Navy weighs NMCI portal security

The Navy is considering using one standard portal product that will help control individuals' access to applications the Navy will place on its $6.9 billion intranet.

Users logging on to the Navy Marines Corps Intranet, which will tie together on one network the Navy's shore-based organizations, would obtain access to the intranet using a common access card.

The Web-based portal product would replace the Navy's costly effort to develop a public-key infrastructure for all applications accessible over NMCI. The portal product would require users logging onto the network to rely on a common access card, which is inserted into a PC Card reader, to access applications. Under this scenario, the portal itself would be PKI-enabled, but the portal would work as a handshake with the access card, verifying the card and reading what applications the user has permission to access.

"I never have to PKI-enable the application" using the portal, said Ron Turner, deputy CIO at the Navy for infrastructure, systems and technology. "That's something we're looking at investing in heavily."

Without a Web-based portal product, the Navy would have had to develop PKI for every application, a costly and time-consuming effort. The Defense Department has required all services to PKI-enable all applications by 2003, many of which are on legacy systems. Navy officials believe the portal and access card will meet the DOD guidelines.

Turner said that, from a CIO perspective, the Navy would like to have one portal product, but he is not sure if the technology is available yet.

The Navy hopes the first Web-based portal — a so-called splash screen that would push out software upgrades to onshore bases — will be available in June, said Capt. Chris Christopher, Navy deputy program executive officer for IT. The splash screen will be a native Extensible Markup Language portal built from the ground up.