A cross-domain solution (CDS) is an integrated information assurance system composed of specialized software, and sometimes hardware, that provides a controlled interface to manually or automatically enable and/or restrict the access or transfer of information between two or more security domains based on a predetermined security policy. CDSs are designed to enforce domain separation and typically include some form of content filtering, which is used to designate information that is unauthorized for transfer between security domains or levels of classification, such as between different military divisions, intelligence agencies, or other operations which critically depend on the timely sharing of potentially sensitive information.
Attributes | Values |
---|
rdf:type
| |
rdfs:label
| - Cross-domain solution (en)
|
rdfs:comment
| - A cross-domain solution (CDS) is an integrated information assurance system composed of specialized software, and sometimes hardware, that provides a controlled interface to manually or automatically enable and/or restrict the access or transfer of information between two or more security domains based on a predetermined security policy. CDSs are designed to enforce domain separation and typically include some form of content filtering, which is used to designate information that is unauthorized for transfer between security domains or levels of classification, such as between different military divisions, intelligence agencies, or other operations which critically depend on the timely sharing of potentially sensitive information. (en)
|
dcterms:subject
| |
Wikipage page ID
| |
Wikipage revision ID
| |
Link from a Wikipage to another Wikipage
| |
Link from a Wikipage to an external page
| |
sameAs
| |
dbp:wikiPageUsesTemplate
| |
has abstract
| - A cross-domain solution (CDS) is an integrated information assurance system composed of specialized software, and sometimes hardware, that provides a controlled interface to manually or automatically enable and/or restrict the access or transfer of information between two or more security domains based on a predetermined security policy. CDSs are designed to enforce domain separation and typically include some form of content filtering, which is used to designate information that is unauthorized for transfer between security domains or levels of classification, such as between different military divisions, intelligence agencies, or other operations which critically depend on the timely sharing of potentially sensitive information. The goal of a CDS is to allow a trusted network domain to exchange information with other domains, either one-way or bidirectionally, without introducing the potential for security threats that would normally come with network connectivity. Although the goal is 100% assurance, this is not possible in practice, thus CDS development, assessment, and deployment are based on comprehensive risk management. Due to the sensitive nature of their use, every aspect of an accredited CDS must be rigorously evaluated under what is known as a Lab-Based Security Assessment (LBSA) in order to reduce the potential vulnerabilities and risks to the system itself and those to which it will be deployed. The evaluation and accreditation of CDSs in the United States is primarily under the authority of the National Cross Domain Strategy and Management Office (NCDSMO) within the National Security Agency (NSA). The three primary elements demanded from cross domain solutions are: 1.
* Data confidentiality; most often imposed by hardware-enforced one-way data transfer 2.
* Data integrity: content management using filtering for viruses and malware; content examination utilities; in high-to-low security transfer audited human review 3.
* Data availability: security-hardened operating systems, role-based administration access, redundant hardware, etc. The acceptance criteria for information transfer across domains or cross-domain interoperability is based on the security policy implemented within the solution. This policy may be simple (e.g., antivirus scanning and whitelist [or "allowlist"] check before transfer between peer networks) or complex (e.g., multiple content filters and a human reviewer must examine, redact, and approve a document before release from a high security domain). Unidirectional networks are often used to move information from low security domains to secret enclaves while assuring that information cannot escape. Cross-domain solutions often include a High Assurance Guard. Though cross-domain solutions have, as of 2019, historically been most typical in military, intelligence and law enforcement environments, there is also a use case for cross domain solutions in industry. Many industrial settings have control systems and analytic systems which are, or should be, in different security domains. One example is the flight control and infotainment systems on an airliner. Given the wide variety of use cases in industry, different levels of third party accreditation and certification of aspects of the cross-domain solution will be appropriate for different applications, and can be found among different providers. (en)
|
gold:hypernym
| |
prov:wasDerivedFrom
| |
page length (characters) of wiki page
| |
foaf:isPrimaryTopicOf
| |
is Link from a Wikipage to another Wikipage
of | |
is Wikipage redirect
of | |
is Wikipage disambiguates
of | |
is foaf:primaryTopic
of | |