SECTION 1 General Requ 1.1 1.2 1.3 1.4 1.5 1.6 2 Functional A 2.1 2.2 2.3 2.4 2.5 3 Physical Acc 2.11 2.12 2.13 2.14 2.15 2.16 2.17 2.18 4 Cashless Pay 3.11 3.12 3.13 3.14 3.15 3.16 3.17
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
SECTION
1 General Requirements1.11.2
1.31.4
1.51.6
2 Functional Areas of usage for consideration2.12.22.32.42.5
3 Physical Access Credential: Technical Requirements2.112.122.132.142.152.16
2.172.18
4 Cashless Payments for use with XYZ ________________ : Technical Requirements3.113.123.133.143.153.163.17
5 IT Systems Access (Logical Access): Technical Requirements4.114.124.134.144.154.164.174.184.194.24.21
6 eSSO5.115.125.135.145.155.165.17
7 Policy and Compliance7.117.127.137.147.157.167.17
8 Projected Outcomes8.118.228.238.248.258.26
REQUIREMENT DETAIL
General RequirementsExample: XYZ staff to use a single credential across multiple facilities
Example: To become vendor agnostic and avoid vendor lock-in for freedom of choice for future initiatives.
Example: Single Sign-On to consolidate number of passwords users are required to use and simplify accessExample: Enable functional encryption for increased proof of identity for required applications
Functional Areas of usage for considerationExample: Physical Access Credential (mandatory, immediate)Example: Cashless Payment (needs more definition on function and priorityExample: Logical Access (moderate)Example: eSSO (high)Example: Key Use Case examples to be supported
Physical Access Credential: Technical RequirementsExample: Solution must work with XYZ PACS selectionExample: Use High Frequency and be compatible for low frequencyExample: Readers and cards must be able to accommodate custom keyExample: Readers and cards must support Mifare Classic and PLAIDExample: Is there a separate parking facility that requires authentication of a card for entry and exit?Example: Are there elevators in the building? Will a card need to be presented to use the elevator at any time?
Cashless Payments for use with XYZ ________________ : Technical Requirements
Example: XYZ facilities are building and updating their physical environment and in parallel would like their credentials to be more in line with recognized standards, specifically with PIV as much as reasonably possible while accommodating XYZ's basic use cases
Example: A solution concept that can be leveraged for other uses where credentials are required in other environments without having to implement a separate credential
IT Systems Access (Logical Access): Technical RequirementsExample: PC Login using smartcard/PKI: Likely phase 1 to tie in with eSSO (High)Example: Full Disk Encryption: Likely in futureExample: Email signing (High)Example Email Encryption (Moderate)Example: SHA1 or SHA 2 certificates: Not yet determinedExample: Secure storage in HSM (both CA and GP Keys)Example: Custom certificate profile: Not likely but not yet determinedExample: Support local user switching for shared workstationsExample: Support roaming profiles? UndeterminedExample: Must be able to support unique global platform key process
Example: Ability to support ABC Brand and version PIV cardExample: Recognize CCID readersExample: Ability to work with standard certificate profilesExample: Support identified core applications and versionsExample: Support user self-service for master pw resetExample: Support local user switchingExample: Ability to abstract users from domain username / pw and change thereafter.
Policy and ComplianceExample: Need to change policy for users not to be able to use domain passwordExample: Create process by which emergency access can occur if card is lostExample: Create / approve policy for certificate escrow, replication and manually loaded to mobile device for s/mime Example: Create Tiered approval workflows and policies for secure credentrial issuance in queueExample: Coordinate proposed changes with PCI QSA for sign off and approval
Projected OutcomesExample: TCO target $120 per user per yearExample: Significantly limit developers overseas to check out code without digitally signing and thwart espionageExample: In conjuntion with DLP stop IP Leaks of confidential communicatiuons and IPEample: Mandatory signing with create chain of custody for source and authenticityExample: PACS credential will enable consoilidation of facilities without reinvestments of cards or readers.Example: Increased PCI Compliance and avoidance of fines projected to be incurred in rest of 2013
IT Acceptance
PACS Acceptance
Compliance Acceptance
COMMENTS (please add initials in *()*Legend
Enter "1"Enter "2"
Enter "3"
System Version PoC PILOT Production 1
Timelines and ScaleDates ASAP ETA 09/2013 ETA 2/2014# Users 3 10 1,000
Physical AccessControl System SoftwarePhysical ReadersControllersProtocol (Reader to Controller)Enrollment SoftwarePerso / Central BureauPerso / LocalPerso / External Service
IT Systems & Platforms (In Scope)Windows XPWindows VistaWindows 7 / 32 bitWindows 7 / 64 bitWindows 8Mac OS Snow LeopardMAC OS LionMac OS Mountain LionLinuxSolarisCitrixVirtual DesktopServer VersionsWeb BrowserVPNVirtual Machine / ServersDirectory
Applications (In Scope)VPNPC LoginFull Disk Encryptionemail signingemail encryptionLocal User SwitchingOTPSSOCA (Internal or Hosted)Custom Cert Profile required?CA Connection (OCSP or CRL)Dedicated OCSP?Compliance MandatesAssurance Levels
Devices# Laptops# Laptops w/reader built-in# DesktopsBYOD (Computers)# Home user owned machines
Production 2 Future IT Comments Physical Comments
ETA 06/2014 20155,000
LegendEnter "1"Enter "2"Enter "3"
Related Documents
