DCSR-3

DCSR-3 Specified Robustness – High

Overview

Only high-robustness GOTS or COTS IA and IA-enabled IT products are used to protect classified information when the information transits networks that are at a lower classification level than the information being transported. High-robustness products have been evaluated by NSA or in accordance with NSA-approved processes. COTS IA and IA-enabled IT products used for access control, data separation or privacy on classified systems already protected by approved high-robustness products at a minimum, satisfy the requirements for basic robustness. If these COTS IA and IA-enabled IT products are used to protect National Security Information by cryptographic means, NSA-approved key management may be required.

MAC / CONF	Impact	Subject Area
CLASSIFIED	High	Security Design and Configuration

Details

Threat
Utilizing GOTS or COTS IA and IA-enabled IT products that are designated at a lower robustness then is required will increase network vulnerability by not adequately protecting DoD data and information systems. By adhering to robustness requirements, organizations can be confident that they are applying the appropriate level of protection to their network.

Guidance
1. Use high-robustness GOTS or COTS IA and IA-enabled IT products to protect classified information when the information transits networks at a lower classification level than the information being transported. * 2. Ensure all High-robustness designated products have been evaluated by NSA in accordance with NSA-approved processes. * 3. COTS IA and IA-enabled IT products used for access control, data separation or privacy on classified systems already protected by approved high-robustness products at a minimum, satisfy the requirements for basic robustness. If these COTS IA and IA-enabled IT products are used to protect National Security Information by cryptographic means, NSA-approved key management may be required. * * Note: These requirement are more stringent than DCSR-2

Guidance

1. Use high-robustness GOTS or COTS IA and IA-enabled IT products to protect classified information when the information transits networks at a lower classification level than the information being transported. *
2. Ensure all High-robustness designated products have been evaluated by NSA in accordance with NSA-approved processes. *
3. COTS IA and IA-enabled IT products used for access control, data separation or privacy on classified systems already protected by approved high-robustness products at a minimum, satisfy the requirements for basic robustness. If these COTS IA and IA-enabled IT products are used to protect National Security Information by cryptographic means, NSA-approved key management may be required. *

* Note: These requirement are more stringent than DCSR-2

References

DoD CIO Guidance and Policy Memorandum No. 6-8510, DoD GIG IA, 16 June 2000
CJCSM 6510.01, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 10 August 2004
DoDI 8500.2, Information Assurance Implementation, para. E3.2.4.3, .1, .2, 06 February 2003
Information Assurance Technical Framework, Appendix E IATF Release 3.1. September 2002