1 / 17

Defense Information Systems Agency A Combat Support Agency

Defense Information Systems Agency A Combat Support Agency. DoD Mobility Security Snapshot 30 May 2012. Mr. Greg Youst DISA Chief Mobility Engineer. CTO Mobility Lead DISA/TO1A 1. UNCLASSIFIED // FOR OFFICIAL USE ONLY UNCLASSIFIED. Agenda. A Combat Support Agency

marlis
Download Presentation

Defense Information Systems Agency A Combat Support Agency

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DefenseInformationSystemsAgency ACombatSupportAgency DoDMobilitySecuritySnapshot 30May2012 Mr.GregYoust DISAChiefMobilityEngineer CTOMobilityLead DISA/TO1A1 UNCLASSIFIED//FOROFFICIALUSEONLY UNCLASSIFIED

  2. Agenda ACombatSupportAgency •DISAFSOandSTIGProcess – – – – FSOandSTIGOverview CurrentSTIGProcessandMobilityProblems NISTSP800-53ApproachtoSTIGDevelopment MobileTechnologySTIGDevelopmentPlans •ClassifiedMobility –BottomLineupFront –SecureMobilityConceptandPath –NSAMobilityProgram(ExcerptsfromNSAbrief) 2 UNCLASSIFIED

  3. MobilityObjective DoD MobileEnterprise ACombatSupportAgency DoDCIOVISION:Allowthewarfighterthepowertoconnecttotheinformation resourcestheyneedfromanydevice,anywhereintheworld. OUTCOME:TheDoDInformationEnterprisewillenableuserstoconnect,identify themselves,accessservices,findandshareinformation,andcollaborateas neededforthemissionathand. DISACTOVISION:Guideandsupportthedevelopmentofmobiledevices, infrastructure,applications/deliveryandmanagementrequiredtosupportthe DoDmobilityvision. Mobility Devices Infrastructure Applications Management UNCLASSIFIED 3

  4. Agenda ACombatSupportAgency •DISAFSOandSTIGProcess – – – – FSOandSTIGOverview CurrentSTIGProcessandMobilityProblems NISTSP800-53ApproachtoSTIGDevelopment MobileTechnologySTIGDevelopmentPlans •ClassifiedMobility –BottomLineupFront –SecureMobilityConceptandPath –NSAMobilityProgram(ExcerptsfromNSAbrief) 4 UNCLASSIFIED

  5. Agenda ACombatSupportAgency •DISAFSOandSTIGProcess – – – – FSOandSTIGOverview CurrentSTIGProcessandMobilityProblems NISTSP800-53ApproachtoSTIGDevelopment MobileTechnologySTIGDevelopmentPlans •ClassifiedMobility –BottomLineupFront –SecureMobilityConceptandPath –NSAMobilityProgram(ExcerptsfromNSAbrief) 5 UNCLASSIFIED

  6. UNCLASSIFIED WhoisDISAFSO? ACombatSupportAgency DefenseInformationSystemsAgency FieldSecurityOperations Mission: ResponsibleforenhancingavailabilityandsecurityoftheGlobalInformationGridbyensuringadherenceto InformationAssuranceandNETOPSPoliciesincludingdevelopmentofguidesandprocedures;trainingof CombatantCommands,subordinateandservicecomponents;implementationofstandardIAsolutions; formalcertificationreviewsandtrackingcompliancemetrics. Functions: Develop,ImplementandMaintainIASecurityGuidanceandProcesses.ConductFullScopeSecurity ReviewsandProvideAssistance.ProvideCertificationandAccreditationSupportandPerformasTheSingle CertifyingAuthorityforDISA.DevelopandImplementaNETOPSEvaluationandCertificationProgram. PerformComputerNetworkDefenseServiceProviderassessmentsandmakeCertification recommendations.ImplementSecurityArchitectureandInformationAssuranceTools.Developand distributeIATrainingProductsandProvideIATraining.Develop,Implement,andMaintainVulnerability ManagementSystems. 6 UNCLASSIFIED

  7. UNCLASSIFIED WhatisaSTIG? ACombatSupportAgency SecurityTechnicalImplementationGuide: •ACompendiumofDODPolicies,Security RegulationsandBestPracticesforSecuring anIAorIA-EnabledDevice(Operating System,Network,ApplicationSoftware,etc.) •AGuideforInformationSecurity •MandatedinDODD8500.1,DODI8500.2 •EndorsedbyCJCSI6510.01,AR25-2,and AFI33-202 GOALS •IntrusionAvoidance •IntrusionDetection •ResponseandRecovery •SecurityImplementationGuidance 7 UNCLASSIFIED

  8. UNCLASSIFIED STIGExample: OrganizationofaSmartphoneSTIG ACombatSupportAgency • • STIGconsistsofseveralproductSTIGsandassociatedsupportdocuments DraftAndroid2.2(Dell)STIG – – – – – – – MobileOSSTIG •Android2.2.2(Dell)productSTIG–XMLfile WirelessManagementServerSTIG •GoodMobilitySuite(Android2.2)STIG–XMLfile PolicySTIGs •GeneralWirelessPolicySTIG–XMLfile •SmartphonePolicySTIG–XMLfile •WirelessManagementServerPolicySTIG–XMLfile STIGOverview •ProvidesinformationfoundineverySTIGandanoverviewofanumberofimportanttopics regardingusingAndroiddevicesintheDoDenvironment. ReadMeFile •ListscontentoftheSTIGpackageandhowtoviewthexmlfiles. AndroidSTIGConfigurationTables •ListsrequiredandrecommendedAndroidsmartphoneandGoodMobilitySuitesettings. AndroidSTIGCheckCrossReferenceTable •ListsallapplicablesecuritycontrolsintheDoDVulnerabilityManagementSystem(VMS) databaseandshowsiftheyareapplicabletotheAndroidsmartphoneortotheGoodserver. 8 UNCLASSIFIED

  9. UNCLASSIFIED WhatProblemsexistwiththeCurrent STIGDevelopmentProcess? ACombatSupportAgency SecureProductDevelopment • • • Nomasterlistofallrequirementsforproducts Vendorsdonotknow,indetail,whatrequirementstheyhavetomeet. Notknowing“whentheyaredone” IAComplianceReporting • • • Determiningcompliancestatistics Inabilitytobeabletovalidatethatallrequirementsareaddressedincurrent checklists Inconsistentreportingoffindingsandcompliancestatus SecurityGuideDevelopment • • • • • • • HighDemandforNew&UpdatedSecurityGuidance Duplicationofrequirements Vague/GeneralguidanceinDoDIAControls Variousinterpretationsoftherequirements Requirementsnotwritteninameasurableformat Inconsistencyindocumentsfromdifferentsources ContentAuthorshavetointerpretthepoliciestodeterminewhatrequirementsthey havetoaddress.Notknowing“whentheyaredone” 9 UNCLASSIFIED

  10. UNCLASSIFIED Solvingtheproblem AnalyzePoliciesONCEfor eachProductFamilyto IdentifyRequirementsand ImplementationGuidance ACombatSupportAgency DoD Policy Security • • • • DoD8500Series IAVMs CTO’s SP800-53&CNSS1253 Requirement Guides and STIGs 4SecurityRequirementGuides AdditionalTechnologySRGs UnlimitedSTIGs • • • Publish 45,000+vulnerabilitiesand requirementsinVMS • Guidance •CJCSM&more OtherGuidalines •MobileIABest Practices •RiskAssessmentInfo Product Family Status •HighDemandforNew&UpdatedSecurity Guidance • • • • OperatingSystems Applications NetworkInfrastructure Non-Computing& •AutomatedProcesstoAuthorGuidance •DefineRequirementsonce,Usethemmanytimes Policy •Additional RequirementsProfiles •SavesTimeandAllowsforbetterResource Utilization 10 UNCLASSIFIED

  11. UNCLASSIFIED Future ACombatSupportAgency UNCLASSIFIED

  12. UNCLASSIFIED SRGtoSTIGHierarchy ACombatSupportAgency OperatingSystem NetworkSRG Application SRG Policy SRG SRG Mobile Application SRG Mobile PolicySRG MobileOS SRG MDMServer SRG iOS4 ISCG BlackBerry Handheld STIG Windows Phone6.5 STIG Android2.2 (Dell)STIG 12 UNCLASSIFIED

  13. UNCLASSIFIED Agenda ACombatSupportAgency •DISAFSOandSTIGProcess – – – – FSOandSTIGOverview CurrentSTIGProcessandMobilityProblems NISTSP800-53ApproachtoSTIGDevelopment MobileTechnologySTIGDevelopmentPlans •ClassifiedMobility –BottomLineupFront –SecureMobilityConceptandPath –NSAMobilityProgram(ExcerptsfromNSAbrief) UNCLASSIFIED

  14. BottomLineUpFront ACombatSupportAgency •DoDandCiviliancustomerswillcontinuetolosecapabilityforclassifiedmobile communicationsprovidedbytheSecteraandSME-PEDmobiledevicesdueto theeliminationofCSDservicebycommercialcellularcarriers CircuitSwitchedData (CSD)Infrastructure RetirementbyCarrier CSDserviceelimination ratesanddatesestimated basedonbestinformation fromcarriers(Jan2012) •DoDspentatleast$247,600,000onUnclassifiedmobileservices.DoDreliance onmobileusagecontinuestogrow,andFY12costsmayexceed$400,000,000 •CurrentperUserCostis$45-75permonthperdevice+BackOfficeCosts DoDMobilitySolutionmustaddressdiminishingsupportforcurrentClassified mobiletechnologyandrisingcostsforUnclassifiedmobilecommunications 14 UNCLASSIFIED

  15. MobilityEfforts ACombatSupportAgency FY11 FY12 FY13 FY14 FY15 DegradesasCircuitSwitched ServiceiseliminatedbyVendors SecureVoice SUNSET Current SME-PED Capability NSAFishbowl SecureData UnclassVoice UnclassData FUNDED NSA FUNDED Developmental(Modified CommercialPhoneforSecureVoice) MCEPUpgrade(Replaces CommercialCircuitSwitchedtransportto bridgeCapabilityGapforClassifiedVoice) EstablishmentofMobility, TransportInfrastructure& BSSsandOSSs (”MVNO”ServiceforImprovedSecureVoice& Data,. MDMSystem(DeliversOTA capability,technicalprovisioning,SIM Control&end-to-endconfigurationcontrol withMASforDevice-Awareend-point SecureVoice InteroperabilityforfullrangeSecureVoice SecureVoice Providesadegreeofsoftwareseparation SecureVoice SecureData 1CarrieraccessibleTransport1GovernmentTransportforVoiceandData UnclassData–ANDROIDSTIG–EEPilot GoodPilot DeviceAwareSecurityS/W PartialFunding UNFUNDED UNFUNDED 15 Services(applications) MDM/MAS UNCLASSIFIED

  16. SecureMobilityEnd-to-End Concept ACombatSupportAgency Operatesovercommercialwirelessnetworks 3G/4Gtechnologyforimprovedcustomerexperience CommercialmobiledevicesBuiltonopenstandards DoDMobilityEnterprise(secure)Platform SecurityServices (SIM,Device, Network) Mobile Web/App Clients Device& NetworkMgt &Security Secure Services& Applications Customer Service& VOIP Email Chat Calendar Mobile Apps Enterprise Integration Technical Support UNCLASSIFIED 16

  17. UNCLASSIFIED//FOROFFICIALUSEONLY MobileSecurity DevelopmentPath ACombatSupportAgency Continued Development Secure VoIP Web Data Tablet Wi-Fi Enterprise Data CapabilityIntegration CapabilityIntegration CapabilityIntegration CommercialSolutions Basedonopen standards&NSA Architecture/Guidance SDES/DTLS-SRTP MobilePolicy Encrypted TrustedOS BareMetal VoIPAPP Enforcement SDCards(Cryptr)(SEAndroid) Hypervisor MobileDevice Management UNCLASSIFIED 17

More Related