United States DoD Public Key Infrastructure: Deploying the PKI Token

Slides:



Advertisements
Similar presentations
For Joe Broghamer Philip S. Lee May 5, 2005 Implementing PIV Specifications HSPD-12 Workshop.
Advertisements

Mobile Devices in the DoD
- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
European Electronic Identity Practices Country Update of …………… Speaker: Date:
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
1st Expert Group Meeting (EGM) on Electronic Trade-ECO Cooperation on Trade Facilitation May 2012, Kish Island, I.R.IRAN.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
October 3, Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.
Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
Information Assurance Efforts at the Defense Information Systems Agency & in the DoD Richard Hale Information Assurance Engineering Defense Information.
Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,
Colleen Carboni DISA D25 (703)
Trusted Identities That Drive Global Commerce IdenTrust: NCMS Presentation JPAS Logon changes requiring PKI credentials Richard Jensen, October 19 th 2011.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
1 DoD Public Key-Enabling (PK-E) of Applications 1st Annual PKI Research Workshop NIST 4/25/02.
UNCLASS DoD Public Key Infrastructure LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002.
Software Engineering Institute Capability Maturity Model (CMM)
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Public Key Infrastructure from the Most Trusted Name in e-Security.
NASA Personal Identity Verification (PIV) NASA Personal Identity Verification (PIV) High Level System Overview Tice F. DeYoung, PhD 14th Fed/Ed Workshop.
Virginia Tech Overview of Tech Secure Enterprise Technology Initiatives e-Provisioning Group Frank Galligan Fed/Ed.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Enterprise User Enabling Warfighter Capability
Sprint 104 Review / Sprint 105 Planning April 8, 2013.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Configuring Directory Certificate Services Lesson 13.
UNCLASSIFIED NGA NIPRNET Presentation to FLIP Coordinating Committee, Digital Working Group Larry Glick, (314) , Aeronautical.
A Combat Support Agency Defense Information Systems Agency UNCLASSIFIED UNCLASSIFIED Spectrum Access: The Tools to Connect GEMSIS 15 Aug 2011.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
PKI Activities at Virginia September 2000 Jim Jokl
DoD Network Initiatives CEISC 13 Apr 2006 Mr. Walter Coley Ms. Kathy Cotton AFWA/SCM Distribution Authorized to U.S. Government Agencies and their Contractors.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Fax: (703) DoD BIOMETRICS PROGRAM DoD Biometrics Management Office Phone: (703)
Higher Ed Certificate Authority by CREN: Update CSG February 2, 2000.
Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
Presented by: Defense Manpower Data Center Access Card Office
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Federal Acquisition Service U.S. General Services Administration Lessons Learned from a Shared Service Perspective Steve Duncan GSA MSO January 15, 2008.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
Security Checklists for IT Products
Chapter One: Mastering the Basics of Security
Secure Enterprise Technology Initiatives e-Provisioning Group
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Public Key Infrastructure from the Most Trusted Name in e-Security
HIMSS National Conference New Orleans Convention Center
NASA Personal Identity Verification (PIV) High Level System Overview Tice F. DeYoung, PhD 14th Fed/Ed Workshop December 14, 2006.
PLANNING A SECURE BASELINE INSTALLATION
Presentation transcript:

United States DoD Public Key Infrastructure: Deploying the PKI Token UNCLASSIFIED United States DoD Public Key Infrastructure: Deploying the PKI Token R. Michael Green Director, DoD PKI PMO (410) 854-4900 rmgree2@missi.ncsc.mil Becky Harris Deputy Director, DoD PKI PMO (703) 882-1600 Harris1B@ncr.disa.mil NIST PKI Review 26 April 02 UNCLASSIFIED 1 1

United States DoD Public Key Infrastructure Program UNCLASSIFIED United States DoD Public Key Infrastructure Program The Goal: To enhance the business processes and improve the IA posture of the DoD through widespread use of PK-enabled applications. http://iase.disa.mil (must be from .mil or .gov domain) http://www.c3i.osd.mil/org/sio/ia/pki/index.html UNCLASSIFIED 4/24/02 2

DoD PKI Program Management and Policy UNCLASSIFIED DoD PKI Program Management and Policy 9 April 99 ASD (C3I) Memorandum Assigned DoD PKI Program Management Office (PMO) Responsibility to NSA with DISA Deputy PM 6 May 99 DEPSECDEF Memorandum Defined DoD PKI Policy Objectives 10 Nov 99 DEPSECDEF Memorandum Established DoD Smart Card Strategy 12 Aug 00 ASD (C3I) Memorandum (Rewrite of 6 May DoD PKI Memo) UNCLASSIFIED 4/24/02 3

The Challenge - It’s a hard problem Event Driven Security Robustness Growth Applications Assurance Level Assurance Level Tokens LRAs* Assurance Level Assurance Level Directories Certification Authorities Assurance Level Release 3 Release 4 Time * Local Registration Authorities UNCLASSIFIED 4/24/02 4

DoD Public Key Capability Requires Coordinated Convergence Configuration Management CAC Issuance & PK Infrastructure Workstation Enablement PK Enablement Related Events UNCLASSIFIED 4/24/02 5

email cert issuance via post issuance portal PKI in Evolution Surety (Quality of Certificate) Release 4 Release 4.0 Release 3.x Release 3.1 Release 3 Release 3.0.1 Win 2000 Smart Card logon 3.0.1 email cert issuance via post issuance portal 3.1 3.x PIN unlock/reset 4.0 KMI CI-1 Upgrade to 4.X DEERS/RAPIDS Time UNCLASSIFIED 4/24/02 6

DoD PKI Registration Scenarios DoD Root Certification Authority Certification Authority Repository/Directory Personnel Database End User End User RAPIDS Workstation and Verifying Official (VO) Local Registration Authority (LRA) End User Application End User Application UNCLASSIFIED 4/24/02 7

# People Requiring Certs and # People Issued Certs Total Req’d 3,109,983 Total Issued 558,659 (14 April 02) UNCLASSIFIED 4/24/02 8

Current Status DoD PKI Release 3 Operational - October 01 Key Management Infrastructure Capability Increment-1 (KMI CI-1) awarded Nov 01; will provide Release 4. Established PKI Interoperability Testing capability Reviewing and approving DoD PKI Certificate Practice Statements UNCLASSIFIED 4/24/02 9

Preparing for the Future Collected Tactical PKI User requirements Working with NIST & Smart Card Senior Coordinating Group to define process to add applets to FIPS 140 certified cards while maintaining FIPS 140 certification Updating the DoD PKI Certificate Policy (CP) Finalizing the DoD Key Recovery Policy Developed high-level approach to PK-Enabled applications UNCLASSIFIED 4/24/02 10

Future PKI Activities DoD Policy Rewrite/Milestone Review SIPRNET Plan MS Logon Agreement - Release 3.0.1 Code Signing - Release 3.1 Private Web Server Certs/Client Side Authentication Biometrics UNCLASSIFIED 4/24/02 11

Other Activities Directories, Directories, Directories DoD PKI and Allied Interoperability DoD PKI “versus” Federal and IC Vetting and piloting tactical and SIPRNET requirements UNCLASSIFIED 4/24/02 12

DoD PK-Enabled Applications PKI provides the underlying foundation for security services, but PK-enabled applications are required in order to implement them We Must Depend on Industry to Maintain the Apps Evaluated Applications that can process our Certificates with little User Involvement UNCLASSIFIED 4/24/02 13

DoD PK-Enabled Applications PK-Enabled Services/Applications: Medium Grade Services (MGS) - secure, interoperable e-mail Secure Web Services DoD-specific applications (e.g. Defense Travel System, Wide Area Work Flow) UNCLASSIFIED 4/24/02 14

DoD PKI and KMI Token Protection Profile Used Smart Card Security Users Group Smart Card Protection Profile as baseline document Information Assurance Technical Framework Forum Protection Profiles: http://www.iatf.net/protection_profiles/index.cfm Previous draft was released for public comment October 00 - Feb 01 Tokens meeting this protection profile: required by mid-late 2003 UNCLASSIFIED 4/24/02 15

Token PP FIPS 140 Requirements FIPS 140-2 Level 2 for Subscribers * FIPS 140-2 Level 3 for Registration Authorities * If the DoD Common Access Card issuing infrastructure is not capable of issuing two different levels of cards, then all CACs will be required to meet FIPS 140-2 Level 3. UNCLASSIFIED 4/24/02 16

Biometrics, DMDC and CAC DMDC has been collecting and storing fingerprints (template & minutia) when issuing cards. Biometric data is not stored on the CAC In the event of a forgotten PIN, biometric (fingerprint) can be provided by user at a RAPIDS workstation for authentication and to unlock her CAC UNCLASSIFIED 4/24/02 17

Adding Biometrics to PKI & CAC Pilots under way now Discrete points where biometrics can be added: CAC task order/purchase* middleware upgrades* DMDC/RAPIDS/DEERS upgrades* * Probably need all three of these before fully incorporating biomentrics May impact CAC FIPS 140 certification UNCLASSIFIED 4/24/02 18

UNCLASSIFIED 3/13/02 19

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.