Information Assurance Menu

About IA at NSA Partners Rowlett Awards Award Recipients Background Nomination Procedures Links IA Client and Partner Support IA News IA Events IA Guidance Media Destruction Guidance Security Configuration Guides Applications Archived Guides Cisco Router Guides Database Servers Fact Sheets IPv6 Operating Systems Apple Mac Operating Systems Linux Microsoft Windows Sun Solaris Supporting Documents Switches VoIP and IP Telephony Vulnerability Technical Reports Web Server and Browser Guides Wireless Standards Profiles System Level IA Guidance TEMPEST Overview TEMPEST Products: Level I Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Products: Level II Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Company POCs Certified Suspended Terminated TEMPEST Zoned Equipment IA Academic Outreach National Centers of Academic Excellence in IA Education CAE/IAE Program Criteria CAE-R Program Criteria Colloquium Institutions SEAL Program Applying FAQs IA Courseware Evaluation Program Institutions FAQs Student Opportunities IA Business and Research IA Business Affairs Office Certified Product Sales and Support Commercial COMSEC Evaluation Program Commercial Satellite Protection Program Independent Research and Development Program User Partnership Program National IA Research Laboratory Partnerships with Industry NIAP and COTS Product Evaluations IA Programs Global Information Grid High Assurance Platform Releases Computing Platform Architecture and Security Criteria IA Training and Rating Program Inline Media Encryptor Suite B Cryptography IA Careers Contact Information
.
Skip Search Box

High Assurance Platform Program

HAP LogoThe High Assurance Platform (HAP) Program is a multi-year NSA program with the vision to define a framework for the development of the "next generation" of secure computing platforms. NSA conducts this effort in collaboration with industry, academia, and other government organizations.

The secure computing platforms defined by this program will couple emerging commercial-off-the-shelf (COTS) security technologies with a variety of assurance techniques. The results will enable commercial vendors to develop assurable secure, manageable, and usable computing platform component products to a common vetted design and will enable integrators to deliver COTS-based assurable commercial solutions to operational users.

The HAP Program Vision
Define a framework for the development of the next generation of secure computing platforms.

What Drives Our Vision?

Recent security-relevant advances in commercial hardware technologies motivated the HAP Program vision. These advances offer the possibility that improvements in assurance and usability will be more affordable than in the past.

For example, hardware-based security mechanisms can create a means to substantiate the trust users place in the hardware, software and firmware of the underlying computing platform. Together with open standard protocols, these mechanisms can enable implementation of endpoint integrity to address the sophisticated, ubiquitous platform-level threats that exist in today's computing environments. Other relevant hardware advances include separation/isolation technologies, secure enterprise management/provisioning of platforms, and support for secure collaboration.

HAP Program Objectives

As the program manager for this effort, NSA will define, scope, and manage the execution of the various activities involved in realization of the HAP Program vision. The specific objectives are to:

  • Provide a secure computing platform execution environment for operational users - a trusted and measured foundation upon which service and application infrastructures can be hosted. Specifically, the environment is able to:
    • Host multiple security domains on a common computing platform base. A security domain can be associated with information, organizations, processes, coalitions, etc. The computing platform will provide a foundation for security domain separation and management to support organizations' particular policies and operational contexts. It will provide an execution context within which the security domains can coexist without unintended interaction.
    • Enable collaboration across the domain boundaries. The computing platform will support enforcement of information flow connections across domain boundaries. Collaboration will be further enabled by including capabilities for the dynamic creation, modification, and destruction of collaboration execution environments as necessitated by operational requirements.
  • Enable technology integrators to compose cost-effective assurable platform instances from COTS components. Each of the many ways the computing platform architecture can be configured is a platform instance. A particular platform instance can be optimized to address a given set of operational requirements and constraints. The assurability of the platform instance will be made possible by a framework that defines ways to combine assured and other COTS components.
  • Enable COTS technology developers to build assurable platform components. Platform components are the individual parts used to compose a platform, which conforms to the HAP Program framework. Platform components include hardware, software, and firmware, and equate to the physical platform resources (processor, memory, processor chipset, I/O devices) and the software/firmware that manage the hardware (virtual machine monitors, operating systems, drivers, etc).

Definitions

Although security is paramount for NSA, we must not overly constrain usability and manageability when engineering security into the platform. The HAP Program regards a secure, manageable, and usable platform in the following terms:

  • Secure: For a given environment, sufficient assurance exists to ensure that the functions and mechanisms that enforce or contribute to the enforcement of the policies governing confidentiality, integrity, and availability are necessary, correct, and complete. Additionally, the strength of these functions and mechanisms are appropriate for the given environment.
  • Manageable: Sufficient interfaces and capabilities exist to support both local and remote (e.g., via a network) platform monitoring and provisioning.
  • Usable: The platform provides all the above while meeting users' mission requirements in terms of application programs, interoperability, form factor, requirements associated with performance, size, weight and power (SWaP), and cost.

Concurrent Efforts

The HAP Program also manages complementary, concurrent efforts through which the program vision and objectives are to be achieved.

  • Definition of the Secure Computing Platform
    HAP Program activities include concept assessment and development, technology assessment and development, and collaboration with subject matter experts in government, industry, academia and user communities. The intent is to establish clear guidelines and requirements for developing assurable platform components and for composing assurable platforms from those components.

Incremental Demonstration and Delivery

The HAP Program engages operational organizations to define and develop mission-oriented solutions that serve organizational needs while demonstrating platform concepts. These demonstrations are referred to as HAP Program Releases.

 

Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009

  
bottom
National Security Agency / Central Security Service