Interagency Advisory Board Meeting Agenda, August 25, 2009

Transcription

1 Interagency Advisory Board Meeting Agenda, August 25, Opening Remarks 2. Policy, process, regulations, technology, and infrastructure to employ HSPD-12 in USDA (Owen Unangst, USDA) 3. Policy and infrastructure for PIV use for Logical Access (Tim Baldridge, NASA) 4. NIST Update (Bill Macgregor, NIST) a) Recent Publications b) Safeguards built into PIV, and SP recommendations 5. Leveraging Open Identity Standards for Gov t Interaction with American citizens (Chris Louden) 6. Closing Remarks

2 USDA - Identity and Access Management (IAM) August 2009

3 Historical Identity & Access Management

4 Today s Identity & Access Management

5 Credential Management

6 USDA s Glue Tying It All Together 8

7 Updating Our Person Model

8 Explaining USDA s RBAC 10

9 Endpoint Security Agent Host-Based Firewall Health Check 802.1x Supplicant Endpoint Security Agent Host-Based Firewall Health Check 802.1x Supplicant Host-Based Firewall Health Check 802.1x Supplicant Explaining Network Admission Control United States Government Bloggs, Joseph OCT2012 USDA Affiliation Contractor Agency/Department Department of Agriculture Expires 2012OCT22 G Endpoint Security Agent Remote Access USDA Enterprise Directory Host-Based IPS SSL VPN NAC Agent VPN User Roles Health Check: Pass 11 BigFix Anti-X Patch Management Disk Encryption FDCC File Integrity Checking Host-Based FW Host-Based IPS Data Loss Prevention Host-Based IPS SSL VPN Local Access Host-Based IPS SSL VPN Wireless Wireless Access Point Wired IDS Distribution Layer Switch Network Access Controller ASOC Auditing and Reporting Health Check: Fail Remediate

10 Includes draft policies, procedures, technologies, organizational impacts, etc. IAM Strategic Planning

11 IAM Project Execution

12 Business Case Concept

13 NAC Roadmap 15

14 Detailed Project Plans Stage 3: Solution Installation During Stage 3, installation of the solution will occur in a development environment, a QA/Test (QA) environment, a certification environment, and production environment. An efficient and effective deployment strategy requires that all four environments shall be created to support the deployment lifecycle of the solution. 1. Create the four identified environments. 2. Prepare the environments a. Verify that all systems are accessible, operational and patched based on minimum requirements b. Schedule all required Government interfaces c. Validate Business Requirements and Test Cases d. Validate hardware e. Validate software/licenses f. Walk through of the implementation plan with Government technical staff g. Verify existing infrastructure 3. Install and configure the vendor solution in the designated Government environments. Stage 4: Solution Development and Integration During this Stage, for the initial development environment and for each subsequent environment selected by the Government the project team will address the following as documented in the SAS or in the detailed Role Designs created in Stage 2, as well as in the Assumptions and the Government-Specific Parameters section. 16

15 Network Admission Control- Logical Architecture 17

16 NAC General Concept or IG 18

17 Everything is Architected & Planned!

18 Problems & Opportunities Projected Problem Time

19 USDA s IAM Vision

20 Questions?