Naval INFOSEC Universe Description Report

(IUDR)

Space and Naval Warfare Systems Command
Information Systems Security Office (SPAWAR PD 51)

18 January 1994

1.0 INTRODUCTION

1.1 Background

As demonstrated in Operations Desert Shield and Desert Storm, information is an essential ingredient of modern Naval operations for both war fighting and peacetime situations. The security of that information and the associated information processing resources is critical to the success of military missions. However, the unprecedented development of information system technology and the proliferation of wide area networks have exposed new vulnerabilities of the Navy's information systems. The mission criticality of information coupled with these new vulnerabilities introduces special requirements for the security of information systems that drives the need for an Information Systems Security (INFOSEC) program. Although security tools and products are available to address some of the new vulnerabilities, there is a need to focus security resources within the Department of the Navy (DoN) and to implement a top- down systems engineering approach to the development and fielding of INFOSEC, both to achieve economies and timeliness in system acquisition and to achieve the effectiveness required of fielded secure information systems.

On 27 December 1992, the SPAWAR Information Systems Security Office (initially SPAWAR ;00I, recently renamed SPAWAR ;PD 51) was established as the focal point for implementing DoN INFOSEC policy. SPAWAR PD 51 is organized into three primary divisions: PD 51E, Chief Engineer, PD 51C, Customer Service, and PD 51M, Program Manager. PD ;51 is supported by PD ;50L, Integrated Logistics Support, PD ;50I, Foreign Military Sales, and PD ;50P4, Financial Management.

PD 51E is responsible for developing Naval INFOSEC architectures, standards, and tools; for developing INFOSEC investment strategies; for focusing the Naval INFOSEC technology base; for developing and promoting INFOSEC interoperability strategies; and for identifying and coordinating resource requirements to support the Operational Users and program managers of Naval INFOSEC systems. PD 51C is responsible for identifying Operational User requirements for INFOSEC products, technologies, systems, and services and for providing INFOSEC engineering services to the PMs and Operational Users. PD 51M is responsible for managing the development and implementation of INFOSEC products and systems for operational use in Naval information systems, and potentially Joint Service or Allied information systems for which the Navy is the lead Service for all or at least the INFOSEC portions of the system. The Appendix provides a summary of the interactions among these primary divisions of SPAWAR ;PD ;51 and the interactions of each with the remainder of the INFOSEC Universe. These are derived from the interactions developed later in this report from the most recent organization statements for PD ;51.

1.2 Purpose

The Naval INFOSEC Universe (NIU) is that portion of the total universe of systems with INFOSEC requirements and organizations with INFOSEC responsibilities (i.e., the total INFOSEC Universe) that is subject to Naval INFOSEC policy. The purpose of this document, the Naval INFOSEC Universe Description Report (IUDR), is the following:

To establish what are the systems and organizations that lie inside and outside the NIU.

To define and describe the important INFOSEC attributes of these systems and the INFOSEC roles of these organizations.

To provide a vehicle for achieving agreement within the Naval INFOSEC Community on the boundary and content of the NIU.

To define the INFOSEC- related interactions of Operational Users, Program Managers, and SPAWAR ;PD 51 in this universe.

To describe the general interactions of SPAWAR ;PD 51 with other organizations in the INFOSEC Universe and to lay the groundwork for a detailed blueprint of the interactions required of the SPAWAR PD 51 organization to effectively implement its charter as the Naval focal point for INFOSEC.

To provide the basis for more detailed analyses that will address formulation of a Naval INFOSEC investment strategy in a systematic manner. The INFOSEC investment areas that will be addressed are: the technology base, processes, tools, standards, products, and resources.

1.3 Scope

This document concentrates on the role of SPAWAR PD ;51 as the Navy's INFOSEC focal point for information systems that are subject to Naval INFOSEC policy. This INFOSEC role is accomplished through systems engineering, customer support, program management, and mutual interactions among the following major participants in the INFOSEC Universe:

SPAWAR PD ;51.
Program managers of information systems requiring INFOSEC.
Operational Users of these information systems.

Also important to the INFOSEC role are the essential INFOSEC- related interactions between these three participants and the remaining government organizations in the INFOSEC Universe. (It is assumed that contractor organizations will support and occasionally act for their government organization principals.) Discussion of the interaction among these remaining organizations is outside the scope of this document.

The information systems that are subject to Naval INFOSEC policy, and are thus members of the INFOSEC Universe, have the following uses:

Command, control, communications, computers, and intelligence (C4I).
Mission support.
Training.

These systems are employed during peacetime, wartime, training exercises, or test evaluations. They are used by organizations that are part of the DoN, by organizations that are provided INFOSEC support by the DoN, and by organizations for which the Navy is the lead service for development of the information system. These user organizations are the following:

U.S. Navy.
U.S. Marine Corps.
Maritime Sealift Command.
U.S. Coast Guard.
Joint Services.
North Atlantic Treaty Organization (NATO).

2.0 DERIVATION OF NAVAL INFOSEC ATTRIBUTES

INFOSEC is defined in National Security Telecommunications and Information Systems Security Instruction (NSTISSI) 4009 as "the protection of information systems against unauthorized access to, or modification of information, whether in storage, processing, or transit and against the denial of service to authorized users, or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats."

Previously, separate security policies and doctrines addressed protection of computer systems (COMPUSEC), information transfer systems (COMSEC), and emanations (TEMPEST). With today's proliferation of information processing networks, the separate implementation of these related disciplines for information protection is no longer technically or fiscally feasible. Information systems security (INFOSEC) is the modern discipline that provides an integrated and systematic approach to the security of all aspects of information systems. The term "secure information system" is used throughout this document to mean any information storage, processing, or transfer system that requires or uses INFOSEC features and/or components.

The focus of this section is the description of the security- relevant characteristics, termed "attributes," of information systems in the context of the NIU. These attributes will be used to define the interactions among the key players necessary to field and support secure information systems that will contribute to the successful prosecution of Naval missions. Naval INFOSEC attributes must, therefore, be derived from an understanding of Naval missions, information value, and threat scenarios. The platforms, information systems, and organizations that implement these attributes in the NIU, and their interactions among the key NIU organizations in support of these attributes, are described in Section 3.

2.1 Naval INFOSEC Threat Scenarios

Naval information systems store, process, and communicate large quantities of information. Much of this information is critical to satisfying the Naval war fighting and support missions. Recent advances in communications and information processing technology that increase the distribution and exposure of this information also increase the vulnerability of Naval systems to exploitation both by accidental and malicious threat agents. Modern information systems may be vulnerable to any or all of the following threats:

Unauthorized disclosure of classified data or unclassified but sensitive data.
Denied access to information or use of the system.
Modification of data processed by the system or modification of the system itself.
Spoofing or fooling the system or its users to take unauthorized or incorrect actions.

Threats can exploit system vulnerabilities when adversaries have the intent and adequate resources. Appropriate security mechanisms must be incorporated in Naval information systems to protect system vulnerabilities from exploitation.

2.2 INFOSEC Attributes of Naval Information Systems

This section summarizes the INFOSEC attributes of Naval information systems. These attributes were derived from a detailed analysis of Naval information systems based on Naval missions (spanning peacetime to wartime), information value, and threat scenarios. The criticality of information to these missions has raised its protection through INFOSEC engineering to the same level of importance in the systems engineering process as, for example, fault tolerance, real- time operation, and interoperability. Correct INFOSEC engineering to achieve the correct INFOSEC attributes demands strict adherence to security policy, formal validation and verification of security designs, absolute traceability of design to requirements, and acceptance (by signature and with legal implications) of residual security risks by the Operational Users and information owners. The INFOSEC attributes summarized in this section form the basis for the roles of and required interactions among the three primary participants in the NIU and their required interactions with the remaining INFOSEC Universe organizations.

2.2.1 Security Features

2.2.1.1 Confidentiality

The confidentiality attribute is defined by the extent of the protection afforded by the security service from disclosure of information to unauthorized entities (e.g., individuals, organizations, equipment, processes). Examples of protected information include user and operational information, administrative information, security parameters (e.g., cryptographic key material), system characteristics (e.g., operational capabilities, location, or vulnerabilities). At a more detailed level, confidentiality may be divided into four subordinate services: information confidentiality, traffic flow confidentiality, emanations security, and signals security. Security mechanisms that implement the confidentiality attribute include access control, object reuse, encryption, TEMPEST techniques, physical isolation, and administrative procedures.

2.2.1.2 Integrity

The integrity attribute is defined by the extent of the protection afforded by the security service from information or resources being created, inserted, modified, or deleted by entities not authorized for these actions. Examples of integrity protection include the prevention or detection from these actions, and may also provide capabilities to recover from successful attacks on the integrity of a system. At the next lower level of detail, the Integrity attribute may be divided into system integrity, equipment and software integrity, and information integrity. The integrity attribute also includes authenticity, the means for proving the identity of the source of an action taken on the system, and non- repudiation, the ability to protect against an entity's falsely denying sending information or falsely denying receipt of information. Security mechanisms that implement the integrity attribute include cryptographic checksums, error detection and correction techniques, message authentication codes, and digital signatures.

2.2.1.3 Availability

The availability attribute is defined by the extent to which the security services ensure that a system's capabilities are accessible and/or operational and information is obtainable by authorized entities. Availability services allow the system and/or individual components of the system to meet user- specified requirements for unobstructed operation and allow the system to make information accessible to users when needed. Failure of availability results in denial of service conditions. For the NIU, availability is limited to services that protect the system when threatened by malicious threat agents. Security mechanisms that implement the availability attribute include robust routing algorithms, duplication of critical system functions, security audit and alarm procedures, and system resource usage controls.

2.2.2 Strength of Security Features

The strength of security is defined by the extent to which a hostile entity must expend resources to defeat the security feature. The items listed in Section 2.3.1 are the primary security features to be provided. These features may be implemented by a number of security mechanisms. In addition to the "what" that is to be implemented to provide the security services, the question of "how much" security is adequate must also be described. For example, longer key lengths generally provide additional protection of encrypted information from threats of eavesdropping and cryptanalysis. The known threat environment for a system in the context of its mission and operational environment should drive the required strength of security features. Generally, stronger security features involve additional costs; therefore, a goal of the security engineering process is to provide "enough" security, as described in 3.3, but not more than can be afforded.

2.2.3 Assurance of Security Features

The assurance attribute is the level of confidence that a system's security approach is suitable for countering identified threats (effectiveness) and that security components used within the system are capable of performing their security functions correctly (correctness). Assurance is provided through top- down policy- driven security design and implementation, through analyses of the implemented security mechanisms, and validation through the formal Certification and Accreditation processes that requirements are met. In addition, assurance is provided for operational systems by on- line monitoring of the security status of the system and feedback of this status to the system operator or to the system or security administrator. For fielded systems, reaccreditation is invoked frequently for increased assurance, especially when system security features are modified.

2.2.4 Operability

Operability is the extent to which the integration of INFOSEC into an information system affects system performance. Factors that influence operability include security- relevant information overhead (e.g., security management information exchanges, cryptographic synchronization preambles)and security interoperability of the information systems.

2.2.5 Useability

Useability defines the extent to which integration of INFOSEC features into the information system affects the system operators. Important mechanisms for useability include end- user transparency, menu- driven operator interface, built- in training, support of user and device mobility, support of single logon, ease of maintenance, on- line accountability, and visible security/risk indicators.

2.2.6 Affordability

The affordability attribute is the extent to which INFOSEC features are cost effective (for both recurring and non- recurring costs). Affordability of INFOSEC features can be supported by incorporation of commercial off- the- shelf (COTS) and/or government off- the- shelf (GOTS) products where possible, modularity of INFOSEC design, life cycle logistics supportability (e.g., vendor support for upgrades), reuse of software, components, and certification documentation and evidence, and conservative use of security mechanisms to avoid over- design.

2.2.7 Timeliness

The timeliness attribute for INFOSEC system development and fielding is the extent to which the information system's schedule is met for implementation of the system's INFOSEC features. Mechanisms for achieving timeliness include rapid prototyping; reuse of relevant designs, security documentation, and certification evidence; advance planning for INFOSEC products to ensure time for certification/evaluation; use of open systems standards; and use of COTS and/or GOTS products.

2.2.8 Criticality

The criticality attribute is the degree of importance associated with an information system's mission, operational scenario, threat environment, and consequences of system failure or subversion. The criticality attribute supports prioritization of INFOSEC system engineering activities. The operational scenario includes peacetime, wartime, training, and test and evaluation (T&E). The consequences of system failure or subversion include mission failure, loss of physical resources, loss of national economic status, loss of national security, and loss of life.

3.0 THE NAVAL INFOSEC UNIVERSE

3.1 Definition and Boundaries

The NIU is defined as the set of all organizations and secure information systems that are subject to Naval INFOSEC policy and the platforms on which they reside. The NIU is a subset of the larger INFOSEC Universe that encompasses all systems, activities, and organizations with INFOSEC content. In the characterization adopted in the IUDR, systems and organizations that may affect Naval INFOSEC but which are not subject to Naval INFOSEC policy occupy positions outside the NIU boundary. There are some systems (e.g., Joint C4I systems) that are partially subject to Naval INFOSEC policy and partially outside its influence. These occupy positions on the NIU boundary.

3.2 Platforms in the NIU

The platforms in the NIU provide the environment for personnel and systems to implement their assigned missions. Platforms in the NIU include:

U.S Navy platforms (e.g., surface ships, submarines, unmanned platforms including satellites, and shore installations).

Marine Corps platforms (e.g., manpacks, tanks, Armored Personnel Carriers (APCs), High Mobility Multi- terrain Wheeled Vehicles (HMMWVs), aircraft, and river patrol boats).

Coast Guard platforms (e.g., surface ships, aircraft, and shore stations).

Maritime Sealift Command platforms (e.g., surface ships).

Each of these platforms has specific INFOSEC implications, particularly with respect to physical, personnel, and procedural security characteristics.

3.3 NIU and Interfacing Information Systems

Figure 1 summarizes the systems of the INFOSEC Universe. The portion of the INFOSEC Universe subject to Naval policy (i.e., the NIU) includes the information storage, processing, and transfer systems resident on NIU platforms that allow personnel to implement assigned missions. These systems are divided into the following categories:

C4I systems are all of the computer and telecommunications systems used on NIU afloat, airborne, and ashore platforms to command, control, monitor, and manage war fighting efforts. Any local or wide area networks used with these platforms are also included in this category.

Naval combat direction systems include all computer and display systems used by warfare commanders to analyze real- time threat information and deploy combat forces.

Naval weapons control systems include all automated weapons control computer systems, including weapons control microprocessors

Naval process control systems include computers or microprocessors used to control the operation of the platform. Usually, the correct operation of these processors is critical to the correct operation of the platform.

Naval telemetry systems include data communications links from sensors or other remote sources

Naval sensor systems include transducers that sense acoustic, electromagnetic, or other energy and transform it into a form for transmission to information systems.

Mission support systems include all non-tactical computer and telecommunications systems and networks at NIU facilities, including navigation systems, identification friend or foe (IFF) systems, weather reporting systems, threat warning systems, and maintenance systems as well as payroll, medical, repair records, entertainment and morale systems.

Figure 1. Systems of the INFOSEC Universe

Training systems are dedicated to the training of military personnel in various aspects of war fighting. These systems are not used during operational war fighting missions; the threats against these systems and their INFOSEC requirements often differ from systems used for war fighting.

External to the NIU (but maintaining important interfaces to it) are the following

Other Nation/Service/Agency C4I systems.
Commercial communications systems.
GOTS/COTS systems/products/components.

On the boundary (i.e., subject in part to Naval policy) are the following:

Joint C4I systems.
Joint combat direction systems.
Joint sensor systems.
Joint telemetry systems
Joint mission support systems
Joint training systems.

3.4 Organizations of the INFOSEC Universe

Figure 2 summarizes the organizational structure of the NIU and depicts its relationship with the larger INFOSEC Universe. As with the systems of the INFOSEC Universe, organizations subject to Naval policy are shown inside the NIU boundary, and organizations that have important INFOSEC roles but are not subject to Naval policy are shown outside the boundary.

3.4.1 Roles of Organizations Inside the NIU

The security- relevant roles of the organizations inside the NIU are the following:

The Office of the Secretary of the Navy (SECNAV) interprets National and DoD security policies and provides Naval INFOSEC policy and guidance to the NIU.

The Naval Investigative Service Command (NIS) prepares security policy for TEMPEST, physical, and personnel security.

The Naval Information Systems Management Center (NISMC) prepares security policy for signature out of SECNAV.

The Office of the Chief of Naval Operations (OPNAV) defines Naval missions and requirements and sponsors the development and operational test of Naval systems.

The Office of Naval Intelligence (ONI) sponsors the system engineering and development of special compartmented information (SCI) information systems.

The Naval Security Group (NSG) is the Office of Primary Responsibility (OPR) for signals intelligence (SIGINT) systems. The NSG also provides vulnerability analysis and testing from a signals analysis point of view.

The Naval Intelligence Command (NIC) prepares tailored intelligence reports and prepares security policies for SCI systems.

The Naval Maritime Intelligence Command (NAVMIC) interprets National threat assessments for Naval systems.

Operational Test and Evaluation Forces (OPTEVFOR) perform operational test and evaluation of DoD systems (including operational security testing for some systems).

System Commands/Program Executive Officers (PEOs) manage the acquisition of information systems for warfare platforms.

Program Managers (PMs) plan, program, budget, and execute programs to develop, acquire, and provide life cycle support for specific information systems.

Warfare Centers develop information systems for assigned warfare areas (e.g., Air Warfare, Undersea Warfare, Surface Warfare).

Operational Users operate and maintain information systems. They also provide feedback on system operation and identify requirements for new information systems and for upgrades to existing systems.

Figure 2. Organizations of the NIU.

The Naval Computer and Telecommunications Command (NCTC) generates and distributes Naval cryptographic keying material, develops strategic information systems and networks, and provides security training.

Designated Approval Authorities (DAAs) accredit secure information systems for operation and assume responsibility for the residual risk in their operation. Depending on the type of information involved, the role of DAA could be performed by a variety of organizations, both inside and outside the NIU.

SPAWAR PD 51 responds to and interprets National, DoD, and DoN INFOSEC policy; acts as focal point for providing and coordinating INFOSEC services for DoN; coordinates INFOSEC requirements and solutions with other Services, DISA, NSA, other Agencies, and industry; and acts as PM for those information security systems and components for which the Navy is responsible.

The Naval Research Laboratory (NRL) provides technical resources to support SPAWAR PD 51; performs INFOSEC research; develops INFOSEC technology, system prototypes, processes, and methodologies; and conducts security certification, test, and evaluation.

The Naval Command, Control and Ocean Surveillance Center (NCCOSC) including its components NCCOSC In- Service Engineering East (NISE), The Naval Research and Development Laboratory (NRaD), and The Naval Electronics System Security Engineering Center (NESSEC) provides technical resources to support SPAWAR PD 51; develops secure information technology and system prototypes; provides security engineering services to fielded secure information systems; and conducts TEMPEST testing.

The Naval Training Center (NTC) provides training in COMSEC techniques, COMSEC equipment operations and repair, and Cryptologic Materiel System (CMS) custodian duties.

3.4.2 Roles of Organizations Outside the NIU

The roles of the organizations that play a role in Naval INFOSEC but are outside the NIU boundary are the following:

The Office of the Secretary of Defense (OSD) interprets national INFOSEC policy for DoD.

The Defense Information Systems Agency (DISA) develops architectures and standards for Joint Service interoperability and maintains a database of approved INFOSEC products for Service use.

The Inspector General (IG) inspects secure information systems for compliance with the system security policy and, periodically during the life of the system, for secure operation.

The Defense Intelligence Agency (DIA) performs vulnerability analyses of DoD intelligence information systems; serves as DAA for DoD and/or DoN intelligence systems.

Other Services/Allies coordinate with DoN to ensure INFOSEC interoperability.

Academia performs research on, or proofs of concept for, secure systems and technology.

DAA's accredit secure information systems for operation and assume responsibility for the residual risk in system operation. DAAs may be either inside the NIU or outside it.

Industry develops and provides INFOSEC products and secure information systems.

The National Institute of Standards and Technology (NIST) develops systems and standards for protection of unclassified but sensitive information.

The Central Intelligence Agency (CIA) provides INFOSEC threat assessments for all DoD intelligence systems.

The National Security Agency (NSA) provides detailed security requirements for DoD information systems and products; evaluates and certifies selected secure information systems; develops cryptographic algorithms, modules, and systems; and provides centralized key management services.

3.5 Interactions in the NIU

The interactions described in this section are those required to ensure that the INFOSEC attributes set out in Section 2 are an integral part of Naval information systems in the future. Figure 3 summarizes the principal interactions of the Operational Users in the NIU; these interactions are described in more detail in Section 3.5.1. The interactions of the Program Managers of information systems with INFOSEC requirements are summarized in Figure 4 and described in more detail in Section 3.5.2. Section 3.5.3 describes the interactions of SPAWAR PD 51 in the INFOSEC Universe more fully. In each figure, the information flows for two- way interactions are grouped so that the information items closest to an arrowhead flow in the direction of the arrowhead.

3.5.1 Operational Users

One of SPAWAR ;PD 51's important roles is to reduce the burden on Operational Users for interpreting security policies, obtaining and operating secure information systems, and acquiring life cycle support for security capabilities. Figure 3 illustrates (using dotted lines) how SPAWAR ;PD 51 fulfills this role in the NIU through coordination of the interactions between the Operational Users and the other INFOSEC- related organizations so that the Operational User has available one central point of contact for all security- relevant issues and activities. The Operational User need interact directly only with OPNAV, SPAWAR ;PD 51, and the information system.

The direct and indirect interactions (via SPAWAR PD 51) of Naval Operational Users with other organizations in the INFOSEC Universe (summarized in Figure 3) are the following:

SPAWAR PD 51 coordinates the INFOSEC interactions of Operational Users with other organizations in the NIU. It directly provides in- service engineering, life- cycle and implementation support for standalone and embedded INFOSEC products, develops and procures INFOSEC products for the Fleet, and provides inputs to operational documents. Operational Users provide feedback on the effectiveness of INFOSEC attributes for their systems and may choose to request INFOSEC support from SPAWAR PD 51 through their "800" number.

SECNAV develops and disseminates INFOSEC policy.

Figure 3. Principal Interactions of the Operational User in the INFOSEC Universe

DISA provides training materials and classes in INFOSEC awareness and concepts for Operational Users.

NTC provides INFOSEC training materials and curricula in INFOSEC equipment maintenance and operations to Operational Users.

NIC prepares tailored intelligence reports and policy for operation of intelligence systems. The Operational User provides NIC feedback and relevant operational information.

Other Services/Allies share coordinated secure communications and keying material with Operational Users.

NIS sets, and monitors compliance with, security policies for TEMPEST, physical, and personnel security measures.

Program Managers (PMs) develop and procure secure information systems for Operational Users. The Operational User provides the PM with security requirements for new or improved information systems and feedback on secure information system operation. (In some instances, PD 51 may be the PM.)

Secure Information Systems are operated and maintained by Operational Users. Operational Users provide documentation such as user's manuals and facility manuals.

NAVMIC conducts threat assessments of operational information systems and provides corrective information. The Operational User provides operational concept documentation and operational feedback to NAVMIC.

DAA accredits secure information systems for operation. The DAA may be from the operational fleet, an OPR (e.g., SPAWAR, NSG, NCTC), or an organization outside of the NIU (e.g., DIA, CIA, NSA).

Naval Security Group assesses the vulnerability of operational systems with respect to signals emissions and provides liaison with NSA when NSA owns information handled by the operational system.

NCCOSC provides system installations, upgrades, and repairs and receives from the Operational Users trouble reports and feedback on secure information system effectiveness. NESSEC (under NCCOSC) provides security and certification testing of some operational systems.

OPNAV receives operational requirements from Operational Users to formulate Operational Requirements Documents (ORDs), Mission Need Statements (MNSs), etc.

The IG provides a report to the Operational User identifying whether the operational system meets the security and operates correctly.

OPTEVFOR provides operational T&E reports to Operational Users. Testing may include operational INFOSEC features or assessing the effect of INFOSEC on the system's operation.

NCTC provides training and cryptographic keying material to Operational Users to support security features.

3.5.2 Program Managers

Another of SPAWAR PD 51's roles is to assist Program Managers responsible for developing new information systems with security requirements to effectively integrate INFOSEC into their systems. Figure 4 illustrates that PD 51, as an integral member of the PM's system engineering/integration team, interprets and applies INFOSEC policies and doctrine, acquires and develops standard and supportable products, integrates INFOSEC throughout the system's life cycle, and interacts with DISA, NSA, and the Joint Service Community. This allows the PM to focus on working with the Operational User and the DAA to develop a secure, operational information system. SPAWAR PD ;51 uses its knowledge base, on- going NIU interactions (described in Section 3.5.3), and lessons learned from related efforts to accomplish the security engineering objectives. Program Managers of information systems with INFOSEC requirements have the following direct and indirect (via PD 51) interactions with the other organizations in the INFOSEC Universe:

Figure 4. Principal Interactions of the Program Manager in the INFOSEC Universe

OPNAV provides the PM Naval mission definition, system requirements and funding. The PM requests funding from OPNAV through the POM process and provides feedback on acquisition and system performance.

SPAWAR PD 51 as a member of the PM's system engineering team provides and integrates INFOSEC policy, risk assessments, security standards and architectures, INFOSEC engineering, security concepts of operation (CONOPS), security T&E requirements, and certification and accreditation support. To accomplish this, PD 51 interfaces with the organizations in the INFOSEC Universe that are concerned with security policy, INFOSEC products, applications, standards, architectures, and technology. PD ;51 develops and procures standalone and embedded INFOSEC products for use by PMs. The PM requests INFOSEC systems engineering support from PD ;51 and provides the information system CONOPS to PD ;51.

Operational Users provide feedback on system operation and on requirements to the PM for new or improved information systems. The PM provides the Operational User with the secure information system and its support.

OPTEVFOR performs T&E on the information system on the basis of the Test and Evaluation Master Plan (TEMP) provided by the PM and provides the results of the T&E to the PM.

The Secure Information System is acquired and supported throughout its life cycle by the PM.

The DAA uses information supplied by the PM (Security CONOPS, Security Policy, Security Accreditation Plan, certification results, etc.) to make the accreditation decision. The DAA provides the accreditation decision to the PM.

3.5.3 SPAWAR PD 51

This section describes the interactions of SPAWAR PD 51 with the NIU and the broader INFOSEC Universe that support its roles described in the previous sections and its long term role as the focal point for Naval INFOSEC. In this latter role, SPAWAR ;PD 51 uses lessons learned from the operational community and other PMs to coordinate and influence security policies, architectures, standards, protocols, secure products and applications, technology R&D and insertion efforts to ensure that Naval information systems possess the INFOSEC attributes identified in Section 2.3. Figure 5 summarizes these interactions.

SECNAV provides Naval INFOSEC policy and guidance (prepared for SECNAV's signature by NISMC) to SPAWAR PD 51. SPAWAR PD 51 provides SECNAV feedback on Naval INFOSEC and lessons learned.

OPNAV provides INFOSEC funding and the definition of Naval INFOSEC missions and requirements to SPAWAR PD 51. In turn, SPAWAR ;PD 51 submits POM requests to OPNAV for INFOSEC funding. PD ;51 also submits plans for product solutions to OPNAV and identifies systems for support or development.

DISA provides SPAWAR ;PD 51 Joint INFOSEC architectures and standards for Joint INFOSEC interoperability and an approved products list. SPAWAR ;PD 51 provides DISA information about Navy- unique INFOSEC requirements.

The DAA may receive from SPAWAR PD 51, in supporting the PM, some of the information required to accredit the system. SPAWAR ;PD 51 provides guidance for system certification and accreditation (C&A) to the DAA. The DAA provides lessons learned and operational considerations to SPAWAR PD ;51 to ensure that INFOSEC C&A documentation is adequate.

NRL provides technical INFOSEC studies and analyses, conducts INFOSEC research, and develops INFOSEC prototypes for SPAWAR ;PD 51 and its customers. SPAWAR ;PD 51 provides funding and tasking to NRL.

Figure 5. Principal Interactions of SPAWAR PD 51 in the INFOSEC Universe

PMs request INFOSEC systems engineering support from SPAWAR ;PD 51 and provide the information system CONOPS to PD ;51. SPAWAR PD ;51, as a member of the PM's systems engineering team, provides and integrates INFOSEC policy, CONOPS, risk assessments, standards, architectures, technology insertion, products, engineering, T&E requirements, and C&A support. To do this, PD ;51 interfaces with organizations in the INFOSEC Universe that are concerned with policy, products, applications, standards, architectures, and technology. PD ;51 develops and procures standalone and embedded INFOSEC products for use by the PMs.

Allies/Other Services provide SPAWAR PD 51 INFOSEC products and services for possible application to Naval INFOSEC systems. PD 51 provides consultation and liaison to Other Services and Allies to foster INFOSEC interoperability.

The Secure Information System receives INFOSEC engineering and technology from SPAWAR ;PD 51 either through the PM or with SPAWAR ;PD 51 as the PM for some INFOSEC products and systems.

NIST provides SPAWAR ;PD 51 INFOSEC standards, products, and applications appropriate for the protection of unclassified but sensitive information. SPAWAR ;PD 51 provides NIST information on Naval INFOSEC requirements.

Academia provides SPAWAR ;PD 51 the results of its research into security systems and techniques. SPAWAR ;PD 51 provides academia information about Naval INFOSEC requirements and support (e.g., funding) for its research activities.

Industry provides SPAWAR ;PD 51 COTS INFOSEC products and applications for use in Naval systems. SPAWAR ;PD 51 provides industry information about Naval INFOSEC requirements and support (e.g., funding) for its development activities.

NAVMIC provides National INFOSEC threat assessment results based on Naval environmental issues from PD ;51 to guide SPAWAR ;PD 51 threat assessments for specific systems. SPAWAR ;PD 51 also uses this information to support its system planning and budgeting.

NSA provides SPAWAR ;PD 51 INFOSEC technology, evaluated and endorsed products, profiles, C&A strategies, and applications appropriate for the protection of classified information. SPAWAR ;PD 51 provides NSA information about Naval INFOSEC requirements. NSA and PD 51 establish memorandums of agreement (MOAs) for NSA support to PD 51 and to other Navy PMs.

NCCOSC receives requests for In- Service Engineering Agent (ISEA) or Software Support Agent (SSA) activities from SPAWAR ;PD 51. NCCOSC provides this support for INFOSEC products developed or procured by SPAWAR ;PD 51. NCCOSC (NESSEC) is funded and tasked to perform TEMPEST, C&A, and Naval Computer Incident Response Team (NAVCIRT) support.

Operational Users provide feedback on the effectiveness of INFOSEC attributes for their systems and may choose to request INFOSEC support from SPAWAR PD ;51 through the "800" number. PD ;51 coordinates the INFOSEC interactions of the Operational Users, provides in-service engineering, life-cycle and implementation support for standalone and embedded INFOSEC products, develops and procures INFOSEC products for the Fleet, and provides inputs to operational documents.

DIA provides vulnerability assessments of Naval intelligence information systems to SPAWAR ;PD 51. SPAWAR ;PD 51 gives DIA information on its information systems, missions, and scenarios as input to DIA's vulnerability assessment process.

NSG provides general Naval INFOSEC vulnerability results to guide SPAWAR ;PD 51 INFOSEC engineering efforts. SPAWAR ;PD 51 also uses this information to support its planning, programming, and budgeting.

GLOSSARY



AIS: automated information system
APC: armored personnel carrier
ASN: Assistant Secretary of the Navy

C&A: certification and accreditation
C3I: command, control, communication, and intelligence
C4I: command, control, communication, computers, and intelligence
CIA: Central Intelligence Agency
CMS: Cryptologic Materiel System
COMINT: communications intelligence
COMPUSEC: computer security
COMSEC: communications security
CONOPS: concept of operations
COTS: commercial-off-the-shelf
CT&E: certification test and evaluation

DAA: designated approval authority
DIA: Defense Intelligence Agency
DISA: Defense Information Systems Agency
DoD: Department of Defense
DoN: Department of the Navy

EMSEC: emissions security

GOTS: government-off-the-shelf

HMMWV: high mobility multi- terrain wheeled vehicle

IED: INFOSEC Engineering Division
IFF: identification friend or foe
IG: Inspector General
IU: INFOSEC Universe
ILS: integrated logistics support
INFOSEC: information systems security
ISEA: In-Service Engineering Activity
IUDR: INFOSEC Universe Description Report

MCCR: mission critical computer resources
MNS: Mission Need Statement
MOA: memorandum of agreement
MSC: Maritime Sealift Command

NATO: North Atlantic Treaty Organization
NAVCIRT: Naval Computer Incident Response Team
NAVSECGRU: Naval Security Group
NAVMIC: Naval Maritime Intelligence Command
NCCOSC: Naval Command, Control and Ocean Surveillance Center
NCTC: Naval Computer and Telecommunications Command
NESSEC: Naval Electronics System Security Engineering Center
NIC: Naval Intelligence Command
NIS: Naval Investigative Service Command
NISE: NCCOSC In- Service Engineering East
NISMC: Naval Information Systems Management Center
NIST: National Institute of Standards and Technology
NIU: Naval INFOSEC Universe
NKDS: Naval Key Distribution System
NRaD: Naval Research and Development
NRL: Naval Research Laboratory
NSA: National Security Agency
NSG: Naval Security Group
NSTISSI: National Security Telecommunications and Information Systems Security Instruction
NTC: Naval Training Center

ONI: Office of Naval Intelligence
OPNAV: Office of the Chief of Naval Operations
OPR: Office of Primary Responsibility
OPTEVFOR: Operational Test and Evaluation Forces
ORD: Operational Requirements Document
OSD: Office of the Secretary of Defense

PEO: Program Executive Officer
PM: program manager
POM: Program Objectives Memorandum

R&D: research and development
ROC: Required Operational Capability

SCI: special compartmented information
SECNAV: Secretary of the Navy
SFUG: Security Features Users Guide
SIGINT: signals intelligence
SPAWAR: Space and Naval Warfare Systems Command
SPAWAR 00I: SPAWAR Information Systems Security Office (original title)
SPAWAR PD 51: SPAWAR Information Systems Security Office (new title)
SPAWAR PD 51C: SPAWAR Information Systems Security Office, Customer Service Division
SPAWAR PD 51E: SPAWAR Information Systems Security Office, Systems Engineering Division
SPAWAR PD 51M: SPAWAR Information Systems Security Office, Program Management Division
SSA: software support activity
ST&E: security test and evaluation

T&E: test and evaluation
TEMP: test and evaluation master plan
TFM: Trusted Facilities Manual

APPENDIX

SUMMARIES OF THE INTERACTIONS OF SPAWAR PD 51C, PD 51E, PD 51M AMONG THEMSELVES AND WITH THE REST OF THE INFOSEC UNIVERSE

1. INFORMATION EXCHANGES AMONG 51E, 51C, AND 51M

The functions performed by each component of PD 51 complement the other components' functions in an overall integrated process. The information generated by each for use by the others is summarized in Table A 1 in the form of a 3x3 matrix, each row and column being titled by a component. The matrix diagonal in bold type contains the functions performed by each component. Each row presents the information passed from the component in bold type to each of the other components as identified in the title row. Each column, therefore, identifies the information passed from each of the components identified in the title column to the component in bold type.

2. INFORMATION EXCHANGES BETWEEN EACH OF 51E, 51C, 51M AND THE REST OF THE INFOSEC UNIVERSE

Each component of PD 51 collects information from and provides information to other organizations in the INFOSEC universe for use in performing its functions and preparing responses to its customers' requests. These exchanges are summarized in Table A 2, in which the first column identifies the external organization, the second column the direction in which information is being passed, the third column identifies the PD 51 component involved, and the last column defines the data being passed.

TABLE A -1. SPAWAR PD 51: INTERNAL INFORMATION EXCHANGE

TO FROM                        E                     C                                       M                                       
        E    SYSTEM ENGINEERING ACTIVITIES             Specific System Architectures           Architecture Criteria For Product     
             Architecture   Tech Base   System       Specific Security Standards   Staff     Or System Design   Feasible, Mature     
             Engineering     -  Standards     -      Guide, SE. Document Templates           Security Standards   Acquisition        
             Process/Methods     -  Tools            Design Guidance For Optimized           Templates   Security Engineering        
                                                     Certification Process   Engineering     Processes and Methods   Security        
                                                     Methods (E.G., Risk Assessments,        Engineering Tools   Evidence Required   
                                                     Requirements Analysis)   Security       For Certification   Technology For      
                                                     Engineering Tools   Awareness           Insertion Into Products Or Systems      
                                                     Materials   Guidance for Improved       Guidance for Improved Product           
                                                     System Engineering Processes            Development Processes    Guidance for   
                                                                                             Improved Products For Development or    
                                                                                             Acquisition

        C      System Security CONOPS and Issues     LIAISON WITH CUSTOMER (Operational        Customer-Specific System              
             System Engineering Constraints,         User, Information System PM, Sponsor)   Architectures And Constraints (e.g.,    
             Analysis of Interdependencies           INFOSEC Engineering Support             Cost, Schedule)   INFOSEC Engineering   
             Customer-Specific INFOSEC Product Or    Requirements Analysis And               Guidance and Support   Fleet Training   
             System Requirements   C Feedback on     Validation   Certification And          Materials for use by M   Training for   
             System Engineering Methods, Tools,      Recertification   INFOSEC Awareness     M (to Train Fleet)                      
             Processes   Customer Feedback on        -  Templates     -  Training     -                                              
             Security Engineering Processes and      Conferences     -  Publications                                                 
             Solutions   Fleet and Customer                                                                                          
             Requirements via C         -  OPNAV                                                                                     
             -  User Conferences         -                                                                                           
             Customer-Defined/Derived   Training                                                                                     
             for E                                                                                                                   
      M        M Feedback on Process, Methods,         INFOSEC Products, Systems             PM FOR INFOSEC SYSTEMS/PRODUCTS         
             Tools   Customer Feedback on Specific   Awareness Materials   Life Cycle        System/Product Development              
             INFOSEC Products, Systems               Support Materials, Documents            System/Product Acquisition   Life       
             (Architecture, Standards, Technology                                            Cycle Support Materials And Documents   
             Base, COTS, GOTS)

Academia                       E   R and D Results                                                                               
                                   Naval INFOSEC Requirements; Funding                                                           
Allies and Other               C   INFOSEC Products and Applications                                                             
Services                                                                                                                         
                                   Coordination of Communications; Scheduling of Keying Material                                 
DAA                            C   System Accreditation; Lessons Learned                                                         
                                   Accreditation Documentation; Certification Support                                            
                               M   (DAA Role when Assigned to PD51M)                                                             
                                                                                                                                 
DIA                            C   Vulnerability Assessment of Naval Information Systems                                         
                                   Documentation of System Characteristics and Operations                                        
                               E   Vulnerability Assessment of Naval Information Systems                                         
                                   Naval Information Systems Descriptions                                                        
DISA                           C   DOD Standards; Security Architectures; INFOSEC Awareness/Concepts Training; Approved          
                                   Products                                                                                      
                                   Naval-unique Requirements                                                                     
                               E   Joint INFOSEC Architectures and Standards for Interoperability; Approved Products             
                                   Operational Users' Navy-unique INFOSEC Requirements                                           
INDUSTRY                       C   Systems Engineering; COTS Products and Applications for Systems Integration                   
                                   INFOSEC Requirements; System Engineering Concepts; Funding                                    
                               E   R and D Results                                                                               
                                   Naval INFOSEC Requirements; R and D Funding for Technology and Concepts                       
                               M   COTS Standalone Products and Systems; Development Plans and Budgets                           
                                   Naval INFOSEC Requirements; Funding for Development

INFOSEC Products and           C   Operational Feedback                                                                         
Systems                                                                                                                         
                                   Developed, Tested, Verified, and Installed                                                   
                               E   Operational Feedback                                                                         
                                   Developed, Tested, Verified, and Installed                                                   
                               M   Operational Feedback                                                                         
                                   Developed, Tested, Verified, and Installed                                                   
Inspector General              C   Verification of Secure Operations of INFOSEC Systems and Products (when Integrated into      
                                   Information Systems)                                                                         
                                                                                                                                
                               M   Verification of Secure Operations of Installed INFOSEC Products                              
                                                                                                                                
NAVMIC                         C   Threat Assessments (for INFOSEC System/Product Evaluation, and Technology Planning to        
                                   Counter Deficiencies)                                                                        
                                   Anticipated Naval Environment (Natural, Induced, and Manmade) in which Threat can exist      
                               E   Threat Assessments (for INFOSEC System/Product Evaluation, and Technology Planning to        
                                   Counter Deficiencies)                                                                        
                                   Anticipated Naval Environment (Natural, Induced, and Manmade) in which Threat can exist      
                               M   Threat Assessments as Guides for Specific Products                                           
                                   Naval Environment for Threat, Security CONOPS; Feedback on Operations                        
NAVSECGRU                      C   Naval INFOSEC Vulnerability                                                                  
                                   Documentation of System Characteristics and Options                                          
                               E   Naval INFOSEC Vulnerability

NCCOSC                         M   Fleet User Support; In-service S/EA and SSA PD51 Product Support; Installation Guides and     
                                   Drawings; TEMPEST and Operational System Security Testing, Certification and Accreditation,   
                                   NAVCIRT, all at NESSEC                                                                        
                                   ISSEA and SSA Requests; Trouble Reports; Feedback on INFOSEC Effectiveness                    
NCTC                           C   Keying Material; Training                                                                     
                                                                                                                                 
                               M   Keying Material; Training                                                                     
                                                                                                                                 
NIS                            C   Security Policy for Operators                                                                 
                                                                                                                                 
                               M   Security Policy for Operators                                                                 
                                                                                                                                 
NIST                           C   INFOSEC Standards, GOTS Products, Applications                                                
                                                                                                                                 
                               E   INFOSEC Standards and Applications (for Product Technical Evaluation)                         
                                   Naval INFOSEC Requirements                                                                    
                               M   INFOSEC Products and Applications                                                             
                                   INFOSEC Product Requirements                                                                  
NRL                            E   INFOSEC Studies and Analyses, R and D, Prototypes                                             
                                   INFOSEC Research Goals and Plans; Tasking and Funding

NSA                            C   INFOSEC Technology, Products, Standards, Policy, Doctrine; MOAs                               
                                   MOAs with Program Managers and PD51                                                           
                               E   INFOSEC Technology, Products, Profiles, Applications, C and A Strategies; MOAs                
                                   Operational Users' General INFOSEC Requirements; MOAs                                         
NTC                            C   Provides INFOSEC Product/Application Operation and Maintenance Training Curricula             
                                   Provides INFOSEC Product/Application Materials to Support Development of Curricula            
Operational Users              C   "1-800" PD51C Contact for INFOSEC Engineering Support, INFOSEC Requirements and               
                                   Deficiencies; System Implementation; C and A                                                  
                                   Responses to "1-800" Requests; Reports, Bulletins, etc.                                       
                               E   "1-800" PD51E Contact for INFOSEC Support,Technology and Systems Engineering Guidance,        
                                   Conference Participation; Operational Comments                                                
                                   Responses to "1-800" Requests; Reports, Bulletins, etc.                                       
                               M   "1-800" PD51M Contact for INFOSEC Product and Systems, Life-cycle Support, Implementation;    
                                   Feedback on INFOSEC Products and Systems                                                      
                                   Responses to "1-800" Requests; Reports, Bulletins, etc.; INFOSEC Standalone Products and      
                                   Systems, Operational Documentation; In-Service Engineering Support; Security Policies for     
                                   Operators; DAA Activities; Keying Materials                                                   
OPNAV                          C   Naval INFOSEC Requirements                                                                    
                                   Users' Requirements                                                                           
                               E   Naval INFOSEC Missions; Funding                                                               
                                   POM Requests for Funding; Operational Mission Feedback                                        
                               M                                                                                                 
                                   Users' Requirements

OPTEVFOR                       C   OT&E Results                                                                                 
                                   Documentation of System and its Operation, Installation and Operator Training                
                               M   OT and E Results                                                                             
                                   Documentation of Product/Application and its Operation, Installation and Operator Training   
Program Managers               C   Review  INFOSEC Needs for Acquired and Supported Information Systems with Defined System     
                                   CONOPS; Request INFOSEC Support, Participation in System Design Process and Reviews          
                                   Risk Assessments, Security CONOPS, T&E Requirements; INFOSEC Engineering Support, Product    
                                   and Technology Insertion, Architectural Considerations, Standards, C&A Support; Embedded     
                                   Product Guidance; Users' Security Requirements and Feedback                                  
                               M   Identify Needs for Products and Systems                                                      
                                   Acquired and Supported Products, Systems, Associated Documentation; DAA Functions;           
                                   Feedback on Information System INFOSEC Performance; Users' Security Requirements             
SECNAV &/or NISMC              C   INFOSEC Policy                                                                               
                                   Operational Feedback and Lessons Learned