Simplified Sign-On (SSO) for Our Sensitive But Unclassified (SBU) NetworksPosted by Dr. David Bray, Former PM-ISE Executive for Innovation, Integration, & Interoperability on Friday, July 1, 2011
Last summer, the PM-ISE facilitated an extensive Sensitive But Unclassified (SBU) user requirements survey. The results indicated that the top user need was reducing the number of separate log-ons required to access SBU resources. The Assured SBU Network Interoperability Working Group, a partnership between the FBI's Law Enforcement Online (LEO), the intelligence community's Intelink, the DHS's Homeland Security Information System (HSIN), and BJA grant-funded Regional Information Sharing System (RISS), responded by prioritizing Simplified Sign-On (SSO), sometimes referred to as Single-Sign On, as its number one information-sharing action item.
Simplified Sign-On enables the SBU user base, which includes intelligence analysts, homeland security personnel, and federal, state, and local law enforcement officials, to quickly access an increasing variety of secure networks and systems without having to re-authenticate with various credentials at the entrance of each new portal.
LEO and RISS users now have the ability to sign in just once, and securely access resources on partner systems, with just a few clicks. For example, a LEO user can utilize an intermediary that facilitates identity and access management (through CJIS’s Trusted Broker) to access their customized dashboard of services. Then, without signing on again, that same user can access RISS’s RISSGANG portal, Intelink’s enterprise search, along with many other resources. Similarly, a RISS user can log on just once and access law enforcement resources like the Joint Automated Booking Systems (JABS) and the Criminal Information Sharing Alliance Network (CISAnet) using a service provider initiated SSO mechanism known as the National Information Exchange Federation (NIEF).
The Assured SBU Network Interoperability Working Group will continue to add more Identity Providers (IdPs) and Service Providers (SPs) to further expand the amount of information available to SBU users through SSO. Additionally, an SSO capability lays the foundation for an authenticated and federated search capability, which enables simultaneous search and data retrieval across SBU systems.
Streamlined technical access to secured systems is an important first step toward achieving interoperability within the partnership. Since understanding the content contained within the various systems is the next logical step in the information-sharing process, law-enforcement sensitive training videos are being developed to acclimate new users to the increasing variety of information resources now available to them. Continued advances in SSO will allow SBU users to quickly navigate an increasing array of resources, which simplifies our access to domestic and international terrorism, WMD, and homeland security information.