Cross-domain Solution

A cross-domain solution (CDS) is a means of information assurance that provides the ability to manually or automatically access or transfer between two or more differing security domains. They are integrated systems of hardware and software that enable transfer of information among incompatible security domains or levels of classification. Modern military, intelligence, and law enforcement operations critically depend on timely sharing of information. CDS is distinct from the more rigorous approaches, because it supports transfer that would otherwise be precluded by established models of computer, network, and data security, e.g., Bell–LaPadula model and Clark–Wilson model. CDS development, assessment, and deployment are based on risk management.

The three primary elements demanded from cross domain solutions are:

1. Data confidentiality; most often imposed by hardware-enforced one-way data transfer
2. Data integrity: content management using filtering for viruses and malware; content examination utilities; in high-to-low security transfer audited human review
3. Data availability: security-hardened operating systems, role-based administration access, redundant hardware, etc.

The acceptance criteria for information transfer across domains may be simple (e.g. antivirus scanning before transfer from low to high security domains) or complex (e.g. multiple human reviewers must examine and approve a document before release from a high security domain). One-way data transfer systems (one-way traffic systems, data diodes), are often used to move information from low security domains to secret enclaves while assuring that information cannot escape.