Information Support Server Environment - ISSE-Guard
The ISSE Program, sponsored by the Information Handling Branch at the Air Force Research Laboratory (AFRL/RIEB), creates solutions that provide secure cross domain sharing of information and facilitate collaboration. The AFISRA/A6 DoDIIS Modernization is the DoDIIS Executive Agent (DExA) for ISSE. The first ISSE system was accredited for operation by the Defense Intelligence Agency (DIA) in May 1996.
Since that time, the ISSE system has continued to evolve and mature keeping pace with technological innovations, changing security requirements, and satisfying mission requirements of the user community. Presently there are certified and accredited versions of ISSE fielded at US government agencies, coalition partners and commonwealth partners, the US armed services, US combatant commands, and other military sites around the world. ISSE systems are deployed in Top Secret/Sensitive Compartmented Information and Below Interoperability (TSABI) environments, Top Secret and Below Interoperability (TABI) environments, and Secret and Below Interoperability (SABI) environments.
ISSE is a Controlled Interface (CI) that enables the bidirectional flow of data between a single high side and up to eight low side destinations. ISSE provides authorized users the ability to create data packages consisting of e-mail messages and file-based products such as imagery and Microsoft® Office files. The ISSE system handles the secure transfer of the data between interconnected security domains, protects the security domains from unauthorized access or malicious attacks, and audits all data transfers between security domains. ISSE consists of four components:
- Secure Trusted Automated Routing (STAR) Guard: The STAR component provides a physical connection between different security domains, enforces policies that decide whether data is releasable to another security domain, and transfers the data from one security domain to another. The STAR Guard software will execute on a multi-level, secure operating systems, providing Mandatory Access Control (MAC), Discretionary Access Control (DAC), Identification and Authentication (I&A), labeling, and system-level auditing.
- Protocol Translator (PT): The PT component serves as an interface between mission applications that do not use the ISSE Application Programmer Interface (API) and the STAR Guard. It provides a means for authorized users to compose and send email with their COTS application. The PT acts as an intermediary agent that negotiates and translates diverse protocol (e.g. SMTP and FTP) interfaces between external operational missions and the IWS and the STAR components.
- ISSE Web Server (IWS): The IWS application is a release validation component of the ISSE System that provides Reliable Human Review (RHR) capabilities, consists of an IWS browser interface to the host provided by standard web browsers, and provides web services through a combination of Tomcat, Apache and application components.
- Parallel Audit Review and Analysis Toolkit (PARAT): PARAT is a set of software components that provide for the collection, review and near-real time analysis of audit information obtained from multiple sources, supports both manual and automated analyses of collected information, and is capable of providing alerts to online and offline users.
ISSE builds upon previous releases by enhancing current
capabilities and adding new functionality, including:
- Automated Inspection and Transfer of Highly Structured Data; such as OTH-GOLD, USMTF, and extensible Markup Language (XML) without human review
- Commercial Off-The-Shelf (COTS) Email Interface to RHR Processes
- PKI Encryption
- Application Program Interface (API) to establish a secure and direct connection between a mission application and ISSE, providing a more efficient and faster means of transferring data
- Expanded input/delivery mechanisms to send and receive data using additional mechanisms such as secure FTP
- Increased Flexibility to allow the CI to adapt to varying operational environments that account for the mission performed by the user site, the systems, networks, and interfaces that exist there; the types, formats and volume of data being processed; and the roles and identities of individual users
- Scalable to handle users with large or growing needs
Comm: (315) 330-7838
Comm: (757) 225-6314
|Join the GlobalSecurity.org mailing list|