Presentation is loading. Please wait.

Presentation is loading. Please wait.

NMFS FIS ER eSignature Project Risk Analysis October 1, 2008.

Similar presentations


Presentation on theme: "NMFS FIS ER eSignature Project Risk Analysis October 1, 2008."— Presentation transcript:

1 NMFS FIS ER eSignature Project Risk Analysis October 1, 2008

2 7/11/20082 NMFS eSignature Project Timeline Preliminary Schedule 7/25/08-- Stakeholder Communication Plan, which identifies stakeholders, the nature of their interest in NFMS eSignature solutions, their issues or concerns, points of contact and methods for keep relevant stakeholders informed and engaged. 8/27/08--Alternatives Analysis for technical approaches to eSignatures 10/1/08--Risk Assessment of pilots and assignment of assurance levels for pilots 10/15 Cost/Benefit Analysis or business plan template prepared according to NMFS procedural directive /31/08-Implementation Plan template prepared according to NMFS procedural directive /5/2008--Presentation of preliminary results to stakeholders 12/19/2008--Critique of final project documents.

3 Table of Contents Legal and Policy Context  GPEA  OMB Policy  NIST Technical Guidance E-Authentication Risk Assessment National Marine Fisheries Service Pilot Systems E-signature pilot recommendations based on risk assessment Next Steps

4 Legal and Policy Context for Electronic Authentication The Electronic Signatures in Global and National Commerce (E-SIGN) Act:  legitimates legal standing of e-signatures and contracts and transactions signed electronically. Technology neutral on e- signatures Government Paperwork Elimination Act--Section 1709(1) of GPEA reads:  “electronic signature” means a method of signing an electronic message that—(A) identifies and authenticates a particular person as the source of the electronic message; and (B) indicates such person’s approval of the information contained in the electronic message. E-Government Act of 2002—mostly emphasis on Privacy Impact Assessments

5 OMB e-Authentication Policy Does not proscribe technologies or even assurance levels Definitions from NRC’s Who Goes There? Privacy Implications of Authentication. Attribute describes a property associated with an individual an identity of X” is the set of information about an individual X associated with that individual in a particular identity system Y Identification is the process of using claimed or observed attributes of an individual to infer who the individual is Authentication-- is the process of establishing confidence in the truth of some claim  Individual authentication is the process of establishing an understood level of confidence that an identifier refers to a specific individual  Attribute authentication is the process of establishing an understood level of confidence that an attribute applies to a specific individual  Identity Authentication is the process of establishing an understood level of confidence that an identifier refers to an identity Authorization is the process of deciding what an individual ought to be allowed to do

6 Five Step Process for Determining Desired Assurance Level (OMB Policy)  Conduct risk assessment  Map identified risks to assurance level (Four levels outlined in next four pages)  Select technology based on NIST technical guidance  Validate that implemented system has achieved desired assurance level  Periodically reassess system to assure solution produces desired assurance.

7 4 Levels of Assurance—Level 1 Little or no confidence--A user presents a self-registered user ID or password to the U.S. Department of Education web page, which allows the user to create a customized “My.ED.gov” page. A third party gaining unauthorized access to the ID or password might infer personal or business information about the individual based upon the customization, but absent a high degree of customization however, these risks are probably very minimal. Some confidence High confidence Very high confidence

8 4 Levels of Assurance—Level 2 Little or no confidence Some confidence--An agency employee has access to potentially sensitive personal client information. She authenticates individually to the system at Level 2, but technical controls (such as a virtual private network) limit system access to the system to the agency premises. Access to the premises is controlled, and the system logs her access instances. In a less constrained environment, her access to personal sensitive information would create moderate potential impact for unauthorized release, but the system’s security measures reduce the overall risk to low. High confidence Very high confidence

9 4 Levels of Assurance—Level 3 Little or no confidence Some confidence High confidence--An agency employee or contractor uses a remote system giving him access to potentially sensitive personal client information. He works in a restricted-access federal office building. This limits physical access to his computer, but system transactions occur over the Internet. The sensitive personal information available to him creates a moderate potential impact for unauthorized release. Very high confidence

10 4 Levels of Assurance—Level 4 Little or no confidence Some confidence High confidence Very high confidence--A law enforcement official accesses a law enforcement database containing criminal records. Unauthorized access could raise privacy issues and/or compromise investigations.

11 Risk Assessment Process Two factors  Potential harm or impact (Selected examples to follow) Low Moderate High  Likelihood of harm or impact Low < 30 percent Moderate >30 and < 70 percent High > 70 percent

12 Categories of Harm and Impact from Risk Assessment Inconvenience, distress or damage to standing or reputation Financial loss or agency liability Harm to agency programs or public interest Unauthorized release of sensitive information Civil or criminal violations

13 Impact Examples for NMFS (Source: OMB Policy) Potential impact of unauthorized release of sensitive information:  Low—at worst, a limited release of personal, U.S. government sensitive, or commercially sensitive information to unauthorized parties resulting in a loss of confidentiality with a low impact (i.e., limited adverse effect on organizational operations if one fishers’ logbook is accessed by another unauthorized fisher)  Moderate—at worst, a release of personal, U.S. government sensitive, or commercially sensitive information to unauthorized parties resulting in loss of confidentiality with a moderate impact (i.e., serious adverse impact on organizational operations, which might include delaying an in-progress law enforcement activity).  High—a release of personal, U.S. government sensitive, or commercially sensitive information to unauthorized parties resulting in loss of confidentiality with a high impact (i.e., severe or catastrophic adverse effect on organizational operations, which might include compromising future law enforcement activities).

14 Impact Examples for NMFS (Source: OMB Policy) Potential impact of inconvenience, distress, or damage to standing or reputation:  Low—at worst, limited, short-term inconvenience, distress or embarrassment to any party, where NMFS and one or two parties know of a problem, but is not known to the general public.  Moderate—at worst, serious short term or limited long-term inconvenience, distress or damage to the standing or reputation of any party, which might involve one-time negative press reports for the agency.  High—severe or serious long-term inconvenience, distress or damage to the standing or reputation of any party (ordinarily reserved for situations with particularly severe effects or which affect many individuals, like when NFMS loses credibility across a whole region or for stewarding a particular species of fish.)

15 Impact Examples for NMFS (need to update with input from OLE or General Counsel OLE) (Source: OMB Policy) The potential impact of civil or criminal violations is:  Low—at worst, a risk of civil or criminal violations of a nature that would not ordinarily be subject to enforcement efforts.  Moderate—at worst, a risk of civil or criminal violations that may be subject to enforcement efforts.  High—a risk of civil or criminal violations that are of special importance to enforcement programs.

16 Assurance Level Impact Profiles Potential Impact Categories for Authentication Errors Inconvenience, distress or damage to standingLow Mod Mod High or reputation Financial loss or agency liability Low Mod Mod High Harm to agency programs or public interests N/A Low Mod High Unauthorized release of sensitive information N/A Low Mod High Civil or criminal violations N/A Low Mod High Potential Impact Categories for Authentication Errors OMB E-authentication Policy

17 NIST Special Publication Revisions from draft emphasized further that technology alone does not mitigate risk. Authentication technology works with policy and process to produce authentication solution Totality of authentication solution mitigates risks Does not proscribe technical solutions, but provides an array of options for each level of assurance

18 NIST Special Publication Authentication solutions for specified assurance levels Level 1  No identity proofing requirement at this level  Anonymous credential OK  Some assurance that the same claimant is accessing the protected transaction or data.  Wide range of available authentication technologies to be employed and allows any of the token methods of Levels 2, 3 or 4, including PINS.  May also use tunneled passwords and challenge/response protocols

19 NIST Special Publication Level 2  Identify proofing and registration provides sufficient assurance for relatively low risk business transactions with low probabilities of moderate impact from risk assessment.  Anonymous credential OK  A wide range of available authentication technologies can be employed at Level 2.  Any of the token methods of Levels 3 or 4, including passwords, are allowable  Successful authentication requires that the claimant prove through a secure authentication protocol (i.e., tunneled password protocol like SSL or TLS) that he or she controls the token.

20 NIST Special Publication Tokens are something that the user possesses and controls that may be used to authenticate the claimant’s identity. The user authenticates to a system or application over a network. A token shall include some secret information and it is important to provide security for the token. The three factors often considered as the cornerstones of authentication:  Something you know (for example, a password)  Something you have (for example, a cryptographic key or smart card)  Something you are (for example, a voice print or other biometric)

21 NIST Special Publication Hard token – a hardware device that contains a protected cryptographic key. Authentication is accomplished by proving possession of the device and control of the key. Soft token – a cryptographic key that is typically stored on disk or some other media. Authentication is accomplished by proving possession and control of the key. The soft token shall be encrypted under a key derived from a password known only to the user, so knowledge of a password is required to activate the token. One-time password device token - a personal hardware device that generates “one time” passwords for use in authentication. Password token – a secret character string that a claimant memorizes and uses to authenticate his or her identity.

22 NIST Authentication Mapping (Token Type) Level 1Level 2Level 3Level 4 Hard crypto token ÖÖÖÖ Soft crypto token ÖÖÖ Zero knowledge password ÖÖÖ One-time password device ÖÖÖ Strong password ÖÖ PIN Ö Note: This is not the assurance level for the authentication solution; just the token

23 Thoughts on Strong Passwords “People either choose not to use or make errors in systems that are not designed with their limits in mind; this can result in compromises to privacy.” (NRC Report Finding 4.1)

24 NMFS Electronic Reporting FIS (should we just lift from wiki or do this by reference?) National Permits Systems  Users and functionality  Transactions-data sensitivity and volume  Internal control processes Potential impact:  Inconvenience, distress or damage to standing or reputation:  Financial loss or agency liability:  Harm to agency programs or public interest:  Unauthorized release of sensitive information:  Civil or criminal violations: Likelihood of harm or impact: Presumed Assurance level:

25 NMFS E-Government Systems (cont.) E-logs  Users and functionality  Transactions-data sensitivity and volume  Internal control processes Potential impact:  Inconvenience, distress or damage to standing or reputation:  Financial loss or agency liability:  Harm to agency programs or public interest:  Unauthorized release of sensitive information:  Civil or criminal violations: Likelihood of harm or impact: Presumed Assurance level:

26 NMFS E-Government Systems (cont.) Fish/Trip Tickets  Users and functionality  Transactions-data sensitivity and volume  Internal control processes Potential impact:  Inconvenience, distress or damage to standing or reputation:  Financial loss or agency liability:  Harm to agency programs or public interest:  Unauthorized release of sensitive information:  Civil or criminal violations: Likelihood of harm or impact: Presumed Assurance level:

27 NMFS E-Government Systems (cont.) TBD  Users and functionality  Transactions-data sensitivity and volume  Internal control processes Potential impact:  Inconvenience, distress or damage to standing or reputation:  Financial loss or agency liability:  Harm to agency programs or public interest:  Unauthorized release of sensitive information:  Civil or criminal violations: Likelihood of harm or impact: Presumed Assurance level:

28 NMFS Risk Mitigation Through E-Authentication Policy  A  B Business process  ID proofing through NPS registration process  ? Technology  Data encryption (SSL or VPN) for confidentiality  User name/password to validate user identity May combine technologies or all three above to increase assurance level of solution

29 Recommended eSignature Solution Framework for NMFS NMFS policy, processes and technology provide a strong foundation for eSignature solutions eSignature technology does not assume all risk mitigation, as existing policy and process create a comprehensive authentication solution. Assuming any E-Authentication solution will work within existing risk mitigation processes,NMFS can use PIN and/or password for eSignature and E- Authentication for level 2 assurance for:  NPS  E-logs  Trip/Fish Tickets  Planned systems (subject to possible reanalysis) ?

30 Next Steps for Analysis This report contains a set of recommendation for assurance levels and potential e-authentication solutions Per OMB policy, check periodically that eSignature and e- authentication solutions provide desired assurance level Review and revise risk assessment for e-government applications as necessary when impact or probability of risks change Next Steps for Team  ?


Download ppt "NMFS FIS ER eSignature Project Risk Analysis October 1, 2008."

Similar presentations


Ads by Google