Australian Cybersecurity Center Releases Guide on Cross Domain Solutions

The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining the fundamentals of cross domain solution (CDS) technologies.

The guidance provides cross domain security principles to enable organizations to share information securely across separated networks. The guidance introduces technical and non-technical audiences to cross domain security principles for securely connecting security domains. It explains the purpose of a CDS and promotes a data-centric approach to a CDS system implementation based on architectural principles and risk management.

It also covers a broad range of fundamental concepts relating to a CDS, which should be accessible to readers who have some familiarity with the field of cyber security. Organizations with complex information sharing requirements are encouraged to refer to this guidance in the planning, analysis, design and implementation of CDS systems.

The guidance is also intended to support cybersecurity guidance contained within the Australian Government Information Security Manual (ISM).

According to the guidance, high level cross domain security considerations include:

determining the most critical security properties and security functionality for a CDS and connected systems, prior to commencing design or acquisition
understanding the risks inherent to the data that will be transferred, and ensuring security policy enforcement meets these risks
recognizing that security functionality may exist in a single appliance or be distributed across multiple components in a CDS or adjacent systems
ensuring design and implementation assurance requirements, including physical and personnel controls, are proportionate to the criticality of the system
tailoring a CDS to address the unique security and business environment
blocking all data flows by default and only allowing known good data to pass based on predefined rules
considering each layer of the Open System Interconnect (OSI) model of networking (as well as the human factor).

To learn more, visit the ASCS website.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.