Compliance

Compliance

Our Multi-Domain Video Network Switch (MDVNS) and source isolation architecture is fully compliant with current DOD and IA compliance documents that have been accepted across the various departments through DOD reciprocity testing and approval.  These documents include the UCR 2013 Change 2, Sept 2017; DISA APL Red/Black list; Video Services Policy Security Technical Implementation Guide (STIG) Version 1, Release 10 dated 26 October 2018; DOD Instruction 8500.01, Cybersecurity, March 14, 2014;  DOD 8510.01, Risk Management Framework, Chg 2, July 28, 2014; and https://www.niap-ccevs.org/Profile/Info.cfm?id=368.

Freeport system design features a purpose built, DISA tested and approved periods processing solution which provides video conferencing across multiple IP networks using a single video CODEC.  The solution is expandable to 9 networks without requiring any alterations to the core system design or the addition of any new CODECs.  Source isolation and switching utilize NIAP and EAL4 compliant components in order to ensure that the possibility of the cross contamination of information is eliminated.

Freeport Multi-Domain VTC Compliance Matrix

Multi-Domain Government IA ComplianceFreeport Compliant
1) System must comply with the 2013 Unified Capabilities Requirements 2013 (UCR 201) System must comply with the 2013 Unified Capabilities Requirements 2013 (UCR 2013 Change 2, Sept 2017). Section 9.1.9 VDS Cybersecurity (VDS-000460 & VDS-000480)Yes
2) System must comply with DISA’s Periods Processing, Video Services Policy (STIG) Version 1, Release 10Yes
3) System must comply with Guidelines for Media Sanitization, NIST SP 800-88 Rev. 1, Ref: Video Services Policy (STIG) Version 1, Release 10Yes
4) System must comply with Department of Defense Instruction 8500.01, Cybersecurity, March 14, 2014Yes
5) System must comply with Department of Defense Instruction 8510.01, Risk Management Framework, Chg 2, July 28, 2014Yes
6) Automated Periods Processing solution must be DISA tested/approved and be listed on DISA Red/Black Approved Peripherals List www.disa.mil/~/media/Files/DISA/Services/DVS/red_black_peripherals.xlsYes
CODEC Information SecurityFreeport Compliant
1) CODEC information (settings, passwords, directory information) must never be stored in more than one place nor shall they coexist with that information of another VTC networkYes
2) Electrical and data network isolation must be provided through the use of a single processor and memory unit for each required VTC networkYes
3) Must provide red/black air gap separation and isolated grounds between VTC networks and all system componentsYes
4) All residual data must be cleared from the VTC CODEC per GVS Periods Processing/VTC STIG before loading new data and connecting to another VTC networkYes
5) System must utilize a DISA approved (Previously CCEVS/NIAP Validated) fiber based switching unit for VTC network managementYes
Multi-Domain VTC System CapabilitiesFreeport Compliant
1) Must be able to utilize a single JITC approved VTC CODEC to support multiple VTC networks of varying classificationsYes
2) Must be able to support VTC calls on both NIPR and SIPR networksYes
3) Must be able to distribute content during VTC calls on the NIPR and SIPR networks using sources which are properly isolated via NIAP/EAL4 approved isolation devicesYes
4) Must be able to support DCO/DCS audio integration with both local and remote participantsYes
Source Isolation, Switching & managementFreeport Compliant
1) Source isolation and switching system components must be NIAP/CCEVS EAL4 approved. https://www.niap-ccevs.org/Profile/Info.cfm?id=368Yes
2) All source inputs must be assigned a classification level for automated source management without operator intervention.Yes
3) System must be able to manage which sources are available upon activation of a VTC network using NIAP compliant isolation https://www.niap-ccevs.org/Product/Compliant.cfm?PID=10894Yes
4) All audio outputs to workstations capable of connecting to DCO/DCS must be properly isolated and managed based on the currently active classification levelYes

PRODUCTS & SERVICES

Specifically designed to manage security risks and reduce overall implementation cost
(571)-262-0400 or Toll Free at (866)-226-4487 (Option #1)