Example: New Jersey ISE
The following series of hypothetical use cases illustrates how various agencies might use the various capabilities of the Assertion-Based Architecture (ABA) in relation to the establishment and use of the New Jersey Information Sharing Environment (NJ ISE). We present the following use cases.
- Establishment of Policy Requirements for Participation in the NJ ISE
- Proof-of-Satisfaction of the NJ ISE Participation Requirements
- Establishment of a Legal Agreement Template for NJ ISE Participation
- Execution of the NJ ISE Legal Agreement
- Development of a Policy for a New Pairwise Info Sharing Relationship
- Proof-of-Satisfaction of the Policy for a New Pairwise Info Sharing Relationship
- Use of Prior Assessment Results for a New Mission
- Verification of Mission Partner Conformance to Mission Policy Requirements
- Discovery of Mission Partner Security Nonconformance and Subsequent Risk Assessment
Note that these use cases form a logical progression, with later use cases building upon work completed as part of the earlier use cases. Note also that while these use cases contain names of actual agencies, the use case details presented are fictional.
Suppose that the State of New Jersey (NJ) wants to establish a statewide ISE, called the NJ ISE, through which to share sensitive data among many state and local agencies — including law enforcement, emergency responders, and others — in support of agency missions and threats that may arise. As a first step, the participating agencies may want to collaborate and develop a set of participation requirements in the form of a policy to which all NJ ISE participant agencies must conform. This set of requirements likely would need to cover basic topics of importance for trusted information sharing, such as security, identity, privacy, and interoperability.
To accomplish their goal of developing this policy, the members of this newly formed NJ ISE Community would establish a new community workspace within the Assertion Authoring and Publishing Capability (AAPC), within which to define and reach consensus on their requirements. Within their new AAPC workspace, they would use the Assertion Definition (AD) and Assertion Profile (AP) authoring tools to rigorously define their requirements. As part of their policy development process, they also would make use of AAPC search and discovery tools to identify policy primitives (i.e., pre-existing ADs and APs) that were previously developed by other communities but applicable to the NJ ISE Community. After they reach consensus on their set of member requirements, they would likely want to publish the requirements as a NJ ISE Participation Profile document. This profile, published in the form of an AP, would contain the set of baseline requirements for all agencies that want to participate in the NJ ISE.
Suppose that the New Jersey State Police (NJSP) wants to participate in the NJ ISE in support of its statewide law enforcement mission. But before it can participate, NJSP must demonstrate conformance to the NJ ISE Participation Profile developed and published in the prior use case. Suppose also that the NJ ISE Participation Profile allows for self-attestation of conformance, i.e., assume third-party attestation is not required. In this scenario, NJSP can prove that it satisfies the NJ ISE Participation Profile through the following series of steps.
- NJSP can leverage the Assertion Assessor Capability (AAC) — and in particular, the AAC Self-Assessment Onboarding Program — to become a Qualified Self-Assessor.
- NJSP can then use the AAC Assertion Assessment Management Capability (AAMC) to perform the necessary internal self-assessment steps to demonstrate conformance to the NJ ISE Participation Profile, and publish a series of assertions based on this assessment process.
- NJSP can finally publish its assertions and bind those assertions to its operational systems using the Service Endpoint and Assertion Registry (SEAR) within the Assertion Operational Infrastructure Capability (AOIC), so that partners within the NJ ISE can determine that NJSP does indeed satisfy the profile.
Other state and local agencies in NJ can also follow this same process to perform self-assessments and publish assertions about themselves.
Note that if the NJ ISE Participation Profile required third-party attestation of conformance rather than self-attestation, then agencies could still leverage the AAC and AOIC, albeit with assistance from one or more Qualified Third-Party Assessors.
Suppose that the NJ ISE Community has developed a NJ USE Participation Profile using the AAPC, as discussed in Use Case #1. Suppose also that the community has identified a need for each NJ ISE participating agency to also sign a multi-party Memorandum of Agreement (MOA) with the other agencies. In this case, the members of the NJ ISE Community can use the Information Sharing Agreement Builder Capability (ABC) to develop a new NJ ISE MOA Template and vet its language among the community members.
Suppose that the NJ ISE Community has developed a NJ ISE MOA Template as discussed in the prior use case, and each NJ ISE participating agency must now sign it. Each signatory can use the ABC to execute the agreement and record its signature for the benefit of its partner agencies.
Suppose that NJSP and the Pennsylvania State Police (PSP) identify a threat that necessitates the establishment of a new pairwise, reciprocal information sharing relationship between them. As a first step towards establishing this relationship, NJSP and PSP may want to come together to develop policy requirements to help ensure that the data exchanged between them is shared and safeguarded properly. Suppose also that NJSP already participates in the NJ ISE and is familiar with its policy requirements as defined in the NJ ISE Participation Profile.
NJSP and PSP can develop the new set of policy requirements for their new pairwise relationship using the AAPC, just as the NJ ISE Community did for Use Case #1. But in this case, NJSP and PSP can start with the NJ ISE Participation Profile, making minor changes and adding new requirements where necessary, and thereby leveraging the prior work completed by the NJ ISE Community. Suppose that they subsequently publish their new set of requirements as an AP called the Cross-Jurisdiction Law Enforcement Data Sharing Profile. Thanks to the reuse of previously developed requirements, the total cost (time, materials, etc.) to develop the new profile likely would be a small fraction of the development cost for the NJ ISE Participation Profile.
Suppose, as previously discussed in Use Case #2, that NJSP already demonstrates proof of satisfaction for the NJ ISE Participation Profile. Also suppose, as discussed in Use Case #5, that NJSP has developed a new Cross-Jurisdiction Law Enforcement Data Sharing Profile in conjunction with PSP. As we noted, there is likely substantial overlap — but not complete overlap — between the two profiles.
Suppose that NJSP wants to determine precisely how much new assessment work will be required to demonstrate that it satisfies the Cross-Jurisdiction Law Enforcement Data Sharing Profile, given the prior assessment work already completed to satisfy the NJ ISE Participation Profile. To answer this question, NJSP can use the AOIC‘s SEAR Gap Analysis Tool to analyze the two profiles and compute the precise “delta” between them, in terms of specific additional assessment steps and assertions required.
Suppose, as discussed in Use Case #5, that NJSP and PSP have used the AAPC to establish a Cross-Jurisdiction Law Enforcement Data Sharing Profile that they want to use for secure, bidirectional trusted exchange of law enforcement data between their respective agencies. Suppose also, as discussed in Use Case #2, that NJSP has already used the AAC to demonstrate satisfaction of many of the components of this profile through its prior work within the NJ ISE, and that NJSP’s previously generated assertions are already published within the AOIC SEAR.
To demonstrate conformance to the Cross-Jurisdiction Law Enforcement Data Sharing Profile, NJSP need not undergo a new assessment for every requirement specified in the profile. Instead, NJSP can leverage its prior assessment results and perform only the assessment steps indicated by the SEAR Gap Analysis Tool in Use Case #6. NJSP can then publish its new assertions and bind them to its live system endpoints within the AOIC SEAR. Thus, by performing a limited amount of additional work, NJSP can demonstrate satisfaction of the requirements stipulated by an entirely new trust profile.
Suppose, as discussed in Use Case #5, that NJSP and PSP have used the AAPC to establish a Cross-Jurisdiction Law Enforcement Data Sharing Profile. Suppose also that both agencies have used the AAC to undergo assessments and demonstrate satisfaction of the requirements, and that they both have used the AOIC SEAR to publish and bind assertions based on those assessments. Now, given the appropriate system endpoint identifiers (e.g., system endpoint URLs) where the NJSP and PSP assertions have been published and bound, each agency can use the AOIC SEAR Gap Analysis Tool to independently and automatically verify that the other agency has the necessary assertions to satisfy their mutually-agreed-upon profile.
Suppose that NJSP is participating in the NJ ISE, and that each NJ ISE participant agency is required to demonstrate its conformance to the NJ ISE Participation Profile by undergoing appropriate assessments and publishing appropriate assertions based on those assessments. Now, NJSP (or any participating NJ ISE agency) can use the AOIC SEAR Pub/Sub Tool to subscribe to real-time updates about any assertions issued to its NJ ISE partner agencies. In the event that one of its NJ ISE partner agencies falls out of conformance to the NJ ISE Participation profile, and one or more of its assertions are revoked as a result of such nonconformance, NJSP can be alerted immediately and can take appropriate action based on its risk tolerance given the value of its information sharing relationship with the affected partner agency. So, for example, if the degree of nonconformance is relatively minor or the information sharing relationship is critical to an ongoing high-priority mission, NJSP could choose to continue trusting the nonconforming partner agency despite its nonconformance. But, on the other hand, if the degree of nonconformance is substantial or NJSP is not currently involved in any high-priority data exchanges with the nonconforming agency, then NJSP could suspend its relationship with the agency until the nonconformance is rectified.