Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense.

Published byShonda Booker Modified over 9 years ago

Similar presentations

Presentation on theme: "Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense."— Presentation transcript:

1 Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense.

2 What is TSCP? TSCP is the Transglobal Secure Collaboration Program established in 2002, TSCP is a non- profit 501(c)(6) technical association, which relies on Government-Industry Partnership to accomplish: Managed Trust through a federated Trust Framework with all the agreed governance documents e.g. business, technical, legal, privacy. Scalable Trust to the Supply Chain. Pooling resources to accomplish specification development, validation in a production and operational environments. Sharing lessons learned. Leverage International Standards adding the framework to meet operational needs. Providing the Cornerstone for cyber defense. Aerospace & Defense, Technology Members, and Government Partners TSCP A&D companies have invested over $400M in internal federated systems using TSCP’s common operating rules and specifications. PAGE 2 | TSCP

3 What Does TSCP Do? SPECIFICATIONS DEVELOPMENT.* Develops common specifications for secure collaboration solutions across the TSCP membership that align to government requirements. The specifications fall into these categories: Secure information exchange Identity credentials/digital identities and attributes Federated identity Information assurance Data labeling and protection and ITAR/Export VALIDATION THROUGH PRODUCTION REFERENCE LAB. Before TSCP publishes its specifications, the capability is in production with two or more members. GOVERNANCE. Establishes policy and governance for TSCP Solutions. Interoperable Identity Federation Trust Framework Common Operating Rules Legal Framework & Allocation of Liabilities Accreditation & Trustmark FEDERATED HUB. Hosts a Federated Hub for TSCP Membership that enables secure collaboration between TSCP membership and government customers. PAGE 3 | TSCP

4 PAGE 4 | TSCP Barriers to Efficient, Cross-Enterprise Information Sharing in a Collaborative Environment Electronic Information Sharing Fiscal Practicality Access Control Identity Management Compliance Enablement Data Integrity 4 Large upfront investments and ongoing expense Inability to scale across multiple enterprises Lack of flexibility to meet evolving requirements Enabling partners regardless of their geographical locations, size, or technical expertise Integrating different processes and systems - across partners Risk to intellectual property and compliance issues Information assurance an inhibitor for information sharing PAGE 4 | TSCP

5 PAGE 5 | TSCP TSCP must extend chain of trust to the supply chain. A&D companies are responsible for vetting their supply chain. At any given time within the A&D global supply-chain, there are approximately 300,000 supplier Benefits for the Supply Chain companies working on government contracts, representing roughly 3 to 4 million individuals. Supply Chain - Leverages business processes for the A&D Industry Reduced Supplier on boarding/network costs (benefit to both A&D and Supply Base) Accelerated time to value for supply chain management technology initiatives Enhanced Security through strong authentication Authenticated Assurance through access management PAGE 5 | TSCP

6 PAGE 6 | TSCP TSCP Involvement with Other Key Initiatives TSCP Defense Industry Base (DIB) Defense Industry Base (DIB) Federal Working Groups Eg., POWG, EIWG, AEFI,... Federal Working Groups Eg., POWG, EIWG, AEFI,... Industry Organizations e.g. AIA, AHC, ASD, UKCeB, OASIS, Kantara, OIX, Safe-Biopharma, Smart Card Alliance, STRAC, TTWG Industry Organizations e.g. AIA, AHC, ASD, UKCeB, OASIS, Kantara, OIX, Safe-Biopharma, Smart Card Alliance, STRAC, TTWG Federal Programs Federal Programs A number of the same TSCP companies & governments are involved with these other initiatives - our goal is to synergize and leverage TSCP efforts Enhancing Synergy e.g. NSTIC,ESF (hiatus), NSA, DISA etc. Enhancing Synergy e.g. NSTIC,ESF (hiatus), NSA, DISA etc. Cyber Security Supply Chain & Adoption NATO Initiatives Supply Chain Adoption PAGE 6 | TSCP

7  People. Uniformly vetted and proofed personnel to consistent standards to create the digital identity.  Data. Applying consistent data labeling and data tagging techniques.  Hardware. Embedding digital identity into the Trusted Platform Module (TPM).  Software. Binding the digital identity to applications. The Elements for End To End Managed Trust Risk of Enterprise Exposure. Cyber Security “In Depth Approach” does not provide adequate security controls to prevent and detect unauthorized access to enterprise networks, data, applications and systems. PAGE 7 | TSCP TSCP Trust Framework Cornerstone

8 PAGE 8 | TSCP Online Shopping Investing & Banking Secure Sign- on to work Government Websites Trustworthy Critical Service Delivery Private Emails and Postings Business and Consumer Applications 3 Identity And Attribute Providers 4 Trust Framework Credential Attribute Exchange Network (AXN) Trust Framework Credential Attribute Exchange Network (AXN) 2 Users Credentials and Devices 1 Market Sectors Operational Trust Framework PAGE 8 | TSCP

9 Government Agencies Portals Use Case 1: Federation and Mission Support TSCP Member IdP(s) Issue identities/ credentials to users Routes authentication requests and responses between RPs and IdPs. Supply Chain Company 1Company 4Company 3Company nCompany 5Government 1 International Governments Government nGovernment 2 Programs / Operations Company 2 PAGE 9 | TSCP

10 Remote & Desktop Login Credential & Rights Management Network Controls Building Access Corporate Access Card User Local or Remote User Host-Based Intrusion Protection Systems Strong Authentication – PIV-I Credentials Credential Management – Centralized Public Key Infrastructure Global A&D Supply Chain Commercial Industry Base User and Privilege Management – Automated Provisioning Multi-Layered approach to provide additional security layers across our networks, systems, facilities, data, intellectual property and information assets Data Monitoring & Protection Systems Use Case 2: Multi-Layer Security Across the Enterprise TSCP Common Operating Rules PAGE 10 | TSCP

11 Use Case 3: Information Labeling and Access - ITAR/Export PAGE 11 | TSCP

12 Use Case 4: Operational Cyber and Identity Deployments PAGE 12 | TSCP

13 Use Case 5: Adjacent Markets: Financial & Retail Sectors B2GB2BC2B PAGE 13 | TSCP

14 Areas for Collaboration TSCP Trust Framework TSCP Trustmark SOA PLATFORM INFORMATION ASSURANCE PATTERNS FMN PROFILE MESSAGE SECURITY Secure Messaging Networking Layer Federated Authentication Service Secure Messaging Communications Layer Secure Messaging Applications/Services Layer Identity Provider Services Secure Document Management/ Archiving Federated Mission Networking Secure Address Validation TSCP Federation Framework & Specifications & Hub TSCP Secure E-Mail Specification TSCP Attribute Management/ Data Labeling Specification TSCP Secure E-Mail Specification TSCP PIV-I Specification Illustrative Secure Messaging Platform TSCP Trust Framework, Common Operating Rules & Governance Documents Secure E-Mail/ Messaging (Hosted) Secure Mail & Package Tracking Secure G2C, B2B Communications Secure/Anonymous Shipping PAGE 14 | TSCP

15 PAGE 15 | TSCP Benefits to the TSCP Community Managed Trust through a global federated Trust Framework with agreed common governance documents e.g. business, technical, legal, privacy. Scalable Trust for Collaborative Endeavors. Pooling resources to accomplish specification development, validation in a production and operational environments. Sharing lessons learned. Leverage International Standards adding the framework to meet operational needs. Using Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense.

Download ppt "Trusted Federated Identity and Access Management to provide the Cornerstone for Cyber Defense."

Similar presentations

Setting the Course for the New Digital Economy. The Elements of the New Digital Economy Content and Services Growth of content and service consumption.

Setting the Course for the New Digital Economy. The Elements of the New Digital Economy Content and Services Growth of content and service consumption.
PAGE 2 | CONFIDENTIAL | TSCP| Aerospace & Defense Industry Challenges Customer Lead Contractor Manufacturing Subcontractor Manufacturing & Design Subcontractor.

PAGE 2 | CONFIDENTIAL | TSCP| Aerospace & Defense Industry Challenges Customer Lead Contractor Manufacturing Subcontractor Manufacturing & Design Subcontractor.
Www.cleo.com Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
August 2004 Providing Industry-wide Security and Identity Management Solutions.

August 2004 Providing Industry-wide Security and Identity Management Solutions.
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.

Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -

Authentication choices! Vincent van Kooten: Business Sales Manager Benelux Distributed by -
E-business Infrastructure

E-business Infrastructure
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Viewpoint Consulting – Committed to your success.

Viewpoint Consulting – Committed to your success.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.

Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.
1 Secure Interoperability within the Defence Supply Chain Colin Nash – Business Development Manager Thursday 28 th October 2010.

1 Secure Interoperability within the Defence Supply Chain Colin Nash – Business Development Manager Thursday 28 th October 2010.
Module 2: Information Technology Infrastructure

Module 2: Information Technology Infrastructure
Electronic Customer Portal System. Reducing Risks – Increasing Efficiency – Lowering Costs Secure Internet based Communication Gateway direct to your.

Electronic Customer Portal System. Reducing Risks – Increasing Efficiency – Lowering Costs Secure Internet based Communication Gateway direct to your.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Private Cloud: Application Transformation Business Priorities Presentation.

Private Cloud: Application Transformation Business Priorities Presentation.
The 4BF The Four Bridges Forum The SAFE-BioPharma Digital Identity and Signature Standard.

The 4BF The Four Bridges Forum The SAFE-BioPharma Digital Identity and Signature Standard.
Intranets Lessons from Global Experiences J Satyanarayana Chief Executive Officer National Institute for Smart Government Hyderabad, India.

Intranets Lessons from Global Experiences J Satyanarayana Chief Executive Officer National Institute for Smart Government Hyderabad, India.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Similar presentations

Ads by Google