Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Cross-domain solution
open-in-new
<h2 id="types">Types</h2> <p>There are three types of cross-domain solutions (CDS). <a class="footnote-ref" id="fnref:10" href="#fn:10"><sup>10</sup></a> These types are broken down into Access, Transfer, and Multi-level solutions (MLS) and all must be included in the cross-domain baseline list before Department of Defense-specific site implementations.<a class="footnote-ref" id="fnref:11" href="#fn:11"><sup>11</sup></a> Access Solution "An access solution describes a user’s ability to view and manipulate information from domains of differing security levels and caveats. In theory, the ideal solution respects separation requirements between domains by preventing overlapping data between domains, which ensures data of different classifications cannot ‘leak’ (i.e. data spill) between networks at any host layer of the OSI/TCP model. In practice, however, data spills are an ever-present concern that system designers attempt to mitigate within acceptable risk levels. For this reason, data transfer is addressed as a separate CDS".<a class="footnote-ref" id="fnref:12" href="#fn:12"><sup>12</sup></a> Transfer Solution offers the ability to move information between security domains that are of different classification level or different caveat of the same classification level. Multi-level Solutions "Access and transfer solutions rely on multiple security levels (MSL) approaches that maintain the separation of domains; this architecture is considered multiple single levels. A multi-level solution (MLS) differs from MSL architecture by storing all data in a single domain. The solution uses trusted labeling and integrated Mandatory Access Control (MAC) schema as a basis to mediate data flow and access according to user credentials and clearance to authenticate read and write privileges. In this manner, an MLS is considered an all-in-one CDS, encompassing both access and data transfer capabilities."<a class="footnote-ref" id="fnref:13" href="#fn:13"><sup>13</sup></a> </p> <h2 id="unintended-consequences">Unintended consequences</h2> <p>In previous decades, <a href="/facts/Multilevel_security/yyCAmDEP">multilevel security</a> (MLS) technologies were developed. These enforced <a href="/facts/Mandatory_access_control/yvtGFacq">mandatory access control</a> (MAC) with near certainty. <a href="/facts/Automated_information_system/d1c2D891">Automated information systems</a> sometimes share information contrary to the need to avoid sharing secrets with adversaries. When the ‘balance’ is decided at the discretion of users, the access control is called <a href="/facts/Discretionary_access_control/MTQRM7nr">discretionary access control</a> (DAC), that is more tolerant of actions that manage risk where MAC requires risk avoidance. </p><p>These documents provide standards guidance on risk management: </p> <ol><li><a href="http://csrc.nist.gov/publications/PubsSPs.html">"Recommended Security Controls for Federal Information Systems & Organizations"</a>. <i>Computer Security Division - Computer Security Resource Center</i>. National Institute of Standards and Technology (NIST). 2011-11-16., SP 800-53 Rev3</li> <li><a href="http://www.cnss.gov/Assets/pdf/Final_CNSSI_1253.pdf">"Security Categorization and Control Selection for National Security Systems"</a> (PDF). <i>The Committee on National Security Systems (CNSS)</i>., Instruction No. 1253</li></ol> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>"Cross Domain Enterprise Service (CDES)". Information Assurance Support Environment. Defense Information Systems Agency (DISA). 2011-11-16. Archived from the original on 2008-03-26. Retrieved 2012-01-16. <a href="https://web.archive.org/web/20080326230421/http://iase.disa.mil/cds/" target="_blank">https://web.archive.org/web/20080326230421/http://iase.disa.mil/cds/</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>"Learn About Cross Domain Solutions". Owl Cyber Defense. Aug 25, 2020. Archived from the original on 2020-09-21. <a href="https://owlcyberdefense.com/learn-about-cross-domain-solutions/" target="_blank">https://owlcyberdefense.com/learn-about-cross-domain-solutions/</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>"Cloud Computing Strategy" (PDF). DTIC.MIL. Archived (PDF) from the original on August 16, 2016. <a href="http://apps.dtic.mil/dtic/tr/fulltext/u2/a563989.pdf" target="_blank">http://apps.dtic.mil/dtic/tr/fulltext/u2/a563989.pdf</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>Aristotle, Jacob (April 2012). Cross-Domain Solution. Secut Press. ISBN 978-613-6-31800-4. <a href="978-613-6-31800-4" target="_blank">978-613-6-31800-4</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>Slater, T. "Cross-Domain Interoperability"[usurped], Network Centric Operations Industry Consortium - NCOIC[usurped], 2013 <a href="https://web.archive.org/web/20140714155934/http://www.ncoic.org/cross-domain-interoperability/" target="_blank">https://web.archive.org/web/20140714155934/http://www.ncoic.org/cross-domain-interoperability/</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>"Cross Domain Solutions - Ensuring Complete Data Security". <a href="http://www.crossdomainsolutions.com" target="_blank">http://www.crossdomainsolutions.com</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>"Nexor Data Diode". Nexor. Retrieved 3 June 2013. <a href="http://www.nexor.com/data-diodes" target="_blank">http://www.nexor.com/data-diodes</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> <li id="fn:8"><p>"Dual Data Diode Information Transfer Products". Owl Cyber Defense, LLC. Retrieved 2019-08-20. <a href="http://www.owlcyberdefense.com" target="_blank">http://www.owlcyberdefense.com</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></p></li> <li id="fn:9"><p>"Can an Airplane Get Hacked? (Probably.)". Interset. 2017-01-04. Retrieved 2019-03-07. <a href="https://interset.com/2017/01/04/can-airplane-get-hacked-probably/" target="_blank">https://interset.com/2017/01/04/can-airplane-get-hacked-probably/</a> <a href="#fnref:9" class="footnote-back-ref">↩</a></p></li> <li id="fn:10"><p>"Department of Defense Instruction (DoDI) 854001p" (PDF). esd.whs.mil. Retrieved 28 January 2024.{{cite web}}: CS1 maint: url-status (link) <a href="https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/854001p.pdf" target="_blank">https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/854001p.pdf</a> <a href="#fnref:10" class="footnote-back-ref">↩</a></p></li> <li id="fn:11"><p>"CNSSI-4009" (PDF). RMF.org. Archived (PDF) from the original on 2020-02-28. Retrieved 28 February 2020. <a href="https://rmf.org/wp-content/uploads/2017/10/CNSSI-4009.pdf" target="_blank">https://rmf.org/wp-content/uploads/2017/10/CNSSI-4009.pdf</a> <a href="#fnref:11" class="footnote-back-ref">↩</a></p></li> <li id="fn:12"><p>Smith, Scott (28 February 2020). "Shedding Light on Cross Domain Solutions". SANS Institute Information Security Reading Room. Archived from the original on 2020-02-28. Retrieved 28 February 2020. <a href="https://www.sans.org/reading-room/whitepapers/dlp/shedding-light-cross-domain-solutions-36492" target="_blank">https://www.sans.org/reading-room/whitepapers/dlp/shedding-light-cross-domain-solutions-36492</a> <a href="#fnref:12" class="footnote-back-ref">↩</a></p></li> <li id="fn:13"><p>Smith, Scott (28 February 2020). "Shedding Light on Cross Domain Solutions". SANS Institute Information Security Reading Room. Archived from the original on 2020-02-28. Retrieved 28 February 2020. <a href="https://www.sans.org/reading-room/whitepapers/dlp/shedding-light-cross-domain-solutions-36492" target="_blank">https://www.sans.org/reading-room/whitepapers/dlp/shedding-light-cross-domain-solutions-36492</a> <a href="#fnref:13" class="footnote-back-ref">↩</a></p></li> </ol>