Get e-book Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure (Networking Council)

Free download. Book file PDF easily for everyone and every device. You can download and read online Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure (Networking Council) file PDF Book only if you are registered here. And also you can download or read online all Book PDF file that related with Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure (Networking Council) book. Happy reading Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure (Networking Council) Bookeveryone. Download file Free Book PDF Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure (Networking Council) at Complete PDF Library. This Book have some digital formats such us :paperbook, ebook, kindle, epub, fb2 and another formats. Here is The CompletePDF Book Library. It's free to register here to get Book file PDF Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure (Networking Council) Pocket Guide.

To meet these goals, the Department is initially focusing on four key areas: IT infrastructure; information security; common solutions; and management roles and processes. These four areas have been chosen because, together, they constitute the core building blocks of the Department's IT program.


  • ENFANCES (French Edition).
  • Ethical Decision Making in Nursing and Health Care: The Symphonological Approach, Fourth Edition (Bioethical Decision Making in Nursing (Husted)).
  • Fight Like A Mom;

In addition, they are areas where there are both significant problems and significant opportunities for improvement. The next sections of this Plan outline these areas and present specific initiatives for action.

The Essential Guide to Consortia and Standards

The Department's capability to share information with people, organizations, and countries around the world begins with a unified and modernized infrastructure that is cost effective, reliable, accessible, interoperable, and secure. Currently, the Department's infrastructure is largely decentralized, fragmented, and outdated.

It is essentially an amalgamation of infrastructures designed, developed and maintained by individual components to meet their specific needs. This approach has introduced an unnecessary level of complexity, cost, and risk, and inadvertently created technical barriers to sharing information. IT infrastructure is a broad term that includes equipment, networks, and general-purpose software. Specifically, infrastructure is a layering of selected services, physical products, and telecommunications technologies as a foundation for building systems and sharing information.

Users call on the capabilities of the infrastructure every day whenever an email is sent, a document is prepared, or a database is accessed to retrieve information.

In short, the infrastructure is like a "black box" that sits between the user and information resource see Figure 3. Core infrastructure elements include:. The Department will work with the components to develop a department wide infrastructure architecture - - a layer of the Department's overall enterprise architecture. The infrastructure architecture will provide a common conceptual framework to support technical interoperability, define a common DOJ vocabulary, and provide a high-level description of the information technology deployed throughout the Department.

It will also define technical standards for acquiring and managing the infrastructure department wide. These standards will be documented in an updated Technical Reference Model. One of the next steps will be to define the guiding principles for infrastructure architecture, the scope of the DOJ wide initiative, and the information needed to effectively coordinate infrastructure technology in support of information sharing.

Telecommunications is a pivotal part of any infrastructure and an essential tool for enabling information sharing. The DOJ operates data networks, conventional voice networks, and wireless networks that include cell phones, radios, and data devices such as Personal Digital Assistants. The DOJ mission requires us to communicate classified and unclassified information securely among components and between components and external private and public organizations. Figure 4 below depicts our current network environment. As illustrated above, the DOJ network environment is an aggregation of a number of independent, national networks developed and operated by each of the major DOJ components.

The MAN operated by the Justice Management Division provides transit for network traffic exchanged among DOJ components; common services such as an e-mail translation service, a gateway to the Internet, and external web servers; and access to shared data centers. This component-driven design tends to inhibit DOJ wide data sharing and lead to numerous direct connections to internal and external networks that bypass the MAN. Each of these additional points of interconnection with the Internet or other external network introduces added complexity, security risks, and costs to the overall DOJ data network configuration.

The JCN also provides value-added services: a network operations center, managed network services e. Today, JCN services about two-thirds of all of the unclassified network locations, but cost savings have been marginal and components continue to share data primarily through file extracts governed by written agreements. A key element of the Department's IT strategy is to replace the JCN and other separate data networks with one, new integrated network. It will emphasize promoting information sharing, providing enhanced security across the board, and ensuring continuity of network operations.

It will be viewed as a Department utility that serves all DOJ components. Service level agreements will be employed to assure that the supplier's network management services meet all DOJ requirements.

Increasingly interconnected information technology systems and networks are critical to achieving the Department's mission. However, this widespread interconnectivity also poses new risks. Our growing dependency on these systems for law enforcement and national security purposes has increased the potential damage resulting from malicious attacks that undermine and disrupt services or expose sensitive information to misuse.

Protecting our IT systems and networks and safeguarding the information they store, process, and transmit, is a cornerstone of the Department's IT strategy. Information security is an indispensable function and a prerequisite to meeting our IT and mission goals. The Department has established minimum requirements for ensuring the security of the Department's classified and SBU systems and networks, including the requirement that all systems and networks be "certified and accredited" before becoming operational and re-certified and accredited periodically thereafter.

These certification and accreditation activities, along with penetration tests, audits, and reviews, have identified a number of security weaknesses.

Application of Public Key Infrastructure (PKI) in physical access control

The Department's Security Report for concluded that more than half of the systems analyzed had vulnerabilities in the areas of audit, authentication, contingency planning, and configuration management see Figure 5. High profile cases such as that of convicted spy Robert Hanssen have further illustrated glaring weaknesses in security policies and controls. Not surprisingly, congressional oversight committees, the GAO, and the IG, have all targeted information security as a major management concern within the Department.

To address this concern, the Department is implementing a multi-pronged strategy for strengthening and improving its information security program so that identified weaknesses are corrected and lasting and fundamental improvements are achieved. Information security is primarily a management function that requires the sustained commitment and attention of high-level officials at the Department and component levels.

To this end, the Department's IT security function will be elevated and strengthened. A senior management official, reporting directly to the Department's CIO, will be assigned overall responsibility for ensuring that the Department takes a department wide strategic view of its information security program and developing and implementing a coordinated and effective IT security program that is continuous, iterative, and fully integrated with IT architecture and investment processes. The program will involve four major activities: planning to ascertain threats and trust relationships; assessing the current levels of protection and their effectiveness; implementing and integrating controls; and responding to incidents, as shown in Figure 6.

Download Product Flyer

The Department has developed a centralized database for tracking the remediation of security weaknesses. This database is a single repository of findings and corrective actions identified through the component certification and accreditation activities, IG audits, penetration testing, and other reviews including the self-assessments required under the Government Information Security Reform Act. The Department will continue to use this database to help prioritize and monitor the implementation of corrective actions. It will also increase its monitoring of compliance with departmental policy and ensure that costs for security are identified in IT capital plans.

At the same time, it will continue to explore department wide solutions to cross-cutting problems. For example, the Department is implementing a common web-based security education and awareness program, available to all Department users. A number of Justice components are looking to various technology solutions to improve the security of their IT systems. However, there is no overall departmental approach or architecture to guide these efforts.

As a result, these perceived solutions may simply offer an isolated and patchwork response and not an integrated and comprehensive defense. To remedy this situation, the Department will develop a security architecture, employing a "defense in depth" model, consistent and integrated with the Department's overall enterprise architecture. The architecture will identify baseline and future security policies, standards and technologies. It will enable the Department and the components to better identify cross cutting security needs and possible common solutions, and eliminate inconsistent security approaches.

The security architecture and policies will continually evolve in support of the security process. The process will contribute to their growth and change, and the continual analysis of the architecture and policies will suggest changes to the process. Today's emerging security technology enables a level of protection that only a few years ago was not achievable at any cost.

For example, network based authentication and auditing tools are able to prevent and detect unauthorized access and use. Virtual private network VPN technologies improve boundary protection by funneling traffic through strong, professionally managed gates. The Department will focus on identifying and implementing common automated security tools, consistent with the Department's overall security architecture. The use of common security tools reduces costs and duplication of effort. It also helps to ensure a standard level of protection throughout the Department.

Gesmer Updegrove LLP Services to Consortia and Open Source Foundations

Public key technology provides enhanced capability to protect the confidentiality, integrity, and authenticity of electronic information. It offers a uniform way to identify system users, encrypt protected information, and restrict access based on "certificates of trust. The private keys are safeguarded by the person who will sign or decrypt the messages. The public keys are made available to other users to verify the signatures or encrypt documents. Since the public keys are made available to all users, a certificate mechanism must be established to ensure that the keys are valid and associated with a particular individual.

PKI is considered to be an important element in improving secure information sharing and implementing "e gov. In addition, several DOJ components have taken steps to implement their own PKI initiatives in response to their own particular requirements. The Department will develop and implement a department wide PKI that will enable secure communications and information sharing across component organizational boundaries, provide a strong authentication mechanism department wide, support "e gov" initiatives, and establish a framework for communications and sharing with other federal, state and local agencies.

A department wide PKI effort will ensure consistency in approach, minimize duplication of effort, and reduce requirements for cross component verification and validation. It will also provide a central point of contact for linking with the federal bridge. This link will allow cross certification of certificates with individuals from other federal agencies, foreign governments, state and agencies, and the private sector.

digital signature

From a mission perspective, the most important benefits of information technology arise from its ability to enable and improve collaboration, secure information sharing, and work simplification. Common solutions help to achieve these goals through the use of shared applications and databases. Developing and implementing common solutions, where appropriate, is an important element of our IT strategy and represents a fundamental shift in approach. Although there will continue to be a need for unique applications that support a single component, the emphasis will be on migrating toward common solutions that cross component organizational boundaries see Figure 7.

Common solutions reduce total costs, promote information sharing, improve information integrity, and accelerate business change cycles.