Presentation is loading. Please wait.

Presentation is loading. Please wait.

Disclaimer The following presentation is an abbreviated description of 60FF-1, 60FF-2 and 60FF-3, Florida Administrative Code. The presentation is meant.

Similar presentations


Presentation on theme: "Disclaimer The following presentation is an abbreviated description of 60FF-1, 60FF-2 and 60FF-3, Florida Administrative Code. The presentation is meant."— Presentation transcript:

1 Disclaimer The following presentation is an abbreviated description of 60FF-1, 60FF-2 and 60FF-3, Florida Administrative Code. The presentation is meant to convey the general intent of the rules and the means by which the Department of Management Services will fulfill its statutory duties in providing the State communications network known as SUNCOM. This presentation and other SUNCOM documentation related to the rules are not substitutes for the actual rules nor do they provide comprehensive or final interpretations of the rules.

2 Reasons for SUNCOM Rule Changes Demise of State Technology Office STO owned SUNCOM rules under 60DD STO owned SUNCOM rules under 60DD Core of 60DD was over twenty years old Marketplace changes Industry competition led SUNCOM to replace leased backbone with public switched network services Industry competition led SUNCOM to replace leased backbone with public switched network services Technology changes Continuing ramifications of the Internet Protocol Continuing ramifications of the Internet Protocol Open systems Open systems Make rules comport with Statutes Subsection (3), F.S. calls for exemptions for use of communications services outside of SUNCOM Subsection (3), F.S. calls for exemptions for use of communications services outside of SUNCOM CPLA process had vague statutory basis, i.e. nothing in F.S. about hardware approvals CPLA process had vague statutory basis, i.e. nothing in F.S. about hardware approvals CPLA

3 Rule Change Process: Publications, Announcements and Input Required Administrative weekly Administrative weekly Workshop Workshop One Public Hearing (if requested) One Public Hearing (if requested)Additional Invitations to CIOs with drafts Invitations to CIOs with drafts Invitations to customers with drafts Invitations to customers with drafts Two extra public hearings Two extra public hearings Meetings with: Meetings with: J oint A dministrative P rocedures C ommittee T echnology R eview W orkgroup House, Senate and Governors Office staff Web site postings Web site postings Web site Web site Latest internal rule drafts Meeting announcements Log of input and changes Log of input and changes input input Posted rules Posted rules

4 Intent of New Rules Foster collaboration Minimize duplication Promote compatibility Leverage economies of scale Bulk purchasing power Bulk purchasing power Standardization of solutions Standardization of solutions Maximize network predictability and up-time Provide for basic network security Govern SUNCOM relationships With customers With customers With vendors With vendors

5 60FF-1 Highlights Definitions of terms Usage eligibility etc. Notices and requests to SUNCOM Notice of Security Concern Notice of Security Concern Exemption Request Exemption Request Clearance Request Clearance Request Network Solution Replacement Declaration Network Solution Replacement Declaration

6 Notice of Security Concern Notice of Security Concern 60FF-1.005, F.A.C. Notice of Security Concern Petitioners: Any customer using State Intranet Any customer using State Intranet Any vendor implementing an IP Network Solution for a SUNCOM customer Any vendor implementing an IP Network Solution for a SUNCOM customerNetwork Solution Network Solution Purpose: Notify SUNCOM of (potential) network security exposures Notify SUNCOM of (potential) network security exposures Establish collaborative conditions Establish collaborative conditions Get SUNCOMs help Get SUNCOMs help Secure SUNCOMs sanction Secure SUNCOMs sanctionCircumstances: A Customer establishes or is aware of existing or expected conditions not in compliance with SUNCOM security standards A Customer establishes or is aware of existing or expected conditions not in compliance with SUNCOM security standardssecurity standardssecurity standards A vendor plans to implement a Network Solution in violation of SUNCOM security standards A vendor plans to implement a Network Solution in violation of SUNCOM security standards SUNCOM possible responses Authorize Authorize Conditionally authorize Conditionally authorize Negotiate alternatives Negotiate alternatives Disallow Disallow Process

7 Exemption Request Exemption Request 60FF , F.A.C. Exemption Request Petitioners: Required User Required User Required User Required UserPurpose: To notify SUNCOM of a communications need To notify SUNCOM of a communications need Informal notice required upon identifying the Business Objective Business ObjectiveBusiness Objective Two-parts in escalating detail To obtain permission to use non-SUNCOM services To obtain permission to use non-SUNCOM servicesCircumstances: Seeking to use a Network Solution not provided by SUNCOM Seeking to use a Network Solution not provided by SUNCOMNetwork Solution Network Solution Using an existing Network Solution not provided by SUNCOM after December, 2008 if not previously approved through a CPLA Using an existing Network Solution not provided by SUNCOM after December, 2008 if not previously approved through a CPLA Expanding any CPLA approved Network Solution Expanding any CPLA approved Network SolutionCPLA Continuing to use a CPLA approved Network Solution after the CPLA term (contract) ends for anything other than Maintenance Continuing to use a CPLA approved Network Solution after the CPLA term (contract) ends for anything other than MaintenanceMaintenance SUNCOM possible response Seek collaboration Seek collaboration Approve Approve Conditionally approve Conditionally approve Deny and suggest the SUNCOM alternative Deny and suggest the SUNCOM alternative Process

8 Clearance Request Clearance Request 60FF , F.A.C. Clearance Request Petitioner: Eligible Users who are a part of the State Intranet and are not Required Users Eligible Users who are a part of the State Intranet and are not Required Users Eligible Users Required Users Eligible Users Required UsersPurpose: Prevent security exposures from Network Solutions not covered by Exemption Requests Prevent security exposures from Network Solutions not covered by Exemption RequestsNetwork Solutions Exemption RequestsNetwork Solutions Exemption RequestsCircumstances: Customer wishes to implement a non-SUNCOM IP based Network Solution Customer wishes to implement a non-SUNCOM IP based Network Solution SUNCOM Responses Seek collaboration Seek collaboration Approve Approve Conditionally approve Conditionally approve Deny and suggest the SUNCOM alternative Deny and suggest the SUNCOM alternative Process

9 Network Solution Replacement Declaration Network Solution Replacement Declaration 60FF-1.006, F.A.C. Network Solution Replacement Declaration Petitioner: Any SUNCOM customer Any SUNCOM customerPurpose: Verify termination of a Network Solution for which no exemption, CPLA or security sanction has been obtained Verify termination of a Network Solution for which no exemption, CPLA or security sanction has been obtainedNetwork Solution CPLANetwork Solution CPLACircumstances: Customer intends to discontinue use of an unsanctioned Network Solution or configuration Customer intends to discontinue use of an unsanctioned Network Solution or configuration Customer was unable to obtain necessary SUNCOM approval for a Network Solution Customer was unable to obtain necessary SUNCOM approval for a Network Solution SUNCOM Responses Acknowledge Acknowledge Negotiate more rapid replacement Negotiate more rapid replacement

10 60FF-2 Highlights Defines order processing and related responsibilities of SUNCOM, customers and vendors Codifies most of current process Codifies most of current process Allows for modernization Allows for modernization Governs payment processing for SUNCOM, customers and vendors

11 60FF-3 Highlights Provides conditions for changing or terminating services Provides Security Protection Standards Provides for address distribution and authorization on the State Network

12 60FF-3 Security Protection Standards Highlights Any conditions that allow for Unauthorized Activity are prohibited. Unauthorized Activity Unauthorized Activity Absent approval through a Notice of Security Concern, the following are prohibited when they are not managed by SUNCOM: Notice of Security ConcernNotice of Security Concern Backdoors Backdoors Virtual Connections with the State Intranet; Virtual Connections with the State Intranet; Tunnels with the State Intranet Tunnels with the State Intranet Remote access with the State Intranet. Remote access with the State Intranet. Authorization of these conditions and non-SUNCOM firewalls require the following: Firewall transaction logs and; Firewall transaction logs and; Appropriate and modern processes and tools for protecting the State Intranet and; Appropriate and modern processes and tools for protecting the State Intranet and; Trained staff and; Trained staff and; Monitoring activities and; Monitoring activities and; Necessary transparency for SUNCOM. Necessary transparency for SUNCOM. Use of scanning, discovery and automatic traffic generating tools must be approved to prevent: Alarming SUNCOM, its Providers and Customers. Alarming SUNCOM, its Providers and Customers. Impairing the State Network Impairing the State NetworkRemedies To limit damages and exposures To limit damages and exposures To establish liability and liquidated damages To establish liability and liquidated damages Return to sending page

13 60FF-3 Address Distribution Highlights SUNCOM will distribute or authorize all Internet Protocol Version Six (IPV6) addresses on the State Network Customers must register all private IPV4 addresses used outside of the customers Sub-network Sub-network SUNCOM will resolve duplicate usage in favor of the first to register SUNCOM will resolve duplicate usage in favor of the first to register Customers must provide a full listing of addresses upon request from SUNCOM

14 Summary of Rules Status Rules went into effect June 25 th, 2008 No more CPLAs CPLAs New processes now required Exemption Requests Exemption Requests Exemption Requests Exemption Requests Notices of Security Concern Notices of Security Concern Notices of Security Concern Notices of Security Concern Network Solution Replacement Declarations Network Solution Replacement Declarations Network Solution Replacement Declarations Network Solution Replacement Declarations SUNCOM will ultimately provide complete plain language guides that preclude the need to read most of the rules On-line Exemption forms have replaced on-line CPLAs On-line Exemption forms have replaced on-line CPLAs SUNCOM Portfolio of Services will contain plain language explanations and templates SUNCOM Portfolio of Services will contain plain language explanations and templates These guides are not substitutes for the rules (per disclaimer on first slide) These guides are not substitutes for the rules (per disclaimer on first slide)first slidefirst slide Future rule adjustments To correspond with AEIT rules To correspond with AEIT rules To improve and refine with legislation To improve and refine with legislation

15 Definitions Business Objective Business Objective Clearance Request Clearance Request CPLA Eligible User Eligible User Exemption Request Exemption Request Maintenance Network Solution Network Solution Network Solution Replacement Declaration Network Solution Replacement Declaration Notice of Security Concern Notice of Security Concern Required User Required User Sub-network Unauthorized Activity Unauthorized Activity Hit Esc to return to sending page

16 Definition: Business Objective An operational or cost savings benefit expected from use of Network Equipment, Software or Services. The mere implementation, ownership or use of Network Equipment, Software or Services or Communications Devices shall not be considered to be a genuine Business Objective. Return to sending page Definitions Table of Contents

17 Definition: C learance Request A request from a Customer, that is not a Required User, to implement a Network Solution that uses Internet technology and is not provided through SUNCOM. See 60FF & Return to sending page Definitions Table of Contents

18 Definition: CPLA Communications Purchase or Lease Authorization The means that was used by Required Users to seek and obtain approval from DMS to purchase or lease communications equipment prior to establishment of Chapter 60FF, F.A.C. Return to sending page Definitions Table of Contents

19 Definition: Eligible User Qualifying user of SUNCOM Services including state agencies, county and municipal agencies, public schools and districts, private, nonprofit elementary and secondary schools (provided they do not have an endowment in excess of $50 million), state universities, community colleges, libraries, water management districts, state commissions and councils, and nonprofit corporations. Any entity ordering or using or paying for a SUNCOM Service must be an Eligible User. Return to sending page Definitions Table of Contents

20 Definition: Exemption Request A request from Required Users seeking Department approval to use Network Solutions that are not provided through SUNCOM. See 60FF through 60FF-1.012, F.A.C. Return to sending page Definitions Table of Contents

21 Definition: Maintenance Activity to ensure the ongoing availability of a Network Solution through replacement of parts, software patches and associated services without expanding the scope, functionality, volume by more than 10% over the volume that was approved by SUNCOM, or changes to the architecture of the Network Solution. Return to sending page Definitions Table of Contents

22 Definition: N etwork Solution Use of Network Equipment, Network Software and/or Network Services to meet a Business Objective. Return to sending page Definitions Table of Contents

23 Definition: Network Solution Replacement Declaration A commitment from a Customer to replace a Custom Network Solution with a SUNCOM solution by a specific date. See 60FF-1.006, F.A.C. Return to sending page Definitions Table of Contents

24 Definition: Notice of Security Concern A statement warning DMS that a condition exists that may violate DMS Security Standards. See 60FF-1.005, F.A.C. Return to sending page Definitions Table of Contents

25 Definition: Required User All state agencies and state universities mandated to use SUNCOM in Section , F.S SUNCOM Network; exemptions from the required use SUNCOM Network; exemptions from the required use.-- (1) There is created within the Department of Management Services the SUNCOM Network which shall be developed to serve as the state communications system for providing local and long-distance communications services to state agencies, political subdivisions of the state, municipalities, state universities, and nonprofit corporations … (3) All state agencies and state universities are required to use the SUNCOM Network for agency and state university communications services as the services…If a SUNCOM Network service does not meet the communications requirements of an agency or university, the agency or university shall notify the State Technology Office in writing and detail the requirements for that communications service. If the office is unable to meet an agency's or university's requirements by enhancing SUNCOM Network service, the office may grant the agency or university an exemption from the required use of specified SUNCOM Network services. Return to sending page Definitions Table of Contents

26 Definition: Sub-Network Network established by Customers within, or attached to, the broader State Network that is maintained by SUNCOM. Return to sending page Definitions Table of Contents

27 Definition: Unauthorized… Access - Any sign-on and/or log-on activity accessing any part of the State Network and/or connected devices performed by an Unauthorized User. Activity - Unauthorized Access to, Unauthorized Connection to, Unauthorized Traffic on and Unauthorized Use of the State Network. Connection - Any virtual private network, private virtual circuit, extranet and/or point-to-point connection to the State Network that has not been disclosed to and recorded by the Department. Traffic - Any communications transported across the State Network that is not directly relevant to state business and/or that is directed to or from an Unauthorized User. User - Individual user not affiliated with and authorized by a current Customer of SUNCOM who is using the State Network. Return to sending page Definitions Table of Contents


Download ppt "Disclaimer The following presentation is an abbreviated description of 60FF-1, 60FF-2 and 60FF-3, Florida Administrative Code. The presentation is meant."

Similar presentations


Ads by Google