2. STRATEGIC TRANSITION TO MLS

	2.1	NN-50 Strategic Transition Plan
	2.2	NN-50 Network Transition Phases
	2.3	NN-50 Network Security Policy
	2.4	Network Phase-Specific Security Requirements

2.1 NN-50 Strategic Transition Plan

A strategic transition plan was developed by LMES to support the NN-50 migration from separate stand-alone networks to a single, high-speed MLS network. Given the magnitude of the task (in terms of costs and logistics) and the number of information users affected by the change, a phased approach is planned which will take several years to fully implement. The strategic transition plan increases the likelihood of a manageable migration that will:

support required information and computer security as defined in DOE orders and guidelines;

utilize new security technologies as appropriate to enhance operations and reduce required human intervention for implementing security requirements, where possible;

validate classification of message content;

provide options for implementation based on available resources;

minimize interruption to NN-50 work activities during the installation and implementation of the network; and

enhance productivity through greater information availability within security constraints.

Five transition phases were identified, reducing expenditures during a given fiscal year and allowing for the maturation of MLS security technologies. Efforts will be made to maintain compatibility and minimize the "throw-away" of hardware and software used for a prior phase of operation. The strategic transition plan identified the general security requirements for each of the phases and will be revised as required to reflect changes in DOE orders, the NN-50 environment, and available technology.

	to Sect. 2 menu

2.2 NN-50 Network Transition Phases

The five transition phases present an orderly migration of operations.

Phase 1: Separate classified and unclassified LANs with no connectivity [complete].

Phase 2: Separate classified and unclassified LANs, with one-way information flow from the unclassified LAN to the classified LAN [testing].

Phase 3: Separate classified and unclassified LANs with two-way information flow between the LANs [testing].

Phase 4: Single multilevel network with multiple single-level resources.

Phase 5: Single high-speed multilevel network with multilevel and single-level resources.

	to Sect. 2 menu

2.3 NN-50 Network Security Policy

The NN-50 LAN security requirements will reflect applicable DOE orders, standards, and regulations as well as good security practices. The general security policy will consist of the following elements:

All users must possess the proper clearance and authorization (need-to-know) to access information.

All authorized users must be able to access information where needed tp dp their jobs.

Only authorized modifications to data must be allowed.

All authorized users must be accountable for all actions associated with them (both direct actions and those initiated by systems or networks in response to their actions).

Information must be protected in accordance with DOE orders.

Information owners must define the information classification and sensitivity level.

	to Sect. 2 menu

2.4 NN-50 Network Phase-Specific Security Requirements

Security policies dictate security requirements. Detailed security requirements are defined in a phase-specific implementation plan. Security requirements are met by various combinations of hardware, software, and procedures. Alternative architectures for each phase are also considered, if necessary. These alternatives must support movement toward the end goal of a single MLS network. If a particular product is not going to be available in a timely manner or its functions change from those originally anticipated, other alternatives are identified.

	for Article		Section		to Conference Proceedings Page