Securing External Data Connections

This article serves as a guide outlining the criteria and processes for securing External Data Connections (EDCs) on the Game Warden platform.

Each team and individual plays a vital role in supporting customer applications and upholding the Department of Defense's (DoD) commitment to safeguarding systems and information. The stringent security protocols established by Game Warden across various Impact Levels (ILs) are a testament to this commitment, ensuring the confidentiality, integrity, and availability of data transmitted over external connections. This guide provides the necessary direction and best practices for application teams to adhere to when requesting EDCs on the Game Warden platform.

Requirements

The below are the requirements that must be met to support use cases for External Data Connections for your applications.

Thorough Connection Documentation

• Visual Representation: A detailed network diagram illustrating all external connections, including source and destination systems, data flow directionality, and specific ports and protocols used for communication. (See Authorization Boundary Diagrams for more information)

• Data Flow Descriptions: Comprehensive documentation describing the types of data transmitted/received for each connection, including the purpose and justification for each connection.

• Robust Data Protection:

  • Impact Level Segmentation: This principle is of utmost importance as it ensures that data flows are strictly isolated within their respective Impact Levels (ILs). Applications and data stores residing on a specific IL must only communicate with resources within the same IL. This strict isolation is a key measure to prevent data spills of sensitive information from leaking to a less trusted domain.
  • Encryption in Transit: Data in motion across external connections must be protected with strong encryption protocols like mTLS 1.2 or higher.
  • Encryption at Rest: Data stored on external systems, even within the same IL, must be encrypted at rest using FIPS 140-2 validated encryption modules or their equivalent.

	Impact Level-Specific Security Measures
DoD Impact Level 2 (IL2)	DoD IL 2 - Public or Non-Critical Mission Information - Cloud products or services that have been issued a FedRAMP authorization at the "Moderate Impact Level" are designated DoD IL 2 via reciprocity per DISA Memorandum August 15, 2019: Department of Defense (DoD) Memorandum of Reciprocity for FedRAMP Authorized Moderate Baseline Cloud Service Offerings (CSO) at Impact Level 2 (IL2) External connections for IL2 systems are primarily limited to public-facing services like web servers. These connections are scrutinized rigorously, and only essential data is exposed. Access controls, encryption, and comprehensive logging are implemented to protect sensitive DoD data
DoD Impact Level 4 (IL4)	DoD IL 4 - Controlled Unclassified Information (CUI) or Non-CUI, Non-Critical Mission Information, Non-National Security Systems National Security Systems (NSS) CUI Prohibition: IL4 systems are prohibited from handling or storing NSS CUI. Access controls, encryption, and comprehensive logging are implemented to protect sensitive DoD data
DoD Impact Level 5 (IL5)	DoD IL 5 - Higher Sensitivity Controlled Unclassified Information (CUI), Mission Critical Information, National Security Systems Access controls, encryption, and comprehensive logging are implemented to protect sensitive DoD data
DoD Impact Level 6 (IL6)	DoD IL 6 - Classified SECRET, National Security Systems External connections for IL6 systems are exceedingly rare and subject to strict regulations. The strongest encryption protocols, stringent access controls, and continuous monitoring are required. Access controls, encryption, and comprehensive logging are implemented to protect sensitive DoD data

Commercial Data Connections

Commercial data connections that traverse into a DoD IL environment must adhere to a strict "ingress only" policy, which also applies to IL2 connections.

Bi-directional communications must be explicitly authorized via the external data connection request process (see below).

By adhering to these comprehensive security guidelines and adopting a proactive approach to risk management, application teams can establish and maintain secure external data connections that safeguard sensitive information, protect critical systems, and ensure the continuity of mission-critical operations. A well-defined incident response plan is a crucial part of this proactive approach, ensuring that we are prepared to handle any security incidents effectively.

External Data Connection Request Checklist

1. IL Segmentation:
   • Have you confirmed that all data flows are strictly isolated within their respective ILs?
   • Do applications and data stores on a specific IL only communicate with resources within the same IL?
2. Data Protection:
   • Is data in motion across external connections protected with mTLS 1.2 or higher?
   • Is data at rest on external systems encrypted using FIPS 140-2 validated encryption modules or equivalent?
3. Connection Documentation:
   • Have you provided a detailed network diagram illustrating all external connections, including source/destination systems, data flow directionality, and ports/protocols?
   • Have you provided comprehensive documentation describing the types of data transmitted/received for each connection, including purpose and justification?
4. CTI Containment:
   • Have you ensured that no Controlled Technical Information (CTI) is transmitted outside the DoD environment?
5. Data Traversal:
   • If data traversal between ILs is required, has a formal security review and approval process been approved?
6. IL-Specific Measures:
   • For IL2 systems, are external connections limited to essential public-facing services with robust authentication and authorization?
   • For IL4 systems handling CUI, has a Mission Owner Attestation been signed (if applicable)?
   • Have you verified that your IL4 systems don't process NSS CUI?
   • For IL5 systems, are access controls, encryption, and comprehensive logging implemented to protect sensitive DoD data?
   • For IL6 systems, are the strongest encryption protocols, stringent access controls, and continuous monitoring in place?
7. Commercial Data Connections:
   • Do commercial data connections adhere to a strict "ingress only" policy?
8. Security Posture:
   • Are regular vulnerability scans conducted on systems with external connections? This will need to be done with detailed information describing how this is being accomplished on the system/systems they want to be connected to.
   • Are Intrusion Detection/Prevention Systems (IDS/IPS) implemented for real-time monitoring and analysis?
   • Is the principle of least privilege enforced for systems and users?
   • Is continuous monitoring of all external connections in place?
   • Is there a well-defined incident response plan in place?

Required Artifacts for EDC Request Package

1. List of Ports and Protocols: A complete list of all IP addresses, ports, and protocols used for each external connection.
2. Directionality of Data: Specify whether each connection is ingress or egress only or bi-directional.
3. Type of Data: Provide a specific description of the types of data transmitted/received for each connection.
4. Detailed Description of EDCs: A comprehensive list of all requested EDCs with a detailed description of each and its intended use within the application.
5. Data Flow Architecture Diagram: A visual representation illustrating all requested EDCs traversing the authorization boundary.
   • Provide a diagram similar to the already existing authorization boundary diagram provided as part of the System Security Plan (SSP).

Return to Help Center Home