| Previous | TOC | Next |
Security Services or Information Security (INFOSEC) identifies the standards to be used to minimize the risk associated with sharing and disseminating information. The goal of providing a seamless flow of information requires standard interoperable security services.
Security Services are cross area services that affect all areas of the JASA Reference Model (JRM). Several areas of security services are addressed by the JTA, such as access controls, authentication, and auditing, etc. Three security services of critical interest to the airborne SIGINT community that are not sufficiently covered in the JTA are:
The objective of Multi-level Trust is to share information and resources with networks that have different levels of trust. Pieces of a framework that would enable this sharing include guards, firewalls, and trusted object request brokers. Encrypted Storage (also referred to as Media Encryption) permits users to encrypt classified data before storage. Encrypting the data written to disk protects the information and can minimize the need for special handling. Data Link Encryption provides secure transfer of data between the platform and the ground station.
|
|
JASA systems must use guards and firewalls to ensure a logical boundary between trusted and less trusted environments. At this time, a specific class of firewalls is not mandated; however, subsequent versions of the JSH will mandate specific classes of firewalls (i.e., proxy firewall or unidirectional guard) to mitigate the risks associated with interoperable data sharing in a Multi-level Trust environment. (See Annex 5)
JASA systems shall implement embedded-hardware media encryption, because embedded-hardware encryption provides higher levels of assurance than software encryption approaches. SCSI based media encryption is the only available hardware implementation at this time.
All future JASA wideband data links shall use the following:
|
|
1 It is expected that future versions of the JSH will endorse the use of software media encryption approaches; however, at this time software assurance processes are too immature for general use.
2 See caveats in Annex 5, Section 5
| Previous | TOC | Next |