GRT Information Sharing Portal
Home / About Page
    


The goal of this Secure Information Sharing (SIS) service is to provide the regional security community with the ability to readily access to secure information while providing the protection to information owners of knowing that only authorized users can access appropriate data and information.

Today, most organizations use role-based access control (RBAC) functions to manage access to their networks, applications and share information. Unfortunately, as organizations become more inter-connected with their partners, it is costly, time-consuming, and labor-intensive to scale an RBAC-based system to meet the needs of multi-party communities that need to share information in real-time at a granular level (e.g., sharing an individual document or data record) and/or under specific changing conditions.

This SIS service uses attribute-based access control (ABAC) and deals with both the granularity challenge (i.e., sharing specific data) and scalability challenge (i.e., the ability to include a number of different systems, networks, applications and organizations) and also functions in dynamic situations where security and risk factors need to be included in an access decision (sometimes called risk-based access control). Because information owners retain control over access to their information, access is both closely managed and made readily available to those who need. SIS provides a means for the information granting authority (Greenwich Terminals) to determine and specify who gets access and when, in a manner that is more efficient and effective in ensuring security policy compliance.

Secure Information Sharing is enabled by Rule Set Automation, which provides the means for real-time, continuous, and complete updates so that the system (in this case the digital video recording (DVR) system) is compliant with the rules, regulations, internal policies and procedures, industry best practices, contractual and partner requirements that govern how data is to be accessed and shared. The SIS service ties the identity management tools and data access control tools to the rules that regulate its functioning by directly keeping the tools (and their rules) aligned with all the internal and external policy and situation requirements.

Greenwich Terminals offers this capability for the following reasons:

  • Greenwich Terminals’ video systems capture proprietary and sensitive data so, while this information is useful to a variety of people and Greenwich Terminals has a responsibility to share this information, great care has to be taken to determine who has access to what and under which conditions.
  • Enables Greenwich Terminals to comply with information security and compliance policies and regulations, as well as implementation of these policies to regulate how, when and with whom this information is to be shared. These policies are continually evolving, as more information becomes available electronically and the expectations for immediate availability increase.
  • Greenwich Terminals is replacing manual information sharing that is a labor-intensive, time-consuming process for the Greenwich Terminals’ security administrators with a more accurate and timely automated process.
  • To be continually up to date with the latest and most current information sharing policies, laws, rules, and regulations. This solution offers a means to verify our policy compliance and expedite information sharing to improve overall port security.

The SIS service includes rules from the following source documents:

  • Maritime Transportation Security Act (MTSA) 2002 (PL 107-295)
  • The Security and Accountability For Every Port Act of 2006 (SAFE Port Act) (PL 109-347)
  • DoD Instruction 5200.1-R, “Information Security Program” January 14, 1997 (using NIST 800-53 information security controls for Federal Information Security Management Act (FISMA) compliance
  • Defense Transportation Regulations (DTR) 4500.9-R
  • DoD Instruction 5100.76-M, “Physical Security of Sensitive Conventional Arms, Ammunition, and Explosives,” August 12, 2000
  • 28 CFR Part 23
  • 33 CFR Part 105
  • Critical Infrastructure Information Act of 2002 (Public Law 107-296) (CII Act)
  • DHS Customs’ C-TPAT Minimum Security Controls

This service is aligned with C-TPAT/”10+2” requirements for security compliance. Additionally, International Organization for Standardization (ISO) standards to improve supply chain security will be included:

  • ISO/PAS 28001, Specification on Best Practices for Implementing Supply Chain Security;
  • ISO/PAS 28003, Requirements for certification of supply chain security management systems;
  • ISO 27000 (series), Information Security Management System.