Points of Contact
Defense-wide Information Assurance Program:
DIAP Staff (703) 602-6995
NSA Linda Kriner, Teri Wagner (410) 854-6146
Computer
Network Defense:
ASD(C3I)(IA) Gus Guissanie (703) 614-6132
Public
Key Infrastructure and Public Key Enabling of Applications:
Definitions &
Terms
Active Network
Defense
Development and sustainment of the training, tactics, techniques, tools,
technologies and procedures to safeguard, defend and sustain information
systems and networks. Some Active
Network Defense measures may overlap what has been generally defined as
Computer Network Attack and Computer Network Exploitation.
Attack Sensing
and Warning
The detection, correlation,
identification and characterization of cyber attacks across a large spectrum
coupled with the notification to command and decision makers so that an
appropriate response can be developed.
Attack sensing and warning also includes attack/intrusion related intelligence
collection tasking and dissemination; limited immediate response
recommendations; and limited potential impact assessments.
Computer Security (COMSEC)
Monitoring
- Operational force protection, monitoring, and general support necessary to
improve information systems security posture through cooperative examination of
U.S. Government telecommunications to identify and help counter vulnerabilities
which can be exploited by adversary signals intelligence efforts.
Computer
Network Defense (CND) Those Defense-wide actions taken pursuant to legal authority to
protect, monitor, analyze, detect and respond to unauthorized activity within
DoD information systems and computer networks. CND protection activity is a
subset of information assurance protection activity and includes deliberate actions
taken to modify an assurance configuration or condition in response to a CND
alert or threat information.
Monitoring, analysis, and detection activities, including trend and
pattern analysis, are performed by multiple disciplines within DoD, e.g., network
operations, intelligence, counterintelligence, and law enforcement.
CND Sensor
Grid A coordinated constellation
of decentrally owned and implemented intrusion and anomaly detection systems
deployed throughout DoD information systems and computer networks. Investments to procure, sustain, and refresh
these systems should be reported.
Investments to design, develop
and deploy supporting systems such as the Joint CERT database should
also be reported. DISA should report
investments to support its responsibilities as technical integrator.
CND Common Operational Picture A distributed capability that provides
local, intermediate, and DoD-wide visual situational awareness of CND
activities and operations and their impact; collaboration;
and decision support. Investments to
determine requirements and to design, and develop supporting systems and
databases should be reported.
Defense in
Depth The
security approach whereby layers of IA solutions are used to establish an
adequate IA posture through the integration of the IA capabilities of people,
operations, and technology to achieve strong, effective, multi-layer,
multi-dimensional protection.
Implementation of this recognizes that, due to the highly interactive
nature of the various systems and networks, IA solutions must be considered
within the context of the shared risk environment and that any single system
cannot be adequately secured unless all interconnected systems are adequately
secured.
Defense in Depth Categories for the PPIs:
·
Defend the Networks and
Infrastructure
The technologies, hardware/software, operations, manpower, and services that
address the availability, confidentiality, and management requirements of large
transport networks and various other transmission and switching capabilities.
Requirements addressed in this category include availability of backbone
networks, wireless security capabilities, intrusion detection systems, System
High Interconnections and Virtual Private Networks (VPN). Included are secure
voice capabilities, multiple security layers, and operations that support
Defense-wide networks and infrastructure.
·
Defend the Enclave
Boundary/External Connections The technologies, hardware/software, operations,
manpower, and services that addresses perimeter defenses. This category
includes: protection for network access (firewalls, vulnerability scanners, and
virus detectors); protection for remote access from both remote enclaves and
traveling laptops; and protection during interoperation across security levels (high-to-low
and low-to-high transfers). An enclave boundary is defined in the
Global-Information-Grid (GiG) Implementation Guidance as the points of
connection for local Area Networks (LAN) or similar network to the service
layer of another network.
·
Defend the Computing
Environment
The technologies, hardware/software, operations, manpower, and services that
address the security considerations for end user workstations, servers,
applications, and operating systems. This category includes user applications
such as secure messaging, secure web browsing, file protection, Public Key
enabling of applications, and mission specific applications.
·
Supporting Infrastructures The security
capabilities, hardware/software, operations, manpower, components, and services
that address the supporting infrastructures of defense in depth. Specifically
these include the Joint CERT Incident Handling database, and the R&D and
procurement of Key Management Infrastructure (KMI) and Public Key
Infrastructure (PKI) technologies that are used to manage public key
certificates and symmetric cryptography.
·
System Security Methodology The technologies,
hardware/software, operations, manpower, and services that address the
consideration of mission needs, relevant policies and regulations and a
projection of threats to systems and information that contribute to the
definition, design, development, deployment sustainment, certification and
accreditation of the Departments IA posture. Included in this category is
information systems security engineering, readiness assessment, threat and
vulnerability assessment, risk management, and comprehensive evaluation of
technical and non-technical security features of an IT system made in support
of accreditation processes.
·
Security Management The operational resources to
sustain security capabilities, components, and services used by systems and
networks. Examples in this category are
resources and efforts to operate and sustain Public Key Infrastructures, secure
DISN, provide IA support to the CINCs, operate the IAVA process, and conduct
electronic key management and distributions.
·
Defensive Information
Operations
The technologies, hardware/software, operations, manpower, and services
directly employed to ensure timely, accurate, and relevant information access while denying adversaries
the opportunity to exploit friendly
information and systems for their own purposes. Examples are those CND
activities primarily associated directly or indirectly with component CERTS,
information warfare centers, red team operations, and related law enforcement
and intelligence efforts.
·
Training The training, education,
awareness and professional programs for network and system managers,
developers, and users of information systems and networks.
·
Other Management and
Operations
The information services, facilities support, contracts and fees, and other
mission resources necessary to support the other categories but not directly
associated with them.
·
IA for the Tactical
Environment
The security technologies, hardware/software, operations, manpower, and
services that address specific security concerns of the tactical environment,
such as the Joint Tactical Radio System (JTRS). Included in this is a set of systems, products, and
infrastructure that transfers time and content sensitive communications between
wireless nodes or from wired to radio transmission environments. Characteristics include:
-
Military
style operations
-
User
owned equipment and infrastructure
-
Radio-communications
licensed frequency bands
-
Communications
in hostile physical/RF environment
-
Classified
or sensitive but unclassified (SBU)
-
Time
sensitive
These systems typically
avoid or minimize:
-
Geo-location
-
Detection
and interception
-
Jamming
-
Traffic
analysis
-
Theft
of information
Information
Assurance (IA) Information
operations that protect and defend information and information systems by
ensuring their availability, integrity, authentication, confidentiality, and
non-repudiation. This includes providing for restoration of information systems
by incorporating protection, detection, and reaction capabilities. (DoDD
S-3600.1, JP 3-13 Information Operations, NSTISSI 4009)
Information Assurance Vulnerability
Alert (IAVA) The comprehensive
distribution process for notifying CINCs, services, and agencies (C/S/A) about
vulnerability alerts and countermeasure information. The IAVA process requires C/S/A receipt acknowledgement and
provides specific time parameters for implementing appropriate countermeasures
depending on the criticality of the vulnerability (JTF CND CONOP)
Information Operations Condition
(INFOCON) A comprehensive defense
posture and response based on the status of information systems, military
operations, and intelligence assessments of adversary capabilities and intent. The INFOCON system presents a structured,
coordinated approach to defend against a computer network attack and measures
the focus on computer network-based protective measures. Each level reflects a defensive posture
based on the risk of impact to military operations through the intentional
disruption of friendly information systems (CJCS Memo CM-510-00 dated 10 March
1999).
Information
Security (INFOSEC) Information security is
the protection of information and information systems against unauthorized
access or modification of information, whether in storage, processing, or
transit, and against denial of service to authorized users. Information
security includes those measures necessary to detect, document, and counter
such threats. Information security is composed of computer security and
communications security. (NSTISSI 4009)
Information Systems Security Program (ISSP) (PE
030314 A,F,G,K,L,N) Those Defense-wide efforts that include resources,
manpower authorizations, necessary facilities and equipment required to perform
INFOSEC research and development, to provide INFOSEC services, to procure
INFOSEC products required to secure telecommunications and information systems
when such products are separately procurable from host systems, and to provide
INFOSEC maintenance and support. Also
included are costs associated with the protection afforded to
telecommunications and information systems which process sensitive data and
efforts to ensure authenticity, integrity, and availability of the information
and system.
Network
Operations
- An organizational and procedural framework intended to provide information
systems and computer network owners the means to manage their information
systems and computer networks in order to effectively execute their mission
priorities.
Public Key Enabling of Applications (PK-enabling) The enabling of information
system applications to utilize the
services of a pubic key infrastructure. This includes activities and resources
associated with the cost of manpower, hardware, software, encryption services,
and support efforts needed to make applications capable of employing digital
certificates and signatures.
Public Key
Infrastructure (PKI) An enterprise-wide service that supports digital certificates and
signatures and other public key-based security mechanisms for DoD functional
domain programs, including generation, production, distribution, control and
accounting of public key certificates.
This includes PKI resources associated with the cost of manpower,
hardware, software, encryption services, and operational and support efforts
needed to implement and sustain the infrastructure
for a Defense-wide PKI.
Response Mechanisms Resources and processes to support INFOCON and similar Component mechanisms. The IAVA process is not included in this definition.