Secure Multi-Directional Data Transfer Trusted Gateway System ™ User-friendly web interface minimizes the need for training and support. Transfers files through data push or email. Included in the UCDMO Baseline. Quick Release feature simplifies file or text transfers and can be used as a secure chat mechanism when permitted by site security policy. Ability to create templates containing frequently used data allowing users to create jobs with a single click. Support for multi-channel, multi- directional transfers with one system. Simple workflow guides users through each transfer, enforcing Reliable (two- person) Human Review. Support for username/password and public key infrastructure (PKI) authentication mechanisms. Cross Domain Transfer for Secure Information Sharing e9/11Commissionidentifiedthatinformationsharingbetweeninternational,federal,state, local,tribal,andprivatesectorentitiesisarecognizedandlegislatedneedinthefightagainst terrorism.eIntelligenceCommunitycontinuesitsworktoenablesecurecross-agency collaboration.eterm“needtoknow”hasbeenreplacedwith“needtoshare”or“responsibility toprovide.”Secureinformationexchange,collaboration,anddatasharingaregoalswemustreach toprotectnationalsecurity,buttheyhavenotbeeneasytoachieve. Toprotectourcitizensandnationalassets,governmentagenciesarerequiredtoaccesscritical datastoredonseparatenetworksmanagedandmaintainedbydisparateagencies.Frequently, informationstoredonahigh-sidenetworkneedstobetransferredtoalow-sidenetworkforuse byanotheragencyororganization.issensitivedatamaybeasingledocument,orlargedata setswithimagery,maps,multipledocuments,anddatabasesthatmustbemovedquicklyand securelytopreventvirusesandnetworkintrusions.Criticaldatamustbetransferredbetweenand acrossnetworkstotherightpeopleattherighttime,keepingitsecureandprotectingagainstthe unintendedreleaseofsensitiveinformationintothewronghands. Bydeployingacrossdomaininformationtransfersystemtoenforcerole-basedaccess,workflow tasks,andsecurefilemanagementandcontrols,agenciesandorganizationscanefficientlyensure thequickandsecuresharingofinformation. Trusted Gateway System TrustedGatewaySystem™(TGS)isanaccreditedCommercial-Off-e-Shelf(COTS)soſtware solutionthatprovidesexceptionalbuilt-inmanualreviewandautomaticvalidations,suchasvirus scanning,dirtywordsearch,anddeepcontentinspection,enablingsafeandsimultaneousdata movementbetweennetworksatdifferentsensitivitylevels.BecauseTGScanmovedatabetween multiplenetworkssimultaneously,itisalsoknownasa“multi-directionalguard.” TGScanbeoperatedinasingleserverconfigurationthatprovidesthephysicalconnectionsto multipleclassifiednetworks,maintainingnetworkseparationandenforcingcustomer-configured transferpolicies.eserver,orguard,runsonRedHat®EnterpriseLinux®64-bitsystemswith SecurityEnhancedLinux(SELinux)componentsprovidingstringentsecuritycontrols(Figure1). Features and Benefits:
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Secure Multi-Directional Data Transfer
Trusted Gateway System™
�� User-friendly web interface minimizes the need for training and support.
�� Transfers files through data push or email.
�� Included in the UCDMO Baseline.
�� Quick Release feature simplifies file or text transfers and can be used as a secure chat mechanism when permitted by site security policy.
�� Ability to create templates containing frequently used data allowing users to create jobs with a single click.
�� Support for multi-channel, multi-directional transfers with one system.
�� Simple workflow guides users through each transfer, enforcing Reliable (two-person) Human Review.
�� Support for username/password and public key infrastructure (PKI) authentication mechanisms.
Cross Domain Transfer for Secure Information Sharing The�9/11�Commission�identified�that�information�sharing�between�international,�federal,�state,�local,�tribal,�and�private�sector�entities�is�a�recognized�and�legislated�need�in�the�fight�against�terrorism.�The�Intelligence�Community�continues�its�work�to�enable�secure�cross-agency�collaboration.�The�term�“need�to�know”�has�been�replaced�with�“need�to�share”�or�“responsibility�to�provide.”�Secure�information�exchange,�collaboration,�and�data�sharing�are�goals�we�must�reach�to�protect�national�security,�but�they�have�not�been�easy�to�achieve.
Trusted Gateway System Trusted�Gateway�System™�(TGS)�is�an�accredited�Commercial-Off-The-Shelf�(COTS)�software�solution�that�provides�exceptional�built-in�manual�review�and�automatic�validations,�such�as�virus�scanning,�dirty�word�search,�and�deep�content�inspection,�enabling�safe�and�simultaneous�data�movement�between�networks�at�different�sensitivity�levels.�Because�TGS�can�move�data�between�multiple�networks�simultaneously,�it�is�also�known�as�a�“multi-directional�guard.”�
File Transfer Security ControlsRegardless�of�how�the�transfer�request�is�initiated,�TGS�manages�the�process�to�ensure�approved�fi�le�movement�between�secure�networks�and�across�classifi�cation�levels�following�site�security�policies.�By�default,�all�fi�les�are�required�to�pass�two�controls�prior�to�movement,�virus�scanning�and�fi�le�typing.�Dirty�word�search,�content�inspection,�and�manual�fi�le�review�can�be�confi�gured�to�meet�specifi�c�requirements.�
Dirty Word Search TGS�checks�files�for�sensitive�or�“dirty”�words�that�should�not�be�released�to�other�networks.�This�control�also�allows�the�designation�of�“clean”�words,�which�are�common�words�that�contain�dirty�words.�For�example,�the�word�“secretary”�contains�the�embedded�word�“secret”�but�it�is�considered�a�false�positive�and�can�be�ignored.�System�administrators�can�create�and�customize�a�master�list�of�dirty�and�clean�words,�as�well�as�lists�that�are�used�with�specific�source�and�destination�network�pairs.�Once�these�lists�and�transfer�pair�rules�are�configured,�each�file�uploaded�to�TGS�is�searched�against�the�list�for�matches.�
User Access Administration Controls User�access�and�authorization�controls�(username,�password,�Public�Key�Infrastructure�(PKI)�X.509�digital�certificates,�clearance�level,�and�group�management)�are�configured�and�managed�within�the�server�or�tied�into�a�pre-existing�Microsoft�Active�Directory®�server�or�Lightweight�Directory�Access�Protocol�(LDAP)�directory�server�on�the�high-side�network.�Utilizing�a�pre-existing�LDAP�or�Active�Directory�server�eliminates�the�need�to�manage�user�accounts�on�the�server,�thus�reducing�the�administrative�overhead.�
Customizable Group AuthorizationsSystem�administrators�can�create�groups�of�users�with�authorizations�to�specific�destinations.�A�Producer�group�is�authorized�to�submit�transfers�to�one�or�more�destinations.�A�Releaser�group�is�authorized�to�release�transfers�to�one�or�more�destinations.�Producer�groups�are�assigned�to�one�or�more�Releaser�groups.�When�creating�a�job,�a�Producer�can�only�select�Releasers�from�an�associated�group.�The�local�TGS�database�or�remote�LDAP�server�manages�the�group�assignment.
Administration and ManagementTGS�administration�and�management�is�performed�by�a�system�administrator,�with�the�appropriate�permissions�from�the�server�or�remotely�through�the�Remote�Access�Console�(RAC).
Certifi cation and Accreditation (C&A)TGS�is�engineered�to�satisfy�cross�domain�security�requirements�for�the�Top�Secret/SCI�and�Below�Interoperability�(TSABI)�and�Secret�and�Below�Interoperability�(SABI)�C&A�processes.�RTCS�cross�domain�products�are�installed�and�accredited�in�operational�systems�around�the�world.��