Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
TSCP Federation Services
TSCP is cross-certified to the Federal PKI Bridge and the
DoD PKI Bridge, which enables its members to:
• federate across TSCP members
• authenticate to DoD programs
• authenticate to Federal Civilian programs
TSCP members are able to authenticate at the highest
level of assurance (LOA 4), where applicable.
TSCP MEANS BUSINESS$3.2 billion in opportunities across government procurements as Defense IT aligns to government which translates to business.
TSCP MEANS INFLUENCEAfter more than a decade of building collaborative relationships and engaging key government entities in the US and Europe, TSCP is heard where it counts.
TSCP MEANS ACTIONEngaging standards bodies, demonstrating thought leadership.
TSCP MEANS INNOVATIONOur mission demands that we stay a step ahead of technology growth.
What are TSCP’s mission and goals?
TSCP’s business drivers are those requirements that
compelled Members to unite for a common purpose. TSCP
members have business needs for:
• Collaboration. Collaborate and share data in
program and stakeholder environments typically
characterized by fragmented IT systems, tools and
processes. Address specific collaborative needs and
requirements on government programs.
• Security. Address security gaps when
collaborating and sharing data and mitigate related
risk exposure, particularly related to cyber threats.
• Costs. Minimize duplicative costs on IT utilities
and infrastructure used for collaboration.
• Compliance. Comply with government
policies, regulations and standards that impact
secure collaboration across international and
company borders (export control, IT security,
identity verification, data sharing, data access
rights, etc.).
To meet the challenges of these business drivers, TSCP
Members have adopted the following mission and vision
statements:
Mission. TSCP is a cooperative forum in which leading
Defense IT and system integrators and key government
agencies work together to establish and maintain an open
standards-based framework that can be used to enable
secure collaboration and assured information sharing
between parties, irrespective of the tools they choose to
use.
Vision. TSCP will migrate from serving as a TSCP
Member resource to serve as the authoritative source for
secure collaboration in the Defense IT community.
What is TSCP?
The Transglobal Secure Collaboration Participation, Inc. (TSCP) was established
in 2002 as a collaborative forum of worldwide stakeholders in the defense
industry to address security issues within the collaboration space. TSCP is
the only government and industry partnership that has created a framework
for secure electronic transmission and sharing of sensitive information
internationally.
For TSCP Members — which include major government departments and
agencies as well as the largest system integrators and defense manufacturers
around the world – this framework enables secure access to other Members’
sensitive data by creating a collaborative environment based on scalable and
efficient trust mechanisms. Today, TSCP’s chain of trust has broadened to
include government entities and their prime contractors as well as thousands of
global suppliers. Its focus has expanded from secure data access to data-centric
information protection, particularly as a defense against cyber threats.
The chain of trust extends to the defense supply chain. At any given time —
within the defense global supply-chain — there are hundreds of thousands of
supplier companies working on government contracts, representing roughly
3 to 4 million individuals. The defense supply chain will be able to leverage
TSCP specifications, capabilities and business processes as they develop their
solution roadmaps. TSCP Members face common issues, and understand the
savings in time and money that can be gained through collaborating on the
challenges of secure information- sharing. As concerns of cyber threats, data
leakage, intellectual property protection, and export control compliance began
to rise, the TSCP established an industry approach to protecting sensitive
information, an approach based on interoperable trust mechanisms.
TSCP MEANS BUSINESS:
$3.2 billion Value of opportunities across government procurements as Defense IT aligns to government which translates to business.
How does TSCP address these issues?
TSCP manages working groups that are
dedicated to producing the capabilities
and specifications that have been selected
for development. Each specification goes
through proof-of-concept and pilot testing
prior to being released. Specification
development is scheduled and strictly
managed using conventional program
management methodology. The working
groups are comprised of engineers, Subject
Matter Experts, project managers and
business managers who are contributed as
resources by the TSCP Member organizations.
Once specifications are released, TSCP
makes them publicly available for widespread
adoption by integrators, service providers
and commercial-off-the-shelf (COTS) software
vendors. TSCP is not itself a solution provider
or software vendor.
What issues does TSCP address?
Solve Common Challenges. The TSCP community works together to
solve common challenges that impact major programs today: mitigating the risks related
to compliance as well as the complexity, costs and duplication inherent in large-scale,
collaborative programs that span national jurisdictions. A key driver has been to address
these challenges in the context of export control regulations of the Members’ host countries
and the protection of Members’ Intellectual Property (IP).
TSCP defines and tests vendor-agnostic specifications for collaboration in mission-critical
A&D env ronments. These specifications enable the industry to implement solutions for:
• Identity and access management
• Secure information sharing
• Secure credentialing
• Secure document sharing and access to applications
• Cybersecurity and remediation against cyber threats
• Security for cloud and mobility environments
Accelerate Solution Development. TSCP’s aim is to
accelerate the time it takes from identifying
collaborative requirements to deployment
of the resulting capability. The TSCP has
created specifications that are common and
reusable among its member base to reduce
overall integration complexity, coordination
time, and ultimately, collaboration costs.
Collaboration with Customers. The TSCP Member
companies and organizations each define
their own supply chain requirements, sitting
at the same table with their customers,
peers, partners and sub-contractors.
Together, they determine specifications
to achieve common security criteria,
commensurate with the value of the
data they share. In addition, TSCP shares
software requirements derived from the
specifications with the world’s largest IT
providers and vendors, which motivates
them to incorporate compliant software
into their product lines.
Government Participation.
For TSCP Members, governments play the
roles of partner, customer and regulator.
As policy makers and regulators, it is in
TSCP’s interest to positively shape those
policies and regulations related to identity
and collaboration in favor of TSCP’s
positions and to convince governments to
acknowledge and adopt its specifications.
Government participation in TSCP
is essential. As the program owners,
government input, acknowledgment
and acceptance of TSCP specifications
are critical to its success. TSCP invites
government representatives to participate
as Members to facilitate the evaluation and
vetting of its policies and specifications
within the relevant government agencies
and standards arms.
TSCP MEANS ACTION:What has TSCP accomplished?
TSCP has established a strong coalition of defense IT industry leaders to address
common challenges facing the stakeholders in key government programs. TSCP has:
• Engagement with Standards Bodies to ensure TSCP Alignment
• Published Framework for Secure Collaboration
• Established Legal Framework for Assertion of Identities
• Established Defense PKI Bridge (cross certified to FPPKI)
• Drove DoD MOU for Approval of External Public Key Infrastructures (Direct
bilateral trust with DoD)
• Drove DoD Memorandum, “Department of Defense Requirements for
Accepting Non-Federally Issued Identity Credentials.”
• Established Multilateral Trust Network for Collaboration
• Published Secure E-mail Specifications
• Designed Digital Certificate Lookup & Discovery System
• Enabled innovative secure collaboration solutions deployed by TSCP.
• Published Third-Party Assurance Model - “A Legal Framework for Federated
Identity Management” - in Jurimetrics: The Journal of Law, Science, and
Technology, Oct 2010. The framework as the legal basis for three bills related
to digital signature in Commonwealth of Virginia, Feb 2011.
Examples of TSCP specifications:
Secure Email versions 1 & 2 (SEv1, SEV2)Sending and Receiving Encrypted
Emailensures the confidentiality of email
content between the sender and the
recipient.
Identity Federtion (IdFed)Enables members of one organization to
use their credentials to access information
maintained in a separate security domain
by a partnering organization.
Information Labeling and Handling (ILH)
Automates the processes that analyze,
interpret and enforce existing policies,
regulations and contracts that determine
how information is to be handled and
protected.
Why should you join TSCP? Who are the TSCP members?
Platinum Members:The Boeing Company
BAE Systems
EADS
Lockheed Martin
Northrop Grumman
Raytheon Company
Government Members:U.S. Department of Defense
U.S. Government Services Administration
U.S. Secret Service
the French Government
NATO
UK Ministry of Defence
the Netherlands Ministry of Defence
Gold Members:Microsoft
CA Technologies
Silver Members:HID/ActivIdentity
Axiomatics
Boldon James
Centrify
CertiPath LLC
Deep-Secure
Electrosoft Services
FuGen Solutions
Gemalto
ID DataWeb
Intercede
Litmus Logic
National Aerospace Laboratory
NextLabs
Syneren
Wave Systems
TSCP MEANS INNOVATION:What will TSCP be working on?
The TSCP executives have tasked the TSCP PMO to address the
following issues over the next two years:
• Federating and Securing the Supply Chain
• Data Protection through Classification, Labeling and Tagging
• Data Labeling Implementations and Rights Management
• Security, Data Protection and Enablement for the Cloud
• Access Technology for Collaboration
• Approaches for Privacy Protection and Controls
• Provisioning Application Model and Authorization Standards
• Standards around Identity Governance
• Integration of Mobile Devices into the Enterprise and Federated
Infrastructure
TSCP MEANS INFLUENCE:
TSCP Addresses DoD Non-Acceptance of Industry Credentials
Problem. The DoD requires Federal contractors to perform
strong authentication to DoD hosted applications – most
application owners require the use of DoD Common Access
Cards (CAC) or DoD External Certificate Authority (ECA)
certificates. Although DoD CIO policy encouraged application
owners to accept DoD-approved PIV-I external credentials, it
did not require their acceptance for eligible applications.
Consequences. For TSCP members, the absence of
such a requirement led to: 1) very slow uptake on the part of
DoD; 2) need for DoD and TSCP to support multiple identities
for each individual and related infrastructures; 3) significantly
higher than necessary costs of operations to both DoD and
TSCP; 4) disconnect between areas in DoD enterprise services
and individual application owners; 5) duplicate identities due
to gaps in provisioning and de-provisioning of identities; 5)
lack of data available to contractor companies regarding DoD
credentials and user accounts; and, 6) resulting security gaps
that introduced risk.
TSCP Collaboration with DoD. TSCP Members
presented DoD CIO with a position paper and met and worked
with them to craft a policy that would “close the loophole.”
Results. On January 24, 2013, DoD CIO issued a new
memorandum to the military departments, “Department of
Defense Requirements for Accepting Non-Federally Issued
Identity Credentials,” which now requires application owners to
accept DoD-approved PIV-I credentials.
Defense IT stakeholders can participate and reap the benefits of
TSCP’s accomplishments in two ways: adoption of TSCP standards
and/or TSCP membership.
Benefits of Membership. Defense IT stakeholders
that choose to become TSCP Members experience the following
benefits:
• Common approaches among participants leverage
investments and maximizes expertise;
• Common solutions across all programs facilitate “trusted
information sharing” result in lower costs;
• United industry and government influence on vendor
product directions;
• Exercise influence on the selection, prioritization and
development of the TSCP requirements and standards;
• Access TSCP specifications prior to publication;
• Reduce time and resources related to implementation
because of established interoperability testing processes,
availability of TSCP’s central lab and expertise, and
documented history of lessons learned; and,
• Participate and interact with government Members and
having the opportunity to shape relevant policies
Benefits of Adopting TSCP Specifications.
A&D stakeholders that adopt and implement TSCP specifications
can:
• Reduce IT costs by standardizing to common interfaces and
processes;
• Facilitate compliance with export control;
• Protect company or organization’s IP and employee privacy
data;
• Meet and comply with government’s emerging
requirements for identity assurance;
• Facilitate collaboration on major government programs;
• Reduce training costs by eliminating need for users to
be trained on unique rules pertaining to each bi-lateral
relationship;
• Interoperate and reuse solutions by employing a
standardized approach;
• Use standards-based COTS tools minimizing the need for
customized development; and,
• Leverage investments in internal digital identities and
extend their functionality outside of their respective
enterprises.
MEMBERSHIP CATEGORIESHow do TSCP members participate and contribute?Members participate via committees, working groups, special interest groups and events and by contributing to projects and publications.
Events & PublicationsOutreach and Marketing Councils. Develop and produce
whitepapers and position papers on the
adoption of TSCP specifications.
Conferences and Exhibits.
Annual events that provide members
the opportunity to present as keynotes,
session speakers, panel participants and
to exhibit solutions that demonstrate TSCP
specifications in production as well as future
capabilities and innovative concepts.
TSCP Member Business Weeks.
Quarterly events at which TSCP Members
convene to attend working sessions (below),
discuss business opportunities and listen
to the “voice of the customer” through
presentations.
TSCP Member Working Sessions. Quarterly meetings of the TSCP
committees, working groups and project
members.
TSCP TrustPoints E-Magazine.
Quarterly publication that provides members
the opportunity to publish feature articles,
strategic leadership papers and to advertise
their companies and products. Each
quarterly issue reaches approximately 11,000
subscribers.
TSCP MEANS SOLUTIONS:TSCP Reference Lab
TSCP members use the TSCP Reference Lab to
showcase TSCP specifications in a production
environment, its reference architecture
environment and engineering artifacts.
Each TSCP specification is accompanied by step-
by-step DIY configuration guidelines and test
results handbooks.
Committees and Working Groups• Strategy Committee. Responsible for reviewing and making
recommendations to the Board of Directors regarding the Corporation’s
strategic goals and objectives. The Strategy Committee shall be open to
Platinum, Government and Gold Members.
• Government Alignment Committee. Provides a forum for those
Members of the Corporation that are or represent government entities to
exchange information concerning issues related to the harmonization of national
activities as they impact the direction of the Corporation. The Government
Alignment Committee shall be open to Government and Platinum Members.
Evaluates policies that relate to TSCP’s work and objectives to identify and
address gaps between policy requirements and commercial solutions.
• Architecture Committee. Responsible for reviewing and making
recommendations to the Board of Directors regarding the Corporation’s
architecture, roadmap and other architectural products. The Architecture
Committee shall be open to Platinum, Government and Gold Members.
• Working Groups. Export Control Working Group (ECWG). Responsible
for ITAR and any TSCP specification in which export requirements must be
better understood. Intellectual Property Working Group (IPWG). Ensures TSCP
specifications properly address requirements to protect intellectual property.
Special Interest GroupsSpecial Interest Groups are ad hoc groups that can be initiated by any member who
wishes to explore or discuss a new topic of interest. A Special Interest Group has the
prerogative of developing a work product and also has the option of starting a working
group.
Specification Development Project ParticipationTSCP members work on defining requirements, development of specifications,
prototyping TSCP solutions, integration of members’ solutions in the TSCP lab for
demonstration and production, configuration and documentation of all phases. There
are approximately 100 engineers who work on TSCP work streams on a regular basis.
Other Participation Opportunities• Grants. From time to time, TSCP pursues grant, research and development
opportunities. When applicable, Members are eligible to contribute to these
pursuits and participate in the project or program, if awarded to TSCP.
• Lobbying Outreach. Members can participate in TSCP outreach to
legislators, regulators and other government officials to promote TSCP goals and
objectives.
Platinum Membership. Open to defense integrators and
companies that deliver final products or services to relevant customers,
as determined by the Board of Directors. Platinum Members have the
opportunity to serve in leadership roles in the direction, policy and
governance of TSCP; designate representatives to serve on the TSCP Board
of Directors; have full access to all the TSCP specifications during their
creation, and to all activities and groups; and, entitled to participate in and
contribute to working committees and groups, and project teams.
Gold Membership. Open to systems integrators and software
companies that primarily deliver products and services that are expected to
incorporate TSCP specifications, as determined by the Board of Directors.
Gold Members have access to customer (Platinum and Government
Members) requirements and product roadmaps related to TSCP
specifications. Gold Members also have the opportunity to participate in the
direction of TSCP by serving on its Advisory Groups as well as committees,
working groups, special interest groups, projects and marketing and
communications.
Silver Membership. Open to technology companies and
organizations that primarily deliver products and services that are expected
to incorporate TSCP specifications, as determined by the Board of Directors.
Silver Members have the opportunity to integrate their solutions into TSCP’s
Reference Lab; Platinum and Government Members access these solutions
to test them in their production environments. Silver Members also may
participate and contribute to committees, working groups, special interest
groups, projects and marketing and communications.
Bronze Membership. Open to organizations that primarily acquire
or utilize products and services that are expected to incorporate TSCP
specifications, as determined by the Board of Directors. Bronze members
have early access to TSCP specifications.
Association Membership. Open to associations that represent
organizations, government agencies, departments, institutions, or
their member individuals, who support the mission and purposes of the
Corporation, as determined by the Board of Directors.
General Membership. Open to for-profit organizations, non-
profit organizations, government agencies, departments, or institutions, or
individuals not otherwise included in another membership category who
support the mission and purposes of the Corporation, as determined by the
Board of Directors.
TSCP GOVERNANCE
TSCP LeadershipBoard of Directors. The business and affairs of the TSCP shall
be managed by or under the direction of the Board of Directors
(Platinum Members). The Board of Directors is responsible for
establishing TSCP’s mission, purposes, goals, and program priorities
through a strategic planning process, setting overall policy and
advocating the mission, values, accomplishments, and goals of the
TSCP to the members and to the public at large.
TSCP Executive Members. Platinum and Government
Members’ key decision makers who create or implement policies
within their organizations, i.e., Chief Information Officers (CIO), Chief
Information Security Officers (CISO) and Chief Technology Officers
(CTO).
Chief Executive Officer. Responsible for the management,
operations and programs of the TSCP and implementation of the
Board of Directors’ policies.
Executive Advisory Group. Comprised of executive
representatives of the Platinum Members, Government Members, and
Gold Members, serves as advisors to the Board of Directors on the
strategic direction of the Corporation.
Leadership Advisory Group. Composed of
representatives of the TSCP’s Platinum, Gold and Government
Members, serve as advisors to the President and CEO on the
development of the Corporation’s annual strategy, and roadmap
development activities. The Leadership Advisory Group establishes
and manages committees and working groups necessary to support
roadmap development activities and to ensure the alignment of work
products to the TSCP’s strategic goals and objectives.
Legal Advisory Group. Advises the Board of Directors on legal, policy
and governance issues, particularly with regard to compliance with
applicable law for nonprofit organizations that operate in the area of
secure data collaboration. Members of the Legal Advisory Group may
include attorney representatives or designees from Platinum, Gold
and Government Member organizations.
TSCP Strategic PlanImplementation of TSCP’s strategy is the responsibility of the
Governance Board under the leadership of the TSCP Chairman. The
Governance Board serves as the decision-making body for TSCP.
Members include primarily large defense integrator companies and
governments in the U.S. and Europe. During the formative stages
of the organization, TSCP put into place processes and procedures
as required to advance its objectives and related tasks. The TSCP
Governance Board has produced this strategy document that
captures TSCP’s goals and objectives as well as the governance that
will be imposed to execute on the strategy.
The TSCP Director leads and manages the activities of the work
groups dedicated to developing, defining and maintaining the
specifications and capabilities and serves as the accountability link
between organizational and program governance. The TSCP Director
is the link between the Governance Board and the Program and has
accountability for ensuring that the three-year tactical plan flows from
the strategic plan and ensures that funding is available to execute on
the annual objectives. The Governance Board, in turn, reviews and
approves the tactical plan and all work products and receives regular
progress reports from the TSCP Director.
The strategy lays out what must be done to achieve TSCP’s mission
and achieve its vision. The sections that follow present each of TSCP’s
strategic goals and objectives. TSCP’s strategic goals, derived from its
mission and vision, are summarized as follows:
Strategic Goal 1:
Enable secure information
sharing within and between
industry and governments.
Strategic Goal 2:
Enable collaboration compliant
with export control and
relevant policies and company
Intellectual Property protection
policies.
Strategic Goal 3:
Define a set of interoperable
specifications and solutions
that enables re-use in a cost
effective manner across multiple
programs.
Strategic Goal 4:
Make TSCP specifications and
solutions a standard in the
defense IT community.
Related Documents
