The National Cyber Security Centre (NCSC) has published a set of 13 security principles for cross domain solutions (CDS) – networks for the exchange of information between different domains.
It said they have been developed through a series of pilots with public and private sector bodies and tests by commercial security assurance laboratories.
NCSC’s capability lead for technology analysis, named as Duncan A, said it has produced the principles to help demystify CDS technologies and hopes they will support a greater take-up.
The guidance says that each of the 13 principles describes a protection a CDS should provide against a given type of attack, and that it should be measured against each as part of its assessment for a specific use case.
They cover network protocol attack protection; content based attack protection; protection against unauthorised export of information; session isolation; persistent compromise protection; people and the CDS; management; audit and accounting; authentication; data-in-transit protection; data-at-rest protection; patching; and component integrity.
Enabling sharing
Duncan A said: “Cross domain solutions can enable the secure import and export of information, and the sharing of less trusted services within a trusted domain,” he said. “These can even allow information exchanges to cross domains with varying security levels.
“What we call 'a CDS' will usually be a system of numerous components, handling functions such as malware protection, data verification, audit and monitoring. All the while, taking account needs of those using the CDS to perform business operations.
“The exact make-up of any given system will be determined by the set of functions required and the varying levels of security involved.”
Images from iStock
