Skip to the content

NCSC publishes principles for cross domain security

22/01/21

Mark Say Managing Editor

Get UKAuthority News

Share

The National Cyber Security Centre (NCSC) has published a set of 13 security principles for cross domain solutions (CDS) – networks for the exchange of information between different domains.

It said they have been developed through a series of pilots with public and private sector bodies and tests by commercial security assurance laboratories.

NCSC’s capability lead for technology analysis, named as Duncan A, said it has produced the principles to help demystify CDS technologies and hopes they will support a greater take-up.

The guidance says that each of the 13 principles describes a protection a CDS should provide against a given type of attack, and that it should be measured against each as part of its assessment for a specific use case.

They cover network protocol attack protection; content based attack protection; protection against unauthorised export of information; session isolation; persistent compromise protection; people and the CDS; management; audit and accounting; authentication; data-in-transit protection; data-at-rest protection; patching; and component integrity.

Enabling sharing

Duncan A said: “Cross domain solutions can enable the secure import and export of information, and the sharing of less trusted services within a trusted domain,” he said. “These can even allow information exchanges to cross domains with varying security levels.

“What we call 'a CDS' will usually be a system of numerous components, handling functions such as malware protection, data verification, audit and monitoring. All the while, taking account needs of those using the CDS to perform business operations.

“The exact make-up of any given system will be determined by the set of functions required and the varying levels of security involved.”

Images from iStock

Register For Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.