Defense
This presentation is the property of its rightful owner.
Sponsored Links
1 / 17

Defense Information Systems Agency A Combat Support Agency PowerPoint PPT Presentation


  • 63 Views
  • Uploaded on
  • Presentation posted in: General

Defense Information Systems Agency A Combat Support Agency. DoD Mobility Security Snapshot 30 May 2012. Mr. Greg Youst DISA Chief Mobility Engineer. CTO Mobility Lead DISA/TO1A 1. UNCLASSIFIED // FOR OFFICIAL USE ONLY UNCLASSIFIED. Agenda. A Combat Support Agency

Download Presentation

Defense Information Systems Agency A Combat Support Agency

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Defense information systems agency a combat support agency

DefenseInformationSystemsAgency

ACombatSupportAgency

DoDMobilitySecuritySnapshot

30May2012

Mr.GregYoust

DISAChiefMobilityEngineer

CTOMobilityLead

DISA/TO1A1

UNCLASSIFIED//FOROFFICIALUSEONLY

UNCLASSIFIED


Defense information systems agency a combat support agency

Agenda

ACombatSupportAgency

•DISAFSOandSTIGProcess

FSOandSTIGOverview

CurrentSTIGProcessandMobilityProblems

NISTSP800-53ApproachtoSTIGDevelopment

MobileTechnologySTIGDevelopmentPlans

•ClassifiedMobility

–BottomLineupFront

–SecureMobilityConceptandPath

–NSAMobilityProgram(ExcerptsfromNSAbrief)

2

UNCLASSIFIED


Defense information systems agency a combat support agency

MobilityObjective

DoD MobileEnterprise

ACombatSupportAgency

DoDCIOVISION:Allowthewarfighterthepowertoconnecttotheinformation

resourcestheyneedfromanydevice,anywhereintheworld.

OUTCOME:TheDoDInformationEnterprisewillenableuserstoconnect,identify

themselves,accessservices,findandshareinformation,andcollaborateas

neededforthemissionathand.

DISACTOVISION:Guideandsupportthedevelopmentofmobiledevices,

infrastructure,applications/deliveryandmanagementrequiredtosupportthe

DoDmobilityvision.

Mobility

Devices

Infrastructure

Applications

Management

UNCLASSIFIED

3


Defense information systems agency a combat support agency

Agenda

ACombatSupportAgency

•DISAFSOandSTIGProcess

FSOandSTIGOverview

CurrentSTIGProcessandMobilityProblems

NISTSP800-53ApproachtoSTIGDevelopment

MobileTechnologySTIGDevelopmentPlans

•ClassifiedMobility

–BottomLineupFront

–SecureMobilityConceptandPath

–NSAMobilityProgram(ExcerptsfromNSAbrief)

4

UNCLASSIFIED


Defense information systems agency a combat support agency

Agenda

ACombatSupportAgency

•DISAFSOandSTIGProcess

FSOandSTIGOverview

CurrentSTIGProcessandMobilityProblems

NISTSP800-53ApproachtoSTIGDevelopment

MobileTechnologySTIGDevelopmentPlans

•ClassifiedMobility

–BottomLineupFront

–SecureMobilityConceptandPath

–NSAMobilityProgram(ExcerptsfromNSAbrief)

5

UNCLASSIFIED


Defense information systems agency a combat support agency

UNCLASSIFIED

WhoisDISAFSO?

ACombatSupportAgency

DefenseInformationSystemsAgency

FieldSecurityOperations

Mission:

ResponsibleforenhancingavailabilityandsecurityoftheGlobalInformationGridbyensuringadherenceto

InformationAssuranceandNETOPSPoliciesincludingdevelopmentofguidesandprocedures;trainingof

CombatantCommands,subordinateandservicecomponents;implementationofstandardIAsolutions;

formalcertificationreviewsandtrackingcompliancemetrics.

Functions:

Develop,ImplementandMaintainIASecurityGuidanceandProcesses.ConductFullScopeSecurity

ReviewsandProvideAssistance.ProvideCertificationandAccreditationSupportandPerformasTheSingle

CertifyingAuthorityforDISA.DevelopandImplementaNETOPSEvaluationandCertificationProgram.

PerformComputerNetworkDefenseServiceProviderassessmentsandmakeCertification

recommendations.ImplementSecurityArchitectureandInformationAssuranceTools.Developand

distributeIATrainingProductsandProvideIATraining.Develop,Implement,andMaintainVulnerability

ManagementSystems.

6

UNCLASSIFIED


Defense information systems agency a combat support agency

UNCLASSIFIED

WhatisaSTIG?

ACombatSupportAgency

SecurityTechnicalImplementationGuide:

•ACompendiumofDODPolicies,Security

RegulationsandBestPracticesforSecuring

anIAorIA-EnabledDevice(Operating

System,Network,ApplicationSoftware,etc.)

•AGuideforInformationSecurity

•MandatedinDODD8500.1,DODI8500.2

•EndorsedbyCJCSI6510.01,AR25-2,and

AFI33-202

GOALS

•IntrusionAvoidance

•IntrusionDetection

•ResponseandRecovery

•SecurityImplementationGuidance

7

UNCLASSIFIED


Defense information systems agency a combat support agency

UNCLASSIFIED

STIGExample:

OrganizationofaSmartphoneSTIG

ACombatSupportAgency

STIGconsistsofseveralproductSTIGsandassociatedsupportdocuments

DraftAndroid2.2(Dell)STIG

MobileOSSTIG

•Android2.2.2(Dell)productSTIG–XMLfile

WirelessManagementServerSTIG

•GoodMobilitySuite(Android2.2)STIG–XMLfile

PolicySTIGs

•GeneralWirelessPolicySTIG–XMLfile

•SmartphonePolicySTIG–XMLfile

•WirelessManagementServerPolicySTIG–XMLfile

STIGOverview

•ProvidesinformationfoundineverySTIGandanoverviewofanumberofimportanttopics

regardingusingAndroiddevicesintheDoDenvironment.

ReadMeFile

•ListscontentoftheSTIGpackageandhowtoviewthexmlfiles.

AndroidSTIGConfigurationTables

•ListsrequiredandrecommendedAndroidsmartphoneandGoodMobilitySuitesettings.

AndroidSTIGCheckCrossReferenceTable

•ListsallapplicablesecuritycontrolsintheDoDVulnerabilityManagementSystem(VMS)

databaseandshowsiftheyareapplicabletotheAndroidsmartphoneortotheGoodserver.

8

UNCLASSIFIED


Defense information systems agency a combat support agency

UNCLASSIFIED

WhatProblemsexistwiththeCurrent

STIGDevelopmentProcess?

ACombatSupportAgency

SecureProductDevelopment

Nomasterlistofallrequirementsforproducts

Vendorsdonotknow,indetail,whatrequirementstheyhavetomeet.

Notknowing“whentheyaredone”

IAComplianceReporting

Determiningcompliancestatistics

Inabilitytobeabletovalidatethatallrequirementsareaddressedincurrent

checklists

Inconsistentreportingoffindingsandcompliancestatus

SecurityGuideDevelopment

HighDemandforNew&UpdatedSecurityGuidance

Duplicationofrequirements

Vague/GeneralguidanceinDoDIAControls

Variousinterpretationsoftherequirements

Requirementsnotwritteninameasurableformat

Inconsistencyindocumentsfromdifferentsources

ContentAuthorshavetointerpretthepoliciestodeterminewhatrequirementsthey

havetoaddress.Notknowing“whentheyaredone”

9

UNCLASSIFIED


Defense information systems agency a combat support agency

UNCLASSIFIED

Solvingtheproblem

AnalyzePoliciesONCEfor

eachProductFamilyto

IdentifyRequirementsand

ImplementationGuidance

ACombatSupportAgency

DoD Policy

Security

DoD8500Series

IAVMs

CTO’s

SP800-53&CNSS1253

Requirement

Guides

and

STIGs

4SecurityRequirementGuides

AdditionalTechnologySRGs

UnlimitedSTIGs

Publish

45,000+vulnerabilitiesand

requirementsinVMS

Guidance

•CJCSM&more

OtherGuidalines

•MobileIABest

Practices

•RiskAssessmentInfo

Product Family

Status

•HighDemandforNew&UpdatedSecurity

Guidance

OperatingSystems

Applications

NetworkInfrastructure

Non-Computing&

•AutomatedProcesstoAuthorGuidance

•DefineRequirementsonce,Usethemmanytimes

Policy

•Additional

RequirementsProfiles

•SavesTimeandAllowsforbetterResource

Utilization

10

UNCLASSIFIED


Defense information systems agency a combat support agency

UNCLASSIFIED

Future

ACombatSupportAgency

UNCLASSIFIED


Defense information systems agency a combat support agency

UNCLASSIFIED

SRGtoSTIGHierarchy

ACombatSupportAgency

OperatingSystem

NetworkSRG

Application SRG

Policy SRG

SRG

Mobile

Application

SRG

Mobile

PolicySRG

MobileOS

SRG

MDMServer

SRG

iOS4 ISCG

BlackBerry

Handheld

STIG

Windows

Phone6.5

STIG

Android2.2

(Dell)STIG

12

UNCLASSIFIED


Defense information systems agency a combat support agency

UNCLASSIFIED

Agenda

ACombatSupportAgency

•DISAFSOandSTIGProcess

FSOandSTIGOverview

CurrentSTIGProcessandMobilityProblems

NISTSP800-53ApproachtoSTIGDevelopment

MobileTechnologySTIGDevelopmentPlans

•ClassifiedMobility

–BottomLineupFront

–SecureMobilityConceptandPath

–NSAMobilityProgram(ExcerptsfromNSAbrief)

UNCLASSIFIED


Defense information systems agency a combat support agency

BottomLineUpFront

ACombatSupportAgency

•DoDandCiviliancustomerswillcontinuetolosecapabilityforclassifiedmobile

communicationsprovidedbytheSecteraandSME-PEDmobiledevicesdueto

theeliminationofCSDservicebycommercialcellularcarriers

CircuitSwitchedData

(CSD)Infrastructure

RetirementbyCarrier

CSDserviceelimination

ratesanddatesestimated

basedonbestinformation

fromcarriers(Jan2012)

•DoDspentatleast$247,600,000onUnclassifiedmobileservices.DoDreliance

onmobileusagecontinuestogrow,andFY12costsmayexceed$400,000,000

•CurrentperUserCostis$45-75permonthperdevice+BackOfficeCosts

DoDMobilitySolutionmustaddressdiminishingsupportforcurrentClassified

mobiletechnologyandrisingcostsforUnclassifiedmobilecommunications

14

UNCLASSIFIED


Defense information systems agency a combat support agency

MobilityEfforts

ACombatSupportAgency

FY11

FY12

FY13

FY14

FY15

DegradesasCircuitSwitched

ServiceiseliminatedbyVendors

SecureVoice

SUNSET

Current

SME-PED

Capability

NSAFishbowl

SecureData

UnclassVoice

UnclassData

FUNDED

NSA

FUNDED

Developmental(Modified

CommercialPhoneforSecureVoice)

MCEPUpgrade(Replaces

CommercialCircuitSwitchedtransportto

bridgeCapabilityGapforClassifiedVoice)

EstablishmentofMobility,

TransportInfrastructure&

BSSsandOSSs

(”MVNO”ServiceforImprovedSecureVoice&

Data,.

MDMSystem(DeliversOTA

capability,technicalprovisioning,SIM

Control&end-to-endconfigurationcontrol

withMASforDevice-Awareend-point

SecureVoice

InteroperabilityforfullrangeSecureVoice

SecureVoice

Providesadegreeofsoftwareseparation

SecureVoice

SecureData

1CarrieraccessibleTransport1GovernmentTransportforVoiceandData

UnclassData–ANDROIDSTIG–EEPilot

GoodPilot

DeviceAwareSecurityS/W

PartialFunding

UNFUNDED

UNFUNDED

15

Services(applications)

MDM/MAS

UNCLASSIFIED


Defense information systems agency a combat support agency

SecureMobilityEnd-to-End

Concept

ACombatSupportAgency

Operatesovercommercialwirelessnetworks

3G/4Gtechnologyforimprovedcustomerexperience

CommercialmobiledevicesBuiltonopenstandards

DoDMobilityEnterprise(secure)Platform

SecurityServices

(SIM,Device,

Network)

Mobile

Web/App

Clients

Device&

NetworkMgt

&Security

Secure

Services&

Applications

Customer

Service&

VOIP

Email

Chat

Calendar

Mobile

Apps

Enterprise

Integration

Technical

Support

UNCLASSIFIED

16


Defense information systems agency a combat support agency

UNCLASSIFIED//FOROFFICIALUSEONLY

MobileSecurity

DevelopmentPath

ACombatSupportAgency

Continued

Development

Secure

VoIP

Web

Data

Tablet

Wi-Fi

Enterprise

Data

CapabilityIntegration

CapabilityIntegration

CapabilityIntegration

CommercialSolutions

Basedonopen

standards&NSA

Architecture/Guidance

SDES/DTLS-SRTP

MobilePolicy

Encrypted

TrustedOS

BareMetal

VoIPAPP

Enforcement

SDCards(Cryptr)(SEAndroid)

Hypervisor

MobileDevice

Management

UNCLASSIFIED

17


  • Login