PKI Solution Supports “Need-to-Share”

In spite of executive exhortations across the Intelligence Community (IC) to move from “need-to-know” to “need-to-share” data among diverse users, the mandate remains difficult to implement in practice. Adjudicating which users can and should access which data and implementing protections agreeable to data owners often leads to cumbersome solutions that require significant amounts of administrative overhead. In addition, administrative staff often becomes the ‘go between’ coordinating data access permissions between disparate data consumers and owners. This was exactly the situation at one IC location where valuable network status information was being accumulated by operations and was of interest to network operators, maintaners, troubleshooters, engineers, and planners across the enterprise.

The implementation of a unified login across platforms, coupled with granular access permission would provide the required convenience for users, control for data owners, and alleviate a significant amount of administrative upkeep and intervention.

∗ Implemented the first DNI-compliant PKI data service in the enterprise with a single sign-on for data access.
∗ Provided role-based access control with data owners granting access to data.
∗ Implemented Secure Socket Layer (SSL) encryption.
∗ Automated Certificate Revocation List (CRL) download and validation to ensure only valid users accessed data.

∗ Solution adopted by an identity and access program for broader application.
∗ Administrative overhead reduced significantly.
∗ Data owners increased their willingness to share data knowing that they had the keys to granting permissions and trusted the automated access controls, SSL encryption, and connection to the CRL.