The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining the fundamentals of cross domain solution (CDS) technologies.
The guidance provides cross domain security principles to enable organizations to share information securely across separated networks. The guidance introduces technical and non-technical audiences to cross domain security principles for securely connecting security domains. It explains the purpose of a CDS and promotes a data-centric approach to a CDS system implementation based on architectural principles and risk management.
It also covers a broad range of fundamental concepts relating to a CDS, which should be accessible to readers who have some familiarity with the field of cyber security. Organizations with complex information sharing requirements are encouraged to refer to this guidance in the planning, analysis, design and implementation of CDS systems.
The guidance is also intended to support cybersecurity guidance contained within the Australian Government Information Security Manual (ISM).
According to the guidance, high level cross domain security considerations include:
- determining the most critical security properties and security functionality for a CDS and connected systems, prior to commencing design or acquisition
- understanding the risks inherent to the data that will be transferred, and ensuring security policy enforcement meets these risks
- recognizing that security functionality may exist in a single appliance or be distributed across multiple components in a CDS or adjacent systems
- ensuring design and implementation assurance requirements, including physical and personnel controls, are proportionate to the criticality of the system
- tailoring a CDS to address the unique security and business environment
- blocking all data flows by default and only allowing known good data to pass based on predefined rules
- considering each layer of the Open System Interconnect (OSI) model of networking (as well as the human factor).
To learn more, visit the ASCS website.