Flexible Adaptive Policy Management for Cross Domain Solutions

As tradeoffs between need to share and need to protect change dynamically in the order of minutes, it is necessary to also dynamically change security policies of Cross Domain Solutions (CDSs) on the same time scale to optimize information sharing. However, current policy management practices generally require re-accreditation, which takes months, and deployment of policy updates is a manual process that requires a highly skilled operator and cannot be executed remotely. The goal of our effort on Lifecycle Management, Deconfliction, and Automatic Deployment Services (LDADS) is to provide an enterprise capability to dynamically and securely adapt CDS policies to changing operational risks and requirements.

In this effort, we are creating an enterprise capability to dynamically and securely adapt CDS policy to changing operational risks and requirements. The approach aims to provide the following three workflows: (1) Authoring and persistence of policy bundles, (2) Context-based selection of policies at run time, and (3) Reliable deployment of policies into Cross Domain Solutions. To support the three functional flows, we introduce the notion of a Local Policy Agent (LPA) for providing dynamic policy management within a domain. One can think of the LPA as a domain's centralized service for managing cross domain policies and configurations. Functionality is split into the parts of 1) creation of accredited policy bundles which can take significant time (in the order of months) and 2) selection and deployment of those policy bundles, which needs to be fast (in the order of minutes).