Compliance
Our Multi-Domain Video Network Switch (MDVNS) architecture is fully compliant with current DOD and IA compliance documents that have been accepted across the various departments through DOD reciprocity testing and approval. These documents include the UCR 2013 Change 2, Sept 2017; DISA APL Red/Black list; Video Services Policy Security Technical Implementation Guide (STIG); DOD Instruction 8500.01, Cybersecurity, March 14, 2014; DOD 8510.01, Risk Management Framework, Chg 2, July 28, 2014; and "Protection Profile for Peripheral Sharing Switch".
The Freeport MDVNS system design features a purpose built, DISA tested and approved periods processing solution which provides video conferencing across multiple IP networks using a single video CODEC. The solution is expandable to 25 networks without requiring any alterations to the core system design or the addition of any additional VTC CODECs.
Freeport MDVNS Compliance Matrix
| Multi-Domain Government IA Compliance | Freeport Compliant |
|---|---|
| 1) System must comply with the 2013 Unified Capabilities Requirements 2013 (UCR 201) System must comply with the 2013 Unified Capabilities Requirements 2013 (UCR 2013 Change 2, Sept 2017). Section 9.1.9 VDS Cybersecurity (VDS-000460 & VDS-000480) | Yes |
| 2) System must comply with DISA’s Periods Processing, Video Services Policy (STIG) Version 1, Release 10 | Yes |
| 3) System must comply with Guidelines for Media Sanitization, NIST SP 800-88 Rev. 1, Ref: Video Services Policy (STIG) Version 1, Release 10 | Yes |
| 4) System must comply with Department of Defense Instruction 8500.01, Cybersecurity, March 14, 2014 | Yes |
| 5) System must comply with Department of Defense Instruction 8510.01, Risk Management Framework, Chg 2, July 28, 2014 | Yes |
| 6) Automated Periods Processing solution must be DISA tested/approved and be listed on DISA Red/Black Approved Peripherals List | Yes |
| CODEC Information Security | Freeport Compliant |
|---|---|
| 1) CODEC information (settings, passwords, directory information) must never be stored in more than one place nor shall they coexist with that information of another VTC network | Yes |
| 2) Electrical and data network isolation must be provided through the use of a single processor and memory unit for each required VTC network | Yes |
| 3) Must provide red/black air gap separation and isolated grounds between VTC networks and all system components | Yes |
| 4) All residual data must be cleared from the VTC CODEC per GVS Periods Processing/VTC STIG before loading new data and connecting to another VTC network | Yes |
| 5) System must utilize a DISA approved (Previously CCEVS/NIAP Validated) fiber based switching unit for VTC network management | Yes |
| Multi-Domain VTC System Capabilities | Freeport Compliant |
|---|---|
| 1) Must be able to utilize a single JITC approved VTC CODEC to support multiple VTC networks of varying classifications | Yes |
| 2) Must be able to support VTC calls on both NIPR and SIPR networks | Yes |
| 3) Must be able to distribute content during VTC calls on the NIPR and SIPR networks using sources which are properly isolated via NIAP/EAL4 approved isolation devices | Yes |
| 4) Must be able to support DCO/DCS audio integration with both local and remote participants | Yes |
| Source Isolation, Switching & Management | Freeport Compliant |
|---|---|
| 1) Source isolation and switching system components must be NIAP/CCEVS EAL4 approved. | Yes |
| 2) All source inputs must be assigned a classification level for automated source management without operator intervention. | Yes |
| 3) System must be able to manage which sources are available upon activation of a VTC network using NIAP compliant isolation. | Yes |
| 4) All audio outputs to workstations capable of connecting to DCO/DCS must be properly isolated and managed based on the currently active classification level | Yes |