meeting federal government compliance … · meeting federal government compliance requirements...

White Paper

Juniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, California 94089 USA408.745.20001.888 JUNIPERwww.juniper.net

Meeting Federal Government

Compliance Requirements

Juniper Networks helping government organizations with strengthening Information Assurance (IA) and supporting regulatory compliance auditing.

Part Number: 200238-001 July 2007

2

Meeting Federal Government Compliance Requirements

Copyright ©2007, Juniper Networks, Inc.

Table of ContentsExecutive Summary ................................................................................................3

Introduction ............................................................................................................3

Key Federal Compliance Requirements ...................................................................3

HSPD-12 ............................................................................................................3

HSPD-20 ............................................................................................................4

Telework ............................................................................................................4

FISMA ................................................................................................................5

Challenges and Solutions for Meeting Compliance ..................................................5

Securing Information on the Network ................................................................5

Providing Access Control ...................................................................................7

LAN-Based Access Control .............................................................................8

Remote Access Using VPNs ...........................................................................9

Addressing Increasing Attack Sophistication .................................................... 11

Compliance Auditing .......................................................................................12

Why Choose Juniper for Government Compliance Solutions .................................13

Conclusion ............................................................................................................13

About Juniper Networks ........................................................................................14

Copyright ©2007, Juniper Networks, Inc. 3


Executive SummaryJuniper Networks provides purpose-built, high-performance IP platforms for the government market to help customers meet their various federal compliance requirements while improving their mission effectiveness and business productivity. Our solutions are market leading and enable customers to better protect sensitive government information. We not only help to secure government networks, we also better enable a productive government environment through secure and scalable network access, reduced network outages and the support of compliance auditing.

Our technologies, products and solutions are widely recognized as some of the most innovative and category-specifi c market leaders. Therefore, if it is business critical that your network performance provides the highest level of mission effectiveness, helping you gain productivity advantages and ensuring federal compliance, read more to see how Juniper Networks can help your government organization meet its federal compliance requirements.

IntroductionMultiple federal compliance regulations exist today and this requires government organizations to implement effective internal controls that ensure the integrity of their information systems. Some regulations measure how a government agency has strengthened access control while others are more focused on ensuring that agencies are conducting proper auditing and reporting procedures. The primary goal of all of these controls is to detect and contain unauthorized access or manipulation of mission-critical information. Let’s fi rst take a closer look at some of these federal compliance requirements and the expectations they are imposing on government departments and agencies.

Key Federal Compliance RequirementsFederal compliance requirements are growing increasingly complex and federal Chief Information Offi cers (CIOs) are being called upon to secure data and networks, authenticate people, and prepare for disasters – all the while continuously auditing and reporting on compliance. A combination of federal law, presidential directives/guidance and agency-specifi c requirements must be safely navigated. These CIOs must also deliver results effi ciently to meet deadlines and they are literally “graded” on compliance as part of their reviews. Some of the key compliance issues they are facing include:

HSPD-12

In August 2004, the President signed Homeland Security Presidential Directive Twelve (HSPD-12). This directive requires that all federal agencies follow a common standard when issuing, utilizing and maintaining physical and logical security access mechanisms 1. The access mechanisms must be interoperable between agencies. The National Institute of Standards (NIST) was tasked with developing the standard, named FIPS Publication 2012. Collectively, implementation of FIPS 201 is referred to as “Personal Identity Verifi cation of Federal Employees and Contractors” or PIV. HSPD-12 defi nes “secure and reliable forms of identifi cation” as identifi cation that (a) is issued based on sound criteria for verifying an individual employee’s identity; (b) is strongly resistant to identity fraud, tampering, counterfeiting and terrorist exploitation; (c) can be rapidly authenticated electronically; and (d) is issued only by providers whose reliability has been established by an offi cial accreditation process.

4



HSPD-20

Presidential Decision Directive 67 (PDD 67)3, issued 21 October 1998, relates to enduring constitutional government, continuity of operations (COOP) planning, and continuity of government (COG) operations. The purpose of Enduring Constitutional Government (ECG), Continuity of Government (COG) and Continuity of Operations (COOP) is to ensure survival of a constitutional form of government and the continuity of essential federal functions. In addition, Executive Order 12656 [Section 202] requires that “the head of each federal department and agency shall ensure the continuity of essential functions in any national security emergency by providing for: succession to offi ce and emergency delegation of authority in accordance with applicable law; safekeeping of essential resources, facilities and records; and the establishment of emergency operating capabilities.” Federal Preparedness Circular 65 (FPC-65)4 provides guidance to Federal Executive Branch departments and agencies for use in developing viable and executable contingency plans for the continuity of operations (COOP). COOP planning facilitates the performance of essential department/agency functions during any emergency or situation that may disrupt normal operations.

This legislation has gained higher visibility with the recent focus on government agency preparedness for potential pandemic infl uenza occurrences where an infection could cause a global outbreak of serious illness that rapidly spreads from person to person. Providing a secure remote access solution for critical employees during such emergencies is part of an overall business continuity plan.

Telework

For over a decade, laws addressing telework (also referred to as “work at home”, “fl exible work” or “telecommuting”) have been in effect for federal employees. The main legislative mandate for telework was established in 2000 (§ 359 of Public Law 106-346)5. This law states that “each executive agency shall establish a policy under which eligible employees of the agency may participate in telecommuting to the maximum extent possible without diminished employee performance.” Further legislation (Public Law 108-199, Division B, § 627 of January 23, 2004, and Public Law 108-447, Division B, § 622 of December 8, 2004) followed this mandate with directives to certain agencies to increase telework participation in the workforce by specifi ed amounts.

Many government organizations are seeing increasing pressure, in terms of national and regional legislation, for businesses to offer the option of fl exible work. In addition, there is increasing pressure from employees for fl exible working options to improve their effectiveness and work-life balance. Many employees, for example, are putting increasing pressure on their employers to let them work at least one day a week from home. Also, there is increasing environmental pressure, both globally and nationally, to reduce congestion and pollution caused by mass commutes, coupled with the inability of transportation infrastructures to keep pace with urban populations.

3 http://www.fas.org/irp/offdocs/pdd/pdd-67.htm 4 http://www.fas.org/irp/offdocs/pdd/fpc-65.htm 5 http://www.telework.gov/twlaws.asp



FISMA

The Federal Information Security Management Act (FISMA) was passed by Congress and signed into law by the President as part of the Electronic Government Act of 20026. Its goals include development of a comprehensive framework to protect the government’s information, operations and assets. The Act assigns specifi c responsibilities to federal agencies, the National Institute of Standards and Technology (NIST) and the Offi ce of Management and Budget (OMB) in order to strengthen information system security. In particular, FISMA requires the head of each agency to implement policies and procedures that cost-effectively reduce information technology security risks to an acceptable level. To ensure the adequacy and effectiveness of information security controls, FISMA requires agency program offi cials, Chief Information Offi cers and Inspector Generals (IGs), to conduct annual reviews of their agency’s information security program and report the results to OMB. OMB uses this data to assist in its oversight responsibilities and to prepare an annual report to Congress on agency compliance with the Act. The report is based primarily on agency and IG reports submitted to OMB in October of every year.

Challenges and Solutions for Meeting ComplianceBecause of limited resources and the need to deal with a multitude of federal compliance issues in addition to their other day-to-day responsibilities, federal CIOs are struggling to keep their networks secure and to meet necessary reporting deadlines and requirements. They are looking for the lowest common denominator in terms of solving multiple issues with a single investment. Let’s take a closer look at the four main categories these CIOs need to focus on to help ensure that they are complying with the federal compliance requirements previously listed: (a) securing information on the network; (b) providing access control; (c) addressing increasing attack sophistication; and (d) compliance auditing.

Securing Information on the Network

Not all information on government networks is sensitive and subject to federal compliance requirements. In fact, a large portion of the network accessed by government workers is not sensitive. However, many government organizations have not taken the appropriate steps to segregate sensitive information that is subject to federal compliance requirements as outlined in FISMA from non-sensitive information on their networks. Within any government organization, there are many individuals who should never have access to sensitive information. In addition, as we have seen within the market and reported by industry analysts at large, the majority of today’s threats are coming from within the organization rather than externally. For this reason, it is insuffi cient to only deploy fi rewalls at the perimeter, protecting the network from external attacks. In addition to deploying a fi rewall for perimeter defense, a government organization should also deploy a fi rewall within its infrastructure to protect internal segments of the network.

An effective way to achieve the benefi ts of these internal fi rewalls while still maintaining control over costs and the proliferation of devices in government networks is to implement Juniper Networks fi rewalls (Figure 1), which support multiple virtual security zones. Rather than implementing a separate, physical fi rewall for every network segment, Juniper‘s fi rewalls allow organizations to deploy multiple fi rewalls with a single appliance.

By defi ning security zones on the Juniper Networks fi rewall, the government network is logically divided into separate segments – each with its own rules. For example, an organization might use a single Juniper Networks fi rewall to create zones such as general purpose “Trust”, “Untrust” and “DMZ,” and/or it might create zones according to user types like “Wireless

6 http://www.ed.gov/policy/gen/leg/egov.html

6



Users”, “Finance Department” or “Compliance Zone”. By using a single Juniper Networks fi rewall appliance, government organizations can create distinct network segments and manage which users have access to those segments. Access rules for each security zone can be defi ned with respect to source and destination IP address, physical interface, Virtual LAN (VLAN) tag or user. This allows government organizations to easily create, manage and enforce rules whereby only users from the fi nancial department, for example, can access fi nancial applications and data. Illustrating the security zone controls to FISMA compliance auditors is simplifi ed by the granular logging and reporting capabilities that provide a clear audit trail of all access activity to government network resources.

Additional layers of security are also available to help ensure that vital government information remains secure. Government organizations using the HSPD-12 smartcards as defi ned in the National Institute of Standards (NIST) Federal Information Processing Standard (FIPS) 2017, in conjunction with compatible Juniper Networks Unifi ed Access Control (UAC) and fi rewall products, can enhance network security even further with dynamic, user-based fi rewall control. Finally, deploying Juniper Networks Integrated Security Gateways (ISGs) provides government departments with a market-leading combination of application-level and network-level protection by utilizing Deep Inspection fi rewall technology and Intrusion Detection and Prevention (IDP) technology in a single platform.

Figure 1: Security zones can be used to help with compliance by ensuring that government applications and data are only accessed by the appropriate user types.

Firewall

NS-5GT

AppsFinance

Data

AppsData

Business App Zone

Wireless Zone

Sensitive Data Zone

Internet

Agencies

HR

FinanceTelecommuter

Government

Business Partner

Government

Regional Office

7 http://csrc.nist.gov/piv-program/



Organization: City of Burbank

Situation: Monitoring systems for a cross-city electrical power grid required increased network security, performance and availability.

Solution: Juniper Networks NetScreen platforms

Juniper Networks IDP platforms

Results: Juniper Networks IDP and Firewall/ IPSec VPN platforms provided the city with proactive security while supporting much greater speed and reliability. Network attacks no longer disrupt opera-tions, greatly improving the productivity of IT staff. The security solution is also robust enough to support new citizen portals and video streaming.

Quote: “The technology behind Juniper Networks security appliances made it a clear-cut winner in my mind. We needed a central-ized security solution for the entire city and Juniper was the only vendor that offered us a traditional fi rewall platform and a true real-time Intrusion and Detection System.”

– Perry Jarvis, Network Operations Manager, City of Burbank, California

Providing Access Control

Securing information on the network is only part of the solution. Controlling who has access to internal server resources is the second component that a government organization must address. While some level of access control can be accomplished with static fi rewall settings alone, more dynamic and granular access controls are needed to ensure that only authorized users can get to resources and that endpoints are compliant with the organization’s security policy. Government networks are transitioning from “static fi rewall settings” to the use of stronger authentication mechanisms like using HSPD-12 to provide a user-based security environment. As remote, mobile and extended enterprise users are accessing resources on centralized servers, their unmanaged and potentially infected endpoints (like mobile devices) can compromise the security of the Local Area Network (LAN) and violate regulatory compliance policies as outlined in HSPD-12 and FISMA.

Still more threats are emerging from endpoints that are connecting via the internal wired or wireless LAN or from distributed government sites. Such users were once considered “safe” by virtue of their location. This is an increasingly risky assumption as mobile devices transit the perimeter bringing threats (typically unknown to the user) with them, and unknown and unmanaged devices from contractors, partners or guests access the LAN. Government organizations require an endpoint control solution that understands and verifi es information about the user’s identity, the device/endpoint state, and the network so that they can properly enforce security policy among this group of users.

8



Depending upon the location from which the user is accessing government server resources, there are two solutions for access control:

1. LAN Based Access Control (Wireless and Wired): This method is appropriate for a government organization that requires access control for internal users who already have a method of accessing resources, such as those users in remote/branch offi ces, or employees, guest users, contractors, partners, or others with access to the wired or wireless campus (LAN).

2. Virtual Private Networks (VPNs): This method is appropriate for a government organization that requires access control for other users who also need a method of accessing resources, such as those within the extended enterprise. These can include mobile and remote users, business partners, contractors and customers. The VPN can also serve to provide access control inside the LAN in some specifi c internal deployments.

LAN-Based Access Control

A LAN-based access control solution enables security policy enforcement, protects mission-critical applications, and protects certifi ed endpoints from untrusted internal devices in a LAN environment. 802.1X is the standard from the Institute of Electrical and Electronics Engineers (IEEE) for port-based network access control, protecting the network at the data link or access layer (Layer 2) by identifying and authenticating each user before the network provides the user with an IP address. An 802.1X-based authentication solution requires that 802.1X clients, also known as supplicants, be deployed in conjunction with 802.1X wireless access points or wired switches and an AAA/RADIUS server or appliance. This solution protects government servers within a data center from attack by requiring user authentication before granting network access. It also helps government organizations meet HSPD-12 and FISMA compliance requirements for wireless LANs.

However, comprehensive access control solution should use both a Layer 2 and a Layer 3-7 approach, as most organizations will need both. Which method is deployed where is largely a matter of priorities, the state of the switching infrastructure, the type of enforcement points already deployed, and the audience for which access control is most needed.

Based on fi eld-tested components that are being successfully used today in thousands of deployments worldwide, as well as industry standards, such as 802.1X standard and RADIUS, and, the standards-based open specifi cation from the Trusted Network Connect (TNC) working group of the Trusted Computing Group (TCG), the Juniper Networks Unifi ed Access Control (UAC) solution combines the best of access control technologies while leveraging existing government investments and deployments. All policy is created and pushed by the Infranet Controller, a hardened centralized policy server. Endpoint control of user identity, device state and network location can be determined by a dynamically deployable Agent (UAC Agent) as well as via agentless mode where installing a software client is not feasible. Finally, UAC can enforce policy at Layer 2 using any vendor’s 802.1X-enabled switches or wireless access points, at Layers 3-7 using Juniper fi rewalls, or both for additional granularity. Juniper Networks UAC solution is also compatible with multiple authentication and authorization databases, thereby allowing the combination of HSPD-12 mandated FIPS-201 smartcards, Microsoft Windows Active Directory user repositories, Lightweight Directory Access Protocol (LDAP) databases, Security Information Management Solutions (SIMS) and other popular security management tools. The result is a uniquely fl exible solution that combines user identity, device security state information and network location to create a session-specifi c access control policy for each network user.



Remote Access Using VPNs

Separate from users of the LAN, Secure Virtual Private Networks (VPNs) must be established for the mobile government workforce and distributed entities to enable productivity while working remotely and ensuring the privacy of information being transacted. However, there are many problems and limitations to the way VPNs have been deployed to date.

While no one VPN solution is the “right” solution for every unique government mobile worker or distributed site situation, there are multiple VPN options to choose from (Figure 2). For fi xed remote government locations, IPSec is perhaps the preferred method of deploying VPNs. IPSec can operate with low latency for applications that require high performance. Once they are confi gured and “in place” for fi xed locations, they typically do not need to be reconfi gured and can usually operate without manual intervention. Juniper has several purpose-built network security appliances that combine Stateful Inspection fi rewall capabilities with IPSec VPN functionality in one platform.

For the teleworker and mobile government workforce, the ideal alternative is to use Secure Socket Layer Virtual Private Networks (SSL VPNs). Since SSL VPNs uses technology embedded in all standard Web browsers, it uses a clientless platform and requires little or no manual confi guration on behalf of the user or changes to internal servers. This makes VPN access seamless to the remote user, it is robust, and it combines security of communications with ease-of-use. Juniper Networks Secure Access SSL VPN products provide this segment of the government workforce with a complete end-to-end security solution that includes endpoint client, device, data and server layered security controls. As discussed earlier with the Juniper Networks UAC product, the Juniper Secure Access SSL VPN appliances also integrate multiple authentication and authorization databases allowing the combination of HSPD-12 mandated FIPS-201 smartcards with other commonly available databases like Microsoft Active Directory user repositories.

Another unique feature of the Juniper Networks Secure Access SSL VPN products is its In Case of Emergency (ICE) end user license that provides government network managers the ability to turn on a large number of additional users for a limited time in a very cost-effective manner. This solution can help keep government organizations functioning by connecting people even during the most unpredictable of circumstances – hurricanes, terrorist attacks, pandemics or virus outbreaks.

Whatever Juniper Networks remote access solution a government organization chooses, the benefi ts to federal compliance requirements as noted in HSPD-12, HSPD-20 and Telework directives are the same:

• User authentication to ensure authorized access of government systems

• Encryption of transmitted data to ensure data integrity

• High availability and resiliency to ensure timely access of government systems

• Extensive logging and reporting for generating audit reports

10



Figure 2: VPNs deliver trusted paths for authenticating appropriate access to government systems and encrypting data transmissions

Organization: U.S. Dept of Labor Mine Safety and Health Administration (MHSA)

Situation: Employees working from home or traveling needed a secure Fed-eral Information Processing Standards (FIPS) compliant remote access solution.

Solution: Juniper Networks Secure Access SSL VPN

Results: Juniper Networks Secure Access SSL VPN provides an extremely secure yet easy-to-use remote access solution for over 2200 eli-gible employees. User requests to the MHSA help desk have gone down, while departmental effi ciency has gone up. Employees can now fully participate in meetings while offsite using Web-based meeting applications.

Quote: “The Juniper Networks solution provided us with a way to provide users with broadband remote access to our network at any time from anywhere, without allowing viruses or worms to penetrate our network.”

– Syed Hafeez, Information Security Offi cer

Firewall

SSLVPN

IPSecVPN

IPSecVPN

Government

Extended Enterprise

Government

Distributed Enterprise

Data Center

Government HQ

Day Extenders

Mobile Workers

Remote Offices

Business

Partners

Fixed

Telecommuters

Government

BranchesIPSecVPN

IPSecVPN

NS-5GT

Remote

Router

Router

IPSec VPN

SSL VPN



Addressing Increasing Attack Sophistication

The network layer solutions described above – security zones and secure local and remote access control – can help organizations achieve government compliance by determining who is allowed to access government systems and by ensuring the secure transmission of information across the government network. However, government organizations are also faced with threats within allowed traffi c that can compromise data security and integrity. These threats can be intentionally or unintentionally introduced by government employees, or they can be introduced by sophisticated third-parties attempting to circumvent security systems. Detecting and removing malicious content from allowed traffi c enhances network and data security, and can substantially contribute further to government compliance as outlined in FISMA.

Juniper Networks IDP solution (Figure 3) detects both known and unknown application layer threats within network traffi c and eliminates those threats in real time. Juniper Networks IDP also detects the use of unauthorized applications like instant messengers or fi le sharing. The Juniper Networks IDP solution with its Multi-Method Detection (MMD™), offers comprehensive coverage by leveraging multiple detection mechanisms. For example, by utilizing signatures as well as other detection methods that include protocol anomaly traffi c detection, Juniper’s IDP solution can thwart known attacks at all levels of the protocol stream as well as possible future variations of an attack.

The challenge with any IDP is to properly identify attacks while eliminating false positives. By using Stateful Signature Detection, the Juniper Networks IDP solution dramatically reduces false positives by examining the traffi c in the context of the application. With full understanding of the application and its relevant traffi c, Juniper‘s IDP solution can pinpoint the signature pattern-matching to the exact location when an attack can occur.

Along with the Enterprise Security Profi ler that passively collects real-time network and application data, Juniper Networks IDP delivers a real time, on-demand view of all network activity actually traversing the network. The network visibility and control afforded by Juniper’s IDP can deliver signifi cant benefi ts for government FISMA compliance that include:

• Detecting, reporting and stopping unauthorized intrusions and changes to government systems in real time

• Detecting, reporting and stopping unauthorized software running on the network

• Eliminating worms and trojan horses that can harm government systems and alter critical data

• Comprehensive monitoring of network and system activities, and simple review of event details

• Daily signature updates that ensure the most up-to-date coverage and enable consistent and timely enhancement of tools used to implement internal controls

• Logging and reporting, including packet captures, for generating detailed audit reports and storing information

Figure 3: IDP protects government systems from internal and external application layer attacks.

FinanceApps

Data

IDP

Government SystemsInternal Network

Firewall

Internet

12



Organization: North Atlantic Treaty Organization (NATO)

Situation: Needed to defend critical site connectivity to NATO’s global net-work against diverse and complex security attacks.

Solution: Juniper Networks IDP platforms

Results: Juniper Networks IDP platforms provided NATO bases through-out NATO’s member states worldwide with proactive security by automatically detecting malicious activity, then dropping the offending packets before they enter the network and damage data resources.

Quote: “NATO prefers to work with commercially-available network prod-ucts, such as Juniper’s IDP range, rather than bespoke products developed specifi cally for us. However, with such a mission-criti-cal, vulnerable infrastructure, we have to ensure that the chosen security products are robust, high-performing and reliable. NATO adjudged Juniper’s IDP portfolio to be a best-in-class” intrusion prevention solution with innovative technology that provides mul-tiple functions effectively from a single platform.”

--NATO spokesperson

Compliance Auditing

After putting into place all of the various levels of security previously described, government organizations are also required to ensure compliance with FISMA audits. In addition to using a centralized, rule-based approach to simplify deployment, confi guration and maintenance of security devices, government network administrators would like to use a similar approach for observing traffi c, prioritizing threats and providing several reporting mechanisms for generating required compliance reports.

Juniper Networks NetScreen Security Manager (NSM) takes just such an approach to network and security management by providing government IT departments with an easy-to-use solution that controls all aspects of Juniper’s Firewall/VPN and IDP devices. NSM includes a high-performance log storage mechanism that allows a government IT department to collect and monitor detailed historical information on key criteria such as network traffi c and security events. Using a complete set of built-in analysis tools, administrators can quickly generate reports for investigative or FISMA compliance purposes. For integration into existing tools, logs can be forwarded to a third-party reporting tool or database. Just a few of the compliance and auditing features of NSM include:

• Templates and policies that leverage commonalities to simplify the audit process

• Audit log that provides detailed change history

• Changes made locally on any device immediately fl agged in NSM for analysis

• Role-based administration that ensures that access to information in NSM matches business policies



Why Choose Juniper for Government Compliance SolutionsAs a company, Juniper Networks has proven itself to be a thought and technology leader within government, enterprise and service provider markets. Our innovation and technology is recognized by industry analysts and the market as a whole as market-leading and well ahead of the competition in terms of features and capabilities. We offer our customers a new way of thinking about the emerging demands being placed upon today’s networks and a new way of empowering the network to be leveraged as a business enabler and strategic competitive advantage.

Our network vision guides our product development and our customers know that they can place trust in Juniper Networks, confi dent that they have made the “right” business decision in selecting Juniper as a partner for critical government business needs. Those who achieve regulatory compliance with their network or leverage the network as a critical asset have found that Juniper provides the greatest advantage in helping them meet their requirements. These government organizations can create, implement and enable network-based compliance policies with a network that dynamically responds to enforce their policies and meet the needs of their organization.

Government Compliance/ Juniper Technology

Firewall/IPSec VPN

IDP SSL/VPN UAC

HSPD-12 (Access Control) • • •HSPD-20 (COOP & COG) • •Telework (Secure Remote Access) • •FISMA (Auditing and Reporting) • • • •

Table 1: Juniper Solution Components

ConclusionThe increasing trends of distributed government organizations, greater mobility among the government workforce and increasing sophistication of network attacks are dramatically changing the government’s network-based needs for mission-effectiveness and federal regulatory compliance. Government IT managers need to refer to the different government compliance standards to assess their organization-specifi c compliance requirements and develop the necessary solutions for their organization based upon those requirements.

Modern practices require government organizations to extend the reach of their network and open it up to an increasingly mobile workforce while supporting secure and effi cient communications. Yet, as the government network perimeter becomes increasingly dynamic, appropriate steps must be taken to ensure the operational quality, reliability and security of the network. Juniper Networks provides government organizations with the best available solutions for providing secured communications and endpoint verifi cation with enhanced security from fi rewall security zones, multiple methods of access control for both LAN-based and remote/mobile users, and layered security using one of the most robust and scalable IDP solutions in the industry to mitigate threats and support compliance auditing with NSM. Combined or individually, these solutions may be deployed to complement or provide a signifi cant portion of the Federal compliance solution while improving the effectiveness of an organization’s mission.

Copyright 2007 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOS and JUNOSe are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

CORPORATE HEADQUARTERS AND SALES HEADQUARTERS FOR NORTH AND SOUTH AMERICAJuniper Networks, Inc. 1194 North Mathilda AvenueSunnyvale, CA 94089 USAPhone: 888.JUNIPER (888.586.4737)or 408.745.2000Fax: 408.745.2100www.juniper.net

EAST COAST OFFICEJuniper Networks, Inc. 10 Technology Park DriveWestford, MA 01886-3146 USAPhone: 978.589.5800Fax: 978.589.0800

ASIA PACIFIC REGIONAL SALES HEADQUARTERSJuniper Networks (Hong Kong) Ltd.Suite 2507-11, 25/FICBC TowerCitibank Plaza, 3 Garden RoadCentral, Hong KongPhone: 852.2332.3636Fax: 852.2574.7803

EUROPE, MIDDLE EAST, AFRICAREGIONAL SALES HEADQUARTERSJuniper Networks (UK) LimitedBuilding 1Aviator ParkStation RoadAddlestoneSurrey, KT15 2PG, U.K.Phone: 44.(0).1372.385500Fax: 44.(0).1372.385501

To purchase Juniper Networks solutions, please

contact your Juniper Networks sales representative

at 1-866-298-6428 or authorized reseller.


About Juniper NetworksJuniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at www.juniper.net.

meeting federal government compliance … · meeting federal government compliance requirements...

Documents