age e Keith Glennan VP & CTO Northrop Grumman keith.glennan@ngc.com



Similar documents
Leveraging Authentication

Department of Defense PKI Use Case/Experiences

How To Become A Northrop Grumman Supplier

How To Do Business With Northrop Grumman

NDIA Program Management

The Convergence of IT Security and Physical Access Control

Northrop Grumman Today. October 2013

Identity, Credential, and Access Management. An information exchange For Information Security and Privacy Advisory Board

Operation IMPACT (Injured Military Pursuing Assisted Career Transition)

Rapheal Holder From Platform to Service in the Network Centric Value Chain October 23, Internal Information Services

Northrop Grumman ecatalog/purchasing Card Supplier Enablement Guide Global Procurement Services

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

PROTECT YOUR WORLD. Identity Management Solutions and Services

The Convergence of IT Security and Physical Access Control

Bridging the HIPAA/HITECH Compliance Gap

Developing the Corporate Security Architecture. Alex Woda July 22, 2009

Information Technology Policy

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT

Security as Architecture A fine grained multi-tiered containment strategy

Establishing A Multi-Factor Authentication Solution. Report to the Joint Legislative Oversight Committee on Information Technology

Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

OPENIAM ACCESS MANAGER. Web Access Management made Easy

Provide access control with innovative solutions from IBM.

Strengthen security with intelligent identity and access management

Office of the Chief Information Officer Department of Energy Identity, Credential, and Access Management (ICAM)

Certified Identity and Access Manager (CIAM) Overview & Curriculum

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Role Based Identity and Access Management Basic Infrastructure for New Citizen Services and Lean Internal Administration

How To Improve Your Business

Executive Summary P 1. ActivIdentity

<Insert Picture Here> Oracle Identity And Access Management

Department of Defense INSTRUCTION. SUBJECT: Public Key Infrastructure (PKI) and Public Key (PK) Enabling

CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION. Architecture Framework Advisory Committee November 4, 2014

UNCLASSIFIED R-1 ITEM NOMENCLATURE

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

Defence Identity and Access Management Strategy 2010 A sub-strategy of the MOD Information Strategy

Interagency Advisory Board Meeting Agenda, March 5, 2009

Data Security and Healthcare

Michigan Criminal Justice Information Network (MiCJIN) State of Michigan Department of Information Technology & Michigan State Police

Surviving the Era of Hack Attacks Cyber Security on a Global Scale

Government Smart Card Interagency Advisory Board Moving to SHA-2: Overview and Treasury Activities October 27, 2010

Alex Wong Senior Manager - Product Management Bruce Ong Director - Product Management

Single Sign-On. Security and comfort can be friend. Arnd Langguth. September, 2006

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

SAN DIEGO S DEFENSE INDUSTRY AT A GLANCE

When millions need access: Identity management in an increasingly connected world

An Operational Architecture for Federated Identity Management

Cisco Cloud Enablement Services for Education

Strategies for assessing cloud security

Michigan Criminal Justice Information Network (MiCJIN) State of Michigan Department of Information Technology & Michigan State Police

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 9 R-1 Line #139

Sun Infrastructure Solution for Network Identity Seamlessly extend secure access to your enterprise fast, with reduced deployment time and cost

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

INCIDENT RESPONSE CHECKLIST

Secure Mobile Solutions

Deploying an Information Sharing Solution that Promotes Cross-Enterprise Collaboration without Compromise

Shared Services Canada (SSC)

Authentication: Password Madness

Northrop Grumman Cybersecurity Research Consortium

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

Defending Against Data Beaches: Internal Controls for Cybersecurity

Cloud Security: Is It Safe To Go In Yet?

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT

HP Identity Management for manufacturing companies

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE

Cloud Security Trust Cisco to Protect Your Data

INTEGRATING THE TWO WORLDS OF PHYSICAL AND LOGICAL SECURITY

The Imperative for High Assurance Credentials: State Identity Credential and Access Management (SICAM) Guidance and Roadmap

Audio: This overview module contains an introduction, five lessons, and a conclusion.

Cloud SSO and Federated Identity Management Solutions and Services

Service Oriented Architecture (SOA) An Introduction

Securing the Microsoft Cloud

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Cybersecurity and internal audit. August 15, 2014

DEPARTMENTAL REGULATION

Accelerate Your Enterprise Private Cloud Initiative

Entrust Secure Web Portal Solution. Livio Merlo Security Consultant September 25th, 2003

Managing Open Source Code Best Practices

Delivery date: 18 October 2014

Visual Enterprise Architecture

McAfee Security Architectures for the Public Sector

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

Identity & Privacy Protection

CA Technologies Solutions for Criminal Justice Information Security Compliance

Knowledge Management from a

Adopting Cloud Computing with a RISK Mitigation Strategy

U.S. Department of Energy Washington, D.C.

Statement of James Sheaffer, President North American Public Sector, CSC

Supplier Security Assessment Questionnaire

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Presentation: May 15 th 2013 Location: Saskatoon Speaker: Robert Picard. Airport Expertise. Holistic Approach to IT Solutions Automation Intelligence

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

SIEM Implementation Approach Discussion. April 2012

APPENDIX C - PRICING INDEX DIR-SDD-2514 VERIZON BUSINESS NETWORK SERVICES, INC SERVICES

How To Be An Architect

Manage and secure your workplace by controlling who, what, when, why, where and how people are allowed in your facility. Marquee

from PKI to Identity Assurance

FTA Technology 2009 IT Modernization and Business Rules Extraction

Transcription:

Toward Federated d Identity ty Management age e Keith Glennan VP & CTO Northrop Grumman keith.glennan@ngc.com

Agenda Northrop Grumman Securing the Enterprise Security & Identity Management Highlights Northrop Grumman OneBadge Overview Federated Identity Service Model Multi-Layer Security across the enterprise Agencies Migration to IT Transformation Federation rivers Transglobal Secure Collaboration Program (TSCP) TSCP s Strategic Plan evelopment Business riven TSCP Objectives: eploying Capabilities to the Programs Lessons Learned - Recommendations

Five Operating Sectors Aerospace Systems Electronic Systems Information Systems Shipbuilding Technical Services Large Scale Systems Integration C 4 ISR Unmanned Systems Airborne Ground Surveillance / C2 Naval BMC2 Global / Theater Strike Systems Electronic Combat Operations Radar Systems Command & Control Systems Support esigning some of the world s most sophisticated war-fighting Systems tools, from stealth fighters and airborne surveillance Base systems and Infrastructure to C 4 ISR Support nuclear powered aircraft carries and submarines Network Communications Range Operations Electronic Warfare to our national defense Intelligence, Surveillance & Reconnaissance Systems Maintenance Support Naval & Marine Systems Securing the most sensitive systems and networks that are critical Establishing interoperable trust mechanisms of our employees, our contractors, our suppliers, our customers and our partners Training and Simulations Enterprise Systems Navigation & Guidance and Security Technical and Trustworthy and authorized to access systems and Operational resources Support Military Space Proper due diligence IT/Network Outsourcing in checking their identities and Live, Virtual and Constructive omains backgrounds for the protection of sensitive information Timely notification for de-provisioning identities from our systems and facilities Government Systems Life Cycle Optimization

Security & Identity Management Highlights Priority Corporate IM Goals What problems are we trying to address? Advanced Persistent Threat: Government and community yproblem to mitigate exposure of enterprise Cyber Threats and comply with new regulations Authentication: Strengthening Authentication across the enterprise with IM Solutions Identity Assurance: Proofing and Vetting and the Global Supply chain Federation & Next Gen Identity: Secure Collaborated e-mail, data rights management Northrop Grumman s Identity Management PMO What is the Solution? Federated Common Identity Policy: Northrop Grumman Federated Identity Management Policies aligned with O and Federal Identity Policies Multi-Layer Security: Multi-Layered approach to provide additional security layers across our networks, systems, facilities, data, intellectual property and information assets IM Solutions: A single device that supports multiple authentication methods and enforces IM polices across the enterprise and supply chain. Identity Service elivery Model How is this packaged? Communication i Strategy: Comprehensive communication plan addressing our Corporate IM Goals and Objectives, our IM Solution and the value proposition Service Optimization: Identifying business model for the new Security & Identity Management services Cost Control and Recovery: Enterprise cost savings through enterprise deployment of Identity Management Solutions while at the same time recover the cost of our investment through Six Sigma Teams

Northrop Grumman OneBadge Northrop Grumman s OneBadge is the corporate identification smart card that is being phased in across the enterprise as a component of the Enterprise IM system. The OneBadge system provides: Secure Authentication. OneBadge is a dual interface smart card that supports multiple secure authentication methods and enables enforcement of Northrop Grumman IM policies. Physical Access. Magnetic stripe and HI proximity technologies allow physical access to Northrop Grumman facilities. Logical Access. Includes dual PKI certificates, single sign-on applet, and on-board OTP for remote access to Northrop Grumman s systems, applications and networks. Federated Access. The OneBadge system is enabled for federated access to government and other contractor and supply chain systems via CertiPath, which is cross-certified to the Federal PKI bridge. Alignment to Federal Standards. OneBadge card complies with technology standards and is aligned with policies related to HSP-12/PIV as well as o identity management policies.

Federated Identity Service Model Users 1 Provision Identity 2 iscovery/provision 3 Role Segregation y Resource iscovery igital Enrolment Service Enable External LOBs Provisioning g PIV Internal Users are any authorized consumer of resources including i l di employees, teams, Cleared Security - LRAs $ xx Server Admins Procurement $ xx Non-Cleared $ xx Background HR Check Services ocument New Projects Authentication Services partners and other application services Move Routine User Administration 4 Locations PKI Authority Resources are any consumable information asset including data, pp logic, g, web application services and physical devices BAE Systems Rolls-Royce EAS Netherlands Ministry of efence LM Raytheon Ministry of efence Termination NGC Resource Retirement Boeing Certipath Gateway 6 e-provisioning 5 Usage Federal Bridge Click for Vignette o Bridge

Multi-Layer Security across the enterprise Multi-Layered approach to provide additional security layers across our networks, systems, facilities, data, intellectual property and information assets Local or Remote User Remote & esktop Login Credential & Rights Management Network Controls Credential Management Centralized Public Key Infrastructure ata Monitoring & Protection Systems Corporate Access Card User Building Access User and Privilege Management Automated Provisioning Rolls-Royce Raytheon BAE Systems Netherlands Ministry of efence EAS LM Strong Authentication OneBadge & igital Shield IM Vault Unique Personal Identifier Host-Based Intrusion Protection Systems NGC Ministry of efence Certipath Gateway Federal Bridge Boeing Click for Vignette o Bridge

Agencies Migration to IT Transformation Agencies are Migrating from Stove Pipe Infrastructure t Enterprises. Agencies IT Strategic Plans reflect migration to transformed IT infrastructure t to comply with mandates procurements reflect these plans To Transformed Legacy Infrastructure Enterprise Enabled by IM O J O H S O J O H S Common Secure Infrastructure Agency enterprises have invested in vertical stovepipe infrastructures that are application-based and non-compliant to emerging security and IM mandated standards. Agencies Business Model will shift from an application- based to an identity-based model and provide a common secure e infrastructure across the Net Centric enterprise as they comply with government- wide directives and initiatives. Migration from stovepipe infrastructures to a common secure Net Centric Enterprise

Federation rivers o raft Instruction on Identity Management extends HSP-12, HSP-23, HSP-24, OMB Level 4 VERY HIGH assurance to data on industry networks. Significance: Should affect o contracts; proposed solutions without industry involvement might conflict with internal identity management solutions Industry seeks clear and concise contract language across all o programs to ensure consistent contractor interpretation of requirements for identity management Significance: Without coordinated solutions could result in stove-piped solutions increased cost & risk Major questions exist on implementation timelines, compliance targets, contract management, funding and effects on existing contracts. Significance: Impacts cross-industry supply chain This coupled with other access/identity management actions are the drivers to establishing TSCP

Transglobal Secure Collaboration Program Government-industry partnership specifically focused on mitigating the risks related to compliance, ce, complexity, cost and IT that are inherent in large-scale, collaborative programs that span national jurisdictions. To do business in the world today, A& companies must balance the need to protect intellectual property (IP) while demonstrating willingness and ability to meet contractual requirements from government customers for auditable, identity-based, secure flows of information. Common Framework for Federated Collaboration Identity Management & Assurance: Provide assurance that collaborative partners can be trusted Meet government agencies emerging requirements for identity assurance across domains Establish common credentialing standards that accommodate and span national jurisdictions Protect personal privacy data of employees ata Protection: efine fine grain access right attributes for data labeling and data rights management Establish Application Awareness emonstrate compliance with export control regulations Protect corporate IP in collaborative and other information sharing programs Facilitate Secure Collaboration: Provide collaborative toolsets that will interoperate with customers and suppliers Facilitate re-use collaborative capabilities among multiple programs

Background The Transglobal Secure Collaboration Program (TSCP) established in 2002 TSCP is the only government-industry partnership of its kind founded to specifically address and mitigate the risks of compliance, complexity and costs inherent in Programs requiring large-scale, collaborative IT capabilities and address Aerospace & efense s (A&) security issues that span national boundaries. TSCP A& Participation Includes: Industry TSCP members represent a sizable consumer community TSCP members combine their need for standards-based solutions with their buying power to influence vendors to address TSCP identity and security requirements. Example: Microsoft, now working with TSCP, is addressing an authentication gap in their product in an upcoming release. Individual companies had not been successful in obtaining this change TSCP Governance Board TSCP Support Team Government UK Ministry Of efense GSA - Government Services b f l i b i i hi h TSCP Government Participation Administration US epartment Of efense (o) NL Ministry Of efense TSCP Provides a Unique Industry / Government Working Together Forum

TSCP s Strategic Plan evelopment Business riven Holistic Approach to Addressing Common Security Concerns - Identity Management - Information Protection f i b li Export Control Regulations Areas of Common Business Challenge Privacy Company Policies Advance Persistent Threats - Information Labeling. Eg. ITAR, Eg. Privacy Act of Company-specific HSP 7, Export Control 1974, ata Protection Act. Act.. policies cooperation with the o & Industry Common Framework: Prioritized Areas of TSCP Attention TSCP Strategic Objectives Strategic Architecture Information Management eg. IAP Secure Electronic Exchange ocument sharing Secure e-mail Identity & Access Management Eg. Web authentication Capability Roadmaps, Action Plans and Project Schedules Execution and eployment Common Operating Rules, Governance & Oversight Tools & Skills Supportive Business Practices

TSCP Objectives: eploying Capabilities to the Programs 2003 TSCP Roadmap. 2007 2008 2009-2010 TSCP Roadmap Phase 1 Secure Collaboration Framework Generic MZ Requirements TSCP Roadmap Phase 2 Export Compliance and Collaborative Identity Mgmt Commercial Bridge Requirements Phase 3 Present Validation through Pilots/Prototypes evelopment of international policy on identity management Increasing international engagement with governments, companies and vendors Transition to production CertiPath, Secure Email, ocument Sharing Acceptable export compliance rule sets to enable decision making TSCP Member Test & Production Environments Enterprise Secure Information Sharing Collaboration Focused Architecture A& Secure Email Army Navy Air Force New Business War Fighter & other Programs Identification Authentication Authorization Information Application Operating System Network Physical Information Rights Single Sign-On AZN Services irectory Access Provisioning Services Bridge CAs Company Enterprise O Cross Certification Access Management/ Secure Badge SiteMinder Programs Programs Programs Proposals Proposals Share Point Secure Email O JITC Certification Enterprise Secure Information Sharing Microsoft Geneva AFS MS Team Center Contractor Credential Certification MS Office Portals Enterprise Supplier Portal Company Portals Share Centers ata Apps

Lessons Learned - Recommendations Embrace and implement Federated Common Identity Standards Address Priority Goals and keep on target Communicate, Communicate, Communicate Implement and deploy in quarterly measurable increments Communicate, Communicate, Communicate Partner with internal organizations Industrial Security, INFOSEC, IT, HR, Unions etc. Communicate, Communicate, Communicate Participate in Government-industry partnerships that span national jurisdictions Foster Information Exchanges with your peers Communicate, Communicate, Communicate

Thank You Keith Glennan VP & CTO Northrop Grumman keith.glennan@ngc.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information