Unmanned Aircraft Systems Roadmap 2005-2030 - Federation of ...
Unmanned Aircraft Systems Roadmap 2005-2030 - Federation of ...
Unmanned Aircraft Systems Roadmap 2005-2030 - Federation of ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
UAS ROADMAP <strong>2005</strong><br />
Information Security<br />
Information Assurance is defined as measures taken to protect and defend our information and<br />
information systems to ensure confidentiality, integrity, availability, and accountability, extended to<br />
restoration with protect, detect, monitor, and react capabilities.<br />
Secure Web Browsing<br />
This service identifies the protocol used to provide communications privacy over a network. The protocol<br />
allows applications to communicate in a way designed to prevent eavesdropping, tampering, or message<br />
forgery in e-mail packages. World Wide Web (WWW) services provide abilities for navigation and data<br />
transport across the Internet. The protocol encapsulates various higher-level protocols and is application<br />
independent.<br />
Web browsers and web servers must first attempt to use transport layer security (TLS), then use secure<br />
socket layer (SSL) 3.0 if TLS is not supported. It is expected that SSL 3.0 will not be supported in the<br />
future. The following standards are both mandated for securing the communications <strong>of</strong> web browsers and<br />
web servers:<br />
� SSL Protocol, Version 3.0, 18 November 1996. [SUNSET] This standard will be deleted when<br />
commercial Web servers employed by DoD and the IC community support TLS.<br />
� IETF RFC 2246, the TLS Protocol Version 1.0, January 1999.<br />
Secure Messaging<br />
This service applies to the use <strong>of</strong> security implementations for the defense message system (DMS), the<br />
access control capabilities for communications with allied partners and for e-mail. For systems required to<br />
interface with the DMS Release 3.0 for organizational messaging, the following standard is mandated:<br />
� Fortezza Interface Control Document, Revision P1.5, 22 December 1994. [SUNSET] This standard<br />
will be deleted when GIG enterprise services (GES) can provide secure messaging confirmation, to<br />
include authentication, delivery and encryption. Allied communications publication (ACP) 120 was<br />
developed to take advantage <strong>of</strong> X.509 version 3 certificates, in particular the subject Directory<br />
Attribute extension that contains the clearance attribute or the security label. This security label<br />
provides for access control based not only on hierarchical classification, but also for compartments,<br />
categories, and citizenship.<br />
� For DoD message systems required to process both unclassified and classified organizational<br />
messages using DMS Release 3.0, the following messaging security protocol is mandated.<br />
� ACP-120, Allied Communications Publication 120, Common Security Protocol (CSP), Rev A, 7 May<br />
1998. [SUNSET] This standard will be deleted when GES can provide secure messaging<br />
confirmation, to include authentication, delivery and encryption.<br />
To support the access control capabilities <strong>of</strong> ACP 120, the following security label standards are<br />
mandated:<br />
� ITU-T Recommendation X.411 (1999)/ISO/IEC 10021-4:1999, Information Technology – Open<br />
<strong>Systems</strong> Interconnection – Message Handling <strong>Systems</strong> (MHS) – Message Transfer System: Abstract<br />
Service Definition Procedures. [SUNSET] This standard will be deleted when GES can provide<br />
secure messaging confirmation, to include authentication, delivery and encryption.<br />
� ITU-T Recommendation X.509 (2000)/ISO/IEC 9594-8:2001, Information Technology – Open<br />
<strong>Systems</strong> Interconnection – The Directory: Public Key and Attribute Certificate Frameworks, 2001,<br />
with Technical Corrigendum 1:2002, and Technical Corrigendum 2:2002.<br />
� ITU-T Recommendation X.481 (2000)/ISO/IEC 15816-12:2000, Information Technology –Security<br />
Techniques – Security Information Objects for Access Control. [SUNSET] This standard will be<br />
deleted when GES can provide secure messaging confirmation, to include authentication, delivery<br />
and encryption.<br />
APPENDIX E – INTEROPERABILITY STANDARDS<br />
Page E-12