The complexity of managing system configurations and security policies in a timely manner for thousands of security boundaries was simplified by ITPIE. DISA operators found their access, visibility, and query-based analysis of near-real-time JRSS running configurations and security policies was priceless.
The Joint Regional Security Stack (JRSS) deployment started in 2014 as DISA’s DODIN MPLS Outer Core joint operations perimeter-based Single Security Architecture (SSA). There are currently 15 operating unclassified JRSS systems comprised of 18+ cyber security subsystems per stack. (Load Balancers, Route Switch Devices, Firewalls, IDS, IPS, TAPs, PCAP, and other supporting systems). JRSS is the proverbial palace that contains thousands of secured doors from its common lobby, each door secured by one or more military department’s organizational-specific security policy. JRSS operates as one holistic weapon system, servicing on average 200+ unique Virtual Routing & Forwarding (VRF)s per region: overall the JRSS systems service 812 base level, 2151 DMZ, and 342 other types of VRFs. The high number and complexity of JRSS VRFs stem from having consolidated ~600+ distinct base level security boundaries across all MILDEPS into just 15 system-level platforms globally.
The complexity of managing system configurations and security policies in a timely manner for thousands of security boundaries was simplified by ITPIE. DISA operators found their access, visibility, and query-based analysis of near-real-time JRSS running configurations and security policies was priceless.
The success of ITPIE resulted in DISA awarding VAE a sole source justified multi-year contract to secure continued services.
ITPIE Enabled:
- Immediate Digital Survey Capability without Site Level Software Installation 1
- Automated Configuration Backups of High Volume JRSS Sub-Systems
- Centralized Security Stack Configuration Control Quality Validation
- Simplified Management/Reporting on Global Deployment of VRFs across all Security Stacks
- Custom Organizational Metadata Associations to VRFs
- Custom CyberSecurity Related Data Interrogation/Forensics
- Using Enterprise Management Network installed instance of ITPIE (benefit of centralized network management).