http://www.military-information-technology.com/article.cfm?DocID=1027 By Patrick Chisholm July 25, 2005 To realize the Department of Defense's vision for the Global Information Grid (GIG), information assurance (IA) requirements include robust identity, authentication and privilege management, policy for dynamic access control, security management, and "persistence monitoring" or continual monitoring throughout the network, according to Daniel G. Wolf, the director of information assurance for the National Security Agency (NSA). Protecting information across the entire GIG is a top priority of NSA, which recently revised its IA roadmap for the GIG and continues to update it as technology advances. In doing so, NSA is working with the military services and DoD agencies to form alliances and validate the GIG IA program requirements, budget requirements and implementation strategy based on the architecture that NSA has proposed. To be sure, implementing the roadmap is a long-term project: the architectural plan for data sharing on the GIG is to be carried out over the next 15 to 20 years. The roadmap leverages the five tenets of IA: availability, integrity, authentication, confidentiality and non-repudiation. Essential components of the IA roadmap include: * Maintaining availability in an end-to-end encrypted "black core" environment that is "unforgeable" and "unspoofable." * Identity management, specifying people, objects (data and applications) and machines. * Privilege management, laying out the rights and privileges of users. * Dynamic access enforcement. * Mediated access between and among people, objects and machines based on identities and privileges. * Assured information sharing. * Underlying security management infrastructure. [...] _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jul 25 2005 - 22:58:43 PDT