We at Owl Computing recognize that accreditation processes for Cross Domain Solutions CDS are of prime importance to our customers. In order to help our customers with CDS accreditation processes, we offer a variety of forms of assistance.
Accreditation Processes are Changing
The Unified Cross Domain Management Office (UCDMO), a joint effort by the Intelli-gence and Defense communities (DNI and DoD), was recently formed to manage risks and benefits of various forms of cross-domain connectivity where risks accepted on one network are imposed on the others. To achieve this goal, UCDMO plays active roles in standardizing CDS requirements, specifications, Compliance Testing and Evaluation CT&E, and deployments across all military and intelligence networks. New standards imposed by the UCDMO are poised to supersede existing accreditation processes, but have not yet done so.
At present, security policies for Defense and Intelligence communities are defined by different documents: DoD Instruction 8500.2 for Defense, and DCI Directive 6/3 for DNI. Owl Computing products have been accredited through both paths via customer applica-tions, and are “Approved-to-Operate” ATO’d in numerous DoD and Intel environments.
Under direction from the UCDMO, the emerging joint standard security policies will be reconciled under NIST SP 800.53 Recommended Security Controls for Federal Information Systems, but transition to the NIST document process as a standard reference has not yet occurred -- existing security policy standards are still in force.
U-CDMO Baseline
To date, a small number of Cross Domain Solutions have been approved by the UCDMO for deployment, and are listed in the UCDMO Cross Domain Inventory. One of these “baseline” solutions, the TSABI One-Way Transfer system TSABI-OWT, is based on the DualDiode™ controlled interface from Owl Computing. Other DualDiode Cross Domain Solutions are under review by the UCDMO and likely to be listed in the near fu-ture.
Accreditation of Cross Domain Solutions pre-approved by the UCDMO is considered easy, and an adaptation process exists (though not fully defined) for situations where a pre-approved solution partially satisfies, but does not completely satisfy, customer re-quirements. The UCDMO advises all organizations requiring a CDS solution to work closely with their local or branch Cross Domain Management Offices in order to assure that all requirements are satisfied.
We encourage our customers to contact us concerning their accreditation goals and requirements.
Deployment Trends
Traditional cross-domain solutions have involved standalone point-to-point connections between the networks in question. While such connectivity remains commonplace, trends, driven by a comprehensive risk analysis and mitigation strategy, are evolving to-ward information-sharing architectures that favor enterprise-scale deployments of a small number of standardized cross domain solutions -- under centralized DISA admini-stration. By deploying CDSs as enterprise services, security policies may be rigorously enforced while exploiting economies of scale.
DualDiode products from Owl Computing are engineered to support both the traditional point-to-point approach, and enterprise-scale deployment. The modular simplicity of DualDiode products, their bandwidth capacities, and the range of user data/information types they support, provide integration and scaling flexibility, while maintaining the high-est levels of network security.
Accreditation Process Assistance
We cannot deny that the accreditation process, and the changes it is undergoing, may tax even the most resolute of organizations seeking such approvals. Owl Computing can, however, share its expertise and experience with clients needing assistance in se-lecting best-of-breed cross-domain solutions, and in attaining the requisite accreditation for deployment and use.
Please call or email us so that we may help inform the task, and help achieve the desired end.
