2. PAGE 2 | CONFIDENTIAL | TSCP| Aerospace & Defense Industry Challenges Customer Lead Contractor Manufacturing Subcontractor Manufacturing & Design Subcontractor Extended Enterprise Distributed Engineering & Manufacturing Teams & Supply Chain National/International The Threats The Risks The Regulations Increased focus Solutions can’t be done independently by every enterprise Requires a cooperative ‘team’ approach to avoid unique solutions that will drive cost Need acceptance by National Defense Departments Need Industry Approach Single Sign-On AZN Services Information Rights Access Provisioning Directory Services Bridge CAs Collaboration Focused Architecture Identification  Authentication  Authorization Information Application Operating System Network Physical Solution

3. PAGE 3 | CONFIDENTIAL | TSCP| Government-industry partnership specifically focused on mitigating the risks related to compliance, complexity, cost and IT that are inherent in large- scale, collaborative programs that span national jurisdictions. To do business in the world today, A&D companies must balance the need to protect intellectual property (IP) while demonstrating willingness and ability to meet contractual requirements from government customers for auditable, identity-based, secure flows of information. Common Framework for Federated Collaboration Identity Management & Assurance: Provide assurance that collaborative partners can be trusted Meet government agencies’ emerging requirements for identity assurance across domains Establish common credentialing standards that accommodate and span national jurisdictions Protect personal privacy data of employees Data Protection: Define fine grain access right attributes for data labeling and data right’s management Establish “Application Awareness” Demonstrate compliance with export control regulations Protect corporate IP in collaborative and other information sharing programs Facilitate Secure Collaboration: Provide collaborative toolsets that will interoperate with customers and suppliers Facilitate re-use collaborative capabilities among multiple programs

4. PAGE 4 | CONFIDENTIAL | TSCP| Leverages business processes for the A&D Industry Reduced Supplier on boarding/network costs (benefit to both A&D and Supply Base) Accelerated time to value for supply chain management technology initiatives Enhanced Security through strong authentication Authenticated Assurance through access management The chain of trust to extend to our contractors. A&D companies are responsible for vetting and supplying. At any given time, within the A&D global supply-chain, there are approximately 300,000 supplier companies working on government contracts, representing roughly 3 to 4 million individuals. Certification and Accreditation of components inherent to the Credentialing Process Leveraging the A&D Supply chain “TSCP” A&D Companies discussing Cost sharing for a supplier credential using TSCP specifications e.g. “ECA’s & Keyfobs “TSCP” A&D Companies discussing Cost sharing for a supplier credential using TSCP specifications e.g. “ECA’s & Keyfobs

5. PAGE 5 | CONFIDENTIAL | TSCP| TSCP’s Strategic Plan Development – Business Driven Export Control Regulations Privacy Company Policies Eg. ITAR, Export Control Act…. Company-specific policies Eg. Privacy Act of 1974, Data Protection Act….. Areas of Common Business Challenge Holistic Approach to Addressing Common Security Concerns - Identity Management - Information Protection - Information Labeling……. Advance Persistent Threats HSPD 7, cooperation with the DoD & Industry Common Operating Rules, Governance & Oversight Tools & Skills Supportive Business Practices TSCP Strategic Objectives Strategic Architecture Capability Roadmaps, Action Plans and Project Schedules Mapped to Results in Execution and Deployment Information Management eg. IAP Prioritized Areas of TSCP Attention Identity & Access Management Eg. Web authentication Secure Electronic Exchange Document sharing Secure e-mail

6. PAGE 6 | CONFIDENTIAL | TSCP| Problem Statements Use Cases TSCP Methodology Approved Product List Specifications Participant Implement Gold Members Silver Members Silver Members General Availability to make it a standard Existing Programs Existing Programs Future Programs Future Programs Enterprise Programs Enterprise Programs Large Scale Collaborative Programs Managing Security Risks Multi-National Compliance TSCP Members TSCP Development & Delivery Process Stage 0 Stage 1 & 2 Stage 3 Stage 4 Platinum Platinum, Gold, Silver Platinum Platinum, Gold

7. PAGE 7 | CONFIDENTIAL | TSCP| TypePriority Need to secure TypePriority Need to secure Document sharing HH Email HM Web forums MM Instant Msg HH Access to info on intranets HH Voice HM Collaborative Engineering HH Video Conf LM User access to web application HH Web Conf MH Application to application HH TSCP specification in public domain Information sharing types and TSCP progress PersistentTransient TSCP participant has tested TSCP have tested / in production

8. PAGE 8 | CONFIDENTIAL | TSCP| TSCP Objectives: Deploying Capabilities to the Programs 2003 Phase 1 Secure Collaboration Framework “Generic DMZ Requirements” 2008 – 2009 - 2010 Phase 2 Export Compliance and Collaborative Identity Mgmt “Commercial Bridge” Requirements …2007 TSCP Roadmap Phase 3 – Present Validation through Pilots/Prototypes e.g. Secure e-mail, PKI identity management, Data Model for Export Compliance, Federation testing and compliance Development of international policy on identity management Increasing international engagement with governments, companies and vendors Transition to production – CertiPath, Secure Email, Document Sharing Acceptable export compliance rule sets to enable decision making TSCP Roadmap …. A&D Secure Email Company Enterprise Army Programs “FCS” Navy Programs “Astute” Air Force Programs “EuroHawk” New Business Proposals War Fighter & other Programs Proposals Access Management/ Secure Badge Portals SiteMinder Enterprise Share Point Global Supplier Portal Microsoft “Geneva” ADFS Company Portals Secure Email DOD JITC Certification DOD Cross Certification Contractor Credential Certification MS Team Center Share Centers Data Apps MS Office Enterprise Secure Information Sharing TSCP Significant Milestones & Achievements DoD PKI Policy Change: Memorandum for Approval of External Public Key Infrastructures (PKI) at medium or higher hardware level of assurance - working directly with DoD on joint test plan for secure collaborative email and web Authentication A&D companies Bi-Lateral Trust with DOD A&D Credentials accepted by DOD Programs Joint Interoperable Testing Command(JITC) testing completed as a result of TSCP. TSCP Secure Collaborative Email with A&D CertiPath members completed. TSCP Significant Milestones & Achievements DoD PKI Policy Change: Memorandum for Approval of External Public Key Infrastructures (PKI) at medium or higher hardware level of assurance - working directly with DoD on joint test plan for secure collaborative email and web Authentication A&D companies Bi-Lateral Trust with DOD A&D Credentials accepted by DOD Programs Joint Interoperable Testing Command(JITC) testing completed as a result of TSCP. TSCP Secure Collaborative Email with A&D CertiPath members completed. TSCP Member Test & Production Environments …

9. PAGE 9 | CONFIDENTIAL | TSCP| TSCP Fun Facts - Things to Know Over 100 engineers work TSCP work streams daily Defining requirements Secure Email and Data Sharing Architecture and design teams, Development and integration teams Prototyping, Documentation and configuration management Executive CIO Forum CIO’s & CTO’s of Government & A&D Companies Key decision makers that create or implement Policies TSCP Government Issues Committee “New” TSCP Government representatives “DOD, GSA, UK MOD, France, Netherlands MOD” Evaluate policies that relate to TSCP’s work and objectives to identify and address gaps between policy requirements and commercial solutions TSCP Cyber Committee “New” TSCP GB Members including Government Cyber Leads TSCP Government Industry Outreach organization Legal Advisor Working Group (LAW) 15 attorneys including Commercial & Government members Common Intellectual Property Issues for Global supply-chain Teaming documents and related “Program” contractual flow down Procurement Supply Chain “Business Model” TSCP Member and Government procurement representatives HSPD-12 PIV-I Credentialing Committee (Logical / Physical) TSCP GB and Governments members Draft PIV-I Specification document released to governments end of August On-boarding, proofing & vetting in global supply chain Export / ITAR Team (EIT) “New” ITAR and Export “Usage” data mapping “New DOD” Data Label Document – working team, Compliancy

10. PAGE 10 | CONFIDENTIAL | TSCP| TSCP Value Proposition Common approaches among TSCP participants leverages each others investment and maximizes expertise and solutions to support business needs. Brings more resources and experts to bear on problem areas and ‘gaps’ – coordinated solutions with product vendors (eg Microsoft) Common solutions used across all programs facilitate “trusted information sharing” resulting in lower costs. Enhances supplier/partner business relationships by evolving secure collaborative solutions – encourages solution re-use United industry and government influence on vendor product directions and solutions. Support for standards-based solutions versus proprietary solutions T S C P

11. PAGE 11 | CONFIDENTIAL | TSCP| 11 CONFIDENTIAL Questions?