Federal & NASA IPv6 Updates

Similar documents
14 January 2013 Presented by: Kevin L. Jones Agency IPv6 Transition Manager

USGv6: US Government. IPv6 Transition Activities 11/04/2010 DISCOVER THE TRUE VALUE OF TECHNOLOGY

Department of Veterans Affairs Internet Protocol Version 6 (IPv6): North American IPv6 Summit

DoD Internet Protocol Version 6 (IPv6) Contractual Language

IPv6 Transition Progress

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

Federal Government Adoption of Internet Protocol Version 6 (IPv6) Frequently Asked Questions. Updated: November 4, 2011

IPv6 Adoption in the US Government

Meeting the OMB FY2012 Objective: Experiences, Observations, Lessons-Learned, and Other Thoughts

Introduction to AWS GoldBase

NIST SP : Guidelines for the Secure Deployment of IPv6

Government of Canada IPv6 Adoption Strategy. IEEE International Conference on Communications (ICC 12) June 14 th, 2012

Introduction to the Federal Risk and Authorization Management Program (FedRAMP)

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

U.S. Department of Education Enterprise Architecture Program Office (EAPO)

DHS Cloud Strategy and Trade Nexus. May 2011

Click to edit Master title style

Department of Defense Fiscal Year (FY) 2015 IT President's Budget Request Defense Contract Audit Agency Overview

Information Systems Security Requirements for Federal GIS Initiatives

Consolidation Committee Final Report

Oregon Fire Service Conference Enterprise Security Office Update. October 26, 2018

CONNECTING CLOUD ENVIRONMENTS TO HSCN

DHS Overview of Sustainability and Environmental Programs. Dr. Teresa R. Pohlman Executive Director, Sustainability and Environmental Programs

AUTHORITY FOR ELECTRICITY REGULATION

MNsure Privacy Program Strategic Plan FY

NORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives

Strategic Action Plan. for Web Accessibility at Brown University

Planning Guide/Roadmap Toward IPv6 Adoption within the U.S. Government. Strategy and Planning Committee Federal Chief Information Officers Council

Track 4: Session 6 Cybersecurity Program Review

Federal Data Center Consolidation Initiative (FDCCI) Workshop III: Final Data Center Consolidation Plan

Akamai White Paper. FedRAMP SM Helps Government Agencies Jumpstart their Journey to the Cloud. FedRAMP. Federal Risk Authorization Management Program

Annual Report for the Utility Savings Initiative

FedRAMP Security Assessment Framework. Version 2.1

Federal Government. Each fiscal year the Federal Government is challenged CATEGORY MANAGEMENT IN THE WHAT IS CATEGORY MANAGEMENT?

Integrated Cyber Defense Working Group (ICD WG) Introduction

IPv6 Implementation Update DREN and SPAWAR

Leveraging the LincPass in USDA

ACF Interoperability Human Services 2.0 Overview. August 2011 David Jenkins Administration for Children and Families

FedRAMP Security Assessment Framework. Version 2.0

National Strategy for CBRNE Standards

IT-CNP, Inc. Capability Statement

OFFICE OF THE UNDER SECRETARY OF DEFENSE 3000DEFENSEPENTAGON WASHINGTON, DC

Federal Data Center Consolidation Initiative (FDCCI) Workshop I: Initial Data Center Consolidation Plan

Agency Guide for FedRAMP Authorizations

The U.S. Government s Role in Standards and Conformity Assessment

ABOUT THE GSS BUYING EVENT (SEPTEMBER - DECEMBER 2016)

Department of the Navy Data Server and Data Center Waiver Scope Matrix and FAQ

Actions to Improve Chemical Facility Safety and Security A Shared Commitment Report of the Federal Working Group on Executive Order 13650

NC Education Cloud Feasibility Report

Sonatel: An IPv6 Experience

Threat and Vulnerability Assessment Tool

USAF Environmental Management System Update

Innovating with Less Across the Federal IT Portfolio: The Role of Shared Services and Enterprise Architecture

OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA

SD-WAN Transform Your Agency

10 Considerations for a Cloud Procurement. March 2017

In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.

Recommendations of the ad-hoc XML Working Group To the CIO Council s EIEIT Committee May 18, 2000

Contemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance

6/5/ Michael Hojnicki Chief of Technology and Administrative Services

Connecticut Department of Department of Administrative Services and the Broadband Technology Opportunity Program (BTOP) 8/20/2012 1

Lunch with John Curran. President and CEO, ARIN

IPv4 Exhaustion at ARIN

Hybrid WAN Operations: Extend Network Monitoring Across SD-WAN and Legacy WAN Infrastructure

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Government of Ontario IT Standard (GO-ITS) Number 30.2 OPS Middleware Software for Java Platform

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION

Government of Ontario IT Standard (GO ITS)

Migration Technologies. Dual Stack and Tunneling Using GRE, 6to4, and 6in4.

Microsoft Skype for Business

Architecture and Standards Development Lifecycle

WEB ACCESSIBILITY. I. Policy Section Information Technology. Policy Subsection Web Accessibility Policy.

Vol. 1 Technical RFP No. QTA0015THA

How Cisco IT Deployed Cisco Firewall Services Modules at Scientific Atlanta

DON XML Achieving Enterprise Interoperability

Government of Ontario IT Standard (GO ITS) GO-ITS Number 56.3 Information Modeling Standard

Open Source

Governance for the Public Sector Cloud

Total Protection for Compliance: Unified IT Policy Auditing

The U.S. National Spatial Data Infrastructure

Ensuring System Protection throughout the Operational Lifecycle

IPv6 Deployment Lessons-Learned and Keys to Success

Office of Acquisition Program Management (OAPM)

6/18/ ACC / TSA Security Capabilities Workshop THANK YOU TO OUR SPONSORS. Third Party Testing Program Overview.

Federal Mobility: A Year in Review

FiXs - Federated and Secure Identity Management in Operation

General Information Technology Controls Follow-up Review

Practical IPv6 for Government

ICSP Section 508 System Catalog Meeting. Wednesday, February 29, 2012

Information Technology Procedure IT 3.4 IT Configuration Management

National Information Assurance Partnership (NIAP) 2017 Report. PPs Completed in CY2017

Identity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition

National Policy Governing the Use of High Assurance Internet Protocol Encryptor (HAIPE) Products

Policy: EIT Accessibility

INFORMATION ASSURANCE DIRECTORATE

e-manifest ASTSWMO August, 2017 Joint Solid and Hazardous Waste Conference U.S. Environmental Protection Agency

DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure

Microsoft SharePoint Server 2013 Plan, Configure & Manage

Accessibility Implementation Plan

Transcription:

Federal & NASA IPv6 Updates LinkedIn Headquarters Sunnyvale, CA Kevin L. Jones NASA IPv6 Transition Manager April 26, 2017 December 1, 2016

September 28, 2010 OMB Memo USG IPv6 Implementation Goals 1. FY2012 Goal: Enable IPv6 in public services (e.g. DNS, Email, Web, IP services) Rationale: Ensure citizen services are available via IPv6 2. FY2014 Goal: Enable IPv6 Internal Internet capable client systems Rationale: Ensure USG can access IPv6 enabled public services 3. Acquisitions: Ensure Internet capable purchases are IPv6 compliant Rationale: Leverage technology refreshes to obtain IPv6 enabled infrastructure 2

Fedv6 FY2012 Goal Testing Tools Publicly Available Website Testing Tools http://ipv6-test.com/validate.php http://ip6.nl http://ready.chair6.net/ https://www.mythic-beasts.com/ipv6/health-check NIST Deployment Monitor Publicly measures IPv6 status of public websites for USG, Industry and Universities https://usgv6-deploymon.antd.nist.gov/govmon.html 3

Fedv6 FY2012 Goal Status FY2012 Goal Accomplishments Progress is slow but noticeable All agencies have made some level of progress, resulting in a lot less red on the NIST Deployment Monitor Majority of the DNS is IPv6 enabled Multiple agencies at 100% on the NIST Deployment Monitor: EPA, SSA, NASA* * Slide 13: NASA s NIST Deployment Monitor status 4

Fedv6 FY2012 Goal USGv6 Operational Domains 5

Fedv6 FY2012 Goal Unique Configured Service Interfaces 6

World IPv6 Day & Launch June 6, 2011: World IPv6 Day challenged to IPv6 enable public websites for 24-hours June 6, 2012: World IPv6 Launch - challenged to IPv6 enable public websites permanently» This Time it is for Real There are still are extremely large number public websites that are not IPv6 enabled» IT Technology Days» NANOG» Supercomputing Perhaps another World IPv6 event is needed to get more public websites enabled 7

Public Website Status 5 Stars LinkedIn Rocky Mountain Taskforce ARIN Akamai CloudFlare Erion LTD 4.5 Stars Cisco 4 Stars Infoblox NASA Comcast 3 Stars Microsoft 1 Star T-Mobile Results are based on http://ip6.nl 8

NASA FY2012 Goal Communication & Organization IPv6 Working Group (WG) Developed from formal charter to assist communicating status, providing guidance, and discussing issues Developed Sub Teams as needed:» Web & Applications» Routing» Security» Procurement Internal IPv6 Website Developed for providing agency-wide guidance and information IPv6 WG Sharepoint Site: Document repository for presentations, guidance, action items, etc. Distribution Lists: Each WG and subteam has a distribution list IPv6 Tracker (Sharepoint & Excel): Established to manage and track FY2012 goal status Quarterly presentations to the CIO Leadership Team 9

NASA FY2012 Goal Planning Project Plan Centers checklist based on Project Plan» Develop teams with roles and responsibilities» IPv6 Training Opportunities» Equipment Audit - IPv6 Capable, Partial IPv6 support, Legacy - Classification by impact to FY2012, FY2014 - Plan to resolve issue» Request Public IPv6 Address space IPv6 address planning for the Intranet continued 10

NASA FY2012 Goal Scope & IPv6 Tracker Services that are intended for use by the general public Utilized a NASA database to websites and applications to identify our public websites Developed the IPv6 Tracker» Sharepoint & Spreadsheet are mirrors of each other» Centers can access the sharepoint to see their status» Spreadsheet enables easier by center status reporting Newly created websites had to be added to the list for IPv6 implementation Exploring adding a IPv6 validation check, but the databases are in transition right now 11

NASA FY2012 Goal Public Websites Status Target Completion Date: August 30, 2017 Large number of NASA public websites As a result, one of larger numbers IPv6 enabled websites All centers 100% complete but one Center with the largest number of public websites is making steady progress towards completion 12

Internet2 routing issue has NASA temporarily reporting as no longer being at 100% NIST is reaching out to resolve the issue In the interim www.nasa.gov is showing as yellow but the site is still passing IPv6 traffic NASA FY2012 Goal NIST Deployment Monitor Status 13

Fedv6 FY2014 Goal Status Tracked via the OMB quarterly Integrated Data Call (IDC)» Agencies must report their implementation percentage quarterly» No longer capture the target dates or challenges Agencies are having more difficulty with this goal» At least one agency has completed this goal with a few others making significant progress» Hopefully the rest of the agencies are continuing to make progress towards the completion of this goal - Upgrading their infrastructure - Shifting to a new building - Establishing native connectivity 14

Fedv6 FY2014 Goal Testing Tools Test IPv6 status on your desktop system» http://test-ipv6.com - Goal is to obtain IPv6 readiness score of 10/10» http://ipv6-test.com - Goal is to obtain IPv6 readiness score of 20/20 NIST tool to test IPv6 status for various services» http://usgv6-2014.antd.nist.gov/ IPv6 Now» http://www.ipv6now.com.au/tools.php - Provides command line IPv6 tests along with capabilities from other IPv6 test websites 15

NASA FY2014 Goal Planning IPv6 Intranet Address Plans approved for a some centers Centers provided LAN IPv6 implementation actions Center IPv6 Guidance» IPv6 Intranet Standards Document - Provides a detailed set of Agency-wide local area network standards for configuring, implementing & supporting NASA IPv6 Intranet Services address space» Design Document - Step-by-step instructions with a fictitious center» Proof of Concept & Sandbox - Develop & configure fictitious center in VIRL 16

NASA FY2014 Goal Dependencies: Interrelated Efforts NASA is undergoing various communications transformation initiatives» Corporate Network Target Architecture (CNTA) LAN compliance» Dynamic DHCP» Perimeter Protections VPN service, Web Content Filters, & Perimeter Firewalls» Corporate Routing Symmetry» Network Access Control DHS Continuous Diagnostic Mitigation Security Governance changes 17

NASA FY2014 Goal Next Steps Reporting via the Monthly Program Integration Review Still in the very early stages of implementation Centers with approved intranet address plans will work on LAN actions Centers will work through various dependencies and advocate for approved IPv6 intranet address plans Preparing for pilot activities to start in June that will transition into early adopters Target is August 31, 2017 for centers with approved IPv6 intranet address plans (CNTA LAN Compliance) Date for full completion is still TBD since some centers will require funding to become CNTA LAN compliant 18

Fedv6 Acquisitions Compliance NIST Guidance In July 2008, NIST created the USGv6 Profile» A Profile for IPv6 the US Government - Version 1.0» Special Publication 500-267» https://www.nist.gov/sites/default/files/documents/itl/ant d/usgv6-v1.pdf The roughly 75 page document provides a framework for specifying IPv6 requirements to assist in the acquisition of IPv6 technologies» Host Profile» Router Profile» Network Protection Device Profile 19

Fedv6 Acquisitions Compliance FAR Language Primary Clause In December 2009, IPv6 language was added the Federal Acquisitions Regulation (FAR) 11.002(g) - Policy Unless the agency Chief Information Officer waives the requirement, when acquiring information technology using Internet Protocol, the requirements documents must include reference to the appropriate technical capabilities defined in the USGv6 Profile (NIST Special Publication 500-267) and the corresponding declarations of conformance defined in the USGv6 Test Program. The applicability of IPv6 to agency networks, infrastructure, and applications specific to individual acquisitions will be in accordance with the agency's Enterprise Architecture (see OMB Memorandum M-05-22 dated August 2, 2005). 20

Fedv6 Acquisitions Compliance FAR Language Additional Clauses 7.105 (b)(5)(iii) - Contents of written acquisition plans For information technology acquisitions using Internet Protocol, discuss whether the requirements documents include the Internet Protocol compliance requirements specified in 11.002(g) or a waiver of these requirements has been granted by the agency s Chief Information Officer. 12.202 (e) - Market research and description of agency need When acquiring information technology using Internet Protocol, agencies must include the appropriate Internet Protocol compliance requirements in accordance with 11.002(g). 39.101 (e) - Policy When acquiring information technology using Internet Protocol, agencies must include the appropriate Internet Protocol compliance requirements in accordance with 11.002(g). 21

Fedv6 Acquisition Actions Agency Guidance OCIO and Acquisitions Point of Contacts The successful establishment of Acquisitions IPv6 Compliance Policy requires collaboration from both the Chief Information Office as well as the Chief Acquisitions Office. Once the contacts from both organizations are provided they are made available via the IPv6 Acquisitions Resources Page to facilitate interagency collaboration. Contract Clause/Specification Language Establish Acquisitions IPv6 Compliance language to be added to contracts so that the FAR and USGv6 Profile is followed when purchases are made via contract IPv6 Compliance Policy Documents Formally describes the actions that are required by requestors, approvers and vendors to ensure acquisitions IPv6 compliance Major IT Contracts All new IT contracts must contain IPv6 compliance language. All existing contracts that have more than three years left their term, must be updated to include IPv6 compliance language. 22

Fedv6 Acquisition Actions Agency Guidance IPv6 Compliance Memos Announces agency acquisitions IPv6 compliance policies to ensure purchases are aware of and comply with the FAR and USGv6 Profile Baseline IPv6 Requirements Facilitates requestors specifying appropriate IPv6 requirements in statements of work, during market analysis, and directly to vendors IPv6 Compliance Forms, Tools & Processes Methods the Chief Information Office and Chief Acquisitions Office use to ensure new networked IT purchases are IPv6 compliant CIO Waivers A formal Chief Information Waiver process is a FAR requirement that enables a CIO to approve a networked IT purchase. Ideally, these waivers are used to obtain vendor commitments to implement IPv6 within their products and/or obtain a Suppliers Declaration of Conformity (SDOC). 23

Fedv6 Acquisition Actions Agency Tracking & Vendor Impact Agency Tracking IPv6 Acquisitions Compliance Stoplight Chart developed Developed an IPv6 Acquisitions Resource Page that contained all of the artifacts that had been successfully submitted Vendor Impact More vendors are being educated on the USGv6 Profile and are providing Suppliers Declaration of Conformity (SDOC)s Updating SDOCs to show DHCPv6 is working in their products Known bugs are being fixed in vendor products 24

NASA IPv6 Acquisitions Compliance Status New IPv6 Compliance Acquisitions Actions completed in early 2016 in partnership with NASA acquisitions staff Developed a formal procurement notice that establishes IPv6 language for contracts Developed agency IPv6 baseline requirements to assist purchasers with specifying a minimum set of IPv6 requirements to vendors Two forms:» Formal CIO waiver» IPv6 check on form that is used for purchase requests Major IT Contracts Network Services, Web Services, & High End Computing 25

NASA IPv6 Acquisitions Compliance IPv6 Compliance Users Guide A working document, updated as necessary Baseline IPv6 Requirements & Guidance for specifying additional requirements FAQ IPv6 Applicability Matrix» Helps a requestor determine whether an item is in scope» Guidance on whether the item should be treated as a host, router, or network protection device Template for communicating requirements to vendors Sample IPv6 contract clauses 26

NASA IPv6 Acquisitions Compliance Next Steps Continue to add IPv6 language to IT contracts: desktop services, SEWP V (NASA s major IT government wide acquisition contract) Update IPv6 Compliance Users Guide as necessary CIO Waiver Updates» Create workflow to track the approval status» Create a database for the waivers Expand the communications on the NASA IPv6 Compliance policies so that they go out agency-wide More outreach on the IPv6 compliance policies 27

Fedv6 Communications Tools Monthly Fedv6 Technical Sub Team Meetings» Largely focused on Security Vendors presenting Fedv6 F2F Meetings Twice a year put on by the Fedv6 Outreach Sub Team» Next one: GSA HQ 6/13-14 Fedv6 OMB Max Page» Repository of various presentations» Guidance documents Fedv6 Taskforce» Works with OMB and FCIO leadership to provide guidance to the agencies Various distribution lists 28

Fedv6 Next Steps New OMB IPv6 Memo in development» Move beyond existing goals to achieve IPv6 Everywhere» Develop strategy for achieving the ultimate goal of IPv6-only Acquisitions» NIST is updating USGv6 Profile to version 2 - Tweaks to the core standards, adding ability to test applications/services, updating firewalls to latest CVEs, and adding a sample IoT configuration» Augmenting the existing FAR language - Vendor specific requirements 29

Fedv6 Next Steps Shift towards automating the reporting on the IPv6 implementation goals» FY2012 Goal: NIST Deployment Monitor - Also, exploring tracking the status of the more comprehensive list of agency public websites» FY2014 Goal: Adding IPv6 status to the Continuous Diagnostic & Mitigation (CDM) Agency Dashboard - Utilizing a CDM tool that is common amongst most agencies to track implementation status 30

Contact Information Kevin L. Jones Fev6 Chairperson & NASA IPv6 Transition Manager Kevin.L.Jones@nasa.gov 650-604-2006 31

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback