Defense Information Systems Agency A Combat Support Agency. Identity and Access Management (IdAM): Consistent Access to Capability

Similar documents
Agenda. DoD PKI Operational Status DoD PKI SIPRNET Token. Interoperability Public Key Enablement. Dynamic Access

NATIONAL DIRECTIVE FOR IDENTITY, CREDENTIAL, AND ACCESS MANAGEMENT CAPABILITIES (ICAM) ON THE UNITED STATES (US) FEDERAL SECRET FABRIC

GCMP 2012, Volume I. Defense Information Systems Agency (DISA) GIG Convergence Master Plan 2012 (GCMP 2012) Volume I

Department of Defense INSTRUCTION

Department of Defense Information Enterprise Architecture (DoD IEA) Version 2.0

Identity, Credential, and Access Management. An information exchange For Information Security and Privacy Advisory Board

DoD CIO ITSM Overview Enterprise Architecture Conference

The DoD Information Enterprise Strategic Plan and Roadmap (SP&R)

A Combat Support Agency

Department of Defense NetOps Strategic Vision

The Department of Defense Strategy for Implementing the Joint Information Environment

Department of Defense Net-Centric Services Strategy

How To Make A Theater Forest More Functional

DoD IT Enterprise Strategy and Roadmap Department of Defense (DoD) Information Technology (IT) Enterprise Strategy and Roadmap

Cloud Computing Strategy

How To Improve The Defense Communications System

An Operational Architecture for Federated Identity Management

SUBJECT: Joint Information Environment Implementation Guidance

Forge.mil Overview. Software Engineering Collaborator's Exchange. Tom Morton Forge.mil Chief Engineer

Department of Defense DIRECTIVE. SUBJECT: Management of the Department of Defense Information Enterprise

U.S. Army Identity and Access Management (IdAM) Reference Architecture (RA)

Common Operating Environment (COE) and Global Information Grid (GIG) Enterprise Services (GES) Mr. Rob Walker 24 September 2003

Department of Defense DIRECTIVE

Digital Policy Management Framework for Attribute-Based Access Control

Human Resources Management. Portfolio Management Concept of Operations

FROM THE DOD CIO. Teresa M. Takai, DoD CIO

Cloud Computing Strategy

Department Of Defense (DoD) Enterprise Service Management Framework. Edition III. 22 Jan 15

Active Directory Optimization Reference Architecture

DoD CIO s 10-Point Plan for IT Modernization. Ms. Teri Takai DoD CIO

Turning Portfolio Management into Decisions

United States Department of Defense

The DoD CIO Charter:

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN UNITED IN SERVICE TO OUR NATION

Unified Capabilities (UC)

Department of Defense INSTRUCTION. SUBJECT: Information Technology Portfolio Management Implementation

Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

DECC Montgomery. Mr. Chris Kemp Director May 2009

DISA Testing Services for the Enterprise. Luanne Overstreet

MHS Health Information Technology Transformation March 1, 2016

Electronic Commerce Conference. PKI Sub-Group. Issue Paper

Department of Defense INSTRUCTION

Unified Capabilities (UC)

Department of Defense DIRECTIVE

2. APPLICABILITY AND SCOPE

GFIPM & NIEF Single Sign-on Supporting all Levels of Government

Cloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent

Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC)

Department of Defense INSTRUCTION

Cloud Computing and Enterprise Services

Joint Training Enterprise Architecture

Strategy Research Project

Partnering with Small Business

Conceptual Model for Enterprise Governance. Walter L Wilson

Office of the Chief Information Officer Department of Energy Identity, Credential, and Access Management (ICAM)

Department of Defense SHA-256 Migration Overview

Department of Defense INSTRUCTION

Test Plan for Department of Defense (DoD) Public Key Infrastructure (PKI) Interagency/Partner Interoperability. Version 1.0.3

Administering the Web Server (IIS) Role of Windows Server

Configuring DoD PKI. High-level for installing DoD PKI trust points. Details for installing DoD PKI trust points

Administering the Web Server (IIS) Role of Windows Server 10972B; 5 Days

Chief Review Services REVIEW OF DND/CF INFORMATION SECURITY. October (CRS) Canada

IT Governance Overview

Air Force SOA Enterprise Service Bus Study Using Business Process Management Workflow Orchestration for C4I Systems Integration

DoD s Strategic Mobility Vision: Needs & Challenges

Department of Defense. SUBJECT: Interoperability and Supportability of Information Technology (IT) and National Security Systems (NSS)

DOE Joint ICAM Program - Unclass & Secret Fabrics

Committee on National Security Systems

Department of Defense Net-Centric Data Strategy

What is Unified Capabilities?

U.S. Army Enterprise Cloud Computing Reference Architecture

10972B: Administering the Web Server (IIS) Role of Windows Server

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION

DoD ESI & The Joint Information Environment (JIE)

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C

RMF. Cybersecurity and the Risk Management. Framework UNCLASSIFIED

NICE and Framework Overview

Enterprise Architecture in the Intelligence Community:

Defence Identity and Access Management Strategy 2010 A sub-strategy of the MOD Information Strategy

Marine Corps. Commercial Mobile Device Strategy

U.S. Army Network Operations Reference Architecture. (Aligned to the DOD Enterprise)

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

Designing and Implementing Cloud Governance: Cloud, and Cloud Governance, are Emerging Capabilities

Identity, Credential, and Access Management at NASA, from Zachman to Attributes

Department of Defense Information Sharing Implementation Plan

Agency for State Technology

ENTERPRISE COMPUTING ENVIRONMENT. Creating connections THROUGH SERVICE & WORKFORCE EXCELLENCE

Government Smart Card Interagency Advisory Board Moving to SHA-2: Overview and Treasury Activities October 27, 2010

Department of Defense INSTRUCTION. Security of Unclassified DoD Information on Non-DoD Information Systems

Defense Message System Messaging, Directory Services, and Security Services

DoD Joint Information Enterprise

DISA's Application Security and Development STIG: How OWASP Can Help You. AppSec DC November 12, The OWASP Foundation

Transcription:

Defense Information Systems Agency Identity and Access Management (IdAM): Consistent Access to Capability 17 August 2011

Disclaimer The information provided in this briefing is for general information purposes only. It does not constitute a commitment on behalf of the United States Government to provide any of the capabilities, systems or equipment presented and in no way obligates the United States Government to enter into any future agreements with regard to the same. The information presented may not be disseminated without the express consent of the United States Government. UNCLASSIFIED UNCLASSIFIED 2

Secure Net-Centric Information Sharing Goals Operational Effectiveness Increase Warfighter access to required information and services, especially across organizational and security boundaries Increase network flexibility, allowing for rapid response to operational conditions Information Security Drive out anonymity via strong cryptographic authentication (PKI) Standardize access policies to enable more consistent access decisions Efficiencies Reduce duplicative costs associated with existing stove-piped and redundant identity and access management systems Increase agility and interoperability with the implementation of commercial standards 3

IdAM Strategic Vision Strong authentication Traceability back to the user Automated authorization decisions Automated user account provisioning Attribute Based Access Control (ABAC) 4 These characteristics, when added together, make it easy, agile, and inexpensive to share information within the DoD, and safe to share with coalition partners 4

IdAM Vision The scope of DoD IdAM (Figure 1) aligns with guidance provided in the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance, Version 1.0, November 10, 2009 Source: Draft Identity and Access Management and Access Control Target State and Vision (DoD CIO, March 2011) 5

Identity Management Provide Enterprise IdAM IdAM High-Level Capability Model DoD CIO Commander s Intent Target State & Vision IdAM Objective Architecture DoD Policy Update (8500, 8320.02) IPM CONOPS Attribute Mgt CONOPS ICAM Transition Plan Access Management Manage Digital Identity Authenticate Users Authorize Access to Resources Fundamental IdAM Capabilities Enterprise Attribute Management Enterprise Attribute Services Account Provisioning Enterprise User Accounts PKI PKE Development Support Tools Early Adopter Support Authorization Policy Management Digital Policy Management User Network Access Control ABAC Services Development Support Tools Early Adopter Support Each capability is achieved through a set of roadmap task areas related to policy, governance, and technical implementation Near-term outcome for the DoD IT Enterprise Strategy and Roadmap (ITESR) - create the core IdAM infrastructure to provide the common foundation for these capabilities 6

Accessing Enterprise Services Domain Controller With DoD Visitor Software Loaded DoD Networks... enable secure net-centric information sharing Enterprise Services/ Applications/Information Sources Enterprise Collaboration Machine-to-Machine Messaging Data Services Environment Enterprise Search/Enterprise Catalog Enterprise Email Enterprise SharePoint Non-DoD Identity Management Policy Enforcement Point (PEP) Policy Decision Point (PDP) Policy Store Identity Synchronization Service (IdSS) Enterprise Active Directory Service Forest (EASF) BBS Downloader DoD Attribute Broker DoD Enterprise/COI Attribute Services Deployed Attribute Services Cache Wholesalers Web Service Interface DMDC GFM DI Resource Attributes 7 Enterprise/COI Attributes Cache UNCLASSIFIED Resource Attributes Cache DMDC Attribute Sources 7

IdAM Portfolio Roles and Responsibilities DoD IdAM Task Force (DoD CIO) Task Owners: DoD CIO, DISA, DMDC, NSA, CC/S/As DISA IdAM Portfolio Manager (PEO-GES) Task Owners: PEO-GES, PEO-MA, CSD Focus Areas Governance Access Policies Technical Capabilities Enterprise Attribute Services Account Provisioning Services Public Key Infrastructure (PKI)/Public Key Enablement (PKE) Digital Policy Management Attribute Based Access Control (ABAC) Services 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information