1 / 27

Disclaimer

Disclaimer.

inge
Download Presentation

Disclaimer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Disclaimer The following presentation is an abbreviated description of 60FF-1, 60FF-2 and 60FF-3, Florida Administrative Code. The presentation is meant to convey the general intent of the rules and the means by which the Department of Management Services will fulfill its statutory duties in providing the State communications network known as SUNCOM. This presentation and other SUNCOM documentation related to the rules are not substitutes for the actual rules nor do they provide comprehensive or final interpretations of the rules.

  2. Reasons for SUNCOM Rule Changes • Demise of State Technology Office • STO owned SUNCOM rules under 60DD • Core of 60DD was over twenty years old • Marketplace changes • Industry competition led SUNCOM to replace leased backbone with public switched network services • Technology changes • Continuing ramifications of the Internet Protocol • Open systems • Make rules comport with Statutes • Subsection 282.103 (3), F.S. calls for “exemptions” for use of communications services outside of SUNCOM • CPLA process had vague statutory basis, i.e. nothing in F.S. about hardware approvals

  3. Rule Change Process:Publications, Announcements and Input • Required • Administrative weekly • Workshop • One Public Hearing (if requested) • Additional • Invitations to CIOs with drafts • Invitations to customers with drafts • Two extra public hearings • Meetings with: • Joint Administrative Procedures Committee • Technology Review Workgroup • House, Senate and Governor’s Office staff • Web site postings • Latest internal rule drafts • Meeting announcements • Log of input and changes • Email input • Posted rules

  4. Intent of New Rules • Foster collaboration • Minimize duplication • Promote compatibility • Leverage economies of scale • Bulk purchasing power • Standardization of solutions • Maximize network predictability and up-time • Provide for basic network security • Govern SUNCOM relationships • With customers • With vendors

  5. 60FF-1 Highlights • Definitions of terms • Usage eligibility etc. • Notices and requests to SUNCOM • Notice of Security Concern • Exemption Request • Clearance Request • Network Solution Replacement Declaration

  6. Notice of Security Concern60FF-1.005, F.A.C. • Petitioners: • Any customer using State Intranet • Any vendor implementing an IP Network Solution for a SUNCOM customer • Purpose: • Notify SUNCOM of (potential) network security exposures • Establish collaborative conditions • Get SUNCOM’s help • Secure SUNCOM’s sanction • Circumstances: • A Customer establishes or is aware of existing or expected conditions not in compliance with SUNCOM security standards • A vendor plans to implement a Network Solution in violation of SUNCOM security standards • SUNCOM possible responses • Authorize • Conditionally authorize • Negotiate alternatives • Disallow Process

  7. Exemption Request60FF-1.007-1.012, F.A.C. • Petitioners: • Required User • Purpose: • To notify SUNCOM of a communications need • Informal notice required upon identifying the Business Objective • Two-parts in escalating detail • To obtain permission to use non-SUNCOM services • Circumstances: • Seeking to use a Network Solution not provided by SUNCOM • Using an existing Network Solution not provided by SUNCOM after December, 2008 if not previously approved through a CPLA • Expanding any CPLA approved Network Solution • Continuing to use a CPLA approved Network Solution after the CPLA term (contract) ends for anything other than Maintenance • SUNCOM possible response • Seek collaboration • Approve • Conditionally approve • Deny and suggest the SUNCOM alternative Process

  8. Clearance Request60FF-1.013-1.014, F.A.C. • Petitioner: • Eligible Users who are a part of the State Intranet and are not Required Users • Purpose: • Prevent security exposures from Network Solutions not covered by Exemption Requests • Circumstances: • Customer wishes to implement a non-SUNCOM IP based Network Solution • SUNCOM Responses • Seek collaboration • Approve • Conditionally approve • Deny and suggest the SUNCOM alternative Process

  9. Network Solution Replacement Declaration60FF-1.006, F.A.C. • Petitioner: • Any SUNCOM customer • Purpose: • Verify termination of a Network Solution for which no exemption, CPLA or security sanction has been obtained • Circumstances: • Customer intends to discontinue use of an unsanctioned Network Solution or configuration • Customer was unable to obtain necessary SUNCOM approval for a Network Solution • SUNCOM Responses • Acknowledge • Negotiate more rapid replacement

  10. 60FF-2 Highlights • Defines order processing and related responsibilities of SUNCOM, customers and vendors • Codifies most of current process • Allows for modernization • Governs payment processing for SUNCOM, customers and vendors

  11. 60FF-3 Highlights • Provides conditions for changing or terminating services • Provides Security Protection Standards • Provides for address distribution and authorization on the State Network

  12. 60FF-3 Security Protection Standards Highlights • Any conditions that allow for Unauthorized Activity are prohibited. • Absent approval through a Notice of Security Concern, the following are prohibited when they are not managed by SUNCOM: • Backdoors • Virtual Connections with the State Intranet; • Tunnels with the State Intranet • Remote access with the State Intranet. • Authorization of these conditions and non-SUNCOM firewalls require the following: • Firewall transaction logs and; • Appropriate and modern processes and tools for protecting the State Intranet and; • Trained staff and; • Monitoring activities and; • Necessary transparency for SUNCOM. • Use of scanning, discovery and automatic traffic generating tools must be approved to prevent: • Alarming SUNCOM, its Providers and Customers. • Impairing the State Network • Remedies • To limit damages and exposures • To establish liability and liquidated damages Return to sending page

  13. 60FF-3 Address Distribution Highlights • SUNCOM will distribute or authorize all Internet Protocol Version Six (IPV6) addresses on the State Network • Customers must register all private IPV4 addresses used outside of the customer’s Sub-network • SUNCOM will resolve duplicate usage in favor of the first to register • Customers must provide a full listing of addresses upon request from SUNCOM

  14. Summary of Rules Status • Rules went into effect June 25th, 2008 • No more CPLAs • New processes now required • Exemption Requests • Notices of Security Concern • Network Solution Replacement Declarations • SUNCOM will ultimately provide complete plain language guides that preclude the need to read most of the rules • On-line Exemption forms have replaced on-line CPLAs • SUNCOM Portfolio of Services will contain plain language explanations and templates • These guides are not substitutes for the rules (per disclaimer on first slide) • Future rule adjustments • To correspond with AEIT rules • To improve and refine with legislation

  15. Definitions • Business Objective • Clearance Request • CPLA • Eligible User • Exemption Request • Maintenance • Network Solution • Network Solution Replacement Declaration • Notice of Security Concern • Required User • Sub-network • Unauthorized Activity Hit “Esc” to return to sending page

  16. Definition: Business Objective • An operational or cost savings benefit expected from use of Network Equipment, Software or Services. The mere implementation, ownership or use of Network Equipment, Software or Services or Communications Devices shall not be considered to be a genuine Business Objective. Return to sending page Definitions Table of Contents

  17. Definition: Clearance Request • A request from a Customer, that is not a Required User, to implement a Network Solution that uses Internet technology and is not provided through SUNCOM. • See 60FF-1.013 & 1.014. Return to sending page Definitions Table of Contents

  18. Definition:CPLACommunications Purchase or Lease Authorization • The means that was used by Required Users to seek and obtain approval from DMS to purchase or lease communications equipment prior to establishment of Chapter 60FF, F.A.C. Return to sending page Definitions Table of Contents

  19. Definition: Eligible User • Qualifying user of SUNCOM Services including state agencies, county and municipal agencies, public schools and districts, private, nonprofit elementary and secondary schools (provided they do not have an endowment in excess of $50 million), state universities, community colleges, libraries, water management districts, state commissions and councils, and nonprofit corporations. Any entity ordering or using or paying for a SUNCOM Service must be an Eligible User. Return to sending page Definitions Table of Contents

  20. Definition: Exemption Request • A request from Required Users seeking Department approval to use Network Solutions that are not provided through SUNCOM. • See 60FF-1.007 through 60FF-1.012, F.A.C. Return to sending page Definitions Table of Contents

  21. Definition: Maintenance • Activity to ensure the ongoing availability of a Network Solution through replacement of parts, software patches and associated services without expanding the scope, functionality, volume by more than 10% over the volume that was approved by SUNCOM, or changes to the architecture of the Network Solution. Return to sending page Definitions Table of Contents

  22. Definition: Network Solution • Use of Network Equipment, Network Software and/or Network Services to meet a Business Objective. Return to sending page Definitions Table of Contents

  23. Definition: Network Solution Replacement Declaration • A commitment from a Customer to replace a Custom Network Solution with a SUNCOM solution by a specific date. • See 60FF-1.006, F.A.C. Return to sending page Definitions Table of Contents

  24. Definition: Notice of Security Concern • A statement warning DMS that a condition exists that may violate DMS Security Standards. • See 60FF-1.005, F.A.C. Return to sending page Definitions Table of Contents

  25. Definition: Required User • All state agencies and state universities mandated to use SUNCOM in Section 282.103, F.S. 282.103 SUNCOM Network; exemptions from the required use.-- (1) There is created within the Department of Management Services the SUNCOM Network which shall be developed to serve as the state communications system for providing local and long-distance communications services to state agencies, political subdivisions of the state, municipalities, state universities, and nonprofit corporations … (3) All state agencies and state universities are required to use the SUNCOM Network for agency and state university communications services as the services…If a SUNCOM Network service does not meet the communications requirements of an agency or university, the agency or university shall notify the State Technology Office in writing and detail the requirements for that communications service. If the office is unable to meet an agency's or university's requirements by enhancing SUNCOM Network service, the office may grant the agency or university an exemption from the required use of specified SUNCOM Network services. Return to sending page Definitions Table of Contents

  26. Definition: Sub-Network • Network established by Customers within, or attached to, the broader State Network that is maintained by SUNCOM. Return to sending page Definitions Table of Contents

  27. Definition: Unauthorized… • Access - Any sign-on and/or log-on activity accessing any part of the State Network and/or connected devices performed by an Unauthorized User. • Activity - Unauthorized Access to, Unauthorized Connection to, Unauthorized Traffic on and Unauthorized Use of the State Network. • Connection - Any virtual private network, private virtual circuit, extranet and/or point-to-point connection to the State Network that has not been disclosed to and recorded by the Department. • Traffic - Any communications transported across the State Network that is not directly relevant to state business and/or that is directed to or from an Unauthorized User. • User - Individual user not affiliated with and authorized by a current Customer of SUNCOM who is using the State Network. Return to sending page Definitions Table of Contents

More Related