]> Burlington Arlington Alexandria Fairfax Washington Pittsburgh Falls Church Fort Meade McLean Silver Spring Worton, Steve Mayo, Dave Kelly, Brian John Khan, Waqar Eayre, Timothy E. Clements, Paul Davis, Audrey Y. Forman, Mark Mehan, Dan Schaffer, Jean Clements, Dr. Paul Carleton, Michael Desourdis, Bob Smith, Rick Lang, Michael Thomas, Rob Thomas, George Pedersen, Earl Patrick, Paul Peat, Bruce Thomas Weiler, John A. Dodd, John Hitch, Vance E. Niemann, Brand NIAP GSA Case Study Information, Complexity BMSI Business Modernization and Systems Integration Pattern of Interest Microsoft Security Response Center Business Process Specification and Design This addresses GAO’s past concern of lack of top-level leadership MHS Military Health System CIO Key Functoins CCEVS Common Criteria Evaluation and Validation Scheme System Portfolio View All business processes and systems are relevant - logistics, personnel, health care, etc. Service Oriented Architecture, Core Concepts Enterprise Architecture, Web services Software product line, success and benefit/cost ration of 10:1 Virtual Data Integration Innovators, Early Adopters and Pragmatists Business Line Information Interoperability DOD, Military Health System Federal Investigators Software architecture, reusable model Enterprise Architecture, Model driven integration Business Line Web Services, Use Case Opportunities Enterprise architecture, challenges Systems evaluated wrongly (e.g., % time working, not program effectiveness ERM Mission Web services Egovernment, DoJ on the path to green Web Services, Architecture via the Web E-government, principles Web Services, DoJ Web Services, Rapid assembly for inter/intragovernmental services USDA Integration, lack of between logistic processes Open Standards Resistance to Change, Agency cultures. Knowledge Architecture Turn to page ii of Part 1. All parts have forward with list of sponsoring organizations, followed by a TOC, LOF, LOT (pgs iii - v) CC Common Criteria Cross-Government Risk Assessment ISSE Collaboration, information sharing Part 2 Annex provides detailed information and notes concerning the security functional requirements. RM Xforms Virtual Optimized Clinic DoD’s approach -- again following GAO’s recommendation - is to build an FM architecture Cyber Security, National Information Assurance Certification and Accreditation Program XACML Enterprise Architecture Framework, DoD Challenges, Air Force DOD Directive 8500.1 Air Force, Technical View FEA, Service Component Reference Model DAA Organizational Integration Strategy Enterprise architecture, principles Agreement on Semantics Carrier IP network FEA, draft Performance Reference Model E-government, transformation attributes Actionable Architectures Registry Software Architecture, documenting an architecture Application Security WS-Secure Conversation OODBMS FMMP Financial Management Modernization Program Identity Enterprise Architecture, GSA response to challenges DOES Current Performance Measurement Protection Profiles Web Services Choreography Language Specification Governance rules Business Line Hub Common Information Model Multi-Billion Dollar Consolidation Opportunity DOD Instruction 8500.2 Service Value Network Collaboration Enterprise Architecture, metamodels Taxonomy of Standard-based Security Strategy Federated Service Information Integration Plan next slide. Infrastructure-level protocols for Web Services XMI Healthcare Government Security and Privacy Direction Software architecture, references Infrastructure and Knowledge Flow Challenge, Revolutionary Partnership Approach Business Line Channels EA, IT security and audit resolution at GSA Find, Bind and Execute UML FEA, enabler of secure e-government Federated Data Dictionary Data Dictionary Resistance to Change SPC Health Informatics EVM Michael Carleton GSA-NIST XML Registry Envisioning Software Architecture, Architecture Trade-offs Analysis Model Challenges, Where’s the Architecture? Application Integration Guides Deployment and Outreach Effort Vance Hitch Enterprise Architecture, key to secure e-business Security Targets DREAD Damage potential, Reproducibility, Exploitability, Affected users, Discoverability WS-Policy Attachment Cyber Security Mission, five layers of system protection SAML Security Services Egovernment, DoJ implementation Granularity First Responder Interactions, Simplify and Unify Islands of Automation, Strategic Alliances for Teamwork Islands of Automation, multiple agencies to work with CHCS Entreprise Architecture FEA Challenges, Functional vs. System Performance Specifications Enterprise Architecture, challenges of understanding metadata and modeling EPA MIME RDBMS High Level Process and Architecture Framework People XKMS Paradigm Shift, Web Services Evaluation Process Middleware interface engine FEA, Technical Reference Model Vulnerabliity Assessments NOTE that this is different than V1.0, if you are familiar with that, which had a part 4 that contained PPs. You can now sample PPs on the web page and we’ll give that URL later. SOA Architects Standards, access rights deficiencies Software Architecture, documentation beyond views NIST Special Pub 800-23 Enterprise Architecture, challenges of crossing boundaries E-government, critical success factors DCOM House Armed Services Enterprise Architecture Alignment DOD IP networks, industry cooperation for prevention of attacks FEA, challenges Fix FM wherever managers need data - basically everywhere Service Oriented Architecture, 4th generation Application View Cyber Security Mission, FAA Guthrie Memo Competency Centers Information Assurance Government Involvement In Standards Organizations MOF models E-government, key components Federated Data Management Support Delivery of Services Data Warehouse XML Schemas Unified Security Infrastructure Carrier IP Networks, history and background Knowledge Enablement Model Driven Architecture Enforcement Management Kruchten, Philippe CIO Service Oriented Architecture, Network View Scott Culp Rap Sheet George Thomas Business Line Architectures E-government, rationale Egovernment, critical success factors, cooperatove engagement and conducive environment TCP/IP Clinger-Cohen Act Business Line Gateway NASCIO Federal Aviation Administration, mission NIAP Assurance Maintenance Program Eforms FEA Challenges, role of EA in IT Capital Planning Defense Authorization Bill E-Gov Security Service Framework Enterprise Information Management MHS IT Financial Management Modernization Program MHS, Enterprise Architecture Strategy Collaboration, Security Initiatives at DoJ Requirements, need for revolutionary Government/Industry relationship Business Components, Evolution XML Document Web Services, pilots Service Oriented Architecture, ebXML as example Protection Profile E-Authentication Common Services Data and Statistics Development Knowledge Technologies, Tree ebXML Air Force, System View Enterprise Architecture - an Enabler of Secure E-Government Drivers Service Security and Privacy Framework FEAMS IAC EA SIG Software architecture, key to managing change SVG Gap Analysis WS-Policy Communities of interest QA FEA, Cross-agency Service Components ABC Web services, standardizing and publishing Public Law 107-314, 2 Dec 2002 EA Elements FEA Challenges, Scope of the “enterprise” Trustworthy Computing EA, Benefits Line of Business Management E-Government Draft Governance Concept Security Service Framework Government Protection Profile Enterprise Architecture, Challenges of emerging technology integration through proprietary approaches UDDI Using the SRM to Succeed with Component-Based Architectures The scope of his vision -- and our response -- is Department-wide Enterprise Architecture Bootcamp Financial Management Modernization Lead Agent Pilot Projects Software Architecture, documentation for education, communication and analysis E-government, requirement for cyber security Cross-Agency and Cross-Government Projects Web Services in the Federal Government Internet Data Center Reference Architecture Guide WS-Trust NIST FIPS validation program IT bought for agency operations —not citizens' interface needs. Enterprise Architecture, IT security and audit resolution at GSA TRICARE Online FDA FEA, at FAA Standardization, lack of Secure Cyberspace Forces of Change, at FAA Part 3 presents a catalog of security assurance requirements and the Evaluation Assurance Levels (EALs) which define a scale for measuring assurance of IT systems. Strong security policy and good operational procedures and document them. MHS Information Management Proponent Committee Composable Extension to the Value Chain FEA Reference Models Standards and Interoperability BRM SCRM DRM TRM Key Trends in E-government, Web services become business services Enterprise Architecture Framework, Air Force MHS Enterprise Architecture Firewall Product Security Target Business Reference Model Enterprise architecture, use cased Component Service Justice Global Network Joint Staff IT Business Process BRM Best Practices Security Analysis Program Executive Office Technology Management Initiative E-Business and Security Metadata interoperability standards IRS Joint Staff IT Business Process and Role of Enterprise Architecture Topic Maps System Engineering XHTML TRM Logical Architectural View, Web Services GEAF Government Entreprise Architecture Framework Any to Any Scenario XML Repository Security, comprehensive Privacy Architecture Paul Clements Internal “Red Team” MOF Implementation Architectural View, Web Services WS-Transaction Egovernment, Lesson learned Process Architectural View, Web Services Feedback loop WS-Coordination Business Line Architecture MHS, Common Operating Environment Concept E-Science WSDL FSS Justice Discovery EAL Level XML web services Lessons Learned,Simplify or Unify Software architecture, when and why to evaluate and architecture NIST Guidance UBL, Data model Enterprise architecture, templates for communications Transforming Government, IT enabling enhanced mission accomplishment E-Grants Single System Solution E-government Act Software Engineering Institute, who we are Everywhere means Military Services and Defense Agencies E-government, Business Case XML IP networks, chart of security incidents from CERT M3 Abstraction NSTISSP 11 IP network, preventing network attacks Enterprise Architecture, Implementation at DoJ EA, MHS Demo Federated Data IP network, security monitoring OMG DITSCAP FEA, Data Reference Model Enterprise Architecture, Information Management OMB MHS Military Health System Secure E-Business: AA Blueprints E-Government Solution Architecture CSF PRM Enterprise Architecture DoD’s approach - SECDEF created special program dedicated to fixing FM International Standard Intra Agency Information Federation Integrating Security Architecture Service Oriented Architecture, 3rd generation view PAT interfaces Haycock, Robert DRM Financial Business Process Cycle The Integrating Role of Finance-Financial Management Enterprise Architecture PCM Team FEA, Federal Aviation Admministration Enterprise architecture, metadata E-government, DoJ vision Software Architecture, evaluation and tradeoff analysis CC Common Criteria SECDEF is leading charge to solve the problem Enterprise Architecture, Strategic methodology for interoperability ABM Web Services Integration Platform CIO Council GOTS Data Interchange Analysis Cyber Security, boundary protection FTS Cederoth, Kay The Federal Enterprise Architecture (FEA) IP network, risk mitigation FEA, Business Reference Model Pluggable Infrastructure Protocols DODI 8500.2 Egrants Islands of Automation, agencies cannot easily collaborate for key missions like Homeland Security. Web Services, Definition Documenting how business is done SPML Enterprise Architecture, Use Case Service-Oriented Architecture IP network, protection strategies XSD E-government, Citizen-Centered Web services Role Software architecture, definition Geospatial One-Stop Web Services, Fundamentals Application Security Infrastructure Software Architecture, background and ascendance Business Communities Actionable Architectures: Out of the Box with Smart Practices Alternative authentication mechanisms, like Smartcards. Writing Secure Code Technology, neither the problem nor the whole solution Firewalls Information Routing Disasterhelp.gov Location Transparent Component Implementations Security Testing Needs Egovernment, Quarterly Assessment for Sound Governance Structures Integration Time-Boxes Releases GEAF Government Entreprise Architecture Framework Registry, What’s stored inside Security Infrastructures IAC, contact information Software architecture, Carnegie Mellon, Software Engineering Institute contact information and URLs Software Architecture, documenting the relevant views WS-Security OMB-NIST Business Line Implementation Agreement Mark Forman E-government, goes beyond IT John Dodd IP networks, design questions for establishing a secure network DREAD Damage potential, Reproducibility, Exploitability, Affected users, Discoverability Enterprise Architecture, Open Systems Interconnection Model EAL2 Dan Mehan Infostructure Certification SMTP Homeland Defense Web Service Information, Amount IAC, paper on Information and Data Reference Model (DRM): Standards Based Architecture to Support Federated Data Management WS-Federation EA Software product lines, examples of success Federal data sharing, federated data management challenges to transcend black hole Collaboration, examples at DoJ MHS, Resources and Services Design, improving security of IP networks Progress, Computer Security FEA, Information Interoperability Challenges TOL Collaborative Agreements Web Services, Challenges Microsoft’s Software product line, definition Software Architecture, examples of prescribed views Software Architecture, Web Services Information Ingest and Translate Business Line Integration Infrastructure Pattern Types Information and Data Sources Waqa President’s Management Agenda Security and Privacy Bruce Peat Software Architecture, documenting a view Service Oriented Architecture, 5th generation Special Task Force E-government, drivers CCEVS Common Criteria Evaluation and Validation Scheme EA IM/IT Components Registry, definition COTS Service Component Reference Model FEA, Federated data management approach Local Police FEAF 2.0 IAC, recommendations BMSI Business Modernization and Systems Integration Logical Business Area Microsoft Solution for Intranets - Prescriptive Architecture Eogvernment, Progress Enterprise Architecture, Inter-agency Information Federation GXA Global XML Web Services Architecture Linkage Strategic Process Maturity Model Report Evolution SOAP HTTP JMI IP networks, security issues Enterprise Architecture, alignment and governance at GSA Domain Owners EA Business Component Security and Privacy Architecture integrated with Enterprise Architecture IP networks, security and evolving threats POP Network as a Service Delivery Platform Part 1 presents the concepts, principles, and general model of IT security evaluations. Business Architecture Components X509 Egovernment, transformation in how we protect and serve citizens Congressional Stakeholders BLA Business Logic IP networks, security through private network isolation? Infrastructure Strategy Web Services Simplification Collaboration, Common Solutions US Customs Information Integration Web Services Activities through multiple working groups E-government challenges, cultural barriers and stovepiped legacy systems Michael Lang MHS Enterprise Architecture Demo CORBA Business Line Leader Deployment Architectural View, Web Services Content Semantic Analysis Healthcare, Access Software architecture, permits/precludes achieving quality attributes IAC Key Concepts NIST/NSA CERT Program International Common Criteria for Information Technology Security Evaluation Service Oriented Architecture, Application View 1st and 2nd generation Business Line Implementation Web SSO Server FEA, Business Line Analyst Government Enterprise Architecture Framework Access and Delivery Channels FMMP Financial Management Modernization Program Data interoperability IAC Security Architecture Publish-Find-Bind-Execute Model Enterprise Architecture, Interoperability Challenges Architecture Applied to Web Services Critical Care Product SRM Software architecture, background Federal data sharing, Federated data management challenges include requisite comprehension before integration efforts begin Design-Time Integration of Data Access Management Rob Thomas GXA Global XML Web Services Architecture Process Emergence of Business Service Network Enterprise Architecture, Integrating Role of Finance-Financial Management Software product lines, economics Islands of Automation, businesses fill-out multiple forms for the same information Enterprise Architecture, Interoperability Federal IT Investment Portfolio, FY 04 Line of Business Management Approach Open Source Air Force, Operational Views Enterprise Architecture, governance process CCEVS Web Site National Information Assurance Program Air, Space [TML-ENTITY-amp] Terrestrial Network ETL Components Subcommittee Process E-Gov Border Control Initiative EVA Common Infrastructure Patterns XML Collaborator Open Services Interfaces Financial Business Architecture Cyber Security, Computer Security Incident Response Center Basic Pillars of Information Assurance Business Analyst Portal DOD Wide Governance The point of this part of the talk is to get their hands on all the pieces. There is no real technical information given here. Representing Semantics Performance Indication Alert Condition HRM Future Medical Logistics Function Collaboration, challenges NSTISSP George Thomas, Bio Cross-Agency Virtual Query and Trigger Setting Part 2 presents a catalog of security functional requirements. CMM Rating Line of Business Federated Data Reference Models FEA, Integration of Web Services [TML-ENTITY-amp] Component Based Architecture Enterprise Architecture, templates for interoperability WS-Referral IAC, business-centric methodology ANSI/IEEE 1471/2000 Architecture and Infrastructure Committee EAP data entities Cooperation with DoD stakeholders is essential to success USA Information Interoperability Challenges: Strategic Approach and Federated Data Management Software Architecture: Key to System Quality Security in a Carrier Network Business Line Challenges: Strategic Approach and Business Line Implementation Overarching Systems Framework for Homeland Defense Overcoming Barriers to Disparate Data Systems Secure E-Business Executive Summit Enterprise Architecture— an Enabler of Secure E-Government Using EA to Improve Healthcare Delivery and Build Better Information Systems BRM-PRM-BLA- New Thinking for Transformation and Actionable and Adaptable Architecture Secure E-Business Summit 2003 Financial Management Modernization Program National Information Assurance Program Common Criteria Evaluation and Validation Scheme XML Web Services Working Group Pilot Projects: Business Cases, Architectures, and Demonstrations Transforming Government: IT as an Enabler of Enhanced Mission Accomplishment Security Architecture Challenges and Integration with EA E-Government: Creating a Government that Delivers Results BEA System, Inc. Office of Management and Budget ICHnet.org OSD Comptroller Environmental Protection Agency Metamatrix US Department of Justice Everware Qwest Communication eProcess Solutions United States Navy GSA OCIO Enterprise Architecture Group CSC Carnegie Mellon University's Software Engineering Institute Novell General Services Administration SAIC National Security Agency, Information Assurance Directorate Headquarters US Air Force MA MD VA PA DC 2003 SecurE-Biz Executive Summit Author Keyword Presentation Authors/Presentations Author Information Presentation Presents By Employs Contains Located in Site of Works for Belongs to