Overview
Organisations have been wrestling with these requirements for years, either implementing software-based solutions based on simple one-way diodes, or keeping the systems and networks entirely separate, while relying on laborious business processes and role-based controls on the networks to protect their data.
However, organisations such as the UK’s National Cyber Security Centre (NCSC), the US National Cross Domain Strategy & Management Office (NCDSMO) and the Australian Australian Cyber Security Centre (ACSC) have been working in this space for a long time. These organisations have published guidance on best practice in Cross Domain Solutions (CDS) design and deployments - allowing high-quality, automated, secure systems to be built which facilitate sharing at a low overhead and with no compromise in security.
Classic Data Diodes
The BAE Systems XTS® Diode portfolio offers a range of products to meet a wide variety of mission requirements. Our diode products enforce one-way data flow control in a range of form factors to enable maximum deployment flexibility.
The BAE Systems XTS® Diode Software consists of a suite of modular applications, enabling automatic and reliable one-way transfer of a comprehensive range of data types such as streaming video, audio and sensor data, emails, office productivity documents, software and operating system updates. Data transformation, filtering and sanitisation is also available including content analysis, virus scanning and metadata checks before then applying automatic data routing capabilities such as quarantine or release.
Diode Software
The Data Pump applications work harmoniously with the Data Diode to securely share common data formats and specialised information, allowing connectivity without compromise in the fast paced digital world:
-
File Transfer provides secure file and document transfer – from large datasets to small, transactional data.
-
Email Transfer provides the secure transfer of one of the most pervasive messaging formats in use.
-
Data Forwarding provides secure transfer of internet protocol traffic (i.e. packets and data streams).
-
Log aggregation provides an all-in-one appliance to consolidation logs from multiple domains for Defensive Cyber Operations.
High Availability Library
The High Availability Library (HAL) product minimises the risks of network link failure ensuring software works with the Data Diode to access authorised information at the right time, all of the time.
Datagate Orchestrator
Datagate Orchestrator (DO) integrates and manages content filtering technology, protecting the integrity of information and networks against threats. We offer a secure, single solution to centrally manage content filters. It supports many common anti-virus software packages and also custom built, specialised analytics. It can be run as a gateway between the enterprise and other networks, or integrated as part of a CDS.
XTS® Guard
XTS® Guard 7 is a high assurance Cross Domain Solution (CDS) that enables secure sharing between networks of various security classifications and enclaves. With hundreds of deployments, XTS Guard has a long track record of securing sensitive data for the DoD, IC, Coalition Partners, and foreign militaries worldwide.
Our latest generation of XTS Guard is Raise the Bar-compliant. It provides Secure File Transfer (SFTP), Simple Mail Transfer Protocol (SMTP), Data Synch Guard protocol (DSG), User Datagram Protocol (UDP), Transmission Control Protocol (TCP) and Hyper Text Transfer Protocol (HTTP/s). It provides a variety of available protocols for fixed format, complex, streaming and unstructured data types.
XTS Guard 7 provides all of the functionality of legacy solutions, but with many improvements:
- Meets all NSA and NCDSMO Raise-The-Bar (RTB) cyber security requirements
- Variable size, weight and power (SWaP), enterprise, and singular multi-domain chassis available
- Redundant native filters for anti-virus and XML for fixed format, complex, and unstructured data types.
- New architecture that supports multi-enclave and multi-compartment controlled information sharing
- Simple application program interface developed to enable numerous content filters