What are Cross Domain Solutions?
The U.S. National Institute of Standards and Technology (NIST) defines cross domain solutions (CDS) as: “A form of controlled interface (a boundary with a set of mechanisms that enforces the security policies and controls the flow of information between interconnected information systems) that provides the ability to manually and/or automatically access and/or transfer information between different security domains.”1 A CDS is a device or collection of devices that mediate controlled access or transfer of information across security boundaries, such as what may transpire between two or more networks of different security classifications. For example, CDS provides for a human or a fully automated review of data between Security Domain “X” and Security Domain “Y”, to allow trusted sharing of information across previously physically separated enclaves, domains and systems. A CDS enforces a defined security policy based on the type of data being passed, the direction of data flow, and CDS improves the timeliness of data sharing. The two categories of CDS are:
- Access solutions. Access solutions allow users to get through the information and resources scattered in multiple domains using a single workstation.
- Transfer solutions. Transfer solutions facilitate the movement of information across domains.
The NSA’s National Cross Domain Strategy & Management Office 2019 Raise the Bar Baseline Release identified the following four foundational concepts for CDS2:
- Redundant. Refers to the inability of a single side failure to impact the security controls on the other side of the device.
- Always Invoked. Refers to there being no chance a threat can sneak through under the guise of a trusted file or data stream.
- Independent Implementations. Refers to each function within the transfer and filtering of information being created and implemented independently.
- Non-Bypassable. Refers to ensuring that threats cannot find and exploit backdoors or other circumvention methods within the data stream, device hardware, or physical environment.
CDS may be used for:
- Real-time video and sensor data collection and dissemination
- Cyber-defense and foreign system isolation
- Coalition interoperability for the real-time exchange of Command and Control (C2) and Situational Awareness (SA) information
- Unmanned and manned aerial platform & payload control
- Real-time condition-based maintenance such as health and status monitoring, remote maintenance and diagnostics, and fuel level monitoring
- Situational Awareness
- Mitigating the risks of malware and zero-day exploits while enabling real-time information exchange
1 Adam, 2022, “Cross Domain Solutions Tutorial”
2 SBIR STTR, 2021, “Machine Learning, Tactical Cross-Domain Solution, Cryptography Model”