Start building a trusted environment now... (before it s too late) IT Decision Makers



Similar documents
Trusted Network Connect (TNC)

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

Reducing the cost and complexity of endpoint management

Cloud Data Protection for the Masses

IoT Security Platform

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions

Cloud Computing Security Considerations

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

THE TOP 4 CONTROLS.

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

McAfee Security Architectures for the Public Sector

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Control your corner of the cloud.

VDI Security for Better Protection and Performance

Building Blocks Towards a Trustworthy NFV Infrastructure

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

Driving Company Security is Challenging. Centralized Management Makes it Simple.

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

SecureD Technical Overview

TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group

Ovation Security Center Data Sheet

Security challenges for internet technologies on mobile devices

Enhancing Organizational Security Through the Use of Virtual Smart Cards

UNCLASSIFIED Version 1.0 May 2012

Chapter 1: Introduction

Cybersecurity Health Check At A Glance

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Using BroadSAFE TM Technology 07/18/05

Full Drive Encryption Security Problem Definition - Encryption Engine

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

Windows Phone 8 Security Overview

STRONGER AUTHENTICATION for CA SiteMinder

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

The True Story of Data-At-Rest Encryption & the Cloud

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Hi and welcome to the Microsoft Virtual Academy and

Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES

WIND RIVER SECURE ANDROID CAPABILITY

SANS Institute First Five Quick Wins

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Microsoft Windows Server System White Paper

Certification Report

Secure Networks for Process Control

IoT Security Concerns and Renesas Synergy Solutions

Building A Secure Microsoft Exchange Continuity Appliance

Network/Cyber Security

Sygate Secure Enterprise and Alcatel

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

That Point of Sale is a PoS

Windows Embedded Security and Surveillance Solutions

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Meeting the Challenges of Virtualization Security

VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE

Realizing business flexibility through integrated SOA policy management.

ADDING STRONGER AUTHENTICATION for VPN Access Control

Addressing Cloud Computing Security Considerations

White paper. How to choose a Certificate Authority for safer web security

Cloud security architecture

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

How To Protect Your Network From Attack From A Network Security Threat

VIRTUALIZATION SECURITY OPTIONS: CHOOSE WISELY

Making Data Security The Foundation Of Your Virtualization Infrastructure

Windows 7. Qing Liu Michael Stevens

Technical Brief Distributed Trusted Computing

Active Network Defense: Real time Network Situational Awareness and a Single Source of Integrated, Comprehensive Network Knowledge

SANS Top 20 Critical Controls for Effective Cyber Defense

The Convergence of IT Security and Physical Access Control

DOBUS And SBL Cloud Services Brochure

Security Awareness Program Learning Objectives. By Aron Warren Last Update 6/29/2012

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy.

Payment Card Industry Data Security Standard

SECURITY: THE KEY TO AFFORDABLE UNMANNED AIRCRAFT SYSTEMS. By Alex Wilson, Director of Business Development, Aerospace and Defense

Injazat s Managed Services Portfolio

Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape

Gain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems

DeltaV System Cyber-Security

Attestation and Authentication Protocols Using the TPM

Enterprise Data Protection

Teradata and Protegrity High-Value Protection for High-Value Data

PCI Solution for Retail: Addressing Compliance and Security Best Practices

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

50331D Windows 7, Enterprise Desktop Support Technician (Windows 10 Curriculum)

Transcription:

YOU CAN T got HAP Start building a trusted environment now... IT Decision Makers (before it s too late) HAP reference implementations and commercial solutions are available now in the HAP Developer Kit. With a free Developer Kit you can begin piloting HAP at your agency or company and start building a safer environment. Technology Vendors HAP is the foundation for a new, radically safer computing environment. HAP opens a green field of opportunity for vendors to develop component technologies, enhance existing products and offer services that leverage and extend HAP standards. Request a HAP Developer Kit The HAP Program Management Office (PMO) is making HAP source code and documentation available at no cost to qualified organizations. To request a HAP Developer Kit for your agency or company, email the HAP PMO at hap@nsa.gov. What makes you think you can trust your computer? 50% of U.S. computers are now infected - up 66% since 2008 250,000 Attacks per year on DoD Information Systems 85% of businesses report at least one serious data breach each year $ 117,000,000,000 Annual cost of U.S. computer crime www.nsa.gov/hap hap@nsa.gov 410.854.4463

Establishing Trust Establishing trust used to be a lot easier. A handshake. A nod. A simple assurance from someone you know. But knowing who to trust in today s networked computing environment is a lot more challenging. Both government and industry have tried to keep up, but we re losing ground. Threats multiply even as our dependence on the network increases. Today s cybersecurity challenges require more than incremental enhancements to existing solutions. What s needed is nothing short of a revolutionary new foundation for secure computing. Transforming the Computing Environment The High Assurance Platform (HAP) program is a multi-year NSA effort to define a framework for the development of the "next generation" of secure computing platforms. The program couples emerging commercial-off-the-shelf security technologies with a variety of assurance techniques to establish standards that enable a transformation of the computing environment a new approach to security that reliably protects information, network and applications. A New Paradigm for Cybersecurity Unlike conventional cybersecurity solutions that assume devices are safe unless known threats are detected, HAP defines a new security paradigm that assumes devices cannot be trusted until hardware-based integrity measurement is used to confirm their safety. Key Capabilities of the High Assurance Platform Environment Embedded Security Module The fundamental core of trust in any HAP device - be it a desktop, laptop, server or other device - is the Embedded Security Module (ESM). The ESM provides hardware-based protection of cryptographic keys, stores measurements of device state and helps to prove to a third party that the device is trustworthy. Device Hardware Security The internal hardware in a HAP device is built from the ground up to strengthen the security of the computing environment. The HAP hardware memory partition provides a secure connection to the ESM to guard against unauthorized access and separation of resources to isolate different security domains. Software Measurement At boot time and at runtime, a HAP device measures software in a trusted manner before that software is allowed to execute. Separation of Domains HAP devices leverage the Device Hardware Security capabilities to provide secure separation of domains. Software can be run free from interference or threat from other software running in other domains on the same device. Remote Attestation When connecting to a network, a HAP device provides proof of its state to HAP network devices and servers, which can then make a determination about the trustworthiness of the HAP device and, based on that determination, allow access, quarantine or remediate the HAP device. Secure Central Administration HAP devices can be administered centrally through their entire lifecycle, enabling the secure provisioning, audit, identification, authentication, management and decommissioning of the HAP devices in enterprise environments. H A P Te c h n o l o g y G o a l s The HAP Program promotes commercial development of a broad range of HAP technologies, products and services focused on four key technology goals: Security A trusted, measured foundation for service and application infrastructures Manageability Centralized administration for the full enterprise lifecycle, including provisioning, audit, management and decommissioning Sharing Enforcement of information flow connections across domain boundaries Form Factor Support for diverse functionality across a broad range of form factors: desktops, laptops, servers and other devices

For Information Technology Decision Makers HAP Enhances Cybersecurity HAP measures and confirms device integrity to protect networks, information and applications. Hardware-based Trusted Computing defeats software attacks. HAP Technologies Create Savings Uses existing hardware HAP relies on the Trusted Computing Group s Trusted Platform Module (TPM) chip already on nearly all computers produced today. Affordable HAP can be deployed with commercial, off-the-shelf hardware and software. Reduces SWaP HAP-secured multi-level domain access enables desktop consolidation for a dramatic reduction in hardware and maintenance costs. Prevents costly security breaches with HAP, device integrity is assured for safe data, networks, and applications. Enhances Network Security HAP securely stores a device s measurements when it is in a known safe state. Before network access is granted, devices are re-measured and the current state is verified to be in a known, trusted state. Protects Data from External Threats HAP securely separates Virtual Machines. With HAP-assured domain isolation, Internet browsing can take place without exposing mission data and applications. Enables Multi-level Data Access HAP ensures secure Virtual Machine separation, so single workstations can safely access multiple security domains. Supports Ad-Hoc Communities of Interest HAP ensures domain separation and integrity verification, so secure online communities of interest can be quickly and easily established without additional hardware or software. Monitors Software Integrity Through ongoing Dynamic Root of Trust Measurement (DRTM), using hardware-based computing, HAP guards against malware and other threats in real-time.

Start Building Trust Now: A HAP Pilot in 3 Steps Implementing a HAP Pilot offers your enterprise early insight into a vastly more secure and operationally agile future. Commercial off-the-shelf, HAP-based trusted computing technology that s fully certified and accredited is available today to get started. Step 1: Request a HAP Developer Kit The HAP Developer Kit includes the information and guidance you need to make the case for trusted computing and the technical insight to know what to do with it. Step 2: Define a Realistic Trusted Computing Goal To be successful, start small. Define a modest trusted computing goal where the wins in greater cybersecurity, operational agility, secure virtualized desktops, and/or lower infrastructure costs will be readily apparent and the extrapolated value to the enterprise is large. Step 3: Build the Trusted Computing Proof Point Make no mistake: HAP is a paradigm shift. HAP technologies supplant existing desktops, switches, and routers with an interoperable trusted computing architecture. Identify or establish a suitably isolated sandbox where you can reach your goal. Purchase HAP-based technologies off-the-shelf where possible. Engage the HAP Technology Partner Program and knowledgeable HAP Consulting Partners where you need to, to help ensure success. Request a HAP Developer Kit Now The HAP Program Management Office (PMO) is making HAP source code and documentation available at no cost to qualified organizations. To request a HAP Developer Kit for your agency or company, email the HAP PMO at hap@nsa.gov. www.nsa.gov/hap hap@nsa.gov 410.854.4463

For Technology Vendors, Integrators, OEMs HAP Enhances Cybersecurity HAP measures and confirms device integrity to protect networks, information and applications. Hardware-based Trusted Computing defeats software attacks. New Market Opportunity HAP opens a green field of opportunity for vendors to develop component technologies and offer services that leverage and extend HAP-proven standards. An opportunity to improve existing solutions and bring to market a broad range of new, more secure solutions for the multi-billion dollar IT security market. High ROI High Demand HAP combines commercially available technologies with high assurance techniques to affordably deliver an unprecedented level of protection. Government agencies and businesses will find that HAP technologies create savings easily paying for themselves in improved security and infrastructure costs. Enhances Network Security HAP securely stores a device s measurements when it is in a known safe state. Before network access is granted, devices are re-measured and the current state is verified to be in a known, trusted state. Protects Data from External Threats HAP securely separates Virtual Machines. With HAP-assured domain isolation, Internet browsing can take place without exposing mission data and applications. Enables Multi-level Data Access HAP ensures secure Virtual Machine separation, so single workstations can safely access multiple security domains. Supports Ad-Hoc Communities of Interest HAP ensures domain separation and integrity verification, so secure online communities of interest can be quickly and easily established without additional hardware or software. Monitors Software Integrity Through ongoing Dynamic Root of Trust Measurement (DRTM), using hardware-based computing, HAP guards against malware and other threats in real-time.

HAP Reference Implementation Standards The HAP Program is utilizing industry standards and commercial and government best practices to define requirements for HAP components that comply with HAP reference implementation standards. The HAP PMO has identified several key technologies that can be used to develop HAP-compliant solution components. HAP key technologies include: Trusted boot code Trusted Platform Module/Mobile Platform Module Embedded hardware virtualization security Trusted I/O Secure virtualization software/hypervisor Trusted operating system Network access control Remote attestation software Network encryption Remote administration software Hard drive encryption Get Involved Don t miss your opportunity to shape the future of cybersecurity. Explore how you can incorporate HAP key technologies into your own solutions. The best way to get started is to request a HAP Developer Kit. Request a HAP Developer Kit Now The HAP Program Management Office (PMO) is making HAP source code and documentation available at no cost to qualified organizations. To request a HAP Developer Kit for your agency or company, email the HAP PMO at hap@nsa.gov. www.nsa.gov/hap hap@nsa.gov 410.854.4463

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information