Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
UNCLASSIFIED
UNCLASSIFIED
IT Asset Management Information Exchange Forum
Session: 2
NETCOM/9th SC(A)
Ms. Elizabeth Floyd, NETCOM G5
Ms. Benita Vasiloff , NETCOM G3
Mr. Tom Stuckey, MITRE
UNCLASSIFIED
UNCLASSIFIED
• ITAM Overview:
-Architecture
-Accomplishments to date
-Challenges
-Work to be Done
• Operationalizing ITAM:
- Requirements
- Establishing Data Feeds
- ITAM Knowledge Management
- ITAM Access
• ITAM Demonstration
2 2011-08-23 (1445-1600) // Information Technology Assest Management IEF Session: 2, Track: NETCOM/9th SC(A)
UNCLASSIFIED
UNCLASSIFIED
• WHAT: ITAM aggregates automatic collection of asset information by
enterprise NetOps capabilities. It supports NetOps, Active Defense, and
Business planning and decision making processes becoming a model for data
sharing across DOD and authoritative source for consolidated sensor data.
• WHERE: Capability to be hosted by DISA – repository on SIPR, CCRM on
NIPR, and data extraction services on NIPR and SIPR.
• HOW: Spiral rollout based on mission priorities. Initial focus on ITAM
repository, data extraction layer, and CDS filter development.
• WHY: Provide the Commander situational awareness across the Army
Enterprise; target response to vulnerabilities, support LCR, acquisition, reporting,
analysis and business requirements of the Army.
• WHEN: Spiral 1 IOC 1Qtr FY12; FOC 2Qtr FY12
3 2011-08-23 (1445-1600) // Information Technology Assest Management IEF Session: 2, Track: NETCOM/9th SC(A)
UNCLASSIFIED
UNCLASSIFIED
• IOC: 1Qtr FY12
―DISA hosting environment established
―ITAM repository established
―SIPR data feeds established
―Widgets accessing data demonstrated
• FOC: 2Qtr FY12
―Cross domain solution operational
―NIPR data feeds established
―Widgets accessing data demonstrated
ITAM spiral 1 includes SIPR/NIPR data elements from HBSS, SCCM,
REM/Retina, CA IT Client Manager. Data availability is dependent upon CDS
availability for NIPR data, SCCM fielding, and compliance with REM/Retina
EXORD mandating scope and frequency of network scanning.
4 2011-08-23 (1445-1600) // Information Technology Assest Management IEF Session: 2, Track: NETCOM/9th SC(A)
UNCLASSIFIED
UNCLASSIFIED
Data Sources:
• ITAM EXORD directs creation of read only accounts to facilitate data extraction and exposure.
Developed ICW ACOIC. Release anticipated 4 Qtr FY11 to begin establishing SIPR data feeds
4Qtr FY11 and NIPR data feeds 1Qtr FY12.
DISA Services:
• CDS completed phase 2.
• DISA is on track to meet 1 Sep suspense to provision all environments.
ITAM Repository:
• Established test environment to begin testing data extraction layer and data connections
• Prepares for CDS ST&E 4Qtr FY11.
6
CONUS-N CONUS-S EUR-N EUR-S KOR-N KOR-S PAC-N PAC-S SWA-N SWA-S Total
CA 1 1
HBSS 1 1 1 1 1 3 8
REM 15 5 1 1 1 1 1 1 1 1 28
SCCM 13 1 1 1 1 1 18
Total 30 7 2 2 2 2 2 2 2 4 55
Spiral 1 NetOps Tools Tier 0/1
2011-08-23 (1445-1600) // Information Technology Assest Management IEF Session: 2, Track: NETCOM/9th SC(A)
UNCLASSIFIED
UNCLASSIFIED 7 2011-08-23 (1445-1600) // Information Technology Assest Management IEF Session: 2, Track: NETCOM/9th SC(A)
10/1/2010 3/31/2012
1/1/2011 4/1/2011 7/1/2011 10/1/2011 1/1/2012
1QFY11 2QFY11 3QFY11 4QFY11 1QFY12 2QFY12
· Redirection to XML ITAM
· ITAM Arch validated
· WSDL published
· DISA SRF final
· Funding rcv’d
· CDVAR submitted &
apprvd
· Acq pkg submitted
· ITAM EXORD draft
· Sp1 sites identified
· DISA MIPRs accptd
· CDTAB results
· Extraction test began
· Software rcv’d
· DB installed
· Est extraction svc
· Est RESTful web svc
· CDS ST&E
· Verify read only accts
· Establish SIPR feeds
· Release ITAM EXORD
· Develop example
widgets
· DISA provisions
environ
· DSAWG approves
ST&E
· CDS risk analysis
· Verify SIPR transfers
· Spiral 1 IOC
· CDTAB recommends
CDS ATCDSAWG
approves CDS ATC
· Establish NIPR feeds
· Verify NIPR transfers
· Test widgets/verify
data
· Spiral 1 FOC
UNCLASSIFIED
UNCLASSIFIED 8
• Continue planning ICW ACOIC, Theater Commands, and TNOSCs for phased
integration of data feeds by theater.
• Identify, document, and publish repeatable process for ITAM access.
• Schedule next requirements elicitation session with communities of interest;
anticipate Jan 2012 timeframe.
•Identify requirements for and develop business logic to provide tiered access to
ITAM.
2011-08-23 (1445-1600) // Information Technology Assest Management IEF Session: 2, Track: NETCOM/9th SC(A)
UNCLASSIFIED
UNCLASSIFIED
• Critical to identify operational requirements – drives data ITAM
collects and aggregates.
• ITAM Spiral 1 requirements focused on asset visibility as
defined by the following:
― Army Cyber Operations Integrations Center
― Enterprise Licensing Agreements
― Army Data Center Consolidation Plan
• Subsequent spirals will address other data, data quality, and
other elements as operational requirements dictate.
• Anticipate next requirements elicitation workshop – 2QFY12.
2011-08-23 (1445-1600) // Information Technology Assest Management 9 IEF Session: 2, Track: NETCOM/9th SC(A)
UNCLASSIFIED
UNCLASSIFIED
• Based on spiral 1 requirements, data will be collected from
the following toolsets on both NIPR and SIPR: HBSS, SCCM,
REM/Retina, and CA ITCM.
• All organizations operating SCCM and REM Tier 1s, and CA
ITCM Tier 0s and HBSS ePOs will create Windows domain
read-only accounts on the back-end database for both NIPR
and SIPR instances with privileges to all database tables and
views.
• An EXORD will soon be released that directs these
requirements.
• Currently developing data feed integration schedule with
ACOIC, Signal Commands, and TNOSCs. 2011-08-23 (1445-1600) // Information Technology Assest Management 10 IEF Session: 2, Track: NETCOM/9th SC(A)
UNCLASSIFIED
UNCLASSIFIED
ITAM project information available at https://ascsp.osc.army.mil/sites/NETCOM/default.aspx
ITAM
Information Area for
technical and project documentation
2011-08-23 (1445-1600) // Information Technology Assest Management 11 IEF Session: 2, Track: NETCOM/9th SC(A)
UNCLASSIFIED
UNCLASSIFIED
• Access via SIPR only and limited to authorized users.
• CIO/G6 Cyber Directorate and the Army Cyber Operations
Integration Center are developing the authorized user criteria
and process for requesting access. This process is
anticipated late Sep 2011.
• Data consumable via web services (widgets) based on user
information requirements. Web Services Development Library
is available now on MilBook:
https://www.milsuite.mil/book/groups/information-technology-
asset-management
• Start developing your widgets now.
2011-08-23 (1445-1600) // Information Technology Assest Management 12 IEF Session: 2, Track: NETCOM/9th SC(A)
UNCLASSIFIED
UNCLASSIFIED
Ozone Widgets
Sharepoint Web-part
Google Mash-up
13 2011-08-23 (1445-1600) // Information Technology Assest Management IEF Session: 2, Track: NETCOM/9th SC(A)