Compliance

Compliance

Our Multi-Domain Video Network Switch (MDVNS) and source isolation architecture is fully compliant with current DOD and IA compliance documents that have been accepted across the various departments through DOD reciprocity testing and approval.  These documents include the 2013 UCR revision 2015, DISA APL and Red/Black list, Video Services Policy Security Technical Implementation Guide (STIG) Version 1 (Release 8 dated 22 January 2016), Global Video Services (GVS) Periods Processing/VTC STIG Use Policy Document 09 December 2014, DOD 8500.01, DOD 8510.01 and https://www.niap-ccevs.org/Profile/Info.cfm?id=368.

Freeport system design features a purpose built, DISA tested and approved periods processing solution which providesvideoconferencing across multiple IP networks using a single video CODEC.  The solution is expandable to 9 networks without requiring any alterations to the core system design or the addition of any new CODECs.  Source isolation and switching utilize NIAP and EAL4 complaint components in order to ensure that the possibility of the cross contamination of information is eliminated.

Freeport Multi-Domain VTC Compliance Matrix

Multi-Domain Government IA ComplianceFreeport Compliant
1) System must comply with the 2013 Unified Capabilities Requirements 2013 (UCR 2013 Change 1, June 2015). Section 9.1.9 VDS Cybersecurity (VDS-000460 & VDS-000480) – Attached to ProposalYes
2) System must comply with Version 1, Release 8 Video Services Policy – Security Technical Implementation Guide (STIG)Yes
3) System must comply with Version 1.1 2014 Global Video Services (GVS) Periods Processing/VTC STIG Use Policy DocumentYes
4) System must comply with Department of Defense Instruction 8500.01Yes
5) System must comply with Department of Defense Instruction 8510.01Yes
6) System must be DISA tested/approved and be listed on DISA Red/Black Approved PeripheralsYes
CODEC Information SecurityFreeport Compliant
1) CODEC information (settings, passwords, directory information) must never be stored in more than one place nor shall they coexist with that information of another VTC networkYes
2) Electrical and data network isolation must be provided through the use of a single processor and memory unit for each required VTC networkYes
3) Must provide red/black air gap separation and isolated grounds between VTC networks and all system componentsYes
4) All residual data must be cleared from the VTC CODEC per GVS Periods Processing/VTC STIG before loading new data and connecting to another VTC networkYes
5) System must utilize a DISA approved (Previously CCEVS/NIAP Validated) fiber based switching unit for VTC network managementYes
Multi-Domain VTC System CapabilitiesFreeport Compliant
1) Must be able to utilize a single JITC approved VTC CODEC to support multiple VTC networks of varying classificationsYes
2) Must be able to support VTC calls on both NIPR and SIPR networksYes
3) Must be able to distribute content during VTC calls on the NIPR and SIPR networks using sources which are properly isolated via NIAP/EAL4 approved isolation devicesYes
4) Must be able to support DCO/DCS audio integration with both local and remote participantsYes
Source Isolation, Switching & managementFreeport Compliant
1) Source isolation and KVM components must be NIAP/CCES EAL4 approved. https://www.niap-ccevs.org/Profile/Info.cfm?id=368Yes
2) All computer workstation inputs must be assigned a classification level for automated source management without operator interventionYes
3) System must be able to control which computers are available based on the currently active classification level using NIAP/EAL4 compliant isolation devicesYes
4) All audio outputs to workstations capable of connecting to DCO/DCS must be properly isolated and managed based on the currently active classification levelYes

PRODUCTS & SERVICES

Specifically designed to manage security risks and reduce overall implementation cost
(571)-262-0400 or Toll Free at (866)-226-4487 (Option #1)