Presentation is loading. Please wait.

Presentation is loading. Please wait.

October 3, 20031 Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information.

Published byLeo Bates Modified over 9 years ago

Similar presentations

Presentation on theme: "October 3, 20031 Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information."— Presentation transcript:

1

2 October 3, 20031 Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information Assurance Directorate, Information Assurance Solutions Group (410) 854-7302 E-mail: drsmit5@missi.ncsc.mildrsmit5@missi.ncsc.mil

3 October 3, 20032 Agenda DoD IA Policies Common Criteria –Protection Profiles & Security Targets Information Assurance Technical Framework (IATF) and Forum VoIP IA Initiatives –Protection Profile(s) –IATF

4 October 3, 20033 DoD IA Policies DoDI 8500.1 & 8500.2 NSTISSP 11 By 1 July 2002, the acquisition of all COTS IA and IA- enabled IT products shall be limited only to those which have been evaluated and validated in accordance with either: International Common Criteria NSA/NIST National Information Assurance Partnership (NIAP) Evaluation and Validation Program NIST FIPS Validation Program

5 October 3, 20034 Common Criteria (CC) Internationally Recognized Security Criteria Security requirements specification language Security functionality & assurance Provides basis for validating conformance to specification (e.g. PP or ST) by independent third party (e.g. NIAP lab)

6 October 3, 20035 Protection Profiles vs. Security Target Protection Profile - Customer –Statement in CC language of security and assurance requirements (“I need”) –For DoD, NSA writes the protection profiles Security Target - Vendor –Vendor claim in CC language of security and assurance requirements met (“I provide”) Target of Evaluation

7 October 3, 20036 Robustness Basic = Best Commercial Practice Medium = Better than most current commercial High= Usually Government Developed Robustness is the combination of appropriate security requirements and assurance levels. –Imperative that Evaluation Report be read to understand the IA quality. EAL doesn’t equate to Robustness level

8 October 3, 20037 National Information Assurance Partnership (NIAP) NSA/NIST Partnership US Focal Point for Common Criteria Manage & Maintain Process –Common Criteria Evaluation and Validation Scheme –Protection Profile Registry –Evaluated Products Registry –List of Certified Commercial Evaluation Labs http://niap.nist.gov/

9 October 3, 20038 Information Assurance Technical Framework (IATF) A Technical Security Guidance Document –Unclassified –Evolving –Publicly available on IATF Web Site UNCLASSIFIED http://www.iatf.net

10 October 3, 20039 IATF Benefits Helps U.S. Government users become wiser consumers of implementing security solutions Helps U.S. Government users become wiser consumers of implementing security solutions Assists U.S. industry in understanding the government’s needs and the nature of the desired solutions to these needs Assists U.S. industry in understanding the government’s needs and the nature of the desired solutions to these needs Focuses investment resources on the security technology gaps Focuses investment resources on the security technology gaps UNCLASSIFIED

11 October 3, 200310 Information Assurance Technical Framework Forum (IATFF) NSA-sponsored forum to foster dialog among U.S. Government agencies, U.S. Industry, and U.S. Academia NSA-sponsored forum to foster dialog among U.S. Government agencies, U.S. Industry, and U.S. Academia Sessions approximately every 6 weeks Sessions approximately every 6 weeks Held at the Johns Hopkins Applied Physics Lab, Laurel, MD Held at the Johns Hopkins Applied Physics Lab, Laurel, MD UNCLASSIFIED

12 October 3, 200311 IATFF Benefits Fosters IA Dialog Fosters IA Dialog –U.S. Government-U.S. Industry-U.S. Academia Increases awareness of available security solutions Increases awareness of available security solutions Establishes contacts between individuals and organizations dealing with similar problems Establishes contacts between individuals and organizations dealing with similar problems UNCLASSIFIED

13 October 3, 200312 VoIP IA Initiatives Leverage Leverage –NIAP/CC –IATF & IATFF –Government/Industry Partnership Communicate Communicate –Government Needs & Industry Capabilities VoIP Protection Profiles VoIP Protection Profiles VoIP IATF Section VoIP IATF Section VoIP IATFF Session VoIP IATFF Session

14 October 3, 200313 VoIP Protection Profile(s) Beginning development Incorporate DoD Voice IA Requirements Partnership with vendors, users NIAP Evaluated VoIP Products Meeting DoD IA Requirements

15 October 3, 200314 VoIP IATFF Planning an IATFF session on VoIP Looking for session ideas –Topics –Presenters Users, Vendors, Network Managers http://www.iatf.net

16 October 3, 200315 Wrap-Up Wrap-Up Need partnerships with –Industry & Users NIAP and IATF are good vehicles for communication of IA requirements Getting the process started for VoIP Need Your Help!!

17 October 3, 200316 Backup

18 October 3, 200317 Protection Profile Process Technology Area Plan (Phase 1 &2) –Technology Area Leader (TAL) –Approved by the PPRG (NSA/NIST) Draft PP (Phase 3) –The HARD part PPRB Review (Phase 4) –Consistency review First Public Comment (Phase 5) –IATFF –Other

19 October 3, 200318 The Process, Cont. Review & Incorporate Comments (Phase 6) Second Public Comment (Phase 7) –Did the author understand? Final Draft and Final PPRB Review (Phase 8 & 9) Evaluate Profile (Phase 10) –NIAP Lab Publish Profile (Phase 11) –FINALLY!!

20 October 3, 200319 Schedule 1234567891011 Phase 1 12131514 Phase 3 Phase 2 Phase 5 Phase 4 Phase 10 Phase 6 Phase 7 Phase 8&9 Phase 11 Completed, Published Profile

Download ppt "October 3, 20031 Partnerships for VoIP Security VoIP Protection Profiles David Smith Co-Chair, DoD VoIP Information Assurance Working Group NSA Information."

Similar presentations

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
National Information Assurance Partnership Paul Mansfield January 2013

National Information Assurance Partnership Paul Mansfield January 2013
DRIVING DOD POLICY FOR COMMON CRITERIA TESTING OF IT PRODUCTS Wanda Nuckolls, Product Security Project Manager Canon U.S.A., Inc. Government Marketing.

DRIVING DOD POLICY FOR COMMON CRITERIA TESTING OF IT PRODUCTS Wanda Nuckolls, Product Security Project Manager Canon U.S.A., Inc. Government Marketing.
University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.

University of Tulsa - Center for Information Security Common Criteria Dawn Schulte Leigh Anne Winters.
Copyright (C) The Open Group 2014 Securing Global IT Supply Chains and IT Products by Working with Open Trusted Technology Provider™ Accredited Companies.

Copyright (C) The Open Group 2014 Securing Global IT Supply Chains and IT Products by Working with Open Trusted Technology Provider™ Accredited Companies.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
United States DoD Public Key Infrastructure: Deploying the PKI Token

United States DoD Public Key Infrastructure: Deploying the PKI Token
The Common Criteria for Information Technology Security Evaluation

The Common Criteria for Information Technology Security Evaluation
The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.

The Common Criteria Cs5493(7493). CC: Background The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series.
An Overview of Common Criteria Protection Profiles María M. Larrondo Petrie, PhD March 26, 2004.

An Overview of Common Criteria Protection Profiles María M. Larrondo Petrie, PhD March 26, 2004.
UNCLASSIFIED 1 Enterprise Architecture Career Path Working Group Walt Okon Senior Architect Engineer Architecture & Infrastructure Directorate Office of.

UNCLASSIFIED 1 Enterprise Architecture Career Path Working Group Walt Okon Senior Architect Engineer Architecture & Infrastructure Directorate Office of.
Proposed Establishment of Certification Programs for Health Information Technology Notice of Proposed Rulemaking HIT Standards Committee Presentation.

Proposed Establishment of Certification Programs for Health Information Technology Notice of Proposed Rulemaking HIT Standards Committee Presentation.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
Standards for Internal Control in the Government Going Green Standards for Internal Control in the Federal Government 1.

Standards for Internal Control in the Government Going Green Standards for Internal Control in the Federal Government 1.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.

1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
8 November Common Criteria Protection Profiles and the NSA Strategy for Their Use Within the U.S. Department of Defense Louis.

8 November Common Criteria Protection Profiles and the NSA Strategy for Their Use Within the U.S. Department of Defense Louis.
1 DoD Public Key-Enabling (PK-E) of Applications 1st Annual PKI Research Workshop NIST 4/25/02.

1 DoD Public Key-Enabling (PK-E) of Applications 1st Annual PKI Research Workshop NIST 4/25/02.
BEN Buys & the Penn Marketplace A Competitive Advantage for Participating Suppliers Ralph Maier & Vira Homick Purchasing Services November 11, 2005.

BEN Buys & the Penn Marketplace A Competitive Advantage for Participating Suppliers Ralph Maier & Vira Homick Purchasing Services November 11, 2005.
National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.

National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.

Similar presentations

Ads by Google