The Wang DMS/DII High Assurance Guard. PRODUCT PLAN (Draft)



Similar documents
Deep-Secure Mail Guard Feature Guide

Defense Message System Messaging, Directory Services, and Security Services

Ciphire Mail. Abstract

PKI in Large Scale Environments A Look at DMS. George Hoover Jayne Schaefer PKI/KMI (480) jayne.schaefer@motorola.com

Exploring ADSS Server Signing Services

NetIQ Privileged User Manager

GETTING STARTED GUIDE Exclaimer Anti-spam

ESET Mail Security 4. User Guide. for Microsoft Exchange Server. Microsoft Windows 2000 / 2003 / 2008

SysPatrol - Server Security Monitor

ITA Mail Archive Setup Guide

Smart Card Authentication. Administrator's Guide

HP A-IMC Firewall Manager

Technical White Paper BlackBerry Enterprise Server

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

General Hardware Requirements Workstation Requirements Application / Database Server Requirements Storage Requirements...

NetIQ Identity Manager

LiteCommerce Authorize.Net Module. Version 2.4

Personal Computer Standard. National Infrastructure Group. National Infrastructure Group, ehealth Leads, ehealth Architecture and Design.

Electronic Mail Security. Security. is one of the most widely used and regarded network services currently message contents are not secure

המרכז ללימודי חוץ המכללה האקדמית ספיר. ד.נ חוף אשקלון טל' פקס בשיתוף עם מכללת הנגב ע"ש ספיר

User Guide. DocAve Lotus Notes Migrator for Microsoft Exchange 1.1. Using the DocAve Notes Migrator for Exchange to Perform a Basic Migration

DISA's Application Security and Development STIG: How OWASP Can Help You. AppSec DC November 12, The OWASP Foundation

StreamServe . User Guide SP2 Rev A

NetIQ Identity Manager

Terminal Server Software and Hardware Requirements. Terminal Server. Software and Hardware Requirements. Datacolor Match Pigment Datacolor Tools

THE BCS PROFESSIONAL EXAMINATIONS BCS Level 6 Professional Graduate Diploma in IT. April 2009 EXAMINERS' REPORT. Network Information Systems

How To Test For Performance And Scalability On A Server With A Multi-Core Computer (For A Large Server)

CONTROL YOUR INFORMATION BEFORE IT CONTROLS YOU

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Monitoring Agent for Microsoft Exchange Server Fix Pack 9. Reference IBM

NETWRIX EVENT LOG MANAGER

MailMarshal SMTP in a Load Balanced Array of Servers Technical White Paper September 29, 2003

Using the Message Releasing Features of MailMarshal SMTP Technical White Paper October 15, 2003

Minimum Requirements for Cencon 4 with Microsoft R SQL 2008 R2 Express

Configuring Security for SMTP Traffic

Alliance Key Manager Solution Brief

F-Secure Messaging Security Gateway. Deployment Guide

Recording Server Monitoring Tool

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

Reform PDC Document Workflow Solution Streamline capture and distribution. intuitive. lexible. mobile

Designing a Microsoft SharePoint 2010 Infrastructure

Request for Comments: Category: Experimental NSA February 2000

Introduction. Connection security

Sage CRM Technical Specification

DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE EXTERNAL CERTIFICATION AUTHORITY MASTER TEST PLAN VERSION 1.0

December 21, The services being procured through the proposed amendment are Hosting Services, and Application Development and Support for CITSS.

EMC Celerra Version 5.6 Technical Primer: Public Key Infrastructure Support

Sage ERP MAS 90 Sage ERP MAS 200 Sage ERP MAS 200 SQL. Installation and System Administrator's Guide 4MASIN450-08

Release Notes. Cloud Attached Storage

Sage CRM Technical Specification

Archive-SeCure 1600 for Small Businesses

Network FAX Driver. Operation Guide

HP IMC Firewall Manager

Document Digital Signature

SyncThru TM Web Admin Service Administrator Manual

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

Managing and Maintaining a Windows Server 2003 Network Environment

Quick Setup Guide. 2 System requirements and licensing Kerio Technologies s.r.o. All rights reserved.

Cyber Security Practical considerations for implementing IEC 62351

SPAMfighter SMTP Anti Spam Server

How To Use Gfi Mailarchiver On A Pc Or Macbook With Gfi From A Windows 7.5 (Windows 7) On A Microsoft Mail Server On A Gfi Server On An Ipod Or Gfi.Org (

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

McAfee Firewall Enterprise 8.2.1

Sage CRM Technical Specification

Bode Collection Point Electronic DNA Sample Information Program Technical Specifications

FileMaker Server 7. Administrator s Guide. For Windows and Mac OS

Product Version 1.0 Document Version 1.0-B

HYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2

Oracle Database Security Myths

How to use Certificate in Microsoft Outlook

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

SSL SSL VPN

NetIQ Free/Busy Consolidator

MailEnable Scalability White Paper Version 1.2

LICENSE4J LICENSE MANAGER USER GUIDE

Module: Sharepoint Administrator

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version to 2.0

Technical Certificates Overview

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

FIPS Security Policy LogRhythm Log Manager

alcatel-lucent vitalqip Appliance manager End-to-end, feature-rich, appliance-based DNS/DHCP and IP address management

Device Log Export ENGLISH

Solution Brief FortiMail for Service Providers. Nathalie Rivat

Device Monitoring Configuration 12/28/2007 2:15:00 PM - 1/11/2008 2:15:00 PM

How To Upgrade To Symantec Mail Security Appliance 7.5.5

How to Install Microsoft Mobile Information Server 2002 Server ActiveSync. Joey Masterson

IBM Tivoli Composite Application Manager for Microsoft Applications: Microsoft Exchange Server Agent Version Fix Pack 2.

Common Driver Administration Guide. Identity Manager 4.0.2

Installation & Configuration Guide Version 1.0. TekSMTP Version Installation & Configuration Guide

All Information is derived from Mandiant consulting in a non-classified environment.

Windows Server 2008 R2 Essentials

5053A: Designing a Messaging Infrastructure Using Microsoft Exchange Server 2007

User s Manual. Management Software for ATS

PRIMEQUEST Integration

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

Reference Guide for Security in Networks

About this Course This 5 day ILT course teaches IT Professionals to design and deploy Microsoft SharePoint 2010.

An Introduction to Secure . Presented by: Addam Schroll IT Security & Privacy Analyst

Transcription:

The Wang DMS/DII High Assurance Guard PRODUCT PLAN (Draft)

TS-300 and SAGE are trademarks of Wang Government Services, Inc. NEOR and MESSAGEWARE are trademarks of NEOR Limited. D500 OpenDirectory is a trademark of DataCraft Technologies Pty Ltd. All other product names mentioned herein are the trademarks of their respective owners. 2 December 9, 1998

1 DMS/DII GUARD PRODUCT RELEASES... 5 1.1 DMS GUARD RELEASE 1.4.1... 5 1.2 DII GUARD RELEASE 2.2.1... 5 1.3 DII GUARD RELEASE 2.3.1... 6 1.4 PRODUCT AND PLATFORM SUMMARY... 6 1.5 PRODUCT DOCUMENTATION... 8 2 GUARD ACQUISITION AND INSTALLATION... 9 2.1 ORGANIZATIONS AND GENERAL RESPONSIBILITIES... 9 2.1.1 Acquisition Office... 9 2.1.2 Product Approval Authority... 9 2.1.3 DISA Accreditation Authority... 9 2.1.4 Site Accreditation Authority... 9 2.1.5 NSA Guard Program Management Office... 10 2.1.6 Wang Government Services, Inc.... 10 2.2 TS-300 PLATFORM EVALUATION... 10 2.3 DEPLOYMENT... 11 2.4 PRODUCT TRAINING... 11 3 DMS/DII GUARD FUNCTIONAL BREAKDOWN... 12 3.1 DMS/DII GUARD.500 FUNCTIONS... 12 3.2 DMS/DII GUARD.400 FUNCTIONS... 13 3.3 GUARD SMTP FUNCTIONS... 14 3.4 WANG DMS/DII GUARD PERFORMANCE IMPROVEMENTS... 15 3.5 WANG DMS/DII GUARD YEAR 2000 COMPLIANCE... 16 3 December 9, 1998

4 December 9, 1998

1 DMS/DII Guard Product Releases The objective of this document is to describe the planned evolution of the Wang DMS/DII Guard. This evolution includes both hardware and software product capabilities. 1.1 DMS Guard Release 1.4.1 The Wang DMS Guard Release 1.4.1 provides guard services that are compliant with requirements of DMS 2.0. This release offers DMS users and organizations comprehensive messaging and directory security services using the following major functional capabilities:.400 Mail Guard - Provides automatic, secure, reliable, and accountable bidirectional transfer of.400 email messages between DMS users and organizations. This includes.400 P1 protocol support, simple authentication, and MSP 3.0..500 Directory Services Guard - Provides transparent access to the.500 Directory Services. Allows users and processes to query and retrieve user information such as addresses using DAP and DSP. Support for directory information shadowing is not provided in Release 1.4.1. FORTEZZA Technology - Provides private signature and encryption keys and implements the MISSI Digital Signature Algorithm (DSA), Secure Hash Algorithm (SHA-1), Key Encryption Algorithm (KEA), and SKIPJACK Encryption Algorithm. Release 1.4.1 of the Wang DMS/DII Guard was delivered on schedule to DMS June 1998. 1.2 DII Guard Release 2.2.1 The delivery of the Wang DII Guard Release 2.2.1 is an incremental improvement over the system delivered as the DMS Guard. The Wang DII Guard Release 2.2.1 maintains the essential features of the DMS Guard and adds functionality required supporting the planned DMS 2.0A release. The distinguishing features of the Wang DII Guard Release 2.2 is the inclusion of support for directory information shadowing,.400 Dirty Word Search (DWS)/Clean Word List (CWL), filtering of email using the Simple Mail Transfer Protocol (SMTP), and filtering of MIME encoded attachments. Release 2.2.1 of the Wang DMS/DII Guard is the current Guard release and is available upon request. 5 December 9, 1998

1.3 DII Guard Release 2.3.1 The delivery of the Wang DII Guard Release 2.3 is an incremental improvement over the Wang DMS/DII Guard Release 2.2.1. The Wang DII Guard 2.3 release maintains the essential features of Release 2.2.1, supports DMS 2.0B release, ACP 120 (MSP 4.02B),.500 Strong Authentication and Signed Operations with the DMS DCL DSA; and enhances system performance through the use of a more powerful 333 Pentium II processor, multiple disk drive support, and multiple FORTEZZA cards per flow. Release 2.3 of the DII Guard is scheduled for April 1999. 1.4 Product and Platform Summary The following table, Table 2-1, summarizes the product features and platform baseline for each of the DMS/DII Wang Guard releases. A detailed breakdown of the features added to each release can be found in Section 3. 6 December 9, 1998

Table 1-1 DMS/DII Guard Product and Platform Summary Release Features Platform Wang DMS Guard 1.4.1.400 TS-300 P1 Support STOP 4.4.3 (DMS 2.0 Compliant) MSP 3.0 166 MHz Pentium Simple Authentication Single CPU.500 Dual Slotted FORTEZZA DAP Readers DSP Simple Authentication Version 1 Certificates Wang DII Guard 2.2.1 (DMS 2.0A Compliant) Wang DII Guard 2.3.1 (DMS 2.0B Compliant).400 DMS Guard 1.4.1 features MSP 4.01.500 DMS 1.4.1 features Shadowing Version 3 Certificates SDN changes SMTP MSP 3.0 MIME.400 DII Guard 2.2 features MSP 4.02B/ACP 120.500 Strong authentication Signed operations Enhanced Performance Support of multiple FORTEZZA access per flow Support of multiple disk drives TS-300 STOP 4.4.3 or 5.0 Pentium I (166) or II (333) Dual Slotted FORTEZZA Readers (multiple) 4.5-9 GB Hard Disk (multiple) TS-300 STOP 5.0 (and earlier) Pentium II L (and earlier) Single 333 MHZ CPU Dual Slotted FORTEZZA Readers.(multiple) 4.5 9 GB Hard Disk Note: This release can execute with STOP 4.4.3/Pentium I 7 December 9, 1998

1.5 Product Documentation The delivery package for the Wang DMS/DII Guard includes the following documentation: Wang Guard Installation Guide Wang Guard Trusted Facilities Manual Wang Guard Operator s Manual Wang Guard Concept of Operations Wang Guard Software Release Bulletin Wang Guard Messageware MTA Reference Manual Wang Guard Messageware MTA Administrator s Guide Wang Guard D500 OpenDirectory Server Operations Manual Wang TS-300 Pentium Installation and Setup Guide Wang TS-300 Software Release Bulleting Wang TS-300 Trusted Facility Manual Wang TS-300 User s Manual 8 December 9, 1998

2 Guard Acquisition and Installation The basic plan for Guard acquisition and installation is to follow the DMS schedule. As new capabilities are incorporated into the DMS structure, the acquisition office will solicit proposals to implement these features into the Guard. 2.1 Organizations and General Responsibilities 2.1.1 Acquisition Office The acquisition office is responsible for providing the management of the resources necessary to ensure that the Wang Guard is built and operationally successful. The Acquisition office for the Wang Guard is NSA/31/Maryland Procurement Office, Ft. George G. Meade, MD. 2.1.2 Product Approval Authority The National Security Agency/31 Organization has the responsibility to serve as the Product Approval Authority for the Wang Guard. The Product Approval Authority is responsible for the technical evaluation of the Wang Guard. The Product Approval Authority s responsibilities are to: Conduct product test and evaluation of the Wang Guard; Provide guidance and expertise in the area of security evaluation and certification to enable the DISA and site accreditation authorities to properly conduct accreditation of the Wang Guard for operation; 2.1.3 DISA Accreditation Authority The Defense Information Systems Agency (DISA) DMS Program Office is responsible for serving as the overall accreditation authority for the system. DISA will make the final determination, in coordination with the site accreditation authority for granting or denying approval to operate the Wang Guard. 2.1.4 Site Accreditation Authority The site accreditation authority for the Wang Guard is responsible for the site-specific and operational considerations of the approval to operate decision. The site accreditation authority works with the DISA accreditation authority in the initial and final accreditation decisions to determine if the Wang Guard will be able to operate with an acceptable level of risk. It is each site s responsibility to form their own Security Test and Evaluation team. The ST&E team will plan, execute, and report on the site ST&E activities for the Wang Guard. 9 December 9, 1998

2.1.5 NSA Guard Program Management Office The National Security Agency/31 Organization has the responsibility to review and approve all plans, to observe, or (at their option) conduct tests for the Wang Guard. It is the Government s responsibility to conduct all security tests and other assurance activities. 2.1.6 Wang Government Services, Inc. Wang Government Services, Inc., hereafter referred to as Wang, is the prime contractor, and has primary responsibility for the development and testing of the Wang Guard, and to ensure it meets the requirements identified by the Government. The Wang development team performs module or unit and Computer Software Configuration Item integration testing. Wang is responsible for developing the acceptance and operational test plans and procedures, for performing the system, acceptance, and operational testing, and for writing the resulting test reports as required. Wang also supports the Government assurance activities, by providing materials, explanations, attendance at technical meetings, and on-site support as directed by the Government. 2.2 TS-300 Platform Evaluation The NSA supports the creation of secure computer products in varying stages of development from initial design to those that are commercially available. The Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) establishes specific requirements that a computer system must meet in order to achieve a predefined level of trustworthiness. To determine the division and class at which all requirements are meet by a system, the system must be evaluated against the TCSEC by a NSA, Trusted Product and Network Security Evaluation Team. After completion 30 10 December 9, 1998

2.3 Deployment Deployment of the Guard is done through coordination with NSA and the responsible site personnel. It is intended that the user sites would have the option of conducting their own Guard installation with appropriately trained personnel or would be able to make use of the site survey and installation services available through NSA. The responsible site personnel will contact NSA first in order to be placed into the Guard deployment schedule. At this point, a site survey will be conducted by a member of the installation team. If the site is not ready to receive a Guard, they will be provided with information necessary to prepare for installation and will take the steps required for the installation of a Guard. At this point the site personnel and installation team will coordinate their efforts and schedule a date for the installation of a Guard. The installation will include verification of proper operation, user training, and the establishment of a contact point and procedures for follow-on support. 2.4 Product Training Wang offers a course of instruction for the Wang DMS/DII Guard. This course supports the integration of the Wang DMS/DII Guard into the user environment and prepares users for subsequent operation of the Wang DMS/DII Guard. Course of instruction covers the following topics: Theory of operation of the Wang DMS/DII Guard; Connection of the Wang DMS/DII Guard to networks; Wang DMS/DII Guard start-up and initialization procedures; Wang DMS/DII Guard system administration procedures; Wang DMS/DII Guard security administration procedures; Wang DMS/DII Guard application administration procedures; Wang DMS/DII Guard preventive maintenance. Wang offers this course at either Wang s Herndon VA. Training facilities or at a customer specified location. Each session will be presented to a maximum of twelve (12) students. 11 December 9, 1998

3 DMS/DII Guard Functional Breakdown This section describes the features of each incremental release of the Guard. This covers functional improvements only; performance enhancements are covered above. 3.1 DMS/DII Guard.500 Functions Table 4-1 shows the Guard.500 functionality and relates each feature to the Guard release where it is supported. Table 4-3-1 DMS/DII Guard.500 Functions Function Feature 1.4.1 2.2.1 2.3.1 DAP Simple Authentication Strong Authentication Requester DN Check Performer DN Check Operations Filter Signed Operations Filter DSP Simple Authentication Strong Authentication Requester DN Check Performer DN Check Operations Filter Signed Operations Filter Directory Shadowing Simple Authentication Strong Authentication Network Address Validation Agreement ID Validation Consumer Initiated Agreements Supplier Initiated Agreements Context Prefix Check.500 and Filters Year 2KCompliant 12 December 9, 1998

3.2 DMS/DII Guard.400 Functions Table 4-2 shows the Guard.400 functionality and relates each feature to the Guard release where it is supported. Table 4-3-2 Guard.400 Functions Function Feature 1.4.1 2.2.1 2.3.1 Envelope Filter Originator O/R address Recipient O/R address Allow or deny DR s Simple Authentication MSP Filter MSP 3.0 ACP 120 (MSP 4.02) FFC Message Admittance Policy FFC Release Policy Encryption applied Non-Repudiation Signature Required Non-Repudiation Signature Authorization Sequence-Signature Authorization Release Authority Check Originator Range Classification Message Range Classification Message Content Filter Message Body Part Checks MISSI Management Protocol Validation Dirty Word Search Classification Label Checking Message Disposition Filter Sequence-Signature Generation MSP Sequence Signature Generation Non-DR Generation Rejection Message Generation.400 and Filters Year 2KCompliant 13 December 9, 1998

3.3 Guard SMTP Functions Table 4-3 shows the Guard SMTP functionality and relates each feature to the Guard release where it is supported. Table 4-3-3 Guard SMTP Functions Function Feature 1.4.1 2.2.1 2.3.1 Envelope Filter Originator Address Check Recipient Address Check Source Host Address Check Destination Host Address Check MSP Filter MSP 3.0 ACP 120 (MSP 4.02) FFC Message Admittance Policy FFC Release Policy Encryption applied Non-Repudiation Signature Required Non-Repudiation Signature Authorization Sequence-Signature Authorization Release Authority Check Originator Range Classification Message Range Classification Message Content Filter Message Attachments Classification Label Checking Dirty Word Searches ARM Validation Gateway Filter Remove MSP Remove Classification Labels Remove ARM Message Disposition Filter MSP Sequence Signature Generation Rejection Message Generation SMTP and Filters Year 2K Compliant 14 December 9, 1998

3.4 Wang DMS/DII Guard Performance Improvements Table 4-4 shows the Wang DMS/DII Guard performance functionality and relates each feature to the Wang DMS/DII Guard release where it is supported. Table 4-3-4 Wang DMS/DII Guard Performance Improvements Feature 1.4.1 2.2.1 2.3.1 Guard Application Elimination of Directory Search Multiple FORTEZZA Access Multiple Disk Drive Support STOP 4.4.3 Pentium 166 Single CPU 1 2 GB Hard Disk Hard Disk Transfer Rate 3MB/sec Network Interface Card 10BaseT STOP 5.0 Pentium II 333 MHz Single CPU Global Memory Pool Segment Size Improvement 4.5 9 GB Hard Disk Hard Disk Transfer Rate 40MB/sec Network Interface Card 10-100BaseT Synchronous SCSII Driver STOP 5.2 Improved Paging Algorithm Fast File System STOP Releases Year 2K Compliant 15 December 9, 1998

3.5 Wang DMS/DII Guard Year 2000 Compliance The Wang DMS/DII Guard Year 2000 (Y2K) Compliance Tables 4-5.1 and 4-5.2 are included below. Table 3-5 Y2K Compliance of DMS/DII Guard Software Elements DII Guard Software Components Release 1.4.1 6/1/98 Release 2.2 1/31/99 and beyond SAGE Compliant Compliant.400 FILTERS Compliant Compliant.500 FILTERS Compliant Compliant MSP LIBRARIES V3.0.1 Compliant Compliant MSP LIBRARIES V4.0.1 Compliant Compliant CI_LIBRARIES Compliant Compliant CONFIGURATION TOOL Compliant Compliant LOG ANALYZER TOOL Compliant Compliant CERT UPDATE TOOL Compliant Compliant NEOR MTA Non-Compliant Compliant OPENDIRECTORY DSA Compliant Compliant STOP Compliant Compliant CASS Compliant Compliant Table 3-6 Y2K Compliance of DMS/DII Guard Hardware Platform Options DMS/DII Guard Hardware Platform Options Release 1.4.1 6/1/98 Release 2.2 1/31/99 and beyond Compliant Pentium I 1-166 MHz Compliant Single CPU Pentium II Product Line NA Compliant 16 December 9, 1998

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information