Panel Discussion: Evolving DoD Security Requirements for Cloud

Similar documents

Defending DoD Missions in the Commercial Cloud

Enterprises and OEMs. Securing identity and access.

Tank Level GPRS/GSM Wireless Monitoring System Solutions

Load Balancing Algorithm Based on QoS Awareness Applied in Wireless Networks

DoD Cloud Computing Security Requirements Guide (SRG) Overview

Incorporating Statistical Process Control and Statistical Quality Control Techniques into a Quality Assurance Program

Contents Stochastic Ray Tracing

DEPARTMENT OF DEFENSE CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE. REVISION HISTORY For Version 1, Release March, 2016

Before attempting to connect or operate this product, please read these instructions carefully and save this manual for future use.

Reputation Management for DHT-based Collaborative Environments *

Additional File 1 - A model-based circular binary segmentation algorithm for the analysis of array CGH data

2014 Defense Health Information Technology Symposium Cloud Computing in the Defense Health Agency

DEPARTMENT OF DEFENSE (DoD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release January 2015

THE NAVAJO NATION Department of Personnel Management JOB VACANCY ANNOUNCEMENT INFORMATION SYSTEMS TECHNICIAN

How To Write A Storybook

DISA releases updated DoD Cloud Requirements What are the impacts? James Leach January 2015

Aegis Identity Software, Inc. Experts in Identity Management 100% Focused on Education

NETWORK SERVICES (NS/NSC) ENTERPRISE CONNECTION DIVISION DEFENSE INFORMATION SYSTEMS NETWORK (DISN) CONNECTION PROCESS GUIDE (CPG)

Cyber Situational Awareness - Big Data Solution

is knowing the car market inside out.

ISSeG EGEE07 Poster Ideas for Edinburgh Brainstorming

Bending Stresses for Simple Shapes

Cloud Security. A Sales Guy Talks About DoD s Cautious Journey to the Public Cloud. Sean Curry Sales Executive, Aquilent

Swisscom Cloud Strategy & Services

Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC)

Palliative Care Collaborative: 8th Annual Regional Conference

Coverage Assessment and Target Tracking in 3D Domains

Bank Incentives, Economic Specialization, and Financial Crises in Emerging Economies

How To Improve The Defense Communications System

U.S. DEPARTMENT OF ENERGY OFFICE OF CIVILIAN RADIOACTIVE WASTE MANAGEMENT PRESENTATION TO THE NUCLEAR WASTE TECHNICAL REVIEW BOARD

Joint Information Environment Single Security Architecture (JIE SSA)

IT Update - August 2006

Porametr Leegomonchai North Carolina State University Raleigh, NC and

Preface. P.1 Purpose. P.3 Authority. P.4 References. Procedures for Performing a Failure Modes, Effects, and Criticality

DATAPLAY: Mapping Game Mechanics to Traditional Data Visualization

700 EN S e r i e s

An AnyLogic Simulation Model for Power and Performance Analysis of Data Centres

DoD ENTERPRISE CLOUD SERVICE BROKER CLOUD SECURITY MODEL

Keywords: Transportation network, Hazardous materials, Risk index, Routing, Network optimization.

Introduction CONTENT. - Whitepaper -

Moving Securely Around Space: The Case of ESA

DoD Cybersecurity Discipline Implementation Plan October 2015 Amended February 2016

HEAT TRANSFER ANALYSIS OF LNG TRANSFER LINE

DEGRADATION MODEL OF BREAST IMAGING BY DISPERSED RADIATION

) of the Cell class is created containing information about events associated with the cell. Events are added to the Cell instance

POLL OF LIKELY 2016 VOTERS

Effective September 2015

Contents. Presentation contents: Basic EDI dataflow in Russia. eaccounting for HR and Payroll. eaccounting in a Cloud

SYSTEMS & SERVICES VENDOR PROGRAMS SPECIALTY MARKET PROGRAMS BE A SPECIALIST OR REFER A SPECIALIST

INVESTIGATION OF VEHICULAR USERS FAIRNESS IN CDMA-HDR NETWORKS

AWS Worldwide Public Sector

Improving the security of EAP-EHash authentication method

DISA and the Evolving DoD Enterprise

RED HAT ENTERPRISE LINUX 6 SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) OVERVIEW. Version 1, Release July 2015

ANALYSIS OF ORDER-UP-TO-LEVEL INVENTORY SYSTEMS WITH COMPOUND POISSON DEMAND

UNCLASSIFIED. Trademark Information

DEFINING %COMPLETE IN MICROSOFT PROJECT

Facts About Chronc Fatgu Syndrom - sample thereof

The Greedy Method. Introduction. 0/1 Knapsack Problem

Sale Mode Choice of Product Extended Warranty based on the Service Level

Superconducting gravimeter calibration by co-located gravity observations results from GWR C025

A Newer Secure Communication, File Encryption and User Identification based Cloud Security Architecture

Part 2 - Notes on how to complete your application form

Optimization of network mesh topologies and link capacities for congestion relief

DISA Testing Services for the Enterprise. Luanne Overstreet

UNIVERSITÀ DEGLI STUDI DI NAPOLI FEDERICO II

VOLUME 5 SECTION 1 STANDARDS FOR EDUCATIONAL INSTITUTIONS

A Novel Lightweight Algorithm for Secure Network Coding

Logical Development Of Vogel s Approximation Method (LD-VAM): An Approach To Find Basic Feasible Solution Of Transportation Problem

Financial Mathemetics

The Can-Order Policy for One-Warehouse N-Retailer Inventory System: A Heuristic Approach

IT09 - Identity Management Policy

Events and Constraints: A Graphical Editor for Capturing Logic Requirements of Programs

Mark S. Orndorff Director, Mission Assurance and NetOps

A Secure Password-Authenticated Key Agreement Using Smart Cards

Reach Versus Competition in Channels with Internet and Traditional Retailers

What should go to the Cloud and When. What should NOT go to the Cloud and Why

No 28 Xianning West Road, Xi an No 70 Yuhua East Road, Shijiazhuang.

(Semi)Parametric Models vs Nonparametric Models

An Broad outline of Redundant Array of Inexpensive Disks Shaifali Shrivastava 1 Department of Computer Science and Engineering AITR, Indore

An RFID Distance Bounding Protocol

"Research Note" APPLICATION OF CHARGE SIMULATION METHOD TO ELECTRIC FIELD CALCULATION IN THE POWER CABLES *

Mission Partner Environment DISA Multinational Information Sharing

Anna-Maija Juuso. CYBERSECURITY INVESTMENT AND INFORMATION SHARING An Analysis of the Economic Incentives of Private Critical Infrastructure Providers

Capacity-building and training

A New replenishment Policy in a Two-echelon Inventory System with Stochastic Demand

A Combat Support Agency

A Novel Methodology of Working Capital Management for Large. Public Constructions by Using Fuzzy S-curve Regression

Transcription:

Unclassfd Panl Dscusson: Evolvng DoD Scuty Rqumnts fo Cloud Rog S. Gnwll Chf, Cybscuty 29 Januay 2015

Balancng Scuty and Rsk Unclassfd Govnmnt Pvat Cloud (DoD ntgatd and opatd commcal tchnology) On-pms (DoD Ntwok & Faclts) Commcal Pvat Cloud (Commcally ntgatd and opatd) Scuty Cost Commcal Pvat/Communty Cloud (Fdal nants Only) Commcal Mult-nant Cloud (Communty and Publc) $$$ $ - + Innovaton Aglty/Spd Command and Contol / Stuatonal Awanss Off-pms (Commcal Faclts) Goal: Impov lvagng of commcal capablts and ffcncs whl nablng ffctv sk managmnt + - 26 JAN 2015-0015 2

Unclassfd Cloud Scuty Contols Ronald S. Rc Cyb Standads Banch (RE71) 29 Januay 2015

Infomaton Impact Lvls Unclassfd Infomaton Impact Lvl - h combnaton of: 1) h snstvty of th nfomaton to b stod and/o pocssd n th cloud; and 2) h potntal mpact of an vnt that sults n th loss of confdntalty, ntgty o avalablty of that nfomaton Cloud Computng SRG dfns 4 Infomaton Impact Lvls Cloud Scuty Modl (CSM) dfnd 6 Infomaton Impact Lvls Smplfs Impact Lvl slcton and capablty matchng Lvls 1 and 3 hav bn olld up wth th nxt hgh lvl Lvls dsgnatd as Lvl 2, 4, 5, 6 fo consstncy wth th old CSM 25 JAN 2015 -- 1645 4

Scuty and Pvacy Contols Unclassfd FdRAMP v2 contols sv as mnmum basln fo any authozaton DoD FdRAMP+ contols basd on a CNSSI 1253 catgozaton of M-M-x: Modat Confdntalty (M), Modat Intgty (M), Avalablty (x) Avalablty addssd n th contact/sla basd on msson own qumnts CNSSI 1253 (2014) M-M-x Basln NIS SP 800-53 v4 Modat Basln PLUS CNSS talod C/CEs FdRAMP v2, Modat Basln NIS SP 800-53 v4 Modat Basln PLUS FdRAMP talod C/CEs CNSSI 1253 & FdRAMP baslns compad to dv DoD s FdRAMP+ C/CEs Supplmntal Contol Rqumnts CNSSI 1253 Pvacy Ovlay (whn publshd) s nvokd f PII/PHI s nvolvd NIS SP 800-53 v4 Pvacy contols plus supplmntal contol gudanc CNSSI 1253 Classfd Ovlay s nvokd at Lvl 6 25 JAN 2015 -- 1645 5

Ky Scuty Rqumnts Unclassfd IMPAC LEVEL INFORMAION SENSIIVIY SECURIY CONROLS LOCAION OFF-PREMISES CONNECIVIY SEPARAION PERSONNEL REQUIREMENS 2 PUBLIC o Non-ctcal Msson Infomaton FdRAMP v2 Modat US / US outlyng aas o DoD on-pmss o AO authozd locatons Intnt Vtual / Logcal PUBLIC COMMUNIY Natonal Agncy Chck and Inqus (NACI) 4 5 CUI o Non-CUI Ctcal Msson Infomaton Non-Natonal Scuty Systms Hgh Snstvty CUI Natonal Scuty Systms Lvl 2 + CUI-Spcfc alod St Lvl 4 + NSS & CUI- Spcfc alod St US / US outlyng aas o DoD on-pmss o AO authozd locatons US / US outlyng aas o DoD on-pmss NIPRNt va CAP NIPRNt va CAP Vtual / Logcal PUBLIC COMMUNIY Stong Vtual Spaaton Btwn nant Systms & Infomaton Vtual / Logcal FEDERAL GOV. COMMUNIY Ddcatd Infastuctu ADP-1 Sngl Scop Backgound Invstgaton (SSBI) ADP-2 Natonal Agncy Chck wth Law and Cdt (NACLC) Non-Dsclosu Agmnt (NDA) 6 Classfd SECRE Natonal Scuty Systms Lvl 5 + Classfd Ovlay US / US outlyng aas o DoD on-pmss CLEARED / CLASSIFIED FACILIIES SIPRNE va CAP Vtual / Logcal FEDERAL GOV. COMMUNIY Ddcatd Infastuctu Favoably Adjudcatd SSBI SECRE Claanc NDA 25 JAN 2015 -- 1645 6

Unclassfd Cloud Comput Ntwok Dfns () Robt J. Mawhnny Chf, Effctvnss Banch (RE61) 29 Januay 2015

Bounday Povds Unclassfd USCYBERCOM JFHQ-DODIN CP JCC / CCMD DISA DCC DNC CONUS - - - - - - - - - - - CAP SPs USCYBERCOM JFHQ-DODIN CP Bounday (B) JCC / CCMD 1 US- CER DISA DCC DNC CONUS - - - - - - - - - - - CAP SPs Msson (C2+Ops) Bounday (B) 1 2 Ods LEGEND Data Shang Data Flow/Rpotng Msson Owns Mssons Contan 3 25 JAN 2015 -- 1645 8

Msson Povds Unclassfd USCYBERCOM JFHQ-DODIN CP JCC / CCMD Msson (C2+Ops) 2 US- CER DISA DCC DNC CONUS - - - - - - - - - - - CAP SPs Msson (C2+Ops) Bounday (B) 1 2 Ods LEGEND Data Shang Data Flow/Rpotng Msson Owns Mssons Contan 3 25 JAN 2015 -- 1645 9

Msson Owns / s Unclassfd Msson Owns Mssons Contan 3 US- CER DISA DCC DNC CONUS - - - - - - - - - - - CAP SPs Msson (C2+Ops) USCYBERCOM JFHQ-DODIN CP Bounday (B) JCC / CCMD 1 2 Ods LEGEND Data Shang Data Flow/Rpotng Msson Owns Mssons Contan 3 25 JAN 2015 -- 1645 10

Conncton Managmnt Unclassfd DISN Conncton Appoval Offc Mantans th Conncton Pocss Gud (CPG) to stablsh scu, ddcatd conncton to Cloud Svc Offng Assus DoD Cloud Accss Pont (CAP) s stablshd as pat of ssung Authoty to Connct Assus Impact Lvl consdatons appopat to th conncton typ Mantans a gsty of all cloud opatons fo puposs Conncton Appoval US- CER DISA DCC DNC CONUS - - - - - - - - - - - CAP SPs Msson (C2+Ops) Msson Owns Mssons Contan USCYBERCOM JFHQ-DODIN Bounday (B) CP JCC / CCMD 1 2 3 25 JAN 2015 -- 1645 11

Unclassfd Cloud Accss Pont (CAP) Pt. Dnsmo Rsk chnology Excutv (RE) 29 Januay 2015

Impact Lvl 4/5 Achtctu Unclassfd Potcts th DoDIN Conncton at Lvls 4+5 Povds Bounday Functons/Capablts Extnds th DMZ achtctu Intnt DoD Intnt Accss Pont (IAP) Lvl 4/5 s Conncton Cloud Accss Pont (CAP) Potct applcatons xcutng n th cloud fom malcous actvty Intnt Us NIPRNt Us NIPRNt Potct th DoDIN fom malcous actvty occung n th cloud 25 JAN 2015 -- 1750 13

Impact Lvl 2 Achtctu Unclassfd Intnt basd uss connct to Lvl 2 s va dct Intnt Accss Lvl 2 s Intnt Connctvty lvags Intnt connctvty Intnt Us DoD Intnt Accss Pont (IAP) NIPRNt uss connct to Lvl 2 s va th DoD IAPs NIPRNt Us NIPRNt 25 JAN 2015 -- 1750 14

Lvl 4/5 s On-pms vs. Off-pms Intnt Us Lvl 4/5 s Unclassfd NIPR Conncton On-Pms Intnal CAP (ICAP) Intnt DoD Intnt Accss Pont (IAP) Pvat anspot Off-Pms Bounday CAP (BCAP) Mt M Ponts (MMP) wll suppot multpl s On-pms (DoD B/P/C/S) connctvty va Intnal CAP (DoD Ddcatd Offngs) NIPRNt Us NIPRNt Off-pms connctvty though Bounday CAP 25 JAN 2015 -- 1750 15

ELEMENS OF Intuson Dtcton/Pvnton Systm (IDPS) Fwall Capablts Entps Infomaton Assuanc Enclav Scuty Intnt Us Infastuctu vs. Msson s a shad sponsblty btwn DISA, th, povds, and Msson Owns Intnt DoD Intnt Accss Pont (IAP) Lvl 4 / 5 s Msson Own (VPC) Conncton Cloud Accss Pont (CAP) Unclassfd Applcaton Potcton Loggng and Analyss NIPRNt Us NIPRNt 25 JAN 2015 -- 1750 16

CAP Pocss and Pocdus Unclassfd Conncton of a msson systm to th DoDIN va an ICAP o BCAP wll b appovd and codd by th DISA Conncton Appoval Offc n accodanc wth nomal conncton appoval pocdus Intal connctons (physcal o vtual) to a s ntwok wll occu dung onboadng of th s fst Msson Own custom. Addtonal connctons wll b mad o capacty wll b scald as mo Msson Owns us th gvn. 25 JAN 2015 -- 1750 17

Untd n Svc to Ou Naton Unclassfd 26 JAN 2015-0015 18