E-RA E-Authentication Risk and Requirements Assessment Mark Liegey USDA/National Finance Center “Getting to Green with E-Authentication” February 3, 2004.

Slides:



Advertisements
Similar presentations
Jump to first page NIST Risk Management Guide for Information Technology Systems Reference:
Advertisements

A practical framework for working in innovative collaborative environments Ray Ward, Programme Director Transformational Change Newcastle City Council.
Interoperability Roadmap Comments Package Implementation, Certification, and Testing (ICT) Workgroup February 13, 2015 Liz Johnson, co-chair Cris Ross,
Course: e-Governance Project Lifecycle Day 1
1 Guidance for the American Recovery and Reinvestment Act of 2009 By David G. Bullock, Partner Macias Gini & O’Connell LLP.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
© Carnegie Mellon University The CERT Insider Threat Center.
Copyright 2003 CMMI: Executive Briefing Presented by Kieran Doyle
U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
CMMI Overview Quality Frameworks.
The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.
The Need for Trusted Credentials Information Assurance in Cyberspace Judith Spencer Chair, Federal PKI Steering Committee
Open Source for Government Alexander C. Pitzner Sr. Network Engineer Harrisburg University of Science and Technology
U.S. Department of Agriculture eGovernment Program December 3, 2003 eAuthentication Initiative USDA eAuthentication Service Overview eGovernment Program.
Michalis Adamantiadis Transport Policy Adviser, SSATP SSATP Capacity Development Strategy Annual Meeting, December 2012.
2131 Structured System Analysis and Design By Germaine Cheung Hong Kong Computer Institute Lecture 2 (Chapter 2) Information System Building Blocks.
U.S. Department of Agriculture eGovernment Program July 23, 2003 eAuthentication Initiative Agency Responsibilities and Funding Discussion eGovernment.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
GC Credential Management Evolution for the OASIS/World Bank eGov Workshop 17 th April, 2009For information, please contact:
Conformance Mark Skall Lynne S. Rosenthal National Institute of Standards and Technology
What is e-government? E-Government refers to the use by government agencies of information technologies (such as Wide Area Networks, the Internet, and.
U.S. Department of Agriculture eGovernment Program eGovernment Working Group Meeting Chris Niedermayer, USDA eGovernment Executive September 3, 2003.
ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.
Levels of Assurance in Authentication Tim Polk April 24, 2007.
Identity Assurance: When it Matters David L. Wasley Internet2 / InCommon.
Safeguarding the Freedom of Information: Digital Archive Initiatives in the United States Federal Government Michael Paul Huff Information Resource Officer.
SWEN 5130 Requirements Engineering 1 Dr Jim Helm SWEN 5130 Requirements Engineering Requirements Management Under the CMM.
Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005.
United States Department of Agriculture Food Safety and Inspection Service Redesigning FSIS Outreach to Meet Current Needs of Small and Very Small Plants.
U.S. Department of Agriculture eGovernment Program April 14, 2003 eGovernment Working Group Investment Year 2006 Planning/Budgeting Activities U.S. Department.
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
1 NDIA Earned Value Management Application Guide Status Report August 16-17, 2005 Wayne Abba Walt Berkey David Muzio David Treacy NDIA EVM Application.
NIST / URAC / WEDi Health Care Security Workgroup Presented by: Andrew Melczer, Ph.D. Illinois State Medical Society.
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
Requirements Development in CMMI
E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session.
Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Brenda Watkins Director Policy and Business Strategies Information.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
NC Elements Web-based instructional management for planning, implementing, and improving instruction.
SFP September 21, 2010 Projects of the Ministry of Public Administration Viceminister Rogelio Carbajal Tejada.
U.S. Department of Agriculture eGovernment Program Integrated eGovernment Reporting May 2004.
National Geospatial Enterprise Architecture N S D I National Spatial Data Infrastructure An Architectural Process Overview Presented by Eliot Christian.
CMMI Overview Quality Frameworks. Slide 2 of 146 Outline Introduction High level overview of CMMI Questions and comments.
The NIST Special Publications for Security Management By: Waylon Coulter.
Project design – Activities and partnership CENTRAL EUROPE PROGRAMME Project development seminar Prague, 1-2 February 2010 Monika Schönerklee-Grasser.
Certification: CMMI Emerson Murphy-Hill. Capability Maturity Model Integration (CMMI) Creation of the Software Engineering Institute (SEI) at Carnegie.
The Status of the Nation’s Emergency Management System Gail L. Warden Chair, Committee on The Future of Emergency Care in the United States Health System.
Computer Science / Risk Management and Risk Assessment Nathan Singleton.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.
Enterprise-level Identity Protection
CS4311 Spring 2011 Process Improvement Dr
Higher Education’s Role in the Identity Ecosystem
Session II: System authority for ERTMS 4RP Trackside approval
NIST Cybersecurity Framework
Problem solving Strategies
Technical Approach Chris Louden Enspier
The E-Authentication Initiative
Requirements Development in CMMI
Presentation transcript:

e-RA E-Authentication Risk and Requirements Assessment Mark Liegey USDA/National Finance Center “Getting to Green with E-Authentication” February 3, 2004 Technical Session The E-Authentication Initiative

2 How does e-RA fit into the big picture?  E-Authentication Guidance for Federal Agencies (OMB M-04-04, Memorandum for Heads of all Departments and Agencies) E-Authentication Technical Guidance (NIST Special Pub ) Credential Assessment Framework (Credential Providers)  e-RA (Agency Applications/Transactions) 

3 The E-Authentication Initiative What is e-RA?  The e-Authentication Initiative was established to provide a common, interoperable authentication service for the President’s e-Government Initiatives. In order to provide this service, the e-Authentication project needed to identify the full range of authentication requirements for the Initiatives. The e- Authentication Initiative partnered with the Software Engineering Institute (SEI) at Carnegie Mellon University to develop a risk- based approach to authentication requirements called e- Authentication Risk and Requirements Assessment, or e-RA. This approach identifies the risks associated with insufficient authentication of an e-Government Initiative user, and it forms the basis for the definition of authentication requirements.

4 The E-Authentication Initiative What is the e-RA approach?  The e-RA approach is essentially a risk-based requirements elicitation process to identify the risks and impacts that could result if user authentication controls are non-existent or inadequate.  Its focus is to ensure that a user has the proper credential to perform a particular transaction in an on-line system or web portal.  The e-RA approach produces a mapping of the transaction to a set of pre-defined authentication criteria that represent various levels of proving a user’s identity.  The mapping can then be used to identify and implement technological and operational solutions that ensure the transaction’s authentication requirements are achieved.

5 The E-Authentication Initiative What are e-RA’s Objectives?  Document and characterize an initiative’s transactions and associated data.  Identify the risks (threats and impacts) associated with authentication of the actors (or users) for the initiative’s range of transactions.  Define the authentication criteria for the initiative’s transactions, which can be developed into authentication requirements.  Analyze the authentication needs to define standardized levels of authentication and identity for E-Authentication Services.

7 The E-Authentication Initiative Where do I get it?   If you have Access 2000 loaded on your PC, download the MDB File MB in size  If you need the full version of the e-RA Tool, download the WinZip File MB in size  Also download the e-RA Guidance Document

8 The E-Authentication Initiative e-RA Demonstration

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.