SafeNet's UCDMO Baseline-validated Cross Domain Solution is now available for reuse throughout DoD and IC. View the video on how SafeNet's Cross Domain Solution, the MDeX System, can help you securely manage the transfer of voice, video and data across multi-level security domains.
SafeNet’s MDeX System, an assured information sharing and cross domain solution, provides a reliable, secure, and configurable means of transferring information between domains for all Intelligence Community, Department of Defense, and other sensitive operations.
The MDeX System provides consistent Multi-Level Security (MLS) services regardless of interface protocols and data content filtering needs. It establishes a stable and verifiable framework in which business and mission managers can implement concurrent yet controlled information flows with various communities of interest and security domains. The system addresses business and mission information sharing needs by providing secure ingest, distribution, dissemination, and delivery of sensitive information.
The MDeX System architecture is comprised of three parts:
- MDeX Transfer System (MTS) : Security core appliance that orchestrates the flow and filtering of information according to customer policies and rule sets
- Security Domain Intermediary (SDI) : Protocol and queuing edge interface between domain applications and MTS
- Remote Management Station (RMS) : Enterprise management appliance for policy and security management, command and control, and monitoring
Unlike traditional stove-piped solutions, the MDeX System can satisfy current requirements while providing the capacity to solve other transfer requirements as mission and organization authorities identify them.
Plug and Play Architecture
- Modular Design
- Certify Once, Accredit Many
Situational Awareness and Control
- Enterprise and Mission Integration
- Ease of Use
- Common Cross Domain System Manager
- Dynamic Policy Enforcement
MTS Appliance :
SafeNet information flow engine, Oracle Solaris 10 with Trusted Extensions, Oracle Java, Oracle XACML, SPARC, or x86 platforms
SafeNet CDS manager, Oracle Solaris 10, Oracle Java, Oracle MySQL, Splunk, SPARC, or x86 platforms
SafeNet protocol clients and queue manager, Oracle Java
Splunk is a commercial product integrated into the RMS for event management
Database repository used within the RMS for storing system data
Application Programming Interface (API) for Java content filters
SDI API :
The SDI API allows for legacy or unique application integration with the MDeX System
TIBCO Java Message Service (JMS):
Provided SDI client supports TIBCO’s Enterprise Message Service (EMS) JMS client for message exchanges within enterprise bus architectures. Requires customer to have existing TIBCO EMS Enterprise License
Industry standard access policy interoperability and extensibility so that policy decision points can exist in multiple places. Access policy managed through RMS
Plug and Play Architecture
The MDeX System’s modular design creates an environment where adding new domains, communities of interest, applications, and content filters requires significantly less custom development compared to most solutions. This gives the mission or organization the flexibility to change their requirements based on mission needs. SDIs supply the edge interface for connectivity between security domains and the MDeX System’s core security appliance, the MTS, allowing for ready integration of the MTS within existing mission and enterprise JMS, SMTP, XMPP, and standard file sharing applications.
Many other cross domain solutions are designed and developed to address specific data types and transfers. With these systems, adding a new data type or transfer organization requires custom development efforts, and a complete certification and accreditation effort for use approval. This process can take many months and costs a great deal of money.
To address this challenge, the MDeX System uses Plug and Play architecture and its Application Programming Interfaces (APIs) for interface protocols and content filters. This enables organizations to add new protocols or content filters without changes in the security support structure. Organizations can then isolate any additional certification and accreditation activities to just the additional protocols or content filters, without re-certification of the MTS itself. As a result, missions and organizations can deploy MDeX System configurations with minimal certification impact and minimize accreditation time frames.
Situational Awareness and Control
Enterprise and Mission Integration
The MDeX System includes enterprise and mission management of the MDeX System cross domain environment. It accomplishes this through its centralized (managing n CDS instances) and distributed (remote accessibility to management platform) capabilities for command and control, monitoring, and management activities.
Ease of Use
The MDeX System’s intuitive GUI for remote management provides a forward-thinking interface to policy and configuration management, and the means to view audit, system, and application events. This user-friendly design enables systems managers to quickly learn MDeX System operations and eliminates the need for users to have years of trusted operating system command line interface experience.
Accessibility is another key benefit to the MDeX System. The MDeX System includes PK-enabled web access from any authorized location. The MDeX System also provides the ability for enterprise and mission management services to gain accessibility to active cross domain event information to enable proactive data flow management.
Dynamic Policy Enforcement - Real-time Policy Changes with Assurance
Dynamic policy enforcement allows data owners to establish granular information flows and content filtering policies as mission needs dictate using the industry standard, OASIS XACML, security policy language. The separation of flow and content policies, and use of XACML, enables rapid examination and approval of defined policies by organization authorities. Two-role control provides separation between policy definition and release for management operations. Once an organization certifies a policy for implementation, it is available to the security core appliance, the MTS, for immediate activation and enforcement. This allows organization and mission authorities to operate in a coordinated manner to implement policy changes to address changing mission needs.