Information Assurance Menu

About IA at NSA Partners Rowlett Awards Award Recipients Background Nomination Procedures Links IA News IA Events Open for Registration Closed for Registration Scheduled IA Guidance Media Destruction Guidance Security Configuration Guides Applications Archived Guides Cisco Router Guides Current Guides Database Servers Fact Sheets IPv6 Operating Systems Apple Mac Operating Systems Linux Microsoft Windows Sun Solaris Supporting Documents Switches VoIP and IP Telephony Vulnerability Technical Reports Web Server and Browser Guides Wireless Standards Profiles System Level IA Guidance TEMPEST Overview TEMPEST Products: Level I Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Products: Level II Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Company POCs Certified Suspended Terminated TEMPEST Zoned Equipment IA Academic Outreach National Centers of Academic Excellence in IA Education CAE/IAE Program Criteria CAE-R Program Criteria Colloquium Institutions SEAL Program Applying FAQs IA Courseware Evaluation Program Institutions FAQs Student Opportunities IA Business and Research IA Business Affairs Office Certified Product Sales and Support Commercial COMSEC Evaluation Program Commercial Satellite Protection Program Independent Research and Development Program User Partnership Program National IA Research Laboratory Partnerships with Industry NIAP and COTS Product Evaluations IA Programs Global Information Grid High Assurance Platform Releases Computing Platform Architecture and Security Criteria IA Training and Rating Program Inline Media Encryptor Suite B Cryptography IA Careers Contact Information
.
Skip Search Box

Standards Profiles

Overview

The Defense Information Systems Agency (DISA) tasked NSA with completing a series of standards profiles.  These documents identify the mandatory features for the industry standard, based on the architectural context, and address secure interoperability with enterprise services offered by DISA.  The profiles describe capabilities that are achievable today.  

DISA has included the profiles in the acquisition documentation for the Net-Centric Enterprise Services (NCES) Program and requires that potential vendors comply with these standards profiles. NSA adopted these standards to encourage and enable enterprise-wide interoperability, information exchange, and accessibility across networks, as well as to extend information to business partners, stakeholders, and the public.

Standards Profiles

(files provided in PDF format)

Title
File Size Updated

SAML

Net-Centric Enterprise Services (NCES) Security Assertion Markup Language (SAML) Attribute Profile
This profile establishes guidance on the representation of SAML attribute-related transactions. It defines a standard means to express policies and attributes within the SAML construct and defines the SAML attribute request and response within the NCES security services architecture.

3275KB

30 Jun 2008

WSSE

Net-Centric Enterprise Services (NCES) Profile of Web Service Security: Simple Object Access Protocol (SOAP) Message Security (WSSE)
This profile provides guidance on SOAP Message Security to be used when building Web Services (WS) as part of a Service Oriented Architecture (SOA). It covers the collective requirements for SOAP Message Security to support digital signatures, encryption, and security tokens (all layer 6) within the context of the NCES Information Assurance subsystem.

822KB

02 May 2008

XACML

Net-Centric Enterprise Services (NCES) Profile of eXtensible Access Control Markup Language (XACML) for Role Based Access Control (RBAC)
This profile provides guidance on access control and the representation of authorization policies in XACML policy language. It establishes a standard means to express policies and functions within the XACML construct used to support a Role-Based Access Control (RBAC) function within the context of the NCES Information Assurance subsystem.

1013KB

08 Apr 2008

Definitions

From NSA/CSS Policy 10-11, Dated 4 May 2006
Standards: Common and repeated use of rules, conditions, guidelines, or characteristics for products or related processes and production methods, and related management systems practices.

Standards Profiles: A compilation of standards citations that drive a specific program/project’s requirements. Rather than having each NSA/CSS program/project attempt to encompass all DOD mandates and other industry standards, the Standard Profile is a customized subset of these standards that apply to the effort’s unique operational, system, and technical “footprint.” In this manner, programs/projects will include the appropriate set of standards into their requirements baselines at key points in their life cycles.

  

Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009

  
bottom
National Security Agency / Central Security Service