|
|
||||||||||||||||||||||||||
| ||||||||||||||||||||||||||
|
||||||||||||||||||||||||||
|
|
|
Certified products >
Special Processing Indicator Filter
|
Special Processing Indicator Filter
| Version 1.2 |
Build |
This certification is covered by the CCRA |
| Product type Data filtering mechanism |
Evaluation assurance level EAL 4 |
|
| Status Certified |
Certification date 16 September 2011 |
|
| Security target Security Target for the SPI Filter |
Certification report SERTIT-019 CR |
|
| Evaluation facility Norconsult AS |
Developer Kongsberg Defence and Aerospace Oddvar Gauteplass Phone: +47 32 28 82 00 Fax: +47 32 28 82 01 |
Product description
The system where the SPI Filter is integrated consists of several computers dedicated to different function. The Sealed Area contains equipment and cabling that gives direct access to classified information. All personnel with access shall be authorised for this information and equipment.
Dedicated data links are used for communication with the environment outside the Sealed Area, via Crypto, Firewall or MIDS/L16 Terminal. No other external connection exists (e.g. IP via servers). No wireless devices exist.
Input to the filter is a message headed for the receiving security domain. The message is first inspected for SPI bit set to “on” or “off”. If the SPI bit is “off” the send function is called, and the message is send. Else if the SPI bit is set to “on”, i.e. this message is by the main rule not to leave the system, an event is registered in the security audit trail, and the message is further inspected for any EMERGENCY or FORCE TELL indicator. If there is no such indicator present, the message is stopped. Else if an indicator is present the send function is called and the message is sent.