Special Processing Indicator Filter
The system where the SPI Filter is integrated consists of several computers dedicated to different function. The Sealed Area contains equipment and cabling that gives direct access to classified information. All personnel with access shall be authorised for this information and equipment.
Dedicated data links are used for communication with the environment outside the Sealed Area, via Crypto, Firewall or MIDS/L16 Terminal. No other external connection exists (e.g. IP via servers). No wireless devices exist.
Input to the filter is a message headed for the receiving security domain. The message is first inspected for SPI bit set to "on" or "off". If the SPI bit is "off" the send function is called, and the message is send. Else if the SPI bit is set to "on", i.e. this message is by the main rule not to leave the system, an event is registered in the security audit trail, and the message is further inspected for any EMERGENCY or FORCE TELL indicator. If there is no such indicator present, the message is stopped. Else if an indicator is present the send function is called and the message is sent.