[ Pobierz całość w formacie PDF ]
Predecessor Activities:
define requirements for controlling access Governance Bodies
None
to resources on the Secret Fabric.
Successor Activities:
DPOL-02, DPOL-04,
DPOL-02 Identify shared digital policies that apply ACAG WG Stage 2 Goal
across the Secret Fabric.
Predecessor Activities:
DPOL-01
Successor Activities:
DPOL-03, POL-03
DPOL-03 Perform a compliance office review of the OMB Stage 2 Future
set of shared digital policies.
Predecessor Activities:
DPOL-02
Successor Activities:
DPOL-06
DPOL-04 Identify initial set of digital policies that will Department and Stage 2 Future
be used to govern access to resources Agency
Predecessor Activities:
intended to be shared across the Secret Governance Bodies
DPOL-01
Fabric
Successor Activities:
DPOL-05
DPOL-05 Develop agency specific digital policy rules Departments and Stage 2 Future
governing access control to department or Agencies
Predecessor Activities:
48
CNSS White Paper 01-14 FICAM Planning Guidance
For the Secret Fabric
Number Activity Responsible Party Dependencies
agency resources. DPOL-04
Successor Activities:
DPOL-07, EATT-02,
RATT-03, SATT-02
DPOL-06 Identify full set of common digital policy ICAMSC, IdAM WG Stage 4 Goal
rules that apply across the Secret Fabric.
Predecessor Activities:
DPOL-03
Successor Activities:
DPOL-07, GOV-13
DPOL-07 Ensure digital policy stores are fully Departments and Stage 4 Goal
populated with digital policy rules. Agencies
Predecessor Activities:
DPOL-05, DPOL-06
Successor Activities:
ENAB-17, GOV-14
C.9 ENABLING ACTIVITIES
Number Activity Responsible Party Dependencies
ENAB-01 Enable high sensitivity applications that are Departments and Stage 1 Goal
currently shared with other departments Agencies
Predecessor Activities:
and agencies to ensure the subject has
CRED-04, CRED-05,
authenticated using a PKI certificate.
CRED-06
Successor Activities:
ENAB-03, ENAB-16
ENAB-02 Implement mandatory certificate-based Departments and Stage 1 Goal
network logon to Secret Fabric networks Agencies
Predecessor Activities:
for at least 10% of users.
CRED-04, CRED-05
Successor Activities:
None
ENAB-03 Ensure enabled applications generate logs Departments and Stage 1 Goal
indicating the identifier used to Agencies
Predecessor Activities:
authenticate the user.
ENAB-01
Successor Activities:
None
ENAB-04 Define a target network architecture that ICAMSC Stage 1 Future
defines the level of required interoperability Architecture Group
Predecessor Activities:
of Secret Fabric networks for information
None
sharing and safeguarding and identifies the
Successor Activities:
interfaces necessary for departments and
GOV-08, GOV-09,
agencies to use Secret Fabric shared
RATT-01, BUS-04,
services (such as PKI or Identity
EATT-01, ENAB-05
Providers).
ENAB-05 Identify standards and protocols for ICAMSC Stage 1 Future
performing authentication; obtaining Architecture Group
Predecessor Activities:
subject, environment, and resource
ENAB-04
attributes; and applying digital policy rules
Successor Activities:
to make access control decisions.
RATT-02, ENAB-06,
Standards and protocols identified must
SATT-01, CRED-05
ensure interoperability across the Secret
49
CNSS White Paper 01-14 FICAM Planning Guidance
For the Secret Fabric
Number Activity Responsible Party Dependencies
Fabric and, to the extent possible, also
provide interoperability with those
standards and protocols used by the IC
and unclassified communities.
ENAB-06 Develop prototype of attribute exchange PM-ISE and Stage 1 Future
capability on the Secret Fabric as a Partnering Agency
Predecessor Activities:
reference implementation for attribute Provider(s)
ENAB-05
sharing.
Successor Activities:
ENAB-11
ENAB-07 Enable high and medium sensitivity Departments and Stage 2 Goal
applications that are currently shared with Agencies
Predecessor Activities:
other departments and agencies to ensure
CRED-07, CRED-08,
the subject has authenticated using a PKI
CRED-09
certificate.
Successor Activities:
ENAB-13
ENAB-08 Implement mandatory certificate-based Departments and Stage 2 Goal
network logon to Secret Fabric networks. Agencies
Predecessor Activities:
CRED-07, CRED-10,
CRED-08
Successor Activities:
ENAB-09
ENAB-09 Ensure network logon generates activity Departments and Stage 2 Goal
logs that include the identifier of the entity Agencies
Predecessor Activities:
that logged on.
ENAB-08
Successor Activities:
None
ENAB-10 Implement prototype of authorization PM-ISE and Stage 2 Future
service that implements digital policy rules Partnering Agency
Predecessor
based on resource attributes and includes Provider(s)
Activities:SATT-01,
discovery and use of subject and
EATT-01, RATT-02
environment attributes.
Successor Activities:
ENAB-15
ENAB-11 Develop attribute exchange services and Departments and Stage 2 Future
link them with agency attribute stores. Agencies
Predecessor Activities:
ENAB-06
Successor Activities:
ENAB-12
ENAB-12 Test attribute exchange service interfaces Departments and Stage 2 Future
with Stage 1 prototype implementation to Agencies
Predecessor Activities:
measure interoperability.
ENAB-11
Successor Activities:
ENAB-15, SATT-13
ENAB-13 Ensure that all applications that manage Departments and Stage 3 Goal
resources that are intended to be shared Agencies
Predecessor Activities:
with other departments and agencies
CRED-11, ENAB-07
require certificate-based authentication of
Successor Activities:
all authorized users.
ENAB-14, CRED-12,
ENAB-17
50
CNSS White Paper 01-14 FICAM Planning Guidance
For the Secret Fabric
Number Activity Responsible Party Dependencies
ENAB-14 Ensure that applications log all resource Departments and Stage 3 Goal
access using identifiers contained in Agencies
Predecessor Activities:
certificates
ENAB-13
Successor Activities:
None
ENAB-15 Implement agency authorization services Departments and Stage 3 Goal
that perform access control based on Agencies
Predecessor Activities:
digital policies linked to resources and
ENAB-10, ENAB-12,
values of associated subject and
RATT-04, EATT-03,
environment attributes.
SATT-08
Successor Activities:
ENAB-16
ENAB-16 Enable 25% high sensitivity applications to Department and Stage 3 Goal
use authorization services for access Agency
Predecessor Activities:
control. Governance
ENAB-15, ENAB-01
Successor Activities:
None
ENAB-17 Enable all high and medium sensitivity Departments and Stage 4 Goal
applications to use authorization services Agencies
Predecessor Activities:
for access control.
SATT-13, RATT-05,
DPOL-07, ENAB-13
Successor Activities:
ENAB-18
ENAB-18 Ensure applications generate logs Departments and Stage 4 Goal
indicating the identifier used to Agencies
Predecessor Activities:
authenticate to the system, the values of
ENAB-17, GOV-09
attributes used in the access control
Successor Activities:
decision, and the source of those attribute
None
values.
51
[ Pobierz całość w formacie PDF ]