Trusted Code Initiative (update 2017) - Hosting and Distribution
- Last Updated: Friday, 12 May 2017 18:32
8. Trusted Code Hosting and Distribution Network
Purpose: Establish and maintain a “secured” hosting and cloud-based distribution network to ensure the quality and integrity of all Trusted Code assets.
Objectives: Create a secured repository that hosts all assets designated as Trusted Code and provide a cloud-based distribution network that ensures that all assets are delivered from the repository to the user securely.
Participants: An initial FedRAMP-certified Trusted Code Foundation commercial entity will serve as the core to the hosting and distribution network. Additional commercial vendors are currently collaborating to ensure the solution will be both secured and scalable to meet Government security requirements and enterprise-level distribution bandwidth.
Managed by: Coordination of the activities will be managed by Trusted Code staff. Implementation for each element of the solution will be deployed by commercial Foundation members. Government security, distribution and related requirements will be coordinated with appropriate Government agency representatives.
Outcome/Deliverables: An independent, enterprise-level hosting and distribution network to ensure quality, security and access to Trusted Code resources.
Confidence in the Trusted Code brand for government and commercial adopters.
Readily available Trusted Code resources for Federal, state and local government agencies.
Funding: Funding support for the infrastructure will be provided in part by the membership dues from each Trusted Code Foundation member entities. Additional funding for support will be collected as fees as a service from non-Foundation members.
Time Line: Activity 8 - Trusted (secured) Hosting and Distribution Network (sHDN): all Trusted Code resources to be hosted (or mirrored from provider's secured repository) and access provided through TCF-maintained “secured” repository and distribution network. Hosted Trusted Code resources to be “hashed” internally to maintain integrity of code and product update release.
Estimated completion and launch of publicly accessible is approximately eighteen months. The rapid deployment schedule is due to the fact that all of the infrastructure is currently in place and actively serving government and commercial clients. The cloud-based infrastructure network is FedRAMP certified.