Powered by:
Cross Domain Solutions.
Cross domain solutions (CDS) are software and hardware systems designed to protect the access and exchange of information between two or more networks or domains.
CDS act as secure bridges, enabling the access or transfer of information between domains each governed by their own unique, native security infrastructures. CDS minimize the risk of exposure of sensitive and classified information that must pass between domains of varying security levels.
Cross domain solutions also have the ability to enable data access and transfer between trusted and untrusted domains.
The controlled information sharing allowed by CDS supports multi-level collaboration between military, intelligence, and government entities. Corporations that rely on multiple security domains as part of their information technology (IT) infrastructure also often utilize CDS.
The Committee on National Security Systems (CNSS) defines CDS as “a form of controlled interface that provides the ability to manually and/or automatically access and/or transfer information between different security domains.”
CDS are sometimes also referred to as high-speed guard solutions.
Why are cross domain solutions important?
While CDS were initially developed to secure data sharing within and between the networks of the U.S. government, Intelligence Community (IC), and defense branches, they have since become vital to the functioning of critical infrastructure, law enforcement, and many commercial applications.
As the modern world's need for multi-level information availability and usefulness continues to grow, so too does the need for security against the ever-evolving threat of cyber attack. It’s been estimated that the average organization has over three hundred 3rd-party or external direct connections to their network. For organizations in high-risk environments, security measures such as firewalls or intrusion detection systems (IDS) are no longer sufficient.
CDS’ allowance of information sharing across international, government, agency, and classification boundaries is essential in allowing the U.S. government to fulfill its mission objectives. With operational environments increasingly dependent on the exchange of information hosted across multiple domains, CDS systems have become critical components of our national security infrastructure.
What are the fundamentals of cross domain solutions?
The development of CDS is managed and monitored by the NSA’s National Cross Domain Strategy & Management Office (NCDSMO). The office’s functions include the oversight of cross domain activities across the U.S. Government, guidance for future development of cross domain technologies, oversight of the cross domain solutions testing program, and establishment and administration of security requirements for cross domain solutions used by the U.S. Government and Foreign Military Sales Program.
With its 2019 Raise the Bar Baseline Release, the NCDSMO identified four foundational concepts for a CDS - Redundant, Always Invoked, Independent Implementations, and Non-Bypassable (RAIN).
Redundant, or redundancy, refers to the inability of a single side failure to impact the security controls on the other side of the device.
Always Invoked, or always invoking security, means there is no chance a threat can sneak through under the guise of a trusted file or data stream.
Independent Implementations mean that each function within the transfer and filtering of information is created and implemented independently.
Non-Bypassable ensures that threats can not find and exploit backdoors or other circumvention methods within the data stream, device hardware, or physical environment.
Additionally, the three critical aspects of cross domain solution security are:
- Data Confidentiality - The assurance that sensitive information will not be disclosed to unauthorized and malicious processes, users, and devices.
- Data Integrity - The assurance that information is safeguarded against non-legitimate alteration or destruction.
- Data Availability - The assurance that authorized users will be able to reliably access data and information services in a timely manner.
What are the different types of cross domain solutions?
Cross domain solutions can generally be classified into two different categories - access solutions and transfer solutions.
Access solutions describe, “a user’s ability to view and manipulate information from domains of differing security levels and caveats.” These solutions enable users to access information across multiple domains from a single workstation.
While transfer solutions provide the ability to move (or transfer) information between different security domains. Within this category there are diodes, which are one-way transfers, and bi-directional Guards, which can support transfers between multiple (3+) domains.
What are the benefits of cross domain solutions?
-
Accessibility
Immediate, secure accessibility to vital information from anywhere with an internet connection. Information can be shared quickly and resiliently between multiple parties and networks.
-
Security
Security is most often the paramount design focus of a cross domain solution. Both the U.S. Government and the CDS community itself have established stringent and challenging standards to ensure that no matter the demands on a solution, security will not be compromised.
Outside of the United States, agencies like England's National Cyber Security Centre are working to establish their own national CDS standards.
-
Consolidation of Systems
Open up valuable space with a single, all-in-one system capable of providing optimized access to multiple systems. What once required a complicated assembly of multiple security and network components can now be replaced with a single desktop system.
-
Cost Savings
Streamlined and optimized processes offered by CDS save valuable time and money. Reliable security means data processes happen faster and without encumbrance.
Established security standards and certifications offer faster CDS implementation by satisfying and avoiding often lengthy and expensive security review processes.
How are cross domain solutions regulated or certified?
Cross domain solutions must meet the NCDSMO’s Raise the Bar cyber security guidelines to be considered for national security use.
Because the majority of data handled by CDS is of highly-sensitive or classified nature, CDS accreditation requires the rigorous evaluation of a Lab-Based Security Assessment (LBSA) performed under the supervision of the NCDSMO.
Because of the sensitive nature of their use, every aspect of an accredited CDS must be rigorously evaluated under a Lab-Based Security Assessment (LBSA) performed under the supervision and authority of the NCDSMO. The goal of this evaluation is to reduce potential vulnerabilities and risks to both the systems and users.
Once a device has passed the assessment, it becomes eligible for a baseline list of solutions certified for use by U.S. defense and intelligence agencies.
Archon's "Gateway" to CSfC Cross Domain Solutions
Paired with Archon end-user devices, Archon’s Gateway suite offers CSfC-ready, secure infrastructures with near-anywhere access.
Archon's data centers take the complexity out of DCI design with out-of-the-box, CSfC-compliant environments.
Pre-built, scalable, CSfC solutions ready for deployment alongside your cross domain solutions offer a leg up on meeting challenging Raise the Bar requirements.
Archon Gateway solutions feature racks of pre-selected, NSA-validated gear equipped to optimize computing, storage, and networking, alongside red and black firewalls. Easy-to-follow documentation and guidance will assure your domain deployment is and remains successful.
Find out more of what Archon can offer as a trusted partner in your cross domain development and deployment journey...