Truestone moves agencies to National Security System (NSS) authorized Smart Cards for access to classified networks.
Compliance with CNSS Policy No. 25
In response to recent well publicized events, there is a need to secure the classified systems by establishing a common identity credential to increase authentication strength, accountability for actions, and intelligence and analytic capabilities. As a result, one effort put forth by the Committee for National Security Systems (CNSS) in CNSS Policy No. 25 required all agencies use smart cards for access to classified systems, and rely on the policies, procedures and practices of the NSS-PKI Root Certificate Authority for issuance of certificates for the cards.
The Truestone Identity Mangement (IdM) Team was selected to lead the smart card implementation on the classified networks for WHS, OSD CIO and other DoD agencies. Drawing on the Truestone IdM Team's expertise from our established history with the WHS and OSD's implementation of the Common Access Card (CAC) on the NIPRNet, our team was tasked to plan, coordinate and execute the integration of the NSS SIPRNet smart card for WHS, OSD, and other DoD agencies. Through our leadership and expertise, the Truestone Identity Management team actively participated in the working groups to facilitate the development of the Committee for National Security Systems Registration Practice Statement (RPS) – the guiding policy document that governs the operation of certificate issuance for the SIPRNet and includes:
- Logical and physical security practices
- Certificate signing procedures
- Operating procedures for the Certificate Authority (CA) and Registration Authorities (RA)
- Certificate implementation plan
- All procedures and processes governing identity authentication, technical non-repudiation, data integrity and private communications inter-operability
Additionally, we coordinated the awareness and training requirements to ensure all subscribers, including system administrators, Trusted Agents, and end-users were provided with the necessary information to use and protect the SIPRNet smart card. As part of our expert support, we have provided detailed testing and analysis of the selected smart cards, smart card readers, and smart card middleware to ensure compliance with NSS specifications providing our recommendations to the DoD PKI PMO.
In addition to the project management and technical expertise, the Truestone IdM Team is also responsible for the day-to-day Registration Authority (RA) operations to support issuance and management of the SIPRNet smart card. To better track and report all issuance activities, the Truestone team designed a flexible and extensible database that has streamlined the smart card lifecycle management activities including card stock management, subscriber management, and issuance data elements. Streamlining the data management has enabled robust dashboard reporting mechanism capable of generating numerous reporting metrics, allowing daily, monthly and year-to-date reporting on issuance status and achieving a 99.8% accuracy rate.
Value to WHS
- Compliance with CNSS Policy No. 25
- Superior data accountability
- Long-term confidence in solution viability