Return to ISE.gov »

 
ISE
Information Sharing Environment
2013 Annual Report to the Congress

NATIONAL SECURITY THROUGH RESPONSIBLE INFORMATION SHARING

Section 3: Optimizing Mission Effectiveness through Shared Services and Interoperability

This section addresses ISE initiatives that are focused on sharing services and achieving interoperability across networks and security fabrics to enable efficiency, reduce duplication, and improve mission success. These activities are in many ways dependent upon and closely aligned with the adoption and implementation of common standards discussed in Section 2 of this Report and, as the standards activities rely upon the work of the ISA IPC Standards Working Group (SWG), the interoperability activities detailed in this section depend upon the ISA IPC's Information Integration Subcommittee (IISC) to provide oversight and governance through the Assured Sensitive but Unclassified (SBU) Network Interoperability Working Group and the Identity Federations Coordination (IFC) Working Group. Chaired by the Federal Bureau of Investigation (FBI) and the General Services Administration (GSA), respectively, these groups are carrying out the implementation activities for much of the interoperability objectives of the National Strategy for Information Sharing and Safeguarding (National Strategy).

The following list of findings highlights accomplishments and opportunities for improvement. Further detail is provided in the pages that follow.

Accomplishments

  • The ISA IPC Data Aggregation Working Group (DAWG) is developing a reference architecture framework to provide technical guidance to assist departments and agencies as they make decisions about developing interagency data-sharing requirements;

  • The GSA Federal Identity Credential and Access Management (FICAM) Program Office is leading the implementation of the FICAM Roadmap across all security domains;

  • The PM-ISE is coordinating an interagency effort with Department of Homeland Security (DHS), the Department of Interior (DOI), the National Geospatial Intelligence Agency (NGA), and the Department of Commerce (DOC) to develop a Geospatial Interoperability Reference Architecture (GIRA) in order to foster the reuse of geospatial services, reduce their IT investment costs, and promote information sharing;

  • The ISA IPC Federated Identity Working Group (FIWG) developed A Guide for Federal Relying Parties on how to accept third-party credentials;

  • The ISA IPC IISC led efforts with the Federal Cloud Credential Exchange (FCCX) project to provide a shared service for validation of third-party credentials that can be used by all departments and agencies;

  • The PM-ISE supported an event deconfliction initiative between the Regional Information Sharing System (RISS) Program and the High Intensity Drug Trafficking Areas (HIDTA) Program to increase the safety of law enforcement officers;

  • The SBU Working Group established a team of experts to develop an Identity and Access Management (IdAM) Reference Architecture for the ISE Enterprise Architecture Framework;

  • The Regional Information Sharing Systems (RISS) Network worked with PM-ISE and SBU partners to develop a National Information Exchange Model (NIEM) Information Exchange Package Documentation (IEPD), which will facilitate the sharing of information among justice-related systems; and

  • The PM-ISE is sponsoring an initiative to identify nationwide deconfliction standards and solutions, to interface deconfliction systems, and to develop a nationwide deconfliction strategy.

Opportunities

  • Last year, 33% of ISE agencies reported that they did not accept IT security certification bodies of evidence from other federal agencies, nor did they make accreditation decisions without retesting. This year's data shows incremental progress in federated identity management, with only 10% of ISE agencies (from the 2012 population) reporting that they do not practice IT security reciprocity with other federal agencies, and all responding agencies reporting progress in implementing federated identity management solutions aligning to the FICAM roadmap. The Backend Attribute Exchange (BAE) pilot and the Federal Cloud Credential Exchange (FCCX) project discussed in this section are focused on addressing federated identity management.

  • Resource constraints continue to impact interoperability efforts for SBU/CUI networks, with only 40% of ISE agencies this year reporting that they have implemented interconnection plans for SBU/CUI networks supporting ISE related missions.[41] This is being addressed, in part, by the establishment of the ISA IPC Information Integration Sub-Committee (IISC) Identity Federation Coordination (IFC) working group, which seeks to improve governance of identity-related efforts across the Federal Government and across all security domains.

ISE Interoperability Framework (I2F)

Defining and adopting baseline capabilities to enable data, service, and network interoperability is a priority objective of the National Strategy. The PM-ISE developed I2F to be a key component in implementing this objective in that it will identify key decision points for ISE interoperability; provide a comprehensive, high-level description of each interoperability domain; establish the framework[42] for implementing ISE information sharing capabilities and projects; and provide an alignment of interoperability reference architectures across the ISE.[lviii]

The I2F will accomplish these objectives primarily through alignment to enterprise architecture frameworks used by ISE constituents; by introducing common templates to guide development of common interoperability artifacts; and by promoting tools and methodologies that promote interoperability considerations on reference architecture development and implementation.

In addition, the I2F is designed to help ISE agencies better respond to complex policy challenges and to improve the delivery of services and information to citizens by driving long-term information sharing requirements—leveraging reuse capabilities for improvement, and information systems planning, investing, and integration to support the effective conduct of U.S. counterterrorism activities. I2F version 1.0 provides a pathway to align the strategic goals and objectives of federal departments and agencies, state, local, tribal, and territorial (SLTT) government agencies, private-sector partners, and foreign partners and allies to facilitate interoperability and information sharing. It builds upon and leverages existing policies, business practices, and technologies in a manner that fully protects the legal rights of all U.S. persons.

Alignment to Existing Architecture Frameworks

The I2F references current architecture frameworks used throughout the Federal Government to frame the applicable interoperability principles and domains. The interoperability domains are aligned with the following frameworks:

  • Federal Enterprise Architecture Framework (FEAF)

  • DoD Architecture Framework (DoDAF)

  • Global Reference Architecture

  • Intelligence Community Architecture Principles

These frameworks provide methodologies and artifacts that enhance interoperability among diverse systems and data types to facilitate the transfer and exchange of necessary information. They align capabilities, competencies, and services in a way that is best defined for their specific communities. The I2F references these frameworks so that ISE participants can understand how the I2F interoperability requirements can be put into the context of existing enterprise architecture (EA) efforts. The I2F provides a higher-level mechanism to align reference architectures, which provide more specific requirements aligned to a specific service or capability. The final version of the I2F, scheduled for delivery in November 2013, will include detailed architecture alignment and interoperability artifacts.

A Whole-of-Government Approach to Data Stewardship and Data Correlation

In February 2012, the ISA IPC DAWG released the report ISE Data Aggregation Capabilities Applicable to Terrorism. This report recommended accelerating the convergence of existing data aggregation architectures and encouraging the development of a data aggregation reference architecture with an end-state vision for government-wide data aggregation activities.

In order to realize the end-state vision, in 2013 the DAWG began to develop a reference architecture framework designed to provide technical guidance to departments and agencies as they make decisions about developing interagency data-sharing requirements.

Title: Process - Description: Image of a person drawing a flow chart.The reference architecture is intended to align services, capabilities, and standards as well as White House programmatic guidance and PM-ISE implementation guidance; the initial version is planned for release by December 2013. This whole-of-government approach will keep data as close to the data owners as possible, while using standards to enable common services for discovery and access management, and data correlation. Benefits include: increased data protection; more rapid information sharing; improved data quality for mission operators; and improved safeguarding to reduce the risk of bulk data leaks due to insider threats.

Geospatial Architecture Interoperability

To foster the reuse of geospatial services, reduce their IT investment costs, and promote information sharing, the office of the PM-ISE is coordinating an effort with the DHS, DOI, NGA, and the DOC to develop a Geospatial Interoperability Reference Architecture (GIRA). Currently in draft, it is expected that GIRA will be published during the first quarter of 2014.

GIRA is intended to provide guidance and direction to managers and systems architects from federal agencies, SLTT agencies, private-sector partners, and foreign partners, in order to ensure the interoperability of geospatial services, fostering information sharing and ensuring fiscal responsibility. It provides a framework for the development of new geospatial system and solution investments; transition target architecture for the alignment of existing geospatial capabilities; methods for driving the integration of shared services with other investments; and performance measures for validating and reporting results.[43]

GIRA sets the direction and provides specific requirements, standards, recommended best practices, and reference artifacts toward a targeted interoperable geospatial capability. GIRA is expected to provide a common, reference architecture to effectively manage, support, and achieve interoperability through geospatial system integration, acquisition, and/or development; and to provide a documented architecture that can be used to support geospatial program technical oversight and technical assessments for geospatial investments.[lix]

Geospatial Information as a National Resource

Title: GEOINT - Description: Sample geospatial imagery.The Geospatial Intelligence Working Group (GWG) serves as a DoD, IC, federal, and civil community-based forum. Its purpose is to advocate for IT standards and standardization activities related to geospatial intelligence (GEOINT). In this capacity, the GWG supports the NGA in carrying out GEOINT responsibilities. The GWG places a heavy emphasis on collaboration between standards and enterprise architecture to promote re-use, interoperability, and open, "non-specific vendor" architectures.

Collaboration among GWG members also promotes the development of new standards by promoting understanding the future needs of the development community. For example, in support of an NGA agency-wide Identity and Access Management (IdAM) system, a design pattern was developed specific to implementing IdAM in an Open Geospatial Consortium (OGC) paradigm. This work led to collaboration between NGA prototype efforts and international standards development organization test beds, with the purpose of collectively reducing technical risks and advancing the use of common standards.

Identity, Credential, and Access Management: Coordinating Identity Efforts across the Federal Government

Federated Identity Management

The GSA FICAM Program Office is leading the implementation of the National Strategy priority objective of extending and implementing the FICAM Roadmap across all security domains. In accordance with this planning, OMB is working with several qualified agencies to establish an Identity and Access Management Shared Services Line of Business, and the ISA IPC established the Identity Federation Coordination Working Group to work towards the interoperability of the various FICAM-related initiatives, and to improve governance of identity-related efforts across the Federal Government and across all security domains.[lx] The Identity Federation Coordination Working Group will coordinate with SLTT partners to facilitate participation of non-federal partners in Identity, Credential, and Access Management (ICAM) activities, and to ensure that solutions are interoperable across the ISE.

The Federated Identity Working Group (FIWG), another ISA IPC working group under the Information Integration Sub-Committee (IISC), worked on developing a guide for Federal Relying Parties, which provides supplemental instructions on how to implement a citizen-facing government website. The FIWG enabled federated identity trust across government agencies, focusing on cross-organizational identity federation, and supporting the development of content for other "how to" guides for agency use. The FIWG will develop additional guides to assist departments and agencies who are federating identities across government, and to ensure interoperability.[lxi]

Title: FCCX - Description: Image of 3-D wireframe face, grid, and computer data.The IISC coordinated efforts with the Federal Cloud Credential Exchange (FCCX) project, which will provide a shared service for validation of third-party credentials that can be used by all departments and agencies. As part of the National Strategy for Trusted Identities in Cyberspace, FCCX would enable the acceptance of third-party credentials to facilitate access to online government services. It would also include access to non-federal credential providers with a pre-established relationship as approved FICAM credential providers under the FICAM Trust Framework Solutions Program.

FICAM efforts are aimed at using industry-based credentials that citizens already have. In order to ensure that these credentials are trustworthy, the government requires well-defined processes to ensure that these processes meet federal requirements. These processes, codified as Trust Frameworks, include requirements for the establishment of credentials and their issuance; privacy requirements; and auditing qualifications and processes.

FICAM Maturity Model

The FICAM Maturity Model was developed and released concurrently with the latest version of the FICAM Roadmap and Implementation Guide. The Maturity Model presents a series of questions with reference to the FICAM Roadmap and Implementation Guidance, which then determines the current level of maturity. The results provide respondents with a clear understanding of what needs to be done in order to improve an organization's maturity.[44]

First Responder Access Card Technology

Emergency response officials must be able to collaborate in order to ensure public safety. For this to happen, many identity management challenges must be overcome. While federal agencies are rapidly deploying secure common identification standards, SLTT emergency response officials are also working to establish a Personal Identity Verification-Interoperable (PIV-I)/First Responder Authentication Credential (FRAC) standard that will be interoperable between local, state, and federal government partners.

In response, the DHS Directorate for Science and Technology (S&T) has been working on a smart-phone app that will allow SLTT officials to verify and track first responders arriving at a scene, as well as exchange attributes to make sure they have the necessary training. The application is being developed for SLTT officials so they can easily and inexpensively verify first responders as they arrive at a scene.[lxii]

Title: West Virigina and Pennsylvania - Description: Image of Harpers Ferry, West Virginia and Gettysburg, Pennsylvania.The DHS S&T Identity Management Testbed, hosted at Johns Hopkins Applied Physics Lab, has developed an app that can read PIV and PIV-I credentials as well as DoD Common Access Cards by using a commercial off-the-shelf Bluetooth smart-card reader. Because of the expense of these readers, DHS is also looking to take advantage of handsets that have built-in field communication to provide a more cost-effective access control tool. The app has been tested by Federal Emergency Management Agency (FEMA), and by other officials in Chester County, PA and in West Virginia.

Assured Sensitive-but-Unclassified (SBU) - Controlled-Unclassified Information (CUI) Interoperability

The Assured Sensitive But Unclassified/Controlled Unclassified Information Network Interoperability Working Group (SBU/CUI WG) works under direction of the National Security Staff and ISA IPC, and is responsible for advancing interagency interoperability at the national level.

During the reporting period covered by this Report, the Working Group continued its efforts to establish interoperability across existing networks; to identify areas of improved collaboration that are needed to remedy functional gaps; and to formulate action plans.

In addition to establishing an IdAM Implementation Roadmap with specific partner milestones through the end of FY 2013, the Working Group also developed its first five-year SBU Strategic Plan—SBU Way Forward—to supplement the shorter-term milestones and objectives. The Working Group also agreed to a "sunset" for the SBU Working Group once Simplified Sign-On (SSO) has been achieved across the SBU/CUI federation.

Since June 2011, the Sensitive But Unclassified Working Group has been focused on SSO, search and discovery, and standardized security controls. In 2012, the SBU/CUI Working Group realigned SSO,[45] search and discovery, and security focus teams to concentrate on IdAM. The SBU/CUI Working Group includes these four major law-enforcement, public-safety, and intelligence systems:

  • The FBI's CJIS Law Enforcement Enterprise Portal (LEEP);

  • The Regional Information Sharing Systems Network (RISSNet);

  • The DHS Homeland Security Information Network (HSIN); and

  • The National Security Agency's (NSA) Intelink-U.

Additionally, this year the working group welcomed observer-contributor participation from NGA, DOI, and the Federal Aviation Administration (FAA).

This project included a detailed matrix of network visualizations in both federal and non-federal space, including graphical illustrations; e.g., ontology of connecting partnership nodes, an initial data model, and a final report that includes a detailed scope of the federated partnership.

Interoperability progress within the SBU environment was highlighted by PM-ISE and the SBU Working Group at several organization conferences, including the International Association of Law Enforcement Intelligence Analysts (IALEIA); the National Law Enforcement Intelligence Units (LEIU); DoD Identity Protection and Management (IPM); the Counterintelligence Coordination Committee (CICC); and an in-house Executive Summit of interagency Chief Information Officers.

Despite continued challenges in partner resources and internal program priorities, the SBU partnership continues to make progress, drive policy changes, and establish technical advancements for interoperability within the SBU domain across federal, state, and local communities.[lxiii]

Interoperability - Incremental Progress

Partners continued to expand the SBU federation with new service-identity providers through existing partner portals. Resource constraints continue to impact SBU Working Group partners and their ability to synchronize efforts with federated partners in order to achieve all milestones, but progress continues.

With PM-ISE support, RISS facilitated the transition of the Institute for Intergovernmental Research (IIR) into the National Information Exchange Federation (NIEF), and coordinated with the Oregon State Information Network (OSIN) and the South Dakota Connect Project to use RISSNet as their identity provider.

Separately, PM-ISE supported an interoperability initiative between RISS Program and the HIDTA Program to enable event de-confliction and program standardization to increase the safety of law enforcement officers.[lxiv]

The SBU Working Group continued shared senior executive level leadership responsibility by rotating the SBU Working Group chair every six months to solidify partnerships and enhance collaboration on the employment of the HSIN.

Partner connectivity to HSIN will be initiated late in FY 2013, to coincide with the completion of its migration to its new, HSIN-Release 3 platform. During the last year measureable progress and achievements by SBU partners continues to accelerate toward the goal of full interoperability.

Increased leadership also enabled the Working Group to establish an ad hoc expert team to develop an Identity and Access Management (IdAM) Reference Architecture for the ISE Enterprise Architecture Framework.

HSIN Facilitated Prompt Response to Boston Marathon Bombings

HSIN provided continuous, secure, web-conferencing capability to more than 400 individual, multi-jurisdictional intelligence officials nationwide, on-demand. This capability has been important in ensuring awareness and coordination between DHS I&A, fusion center, and state and local law enforcement officials during the ongoing investigation.

HSIN has also provided a secure, trusted platform for the sharing of documents and general updates between DHS National Protection and Programs Directorate (NPPD) and trusted members of the private sector through the NICC.

Title: Boston - Description: Image of Paul Revere statue in Boston.Further, the HSIN Help Desk supported an unprecedented number of requests for the use of HSIN resulting from the Boston bombing. The day after the bombing, the HSIN Help Desk fielded 1,200 individual calls. In the week that followed, they responded to more than 5,000 requests. (Typically, the Help Desk gets 250 inquiries per day or 1,750 inquiries a week.) Before the Boston attack, the highest number of calls the Help Desk had received in one day was 500, during the Deep Water Horizon Oil Spill.

Federated Attribute Sharing on the Secret Fabric

The purpose of the Federated Attribute Sharing on the Secret Fabric (FASS) study was to determine how the IC agencies operating on the Secret fabric could best establish a full IdAM presence and support the needs of authentication, authorization, and attribute retrieval.[46] These capabilities are needed as the IC moves beyond hosting files and browsing to operating re-hosted versions of mission apps and meeting the demands of EO 13587.

The FASS study showed that some IC agencies are moving ahead to establish applications and an IdAM component presence on Secret Internet Protocol Router Network (SIPRNET), and some do not need to do so. Where each agency stands in its progress is driven by demand from its own and from other Secret-level users on the fabric. Those agencies hosting significant applications (for example, NSA and NGA) are heading towards re-hosting their IdAM components; other agencies, who are not hosting resources, are interested in how identities can be provisioned.

The second major finding of FASS was that attribute federation within the IC components, with the DoD, and with other federal partners should be straightforward and fairly easily accomplished. For example, the IC's Security Assertion Markup Language Attribute Sharing Profile protocol is successfully implemented on Joint Worldwide Intelligence Communications System (JWICS); the DoD Enterprise Identity and Attribute Service interface is heavily used in the DoD today; and finally, there is some test use of the Backend Attribute Exchange (BAE) protocol.

The third finding of this study was that there will be significant work needed in order to handle the IC's non-Common Access Card (CAC) holders. These users will need to be provisioned in order to be able to have their attributes discovered.

Developing Interoperability, Simplified Sign-On (SSO) and Search Capabilities

RISS is the only non-federal entity, and RISSNet is one of only four networks participating in an interagency project—known as the Assured Sensitive but Unclassified (SBU) Interoperability Initiative—that are designed to save users time, maximize limited resources, and help law enforcement officers quickly identify and use actionable information.

RISS is a foundational partner in establishing federated identity management and access control within the SBU community. In 2012, working with PM-ISE and the SBU partners, RISS led the development of an Information Exchange Package Documentation (IEPD), which will facilitate the sharing of information through a security-trimmed federated search among justice-related systems.

RISS is also working with fellow SBU partners, such as Intelink, LEO, and HSIN, to develop SSO and search capabilities. More than 10,000 users from trusted partner systems are using federated identity to access RISSNet resources. Through RISSNet and RISS's partnerships, an unprecedented level of information has been shared, resulting in the arrest and prosecution of thousands of criminals and the seizure of millions of dollars in narcotics, property, and currency.

Advancing Identity Access Management (IdAM) with the Backend Attribute Exchange (BAE)

The IdAM framework continues alignment with the Federal Identity, Credential and Access Management (FICAM) Roadmap and Implementation Guide and connects with other IdAM initiatives, like the Backend Attribute Exchange (BAE) initiative with GSA.

The Federal Government continues to develop a strong BAE capability. In 2012, PM-ISE initiated work on operationalizing a BAE by partnering with the GSA's Office of Government-Wide Policy on an initial test scenario in which an ISE mission partner will use BAE to access information from an external portal, such as the RISS.

Other Shared Services

The DHS Common Operating Picture (COP)

Title: DHS COP - Description: Screenshot of the DHS Common Operating Picture.Homeland Security Presidential Directive 5 (HSPD-5) designates the Secretary of the Department of Homeland Security as the "Principal Federal Official for Domestic Incident Management." To meet its statutory requirements, the DHS Office of Operations Coordination and Planning, in collaboration with the DHS Office of the Chief Information Officer, developed, operates, and maintains the Department's Common Operating Picture (COP).

The DHS COP uses a services-oriented architecture that allows it to leverage existing DHS investments and enterprise-class capabilities and provides shared services, including both public and private cloud services, with base map and imagery services, as well as more than 500 data layers with street-level views, geo-coding and mobile Internet access.[lxv]

Since February 2012, the DHS COP has monitored more than 1,300 activities and published over 750 incident reports. The COP has more than 3,500 users, including 1,700 DHS, and more than 600 other federal users across more than 100 organizations; 136 state users across 62 fusion centers; and more than 900 state and local law enforcement users. The number of users continues to increase steadily.

The Common Operating Picture Domain Executive Steering Committee (COP ESC), established by DHS in early 2012, continues to advance information sharing practices and COP capabilities across DHS. The COP ESC provides governance and oversight of all aspects of the COP Domain, which includes investments, systems, data, policies, and the procedures needed to ensure that homeland security partners have an enduring capability to effectively, efficiently, and rapidly access situational awareness information.

Critical Event Deconfliction

Investigative efforts create the potential for conflict between agencies or officers who are unknowingly working in close proximity to each other, or who may be coordinating an event focused on the same suspect at the same time. In these instances, agencies or officers may unintentionally interfere with each other's cases, potentially impacting the integrity of ongoing investigations, or resulting in endangering officers. Interconnecting existing event deconfliction systems and developing nationwide standards for deconfliction is necessary to ensure the safety of law enforcement officers.

The Washington/Baltimore (W/B) High-Intensity Drug Trafficking Area (HIDTA) is a key player in efforts to make the three deconfliction systems used by HIDTA—RISSafe, Secure Automated Fast Event Tracking Network (SAFETNet), and Case Explorer—interoperable. Using technology developed through Mercyhurst University and the University of Maryland and housed at the W/B HIDTA, Case Explorer and RISSafe have been interfaced to allow for event deconfliction to take place across both systems for users in the Middle Atlantic-Great Lakes Organized Crime Law Enforcement Network®. The interface has been in operation since March 2013 and has proven successful. Efforts are underway to expand this interface across the entire RISS Project, beginning with the RISS Western States Information Network (WSIN).

Elsewhere, the El Paso Intelligence Center (EPIC) is developing an interface between SAFETNet and Case Explorer which will close the loop across all three event deconfliction systems used by the HIDTAs.

To meet the need for standards development and systems interoperability, PM-ISE is sponsoring an initiative to identify nationwide deconfliction standards and solutions; connect deconfliction systems; and develop a nationwide deconfliction strategy.

Between January and April 2013, the initiative developed and tested an interface between the RISS Officer Safety Deconfliction System (RISSafe) and HIDTA's Case Explorer deconfliction system, which is now fully operational. Since January 2013, 62,657 operations have been entered, identifying 25,054 conflicts. In addition, the FBI is utilizing its Guardian Program (iGuardian, eGuardian, and Guardian) to allow for event deconfliction both at the Unclassified and Secret classification levels.

DHS Information Sharing Segment Architecture v 3.0

In March 2013, DHS completed an update to their Information Sharing Segment Architecture (ISSA), which will serve as a guide for implementing the target architecture of the DHS Information Sharing Environment (DHS ISE). This update, known as ISSA Version 3.0, introduces a standard set of information sharing and technical capabilities in order to provide the entire DHS mission and enterprise functions with the policies, strategies, leadership, architecture, and governance needed to consistently share information. ISSA Version 3.0 focuses on improving its network of trust; enhancing its ability to securely and efficiently share information with stakeholders, especially the Intelligence Community (IC); and promoting better information sharing across DHS.

The ISSA provides a blueprint for the DHS ISE that is designed to ensure that access to information does not hinder, but rather strengthens, the homeland security mission. Through the implementation of the ISSA Version 3.0, DHS will be able to achieve interoperability through common standards; identify redundancies and potential technological conflicts; locate opportunities for streamlining and/or collaborating with partners; identify information sharing gaps; align technology to mission goals and objectives; and gain a more thorough understanding of the complete functionality being provided by a specific technology for information sharing.

FBI Law Enforcement Enterprise Portal (LEEP)

Title: LEEP - Description: Images of skyscrapers in Chicago, oil derrick in Texas, Los Angeles City Hall, Welcome to Michigan sign, and nighttime view of downtown Atlanta.

Scheduled for deployment in 2013, the FBI's LEEP will provide the law enforcement, intelligence, and criminal justice communities with SSO access to Law Enforcement Online (LEO); the Law Enforcement National Data Exchange (N-DEx); the Joint Automated Booking System (JABS); INTELINK; INTELINK Chat; RISSNet (Identity and Service Provider); the National Gang Intelligence Center (NGIC); the Internet Crime Complaint Center (IC3); and the DOJ my File Exchange (myFX).

LEEP will allow users to access these services via their home agency networks by simply clicking on an icon that is pre-populated at initial log-on. Participating agencies include the Chicago Police Department, the Texas Department of Public Safety, the Los Angeles Sheriff's Department, the Michigan State Police, the Atlanta Police Department, the Regional Information Sharing Systems Network (RISSNet), and INTERPOL's U.S. National Central Bureau.

When users access LEO via LEEP, they will have access to LEO Special Interest Groups (SIGs)—collaborative environments for law enforcement agencies with common information needs; LEO Virtual Office (VO)—for storing agency training, policy, and procedure information; LEO Virtual Command Center (VCC)—a simple, effective, and secure information sharing and crisis management tool for law enforcement; and LEO-partnered sites and databases, including the Violent Criminal Apprehension Program (ViCAP); the Operational Response and Investigative Network (ORION); the eGuardian; Hostage Barricade Database System (HOBAS); the Innocence Lost Database (ILD); the National Center for Missing Exploited Children (NCMEC); and the National Alert System (NAS).

The DOI Incident Management Analysis and Reporting System (IMARS)

The Department of the Interior (DOI) Incident Management Analysis and Reporting System (IMARS) is a records-management system designed to provide seamless sharing of law enforcement reporting information between all DOI law enforcement programs, and to provide a consistent, reliable way to share information with partner agencies. Deployed to more than 6,000 users in FY 2012, IMARS allows DOI to manage law enforcement activities on the 500 million acres of land that it owns and manages in order to ensure the safety and protection for millions of visitors each year.

These responsibilities require the collection, analysis, management, and reporting of information by DOI law enforcement officers, including tribal law enforcement. IMARS access allows officers, agents, and dispatchers to access departmental and national databases from their immediate locations, significantly enhancing officer safety in the field. DOI is currently testing and evaluating an interface between IMARS and the FBI's eGuardian system.

DEA's De-confliction and Information Coordination Endeavor (DICE) tool

First deployed in November 2009, the De-confliction and Information Coordination Endeavor (DICE) software tool continues to enable HIDTA, federal, state, and local law enforcement with enhanced investigative efficiencies through the ability to de-conflict information, such as phone numbers, e-mail addresses, license plates, and financial account information over a secure Internet browser.

Interlude: Backend Attribute Exchange Operational Pilot

Over two years in the making, this year the Backend Attribute Exchange (BAE) Operational Pilot, a PM-ISE funded project designed to address a critical gap in intergovernmental access control, met a significant capability milestone for automated access control across multiple federal and state information systems. The capability allows for automated access decisions that enable users to successfully access the information needed to complete their mission while automatically ensuring that the information safeguards are enforced.[lxvi]

Title: Texas - Description: Image of a Texas Longhorn.During this pilot demonstration, users in Texas logged into the Texas network and accessed a protected federal database via the National Identity Exchange Federation (NIEF).[47] The net result of timely access to information promotes the protection of law enforcement officers and the disruption of criminal or terrorist activity.

RISSNet relied on an attribute maintained and provided by a separate federal agency—in this case DOJ's Bureau of Justice Assistance (BJA)—to authorize the user's access to its protected gang database. The transaction was carried out automatically, behind the scenes, invisible to the end user.

BAE Pilot Results

The outcome marks a significant improvement in a historically cumbersome, bureaucratic, and time-consuming process of verification for access to critical information. The pilot establishes the BAE as an effective, functional building block for the backbone of the Federal Government's information sharing and safeguarding strategy.

Key Partners

The GSA's Office of Government-wide Policy (GSA OGP); NIEF; the DOJ's BJA; the Institute for Intergovernmental Research (IIR); the RISS Program;[48] the Texas Department of Public Safety; and the Texas State Police all played key roles in making this pilot a success.

[41] IdAM solutions will continue to be a focus area until this gap is closed.

[42] The OMB has suggested using the term "interoperability framework" for the ISE rather than "enterprise architecture," to highlight the fact that the ISE is a cross-agency construct to be used as guidance for agencies developing the information sharing aspects of their enterprise architectures. The term "enterprise architecture" is used in the OMB context to refer to the architectures prepared by CIOs to manage the IT resources of a specific department or agency.

[43] The Office of Management and Budget (OMB) Circular A-16, "Coordination of Geographic Information and Related Spatial Data Activities," provides for improvements in the coordination and use of spatial data, and describes effective and economical use and management of spatial data assets in the digital environment for the benefit of the Federal Government and the Nation.

[44] The 2013 ISE Performance Assessment Questionnaire results show that 82% of agencies responded that they plan to adopt FICAM.

[45] Also referred to as Single Sign-On.

[46] Implementation Strategy, Federated Attribute Sharing on the Secret Fabric (FASS), Draft Version 2.0, 9 November 2012

[47] NIEF is a collection of U.S. government agencies that have come together to share sensitive law enforcement information. It was created in 2008 as an outgrowth of the Global Federated Identity and Privilege Management (GFIPM) program, which seeks to develop secure, scalable, and cost-effective technologies for information sharing within the law enforcement and criminal justice communities, based on the paradigm of federated identity and privilege management.

[48] RISS serves federal, state, local, and tribal criminal justice agencies in their effort to identify, detect, deter, prevent, and solve criminal and terrorist-related investigations.

[lviii] IRTPA §1016(b)(2)(A)(B)(D)(F)(J)(K)(M)

[lix] IRTPA §1016(b)(2)(C)(F)(J), (h)(2)(D)

[lx] IRTPA §1016(b)(2)(E)(I)

[lxi] IRTPA §1016(b)(2)(E)(F)(I)

[lxii] IRTPA §1016(b)(2)((I)(O)

[lxiii] IRTPA §1016(b)(2)(A)(B)(F)

[lxiv] IRTPA §1016(b)(2)(A)(D)(F)(J)

[lxv] IRTPA §1016(b)(2)(A)(B)(C)(D)(E)(F)(J)(K)(L)(M)

[lxvi] IRTPA §1016(A)(D)(F)(K)(N)