The purpose of this form is to validate those sites with presence on the Defense Research and Engineering Network (DREN) and/or Secret Defense Research and Engineering Network (SDREN) are properly aligned with an accredited Tier 2 Cybersecurity Service Provider (CSSP) in accordance with DODI 8530.01, March 7, 2016, Incorporating Change 1, July 25, 2017. The required Cybersecurity activities include, but are not limited to: (1) Vulnerability and Analysis, (2) Vulnerability Management, (3) Malware Protection, (4) Information Security Continuous Monitoring (ISCM), (5) Cyber Incident Handling, (6) DODIN User Activity Monitoring (UAM) for DoD Insider Threat Program, and (7) Warning Intelligence.
HPC CSSP Validation Form (Updated 18 July 2022) [PDF - Reader Enabled Version]
The ASD-C3I announced the Department of Defense (DoD) Ports and Protocol Program (PNP) with the release of the 28 January 2003 memorandum entitled DoD Ports, Protocols, and Services Increasing Security at the Internet/DISN Boundary. This program represents a fundamental change in the DoD Computer Network Defense (CND) philosophy, replacing the current CND philosophy of "Deny by exception" with "Permit by exception". While the memorandum identifies only NIPRNET, DREN has maintained a comparable security posture and intends to maintain a security posture which will be comparable with the NIPRNET security posture, while continuing to support the Science and Technology community.
Program Plan
The High Performance Computing Modernization Program (HPCMP) has designated a point of contact (POC) to the Joint Task Force - Computer Network Operations (JTF-CNO). The POC is responsible for consolidating a list of automated information systems (AIS) required to support the Research and Development, Test and Evaluation, Modeling and Simulation and other Science and Technology Communities, including the protocols and/or ports utilized, as well as the technical necessity. This information will be uploaded into a DoD PNP Registration System. This information is provided to the DISN Security and Accreditation Working Group (DSAWG). The DSAWG will either approve or disapprove a system and its associated protocols and/or ports. If a request was not submitted, or the HPCMP POC disapproves, or the DSAWG disapproves the request and is not further adjudicated at a higher level, the JTF-CNO will direct HPCMP to deny any inbound packets over that port and/or protocol at the Internet Network Access Points (NAPs).
Program Execution
The timeline for the initiative began with the USSTRATCOM memorandum entitled Increasing Security at the Internet-Niprnet Boundary (Ports and Protocol Program) released February 13, 2003.
The DSAWG will evaluate requests prior to the implementation of any port/protocol blocks. The JTF-CNO will query the PnP Registration System for any requests that were submitted relevant to upcoming port ranges or protocol blocks. A port/protocol will be blocked if
- No requests for a port/protocol was submitted to the DoD PNP Registration System.
- HPCMP POC disapproves port/protocol due to conflict with existing port Blocking action.
- A request was submitted but was denied by the DSAWG.
Should the DSAWG approve a request then the associated ports/protocol will remain open for 12 months and will be reevaluated after that time. Component must ensure that the PNP registration system is maintained, to ensure that, should another combatant command, service, agency, or field activities request be disapproved at a later date, their mission critical ports/protocols are not closed.
Timeline
- 28 January 2003 - ASD-C3I release memorandum
- 12 February 2003 - ASD-C3I suspense to Components to provide JTF-CNO with PNP POCs
- 13 February 2003 - USSTRATCOM releases memorandum
- 13 March 2003 - Suspense or Component submitting PNP Waiver Requests to DoD PNP database
- 16 April 2003 - JTF-CNO directs blocking initial ports (1024 - 1000)
- Schedule bimonthly JTF-CNO directs additional port blocks based on success of initial blocks.
References
DoD Ports, Protocols and Services Security Technical Guidance
Firewall Guidance
- Listing of well-known port numbers and associated services
- Listing of well-known Transport Layer protocols
- DOD Instruction 8510.01 DoD Information Assurance Certification and Accreditation Process (DIACAP)
- DoD Directive 8500.1 Information Assurance
- DoD Instruction 8500.2 Information Assurance Implementation
- US-CERT: Control Systems Security Program
Ports and Protocols Registration Contact Information
DREN Operations
Commercial Phone: 703-812-4400
E-Mail: dren-ops [at] hpc.mil
Ports, Protocols and IP Address Exception Requests:
DREN Port and Protocol Exception Request Form (updated 01/05/2017)
Submit Exception Request to dren-ops [at] hpc.mil
Registration and adjudication questions:
DREN Operations
Commercial Phone: 703-812-4400
E-Mail: dren-ops [at] hpc.mil
HPCMP Security Action Officer
Commercial Phone: 703-812-4400
“Anything-as-a-Service (Xaas)”, also called “Everything-as-a-Service (also XaaS)”, refers to any service, function or resource accessed over a network where the access methods used remain the same whether that network is a local network, wide area network, or the Internet. The article “Everything as a Service – Does it Really Work?” provides additional information.
Other than “Network-as-a-Service (NaaS)”, many XaaS offerings are beyond the scope of the Software-Defined Networking (SDN) knowledge base. It is worth noting that as is the case for SDN, such offerings are built with virtualization technology. It is also worth noting that use of the phrase "as-a-Service" has been coming for a long time (see this article), and may even have gotten out of hand long ago, as the article Is PaaS Passe yet? observed over fifteen years ago!! It is even being used to describe services provided by banking and construction companies, as shown by this article.
A partial list of services provided by computing hardware, computing software and computing services companies includes:
- Analytics-as-a-Service (AaaS),
- Application-Programming-Interface-(API)-as-a Service (APIaaS),
- Application-Delivery-as-a-Service (ADaaS, see Software-as-a-Service),
- Application-Platform-as-a-Service (APaaS),
- Artificial-Intelligence-as-a-Service (AIaaS),
- Authentication-as-a-Service (also AaaS),
- Backend-as-a-Service (BaaS),
- Backup-as-a-Service (also BaaS),
- Big-Data-as-a-Service (BDaaS),
- Blockchain-as-a-Service (also BaaS),
- Business-Process-as-a-Service (BPaaS),
- Communications-as-a-Service (CaaS),
- Communications-Platform-as-a-Service (CPaas),
- Compliance-as-a-Service (also CaaS),
- Connectivity-as-a-Service (also Caas),
- Containers-as-a-Service (also CaaS),
- Content-as-a-Service (also CaaS),
- Data-as-a-Service (DaaS),
- Database-as-a-Service (DBaaS),
- Data-Center-as-a-Service (DCaaS),
- Data-Center-Management-as-a-Service (DMaaS),
- Data-Lake-as-a-Service (DLaas),
- data-Platform-as-a-Service (dPaaS, see Big-Data-as-a-Service)
- Data-Protection-as-a-Service (also DPaaS)
- Data-Warehouse-as-a-Service (DWaaS),
- Desktop-as-a-Service (DaaS),
- Device-as-a-Service (also DaaS),
- Disaster-Recovery-as-a-Service (DRaaS),
- Domain-Name-Service-as-a-Service (DNSaaS or DNS-as-a-Service),
- Early-Warning-as-a-Service (EWaaS),
- Edge-as-a-Service (Eaas)
- Email-as-a-Service (also called EaaS),
- Environment-as-a-Service (also called EaaS),
- Firewall-as-a-Service (also called FaaS),
- Framework-as-a-Service (also called FaaS, which became Platform-as-a-Service [PaaS]. See PaaS),
- Function-as-a-Service (FaaS),
- Hadoop-as-a-Service (HaaS, see Big-Data-as-a-Service),
- Hardware-as-a-Service (also HaaS),
- Identity-and-Access-Management-as-a-Service (IAMaaS),
- Identity-as-a-Service (IDaaS, also known as IaaS, see Identity-and-Access-Management-as-a-Service),
- Incident-Management-as-a-Service (IMaas),
- Information-Technology-as-a-Service (ITaaS),
- Information-Technology-(IT)-Service-Management-as-a-Service (ITSMaaS),
- Information-Technology-Monitoring-as-a-Service (ITMaaS, see Monitoring-as-a-Service),
- Infrastructure-as-a-Service (IaaS),
- Infrastructure-Management-as-a-Service (IMaaS), also called Remote-Infrastructure-Management (RIM),
- Integration-Platform-as-a-Service (iPaaS),
- IoT-as-a-Service (IoTaaS),
- Knowledge-as-a-Service (KaaS),
- Machine-Learning-as-a-Service (MLaaS),
- Managed-Cloud-as-a-Service (MCAAS)
- Managed-Content-as-a-Service (see Content-as-a-Service),
- Market Research-as-a-Service (MRAS),
- Metal-as-a-Service (MaaS),
- Middleware-as-a-Service (MWaaS),
- Mobile-Backend-as-a-Service (MBaaS), see Backend-as-a-Service),
- Mobility-as-a-Service (MaaS),
- Monitoring-as-a-Service (also MaaS),
- Network-as-a-Service (NaaS), also called Networking-as-a-Service or Network-as-a-Subscription,
- PC-as-a-Service (see Device-as-a-Service),
- Personal-Computer-as-a-Service (PCaaS, see Device-as-a-Service),
- Platform-as-a-Service (PaaS),
- Quantum-as-a-Service (QaaS)
- Rapid-App-Platform-as-a-Service (APaaS, see Application-Platform-as-a-Service),
- Recovery-as-a-Service (RaaS, see Disaster-Recovery-as-a-Service),
- Robot-as-a-Service (also RaaS),
- Robotics-as-a-Service (see Robot-as-a-Service),
- Search-as-a-Service (SaaS),
- Security-as-a-Service (also SaaS),
- Security-Monitoring-as-a-Service (SMaaS, see Security-as-a-Service),
- Software-as-a-Service (also SaaS),
- Storage-as-a-Service (STaaS, also SaaS, a type of Cloud Storage),
- Technology-as-a-Service (TaaS)
- Test-Data-as-a-Service (TDaaS),
- Testing-as-a-Service (TaaS), also called On-Demand Testing,
- Time-as-a-Service (TaaS),
- Training-as-a-Service (also TaaS),
- Unified-Communications-as-a-Service (UCaaS),
- Windows-as-a-Service (WaaS),
- Workplace-as-a-Service (also WaaS),
- Workspace-as-a-Service (also WaaS), and
- eXtended Detection and Response (XDR).
Additional examples of “XaaS” offerings are described here, including the following:
- Beaconing-as-a-Service (also BaaS),
- Biometric Authentication-as-a-Service (BioAaaS),
- Business Integration-as-a-Service (BIaaS),
- Business Intelligence-as-a-Service (also BIaaS),
- Cashier-as-a-Service (also CaaS),
- Climate Analytics-as-a-Service (CAaaS).
- Confidentiality-as-a-Service (also CaaS),
- Content Distribution-as-a-Service (CoDaaS),
- Cooperation-as-a-Service (also CaaS),
- Crimeware-as-a-Service (also CaaS),
- Data Integrity-as-a-Service (DIaaS),
- Data Mining-as-a-Service (DMAS, also DMaaS),
- DDoS-as-a-Service (DDoSaaS),
- Description-as-a-Service (DESCaaS),
- Digital Forensics-as-a-Service (DFaaS),
- Digital Intellectual Property Resources-as-a-Service (DIPaaS),
- Disaster Tolerance-as-a-Service (DTaaS),
- Education and learning-as-a-Service (ELaaS),
- Energy-as-a-Service (also EaaS),
- Exploits-as-a-Service (also EaaS),
- Failure-as-a-Service (also FaaS),
- Failure Scenario-as-a-Service (FSaaS),
- Fault Masking-as-a-Service (FAS, also FMaaS),
- Financial Modeling and Prediction-as-a-Service (FMPaaS),
- Forensics-as-a-Service (FRaaS),
- Gaming-as-a-Service (GaaS),
- Handwritten Character Recognition-as-a-Service (HCRaaS),
- HPC-as-a-Service (HPCaaS),
- Intrusion Detection-as-a-Service (also IDaaS),
- Laboratories-as-a-Service (LaaS),
- Manufacturing-as-a-Service (MFGaaS),
- Mobility Prediction-as-a-Service (MPaaS),
- Object-as-a-Service (ObaaS),
- Ontology-as-a-Service (OaaS),
- Policing-as-a-Service (PolaaS),
- Policy Management-as-a-Service (IPMaaS),
- Proximity-as-a-Service (ProxaaS),
- RAN-as-a-Service (RANaaS),
- Risk-Assessment-as-a-Service (RAaaS),
- Routing-as-a-Service (also RaaS),
- Secure Logging-as-a-Service (SecLaaS),
- Sensing and Actuation-as-a-Service (SAaaS),
- Sensing-as-a-Service (also SaaS),
- Smart City-as-a-Service (SCaaS),
- Social Context-as-a-Service (SoCaaS , also SCaaS),
- Software Development-as-a-Service (SDaaS),
- Supply Chain-as-a-Service (also SCaaS),
- Test-Bed-as-a-Service (TBaaS, also TaaS),
- Things-as-a-Service (ThiaaS),
- Threat-as-a-Service (ThraaS, also TaaS),
- Ticketing-as-a-Service (TicaaS, also TaaS),
- Trust-as-a-Service (TraaS, also TaaS),
- Variability-as-a-Service (VaaS), and
- Virtual cluster-as-a-Service (ViteraaS).
Return to the SDN FAQ page.
Implementation of the fourth generation Defense Research and Engineering Network (DREN), appropriately named “DREN 4”, was completed in June 2023. DREN 4 supports the High Performance Computing Modernization Program (HPCMP) networking mission to provide robust, high-capacity, low-latency connectivity between the HPCMP’s DoD Supercomputing Resource Centers (DSRCs) and user sites. DREN 4 also supports the DoD research, test and engineering missions.
DoD sites are connected to the DREN 4 backbone at bandwidths ranging from 1 Gigabit per second (Gbps) to 100 Gbps. DREN 4 is fully Internet Protocol version 6 (IPv6) enabled, with support for legacy Internet Protocol version 4 (IPv4). DREN 4 complies with all DoD Security Regulations, and provides secure transport for data between DoD sites connected to the DREN backbone as well as the Internet. DREN 4 also provides secure data transfer with NIPRNet and other Federal and academic research networks at multiple peering locations within the continental United States and Hawaii.
Secret DREN (SDREN) is a virtual private network overlay on the DREN backbone using SDREN Service Delivery Routers (SDR) and NSA Type 1 encryptors with a common key. SDREN sites are connected to DREN at a minimum bandwidth of 1 Gbps.
For more information, please review the DREN Service Agreement, the SDREN Connection Approval Process, and/or contact the DREN Operations Team at dren-ops [at] dren.mil.
Each year, the High Performance Computing Modernization Program (HPCMP) surveys the Department of Defense’s (DoD's) most important high-priority, computationally-intensive projects to identify ones that require unique, dedicated high performance computing (HPC) resources in order to meet mission objectives and milestones. These are generally two- to three-year mission-critical projects that require a small onsite HPC system at a laboratory or test center.
Dedicated High Performance Computing Project Investments (DHPIs) are awarded to technically sound, mission-critical projects that cannot be performed at HPC centers due to special operational requirements (e.g., classification level above secret, real-time response, hardware-in-the-loop, embedded implementations, and/or emerging technologies).
All computational scientists and engineers in DoD research, development, and test and evaluation programs who are eligible to use HPCMP resources under the Program's current guidelines may submit a proposal through their Service or Agency.
The DHPI Program Manager may be contacted:
DoD High Performance Computing Modernization Program Attn: DHPI7701 Telegraph Road, Kingman Building
Alexandria, VA 22315-3864
email: hpc-dhpi [at] hpc.mil