutions that can still use the advanced capabilities provided by PKI
                                                            Satisfy information sharing requirements for certification and
                                                              accreditation
                                                            Develop guidance for multiple stakeholders, including companies,
                                                              governments, certifying and registration authorities, and Bridge
                                                              providers that can be implemented quickly in a variety of environments


                                                        www.tscp.org
                                                                                                                                    11
Phase II Players
   Airbus/EADS
   BAE SYSTEMS
The Boeing Company
        CAE
  Lockheed Martin
    Corporation
Northrop Grumman
 Raytheon Company                     • Defense
    Rolls-Royce                       • DoD
  Smiths Aerospace
                                      • MOD
Westland Helicopters
                                      • DND
                       www.tscp.org
                                                  12
 Purpose, Background & Status…Overview

Booz Allen, sponsored by ten companies and supported by the
UKCeB TF, was tasked with developing guidance to protect
export controlled data in a collaborative environment
 Background
  – European, UK, US, and some Canadian defense companies involved in international collaboration are
    increasingly concerned at the extent to which the penalties associated with violations of diverse multi-
    jurisdictional export control regulatory environments are hampering or threatening their ability to
    collaborate and compete in a broadly similar manner across national boundaries
 Requirements
  – Provide guidance on the protection of export-controlled data in a way that gives greater confidence of
    compliance to the regulators of different nations and collaborative partners, particularly with regard to the
    sharing of measurable audit data. The guidance should build upon the Phase 1 Framework for Secure
    Collaboration.
  – Provide guidance for companies involved in collaboration to implement common and interoperable identity
    management capabilities to control access to data
 Approach
  – (1) Capture the requirements, define the “As-Is” and “To-Be,” assess the gaps, and identify a design to bridge the
    gaps
  – (2) Coordinate with other relevant initiatives and best practices and engage with major stakeholders outside
    the TSCP participants
  – (3) Design a framework of principles and guidelines including management, procedural, and technical
    characteristics
 Program Goals
  – Participating companies will endorse and accept the requirements, design and framework
  – The US, UK, and Canadian regulatory authorities will find the framework to be sound guidance for improved
    collaboration

                                               www.tscp.org
                                                                                                                  13
Approach…Phase II…

Collaborative Identity management is a critical capability
required to mitigate the risks associated with compliance to
export control regulations
    Integration of Export Control Guidance & Collaborative Identity Management Frameworks

        Export Controls                                                      Collaborative Identity
                                         Collaboration Program                    Management
         Corporate Export                    Requirements
         Control Policies

                                                                                Corporate Identity
                                                                               Management Solution
        US CUI Regulations
                                               Identity       Federated        US & UK Government
                                             Management                        Identity Management
                               Export                        Collaborative
                                             Capabilities                             Initiatives
        US Export Control     Controls       Required to        Identity
          Regulations         Guidance      Support Export   Management
                                                              Framework      Other Government Identity
                                               Control
                                             Compliance                       Management Initiatives
                                                                              [EU, Canada, Australia]
        UK Export Control
          Regulations
                                                                             Industry Services & Vendor
                                                                                      Solutions
       Other Export Control
         Regulations [EU,
        Australia, Canada]




                                         www.tscp.org
                                                                                                          14
            Validated Draft Design Review …Conceptual Architecture (As-Is)

             The “As Is” CTA relies upon replication of data and many 1:1
             trust relationships to facilitate collaboration
                                                                               Nation 1                                                     Nation 2
              Company B,                                                                          Nation 1                         Nation 2                                                                      Company B,
               Nation 1                                                                         Collaboration                    Collaboration                                                                    Nation 2
                                                                                               Intermediaries
                                                                                               (Governments,
                                                                                                                                Intermediaries
                                                                                                                                (Governments,
                                                                                                                                                                                                                                   • Distributed replicated data
                                              Directory
                                                                                                 Third Party
                                                                                                 Providers)
                                                                                                                                  Third Party
                                                                                                                                  Providers)                                        Directory
                                                                                                                                                                                                                                     environment results in
              Controlled
                Data
                                                                                                                                                                                                                      Controlled
                                                                                                                                                                                                                        Data         higher costs and difficult
Company B




                                     Apps                                                                                                                                                       Apps
                                                                                                                                                                                                                                     data management
                Non
                                                                                                                                                                                                                                   • Duplicative security
                                                                                                                                                                                                                        Non
              Controlled                                                                                                                                                                                              Controlled
                Data                                                                                                                                                                                                    Data
                                                                                                                                                                                                                                     management results in
                                                1:1 CROSS

                                Certificate
                                              CERTIFICATIONS
                                                                                                                                                                                                Certificate                          overall lower security
                                                                                                                                                                                                Systems
                                Systems
                                                                                                                                                                   Non-Employee                                     HR Systems
                                                                                                                                                                                                                                     environment
              HR Systems                                   Non-Employee
                                                                                                                                                                  HR-type Systems
                                                          HR-type Systems


                                                                       Contractors &
                                                                                                                                                                                                                                   • Multiple identity
                            Employees                          HUMAN                                                                              Contractors &   HUMAN                              Employees

                               HUMAN
                                                            INTERACTION
                                                                        Consultants                                                                Consultants INTERACTION                                                           repositories cause
              Company A,                                                                                                                                                                                         Company A,
               Nation 1     INTERACTION                                                                                                                                                                           Nation 2           duplication and difficulty in
                                                                                                                                                                                                                                     management
                                              Directory                                                                                                                             Directory

                                                                                                                                                                                                                                   • Trust is formed on one-to-
              Controlled                                                                                                                                                                                              Controlled
                                                                                             PROPRIETARY                            PROPRIETARY
                Data                                                                                                                                                                                                    Data
Company A




                                                                                            INTERMEDIARY                           INTERMEDIARY
                                                                                             DIRECTORIES
                                    Apps                                                                        Collaborative
                                                                                                                 Directories
                                                                                                                                    DIRECTORIES
                                                                                                                                                                                                 Apps                                one basis and is not
                Non
              Controlled
                                                                                                                                                                                                                        Non
                                                                                                                                                                                                                      Controlled
                                                                                                                                                                                                                                     scalable
                Data                                                                                                                                                                                                    Data

                                                                                                                                                                                                                                   • Third Parties are used to
                                Certificate
                                                                                                                                                                                                Certificate                          host collaborative
                                                                                                                                                                                                Systems
                                Systems
                                                           Non-Employee
                                                                                                                                                                   Non-Employee                                     HR Systems
                                                                                                                                                                                                                                     applications and
               HR Systems                                                                                                                                         HR-type Systems
                                                          HR-type Systems
                                                                                                                                                                                                                                     infrastructures, driving
                            Employees                                       Contractors &
                                                                             Consultants
                                                                                                                                                  Contractors &
                                                                                                                                                   Consultants
                                                                                                                                                                                                     Employees                       increased cost and point
                                                                                                                                                                                                                                     solutions
             Trusted – Corporate LAN
             Collaboration Trust - DMZ


                                                                                                                         www.tscp.org
                                                                                                                                                                                                                                                             15
            Validated Draft Design Review …Conceptual Architecture (To-Be)
             The “To Be” CTA (Gold) uses common interoperability
             mechanisms and integrated data environments to drive trusted
             collaboration Nation 1     Nation 2
             Company B,          IDENTITY BINDING                                                                                                         IDENTITY BINDING    Company B,
                                                                                                                                                                                                 • Integrated data
                                                                                  Nation 1 Collaboration      Nation 2 Collaboration
              Nation 1    COMMON                                                                                                                                       COMMON Nation 2
                                                                                      Intermediaries              Intermediaries
                       TAGGING SCHEMA                                                                                                                              TAGGING SCHEMA
                                                                                   (Governments, Third      (Governments, Third Party
                                                                                     Party Providers)               Providers)
                                                                                                                                                                                                   environment results in less
                                                   Certificate
                                                    System
                                                                                                                                                 Certificate
                                                                                                                                                  System                                           replication, lower costs, and
              Integrated                        INTEROPERABLE                                                                               INTEROPERABLE                           Integrated
Company B




                                   Apps                                                                                                                               Apps
                 Data                           DIRECTORY ARCH                                                                              DIRECTORY ARCH                             Data        better control
             PROOFING &                                                                  National                      National                                                   PROOFING &
              VETTING                                                                    Bridges
                                                                                     INTEROPERABLE
                                                                                                                       Bridges                                                     VETTING
                                                                                                                                                                                                 • Interoperable security
                                                                                     AUTHENTICATION
                               Individual
                               Directories
                                                                                       MECHANISM                                                                  Individual
                                                                                                                                                                  Directories
                                                                                                                                                                                                   management mechanisms
                                                   Directory                                                                                       Directory
                                                Gateway Broker                                                                                  Gateway Broker                                     and infrastructure increases
               HR-type                                                                                                                                                               HR-type
               Systems
                                                                                                     Commercial
                                                                                                                                                                                     Systems       security while reducing cost
                                                                                                     Bridge & CA

                                                                                                                                                                                                 • Directory gateway
                      Employees
                                                           Contractors &
                                                            Consultants
                                                                                       COMMON
                                                                                                                                        Contractors &
                                                                                                                                         Consultants                         Employees             brokers leverage, do not
                                                                                  ATTRIBUTE SCHEMA
             Company A,
              Nation 1    COMMON
                                 IDENTITY BINDING                                                                                                        IDENTITY BINDING     Company A,
                                                                                                                                                                       COMMON Nation 2             replace, existing
                       TAGGING SCHEMA                                                              Trusted Directory                                               TAGGING SCHEMA
                                                                                                   Gateway Broker                                                                                  repositories while providing
                                                   Certificate
                                                    System
                                                                                                                                                 Certificate                                       interoperability mechanism
                                                                                                                                                  System
                                                                                                                                            INTEROPERABLE                           Integrated
Company A




               Integrated                       INTEROPERABLE                                                                                                         Apps
                  Data
                                   Apps
                                                DIRECTORY ARCH                                                                              DIRECTORY ARCH                             Data
                                                                                                                                                                                                 • Trust is formed across
             PROOFING &
              VETTING
                                                                                                                                                                                  PROOFING &
                                                                                                                                                                                   VETTING         federated environment
                                                                                                                                                                  Individual
                                                                                                                                                                                                   using bridging
                                  Individual
                                  Directories
                                                   Directory                                                                                       Directory
                                                                                                                                                Gateway Broker
                                                                                                                                                                  Directories
                                                                                                                                                                                                   mechanisms
                                                Gateway Broker
               HR-type                                                                                                                                                               HR-type
               Systems                                                                                                                                                               Systems
                                                                                                                                                                                                 • Third Parties and consortia
                                                                                                                                                                                                   assist in hosting trust and
                                                           Contractors &                                                                Contractors &                                              interoperability
                       Employees                                                                                                         Consultants                         Employees
                                                            Consultants
                                                                                                                                                                                                   infrastructure through
                                                                                                                                                                                                   Commercial Bridge and
             Trusted – Corporate LAN                                                                                                                                                               Trusted Directory Gateway
             Collaboration Trust - DMZ                                                                                                                                                             Broker

                                                                                                                   www.tscp.org
16 March 2004 –Version 1.0                                                 Transatlantic Secure Collaboration Program -- Proprietary to the Program Participants                                                            16
Validated Draft Design Review …Conceptual Architecture (Differences)

 A comparison of the two states shows a move towards
 integrated, streamlined, and standardized architectures

                          As-Is                                                   To-Be (Gold)
    DATA: Physically segregated data with no standard         DATA: Integrated data uses tagging schema to
     tagging schemes                                            assist in managing security

    SECURITY MGMT: Duplicative and stove piped                SECURITY MGMT: Distributed yet consistent
     security management                                        security management with directory integration

    IDENTITY: No single authoritative or interoperable        IDENTITY: Standardized identity schema ensures
     identity solution                                          interoperability with many repositories

    THIRD PARTIES: Reliance on third party services           THIRD PARTIES: Third parties assist in
     for specific collaborative applications and                interoperability/bridging environment – Not just
     directories for niche applications                         apps

    APPLICATIONS: Complex application data flows              APPLICATIONS: Data flows largely unaffected but
     with “hard wires” security                                 use consolidated security infrastructure

    ACCESS: Proprietary access management                     ACCESS: Streamlined access management
     processes and data flows                                   through common policies, procedures, mechanisms

    TRUST: Trust largely based on human processes             TRUST: Trust based on standard processes,
     or 1:1 point solutions                                     schemas, and minimal additional technology
                                                                investment




                                                 www.tscp.org
                                                                                                                   17
“How-To” Guide …Migration Plan
The final “How-To” Guide will outline a generic migration plan
that can be leveraged to build a company-specific migration plan
                                                                                    Quarters
     Activities/Work steps             Q1         Q2     Q3    Q4    Q5       Q6    Q7     Q8         Q9    Q10 Q11 Q12 Q13 Q14
Identify Collaboration Requirements $ - $
• Compliance
• Complexities (G/S/B)
Baseline Current Capabilities               $-$
• Compliance
• Complexity
Perform Gap Analysis                               $-$
• I/M, IAM, G&O, T&A
Develop Migration Plan                                   $-$

Migrate to Bronze level capabilities                                $$ - $$
• Information Management
• Identity Management
• Governance & Oversight
• T&A
• Technical Architecture
Migrate to Silver level capabilities
                                                                                          $$$ - $$$
• Information Management
• Identity Management
• Governance & Oversight
• T&A
• Technical Architecture
Migrate to Gold level capabilities
                                                                                                                    $$$$ - $$$$
• Information Management
• Identity Management
• Governance & Oversight
• T&A
• Technical Architecture
                                                          Phase 0              Phase I                  Phase II                      Phase II
                                                          $K - $K             $$K - $$K               $$$K - $$$K                 $$$$$K - $$$$$K


                                                              www.tscp.org
                                                                                                                                           18
                         TSCP Way Ahead
                          Implementation of the Phase 1 and Phase 2 documents

                          Support for the implementation of the Commercial Bridge

                          Support for the implementation of UID

                          … possibly, Controlled Information Release




                                                            www.tscp.org
16 March 2004 –Version 1.0         Transatlantic Secure Collaboration Program -- Proprietary to the Program Participants   19
     UID & Network Centric Collaboration




                              Industry


                         Unique Identification


People          Item             Location           Enterprise   Data


                 Network Centric Collaboration



         U.S. Agencies & External Governments
                   (e.g., UK, Australian, Canadian, Dutch)

                                     20
Collaboration depends on Data Interoperability

 Company B                          Company A
      Process                           Process
    Information                        Information
    Application                        Application
     Trans. Data                       Trans. Data
    Key Codes                          Key Codes
                          Global
                        Interface
        UID             Standards         UID



  Asset tracking                        Asset tracking



                   www.tscp.org
                                                         21
Unique IDentification (UID) is….

                       . . . the set of data for tangible
UID is . . .
                       assets that is globally unique
                       and unambiguous, ensures data
                       integrity and data quality
                       throughout life, and supports
                       multi-faceted business
                       applications and users.
EID                        370521
Serial Number              786950
Original Part Number       1234


                       www.tscp.org
                                                            22
www.tscp.org
               23
 Enterprise Integrated Data Environment
                 (EIDE)
Provide an enhanced environment
that enables the DoD Logistics
Enterprise to execute practices,
processes, applications and
decision support tools to achieve
logistics interoperability and allow
for information exchange within and
between internal and external DoD
business partners.

   - Non-system dependent transactions
   - Consolidation and reuse of
Interfaces
   - Data integration/sharing
   - Leverage Modernization Efforts
   - Data Standards not Standard Data

                                         Filename/RPS Number
             Logistics Enterprise Architecture Blueprint

                                                           Operational
                                                             View

                                                      Identifies Warfighter
                                              Relationships and Information Needs




                                                                  Data
                                                                 Views



                                      Specific Capabilities Identified to Satisfy
               Systems                Information-Exchange Levels and Other
                                      Operational Requirements
                                                                                                        Technical
                View
                                                                 Procurement of the Selected              View
                                                                 Technical Criteria Governing
Relates Capabilities and Characteristics                         Interoperable Implementation/
  to Operational Requirements                                                                    Prescribes Standards and
                                                                 System Capabilities
                                                                                                         Conventions
                                                 Unclassfied - DoD All Rights                                        26
                                                           Reserved
Defence contracting environment today requires greater co-operation
across national borders inside a global company and across
companies. Industry has made assumptions and is acting on them…
   Strategic Imperatives                Requires…                        But,…
 US DOD is the dominant        US DOD to secure              Organisations need help to
  customer                       agreement with allies and      use TSCP 1 & 2 to best
 US DOD is contracting for      trade associations.            effect.
  digital signatures on         Companies to collaborate      Companies need to see
  important electronic           with US DOD to develop         benefits of TSCP
  documents and its              approaches that maximise       investment and best
  payment portal                 interoperability and reuse     practice  V2
 US DOD is contracting for                                    Companies need approach
  ISO Unique Identification     Secure data exchange           to implement DOD/ATA
  of Tangible Items.             between partners               UID.
                                 operating in different
 US DOD is putting into         countries.                    Companies need a way to
  existing collaborative                                        link trust communities to
  programs: JSF, CH47           System of systems              satisfy DOD.
 US DOD is specifying GIG       approach based on             Companies need guidance
  architectural components       uniqueness & standards         to share/release
  in contracts                                                  documents under control.
                                Collaboration in real-time
 US DOD is demanding            to reduce the product         Companies need
  shorter technology refresh     development timeframe          guidelines to improve and
  cycles                                                        measure data quality.
 International regulators      Compliance with
                                 increasingly complex          Need KPI evidence of risk
  demand compliance or                                          management & benefits
  impose penalties               regulations


                                  www.tscp.org
                                                                                        27
                                                                                                                                                                                                                                                                                                                                                                                                                      17 Security Services
                                                        Protect
                                                         Protect                                                                                                       Protect
                                                                                                                                                                       Protect                                                                                                      Protect
                                                                                                                                                                                                                                                                                     Protect
                                                     Government                                                                                                    Personal Data                                                                                                   Corporate
                                                                                                                                                                                                                                                                                                                                                                                                                       Directory Services
                                                      Government                                                                                                   Personal Data                                                                                                   Corporate
                                                    Controlled Data
                                                    Controlled Data                                                                                                                                                                                                              Sensitive Data
                                                                                                                                                                                                                                                                                 Sensitive Data                                                                                                                        Authentication
SECURITY
 DRIVERS                                                                                                                                                                                                                                                                                                                                                                                                               Authorization
                                                                                                                                               Privacy Act of 1974,
                                          EAA/EARITAR,                                                                                                                                                                                                                                                                                                                                                                 Certificate
                                                                                                                                             EU Directive 95/46/EC,                                                                                     Company-Specific Policies*
                                      Export Control Act of 2002
                                                                                                                                           UK Data Protection Act of 1998                                                                                                                                                                                                                                               Management
                                                                                                                                                                                                                                                                                                                                                                                                                       Web Single Sign On
                                                                                                                                          INFORMATION SECURITY                                                                                                                                                                                                                                                         Accounting and
                                                                                                                                                                                                                                                                                                                                                                                                                        Logging
                                                    EXPORT CONTROL                                                                                                                   PRIVACY                                                                    PROPRIETARY*
                                                                                                                                                                                                                                                                                                                                                                                                                       Network Encryption                                                                   Publish                                                               Version 2
                                                                                                                                                 RISK MANAGEMENT                                                                                                                                                                                                                                                       Application Encryption                                                                                   Take into use                Feedback
  14 KEY
                                                                                                                                                                                                                                                                                                                                                                                                                       Data Encryption
                                                                                                                                                                                                                                                                                                                                                                                                                       Infrastructure Security
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Framework                                                               late 04
                                                                                                                                     Handling Information




                                                                                                                                                                                                                                                                Computer Network
                                                                                                         Personnel Security


                                                                                                                                                                                                                                                                                                                                                                                                                        Management
                                                                   Physical Security




POLICIES




                                                                                                                                                                                                                                                                                        Configuration
                                                                                                                                                                   Management




                                                                                                                                                                                                                                                                                         Management
                                                                                                                                                                                                        Data Purging
                                               CONTROLS
                        GOVERNANCE




                                                                                                                                                                                                                                     Encryption
                                                                                                                                                                                                                                                                                                                                                                                                                       Security Monitoring
                                                                                                                                       Marking and




                                                                                                                                                                                                                                                                                         Enterprise
                                                                                                                                                                                                                                                                    Defense
                                                                                                                                                                    Identity                                                                                                                                                                                                                                           Virus Scanning
                                                                                                                                                                                                                                                                                                                                                                                                                       Electronic Mail
                                                                                                                                                                                                                                                                                                                                                                                                                        Filtering
                                                                                                                                                                                                                                                                                                                                                                                                                       Firewalling
                                                                                                                                                                                                                                                                                                                                                                                                                       Application Proxying

                                                                                                CERTIFICATION AND ACCREDITATION                                                                                                                                                                                                                                                                                        Virtual Private
                                                                                                                                                                                                                                                                                                                                                                                                                        Networking
                                                                                                                                                            VERIFICATION                                                                                                                                                                                                                                               Network Segmentation

                   *Not addressed in the DMZ Architecture (Phase I)




                                         Prime Contractor
                                                                                                                                                                                                                                                                                                        Employee
                                                                                                                                                                                                                                                  4                                                                                                  Internal
                                                                                                                                                                                                                                                   External                                           Remote Access                                 Application                                     9 Dir Dir Dir                     9                         9
                                                                                                                                        Application                                                                                               Certificate                                             VPN                                         Servers
                                                                                                                                                                                                            Portal                                Management                                          Concentrators                                                                   Internal                                 Internal
                                                                                                                                           Proxy
                                                                                                                                                                                                           Servers                                 Servers                                                                                                                           Business                                 Certificate
                                                                                                 DNS Servers                              Servers                                                                                                                                                                                   2
           US                                                                                                                                                                                                                                            External                                                 Internal                                                           Databases                               Management
                                                                                                                                                            8     15                                8                                                   Password/                                     16         Password/                                                                                                      Servers                                            11
                                                                                                                                                                                                                                                                                                                                                                       3                                                                                                    IDS/Log
                                                                                                                                                                                                                                                       Token-based                                         7    Token-based                               8                                                                                      4
                                                                                                                                                                W In
                                                                                                                                                                E ot
                                                                                                                                                                T rI
                                                                                                                                                                N F-
                                                                                                                                                                K
                                                                                                                                                                S
                                                                                                                                                                R
                                                                                                                                                                U
                                                                                                                                                                O s
                                                                                                                                                                F a
                                                                                                                                                                D
                                                                                                                                                                Y                               S
                                                                                                                                                                                                Wa
                                                                                                                                                                                                T rI
                                                                                                                                                                                                N F-
                                                                                                                                                                                                E ot
                                                                                                                                                                                                R
                                                                                                                                                                                                K
                                                                                                                                                                                                O s
                                                                                                                                                                                                D
                                                                                                                                                                                                U
                                                                                                                                                                                                F In
                                                                                                                                                                                                Y                                   E ot
                                                                                                                                                                                                                                    S
                                                                                                                                                                                                                                    N F-
                                                                                                                                                                                                                                    R
                                                                                                                                                                                                                                    T rI
                                                                                                                                                                                                                                    Wa
                                                                                                                                                                                                                                    K
                                                                                                                                                                                                                                    Y
                                                                                                                                                                                                                                    F In
                                                                                                                                                                                                                                    O s
                                                                                                                                                                                                                                    U
                                                                                                                                                                                                                                    D                                                                                                                                                                                                                                      Correlation

         NIPRNet                                                                                                                                                                                                                                      Authentication                                           Authentication
                                                 Internet
                                                                                                                                                                                                                                                          Server                  11                               Server                                     T rI
                                                                                                                                                                                                                                                                                                                                                              K
                                                                                                                                                                                                                                                                                                                                                              R
                                                                                                                                                                                                                                                                                                                                                              Wa
                                                                                                                                                                                                                                                                                                                                                              N F-
                                                                                                                                                                                                                                                                                                                                                              E ot
                                                                                                                                                                                                                                                                                                                                                              S
                                                                                                                                                                                                                                                                                                                                                              Y
                                                                                                                                                                                                                                                                                                                                                              D
                                                                                                                                                                                                                                                                                                                                                              F In
                                                                                                                                                                                                                                                                                                                                                              U
                                                                                                                                                                                                                                                                                                                                                              O s                                             N F-
                                                                                                                                                                                                                                                                                                                                                                                                              R
                                                                                                                                                                                                                                                                                                                                                                                                              K
                                                                                                                                                                                                                                                                                                                                                                                                              E ot
                                                                                                                                                                                                                                                                                                                                                                                                              W In
                                                                                                                                                                                                                                                                                                                                                                                                              T rI
                                                                                                                                                                                                                                                                                                                                                                                                              S
                                                                                                                                                                                                                                                                                                                                                                                                              D
                                                                                                                                                                                                                                                                                                                                                                                                              U
                                                                                                                                                                                                                                                                                                                                                                                                              F a
                                                                                                                                                                                                                                                                                                                                                                                                              O s
                                                                                                                                                                                                                                                                                                                                                                                                              Y                                  K
                                                                                                                                                                                                                                                                                                                                                                                                                                                 T rI
                                                                                                                                                                                                                                                                                                                                                                                                                                                 R
                                                                                                                                                                                                                                                                                                                                                                                                                                                 W In
                                                                                                                                                                                                                                                                                                                                                                                                                                                 E ot
                                                                                                                                                                                                                                                                                                                                                                                                                                                 N F-
                                                                                                                                                                                                                                                                                                                                                                                                                                                 S
                                                                                                                                                                                                                                                                                                                                                                                                                                                 D
                                                                                                                                                                                                                                                                                                                                                                                                                                                 Y
                                                                                                                                                                                                                                                                                                                                                                                                                                                 O s
                                                                                                                                                                                                                                                                                                                                                                                                                                                 F a
                                                                                                                                                                                                                                                                                                                                                                                                                                                 U                           Engine
                                                 Firewall                                                                                                                                                                                                               2                             14                                                                                                                                                                                 12
                                                             14                                                                       14                                                                                                                                                                                                                                                                                                                                    Systems and
                                                                                                                                                                                                                                                                                                                                                                                                                                                                             Antivirus 10
                                                                                                                                                                                                                                                                             17                                                                                                                                                                                             Management
                                                                                                                          17                                                                                                                                                                                                                                                                                                                     FR
                                                                                                                                                                                                                                                                                                                                                                                                                                                 NO
                                                                                                                                                                                                                                                                                                                                                                                                                                                  Y
                                                                                                                                                                                                                                                                                                                                                                                                                                                  N
                                                                                                                                                                                                                                                                                                                                                                                                                                                  D
                                                                                                                                                                                                                                                                                                                                                                                                                                                  U
                                                                                                                                                                                                                                                                                                                                                                                                                                                  S
                                                                                                                                                                                                                                                                                                                                                                                                                                                  E
                                                                                                                                                                                                                                                                                                                                                                                                                                                  W
                                                                                                                                                                                                                                                                                                                                                                                                                                                  R
                                                                                                                                                                                                                                                                                                                                                                                                                                                  K
                                                                                                                                                                                                                                                                                                                                                                                                                                                  T     r
                                                                                                                                                                                                                                                                                                                                                                                                                                                        a
                                                                                                                                                                                                                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                                                                                                                                                                                                                        n
                                                                                                                                                                                                                                                                                                                                                                                                                                                        o
                                                                                                                                                                                                                                                                                                                                                                                                                                                        F
                                                                                                                                                                                                                                                                                                                                                                                                                                                        I
                                                                                                                                                                                                                                                                                                                                                                                                                                                        t
                                                                                                                                                                                                                                                                                                                                                                                                                                                        s
                                                                                                                                                                                                                                                                                                                                                                                                                                                              17              Servers
                                                                                                                                                                                                                                                                                                                                                                  O
                                                                                                                                                                                                                                                                                                                                                                  U
                                                                                                                                                                                                                                                                                                                                                                  N
                                                                                                                                                                                                                                                                                                                                                                  D
                                                                                                                                                                                                                                                                                                                                                                  FR
                                                                                                                                                                                                                                                                                                                                                                  T
                                                                                                                                                                                                                                                                                                                                                                  N
                                                                                                                                                                                                                                                                                                                                                                  W
                                                                                                                                                                                                                                                                                                                                                                  R
                                                                                                                                                                                                                                                                                                                                                                  K
                                                                                                                                                                                                                                                                                                                                                                  EY
                                                                                                                                                                                                                                                                                                                                                                   S       -
                                                                                                                                                                                                                                                                                                                                                                           n
                                                                                                                                                                                                                                                                                                                                                                           o
                                                                                                                                                                                                                                                                                                                                                                           r
                                                                                                                                                                                                                                                                                                                                                                           I
                                                                                                                                                                                                                                                                                                                                                                           t
                                                                                                                                                                                                                                                                                                                                                                           s
                                                                                                                                                                                                                                                                                                                                                                           a
                                                                                                                                                                                                                                                                                                                                                                           F
                                                                                       O
                                                                                       U
                                                                                       N
                                                                                       D
                                                                                       F
                                                                                       T
                                                                                       S
                                                                                       K
                                                                                       R
                                                                                       W
                                                                                       N
                                                                                       ER
                                                                                        Y   r
                                                                                            I
                                                                                            n
                                                                                            F
                                                                                            a
                                                                                            s
                                                                                            o
                                                                                            -
                                                                                            t                                                                                         D
                                                                                                                                                                                      U
                                                                                                                                                                                      N
                                                                                                                                                                                      O
                                                                                                                                                                                      Y
                                                                                                                                                                                     FR
                                                                                                                                                                                     NR
                                                                                                                                                                                      S
                                                                                                                                                                                      E
                                                                                                                                                                                      K
                                                                                                                                                                                      W
                                                                                                                                                                                      T     n
                                                                                                                                                                                            F
                                                                                                                                                                                            -
                                                                                                                                                                                            r
                                                                                                                                                                                            I
                                                                                                                                                                                            t
                                                                                                                                                                                            s
                                                                                                                                                                                            a
                                                                                                                                                                                            o                              F
                                                                                                                                                                                                                           D
                                                                                                                                                                                                                           N
                                                                                                                                                                                                                           U
                                                                                                                                                                                                                           O
                                                                                                                                                                                                                           T
                                                                                                                                                                                                                           N
                                                                                                                                                                                                                           W
                                                                                                                                                                                                                           R
                                                                                                                                                                                                                           K
                                                                                                                                                                                                                           ER
                                                                                                                                                                                                                            Y
                                                                                                                                                                                                                            S   s
                                                                                                                                                                                                                                a
                                                                                                                                                                                                                                t
                                                                                                                                                                                                                                r
                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                n
                                                                                                                                                                                                                                o
                                                                                                                                                                                                                                I
                                                                                                                                                                                                                                F
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Logging &
                                                                                                                                                      Web Single Sign                                                                                                                                                                                                                                                                                                       Accounting
                                                                                                                                                        On (WSSO)            2       3          5                          1                                                                                                                                  1                                                                                                              Servers
                                                                                                                                                                                                                                                                            16
                                                                                                                                                                                                                                                                                                  O
                                                                                                                                                                                                                                                                                                  N
                                                                                                                                                                                                                                                                                                  D
                                                                                                                                                                                                                                                                                                  U
                                                                                                                                                                                                                                                                                                  Y
                                                                                                                                                                                                                                                                                                 FR
                                                                                                                                                                                                                                                                                                 NK
                                                                                                                                                                                                                                                                                                  R
                                                                                                                                                                                                                                                                                                  W
                                                                                                                                                                                                                                                                                                  T
                                                                                                                                                                                                                                                                                                  E
                                                                                                                                                                                                                                                                                                  S    r
                                                                                                                                                                                                                                                                                                       a
                                                                                                                                                                                                                                                                                                       s
                                                                                                                                                                                                                                                                                                       t
                                                                                                                                                                                                                                                                                                       F
                                                                                                                                                                                                                                                                                                       -
                                                                                                                                                                                                                                                                                                       n
                                                                                                                                                                                                                                                                                                       o
                                                                                                                                                                                                                                                                                                       I
                                                                                                                                                                                                                                       External User                                                                                                                           Enterprise
                                                                                                     Public Web                                           Policy,                                                                        Store for                  7                                                                                                          Directory                                                                                     6
                                          13  Mail                                                   Server Farm                                      Authentication                                                                   External and                                          8                                                                                  Servers                                                                             Enterprise




                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Securing Data for Export Controls
                                            Filtering                                                                                                      and                                                                                                                                                  Extranet                                                                           Business Intellegence, ERP,
                                                                   8                                                                                   Authorization
                                                                                                                                                                                                                                        DMZ Users
                                                                                                                                                                                                                                                                                                               Application                                                                        Manufacturing, HR, Payroll, and                                     Data
                                           Appliances                                                                                                                                                                                                             Business                                                                                                                                                                       Data               Warehouse
                                                                                                                                                          Servers                                                                                                                                                Servers                                  Dir Dir Dir                                other business systems
                                                                              Db Db Db
                                                                                                                                                                            9
                                                                                                                                                                                  Dir Dir Dir
                                                                                                                                                                                                                9
                                                                                                                                                                                                                       Dir Dir Dir                               Partner VPN
                                                                                                                                                                                                                                                                Concentrators                                                                        9                                                           3                                          9                Prime
                                         Managed Security Service Provider                                                                                                                                                                             NIPRNet G/W          RLI G/W    P2P G/W
                                                                                                                                                                                                                                                                                                                                                                               Prime Contractor Remote Location                                                            Contractor
                                                                                                                                                                                                                                                                                                                                                                                                                                Employee
                                                                                                N
                                                                                                O
                                                                                                U
                                                                                                F
                                                                                                D
                                                                                                S
                                                                                                K
                                                                                                R
                                                                                                W
                                                                                                T
                                                                                                N
                                                                                                EY
                                                                                                 R   o
                                                                                                     t
                                                                                                     -
                                                                                                     F
                                                                                                     s
                                                                                                     n
                                                                                                     I
                                                                                                     a
                                                                                                     r
                                                                                                                                                                                                                       Incident
                                                                                                                                                                                                                       Response
                                                                                                                                                                                                                                                       NIPRNet G/W
                                                                                                                                                                                                                                                            FR
                                                                                                                                                                                                                                                            NN
                                                                                                                                                                                                                                                             O
                                                                                                                                                                                                                                                             D
                                                                                                                                                                                                                                                             U
                                                                                                                                                                                                                                                             Y
                                                                                                                                                                                                                                                             E
                                                                                                                                                                                                                                                             K
                                                                                                                                                                                                                                                             R
                                                                                                                                                                                                                                                             W
                                                                                                                                                                                                                                                             T
                                                                                                                                                                                                                                                             S  o
                                                                                                                                                                                                                                                                I
                                                                                                                                                                                                                                                                t
                                                                                                                                                                                                                                                                F
                                                                                                                                                                                                                                                                a
                                                                                                                                                                                                                                                                s
                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                n
                                                                                                                                                                                                                                                                r
                                                                                                                                                                                                                                                                            RLI G/W    P2P G/W                                                                                                   Internal
                                                                                                                                                                                                                                                                                                                                                                                                Application
                                                                                                                                                                                                                                                                                                                                                                                                                              Remote Access
                                                                                                                                                                                                                                                                                                                                                                                                                                                                             WAN

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             Collaborative Identity Management
                                                                                                                                                                            FR
                                                                                                                                                                            N
                                                                                                                                                                            U
                                                                                                                                                                            D
                                                                                                                                                                            O
                                                                                                                                                                            K
                                                                                                                                                                            N
                                                                                                                                                                            E
                                                                                                                                                                            R
                                                                                                                                                                            W
                                                                                                                                                                            TY
                                                                                                                                                                             S   a
                                                                                                                                                                                 s
                                                                                                                                                                                 I
                                                                                                                                                                                 F
                                                                                                                                                                                 r
                                                                                                                                                                                 -
                                                                                                                                                                                 n
                                                                                                                                                                                 o
                                                                                                                                                                                 t
                                                                                                                                                                                                                                                                                                                                                                                                                                  VPN
                                                                                                                                                                                                                       Tracking                                                                                                                                                                   Servers                     Concentrators
                                                                                                                                                                                                                                                                                                                 U
                                                                                                                                                                                                                                                                                                                 N
                                                                                                                                                                                                                                                                                                                 D
                                                                                                                                                                                                                                                                                                                 O
                                                                                                                                                                                                                                                                                                                 FR
                                                                                                                                                                                                                                                                                                                 W
                                                                                                                                                                                                                                                                                                                 E
                                                                                                                                                                                                                                                                                                                 T
                                                                                                                                                                                                                                                                                                                 K
                                                                                                                                                                                                                                                                                                                 R
                                                                                                                                                                                                                                                                                                                 NY
                                                                                                                                                                                                                                                                                                                  S   -
                                                                                                                                                                                                                                                                                                                      n
                                                                                                                                                                                                                                                                                                                      o
                                                                                                                                                                                                                                                                                                                      F
                                                                                                                                                                                                                                                                                                                      a
                                                                                                                                                                                                                                                                                                                      s
                                                                                                                                                                                                                                                                                                                      t
                                                                                                                                                                                                                                                                                                                      r
                                                                                                                                                                                                                                                                                                                      I
                                                                                                                       Public Web                                                                                                                                                                                                           Internal IT
                                                                                                                       Server Farm                                                         Customer
                                                                                                                                                                                                                                                                                                                                            Operations
                                                                                                                                                                                            Portal
                                                                                                                                             Customer                                                            IDS Correlation          Data Feed                                                                                                                                                W In
                                                                                                                                                                                                                                                                                                                                                                                                   E ot
                                                                                                                                                                                                                                                                                                                                                                                                   S
                                                                                                                                                                                                                                                                                                                                                                                                   K
                                                                                                                                                                                                                                                                                                                                                                                                   R
                                                                                                                                                                                                                                                                                                                                                                                                   N F-
                                                                                                                                                                                                                                                                                                                                                                                                   T rI
                                                               DNS Servers                  Db Db Db                                           VPN                                                                  Engines                                Dir Dir Dir                                                                                                                             D
                                                                                                                                                                                                                                                                                                                                                                                                   U
                                                                                                                                                                                                                                                                                                                                                                                                   O s
                                                                                                                                                                                                                                                                                                                                                                                                   F a
                                                                                                                                                                                                                                                                                                                                                                                                   Y
                                                                                                                                                                       Dir Dir Dir                                                        Directories
                                                                                                                                           Concentrators

               UK
                                         Subcontractor
               RLI                                                                              N
                                                                                                D
                                                                                                O
                                                                                                F
                                                                                                U
                                                                                                S
                                                                                                W
                                                                                                R
                                                                                                T
                                                                                                K
                                                                                                N
                                                                                                EY
                                                                                                 R   F
                                                                                                     a
                                                                                                     s
                                                                                                     -
                                                                                                     n
                                                                                                     o
                                                                                                     r
                                                                                                     I
                                                                                                     t
                                                                                                                                                                                                                                                        NIPRNet G/W          RLI G/W   P2P G/W
                                                                                                                                                                                                                                                                                                                               D
                                                                                                                                                                                                                                                                                                                               U
                                                                                                                                                                                                                                                                                                                               O
                                                                                                                                                                                                                                                                                                                               N
                                                                                                                                                                                                                                                                                                                               F
                                                                                                                                                                                                                                                                                                                               W
                                                                                                                                                                                                                                                                                                                               T
                                                                                                                                                                                                                                                                                                                               N
                                                                                                                                                                                                                                                                                                                               E
                                                                                                                                                                                                                                                                                                                               R
                                                                                                                                                                                                                                                                                                                               K
                                                                                                                                                                                                                                                                                                                               SY
                                                                                                                                                                                                                                                                                                                                R       -
                                                                                                                                                                                                                                                                                                                                        n
                                                                                                                                                                                                                                                                                                                                        o
                                                                                                                                                                                                                                                                                                                                        r
                                                                                                                                                                                                                                                                                                                                        I
                                                                                                                                                                                                                                                                                                                                        t
                                                                                                                                                                                                                                                                                                                                        s
                                                                                                                                                                                                                                                                                                                                        a
                                                                                                                                                                                                                                                                                                                                        F
                                                                                                                                                                       FR
                                                                                                                                                                       NN
                                                                                                                                                                        D
                                                                                                                                                                        Y
                                                                                                                                                                        O
                                                                                                                                                                        U
                                                                                                                                                                        W
                                                                                                                                                                        R
                                                                                                                                                                        S
                                                                                                                                                                        K
                                                                                                                                                                        E
                                                                                                                                                                        T    s
                                                                                                                                                                             -
                                                                                                                                                                             a
                                                                                                                                                                             F
                                                                                                                                                                             o
                                                                                                                                                                             n
                                                                                                                                                                             I
                                                                                                                                                                             t
                                                                                                                                                                             r                                   FR
                                                                                                                                                                                                                 NU
                                                                                                                                                                                                                  O
                                                                                                                                                                                                                  D
                                                                                                                                                                                                                  N
                                                                                                                                                                                                                  Y
                                                                                                                                                                                                                  R
                                                                                                                                                                                                                  W
                                                                                                                                                                                                                  E
                                                                                                                                                                                                                  T
                                                                                                                                                                                                                  K
                                                                                                                                                                                                                  S    -
                                                                                                                                                                                                                       n
                                                                                                                                                                                                                       o
                                                                                                                                                                                                                       r
                                                                                                                                                                                                                       I
                                                                                                                                                                                                                       t
                                                                                                                                                                                                                       s
                                                                                                                                                                                                                       a
                                                                                                                                                                                                                       F



                                                                                                                                                                                                                                                                                                                                                                                                     Business Intellegence, ERP,
                                                                                                                       Public Web                                                                                                                                                                                                                                                                   Manufacturing, HR, Payroll, and
                                                                                                                       Server Farm                                                        Portal                                                                                                                                                                                                       other business systems
                                                                                                                                                                                         Servers

   Internet                                                    DNS Servers                  Db Db Db
                                                                                                                                               VPN
                                                                                                                                           Concentrators          Dir Dir Dir                               Application
                                                                                                                                                                                                                                              Design Tools and Extranet
                                                                                                                                                                                                                                                   Applications
                                                                                                                                                                                                                                                                                                                               Data
                                                                                                                                                                                                              Servers


                                         Supplier
                                                                                                F
                                                                                                U
                                                                                                O
                                                                                                D
                                                                                                N
                                                                                                E
                                                                                                R
                                                                                                K
                                                                                                S
                                                                                                N
                                                                                                W
                                                                                                TR
                                                                                                 Y   I
                                                                                                     t
                                                                                                     s
                                                                                                     a
                                                                                                     r
                                                                                                     o
                                                                                                     -
                                                                                                     n
                                                                                                     F                                                                                                                                                   NIPRNet G/W         RLI G/W    P2P G/W                           D
                                                                                                                                                                                                                                                                                                                          U
                                                                                                                                                                                                                                                                                                                          O
                                                                                                                                                                                                                                                                                                                          N
                                                                                                                                                                                                                                                                                                                          F
                                                                                                                                                                                                                                                                                                                          N
                                                                                                                                                                                                                                                                                                                          W
                                                                                                                                                                                                                                                                                                                          T
                                                                                                                                                                                                                                                                                                                          S
                                                                                                                                                                                                                                                                                                                          K
                                                                                                                                                                                                                                                                                                                          R
                                                                                                                                                                                                                                                                                                                          ER
                                                                                                                                                                                                                                                                                                                           Y    -
                                                                                                                                                                                                                                                                                                                                n
                                                                                                                                                                                                                                                                                                                                o
                                                                                                                                                                                                                                                                                                                                r
                                                                                                                                                                                                                                                                                                                                I
                                                                                                                                                                                                                                                                                                                                t
                                                                                                                                                                                                                                                                                                                                F
                                                                                                                                                                                                                                                                                                                                s
                                                                                                                                                                                                                                                                                                                                a
                                                                                                                                                                       FR
                                                                                                                                                                       NN
                                                                                                                                                                        D
                                                                                                                                                                        Y
                                                                                                                                                                        O
                                                                                                                                                                        U
                                                                                                                                                                        K
                                                                                                                                                                        R
                                                                                                                                                                        S
                                                                                                                                                                        E
                                                                                                                                                                        W
                                                                                                                                                                        T    s
                                                                                                                                                                             n
                                                                                                                                                                             F
                                                                                                                                                                             a
                                                                                                                                                                             -
                                                                                                                                                                             o
                                                                                                                                                                             r
                                                                                                                                                                             t
                                                                                                                                                                             I                                   FR
                                                                                                                                                                                                                 NU
                                                                                                                                                                                                                  O
                                                                                                                                                                                                                  D
                                                                                                                                                                                                                  N
                                                                                                                                                                                                                  Y
                                                                                                                                                                                                                  K
                                                                                                                                                                                                                  R
                                                                                                                                                                                                                  W
                                                                                                                                                                                                                  E
                                                                                                                                                                                                                  T
                                                                                                                                                                                                                  S    -
                                                                                                                                                                                                                       n
                                                                                                                                                                                                                       o
                                                                                                                                                                                                                       r
                                                                                                                                                                                                                       I
                                                                                                                                                                                                                       t
                                                                                                                                                                                                                       s
                                                                                                                                                                                                                       a
                                                                                                                                                                                                                       F




                                                                                                                                                                                                                                                                 F
                                                                                                                                                                                                                                                                 O
                                                                                                                                                                                                                                                                 U
                                                                                                                                                                                                                                                                 N
                                                                                                                                                                                                                                                                 D
                                                                                                                                                                                                                                                                 R
                                                                                                                                                                                                                                                                 T
                                                                                                                                                                                                                                                                 N
                                                                                                                                                                                                                                                                 K
                                                                                                                                                                                                                                                                 E
                                                                                                                                                                                                                                                                 WY
                                                                                                                                                                                                                                                                  R
                                                                                                                                                                                                                                                                  S     o
                                                                                                                                                                                                                                                                        r
                                                                                                                                                                                                                                                                        -
                                                                                                                                                                                                                                                                        F
                                                                                                                                                                                                                                                                        n
                                                                                                                                                                                                                                                                        s
                                                                                                                                                                                                                                                                        t
                                                                                                                                                                                                                                                                        I
                                                                                                                                                                                                                                                                        a
                                                                                                                                                                                                                                                                                                                                                                                            Legend - 17 Key Security Services
                                                                                                                       Public Web
                                                                                                                       Server Farm                                                        Portal                                                                                                                                                                                            (indicated in "Prime Contractor " only)


                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  Establish
                                                                                                                                                                                         Servers
                                                                                                                                                                                                                                                                                                                      Data
    Point to                                                   DNS Servers                  Db Db Db
                                                                                                                                               VPN
                                                                                                                                           Concentrators          Dir Dir Dir                               Application
                                                                                                                                                                                                              Servers
                                                                                                                                                                                                                                                                                                                                                                                            1    Directory Services                         10       Infrastructure Security Management

                                                                                                                                                                                                                                                                                                                                                                                            2    Authentication                             11       Security Monitoring

     Point                               Government                                                                                                                                                                                                                                                                                                                                         3    Authorization                              12       Virus Scanning


     Links                                                                                      U
                                                                                                O
                                                                                                N
                                                                                                D
                                                                                                F
                                                                                                K
                                                                                                S
                                                                                                R
                                                                                                W
                                                                                                E
                                                                                                N
                                                                                                TR
                                                                                                 Y   -
                                                                                                     F
                                                                                                     r
                                                                                                     o
                                                                                                     n
                                                                                                     a
                                                                                                     s
                                                                                                     t
                                                                                                     I                                                                                                                                                 NIPRNet G/W          RLI G/W                                       U
                                                                                                                                                                                                                                                                                                                          F
                                                                                                                                                                                                                                                                                                                          O
                                                                                                                                                                                                                                                                                                                          D
                                                                                                                                                                                                                                                                                                                          N
                                                                                                                                                                                                                                                                                                                          K
                                                                                                                                                                                                                                                                                                                          W
                                                                                                                                                                                                                                                                                                                          R
                                                                                                                                                                                                                                                                                                                          E
                                                                                                                                                                                                                                                                                                                          N
                                                                                                                                                                                                                                                                                                                          T
                                                                                                                                                                                                                                                                                                                          SR
                                                                                                                                                                                                                                                                                                                           Y    a
                                                                                                                                                                                                                                                                                                                                t
                                                                                                                                                                                                                                                                                                                                F
                                                                                                                                                                                                                                                                                                                                n
                                                                                                                                                                                                                                                                                                                                o
                                                                                                                                                                                                                                                                                                                                -
                                                                                                                                                                                                                                                                                                                                s
                                                                                                                                                                                                                                                                                                                                I
                                                                                                                                                                                                                                                                                                                                r
                                                                                                                                                                                                                                                                                                                                                                                            4    Certificate Management                     13       Electronic Mail Filtering




                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Commercial Bridge
                                                                                                                                                                       NY
                                                                                                                                                                        D
                                                                                                                                                                        N
                                                                                                                                                                       FR
                                                                                                                                                                        O
                                                                                                                                                                        U
                                                                                                                                                                        W
                                                                                                                                                                        T
                                                                                                                                                                        E
                                                                                                                                                                        R
                                                                                                                                                                        K
                                                                                                                                                                        S    r
                                                                                                                                                                             I
                                                                                                                                                                             n
                                                                                                                                                                             o
                                                                                                                                                                             -
                                                                                                                                                                             a
                                                                                                                                                                             t
                                                                                                                                                                             F
                                                                                                                                                                             s                                   ND
                                                                                                                                                                                                                 FR
                                                                                                                                                                                                                  N
                                                                                                                                                                                                                  O
                                                                                                                                                                                                                  U
                                                                                                                                                                                                                  Y
                                                                                                                                                                                                                  S
                                                                                                                                                                                                                  E
                                                                                                                                                                                                                  T
                                                                                                                                                                                                                  K
                                                                                                                                                                                                                  R
                                                                                                                                                                                                                  W    t
                                                                                                                                                                                                                       F
                                                                                                                                                                                                                       s
                                                                                                                                                                                                                       a
                                                                                                                                                                                                                       -
                                                                                                                                                                                                                       n
                                                                                                                                                                                                                       o
                                                                                                                                                                                                                       r
                                                                                                                                                                                                                       I
                                                                                                                                                                                                                                                                                                                                                                                            5    Web Single Sign On Policy                  14       Firewalling

                                                                                                                                                                                                                                                                                                                                                                                            6    Accounting and Logging                     15       Application Proxying
                                                                                                                                                                                                                                                            U
                                                                                                                                                                                                                                                            N
                                                                                                                                                                                                                                                            D
                                                                                                                                                                                                                                                            O
                                                                                                                                                                                                                                                            Y
                                                                                                                                                                                                                                                           FR
                                                                                                                                                                                                                                                           NR
                                                                                                                                                                                                                                                            K
                                                                                                                                                                                                                                                            T
                                                                                                                                                                                                                                                            W
                                                                                                                                                                                                                                                            E
                                                                                                                                                                                                                                                            S   -
                                                                                                                                                                                                                                                                n
                                                                                                                                                                                                                                                                o
                                                                                                                                                                                                                                                                r
                                                                                                                                                                                                                                                                I
                                                                                                                                                                                                                                                                t
                                                                                                                                                                                                                                                                s
                                                                                                                                                                                                                                                                a
                                                                                                                                                                                                                                                                F
                                                                                                                       Public Web                                                                                                                                                                                                                                                           7    Network Encryption                         16       Virtual Private Networking (VPN)
                                                                                                                       Server Farm                                                        Portal
                                                                                                                                                                                         Servers
                                                                                                                                                                                                                                                                                                                                                                                            8    Application Encryption                     17       Network Segmentation
                                                                                                                                                                                                                                                                                                                      Data
                                                                                                                                               VPN
                                                               DNS Servers                  Db Db Db                                       Concentrators          Dir Dir Dir                               Application                                                                                                                                                                     9    Data Encryption
                                                                                                                                                                                                              Servers

                                                                                                                     Router    Router

   Legend - Components                                                                                                                                          Legend - Trust, Data Storage, and User Sessions Zones
                   Router                                 Network IDS Sensor                                       Certificate Directory                                         No Trust - Internet Network                                                                                Collaboration Trust - DMZ
                                                                                                                                                                                 Data - No data stored                                                                                      Data - Only external user data and portal policy data stored
                        Network
                   Segmentation Device                    Server with Host-                                                                                                      User - Unauthenticated user sessions permitted                                                             User - All user sessions must be authenticated. All user sessions are encryupted via VPN and application level encryption
                                                                                                         Dir       Directory (LDAP/X500)
          F
          U
          O
          N
          D
          S
          R
          W
          T
          E
          N
          KY
           R   -
               s
               o
               r
               I
               F
               a
               t
               n                                          based IDS Sensor
                   Load Balancer

                                                                                                         Db        Database                                                      Public Trust - Public Network                                                                              Trusted - Corporate LAN
                   VPN Concentrator/                      High-speed Data Line
                   Gateway                                (T1, E1, DS3...)                                                                                                       Data - Minimum public web application data stored                                                          Data - All application data and internal user data stored. The majority of all data stored in this zone.
                                                                                                                                                                                 User - Unauthenticated user sessions permitted from all zones                                              User - No user session permitted from YELLOW Zone. Only employee user sessions permitted via VPN or LAN.
                                                          WAN/Internet/P2P                                         Server
                   Firewall Cluster                       Networks




                                                 Company B                                                                                                                                                                                                                                                                                                                                                                                                              Company A                                                                              US DOD Asset UID Program
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        US DOD clean audit
                                                                                                            Process                                                                                                                                                                                                                                                                                                                                                                            Process
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Weapons & Infrastructure Packages
                                                                                            Information                                                                                                                                                                                                                                                                                                                                                                                       Information
                                                                                                Application                                                                                                                                                                                                                                                                                                                                                                                   Application
                                                                                                Trans. Data                                                                                                                                                                                                                                                                                                                                                                                   Trans. Data
                                                                                            Key Codes                                                                                                                                                                                                                                                                                                                                                                                         Key Codes
                                                                                                                                                                                                                                                                                                                 Global
                                                                                                                                                                                                                                                                                                               Interface
                                                                                                                               UID                                                                                                                                                                             Standards                                                                                                                                                                         UID
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Develop UID                   Get ISO approval as
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    Interoperability Standard                  part of ISO 10303




                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  US DOD UID              Company
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   Repository           Repositories
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Other MODs??


                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 Collaborative UID + Data
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    www.tscp.org                      Collation Centre
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      28
Controlled Information Release involves the use
automation and rules….
    Organisationa
       l Policy


       Privacy
                     Regulations    AI Analysis   Ruleset
       Export
      Controls




   Documents &
      Data
    Documents &                                                         Digital Rights          Controlled
      Documents &
        Data                        Tagged
                    AI Analysis                         Comparison      Permissions            Information
          Data                     documents
                                                                                                 release




     Master                                                                  Audit & metrics
                                                       User Situation
    Metadata



                                                        Authorised
                                                          User




                                   www.tscp.org
                                                                                                       29
   Importance….. Why Should You Care?
The Giants of Defense Industry are Putting Their Money on
  Solving “Net Centric” for Themselves
   – Same Solution Space that DoD is Pursuing / Funding
   – Names/Motivations may be different, but Results = Same
   – All Concerned Accept Need to Interoperate
        • Internationally
        • Between Competitors and Sub-Contractors
        • With their Defense Customers,
            – DOD, MOD, Other Primes, Other Defense-Related
               Organizations
   – These Companies Deploy With Us
 For the Finish Line, We now have opportunity to Help:
 • Build to Interoperability (on the first try)
 • Use Their Synergy and
 • Pool Results of Our Combined Investments


                              www.tscp.org
                                                              30
Identity Management
 • Separate Identity from Attributes
 • Strong Identity Management
   – Up Front Identity Proofing is Critical
   – Everyone needs strong credentials
   – Only one world-wide infrastructure for DoD
 • Authentication is Centralized in the Enterprise
 • Authorization is Decentralized




                     www.tscp.org
                                                     31
What are the data implications?
• In the DMZ:
  –   Meta² data registry – language of the company.
  –   Meta data registry – discovery data & pointer
  –   Audit & quality metrics
  –   Segregated, tagged data in the collaboration
      environment
• In the collaboration zone
  – Commercial Bridge
  – Attribute Broker
  – Audit record keeper


                        www.tscp.org
                                                       32
Summary
• Collaboration requires Trust and a Common Language of
  Business to meet a range of challenges, including
  regulatory.
• Governments and industry are investing in strong identity
  management and strong data segregation management,
  with guidance for their implementation
• Interoperability demands data standardisation and data
  quality metrics to underpin audit.
• Expect to see collaborative Trust and Common Language
  of Business mechanisms appear in DOD and other
  nations’ contracts
• How will the Federal community engage with partners
  and industry to tackle the common challenges?


                       www.tscp.org
                                                              33
Back Up Slides




                   Task Force
         UK Council for Electronic Business
                  1 Gypsy Patch Lane
                   Bristol. BS34 8LR
                    0870 240 2734
                    www.ukceb.org
    AFEI                              SBAC
    AIA        AIAC                   DMA               Possible view of
                                                        the Commercial
   DOD        DND
   FBCA       GOC
                                       MOD
                                                             Bridge
                                                                  1.       Ex Con guidance
                                                                  2.       CIDM for Collaboration

                                         Deliverables             3.       Interoperability
Regulators
                        TSCP                                               Framework for CIDM



                                                                              Commercial
 Agencies                                                                       Bridge
             Nations
                 UK                 Member Companies
                 US                    Programs                       Implementation
             Canada                                          Commercial              Capability
             Germany
                Italy
              Spain
              France                                             Trust                       Know How
                                 DOD – IDE
                (NL)                              International /Federal               Exchanges:
                                 •JSF
               (Aus)                                                                   • Exostar
                                 •FCS              ARINC & SITA
                                                                           Zero Risk   • Esys
                                 •DDX
                                                                             Team      • Aeroxchange


                               www.tscp.org
                                                                                                    35
              DOS              Higher Ed         Treasury

                                                                                       MOD
                      NASA                                      DOD

                                      FBCA
                                                                               DND
                    Illinois


                                           ECA                        GOC Br



                                       3    3    3
                                                                               UK Br
   LM


              Commercial
                Bridge
Boeing
                                                            Auto ??

                E   S     A
         NG

                                                            Rail ??




                                           www.tscp.org
                                                                                             36
 Commercial Bridge
• Relevant Milestones
  – Dec 04 - DOD x-cert with FBCA
  – Apr 05 – Commercial Bridge operational & x-cert with FBCA
  – 3Q05 – MOD x-cert with FBCA
• Events
  – 28 April – Initial Planning Meeting for the Governance Board
    - 4 governments and 4 companies for 12-18 months only
  – 11 May – International CIDM Forum – AFEI/AIA/SBAC/DMA
    possibly supported by AFCEA, AIAC & NIID+
• Challenges
  – DOD ECA policy under review – cost, risk and liability
    issues. Industry view??
  – Industry take-up sufficient to start up


                          www.tscp.org
                                                                   37

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:7
posted:11/30/2011
language:English
pages:38