Key Management Infrastructure (KMI)

Abstract

A. Mission Description and Budget Item Justification Project DV4, Key Management Infrastructure (KMI) supports the Army's Network Modernization Strategy Lines of Effort (LOE) 1 Network Enablers Functions. Communications Security (COMSEC) is governed by the Chairman of the Joint Chiefs of Staff Instruction (CJCSA) 6510. In order to ensure Warfighters continue to have secured communications (i.e., encrypted data and voice), Army communications systems are required to support modern cryptographic capabilities by implementing modern algorithms. The Army's Mission Command Network Modernization Implementation Plan states that LOE 1 to be a Unified Network which includes the attributes of being, "Protected, Resilient, Survivable" which Communications Security (COMSEC) is the Army's implementation of NSA protections to achieve LOE 1. KMI is foundational to the Army's Network Enabling Functions (Key Management Infrastructure). The Army Key Management Infrastructure (AKMI) is the Army's implementation of the National Security Agency's (NSA) Key Management Infrastructure (KMI) ACAT IAM program. AKMI supports Department of Defense (DoD) Global Information Grid (GIG) Net Centric and Cryptographic Modernization Initiatives (CMI) and supports emerging requirements transitioned from the Army Key Management System (AKMS). AKMI automates the functions of Communications Security (COMSEC) electronic key management, control, planning, and distribution. AKMI supports the Army's ability to communicate and distribute data on the Army's tactical and strategic networks by limiting adversarial access to, and reducing the vulnerability of, Army Command, Control, Communications, Computers, Intelligence (C4I) systems. The AKMI Program includes the Management Clients (MGC) nodes, Automated Communications Engineering Software (ACES) and Next Generation Load Device (NGLD) Family of devices to include the NGLD Small, Medium and Large. AKMI provides an integrated, operational environment that brings essential key management functions in-band. Objective AKMI will leverage NSA KMI program to provide secure software provisioning, will support legacy and modern End Cryptographic Units (ECU)s, simplifies all aspects of key provisioning and ECU management with traceability to individuals, expands operations to DoD unclassified networks, North Atlantic Treaty Organization (NATO) and Coalition users, automates manual business processes to increase Soldier efficiency, transforms key delivery from manual to an automate enterprise service and will provide an Over the Network Keying (OTNK) capability to support CMI. One of the major enhancement in the AKMI architecture is the ability to leverage the various capabilities and services from NSA KMI. The end state for the Army is to leverage AKMI capabilities (OTNK, Mission Plan/Mission Support System (MP/MSS), Delivery Only Client (DOC), Client Host Only (CHO)) to increase automation, reduce soldier oversight, manage, and deliver key products to the tactical edge up through strategic ECU's. The objective AKMI capabilities will be found in all of the products across the AKMI product line to include MGC, ACES and NGLD family of fill devices. NGLD family will be an enduring solution to bridge the gap until legacy ECUs are fully modernized. The Next Generation Load Device - Medium (NGLD-M) is scheduled to replace the AN/PYQ-10A and AN/PYQ-10A(C), Simple Key Loader (SKL). The NGLD-M will conduct the Army's key fill mission by issuing, filling, and managing Cryptographic keys to both legacy and future KMI aware End-Cryptographic Units (ECUs). This technology requires RDT&E investment to meet the requirements outlined in the NGLD Capability Production Document (CPD). This effort is proposed as an Acquisition Category III (ACAT III). Program of Record (POR). Testing of this device will also require development funds and culminate in a user test during FY22. The NGLD-Medium (NGLD-M) is reliant on the Reprogrammable Single Chip Universal Encryptor (RESCUE), a new KMI-compliant cryptographic engine that is currently being developed by CERDEC S&TCD. This product culminates in a government owned technical data package supporting Cryptographic Modernization requirements. The NGLD-M is a key transition partner for this technology. Further uses of this product are anticipated across Army and other services require reprogrammable Cryptographic requirements. NSA certification is expected during FY19.

Document Details

Document Type

Project

Publication Date

Oct 01, 2020

Source ID

DV4_0303140A_7_2040_PB_2020

Tags

Related Documents

• Root: Information Systems Security Program
• Child Accomplishment: RESCUE Development, Evaluation, and NSA Certification
• Child Accomplishment: NGLD Medium Development and NSA Certification
• Child Accomplishment: NGLD-M Test & Evaluation
• Child Cost Item: 360544d7d69524d6f1c9e5c267fc8cac
• Child Cost Item: b400585957ae6f84a93898fba023a439
• Child Cost Item: 5038d680e5c2f02e9cddca95c4dfd93f
• Child Cost Item: 262fca90ce245b652fdc2de812627318