| 1. When connecting the information systems operating at the same classification level (e.g., classified system to classified system, sensitive system to sensitive system), the network/system administrator shall perform the following: |
a. The network administrator shall configure the router properly using the access control list in accordance with DISA router STIGs, NSA router security configuration guide, and organization’s specific router guide so that only authorized services/applications can be transferred from the source to the destination.
b. The system administrator shall configure the system software (e.g., operating system, database, application) securely to restrict access to system information only to authorized personnel in accordance with DISA STIGs, NSA security guides, and organization’s specific guides.
2. When connecting the information systems operating at different classification levels (e.g., Top Secret to Secret, Secret to Unclassified), or when connecting DoD and non-DoD systems/networks, the network/system administrator shall perform the following:
a. Research the type of methods that can be used for cross domain solutions (e.g., gateways, guards) in the system environment
b. Perform an analysis of advantages and disadvantages of individual cross domain solutions based on functions and security features
c. Select the best suitable method and install it in the lab environment
d. Configure the gateway and/or guard securely based on DISA STIGs and vendors security administration guides
e. Test the component for its adequacy and implement it into the system in the operational environment
3. If the system is a part of the Global Information Grid (GIG), the network administrator shall install the NSA-developed Cross Domain Solution package, if available, and configure it properly.