LandWarNet Army Identity Management (IdM) PKI Initiatives. Tracy Traylor, CIO/G6, Cyber Dir, IdM Div Chief UNCLASSIFIED UNCLASSIFIED
|
|
- Bertha Allison
- 7 years ago
- Views:
Transcription
1 LandWarNet 2011 Army Identity Management (IdM) PKI Initiatives Tracy Traylor, CIO/G6, Cyber Dir, IdM Div Chief
2 SIPRNet Tokens Tactical PKI SHA-256 Questions/POC s T08:00Z // SIPRNet Token Implementation 2 2
3 What it is: Token (smart card) for strong authentication and logon to the SIPRNet, signing & encrypting , and connecting to secure websites Replacement for current logon that requires user names and 15-character recommended passwords that are: Lengthy and difficult to remember Must frequently change Easier for adversaries to exploit Initially funded by DoD PKI PMO National Security System (NSS) Certificate Authority (vs. DoD) Why it is being implemented: Follows Department of Defense (DoD) Instruction procedures to implement PKI on DoD classified networks Makes it more difficult for adversaries to compromise SIPRNet T08:00Z // SIPRNet Token Implementation 3 3
4 Army G3/5/7 EXORD (14 Jan 11) tasked commands and staffs to participate in IOT&E and FOC USCYBERCOM Coordination Alert Message (26 Jan 11) required SIPRNet token implementation for IOT&E and preparation for full implementation Army Cyber Command EXORD (4 Mar 11) provided technical information and direction to Signal Commands Army Initial Operational Test and Evaluation (IOT&E) Implementation Plan Addresses preparation for and participation in DoD IOT&E Includes Army issuance of up to 2000 SIPRNet tokens to various Army organizations and commands tokens are issued with a three (3) year certificate life span and can remain in use through Full Operational Capability (FOC) DDT08:00Z // SIPRNet Token Implementation 4
5 Configure the Infrastructure Distribute token readers provided by Army CIO/G6 Install device certificates and Tumbleweed Enterprise on domain controllers and web servers Configure SIPRNet workstations with 90Meter middleware (similar in function to ActivClient for DoD CACs) and Tumbleweed desktop validation application Establish a Chain of trust Identify locations of Local Registration Authorities (LRAs) and Trusted Agents (TAs) Establish and train LRAs and TAs with CIO/G6 support Get SIPRNet tokens into the hands of SIPRNet users Require SIPRNet users to obtain SIPRNet tokens TAs forward completed DoD PKI Certificate of Acceptance and Acknowledgement of Responsibilities (DD Form 2842) to LRAs Conduct face-to-face identity verification between TAs and users DDT08:00Z // SIPRNet Token Implementation 5
6 1. Army CIO/G6 Cyber CAC/PKI Division RA prepositions formatted tokens, inactive tokens with LRA at decentralized issuance locations. 1: RA sends formatted tokens to LRA 2. Command/SIPRNet user submits request for SIPRNet PKI token to LRA or remote TA to validate. 3. On a SIPRNet workstation, LRA accesses TMS to register user and get a temporary pin. LRA enrolls user and places certs on token. 4. LRA sends enrolled token to remote TA1 and sends temporary pin to remote TA2 via NSSencrypted TA receives token, conducts a face-to-face validation of identity of user, completes DD Form 2842, and issues token to user. User changes token PIN on a SIPRNet workstation in the presence of TA and becomes a SIPRNet PKI token subscriber. 6. TA sends signed DD Form 2842 to LRA. Army CIO/G6 RA SIPRNet User Remote TA 5: TA/User Validation & Token Issuance to User Decentralized LRA For Example: #1: FT Belvoir- refine process & expand to include MDW; #2: FT Gordon- mix of CONUS, tactical, & MI users Remote TA & User Attempt to leverage existing TAs distributed across Army installations at startup 6: Signed DD Form 2842 to LRA DDT08:00Z // SIPRNet Token Implementation 6
7 Command/Organization Token Issuance to Users CIO/G-6 USAREUR AFRICOM EUCOM 106th Signal Brigade ATEC ATEC OTC INSCOM/513th DA Chief of Engineers 335th Signal 52nd ID NTC 7th SC USARPAC TRADOC IOT&E token Issuance requirement 2,000 Tokens Issued 2,403 as of 12 Aug T08:00Z // Presentation Title Goes Here 7
8 IOT&E Observations Senior leadership awareness and support are needed Network support organizations must take advantage of available accreditation and test documentation and eliminate or reduce local testing Users still need to update SIPRNet passwords to prevent account lockout until User Based Enforcement (UBE), using SIPRNet token only, is implemented Thin client workstations generally not included in IOT&E due to interoperability issues with token readers and middleware IOT&E Successes Army Theater Network Operations and Security Centers (TNOSCs) have already configured most domain controllers needed for full implementation in several theaters Positive feedback received on use of token and PIN vs. user ID and password Weekly teleconferences support knowledge sharing and progress reporting DDT08:00Z // SIPRNet Token Implementation 8
9 Post-IOT&E Implementation Strategy SIPRNet tokens will continue to be issued to Army organizations that are prepared to accept them Revisions being made to AR 25-2 (Information Assurance) and Standard Operating Procedures, based on National Security Systems (NSS) Registration Practice Statement (RPS) Full Fielding Strategy Army will field up to 300,000 tokens from FY12 to FY16 Draft Implementation and EXORD for FOC, suspense 31 Aug 2011 Initial rollout of tokens, readers, and middleware funded by DoD PKI PMO Army has requested LRAs beginning in FY12 Army organizations must plan and budget for sustainment beginning in FY DDT08:00Z // SIPRNet Token Implementation 9
10 The Army is leading the DoD Tactical Technical Interchange Meeting (TIM) under the direction of the DoD PKI PMO Tactical TIM oversees Pilot Activities The pilot approach is to evaluate alternative certificate validation (CV) approaches suited to bandwidth challenged environments, e.g., delta CRL, mini-crl Develop notional joint PKI operational architecture to support planning and implementation of the Tactical PKI Pilot Coordinates Service and Agency planning and participation in the DoD PKI Tactical Pilot Coordinates functional requirements, test plans and policy changes to use in the Tactical Pilot Implementation at tactical level presents unique challenges PKI Integration with Battle Command and Warfighter s Information Network-Tactical (WIN-T) programs and systems IdM is coordinating and working closely with Program Executive Office for Command, Control and Communications-Tactical (PEO-C3T) 10 10
11 Army CIO/G6 IdM funded TRADOC Capability Manager (TCM) Global Network Enterprise (GNE) and CERDEC to conduct testing and validation of Tactical PKI (TPKI). SIPR Token DEERS Rapids SHA-256 NPE IPv6 Validating the TPKI CONOPS on tactical systems will provide valuable information to develop Tactics, Techniques, Procedures (TTP s), identify gaps, and provide a basis for assessing Doctrine, organization, training, material, leadership, personnel and facilities (DOTMLPF) Potential follow on operational testing to take place at the Network Integration Rehearsal / Network Integration Exercise (NIR/NIE) in Fort Bliss, TX
12 The Common Access Card (CAC) uses a Secure Hash Algorithm (SHA-1) to authenticate and be granted access to networks, web applications and to digitally sign documents which provides authentication and non-repudiation. SHA protects information by detecting data tampering. The National Institute of Standards and Technology (NIST) determined SHA-1 has come to the end of its security lifecycle and SHA 256 (a stronger algorithm allowing for better security) will be its replacement. The Federal government has mandated the use of SHA-256 as of 01 JAN 11 with an exemption that allows Agencies/Departments/Services to use SHA 1 at their own risk until 31 DEC 13. SHA-1 impacts the Army s capability to interoperate with other Federal organizations (Department of Homeland Security, Department of State, Department of Justice, Veterans Affairs, Center for Disease Control, Federal Bureau of Investigation,..) that utilize or are migrating to SHA-256. The Army will transition the NIPRNET (Infrastructure, Servers, Web Applications, Workstations) from SHA-1 to SHA-256 over the next two years with a proposed completion date of 31 DEC 13. This migration provides a standard SHA across the Federal Government for interoperability
13 The Army s SHA 256 Working Group is producing FRAGO 1 for the Army s Data Center Consolidation Plan (ADCCP) EXORD to implement SHA 256 throughout the Army s NIPRNet. The Army s plan is to fully support SHA 256 NLT 31 DEC 13. Transition Plan for Infrastructure, servers, applications and desktops 25% by 01 FEB 13, 50% by 1 MAY 13, 75% by 1 AUG and 100% completed by 01 NOV 13. The Army will conduct remediation and final verification from 1 NOV- 31 DEC 13. Army ceases issuing tokens with SHA-1, 31 Dec 2013 Army starts issuing tokens with SHA-256, 1 Jan
14 ? Tracy Traylor, CIO/G6 Cyber Directorate, IdM Division Chief, , Mark Dickson, CIO/G6 Cyber Directorate, PKI SIPR/Tactical Lead, , Dennis Nalli, CIO/G6 Cyber Directorate, PKI SIPR/Tactical, , Phil Juchem, CIO/G6 Cyber Directorate, PKI Tactical/SIPR, , Tim Hiligh, CIO/G6 Cyber Directorate, PKI SHA-256/Wireless, , Army SIPRNet PKI Token AKO Site:
Frequently Asked Questions (FAQs) SIPRNet Hardware Token
Air Force Public Key Infrastructure System Program Office (ESC/HNCDP) Phone: 210-925-2562 / DSN: 945-2562 Web: https://afpki.lackland.af.mil Frequently Asked Questions (FAQs) SIPRNet Hardware Token Updated:
More informationDepartment of Defense SHA-256 Migration Overview
Department of Defense SHA-256 Migration Overview 18 March 2011 Tim Fong DoD-CIO/ IIA Timothy.Fong@osd.mil General Observations This is Important INFOSEC: Algorithms can be compromised over time. Crypto
More informationDepartment of Defense PKI Use Case/Experiences
UNCLASSIFIED//FOR OFFICIAL USE ONLY Department of Defense PKI Use Case/Experiences PKI IMPLEMENTATION WORKSHOP Debbie Mitchell DoD PKI PMO dmmitc3@missi.ncsc.mil UNCLASSIFIED//FOR OFFICIAL USE ONLY Current
More information2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.
Purpose and Scope The purpose of this policy is to define the roles and responsibilities on implementing the Homeland Security Presidential Directive 12 (HSPD-12) Logical Access Control (LAC) throughout
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationTactics, Techniques, & Procedures (TTP) Dual Persona Personal Identity Verification (PIV) Authorization Certificate
Tactics, Techniques, & Procedures (TTP) Dual Persona Personal Identity Verification (PIV) Authorization Certificate Version 3.0 23 Jan 2012 This document is not to be distributed or changed without express
More informationAgenda. DoD PKI Operational Status DoD PKI SIPRNET Token. Interoperability Public Key Enablement. Dynamic Access
Identity And Access Management PEO-MA/IA4 Agenda DoD PKI Operational Status DoD PKI SIPRNET Token Non Person Entity PKI Interoperability Public Key Enablement Directory Services Dynamic Access 2 NIPRNet
More informationUNCLASSIFIED UNCLASSIFIED
Agenda The Army CIO/G-6 Vision, Mission and Roles Core Mission Sets The Organization Staying Connected with the Army CIO/G-6 2 The Army CIO/G-6 She is the Army CIO and the Army G6 As the CIO She Fights
More informationHow To Make A Theater Forest More Functional
Enterprise Directory Services & Authentication Information Exchange Forum Session: #2 EDS&A Robert Bachert NETCOM 9 th SC(A) G5 Will establish an Enterprise Directory Services and Authentication (EDS&A)
More informationSchlumberger PKI /Corporate Badge Deployment. Neville Pattinson Director of Business Development & Technology IT & Public Sector
Schlumberger PKI /Corporate Badge Deployment Neville Pattinson Director of Business Development & Technology IT & Public Sector 1 Overview Background Overview of the PKI and Corporate Badge components
More informationPKI in Large Scale Environments A Look at DMS. George Hoover Jayne Schaefer PKI/KMI (480) 441-0898 jayne.schaefer@motorola.com
PKI in Large Scale Environments A Look at DMS George Hoover Jayne Schaefer PKI/KMI (480) 441-0898 jayne.schaefer@motorola.com Information Assurance: Voice, Data, Network, PKI How Great is the Threat? 2000
More informationDepartment of Veteran Affairs. Fred Catoe Office of Cyber and Information Security AAIP Project Manager March 2004
Department of Veteran Affairs Fred Catoe Office of Cyber and Information Security AAIP Project Manager March 2004 Background Smart Cards are a subset of a larger Authentication and Authorization Infrastructure
More informationFrequently Asked Questions
Frequently Asked Questions Naval VAMOSC Public Key Infrastructure/ Common Access Card (PKI/CAC) Registration and Log in Please Note: A PKI-enabled browser is required for certificate registration and to
More informationHow To Improve The Defense Communications System
Briefing to the AFCEA International Cyber Symposium 26 June 2013 Lt Gen Ronnie D. Hawkins, Jr. Director, Defense Information Systems Agency 1 1 UNCLASSIFIED Organizational Changes Command Staff Financial
More informationAFCEA Aberdeen Luncheon. Army Common Operating Environment (COE) Update. March 11, 2015
AFCEA Aberdeen Luncheon Army Common Operating Environment (COE) Update Mr. Phillip Minor, Deputy Director, COE Directorate Assistant Secretary of the Army for Acquisition, Logistics and Technology (ASA(ALT))
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationNetwork Enabled Mission Command Strategy
Enabled Mission Command Stratey A Fundamental chane to the way the Army acquires, tests, and fields Capability Manain the with Capability Sets Buildin Capability Sets (CS): Alined to ARFORGEN -CS 13: 8
More informationCommittee on National Security Systems
Committee on National Security Systems CNSS POLICY No.25 March 2009 NATIONAL POLICY FOR PUBLIC KEY INFRASTRUCTURE IN NATIONAL SECURITY SYSTEMS. 1 CHAIR FOREWORD 1. (U) The CNSS Subcommittee chartered a
More informationRAPIDS Self Service User Guide
Page 1 RAPIDS Self Service User Guide https://www.dmdc.osd.mil/self_service Page 2 Introduction The RAPIDS Self Service (RSS) application provides sponsors with the capability to generate a DD Form 1172-2
More informationU. S. Department of Justice Information Technology Strategic Plan. Appendix E. Public Key Infrastructure at the Department of Justice.
U. S. Department of Justice Information Technology Strategic Plan Public Key Infrastructure at the Department of Justice White Paper * Introduction As part of its strategic plan, the Department of Justice
More informationCloud Computing and Enterprise Services
Defense Information Systems Agency A Combat Support Agency Cloud Computing and Enterprise Services Alfred Rivera Technical Program Director 29 July 2010 Peak of Inflated Expectations You Are Here Plateau
More informationSubj: NAVY IMPLEMENTATION OF DEPARTMENT OF DEFENSE INTELLIGENCE INFORMATION SYSTEM (DODIIS) PUBLIC KEY INFRASTRUCTURE (PKI)
DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, DC 20350-2000 IN REPLY REFER TO OPNAVINST 5239.3A N2 OPNAV INSTRUCTION 5239.3A From: Chief of Naval Operations
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationTechNet Land Forces South
TechNet Land Forces South Army Data Center Consolidation Plan (ADCCP) Overview COL Chris E. Miller MARCH 27-29 Tucson, AZ Engagement Theater Session IV 28 March 2012/1600 hrs Purpose To provide background
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More informationL@Wtrust Class 3 Registration Authority Charter
Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12
More information7 th Signal Command Enterprise Email - Spiral 1. Concept of Operations 2012
7 th Signal Command Enterprise Email - Spiral 1 Concept of Operations 2012 March 3, 2010 Version 1.30 THIS DOCUMENT SUPERSEDES ALL PREVIOUS VERSIONS DISTRIBUTION: This document is intended for use by US
More informationTactics, Techniques, and Procedures for Manual Exporting of ARMY Knowledge Online (AKO) Email Data to Department of Defense Enterprise Email (DEE)
Tactics, Techniques, and Procedures for Manual Exporting of ARMY Knowledge Online (AKO) Email Data to Department of Defense Enterprise Email (DEE) Version 1.0 24 August 2012 This document is not to be
More informationAKO Email Shutdown Quick Reference Guide
AKO Email Shutdown Quick Reference Guide NETWORK ENTERPRISE CENTER This guide explains how the Army is shutting down AKO Email and outlines steps you must take to ensure a smooth transition to full DoD
More informationAdministration Guide ActivClient for Windows 6.2
Administration Guide ActivClient for Windows 6.2 ActivClient for Windows Administration Guide P 2 Table of Contents Chapter 1: Introduction....................................................................12
More informationDoD Mobility Kim Rice
DoD Mobility Kim Rice Mobility PMO Contact: 301-225-5670 17 Jun 2015 DoD Mobility PMO Concept Vision: Secure, reliable and responsive infrastructure and services for the mobile users across the DoD. Mission:
More informationNational Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016
National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION
More informationFOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM
FOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM Four Pillars that HSPD-12 Programs must consider for a secure, efficient, interoperable PIV enterprise deployment. Continued HSPD-12 Implementation under OMB
More informationImplementing Federal Personal Identity Verification for VMware View. By Bryan Salek, Federal Desktop Systems Engineer, VMware
Implementing Federal Personal Identity Verification for VMware View By Bryan Salek, Federal Desktop Systems Engineer, VMware Technical WHITE PAPER Introduction This guide explains how to implement authentication
More informationA Comprehensive Cyber Compliance Model for Tactical Systems
A Comprehensive Cyber Compliance Model for Tactical Systems Author Mark S. Edwards, CISSP/MSEE/MCSE Table of Contents July 28, 2015 Meeting Army cyber security goals with an IA advocate that supports tactical
More informationDepartment of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT
Department of Veterans Affairs VA DIRECTIVE 6510 Washington, DC 20420 Transmittal Sheet VA IDENTITY AND ACCESS MANAGEMENT 1. REASON FOR ISSUE: This Directive defines the policy and responsibilities to
More informationPage 1. Smart Card Applications. Lecture 7: Prof. Sead Muftic Matei Ciobanu Morogan. Lecture 7 : Lecture 7 : Smart Card Applications
in Open Distributed Processing s 1 in Open Distributed Processing s 2 Prof. Sead Muftic Matei Ciobanu Morogan Lecture 7: 1 2 in Open Distributed Processing s 3 in Open Distributed Processing s Smart s
More informationEnterprise Services to the Edge
Enterprise Services to the Edge Mr. Jeremy Hiers Project Director, PD ES 22 May 2013 UNCLASSIFIED P D E S O V E R V I E W 1 UNCLASSIFIED Agenda UNCLASSIFIED Who is PD Enterprise Services? Concept for Enterprise
More informationAudio: This overview module contains an introduction, five lessons, and a conclusion.
Homeland Security Presidential Directive 12 (HSPD 12) Overview Audio: Welcome to the Homeland Security Presidential Directive 12 (HSPD 12) overview module, the first in a series of informational modules
More informationDOD INTERIM CREDENTIAL IMPLEMENTATION INSTRUCTIONS BlackBerry Devices
DOD INTERIM CREDENTIAL IMPLEMENTATION INSTRUCTIONS BlackBerry Devices A. INTRODUCTION 1. The objective of this document is to provide an outline of the technical and administrative process necessary to
More informationGovernment Smart Card Interagency Advisory Board Moving to SHA-2: Overview and Treasury Activities October 27, 2010
Government Smart Card Interagency Advisory Board Moving to SHA-2: Overview and Treasury Activities October 27, 2010 Interagency Advisory Board Meeting Agenda, October 27, 2010 1. Opening Remarks 2. A Discussion
More informationDEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0
DEFENSE INFORMATION SYSTEMS AGENCY JOINT INTEROPERABILITY TEST COMMAND FORT HUACHUCA, ARIZONA DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0
More informationIA/CYBERSECURITY IS CRITICAL TO OPERATE IN CYBERSPACE
IA/CYBERSECURITY IS CRITICAL TO OPERATE IN CYBERSPACE Commanders, leaders, and managers are responsible for ensuring that Information Assurance/Cybersecurity is part of all Army operations, missions and
More informationHSPD-12 Implementation Architecture Working Group Concept Overview. Version 1.0 March 17, 2006
HSPD-12 Implementation Architecture Working Group Concept Overview Version 1.0 March 17, 2006 Table of Contents 1 PIV Lifecycle... 3 2 High Level Component Interaction Diagram... 4 3 PIV Infrastructure
More informationLandWarNet Initial Capabilities Document NetOps Tools Convergence Strategy Update
1 LandWarNet Initial Capabilities Document NetOps Tools Convergence Strategy Update 11 September 2013 Al Morrison TCM GNE Signal CDID 1. LandWarNet Initial Capabilities Document (LWN ICD) LandWarNet ICD
More informationEntrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.
Entrust Managed Services PKI Getting an end-user Entrust certificate using Entrust Authority Administration Services Document issue: 2.0 Date of issue: June 2009 Revision information Table 1: Revisions
More informationStrong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment
Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment IIIIII Best Practices www.gemalto.com IIIIII Table of Contents Strong Authentication and Cybercrime... 1
More informationARMY PASSWORD STANDARDS Version 2.5
1. Overview: A. Since 31 JUL 06, access to all Army networks was mandated to be via the Common Access Card (CAC) only. Passwords remain an important aspect of computer security to achieve authenticated
More informationMobile OTPK Technology for Online Digital Signatures. Dec 15, 2015
Mobile OTPK Technology for Online Digital Signatures Dec 15, 2015 Presentation Agenda The presentation will cover Background Traditional PKI What are the issued faced? Alternative technology Introduction
More informationOffice of the Chief Information Officer Department of Energy Identity, Credential, and Access Management (ICAM)
Department of Energy Identity, Credential, and Access Management (ICAM) Cyber Security Training Conference Tuesday, May 18, 2010 1 Announcement LACS Birds-of-a-Feather Session Logistics Wednesday, May
More informationEgyptian Best Practices Securing E-Services
Egyptian Best Practices Securing E-Services Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA Agenda Security Measures for E-Services Examples of E- Services Threats
More informationEnhancing Organizational Security Through the Use of Virtual Smart Cards
Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company
More informationIDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience
IDENTITY & ACCESS Privileged Identity Management controlling access without compromising convenience Introduction According to a recent Ponemon Institute study, mistakes made by people Privilege abuse
More informationPhone: 703.769.4500 Fax: 703.769.7605 http://setdweb.belvoir.army.mil
CAC/PKI TRAINING GUIDE Common Access Card/ Public Key Infrastructure Phone: 703.769.4500 Fax: 703.769.7605 http://setdweb.belvoir.army.mil Table of Contents 1 GENERAL...4 2 INTRODUCTION...4 3 WHAT IS PUBLIC
More informationCitrix Web Client Installation and CAC Registration Guide
Citrix Web Client Installation and CAC Registration Guide Prepared By: Department of Defense Education Activity 1 Revision 1.1 To ensure a reasonably smooth process of establishing connectivity with the
More informationOUTLOOK WEB ACCESS (OWA) AND SSL VPN HOME USERS MANUAL
United States Army Special Operations Command (USASOC) Special Operations Forces Information Technology Enterprise Contracts (SITEC) OUTLOOK WEB ACCESS (OWA) AND SSL VPN HOME USERS MANUAL Prepared by:
More informationDoD Enterprise Email (DEE) Contact Information Updates Tactics, Techniques and Procedures (TTP)
DoD Enterprise Email (DEE) Contact Information Updates Tactics, Techniques and Procedures (TTP) Version 2.0 Defense Information Systems Agency Enterprise Services Directorate Enterprise Applications Contact
More informationEntrust Managed Services PKI
Entrust Managed Services PKI Entrust Managed Services PKI Windows Smart Card Logon Configuration Guide Using Web-based applications Document issue: 1.0 Date of Issue: June 2009 Copyright 2009 Entrust.
More informationDoD s Efforts to Consolidate Data Centers Need Improvement
Inspector General U.S. Department of Defense Report No. DODIG-2016-068 MARCH 29, 2016 DoD s Efforts to Consolidate Data Centers Need Improvement INTEGRITY EFFICIENCY ACCOUNTABILITY EXCELLENCE INTEGRITY
More informationHow to Update your Information in the DoD Enterprise Email (DEE), Global Address List (GAL). Army users know it as Enterprise Email
How to Update your Information in the DoD Enterprise Email (DEE), Global Address List (GAL). Army users know it as Enterprise Email Presented by: Michael J. Danberry Last Revision / review: 04 June 2015
More informationTransnet Registration Authority Charter
Registration Authority Charter Version 3.0 is applicable from Effective Date Inyanda House 21 Wellington Road Parktown, 2193 Phone +27 (0)11 544 9368 Fax +27 (0)11 544 9599 Website: http://www.transnet.co.za/
More informationFinancial Security Symposium 2012. Singapore
Financial Security Symposium 2012 Singapore Identity Assurance Solutions - Establishing Trust in Online Identities LEE Meng Chuan Regional Sales Manager, ASEAN Identity and Access Management (IAM) About
More informationSpace Ground Services in the Joint Information Environment (JIE)
Space Ground Services in the Joint Information Environment (JIE) Scott Niebuhr, Jeremy Burton, Judy Kerner, Sky Troyer The Aerospace Corporation 2015 The Aerospace Corporation Space Ground Services in
More informationTELSTRA RSS CA Subscriber Agreement (SA)
TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this
More informationUNCLASSIFIED. LandWarNet 2011
LandWarNet 2011 Army Portfolio Management Solution (APMS) Planning, Programming and Budgeting Business Operating System (PPB BOS) Integration Tim Frederick CIO/G-6 Governance Division Program Manager APMS
More informationInformation Technology Policy
Information Technology Policy Identity Protection and Access Management (IPAM) Architectural Standard Identity Management Services ITP Number ITP-SEC013 Category Recommended Policy Contact RA-ITCentral@pa.gov
More information2-334 BN (BCT) - United States Army s Common Access Card (CAC) Instructional Units
2-334 BN (BCT) - United States Army s Common Access Card (CAC) Instructional Units Bradley A. Lavite IT 500: Principles of Instructional Technology Initial Design Project December 10, 2008 Introduction
More informationUNITED STATES ARMY RESERVE COMMAND. User Guide for ARAMP
UNITED STATES ARMY RESERVE COMMAND User Guide for ARAMP (Army Reserve Account Maintenance and Provisioning) Document: User Guide for ARAMP Nov. 13 2008 Date: Nov 13, 2006 Table 1: Version History Version
More informationNOAA HSPD-12 PIV-II Implementation October 23, 2007. Who is responsible for implementation of HSPD-12 PIV-II?
NOAA HSPD-12 PIV-II Implementation What is HSPD-12? Homeland Security Presidential Directive 12 (HSPD-12) is a Presidential requirement signed on August 27, 2004 requiring Federal agencies comply with
More informationOUTLOOK WEB ACCESS (OWA) AND SSL VPN HOME USERS MANUAL
United States Army Special Operations Command (USASOC) Special Operations Forces Information Technology Enterprise Contracts (SITEC) OUTLOOK WEB ACCESS (OWA) AND SSL VPN HOME USERS MANUAL Prepared by:
More informationCertification Practice Statement
FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification
More informationPROTECT YOUR WORLD. Identity Management Solutions and Services
PROTECT YOUR WORLD Identity Management Solutions and Services Discussion Points Security and Compliance Challenges Identity Management Architecture CSC Identity Management Offerings Lessons Learned and
More informationWhat is DoD 8570.01 IA Workforce Compliance?
Introduction This is an information brief on the topic of DoD 8570.01 Information Assurance workforce compliance and will address the following critical areas; Information Assurance Technical (IAT) and
More informationEskom Registration Authority Charter
REGISTRATION WWW..CO.ZA Eskom Registration Authority Charter Version 2.0 applicable from 20 November 2009 Megawatt Park Maxwell Drive Sunninghill, SOUTH AFRICA, 2157 Phone +27 (0)11 800 8111 Fax +27 (0)11
More informationWorking Group on. First Working Group Meeting 29.5.2012
Working Group on Cloud Security and Privacy (WGCSP) First Working Group Meeting 29.5.2012 1 Review of fexisting i Standards d and Best Practices on Cloud Security Security Standards and Status List of
More informationSecurity Cooperation Information Portal
September 2015 https://www.scportal.us/ Contents Website... 3 Home... 3 Registration Info... 3 User Agreement... 4 SCIP Logon... 4 Digital Certificate with Name CAC or PKI users... 4 Token Users... 4 Warning
More informationGOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.
PERSONAL IDENTITY VERIFICATION (PIV) OVERVIEW INTRODUCTION (1) Welcome to the Homeland Security Presidential Directive 12 (HSPD-12) Personal Identity Verification (PIV) Overview module, designed to familiarize
More informationNICE and Framework Overview
NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to
More informationPKI Deployment Business Issues
An OASIS PKI White Paper PKI Deployment Business Issues By Amir Jafri and June Leung (FundSERV Inc.) For the Oasis PKI Member Section OASIS PKI White Paper OASIS (Organization for the Advancement of Structured
More informationEvolving Threat Landscape
Evolving Threat Landscape Briefing Overview Changing Threat Landscape Profile of the Attack Bit9 Solution Architecture Demonstartion Questions Growing Risks of Advanced Threats APT is on the rise 71% increase
More informationNIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics
NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics Jan Krhovják Outline Introduction and basics of PIV Minimum
More informationGlossary of Key Terms
and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which
More informationCAC AND KERBEROS FROM VISION TO REALITY
CAC AND KERBEROS FROM VISION TO REALITY Mil OSS Conference 2011 Dmitri Pal Sr. Engineering Manager Red Hat Inc. Aug 31, 2011 Outline Setting up context... Card authentication now Open issues Pieces of
More informationUse of Common Access Cards (CACs) from Home on Windows 7 without Middleware
Use of Common Access Cards (CACs) from Home on Windows 7 without Middleware Problem: Microsoft Windows 7 includes a native capability to read and use the newest CACbased PKI certificates without installing
More information2013 AWS Worldwide Public Sector Summit Washington, D.C.
Washington, D.C. Next Generation Privileged Identity Management Control and Audit Privileged Access Across Hybrid Cloud Environments Ken Ammon, Chief Strategy Officer Who We Are Security software company
More informationMulti-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies
More informationInstructions for completing USFK Theater Specific Required Training
Welcome Welcome to the website designed to facilitate completion of mandatory training that arriving personnel and units assigned to, rotating to, or in temporary duty status to USFK must complete prior
More informationSmart Card Setup Guide
Smart Card Setup Guide K Apple Computer, Inc. 2006 Apple Computer, Inc. All rights reserved. Under the copyright laws, this manual may not be copied, in whole or in part, without the written consent of
More informationSmart Phones Need Smart Security
Fall 2012 Volume 3, Issue 3 Published quarterly by DoD PKE The PKE Quarterly Post Smart Phones Need Smart Security In This Issue Combined Endeavor... 3 Risks of Software Certificates... 4 Alternate Revocation
More informationIdentity & Privacy Protection
Identity & Privacy Protection An Essential Component for a Federated Access Ecosystem Dan Turissini - CTO, WidePoint Corporation turissd@orc.com 703 246 8550 CyberSecurity One of the most serious economic
More informationImprovements Needed With Host-Based Intrusion Detection Systems
Report No. DODIG-2012-050 February 3, 2012 Improvements Needed With Host-Based Intrusion Detection Systems Warning This report is a product of the Inspector General of the Department of Defense. Its contents
More informationU.S. Department of Veterans Affairs / Department of Defense. October 14-18, 2013
October 14-18, 2013 1 ebenefits Briefing Training Objectives ebenefits overview Obtain Premium account 2 ebenefits Briefing Overview The ebenefits portal (www.ebenefits.va.gov) is a joint Department of
More informationSingle Sign-On. Security and comfort can be friend. Arnd Langguth. alangguth@novell.com. September, 2006
Single Sign-On Security and comfort can be friend. Arnd Langguth alangguth@novell.com September, 2006 Identity proliferation in the enterprise Password management problem How many passwords do you have?
More informationassociate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.
Foundations for secure e-commerce (bmevihim219) Dr. Levente Buttyán associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationhttps://militarycac.com/dodcerts.htm
MilitaryCAC's Information on the importance of DoD Certificates#316a https://militarycaccom/dodcertshtm Page 1 of 11 Search MilitaryCAC: Site Map Search com us ml mobi net org Please Also available at:
More informationUtilizing the DoD PKI to Provide Certificates for Unified Capabilities (UC) Components. DISA NS2 Capabilities Center November 3, 2011 Revision 1.
Utilizing the DoD PKI to Provide Certificates for Unified Capabilities (UC) Components DISA NS2 Capabilities Center Revision 1.2 Change Table Change Date Author Removed references to RTS and replaced with
More informationSecuring Administrator Access to Internal Windows Servers
Securing Administrator Access to Internal Windows Servers Contents 1. Introduction... 3 2. PKI implementation... 3 Require two-factor authentication for computers... 3 Require two-factor authentication
More informationArmy Internet-Based Training: Public Key Infrastructure And Information Security Requirements
Army Internet-Based Training: Public Key Infrastructure And Information Security Requirements Major Alan L. Gunnerson United States Army Distributed Learning Program (TADLP) Fort Monroe, Virginia 23651
More informationSUBJECT: systems. in DoD. capabilities. d. Aligns identity. (Reference (c)). (1) OSD, the Staff and
Department of Defense INSTRUCTION NUMBER 8520.03 May 13, 2011 ASD(NII)/DoDD CIO SUBJECT: Identity Authentication for Information Systems References: See Enclosure 1 1. PURPOSE. In accordance with the authority
More information