Revision as of 22:55, 28 December 2010 edit Lambiam (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers 65,062 edits section on HAGs ← Previous edit		Revision as of 20:12, 29 December 2010 edit undo Lambiam (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers 65,062 edits m missing paren Next edit →
Line 5: In a [[multilevel security]] system, a '''controlled interface''' is a system component that is used to implement security constraints on the transfer of data between security domains. The data to be transferred may theoretically move in either direction; the task of the controlled interface is to ensure that the data meets the security criteria for transfer. In general, data can move from a lower-security doamin to a higher-security ___domain. For transfer in the opposite direction, it has to be ascertained that the data is of sufficiently low security sensitivity; for example, data [[Classified information\|classified]] as "Secret" should not be allowed to leak into a ___domain that is merely "Restricted". The [[Committee on National Security Systems]] (CNSS) publishes the 'NATIONAL INFORMATION ASSURANCE (IA) GLOSSARY', also known as CNSS Instruction No. 4009. In this glossary, a Controlled Interface is defined as follows: "Mechanism that facilitates the adjudication of different interconnected system security policies (e.g., controlling the flow of information into or out of an interconnected system)". Within the US government, the Director of Central Intelligence Directive 6/3 (DCID 6/3) states that multilevel security systems must meet the requirements for Protection Level 4 and 5 (PL-4 and PL-5), Integrity-High and Availability-High.

Controlled interface: Difference between revisions