Gateways

ISM-0677

Files imported or exported via gateways or CDSs that have a digital signature or cryptographic checksum are validated.

Topic
Validating file integrity
Applicable to
all

History

Priority
must
Mar 2023
Files imported or exported via gateways or CDSs that have a digital signature or cryptographic checksum are validated.
An existing control relating to validating the ‘digital signature or checksum’ of files imported or exported via gateways or Cross Domain Solutions was amended to validating the ‘digital signature or cryptographic checksum’ instead.
Mar 2022
Files imported or exported via gateways or CDSs that have a digital signature or checksum are validated.
The recommendation to block files that fail digital signature checks (ISM-0677) was expanded to cover files that fail checksum checks.
Dec 2021
If data is signed, the signature is validated before the data is exported.
Miscellaneous changes were made to rationale and security controls throughout the publication. This included:
• A review from the Using the Information Security Manual chapter through to the Guidelines for Media chapter.
• Security controls suitable for all audiences have been identified with the ‘All’ applicability marking while additional security controls suitable for just government audiences have been identified with the O, P, S and TS applicability markings.
• Security controls suitable for specific classifications have been amended to include their classification(s) in the wording of the security controls to reduce the reliance on applicability markings to confer suitability.
• Tables in security controls have been converted into prose to allow for inclusion in the SSP annex template and the XML list of security controls.
• The use of ‘official’ and ‘highly classified’ terminology has been replaced with specific classifications to remove ambiguity.
• Security controls relating to high assurance ICT equipment have had their applicability narrowed to ‘S, TS’ reflecting that they are intended for the protection of SECRET and TOP SECRET systems and data.
2015
If data is signed, agencies must ensure that the signature is validated before the data isexported.
2010
Agencies must ensure that the gateway confirms the signature before the release of the data to be exported.