Rule 9: ICT shall be developed using the cross domain solutions approach defined by ISS Des Architecture
Updated 16 October 2023
© Crown copyright 2023
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/joint-service-publication-jsp-604-network-rules/rule-9-ict-shall-be-developed-using-the-cross-domain-solutions-approach-defined-by-iss-des-architecture
The rules are under review and subject to change.
1. Rule requirement
1.1 Cross Domain Solutions
1.1 ICT which is required to exchange information external to the security domain in which it resides shall be developed using the Cross Domain Solutions approach defined by ISS DES Arch.
The Cross Domain ICT Architecture shall be owned by the ISS DES Arch in the case of high-threat connections or, for lower threat connections and at the discretion of ISS DES Arch, approved by that team.
1.2 ICT shall have Cross Domain Security Threat management processes.
2. Rule rationale
MOD information and communication systems (ICS) operate in security domains governed by the maximum protective marking of information, governing security policy and ownership.
Where interoperability across domains is required, security considerations are important and suitable boundary protection services are required. Since the provision of cross domain solutions and associated boundary protection services can be very complex, the approach focuses on the trust granted to connected systems, the threats posed, the information exchange requirements and the importance of engaging key stakeholders early.
Ensuring new solutions do not undermine existing CDS implementations is also key. The detailed process is described in JSP 457.
3. Who to contact
For all queries, email ISSDes-APM@mod.gov.uk
4. Rule requirements: process
1.1 Cross cutting solutions
Initial gate
-
Projects shall engage with the ISS DES Arch to adhere to the Cross Domain Solutions Approach
-
Projects shall have documented in their draft SRD the requirement to comply with the Cross Domain Solutions Approach
Main gate
-
Projects shall maintain engagement with ISS DES Arch and complete Stage 2 of the Cross Domain Solutions Approach
-
Projects shall have documented in their SRD the requirement to comply with the Cross Domain Solutions Approach
PDR
-
Projects shall maintain engagement with ISS DES Arch and complete Stage 3 of the Cross Domain Solutions Approach
-
Projects shall have obtained approval of their intended Cross Domain Architecture from ISS DES Arch
CDR
-
Projects shall maintain engagement with the ISS DES Arch and complete Stage 4 of the Cross Domain Solutions Approach
-
Projects shall have obtained approval of their Cross Domain Architecture from ISS DES Arch
1.2 Cross cutting solutions
Initial gate
- Projects shall have documented within their Through Life Management Plan the need for Cross Domain Security Threat management
Main gate
- Projects shall have documented within their Through Life Management Plan the draft Cross Domain Security Threat management process
PDR
- Projects shall have documented within their Through Life Management Plan the draft Cross Domain Security Threat management process
CDR
- Projects shall have documented within their Through Life Management Plan the draft Cross Domain Security Threat management process
TRRA
- Projects shall have documented within their Through Life Management Plan the Issued Cross Domain Security Threat management process