1 / 21

Authorized Device and Software Management Initiatives

Updates and next steps for the Authorized Device (AD) and Software Management (SM) Initiatives, including roll call, phase updates, and NSINS improvement initiatives. Discusses timelines, enrollment requirements, network security improvements, and technology dependencies.

fthompson
Download Presentation

Authorized Device and Software Management Initiatives

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authorized Device and Software Management InitiativesUnauthorized Device & Unauthorized Software Working Group Bi-weekly MeetingNovember 29, 2018 Project Team: Qi’Anne Knox Kazeem Adelakun Shoeb Siraj Code 710

  2. Agenda • Roll Call • Authorized Device (AD) Initiative / Unauthorized Device (UD) Phase Updates and Next Steps • Software Management (SM) Initiative Update • Web Content Filter (WCF) Update • References

  3. Roll Call

  4. AD: Phase Updates (1) • Phase 1: • Timeline: No earlier than January 2, 2019 (dependent on when GSFC is migrated Office 365) • Marshall Space Flight Center and Michoud Assembly Facility with more than 8,500 users migrated • Kennedy Space Center will migrate next, starting November 28, 2018 and ending December 6, 2018; Langley Research Center will migrate after that • What’s happening? NASA email access restrictions • Put controls in place to prohibit ActiveSyncaccess without Mobile Device Management (MDM) • Put controls in place to prohibit remote Webmail access without MDM or Virtual Private Network (VPN)

  5. AD: Phase Updates (2) • Phase 1 continued: • Mobile Device Management (MDM) enrollment for non-ACES Government Funded Equipment (GFE) or Personally Funded Equipment (PFE) iOS and Android smartphones and tablets (Go-Live Date: November 15, 2018): • Requirements for enrollment: • O365 early adopters • ActiveSync user; have connected to NASA email and calendar services with a non-ACES GFE or PFE smartphone or tablet • Does not have an ACES smartphone or tablet • Targeted communications are being reviewed by IT Managers for distribution today • Two-step approval was added to NAMS for GSFC/remote centers

  6. AD: Targeted Users

  7. AD: Phase Updates (3) • Phase 2: • Timeline: To Be Determined (TBD) and will be discussed more early next calendar year (full compliance targeted for Dec 2019) • Continue to participate in NASA Partner Discussion with the Technical Architecture Lead at Armstrong to discuss current challenges, risks, external authorization requirements/update, etc. as it relates to Phase 2 • Please continue to share use cases • Partner Categories: Academic, Industry, Non-Profit, Contractor, Corporate, Commercial Space, Foreign Commercial Space, Government Agency, and Foreign Government Agency

  8. AD: Phase Updates (3) • Phase 2 continued: • NASA’s Strategy to Improve Network Security (NSINS) was briefed to the deputy administrator yesterday • Following this meeting, the Agency Core Team hopes to better understand next steps and timeline updates • AD/UD Policy has technology dependencies within the NSINS improvement initiatives

  9. NSINS Improvement Initiatives (1) • Modernizing our network by implementing consistent protections at the boundary of NASA’s network and moving to a common Virtual Private Network to access internal NASA systems from remote locations. • External Border Protection (EBPRO) project; Enterprise Internal Border-Network Access Control (EIBNAC) project • Simplifying how employees access NASA applications and systems while ensuring that authorized individuals have the appropriate access. • Personal Identity Verification (PIV) project; Enterprise Internal Border-Network Access Control (EIBNAC) project; Elevated Privilege Management (EPM) initiative • Ensuring that only Authorized Devices connect to NASA’s internal networks  • Authorized Device (AD) initiative; Enterprise Internal Border-Network Access Control (EIBNAC) project; Cloud Access Security (CAS) initiative

  10. NSINS Improvement Initiatives (2) • Improving collaboration, email, and underlying identity and directory capabilities while strengthening NASA’s cybersecurity posture • Office365 project; Identity, Credential, and Access Management modernization (ICAM-M) project • Enabling mobile access to encrypted email and improving the overall management and security of mobile devices • Mobile Device Management (MDM) project • Managing the software used across NASA, including installed and cloud-based applications, to strengthen application cybersecurity as well as to enable efficient procurement and proactive lifecycle management of these assets. • Software Management (SM) Initiative; BigFix implementation (CDM) • Streamlining and maturing NASA’s IT operating model to provide value-added insights into IT performance, simplify burdensome processes, improve fiscal management of IT resources, and ensure enterprise IT services are sustainably executed and integrated.

  11. AD: Technology Dependencies • CDM/EDW – Authoritative Source for IT Asset Information • PIV-M – UBE dependent on UD Enforcement • MDM – Phase 2 Provides secure container for access to NASA email/calendar/contacts • MDM – Phase 3 Moves Mobile Applications into secure container • EIB-NAC – Authorizes Network Access • EB-Pro – EB-Pro—Manages Network Remote Access Integrity • O365 – User Based Access/Device Agnostic/Data Integrity • VDS Proof of Concept (POC) – Device Agnostic Capability

  12. Dependency Matrix

  13. AD: Next Steps • Validate NAMS submissions • Meet with Agency Team to discuss PIV exemption user list next week • Continue coordination with O365 Project Team (Agency and Local) • Internal 710 working group meeting/brainstorming session scheduled for December 11, 2018 • Schedule additional stakeholders meetings

  14. AD: Reminders • NASA webmail will no longer be remotely accessible from outside the NASA network, and will require an Agency Badge (PIV or Smart Badge) or RSA Token for authentication • Users will no longer be able to authenticate using username/password except for “PIV Exemption” • Webmail will remain remotely accessible via VPN with an Agency Badge or RSA token • Remote users will no longer be able to access NASA email via the Microsoft Outlook (or compatible) client unless they are connected to the NASA internal network via VPN • Personal Devices are not authorized to connect per UD Policy

  15. SM Initiative: Unauthorized Software • Software should be added to a System Security Plan (SSP) for approved use today • Work with the system owner on which the application will be installed • Ensure the software is maintained, tracked, and updated for security patches on an ongoing basis • Our understanding is if the software is being utilized for NASA work, we will do our best to authorize it • Accomplishments: • Utilizing relational database application to to create baseline and develop whitelist • SharePoint portal field requirements identified

  16. SM Initiative: Web Content Filter • Obtaining updated list of web content currently categorized as “unrated” • Developing center-wide communication with instructions for re-categorization • Will share the list with the working group as well for awareness • Web content currently categorized as “unrated” will be blocked on January 1, 2019

  17. SM Initiative: WCF Blocked Categories • Malicious Websites • Phishing • Spam URLs • Domain Parking • Games • Meaningless Content • Advocacy Organizations • Gambling • Marijuana • Nudity and Risque • Other Adult Materials • Pornography • Peer-to-peer File Sharing • Child Abuse • Discrimination • Drug Abuse • Explicit Violence • Extremist Groups • Hacking • Illegal or Unethical • Plagiarism • Proxy Avoidance

  18. Ad-hoc Working Group SharePoint • https://itcdsp13.gsfc.nasa.gov/sites/CSID/Community/IT%20Security%20Working%20Group/Ad%20Hoc%20Working%20Groups/Unauthorized%20Devices%20Ad%20Hoc%20Working%20Groups • This site will house meeting slides, minutes, actions, etc. • Confirming everyone has access and the permissions are set up correctly

  19. GSFC Points of Contact • Please continue to communicate your concerns and suggestions to us, which we will communicate up. • GSFC-IT-Security-Review@mail.nasa.gov • qianne.l.knox@nasa.gov • shoeb.siraj@nasa.gov • kazeem.a.adelakun@nasa.gov • Next meeting is December 13 • Should we cancel the meeting for December 27?

  20. References (1) • Working Group SharePoint: https://itcdsp13.gsfc.nasa.gov/sites/CSID/Community/IT%20Security%20Working%20Group/Ad%20Hoc%20Working%20Groups/Unauthorized%20Devices%20Ad%20Hoc%20Working%20Groups • MDM Registration Site: https://mdr.nasa.gov/ • Registration Documents: https://aces.ndc.nasa.gov/subnav/mdm.html • NAMS Workflow: • MDM PFE (ID: 252534) - https://idmax.nasa.gov/nams/asset/252534/017767035 • MDM GFE (ID: 252533) - https://idmax.nasa.gov/nams/asset/252533/017767035

  21. References (2) • Agency UD Sites: • NASAs Strategy to Improve Network Security OCIO Site: https://inside.nasa.gov/nasa-s-strategy-improve-network-security • IT Policy Memos: https://inside.nasa.gov/ocio/it-business-management/policy-standards/it-policy-memoranda • O365 Resources: http://inside.nasa.gov/euso/office-365-resources • AD/SM on ITCD Website and SharePoint: • https://itcd.gsfc.nasa.gov/ • https://itcdsp13.gsfc.nasa.gov/sites/security/servicemanagement/Authorized%20Devices%20%20Software%20Management%20Initiative/Home.aspx • Web Content Filter Portal: https://itcdsp13.gsfc.nasa.gov/sites/security/servicemanagement/SitePages/Website Access Requests.aspx

More Related