Know the Earth…Show the Way NATIONAL GEOSPATIAL-INTELLIGENCE AGENCY NGA NIPRNET Presentation to FLIP Coordinating Committee, Digital Working Group Larry

Know the Earth…Show the Way

NATIONAL GEOSPATIAL-INTELLIGENCE AGENCY

NGA NIPRNETPresentation to FLIP Coordinating Committee, Digital Working Group

NGA NIPRNETPresentation to FLIP Coordinating Committee, Digital Working Group

Larry Glick, (314) 263-4984, [email protected] Division, Office of Global Navigation5-7 Oct 2004

Larry Glick, (314) 263-4984, [email protected] Division, Office of Global Navigation5-7 Oct 2004

UNCLASSIFIED

UNCLASSIFIED

2


Know the Earth…Show the WayUNCLASSIFIED

What is NGA NIPRnet?

• A world wide accessible NGA web site which uses PKI for authentication

• Users can enter the site with a DoD level 3 certificate

• To gain access to NGA unclassified products users need to register at the site to become a member of the U.S. Only Community of Interest (USCOI)

3



Why do I need to register if I am authenticated with PKI?

• Because of the LIMDIS caveat on some of the data inside this domain, the NGA policy office (OIP) has indicated that though users are authenticated with the certificate, an additional process of authorization must occur prior to access to create an access control list

• This will be accomplished at the registration process along with a request to verify via e-mail that you are born a U.S. citizen or naturalized citizen from your supervisor/COR and your security officer

• Verification of your “Need to know” and U.S. government affiliation from your supervisor/COR and your security office

4



Using NGA’s PK Enabled NIPRNET

Internet UsersInternet Users

Registered

Non-Registered

Registration Required

5



How will my first log- in process be achieved?

• A User MUST present their DoD PKI X509 Certificate every time they use the system • Certificate can be encoded onto a Common Access Card (CAC - cryptographic hardware token)

• CAC must be inserted into a CAC reader and a PIN must be entered to gain access to the certificate

• Certificate can be encoded onto a floppy• Certificate must be installed into a browser

• A User MUST register the first time they use the system• Provide Basic user contact information• Provide Security Officer contact information

• User’s Clearance Level will be obtained• User’s Citizenship will be obtained

• Provide Supervisor contact information• User’s Need To know will be obtained• Identify U.S. Government Affiliation

• Provide COTR contact information (CONTRACTORS ONLY)• DoD or U.S. Contract Start and End Date will be obtained• DoD or U.S. Contract Number will be obtained• Identify U.S. Government Affiliation

6



Where to Obtain DoD PKI X509 Certificate• DoD Military and Civilian employees

• Contact NGA Help Desk @ (800) 455-0899• Request a DoD PKI X509 Certificate

• DoD Contractors with .mil email address• Contact NGA Help Desk @ @ (800) 455-0899• Request a DoD PKI X509 Certificate

• DoD Contractors with NO .mil email address• Contact one of three DoD APPROVED Commercial Vendors• Purchase a DoD PKI ECA/IECA X509 Certificate

• Operational Research Consultants (ORC) - http://eca.orc.com/• Digital Signature Trust (DST) -

http://www.digsigtrust.com/federal/dod_4.html• Verisign -

http://www.verisign.com/enterprise/government/ieca-dod.html

7



Planned removal of Aeronautical products from “www” and public

sale

NGA NIPRNET/PKI Aeronautical Data Implementation Schedule

NIPRNET/PKI Functionality Evaluation PeriodCoordination Period

Coordinate with Commercialvia Federal Register Certification/Allocation

Oct 04 Nov 04 Dec 04 Jan 05 Feb 05 Mar 05 Apr 05 May 05 Jun 05 Jul 05 Aug 05 Sep 05 Oct 05 Nov 05 Dec 05

ReconcileComments Operational Testing/Demo

NGA NIPRNET/PKIDeployment

Coordinate withServices

8




Know the Earth…Show the Way

Documents

Know the Earth…Show the Way NATIONAL GEOSPATIAL-INTELLIGENCE AGENCY NGA NIPRNET Presentation to FLIP Coordinating Committee, Digital Working Group Larry