august 2013 • volume 2 : issue 4 in this issue - tscp...2013/08/08 · attribute based access...
TRANSCRIPT
August 2013 • Volume 2 : Issue 4
TSCP Newsletter
In this Issue: TSCP News
Get Involved
Committee Updates
WG and Project Updates
Member Directory
TSCP Meeting Schedule
November Symposium
Contact TSCPTransglobal Secure
Collaboration Participation8000 Towers Crescent Drive
Suite 1350 Vienna, VA 22182
Phone: 703.760.7898Fax: 703.760.7899
1
2
News
TSCP Office 365 WorkTSCP will be transitioning its managed SharePoint site to Microsoft Office 365. This will enable the use of identity federa-tion in a cloud environment, so in addition to being the repository for TSCP informa-tion, TSCP members can demonstrate and use their company issued credentials to gain access. Each TSCP member should create a Microsoft Azure tenant allowing them to have full lifecycle management of their users. Options exist for members to create user credentials inside their Azure tenant, or to federate to member issued credentials. The migration is expected to be complete in September; until then, the current SharePoint site is up and fully operational.
TSCP November SymposiumTracks Announced and Exhibitor and Spon-sorship Opportunities Available
TSCP has received 23 abstract propos-als in response to the Call for Papers. Six tracks have been selected and track lead-ers are reviewing abstract proposals and making agenda selections. The tracks will be Mobile and Cloud, Federation, Govern-ment Initiatives, Adoption, Supply Chain, and Trust Frameworks. The Exhibitor and Sponsor activity is proceeding with com-panies signing up for Exhibitor space and Symposium Sponsor opportunities. Look for the next TSCP Symposium email soon and sign up early to get the largest discount.
TSCP Bridge ServiceThe TSCP Bridge Service work continues with the approval of the TSCP Certificate Policy (CP) by the TSCP interim Policy Management Authority (PMA). The TSCP Bridge Service, when operational, will al-low organizations to cross certify their PKI to the Federal Bridge Certificate Authority (FBCA), enabling a trust path for their PKI issued credentials to other organizations similarly cross certified.
New TSCP Website in WorksTSCP is currently developing a new web-site in order to better communicate the TSCP mission, increase the amount of content and resources available, and im-prove site navigation and ease of use. The new site will be operational in September. All member input regarding how TSCP.org can increase its value to your organization is welcomed and encouraged.
3
Want to Get More Involved with TSCP?
ParticipateIf you’d like to be more involved in shaping your organization’s future, browse the following list of current TSCP committees, working groups, projects, and activities, and contact the appropriate team member.
Leadership Advisory Group (LAG)The Leadership Council for TSCP. It is comprised of the leaders from each committee, work-ing group, and project. The LAG meets monthly to review statuses and set future direction. For more information, please contact Greg Roecker at [email protected].
Architecture Committee (AC)The AC is responsible for the overall technical guidance of TSCP activities. It is comprised of voting members from Government and Platinum TSCP members, together with representa-tives of Gold TSCP members. For more information, please contact Richard Skedd at [email protected].
Government Alignment Committee (GAC)The GAC focuses on alignment of TSCP specifications and activities to government needs and requirements. For more information, please contact Deb Gallagher at [email protected].
Export Control Working Group (ECWG)The ECWG is a group of export control subject matter experts (SMEs) from the TSCP Plati-num companies and government organizations working to ensure TSCP technical solutions are evaluated to meet export requirements. For more information, please contact Julie Sandercock at [email protected].
Intellectual Property Working Group (IPWG)The IPWG is a group of Intellectual Property (IP) Subject Matter Experts (SMEs) from the TSCP Platinum companies working to ensure TSCP technical solutions are evaluated to meet IP requirements. For more information, please contact Julie Sandercock at [email protected].
Trusted Supply Chain Working Group (TSCWG)The TSCWG focuses on the development of a trusted supply chain through which multiple organizations can trust each other’s suppliers if they meet an agreed upon proofing/vetting process and credential strength. TSCP also intends to become a Trust Framework Provider and the TSCWG coordinates this effort. For more information, please contact Julie Sander-cock at [email protected].
Identity Federation v.2The TSCP Identity Federation project broadly focuses on the development of specifications that enable members of one organization to use their credentials to access information maintained in a separate security domain by a partnering organization. For more informa-tion, please contact Steve Skordinski at [email protected].
Information Labeling and Handling v.1+ (ILH v.1+)The Information Labeling and Handling (ILH) team works to develop specifications and implementation guidance which bring together digital policy management, document label-ing, access control and rights management, allowing security requirements to be consistent-ly enforced. The specifications developed are vendor agnostic to provide TSCP organizations and government agencies with various options for implementation. For more information, please contact Paul Intrarakha at [email protected].
(Cont... on p.4)
Be proactive and save your organization time and money.
4
Secure Email Version 3 (SE v.3) – planned future startTwo previous versions of Secure Email have been released. Start of work on SE v.3 is contingent on the maturity progressof the PLASMA standard. TSCP is working closely with the PLASMA standard team. For more information, please contact Steve Skordinski at [email protected].
TSCP Bridge ServiceTSCP is working to stand up a bridge service that would allow participants to cross-certify to the Federal Public Key Infrastructure Bridge. TSCP expects the bridge service to be operational and ready for new participants late in 2013. For more information, contact Steve Race at [email protected].
TSCP Executive Gala and ForumDestined to be the industry social event of the fall, TSCP will be hosting an invite-only Executive Gala and Forum on November 12-13. For more information, please con-tact Bill Rutledge at [email protected].
TSCP November SymposiumTSCP will be holding its first full-scale symposium on Thursday and Friday, No-vember 14 and 15, at the Hyatt Regency in Crystal City. For more information, please contact Bill Rutledge at [email protected].
Get Involved Continued... Committee Updates
The Leadership Advisory Group (LAG)TSCP working groups and project teams continued their hard work over the sum-mer months. We have been busy defining our mid to long term strategy plan, and are actively planning the 2013 Transglobal Secure Collaboration Symposium.
A team of TSCP industry, government, and technology partners have been work-ing since June to update the current TSCP strategy that will serve TSCP for the next three to five years. Strategy development starts with understanding the drivers, both business and technical, that unite mem-bers for a common purpose. Next, the team articulates the Mission statement, a clear summation of what the organization wants to do, and the Vision statement, a summation of where the organization plans to go in the future. Finally, the team determines the proper organizational structure to carry out the stated Mission and Vision.
A face to face meeting was held in D.C. in July to evaluate external influences and define TSCP strategic goals and objec-tives. The meeting resulted in six strategic goals for TSCP: 1) strategic plan align-ment with members and governments, 2) federation enablement, 3) governancethrough trust frameworks, 4) cloud and mobile enablement, 5) specification devel-opment, and 6) TSCP specification adop-tion. Look for the formal publication of our strategy and goals on the TSCP.org web-site. (Cont... on p. 5)
5
Committee Updates Continued... Working Group UpdatesPlanning is also underway for the TSCP Transglobal Secure Collaboration Sympo-sium in November 2013 in Washington, D.C. The TSCP project teams and working group meetings (business week) will be held on Tuesday and Wednesday, Novem-ber 12 and 13, at the Lockheed Martin Global Vision Center in Crystal City. All teams should be firming up their agendas and plans for the business week meetings. The TSCP Secure Collaboration Sympo-sium is Thursday and Friday, November 14 and 15, at the Hyatt Regency Crystal City. Please see the TSCP.org website for de-tails. We want to see you in November!
Regards,
Greg Roecker, Lockheed Martin Leadership Advisory Group Chairman
Architecture Committee (AC)The TSCP Architecture Committee has had several discussions around the contact-less use of PIV and PIV-I cards to devices such as smart phones and tablets. The Architecture Committee members rec-ognize that enabling these credentials to work with mobile devices, but without physically separate readers is critical to maintaining the usefulness of smart card credentials with current and future device deployments. The Architecture Commit-tee hosted a special session on the topic with TSCP vendor member participation and is currently finalizing a whitepaper to share the “need to knows” on the subject for organizations who utilize PIV and PIV-I credentials. The Architecture Committee continues to work to align TSCP efforts with those of NIST and FICAM. As such, the Architecture Committee reviewed the discussions and content of the recent NIST Attribute Based Access Control (ABAC) conference. The Architecture Committee had previously provided comment to NIST on SP 800-162 (Guide to Attribute Based Access Control (ABAC) Definition and Considerations). The Architecture Commit-tee has also actively engaged in planning activities including discussing the upcom-ing November business week agenda, and meeting with the LAG and TSCP Inc. lead-ership to plan future Architecture Commit-tee / TSCP work items.
Export Control WG (ECWG)The consolidated requirements document went through all final reviews and is now available on the TSCP website here.
Defense Trade Advisory Group (DTAG) members briefed the ECWG regarding recommendations they made to the Direc-torate of Defense Trade Controls (DDTC) to approve the use of certain levels of encryption which would ensure protection of intangibles/technology when stored or transmitted across international borders, specifically in regard to cloud environ-ments. The DTAG members agreed that TSCP is well positioned to be able to influ-ence such standards, not only within the US, but also in Europe with the goal of having an internationally accepted stan-dard that all organizations and govern-ments can adhere to.
Trusted Supply Chain WG (TSCWG)The team continues to work toward the goal of platinum member companies be-ing able to trust one another’s supply chain credentials. Platinum members are evaluating the COR against their company policy to obtain agreement that the COR meets or exceeds their policy. Members will then review internal supply chain cre-dentialing practices and provide a state-ment if this is in compliance with the COR. When this is completed, the team will seek assistance from legal representatives to develop an enterprise level federation legal agreement which can be leveraged by all current and future contracts to standardize and streamline the contractual process for establishing federation agree-ments at an enterprise level. This agree-ment would provide clear responsibilities and liabilities for the identity information exchanged between TSCP organizations and their partners implementing this agreement. The team is seeking to lever-age work done within the TSCP PKI PMA to facilitate development of this non-PKI legal agreement, as well as provide guid-ance on building out other TSCP Trust Framework Provider elements.
6
Working Group and Project Updates
Intellectual Property Working Group (IPWG)The IP requirements document is going through a final review and approval pro-cess with the IP subject matter experts and will be passed on to the AC for their approval this month. A gap analysis will also be completed using this document for ILH to ensure all the requirements have been captured accurately in the specifica-tions.
Information Labeling and Han-dling v.1+ (ILHv.1+)ILH continues its work with Platinum and Silver members testing and implement-ing the Business Authorization Framework (BAF) and Business Authorization Identifi-cation and Labeling Scheme (BAILS) spec-ifications working towards a demo for the TSCP November Business Week. ILH also plans to incorporate some export related scenarios to demo at a later date, and will engage export subject matter experts as needed. The TSCP (or Reference) lab is available and being prepped for testing.
Identity Federation v.2 (IdFv.2)The team is discussing use cases and cur-rent standards around home realm dis-covery and determining what deliverables should result from this work in order to improve the end user’s experience when selecting an Identity Provider for access to a federated application.
The TSCP, Raytheon, Lockheed Martin, and BAE Systems labs are nearly completed with testing the provisioning profile and a demo is planned for this month with the AC. A demo of this capability will also be presented at the November Symposium.
7
TSCP Member Directory
Platinum Members BAE SystemsContact: [email protected]
Lockheed MartinContact: [email protected]
The Boeing CompanyContact: [email protected]
Northrop GrummanContact: [email protected]
EADSContact: [email protected]
RaytheonContact: [email protected]
Government MembersU.S. Department of DefenseContact: [email protected]
Netherlands Ministry of DefenceContact: [email protected]
U.S. General Services AdministrationContact: [email protected]
NASAContact: [email protected]
French ANSSIContact: [email protected]
UK Ministry of DefenceContact: [email protected]
U.S. Secret ServiceContact: [email protected]
Gold MembersCA TechnologiesContact: [email protected]
MicrosoftContact: [email protected]
Silver MembersHIDContact: [email protected]
ID DatawebContact: [email protected]
ElectrosoftContact: [email protected]
IntercedeContact: [email protected]
NLRContact: [email protected]
AxiomaticsContact: [email protected]
Deep-SecureContact: [email protected]
FuGen SolutionsContact: [email protected]
Ping IdentityContact: [email protected]
Litmus LogicContact: [email protected]
SynerenContact: [email protected]
Boldon JamesContact: [email protected]
Deloitte & Touche LLPContact: [email protected]
GemaltoContact: [email protected]
NextLabsContact: [email protected]
WaveContact: [email protected]
CentrifyContact: [email protected]
Bronze MembersChevronContact: [email protected]
8
To access the TSCP Master Calendar in SharePoint, click here.
Monday Tuesday Wednesday Thursday Friday
29 30 31 1 28:00 AM - TSCP Project Technical Lead Coordination10:00 AM - TSCP PMO Staff Meeting11:00 AM - Information Labeling and Handling
10:00 AM - TSCP Deliv-erables11:00 AM - SE v.1 Platinum and Govern-ment Lead Deployment Discussion11:00 AM - Trusted Sup-ply Chain Working Group
10:00 AMArchitecture Committee Meeting
9:00 AMLeadership Advisory Group
11:00 AMTSCP IdFv.2 Weekly Meeting
No meetings are held on Fridays.
5 6 7 8 98:00 AM - Government Alignment Group8:00 AM - TSCP Project Technical Lead Coordination10:00 AM - TSCP PMO Staff Meeting11:00 AM - TSCP Market-ing Outreach & Adoption11:00 AM - Information Labeling and Handling
11:00 AMTrusted Supply Chain Working Group
10:00 AMArchitecture Committee Meeting
11:00 AMTSCP IdFv.2 Weekly Meeting
11:00 AMInterim PMA Meeting
No meetings are held on Fridays.
12 13 14 15 168:00 AM - TSCP Project Technical Lead Coordination10:00 AM - TSCP PMO Staff Meeting11:00 AM - Information Labeling and Handling
10:00 AM - TSCP Deliv-erables11:00 AM - SE v.1 Platinum and Govern-ment Lead Deployment Discussion11:00 AM - Trusted Sup-ply Chain Working Group
10:00 AMArchitecture Committee Meeting
11:00 AMTSCP IdFv.2 Weekly Meeting
No meetings are held on Fridays.
19 20 21 22 238:00 AM - TSCP Project Technical Lead Coordination10:00 AM - TSCP PMO Staff Meeting11:00 AM - TSCP Market-ing Outreach & Adoption11:00 AM - Information Labeling and Handling
11:00 AMTrusted Supply Chain Working Group
10:00 AMArchitecture Committee Meeting
11:00 AMTSCP IdFv.2 Weekly Meeting
11:00 AMInterim PMA Meeting
No meetings are held on Fridays.
26 27 28 29 308:00 AM - TSCP Project Technical Lead Coordination10:00 AM - TSCP PMO Staff Meeting11:00 AM - Information Labeling and Handling
10:00 AM - TSCP Deliv-erables11:00 AM - SE v.1 Platinum and Govern-ment Lead Deployment Discussion11:00 AM - Trusted Sup-ply Chain Working Group
10:00 AMArchitecture Committee Meeting
11:00 AMTSCP IdFv.2 Weekly Meeting
No meetings are held on Fridays.
Times are in EST.
TSCP Meeting Schedule for August
9
Monday Tuesday Wednesday Thursday Friday
2 3 4 5 68:00 AM - Government Alignment Group8:00 AM - TSCP Project Technical Lead Coordination10:00 AM - TSCP PMO Staff Meeting11:00 AM - TSCP Market-ing Outreach & Adoption11:00 AM - Information Labeling and Handling
11:00 AMTrusted Supply Chain Working Group
10:00 AMArchitecture Committee Meeting
11:00 AMTSCP IdFv.2 Weekly Meeting
11:00 AMInterim PMA Meeting
No meetings are held on Fridays.
9 10 11 12 138:00 AM - TSCP Project Technical Lead Coordination10:00 AM - TSCP PMO Staff Meeting11:00 AM - Information Labeling and Handling
10:00 AM - TSCP Deliv-erables11:00 AM - SE v.1 Platinum and Govern-ment Lead Deployment Discussion11:00 AM - Trusted Sup-ply Chain Working Group
10:00 AMArchitecture Committee Meeting
11:00 AMTSCP IdFv.2 Weekly Meeting
No meetings are held on Fridays.
16 17 18 19 208:00 AM - TSCP Project Technical Lead Coordination10:00 AM - TSCP PMO Staff Meeting11:00 AM - TSCP Market-ing Outreach & Adoption11:00 AM - Information Labeling and Handling
11:00 AMTrusted Supply Chain Working Group
10:00 AMArchitecture Committee Meeting
11:00 AMTSCP IdFv.2 Weekly Meeting
11:00 AMInterim PMA Meeting
No meetings are held on Fridays.
23 24 25 26 278:00 AM - TSCP Project Technical Lead Coordination10:00 AM - TSCP PMO Staff Meeting11:00 AM - Information Labeling and Handling
10:00 AM - TSCP Deliv-erables11:00 AM - SE v.1 Platinum and Govern-ment Lead Deployment Discussion11:00 AM - Trusted Sup-ply Chain Working Group
10:00 AMArchitecture Committee Meeting
11:00 AMTSCP IdFv.2 Weekly Meeting
No meetings are held on Fridays.
30 1 2 3 48:00 AM - TSCP Project Technical Lead Coordination10:00 AM - TSCP PMO Staff Meeting11:00 AM - TSCP Market-ing Outreach & Adoption11:00 AM - Information Labeling and Handling
9:00 AMLeadership Advisory Group
11:00 AMTrusted Supply Chain Working Group
10:00 AMArchitecture Committee Meeting
11:00 AMTSCP IdFv.2 Weekly Meeting
11:00 AMInterim PMA Meeting
No meetings are held on Fridays.
Times are in EST.
TSCP Meeting Schedule for September
Challenges and Opportunities in Secure CollaborationThe Transglobal Secure Collaboration Program (TSCP) Inc., a nonprofit 501 (C)(6), is the only government-industry partnership specifically focused on designing solu-tions to address the most critical issues facing global industry: mitigating the com-pliance, complexity, cost and IT security risks inherent in large-scale, multi-nation-al collaborative programs. In support of this mission, TSCP is proud to present the Transglobal Secure Collaboration Symposium, an industry-leading conference and vendor exhibition focused on secure collaboration among industry partners and their supply chain members, mitigating the risks of information security breaches, accelerating secure information sharing while reducing overall program costs.
Presentations by and for the TSCP Community and IndustrySpeakers include information security leaders from gov-ernment agencies, military departments, technology companies, the intelligence community, as well as TSCP members from aerospace and defense. The conference will showcase the work of the the TSCP community, and their efforts solve common challenges that impact major programs today.
Prospective topics include: Federal Identity, Credential and Access Management (FICAM); Federal Cloud Creden-tial Exchange (FCCX); National Strategy for Trusted Iden-tities (NSTIC); Mobility and Digital Strategy; Identity in the Cloud; Device Health/Machine Identity; PIV and PIV-I High Assurance Cards; Identity Trust Framework; Supply Chain Authentication, and more.
Following the mission of TSCP, the conference will deliver information and expert insights designed to tackle today’s challenges. TSCP member companies are the leaders in large-scale, international collaborative programs. The conference will tap this collective expertise to create an independent, market-focused forum on the challenges of collaboration and interoperability.
A Conference Agenda of Current, Crucial Subject Matter
Organized by the Industry Leader
Early RegistrationDiscounts Apply!
Prospective Tracks Include
Identity and Access Man-agement • Secure infor-mation sharing • Secure credentialing • Secure
Document Sharing and Ac-cess to Applications • Cy-bersecurity and Remedia-tion Against Cyber Threats
• Security for Cloud andMobility Environments
Featuring
The Secure Collaboration Showcase Exhibition
With Live Technology Implementation Demos
Exhibit and Sponsorship Opportunities are Avail-
able: Click here for more.
When: Thursday, November 14, 2013 - Friday, November 15, 2013 8:00 AM - 5:00 PM EST
Where: Hyatt Regency Crystal City, 2799 Jefferson Davis Hwy, Arlington, Vriginia 22202, USA 212-866-2169
Mark Your Calendar Now!