TSCP Newsletter

In this Issue: November Symposium

Capabilities Brochure

News Updates

Member Directory

Committee Updates

WG and Project Updates

Meeting Schedule

Symposium Continued

Executive Gala & Forum

Contact TSCPTransglobal Secure

Collaboration Participation8000 Towers Crescent Drive

Suite 1350 Vienna, VA 22182

Phone: 703.760.7898Fax: 703.760.7899

news@tscp.org

1

TSCP to Host First Full-Scale SymposiumTSCP will be holding our first full-scale symposium Thursday and Fri-day, November 14 and 15, 2013 at the Hyatt Regency in Crystal City. Mark your Calendar and Call for Papers e-mails have been sent to 25,000+ government and industry professionals in the Identity & Ac-cess Management space. A call for exhibitors and sponsors has been released to several hundred companies and government agencies.

For TSCP working members, there will be TSCP committee, project, and working group meetings Tuesday and Wednesday at the Lockheed Martin Global Vision Center (GVC), also located in Crystal City. The TSCP meeting days will be similar to previous business week Architec-ture Committee (AC), Information Labeling and Handling (ILH), Ex-port Control Working Group (ECWG), Identity Federation v.2 (IdFv.2), Intellectual Property Working Group (IPWG), and Trusted Supply Chain Working Group (TSCWG) meetings.

The Hyatt Regency is only blocks away from the GVC and is the recommended hotel for the full week. TSCP has negotiated a room block at an excellent rate of $169 per night. For lunch and dinner op-tions, there are many restaurants within walking distance of the GVC. Please view page 8 for more information, and use the Symposium link to make your hotel reservations for the full week to ensure you get the discounted price.

TSCP will also be holding an invite-only Executive Gala on Tuesday at the Udvar-Hazy Center, as well as an invite-only Executive Forum on Wednesday at the United States Secret Service Headquarters. A Save the Date has been released.

July 2013 • Volume 2 : Issue 3

2

TSCP Capabilities Brochure

TSCP recently released the 2013 Capabili-ties Brochure to better clarify the TSCP mission. The Transglobal Secure Collabo-ration Participation, Inc. (TSCP) was es-tablished in 2002 as a collaborative forum of worldwide stakeholders in the defense industry to address security issues within the collaboration space. TSCP is the only government and industry partnership that has created a framework for secure elec-tronic transmission and sharing of sensi-tive information internationally.

To view the brochure and learn more, click here.

TSCP News

NSTIC Response to TSCP Pro-posalIn response to the proposal TSCP recently submitted to The National Strategy for Trusted Identities in Cyberspace (NSTIC) Federal Funding Opportunity (FFO), NSTIC has asked TSCP to answer a series of budget and technical questions. TSCP has submitted these answers and awards announcements are expected in August 2013.

TSCP Bridge ServiceTSCP continues to make progress on cre-ating a bridge service with an anticipated availability in the fourth quarter of 2013. The interim Policy Management Authority (PMA) has approved the TSCP PMA char-ter. The TSCP charter uses the Federal PKI Policy Authority charter as a guide. TSCP is developing a cost and service model for service delivery along with the bridge ser-vice application. The certificate policy has been created by a tiger team and is in the review process. The next focus areas are building the Certificate Authority, creating the Certification Practice Statement, and developing the criteria and methodology.

3

BAE SystemsContact: malcolm.carrie@baesystems.com

Lockheed MartinContact: greg.roecker@lmco.com

BoeingContact: thomas.a.kelly3@boeing.com

U.S. Department of DefenseContact: paul.grant@osd.mil

Netherlands Ministry of DefenseContact: ft.bakker@mindef.nl

U.S. General Services AdministrationContact: deborah.gallagher@gsa.gov

NASAContact: luis.m.bares@nasa.gov

CA TechnologiesContact: philip.kenney@ca.com

ActivIDentityContact: stelerico@actividentity.com

ElectrosoftContact: sarbari@electrosoft-inc.com

IntercedeContact: richard.parris@intercede.com

NLRContact: rene.wiegers@nlr.nl

AxiomaticsContact: ggebel@axiomatics.com

Deep-SecureContact: robin.king@deep-secure.com

FuGen SolutionsContact: lkannappan@fugensolutions.com

Criterion SystemsContact: Dave.Coxe@Criterion-sys.com

Northrop GrummanContact: michael.papay@ngc.com

EADSContact: philippe.laflandre@eads.net

RaytheonContact: anthony_jones@raytheon.com

French ANSSIContact: patrick.pailloux@ssi.gouv.fr

UK Ministry of DefenseContact: cio-j6-ops2a@mod.uk

U.S. Secret ServiceContact: michael.merritt@usss.dhs.gov

MicrosoftContact: donsch@microsoft.com

Litmus LogicContact: james@litmuslogic.com

SynerenContact: meg@syneren.com

Boldon JamesContact: andrew.cowan@boldonjames.com

DeloitteContact: ibohmer@deloitte.com

GemaltoContact: thomas.flynn@gemalto.com

NextLabsContact: keng.lim@nextlabs.com

WaveContact: atarbox@wavesys.com

CentrifyContact: frank.cabri@centrify.com

TSCP Silver Members

TSCP Gold Members

TSCP Government Members

TSCP Platinum Members

4

The Leadership Advisory Group (LAG)The LAG is currently in the process of updating the TSCP strategic plan in order to better align TSCP goals and objectives with government and industry. A face to face meeting is scheduled for July 23 and 24 at the Lockheed Martin GVC to develop and refine TSCP strategy. The LAG has targeted the end of August 2013 for the comple-tion of an approved strategic plan.

Architecture Committee (AC)The AC has continued its close relationship with the Trusted Computing Group (TCG) and provided input on work to develop a Machine Identity Framework. This effort is being supported in the TCG through representatives from The Boeing Company and Wave Systems. Developing a recognized mechanism to convey the level of assur-ance that can be associated with a machine identity is key to enabling exploitation of this information within an access control regime. In our discussion, we recognized that there are many factors which may influence the level of assurance associated with the identity of machine. This is in many ways no different than the different factors which are taken into account when determining the identity assurance level of an individual. It is widely accepted that there are four discrete levels of assurance associated with an individual that start from “little or no confidence” and reach “very high confidence” by way of “some” and “high.” We wait to see whether the TCG will arrive back at these same levels for machines.

The AC has also co-ordinated a response from TSCP to the draft of NIST 800-162, Guide to Attribute Based Access Control, and will be represented at the NIST work-shop in Rockville, MD on July 17. The AC has also started work with the PLASMA Consortium to identify opportunities to exploit emerging capabilities through test and demonstration in TSCP scenarios.

We have also been busy supporting the Leadership Advisory Group through the docu-mentation of the TSCP Roadmap in a publishable format. Look for further information on this on the TSCP Website and in the next newsletter.

Committee Updates

Richard Skedd, BAE Systems IT Strategy Manager within the Office of the CIO & Chairman of the TSCP Architecture Board

5

Working Group and Project Updates

The Intellectual Property Work-ing Group (IPWG)The IPWG continues its work updating the requirements document. Once this is com-pleted, the Architects will review the docu-ment and a gap analysis will be completed for ILH to ensure all requirements have been captured accurately in the specifica-tions.

The Export Control Working Group (ECWG)The ECWG continues to discuss the role TSCP may be able to play in encouraging US and European export regulatory agen-cies to accept certain levels of encryption which would ensure intangibles/technol-ogy not be considered an export when stored or transmitted across international borders. This lack of guidance/require-ments is currently seen most prevalently in regard to cloud environments, but is a larger issue which needs to be addressed with common, agreed upon requirements on an international level.

Information Labeling and Han-dling v.1+ (ILH v.1+)ILH continues its work testing and imple-menting the Bussiness Authorization Framework (BAF) and Business Authoriza-tion Identification and Labeling Scheme (BAILS) specifications working towards a demo for the TSCP November Business Week. ILH also plans to incorporate some export related scenarios to demo and will engage export subject matter experts as needed.

Trusted Supply Chain Working Group (TSCWG)In the TSCWG, the technical tiger team has been working toward the goal of plati-num member companies trusting one an-other’s supply chain credentials. The team has been reviewing the Identity Federation Common Operating Rules v.1.3 (COR) and making changes as needed to ensure all companies can agree and adhere to this document as common policy. Once this technical policy is agreed to, a legal team will work on developing an enterprise level federation legal agreement which can be leveraged by all current and future con-tracts. This will standardize and streamline the contractual process for establishing federation agreements at an enterprise level, providing clear responsibilities and liabilities for the identity information ex-changed between TSCP organizations and their partners implementing this agree-ment.

A draft version of the Executive Abstract was completed and reviewed by the team. The LAG will review the abstract and it will then be passed on to the TSCP Executive Membership.

TSCP Leadership met with the Aerospace Industries Association to bring in suppli-ers to help develop, write, and test trust framework elements developed by TSCP to ensure the solutions meet the needs of smaller supplier companies in addition to the larger A&D companies.

Identity Federation v.2 (IdFv.2)The IdFv.2 team has completed the initial draft of the Provisioning Profile to pass to the AC for review. The TSCP, Raytheon, Lockheed Martin, and BAE Systems labs continue testing the profile, and once test-ing is completed, the team will create and present a demo of this capability to the AC. This demo will also be shown at the November Symposium.

The next task on the team’s schedule is to look at home realm discovery and ways to improve the end user’s experience when selecting an Identity Provider for access to a federated application.

6

To access the TSCP Master Calendar in SharePoint, click here.

TSCP Meeting Schedule for July

*Times are in EST.

Monday Tuesday ThursdayWednesday

7

TSCP Meeting Schedule for August

*Times are in EST.

Monday Tuesday Wednesday Thursday

8

Challenges and Opportunities in Secure CollaborationThe Transglobal Secure Collaboration Program (TSCP) Inc., a nonprofit 501 (C)(6), is the only government-industry partnership specifically focused on designing solu-tions to address the most critical issues facing global industry: mitigating the com-pliance, complexity, cost and IT security risks inherent in large-scale, multi-nation-al collaborative programs. In support of this mission, TSCP is proud to present the Transglobal Secure Collaboration Symposium, an industry-leading conference and vendor exhibition focused on secure collaboration among industry partners and their supply chain members, mitigating the risks of information security breaches, accelerating secure information sharing while reducing overall program costs.

Presentations by and for the TSCP Community and IndustrySpeakers include information security leaders from gov-ernment agencies, military departments, technology companies, the intelligence community, as well as TSCP members from aerospace and defense. The conference will showcase the work of the the TSCP community, and their efforts solve common challenges that impact major programs today.

Prospective topics include: Federal Identity, Credential and Access Management (FICAM); Federal Cloud Creden-tial Exchange (FCCX); National Strategy for Trusted Iden-tities (NSTIC); Mobility and Digital Strategy; Identity in the Cloud; Device Health/Machine Identity; PIV and PIV-I High Assurance Cards; Identity Trust Framework; Supply Chain Authentication, and more.

Following the mission of TSCP, the conference will deliver information and expert insights designed to tackle today’s challenges. TSCP member companies are the leaders in large-scale, international collaborative programs. The conference will tap this collective expertise to create an independent, market-focused forum on the challenges of collaboration and interoperability.

A Conference Agenda of Current, Crucial Subject Matter

Organized by the Industry Leader

Early RegistrationDiscounts Apply!

Prospective Tracks Include

Identity and Access Man-agement • Secure infor-mation sharing • Secure credentialing • Secure

Document Sharing and Ac-cess to Applications • Cy-bersecurity and Remedia-tion Against Cyber Threats

• Security for Cloud and Mobility Environments

Featuring

The Secure Collaboration Showcase Exhibition

With Live Technology Implementation Demos

Exhibit and Sponsorship Opportunities are Avail-

able: Click here for more.

When: Thursday, November 14, 2013 - Friday, November 15, 2013 8:00 AM - 5:00 PM EST

Where: Hyatt Regency Crystal City, 2799 Jefferson Davis Hwy, Arlington, Vriginia 22202, USA 212-866-2169

Mark Your Calendar Now!

9

Where: Hyatt Regency Crystal City, 2799 Jefferson Davis Hwy, Arlington, Vriginia 22202, USA 212-866-2169

Mark Your Calendar Now!

International Governments

• French - The National Agency for the Security --of Information Systems (ANSSI)• Netherlands - National Aerospace Laboratory• Netherlands - Royal Netherlands Embassy• Netherlands Ministry of Defence• Netherlands Ministry of the Interior and King- --dom Relations• UK - Department for Work and Pensions• British Embassy• UK-MoD - CIO Office• UK-MoD - Log NEC Programme• UK-MoD - DE&S ISS• UK Council for Electronic Business• North Atlantic Treaty Organisation (NATO)• NATO Consultation, Command and Control --Agency (NC3A)• NATO Allied Command Operations (ACO)• NATO Consultation

• DoD - Cybersecurity Policy (DoD)• DoD - Defense Information Systems Agency• DoD - Defense Manpower Data Center 0(DMDC)• DoD - Air Force• DoD - Army• DoD - Office of the Under Secretary (AT&L)• DoD - National Security Agency• DoD - OASD(NII)/DoD CIO• DoD - Office of the Director of National Intel-0iligence• DoD - OSD(AT&L)/DPAP/PDI• DoD - OSD/Industrial Policy• Department of Homeland Security (DHS)• DHS - Science & Technology• DHS - United States Secret Service• Government Services Administration (GSA)• National Aeronautics and Space Administration• National Archives and Records Administration• United States Postal Service• Department of Commerce - NIST• Depatment of Health and Human Services• Department of Treasury• Department of State• Department of Energy• Federal Emergency Management Agency• Transportation Security Adminstration• Federal Aviation Administration (FAA)• FAA NextGen• Federal Bureau of Investigation (FBI)• Whitehouse• Office of Management and Budget (OMB)

• ActivIdentity Inc.• ALCO• Apple• Axiomatics• Boldon James Limited• Booz Allen• CA Technologies• Centrify• CertiPath LLC• CipherCloud• CISCO• Citrix Systems, Inc.• ClearSwift Ltd• Criterion Systems, Inc.• Deep-Secure Ltd.• Dell• Deloitte & Touche, LLP• Electrosoft Services, Inc.• EMC Corporation• Enterprise Engineering Services• Fokker• Fugen Solutions• Gemalto North America• Honeywell• HP• IBM• Intercede• Jericho Systems Corporation• JW Secure, Inc.• LexisNexis• Litmus Logic• McAfee• Microsoft Corporation• Mount Airey Group Inc.• NextLabs Inc.• OASIS• Oberthur Technologies• Oracle• Ping Identity• Pricewaterhouse Coopers• Protiviti• PTC• Quest Software• Quintessence Labs• RealSec Inc.• SafeNet• SAP• SELEX Communications• Smart Logic• Symantec• Syneren Technologies Corp• Titus• TrendMicro• Wave Systems Corporation• Xceedium Inc.• XTEC

• Aerospace and Defence Industries• BAE Systems• Bombardier Aerospace• Cassidian (EADS)• DRS Technologies• EADS/North America• Finmeccanica• General Dynamics• Lockheed Martin Corporation• Northrop Grumman Corporation• Raytheon Company• Rolls Royce• The Boeing Company

• CO- Colorado Department of Public Safety• Colorado State• Commonwealth Of Virginia• District of Columbia - Office of the Chief Tech-0nology Officer• New Jersey State• New York - Office of Mental Health - CIT• New York State• NJ Office of Homeland Security & Prepared-0ness• PA - Chester County Department of Emer-0gency Services• Pennsylvania State• Virginia - Veterans Affairs and Homeland --Security• Virginia- Department of Motor Vehicle• Virginia- VITA• West Virginia State• WV Homeland Security and Emergency Man-0agement

• Chevron• Fidelity• Chicago Mercantile

• Aerospace Industry Association - (AIA)• All Hazards Consortium (AHC)• American Association of Motor Vehicle Admi-i0nistration (AAMVA)• American Bar Association IDM LTF• NACHA• National Association of State Chief Information --Officers (NASCIO)• Open Identity Exchange• Safe BioPharma• Smartcard Alliance• Trusted Computing Group (TCG)

IndustryAerospace and Defense IT

Federal

States

Critical Infrastructure

Associations

Previous Event Attendees