At the highest level IPv6 is about enabling connectivity. It's about reaching to the edge of the network and connecting to your people, your equipment, your goods, your services, and every asset through an IP network. By connecting these assets at the edge with each other, pulling data from them and managing that data, we can create new services, advance operations, gain tactical advantage, and construct new operational models. Leveraging these new capabilities is at the core of the IPv6 value proposition, and OMB 5-22 is a catalyst to this core.

IPv6 is poised to change the way systems are developed, the way your mission is conducted, and the way operational requirements are addressed with technology. OMB 5-22 is mandating a foundation for this change, and while each agency has its own mission, their starting points are essentially these same.

Here's a list of 10 steps agencies are now taking on the path to compliance.

1. Defining a Technical and Operational Strategy. How will you complete your mission when all your assets are connected to the network? When every piece of equipment from vehicles, to sensors, to embedded devices is connected, how do you conduct and manage your operation? A Technical and Operational Strategy sets the goal and blueprints the overall strategic direction. It details how to best achieve that direction as well as the operational and technical considerations that need to be evaluated in order to transition not only technology and the use of technology, but also high-level management considerations.  

2. Writing a Procurement Planning Stategy. Advanced networking advantages only come when the devices themselves are network capable, making the strategy that defines and lays out your procurement process a critical first step. In order to become network-centric your agency will be required to set in place a procurement policy that enforces new requirements, sets definitions for measurement and testing, and provides a migration path for your current vendor community to transition to network-centric products.

The objectives of the network-centric definitions in the procurement process are to ensure that exact specifications for quality goods and services are delivered on time to support your mission and achieve the financial benefits, efficiencies and improved operations possible with IPv6.

3. Conducting a Network Assessment. An IPv6 readiness assessment is a scan of all devices on a current network to determine their IPv6 capability and readiness. The assessment captures the current state of the networking and computing environment and then serves as both a starting point and a reference milestone for many of the remaining tasks in the migration. The objective of this task is to use the results of the scan as input to additional migration and transition steps (see 8 thru 10 below), using the data to prioritize component transition.

4. Address Allocation and Management Planning. Address allocation planning must be completed by all agencies under any circumstance. The address and allocation strategy is designed to support your current network topology and future agency growth, and should be consistent with network architecture and security policy developments.

Current government processes create the probability that many agencies will be allocated IPv6 address blocks without any advance detailed planning. This bolsters the case for advanced understanding of addressing requirements, as address planning variables are unique to every operation and particularly important to agencies that are considering the use of ad-hoc operations and mobility as integral parts of their mission.

5. Drafting a Network Architecture. Agencies must create a network architecture plan specific to their operating environment operation. One of the realities of IPv6 is that if network engineers and planners have all of the IP addresses they need (and they will have more than they need!) the resulting network architecture would end up looking very different from the existing network architecture. A network architecture plan would include written documentation and graphical representations with the steps required to support deployment and implementation of the network architecture from the current as is network and operations state to an IPv6-dominant state.

6. IA Threat Assessment & Mitigation Planning. Conducting IA testing specific to the various operational stages within that exist during the IPv4/IPv6 co-existence period is another crucial first step. As transition proceeds from v4 to v6 there are new IA realities that must be identified and mitigated. The IPv6 networking ecosystems including router, switch, IDS, etc. have matured to a point where an IPv6 network can be built to exceed the level of security within an IPv4 network. Nonetheless, when IPv4 and IPv6 networks exist and operate together they present unique security challenges that need to be addressed early in the transition process.

7. Formalizing New IA Policies. Creating an information assurance policy that documents your security strategy and IA policy plan is a key security task. This policy must address security issues during the migration to IPv6 from the current network and operational environment security.

While just as secure as IPv4, IPv6 presents new security issues partially because of enhanced features in mobility and end-to-end connectivity. These features provide a new range of operational opportunities, but also provide a commensurate level of new risk. Your agency must specifically deal with these new security issues even if your agency has no specific IPv6 deployment plans. Whether realized or not, IPv6 capable devices have been procured by agencies over the past several years, and combined with the reality of IPv6 turned-on as the default on many operating systems, means that security risks are present even if you are not building toward an IPv6 operating environment.

8. Planning for IPv6 Migration. Using outputs from previous tasks, agencies can now develop network-level and platform-level technology insert strategy plans, for the near-, mid-, and long-term. The plans should address connectivity, inter-operability and co-existence, and pay specific attention to variables such as end-of-life planning, and costs to extend the useful life of prior systems, applications, equipment and infrastructure.

Included in the migration plan should be a mitigation strategy that outlines remediation plans for non-IPv6-capable devices and/or software discovered during or after the implementation planning activities are completed.

9. Establishing a Platform Transition. Each agency should create a transition plan at the platform level, prioritizing the transition sequence of network systems and basic network services such as DNS, DHCP, and web-services. The agency should establish procedures and plans across multiple platform issues during transition from the current network and operations status to an IPv6-dominant status.

10. Preparing for Application Transition. Agencies should develop an application transition plan for testing and validating IPv6-enablement in three general application categories: 1) Commercial Off-The-Shelf (COTS) software products, 2) internally-modified COTS applications, and 3) internally developed custom applications. Transition plans must include the testing plan and environment, and a suite of tests and re-tests to qualify operational success in a v4-only environment, a dual stack v4 and v6 environment, and a v6-only environment.

To learn more about any of the above step, reach out to a member of our OMB 5-22 compliance team or call us at 866-456-IPv6 [4786].

---

NEXT: Meeting the Mandate - Compliance Offerings