Transcription
DoD Information Enterprise Objective Architecture(IEOA)13 April 2011Mr. Walt Okon, Office of DoD CIO/A&I703-607-0502walt.okon@osd.mil
Form ApprovedOMB No. 0704-0188Report Documentation PagePublic reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering andmaintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information,including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, ArlingtonVA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if itdoes not display a currently valid OMB control number.1. REPORT DATE3. DATES COVERED2. REPORT TYPE13 APR 201100-00-2011 to 00-00-20114. TITLE AND SUBTITLE5a. CONTRACT NUMBERDoD Information Enterprise Objective Architecture (IEOA)5b. GRANT NUMBER5c. PROGRAM ELEMENT NUMBER6. AUTHOR(S)5d. PROJECT NUMBER5e. TASK NUMBER5f. WORK UNIT NUMBER7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES)8. PERFORMING ORGANIZATIONREPORT NUMBEROffice of DOD CIO/A&I,Washington,DC,203019. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES)10. SPONSOR/MONITOR’S ACRONYM(S)11. SPONSOR/MONITOR’S REPORTNUMBER(S)12. DISTRIBUTION/AVAILABILITY STATEMENTApproved for public release; distribution unlimited13. SUPPLEMENTARY NOTESPresented at the 6th Annual Department of Defense Enterprise Architecture Conference 2011 11-15 April2011, Hampton, VA14. ABSTRACT15. SUBJECT TERMS16. SECURITY CLASSIFICATION OF:a. REPORTb. ABSTRACTc. THIS PAGEunclassifiedunclassifiedunclassified17. LIMITATION OFABSTRACT18. NUMBEROF PAGESSame asReport (SAR)2119a. NAME OFRESPONSIBLE PERSONStandard Form 298 (Rev. 8-98)Prescribed by ANSI Std Z39-18
Agenda DoD Information Enterprise Architecture (IEA)Overview Achieving the Purpose of the DoD IEA Information Enterprise Objective Architecture(IEOA) Overview Enterprise-wide Reference Architecture (RA)Overview2
DoD IEA Purpose Foster alignment of DoD architectures with theenterprise net-centric vision Unify concepts embedded in DoD’s net-centricstrategies Drive common solutions and promote consistency Describe the integrated Defense InformationEnterprise and the rules for information assets andresources that enable itDoD Net-Centric VisionTo function as one unified DoD Enterprise, creating an information advantagefor our people and mission partners by providing: A rich information sharing environment in which data and services are visible,accessible, understandable, and trusted across the enterprise. An available and protected network infrastructure (the GIG) that enablesresponsive information-centric operations using dynamic and interoperablecommunications and computing capabilities.3
DoD IEA Priority Areas Data and Services Deployment (DSD) – Decouple data and servicesfrom the applications and systems that provide them, allowing them to bevisible, accessible, understandable and trusted. Lay the foundation formoving the DoD to a Service-Oriented Architecture (SOA). Secured Availability (SA) – Ensure data and services are secured andtrusted across DoD. Allow users to discover data and services and accessthem based upon their authorization. Computing Infrastructure Readiness (CIR) – Provide the necessarycomputing infrastructure and related services to allow the DoD todynamically respond to computing needs and to balance loads across theinfrastructure. Communications Readiness (CR) – Ensure that an evolvable transportinfrastructure is in place that provides adequate bandwidth and end-to-end,seamless net-centric communications capability across all GIG assets. NetOps Agility (NOA) – Enable the continuous ability to easily access,manipulate, manage and share any information, from any location at anytime.4
DoD IEA Priority Areas All principles, rules, and activities are grouped by the priorityareas Priorities were identified as areas where increased attentionand investment would drive important progress towardsachieving net-centric information sharing Priority Areas represent neither organizations nor functions –they are a way to focus efforts across organizations andfunctional areas to achieve strategic goals5
DoD IEA v1.2 Appendix G provides:– DoD EA Compliance Requirements DoD IEA Capability & Component EA DISR Compliance with MandatoryCore and Shared EnterpriseServices Architecture Registration (DTM09-013)– Table of Mandatory Core andShared Enterprise Services There are no major changes in theprimary document.6
Achieving the Purpose of theDoD IEA The DoD IEA principles, rules, and activities go a long way inachieving the purpose More information about the IE is needed to completely fulfill thepurposePurposeFoster ArchitectureAlignment w/VisionUnify Net-CentricStrategies ConceptsDrive Common Solutionsand ConsistencyDescribe the IntegratedIE; Enabling Rules andResourcesStatusSolution for GreenStatus Describe the concept ofoperations for the objectiveIE Describe the capabilitiesand services needed toachieve the objective IE Provide the necessarydetail to guide technicaldirection and IT investmentdecision-making7
Need for an OverarchingObjective Architecture Problem: DoD Senior Leadership has indicated a need for a common picture ordescription of the DoD Information Enterprise to guide enterprise activities,investments, and solutions to achieve the objective IE vision. An objective DoD IE description must:––––Provide a “Big Picture” description of the objective IEIdentify and describe in detail the set of required IE capabilitiesDescribe the relationships and dependencies among the capabilitiesProvide measures for determining progress and success An objective DoD IE description enables:––––Identification of needed Enterprise-wide reference architecturesAlignment of physical solutions to required IE capabilitiesGovernance and oversight of initiatives, programs, and projects to deliver capabilitiesAnalysis and measurement of progress in achieving the objective IEAn overarching IE Objective Architecture (IEOA) is needed toguide and direct the development of solutions to achieve theobjective IE vision8
What is the IEOA? Architecture description of the objective state for the future InformationEnterprise (IE) Derived from Operational IT Requirements and IE Strategic Direction A key component for establishing line-of-sight traceability betweenstrategic objectives and physical solutions The IEOA provides :– An overarching description of the objective IE; context for all objective IE actions– A comprehensive description of the capabilities required in the objective IE (waysand means, activities, functions, and measures)– Relationships among IE capabilities– The means to identify gaps and evaluate existing initiatives, programs, orprojects for providing capabilities– The means to identify and direct DoD-wide reference architecture developmentto guide solutions– The means to measure progress toward achieving required IE capabilities9
IEOA and the Line-of-SightModelGIG 2.0 ORA JCIDS DocsIE StrategicPlanDoD g, Business,and Intelligence) Policies andStrategiesInformationEnterprise(IE) VisionIE RequiredCapabilityEANCS RAEANCS OperationalContext10Enterprise User Initiative
Information EnterpriseVisionSecureGatewaysEnd UserDevicesHumanComputerInteractionAutonomousUser AgentsAdvancedInterfaceTechnologiesPortalsForce BattlespaceApplicatio AwarenessForcenCorporate MgmtSupportand SupportLogistics dInformationTransportOperatingVery LargeSystemsScale DataStorage Data CentersIAComputingPlatformsand Collaboration Services SecurityFoundationStandardsInformationMandatory Coreand SharedEnterprise ServicesComputing andCommunicationsInfrastructure11
Notional IEOA CapabilityTaxonomy (CV-2)IE Managementand OversightIE Protection andSecurityIE Control andOperationIE InfrastructureCommon, enforceablepolicies and standardsThreat Assessment of IEOperationsAutomatedConfiguration ChangesInformation TransportStandard Protocols forInformation Transmittaland AcknowledgementIE Incident ResponseDynamic ConfigurationPrioritization andAlignmentGuaranteed GlobalConnectivityGovernance/Oversightof IE Development/ImplementationData and MetadataProtectionDynamic Policy-basedManagement andRoutingContinuity of operationsand disaster recoveryArchitectureDevelopment and UsePortable IdentityCredential Provision andManagementIntegrated NetworkOperationsInfrastructure as OneVirtual CapabilityAuthoritative BodyIdentification andEmpowermentCross Security DomainInformation ExchangeFlexible, Dynamic Noninterfering SpectrumUseData and ServiceDiscovery andAvailability
Intended Use for the IEOA Guide DoD actions in achieving the IE objective state Inform assessment and evaluation of IE related architecture Identify potential areas for reference architecture (RA)development Guide IT technical direction through capabilities and servicesdescriptions and Enterprise-wide Reference Architecture (RA) Inform DoD IT investment decision-making13
DoD-wide Reference ArchitectureArchitecture erprise-wide Access to Network and Collaboration ServicesPrinciplesReference ArchitectureOverview and Summary Information (AV-1)1 Architecture Product Identification1.1 Name: Enterprise-wide Access to Network and Collaboration Services (EANCS)1.2 Lead Organization: Department of Defense Deputy Chief Information Officer. TheEnterprise Services Review Group (ESRG), as the architecture owner, is responsible forarchitecture content and will provide overall coordination to ensure appropriatestakeholders and subject-matter experts are available; the Enterprise ReferenceArchitecture Cell (ERAC), with oversight from the Architecture and Standards ReviewGroup (ASRG), will support the development of appropriate architecture artifacts.1.3 Approval Authority: DoD CIO Enterprise Guidance Board (EGB)2 Purpose and Perspective2.1 Purpose. A Reference Architecture (RA) abstracts and normalizes the institutionalunderstanding of capabilities at the enterprise level, and provides a common set ofprinciples, technical positions, and patterns for use within the DoD to guide developmentof Enterprise, Segment, or Solution architectures.RA DocumentDepartment of DefenseAV-1 (Overview andSummary)OV-1 (Concept –Consumer & Provider)Enterprise-wide Access to Network andCollaboration Services (EANCS)PatternsReference ArchitectureVersion 3.0December 2009OV-5a (ActivityDecomposition)Prepared by the Office of the DoD CIOProvides Departmentlevel guidance in theform of context, rules,patterns, and technicalpositionsVocabularyOV-6c (Event-TraceDescription)OV-6a (OperationalRules tivePolicyHSPD-12NISTGuidanceSP 800-87TechnicalPositionsDESCRIPTIONThis guidance requires agencies to review newand existing electronic transactions to ensurethat authentication processes provide theappropriate level of assurance. It establishes anddescribes four levels of identity assurance forelectronic transactions requiring authentication.Assurance levels also provide a basis forassessing Credential Service Providers (CSPs)on behalf of Federal agencies. This documentwill assist agencies in determining their egovernment needs. Agency business-processowners bear the primary responsibility toidentify assurance levels and strategies forproviding them. This responsibility extends toelectronic authentication systems.This memo requires the use of a shared serviceprovider to mitigate the risk of commercialmanaged services for public key infrastructure(PKI) and electronic signatures.This memorandum provides implementinginstructions for HSPD-12 and FIPS-201.This memorandum provides updated directionfor the acquisition of products and services forthe implementation of Homeland SecurityPresidential Directive-12 (HSPD-12) “Policy fora Common Identification Standard for FederalEmployees and Contractors” and also providesstatus of implementation efforts.HSPD-12 calls for a mandatory, governmentwide standard for secure and reliable forms ofID issued by the federal government to itsemployees and employees of federal contractorsfor access to federally-controlled facilities andnetworks.This document provides the organizational codesfor federal agencies to establish the FederalAgency Smart Credential Number (FASC-N)that is required to be included in the FIPS 201Card Holder Unique Identifier. SP 800-87 is acompanion document to FIPS 201.StdV-1 (StandardsProfile)AV-2 (IntegratedDictionary)14
Backup Slides15
Examples of DoD IEA Rules Data and Services Deployment (DSD): DSDR 01 - Authoritative data assets,services, and applications shall be accessible to all authorized users in theDepartment of Defense, and accessible except where limited by law, policy,security classification, or operational necessity. Secured Availability (SA): SAR 08 - Metadata containing access control andquality of protection attributes shall be strongly bound to or associated withinformation assets and utilized for access decisions. Computing Infrastructure Readiness (CIR): CIR 01 - Computing infrastructureshall be consolidated, to the greatest extent possible, so that fixed global/regionaland deployed virtual CI resources are used efficiently. Communications Readiness (CR): CRR 03 - GIG communications systems shallbe acquired to support migration to a Cipher Text (CT) core. CT networks andsegments shall transport both classified and unclassified encrypted traffic. NetOps Agility (NOA): NOAR 01 - The DoD must continue to transform theNetOps C2 into a unified and agile construct with centralized direction anddecentralized execution to effectively respond to unanticipated situations on thetime scale of cyber attack.16
IEOA: Summary of Capabilities Manage and Oversee the IE: Common, enforceable policies and standards forthe IE; standard protocols for information exchanges; standard securityengineering processes; use of best practices from government, industry, andacademia; governance structures and processes for developing andimplementing the IE; development and use of architectures; authoritative bodiesto govern information sharing; sharing of service expenses; and implementationof National Green IT initiatives. Protect and Secure the IE: Threat and risk analysis of the IT supply chain;vulnerability analysis; rapid and secure response to threats and attacks; networkdefense in depth; protection of data and metadata at rest, during processing,and in transit; assured access to information and services; digital identities;portable identity credentials; monitoring of sensitive/classified information; andcross security domain information exchange.17
IEOA: Summary of Capabilities Control and Operate the IE: Automated configuration updates; prioritization anddynamic adjustment of IE resources; deployment and installation of adhoc networks;dynamic routing and policy-based management systems; infrastructure accreditation,certification, and approval; network situational awareness; health and mission readinessmetrics; information dissemination priorities; service level monitoring and controls; flexibleand dynamic electromagnetic spectrum management; standardized education and trainingof users/operators; and integrated network operations. Provide Infrastructure: Information transport for end-to-end communications; voice,video, and data traffic on a single network; global connectivity to the network; operationalbandwidth assessment for new services; globally open, stable, and secure Internet forcollaboration; continuity of operations and disaster recovery; virtual infrastructure;interoperability with components and mission partners; identification, evaluation, test, andemployment of new technologies; digital user and service attributes; digital policymanagement and use; NetOps-enabled resources; authoritative data and capabilitiesoffered as services; knowledge sharing; real-time collaboration tools; foreign languageprocessing; processing, integration, and fusion of multi-source data; information sharingwith coalition and external mission partners; and data, services, and information availableand discoverable across the IE.18
IEOA High-levelOperational Concept Graphic (OV-1)RequirementsExternalMissionPartnersManage andOversee the IEPolicy, guidance, direction,standards, architectureInformation, services,user accessProtect andSecure the IEVulnerabilities,threat incidentsRequirementsUser access,protectionparameters, incidentresponsesInformation,services, user accessControl andOperate the IENetwork healthand readiness,QoS, incidentsProvide InfrastructureDoD ities, resourceallocations, configurationadjustments, infrastructurecertification andaccreditation, SLAs
IEOA: Sample DescriptionsDescribes the secureenvironment necessaryfor effective, assuredinformation sharing.Describes the Line-ofSight from operationalrequirements tophysical Solutions.Describes the “BigPicture” of the objectiveIE and its parts.20
Unify concepts embedded in DoD's net-centric strategies Drive common solutions and promote consistency Describe the integrated Defense Information Enterprise and the rules for information assets and resources that enable it 3 DoD Net-Centric Vision To function as one unified DoD Enterprise, creating an information advantage
