f773e247e1696db8292b1ef58abc4dcb.ppt
- Количество слайдов: 6
Superannuation Data & Payment Standards Security Domains & Credentials Discussion Paper Technical & Architecture Sub-group Philip Hind National Program Manager Data Standards & E-Commerce Australian Taxation Office March 2013
This paper is for discussion only at today’s meeting. 2
Security Management Principles Threat and risk assessment § Management of Super. Stream transactions should be based on threat and risk assessments conducted by each fund § Potential vulnerabilities associated with Super. Stream messaging should be dealt with as for any other security risk § Based on risk appetite, security controls should be based on managing security risks to agreed tolerances Super. Stream data standard § The standard does not specify an end-to-end set of controls. Messages are secured at a transport layer (SSL transient security) and authentication level. § The standard provides a baseline and some tools for managing security, not a complete solution Best practice controls § Generating higher awareness around these issues and highlighting best practices could be provided as ‘informal guidance’ by the TA Sub-group, if it so decided § This could include designing for a control environment which includes: § § § Only accepting known message senders (white lists, black lists) Packet inspection in DMZ Business rule, validation and reconciliation processes Data centre and other physical control measures Business continuity planning 3
Security Domains 4
Implementation Options Option 2 Option 1 Option 3 n Fund-to-gateway (also fund-to-fund) Require all APRA funds to use Require only large APRA funds Allow each fund to select option digital signature and encryption to use digital signature and based on risk appetite n Gateway-to-gateway Require all gateways to inter- encryption operate using digital signature and encryption n Employer-to-gateway (also employer-to-fund) Allow each employer to select Require ‘Large Volume’ profile to Require ‘Large Volume’ and ‘High option based on risk appetite use digital signature and End’ to use digital signature and encryption 5
Security Credentials n Gateway-to-gateway n Gateway-to-fund (also fund-to-fund) Option 1 a Gateway providers must use PKI-based certificate authentication for all inter-gateway communication. This certificate should be based on the [Symantec Managed PKI Service][1] Option 2 a Funds must use PKI-based certificate authentication for all rollover communication and on-forwarding of contributions. This certificate should be based on the [Symantec Managed PKI Service][1] Option 1 b Option 2 b Funds must use PKI-based certificate authentication for all rollover communication and on-forwarding of contributions. This certificate should be based on the [Symantec Managed PKI Service][1] and one other approved certificate provider. Gateway providers must use PKI-based certificate authentication for all inter-gateway communication. This certificate should be based on the [Symantec Managed PKI Service][1] and one other approved certificate provider. [Note: employers can ‘opt in’ to digital certificates but face no mandatory requirement]. http: //www. symantec. com/en/au/products-solutions/families/? fid=user-authentication The choice of supplier is indicative of a viable solution and should be subject to appropriate due diligence having been performed, including comparison of alternative suppliers of equal standing and reputation. [1] 6