Jump to Content

Trusted Information Infrastructure™ (TII™)

Information has quickly become one of the most valuable resources of a nation. Governments around the world have devised information assurance programs to ensure the integrity, availability, and confidentiality of their data. Decades ago, these information assurance programs developed a wide range of physical security mechanisms to protect the information and the sources and methods in which the information was gathered. The most common practices for security are classification levels and compartments.

For almost a decade, CSCI has been developing TII to meet the DCID 6/3 and Common Criteria 2.0. TII was designed in accordance with the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP). TII structure is sectioned into three pillars of technology; Wide Area Network (WAN) Security, PL3 Common Operating Environments (COE) in Local Area Networks (LAN), and PL4 Controlled Interface. Six major objectives formed the underlying foundation in the development of TII: use of Commercial-off-the Shelf (COTS) products, re-use current infrastructure, network centric security approach, defense-in-depth security approach, reduction in cost of Total Cost of Ownership (TCO), and simplified training and administration.

What is TII™?

The primary concept behind TII for deployment is to incorporate the "Stove Piped" PL2/System High computer networks and convert those networks into a PL3/ Compartmented COE using COTS products, and allowing electronic communications between the PL3 LANs through a PL4 Controlled Interface.

Diagram depicting how TII™ works.

Current policy states each LAN is a separate entity in a WAN environment; DCID 6/3 mandates that each LAN is required to have a firewall and intrusion detection system. TII has incorporated two additional technologies for added security: Virtual Private Networks (VPN) and Content Inspection (CI). In the PL3 COE information is compartmented within Trusted PrOMIS (TP™) through a Mandatory Access Controls (MAC) system. Within the PL4 there are three types of electronic data movement and unique directory service capabilities. SARMIS™ populates the personnel, facility, and program/compartmented access through the TII environment.

Back to Top Background

In 1983, the US Government recognized that classified information was being processed and transmitted by computers. Information assurance programs became conscious of a breakdown in physical security mechanisms, because computer networks did not yield to inbred security posture. The US Department of Defense (DoD) developed guidance for Automated Information Systems (AIS) in the Trusted Computer System Evaluation Criteria (TCSEC). These TCSEC requirements were better known as the Orange and Red books in the Rainbow Series.

In 1995, US Government Information Assurance Programs recognized the need to standardize physical and AIS security practices. DoD authored guidance in the form of the National Industrial Security Program Operating Manual (NISPOM), in which the US Federal Government and Industry would operate within the classified community. The NISPOM defined the mode of operations (e.g., standalone, dedicated, system high, compartmented, multi-level security) and the requirement for each AIS to undergo an independent certification and accreditation process prior to operating with classified information. With the migration from mainframes to client/server computer networks and client computers managing multiple operations, DoD started developing the concept of the Defense Information Infrastructure Common Operating Environment (DII COE).

The US Government's philosophy toward classified Information Systems started taking shape toward a System High environment for each level of classification due to many external factors such as budgetary constraints, cost and timeline of certification and accreditation process, and information warfare. System High environments do not adopt one of the basic security practices, compartmentation. "Super Users" are a by-product of the nonexistence of compartmentation.

In 1998, DoD established new guidance for Information Technology (IT) systems with the Director of Central Intelligence Directive (DCID) 6/3. The DCID 6/3 concentrates on integrity, availability and confidentiality of the information.

Back to Top Capabilities

Process Function Features
Centralized
Management		 Network &
System Management		 Audit
Switch Management
Database Management
Scalability
High Performance
Advanced Storage
  Configuration Control Asset Management
Automated Software Delivery
Enhanced Security
Anti–Virus
Global Directory Services Access Management Directory Services
Centralized Access Control Mgmt.
SARMIS™
Compartmented Mining and Warehousing Disaster Recovery ASO
  Data Compartmentation (PL3) TP2 / Workflow
  Controlled Interface (PL4) Secure Data Movement
Mobile Computing Secure Wireless Extended Enterprise Resources
LEAP
RADIUS
Future
Enterprise Security Operation Center Global Auditing Services Adv. Security Event Correlation
Root—Cause Analysis
Intelligent Predictive Trend Analysis
Real—Time Reporting
Risk Assessment
IT Cost Management Service Level Agreements Budgeting and Cost Allocation

Back to Top Approach
  • Phase 1
    • Develop statement of work
    • Site assessment: clients' current architecture, infrastructure, hardware, and software
    • Provide detailed recommendations and assessment findings report
  • Phase 2
    • Develop work breakdown structure, teaming assignments, and timeline
    • Define knowledge transfer players
    • Develop project plan with success criteria and milestones
    • Review success criteria and deliverable schedule with client
  • Phase 3
    • Procurement
    • Integration
    • Installation
    • Testing
  • Phase 4
    • Migrate existing infrastructure and architecture to PL3 network
    • User training
    • Continued maintenance
Back to Top