PAGE 2 | CONFIDENTIAL | TSCP| Aerospace & Defense Industry Challenges Customer Lead Contractor Manufacturing Subcontractor Manufacturing & Design Subcontractor.

Slides:



Advertisements
Similar presentations
Polycom Unified Collaboration for IBM Lotus Sametime and IBM Lotus Notes January 2010.
Advertisements

National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.
Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
1. 2 August Recommendation 9.1 of the Strategic Information Technology Advisory Committee (SITAC) report initiated the effort to create an Administrative.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Brian Epley, VA PIV Program Manager
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Course: e-Governance Project Lifecycle Day 1
The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
BENEFITS OF SUCCESSFUL IT MODERNIZATION
Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Public Key Infrastructure (PKI) Hosting Services.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
3 rd Executive Forum on Trade Facilitation Paperless Trade in International Supply Chains: Enhancing Efficiency and Security Technology as Enabler of Innovation.
Information Visualization Solutions March 15-16, 2007 Information Visualization Solutions Team Overview & Analysis ~ Michael Hardy.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.
Keystone Technology Plan Presentation to Chesapeake Bay Program Information Management Subcommittee May 19, 2004 Nancie L. Imler Chief Information Officer.
Community Advocacy Function GIFAS Presentation TSCP presentation to the GIFAS 9 th May 2007 Prepared by Marc Speltens, TSCP Outreach director.
The topics addressed in this briefing include:
1 Secure Interoperability within the Defence Supply Chain Colin Nash – Business Development Manager Thursday 28 th October 2010.
Investment Management Concepts Portfolio Management | Segment Architecture March 25, 2009 Adrienne Walker and Kshemendra Paul
The Crown and Suppliers: A New Way of Working People & Security15:35 – 16:20 Channels & Citizen Engagement Social Media ICT Capability Risk Management.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
The Internetworked E-Business Enterprise
Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Cartes America - Secure ID: Fraud and ID Management Part 1 Track Personal Identity Verification (PIV) Case Study within the TSCP Community Keith Ward TSCP.
Lessons Learned in Smart Grid Cyber Security
Internet 2 Corporate Value Proposition Stuart Kippelman (J&J) Jeff Lemmer (Ford) December 12, 2005.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
THE REGIONAL MUNICIPALITY OF YORK Information Technology Strategy & 5 Year Plan.
Transforming Services Creating Efficiencies Empowering Citizens Transforming Services Creating Efficiencies Empowering Citizens Transforming Services Creating.
1 Directorate of Industry Relations, Analysis and Policy (DIRAP) Paul Herring, Director “CASE FOR CANADIAN DEFENCE INDUSTRIAL POLICY” 27 February 2012.
Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
DRAFT – For Discussion Only HHSC IT Governance Executive Briefing Materials DRAFT April 2013.
October 2, CIO Executive Committee Federal CIO Council Strategic Plan Development Presented at October 2, 2009 Meeting.
PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.
E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.
Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Connecting People With Information 1 DoD Enterprise Software Initiative  Alignment with High-Level Goals –Transform Enterprise Management –Strategic Sourcing.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Fax: (703) DoD BIOMETRICS PROGRAM DoD Biometrics Management Office Phone: (703)
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Small Business Programs Tatia Evelyn-Bellamy Director Small Business Division Small Business Center February 2016.
Realize the Power of Information IJIS Institute Briefing June 24, 2014.
TeleManagement Forum The voice of the OSS/BSS industry.
Data and Applications Security Developments and Directions
ATIS’ Cloud Services Activity
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
HIMSS National Conference New Orleans Convention Center
Vijay Rachamadugu and David Snyder September 7, 2006
Presentation transcript:

PAGE 2 | CONFIDENTIAL | TSCP| Aerospace & Defense Industry Challenges Customer Lead Contractor Manufacturing Subcontractor Manufacturing & Design Subcontractor Extended Enterprise Distributed Engineering & Manufacturing Teams & Supply Chain National/International The Threats The Risks The Regulations Increased focus Solutions can’t be done independently by every enterprise Requires a cooperative ‘team’ approach to avoid unique solutions that will drive cost Need acceptance by National Defense Departments Need Industry Approach Single Sign-On AZN Services Information Rights Access Provisioning Directory Services Bridge CAs Collaboration Focused Architecture Identification  Authentication  Authorization Information Application Operating System Network Physical Solution

PAGE 3 | CONFIDENTIAL | TSCP| Government-industry partnership specifically focused on mitigating the risks related to compliance, complexity, cost and IT that are inherent in large- scale, collaborative programs that span national jurisdictions. To do business in the world today, A&D companies must balance the need to protect intellectual property (IP) while demonstrating willingness and ability to meet contractual requirements from government customers for auditable, identity-based, secure flows of information. Common Framework for Federated Collaboration Identity Management & Assurance: Provide assurance that collaborative partners can be trusted Meet government agencies’ emerging requirements for identity assurance across domains Establish common credentialing standards that accommodate and span national jurisdictions Protect personal privacy data of employees Data Protection: Define fine grain access right attributes for data labeling and data right’s management Establish “Application Awareness” Demonstrate compliance with export control regulations Protect corporate IP in collaborative and other information sharing programs Facilitate Secure Collaboration: Provide collaborative toolsets that will interoperate with customers and suppliers Facilitate re-use collaborative capabilities among multiple programs

PAGE 4 | CONFIDENTIAL | TSCP| Leverages business processes for the A&D Industry Reduced Supplier on boarding/network costs (benefit to both A&D and Supply Base) Accelerated time to value for supply chain management technology initiatives Enhanced Security through strong authentication Authenticated Assurance through access management The chain of trust to extend to our contractors. A&D companies are responsible for vetting and supplying. At any given time, within the A&D global supply-chain, there are approximately 300,000 supplier companies working on government contracts, representing roughly 3 to 4 million individuals. Certification and Accreditation of components inherent to the Credentialing Process Leveraging the A&D Supply chain “TSCP” A&D Companies discussing Cost sharing for a supplier credential using TSCP specifications e.g. “ECA’s & Keyfobs “TSCP” A&D Companies discussing Cost sharing for a supplier credential using TSCP specifications e.g. “ECA’s & Keyfobs

PAGE 5 | CONFIDENTIAL | TSCP| TSCP’s Strategic Plan Development – Business Driven Export Control Regulations Privacy Company Policies Eg. ITAR, Export Control Act…. Company-specific policies Eg. Privacy Act of 1974, Data Protection Act….. Areas of Common Business Challenge Holistic Approach to Addressing Common Security Concerns - Identity Management - Information Protection - Information Labeling……. Advance Persistent Threats HSPD 7, cooperation with the DoD & Industry Common Operating Rules, Governance & Oversight Tools & Skills Supportive Business Practices TSCP Strategic Objectives Strategic Architecture Capability Roadmaps, Action Plans and Project Schedules Mapped to Results in Execution and Deployment Information Management eg. IAP Prioritized Areas of TSCP Attention Identity & Access Management Eg. Web authentication Secure Electronic Exchange Document sharing Secure

PAGE 6 | CONFIDENTIAL | TSCP| Problem Statements Use Cases TSCP Methodology Approved Product List Specifications Participant Implement Gold Members Silver Members Silver Members General Availability to make it a standard Existing Programs Existing Programs Future Programs Future Programs Enterprise Programs Enterprise Programs Large Scale Collaborative Programs Managing Security Risks Multi-National Compliance TSCP Members TSCP Development & Delivery Process Stage 0 Stage 1 & 2 Stage 3 Stage 4 Platinum Platinum, Gold, Silver Platinum Platinum, Gold

PAGE 7 | CONFIDENTIAL | TSCP| TypePriority Need to secure TypePriority Need to secure Document sharing HH HM Web forums MM Instant Msg HH Access to info on intranets HH Voice HM Collaborative Engineering HH Video Conf LM User access to web application HH Web Conf MH Application to application HH TSCP specification in public domain Information sharing types and TSCP progress PersistentTransient TSCP participant has tested TSCP have tested / in production

PAGE 8 | CONFIDENTIAL | TSCP| TSCP Objectives: Deploying Capabilities to the Programs 2003 Phase 1 Secure Collaboration Framework “Generic DMZ Requirements” 2008 – Phase 2 Export Compliance and Collaborative Identity Mgmt “Commercial Bridge” Requirements …2007 TSCP Roadmap Phase 3 – Present Validation through Pilots/Prototypes e.g. Secure , PKI identity management, Data Model for Export Compliance, Federation testing and compliance Development of international policy on identity management Increasing international engagement with governments, companies and vendors Transition to production – CertiPath, Secure , Document Sharing Acceptable export compliance rule sets to enable decision making TSCP Roadmap …. A&D Secure Company Enterprise Army Programs “FCS” Navy Programs “Astute” Air Force Programs “EuroHawk” New Business Proposals War Fighter & other Programs Proposals Access Management/ Secure Badge Portals SiteMinder Enterprise Share Point Global Supplier Portal Microsoft “Geneva” ADFS Company Portals Secure DOD JITC Certification DOD Cross Certification Contractor Credential Certification MS Team Center Share Centers Data Apps MS Office Enterprise Secure Information Sharing TSCP Significant Milestones & Achievements DoD PKI Policy Change: Memorandum for Approval of External Public Key Infrastructures (PKI) at medium or higher hardware level of assurance - working directly with DoD on joint test plan for secure collaborative and web Authentication A&D companies Bi-Lateral Trust with DOD A&D Credentials accepted by DOD Programs Joint Interoperable Testing Command(JITC) testing completed as a result of TSCP. TSCP Secure Collaborative with A&D CertiPath members completed. TSCP Significant Milestones & Achievements DoD PKI Policy Change: Memorandum for Approval of External Public Key Infrastructures (PKI) at medium or higher hardware level of assurance - working directly with DoD on joint test plan for secure collaborative and web Authentication A&D companies Bi-Lateral Trust with DOD A&D Credentials accepted by DOD Programs Joint Interoperable Testing Command(JITC) testing completed as a result of TSCP. TSCP Secure Collaborative with A&D CertiPath members completed. TSCP Member Test & Production Environments …

PAGE 9 | CONFIDENTIAL | TSCP| TSCP Fun Facts - Things to Know Over 100 engineers work TSCP work streams daily Defining requirements Secure and Data Sharing Architecture and design teams, Development and integration teams Prototyping, Documentation and configuration management Executive CIO Forum CIO’s & CTO’s of Government & A&D Companies Key decision makers that create or implement Policies TSCP Government Issues Committee “New” TSCP Government representatives “DOD, GSA, UK MOD, France, Netherlands MOD” Evaluate policies that relate to TSCP’s work and objectives to identify and address gaps between policy requirements and commercial solutions TSCP Cyber Committee “New” TSCP GB Members including Government Cyber Leads TSCP Government Industry Outreach organization Legal Advisor Working Group (LAW) 15 attorneys including Commercial & Government members Common Intellectual Property Issues for Global supply-chain Teaming documents and related “Program” contractual flow down Procurement Supply Chain “Business Model” TSCP Member and Government procurement representatives HSPD-12 PIV-I Credentialing Committee (Logical / Physical) TSCP GB and Governments members Draft PIV-I Specification document released to governments end of August On-boarding, proofing & vetting in global supply chain Export / ITAR Team (EIT) “New” ITAR and Export “Usage” data mapping “New DOD” Data Label Document – working team, Compliancy

PAGE 10 | CONFIDENTIAL | TSCP| TSCP Value Proposition Common approaches among TSCP participants leverages each others investment and maximizes expertise and solutions to support business needs. Brings more resources and experts to bear on problem areas and ‘gaps’ – coordinated solutions with product vendors (eg Microsoft) Common solutions used across all programs facilitate “trusted information sharing” resulting in lower costs. Enhances supplier/partner business relationships by evolving secure collaborative solutions – encourages solution re-use United industry and government influence on vendor product directions and solutions. Support for standards-based solutions versus proprietary solutions T S C P

PAGE 11 | CONFIDENTIAL | TSCP| 11 CONFIDENTIAL Questions?