Frequently Asked Questions For Cross Domain Solutions
Cross Domain Solutions (CDS) provide controlled, content aware transfer of information between network/computing enclaves of different security classifications or sensitivities. They can serve as an extremely effective first line of defense against cyber-attacks penetrating platforms, networks and subsystems.
General Dynamics Mission Systems has an extensive cybersecurity product portfolio and experience directly applicable to the protection of networks and systems to maintain cybersecurity assurance in any environment. General Dynamics' Tactical Cross Domain Solution (TACDS®) was the first ruggedized, SWAP-C CDS designed, qualified, and accredited for the tactical/combat environment; it remains the industry cybersecurity lead in the space.
The following are common questions on CDS terminology and types, as well as details on our tactical CDS products.
Cross Domain Solutions
A Cross Domain Solution (CDS) is a device or collection of devices that mediate controlled access or transfer of information across security boundaries, i.e., between two or more networks of different security classifications. For example, between Security Domain “A” and Security Domain “B”. A CDS enables human or fully automated review of data to allow trusted sharing of information across previously physically separated enclaves, domains and systems. A CDS enforces a defined security policy based on the type of data being passed, direction of data flow and improves the timeliness of data sharing.
Cross Domain Solutions are specifically designed for diverse applications on the modern battlefield, including:
- Real-time video and ISR data collection and dissemination. Examples include airborne sensor video, ground sensors (manned/unmanned)
- Cyber defense and foreign system isolation to include both foreign sourced systems as well as in-bound coalition network data.
- Coalition interoperability for the real-time exchange of Command and Control (C2) and Situational Awareness (SA) information
- Unmanned and manned aerial platform & payload control for UAV platform and payload control, Cursor-on-Target, air reconnaissance data and text-based sensor cueing messages
- Real-time condition based maintenance such as health & status monitoring, remote maintenance & diagnostics, and fuel & ammo level monitoring
- Situational Awareness and Command & Control including Variable Message Format (VMF) tactical information messages, real-time combat data, voice communications, imagery, and relative navigation information (Link-16/JREAP), Position/Location Information (PLI) and MEDEVAC information
- Mitigating the risks of malware and zero day exploits while enabling real-time information exchange.
Raise the Bar is a strategy for improving cross domain solution security and capabilities from a design, development, assessment, implementation, and use perspective. Raise the Bar is intended to apply to and address improving the cybersecurity of all cross domain solutions used to protect U.S. Government classified information and all cross domain solutions being sold for export.
Enterprise Cross Domain Solutions are often used in large enterprise data centers where there are many different networks and security enclaves, each with a different classification and/or releasability and significant processing requirements. Enterprise CDS do not have end-to-end time critical requirements.
Tactical Cross Domain Solutions are designed to be deployed in operational environments at the tactical edge to meet site or mission specific needs and use in environmentally constrained conditions (e.g., sand, heat, humidity, shock and vibration). They can also be size, weight and power (SWaP) constrained and typically have a low tolerance for latency, potentially operating in disconnected communications environments. By placing a CDS within these tactical environments, transmission and processing delays between the data source and tactical consumer, are minimized.
Tactical Cross Domain Solutions (TACDS)
TACDS is a bidirectional transfer CDS designed and optimized for Size, Weight, Power and Cost (SWaP-C) constrains. TACDS is ruggedized for tactical deployment with a robust, layered, defense in depth security architecture that provides secure, certified separation of network/interface domains and enforces a separation boundary between the security domains (enclaves) that it is attached to.
TACDS is designed for low latency/disconnected environments. It can process numerous mission-enabling tactical data and message formats to provide instant, secure access to real-time data convergence and stimulate opportunities for improvement in speed of decision making.
TACDS programmable rule sets filter information (messages), to allow individual messages or data fields within them to be selectively passed, blocked, or changed to ensure data security on both networks.
TACDS was the first ruggedized, small SWAP-C tactical CDS designed, qualified, and accredited for the combat environment; and has undergone many successful certification and accreditation cycles for over 10 years. The environmental qualification successes TACDS incorporates include:
- Operational Temperature: -40°C to 70°C
- Storage Temperature: -51°C to 85°C
- Operational Altitude: 0 - 65,000 ft. above sea level
- Vibration: Tracked and Wheeled Vehicle, Fixed and Rotary Wing Aircraft, and Gunfire
- EMI/EMC: MIL-STD-461F, RE102, CE102, CS101, CS114, CS115, CS116, RS103
For additional information, please request the whitepaper TACDS: Ensure Mission Success through Secure, Fast & Automatic Transfer of Data Between Security Domain
TACDS can be mounted on a platform and is very easy to use, install and operate. TACDS Filter Components are each designed to be customizable by the end customer in their application through a set of configuration files, security policy rulesets, and data format descriptions that can modify the behavior of the Filter Component without changing any of the filter software code itself. There are no special CDS ruleset customization tools required.
With no user input points or displays, TACDS can be installed in access limited locations. Once configured for a mission, there is no user interaction required for normal operation.
TACDS is not subject to handling and custody restrictions like a Controlled Cryptographic Item (CCI), and it is an unclassified device until connected to a classified network. The device does not store any user message data. There is no classification guide required for the product or any of its internal components.
TACDS is a TRL9 commercial product and is 100% developed by General Dynamics Mission Systems. The product line is wholly delivered and serviced by General Dynamics Mission Systems (hardware, software, training, integration, and repair/return warranty/non-warranty repairs).
TACDS is ITAR-controlled and subject to some export-related controls, as a defense-related article. Please contact us with any questions or concerns related to the acquisition or application of TACDS.
TACDS is offered as standalone products for integration into new and legacy architectures and platforms. All form factors are in full rate production, NSA/ National Cross Domain Strategy and Management Office (NCDSMO) tested and accredited, Raise-The-Bar (RTB) compliant for use in tactical application and use identical software, firmware, rule and filter sets.
TACDS-VM (Vehicle Mount) is a widely deployed, mountable anywhere, on any platform and is very easy to use, install and operate. There are separate power, management, and high and low side connectors.
TACDS LP (Low Profile) is suitable for a single 1u tactical rack space, or it can be mounted anywhere on any platform. The power and management connectors are combined with separate high and low side connectors.
For additional details, please download the following datasheets:
The TACDS Lab-Based Security Assessment (LBSA), Raise The Bar (RTB) Filter Component library consists of the following filters:
TACDS includes an Administrator tool providing four administrator roles, each with exclusive access to specific administrator functions. Additional filters can be developed.
TACDS is a low risk, TRL 9, NSA-approved, National Cross Domain Strategy and Management Office (NCDSMO) assessed CDS that is easily adaptable to systems. TACDS v3 is also compliant to the latest NSA Raise The Bar (RTB) requirements. TACDS has been on the NCDSMO baseline approved list since 2012.
TACDS-VM and -LP v3 are TRL 9, in full rate production and accredited for operation on various types of platforms and integrated tactical networks across the DoD and Intel communities, as well as with Five Eyes (FVEY) international partners.
By applying TACDS between all external wired or wireless access ports and the internal networks In an actively contested cyber environment, a System’s Cyber Resiliency (CR) and ability to maintain mission execution, can be significantly enhanced.
TACDS facilitates the DoD’s Multi-Domain Operations (MDO) doctrine. TACDS guarantees the integrity of mission critical data when transferred between security enclaves within and across operational domains. TACDS enables sharing between US networks, FVEY coalition networks, and military services during combined operations.
TACDS can process numerous mission-enabling tactical data and message formats to provide instant, secure access to real-time data convergence in an MDO environment and stimulate opportunities for improvement in speed of decision making.
For additional information, please watch the webinar Next-Generation Information Sharing And Data Protection For The Multi-Domain Battle.
Please watch and download the following webinars and whitepapers for operational applications of TACDS:
Yes, General Dynamics Mission Systems offers hands-on training covering installation, operations, administration, scripting, data format customization and maintenance. Training will allow customers to perform Rule Set customization at their discretion. A 4-day training class is available at our Scottsdale, AZ campus for up to 10 people. The training can also be available on-site at customer locations.
We also provide on-site and remote field support and application engineering services.
General Dynamics Mission Systems is investing in continued evolution of TACDS capabilities, interfaces and form factors based on mission needs. Future TACDS implementation are intended to maintain RTB compliance and use the same certified filter set.
We are committed to the National Cross Domain Strategy and Management Office’s (NCDSMO) RTB and maintains a TACDS Roadmap in alignment with the prescribed RTB governance - ensuring a solution that will maintain compliance with the latest RTB releases. We are also committed to enhancing our Filter Component Library to support additional operational use case and message formats. For additional information please watch the webinar: TACDS Next: Investing for Mission Success
As a Commercial off-the-shelf (COTS) item, all TACDS products, services and solutions are available for procurement directly from General Dynamics Mission Systems.
TACDS is also available for purchase through the U.S. Army’s Common Hardware Systems-5 (CHS-5) IDIQ contract.
- Presidential Executive Order to Improve the Nation’s Cybersecurity and Protect Federal Government Networks
- 2022 National Security Memorandum to Improve the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems
- National Cross Domain Strategy & Management Office (nsa.gov)