PQC (HHS Roadmap)

(1) Inventory and Testing:

• Obj: Cryptographic Inventory of Active Systems.

  1. Automated Cryptographic Inventory. Azure can perform automated cryptographic inventory.

     • Azure Tools In Order: (5) -- (Ref)

       1. Azure Resource Graph:

          • Function: This tool allows you to query and discover all resources within your Azure subscriptions. It helps in identifying and inventorying cryptographic resources such as keys, certificates, and secrets.

          • Order: First. Start with Azure Resource Graph to get a comprehensive list of all resources.

       2. Azure Policy:

          • Function: Azure Policy helps enforce organizational standards and assess compliance at scale. It can be used to ensure that only approved cryptographic resources are deployed and to monitor for unapproved resources.

          • Order: Second. Use Azure Policy to enforce compliance and monitor the deployment of cryptographic resources.

       3. Azure Security Center:

          • Function: This tool provides unified security management and advanced threat protection across hybrid cloud workloads. It includes features like File Integrity Monitoring and Change Tracking to identify unauthorized changes to cryptographic resources.

          • Order: Third. Utilize Azure Security Center to monitor and protect cryptographic resources.

       4. Azure Key Vault:

          • Function: Azure Key Vault is a cloud service for securely storing and accessing secrets, keys, and certificates. It simplifies the management of cryptographic keys and secrets used by cloud applications and services.

          • Order: Fourth. Use Azure Key Vault to secure, store, and manage cryptographic keys and secrets.

       5. Azure Sentinel (SIEM):

          • Function: Azure Sentinel is a scalable, cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution. It can be used to detect, investigate, and respond to threats, including those related to cryptographic resources.

          • Order: Fifth. Implement Azure Sentinel for advanced threat detection and response capabilities.

HHS PQC Roadmap (AV-1) -- Aligned with 4 AuthS.

• BLUF: This DoDAF  "All Viewpoint" (AV-1: Summary and Overview) artifact is an Excel worksheet with the following columns based on the roadmap and aligned with 4 AuthS. ~ Comprehensive Scope: AV-1 is designed to capture the big picture of a project, including vision, mission, goals, objectives, in addition to plans, activities/shall statements, rationale, dependencies, and critical paths. ~ Rationale: Other models like CV-2 (Capability Taxonomy) or PV-2 (Project Timelines) capture some of this information, they are more focused on specific aspects and might not offer the comprehensive view you need. ~ In conclusion, the AV-1 Viewpoint offers the best fit for creating your project management worksheet in Excel because of its broad scope, flexibility, and ease of data representation.

• 4 AuthS are: (4) 

  1. M-23-02:

  2. M-24-14:

  3. ZTMM v2:

  4. OMB Inventory Worksheet:

• Location of AV-1: See Desktop -- D:\J-FOLDER\WORK STUFF\GUNNISON & CDW-G -- (2)\(1) Gunnison\-- HHS\-- PROJECTS\PQC\PQC ROADMAP . . .

• Columns in the AV-1: (7)

  1.  Goals -- 

  2. Milestones --

  3. Objectives --

  4. Activities (aka Shall Statements) -- 

  5. Rationale -- 

  6. Dependencies -- 

  7. Critical Paths -- 

• Questions to AI: Bard:

  1. How to get Activities and Rationale. Ask AI this (Not Aligned w/ M-24-14): "Provide me with 3 to 5 activities and rationale based on goal #1, <put Goal #1 Title here>, and objective 1.1, <put Objective 1.1 here>." 

     • -- Output: General Activities and Rationale.

  2.  How to align G&O w/ M-24-14. Ask AI this (Aligned w/ M-24-14): "My Goal is <put Goal Title Here>, and my Objective is <put Objective Title Her>. Based on this information, what are my Activities and Rationale and align it with M-24-14 here: https://www.whitehouse.gov/wp-content/uploads/2024/07/FY26-Cybersecurity-Priorities-Memo_Signed.pdf"

     • -- Output: Activities and Rationale will align with M-24-14.