Special Processing Indicator Filter

The system where the SPI Filter is integrated consists of several computers dedicated to different function. The Sealed Area contains equipment and cabling that gives direct access to classified information. All personnel with access shall be authorised for this information and equipment.

Dedicated data links are used for communication with the environment outside the Sealed Area, via Crypto, Firewall or MIDS/L16 Terminal. No other external connection exists (e.g. IP via servers). No wireless devices exist.
Input to the filter is a message headed for the receiving security domain. The message is first inspected for SPI bit set to "on" or "off". If the SPI bit is "off" the send function is called, and the message is send. Else if the SPI bit is set to "on", i.e. this message is by the main rule not to leave the system, an event is registered in the security audit trail, and the message is further inspected for any EMERGENCY or FORCE TELL indicator. If there is no such indicator present, the message is stopped. Else if an indicator is present the send function is called and the message is sent.

Sertifikatnummer

SERTIT-019 C

Innbyrdes anerkjenning

CCRA

Produkt

Version 1.2

Kategori

Other Devices and Systems

Sponsor

Utviklar

Kongsberg Defence and Aerospace

Evalueringsforetak

Norconsult AS

Sertifiseringsdato

16.09.2011

Evalueringsnivå

EAL 4

Dokumentar

ST SPI Filter public version 1.0.pdf (544KB)

SERTIT-019 CR v1.0 (pdf) (762KB)