High Assurance Guard
From Wikipedia, the free encyclopedia
 |
This article is orphaned as few or no other articles link to it. Please help introduce links in articles on related topics. (October 2006) |
A High Assurance Guard (HAG) is a Multilevel security computer device which is used to communicate between different Security Domains, such as NIPRNet to SIPRNet. The HAG is one example of a Controlled Interface between security levels. HAGs are approved through the Common Criteria process.
[edit] Operation
The HAG runs a multiple hardware virtualization machine on separate processor - one subsystem for the lower classification, one subsystem of the higher classification. The hardware runs a type of Knowledge Management software that examines traffic going from the higher classification side and rejects any traffic that is classified higher than the lower classification. In general, the HAG allows lower classified data that resides on a higher classified system, to be moved to another lower classified system. For example, in the US, it would allow unclassified information residing on a classified secret system to be moved to another unclassified system. Through various rules and filters, the HAG ensures that the data is of the lower classification and then allows the transfer.
[edit] Importance, risks
The HAG is mostly used in email and DMS environments as certain organizations may only have unclassified network access, and they need to send a message to an organization that has only secret network access. The HAG provides them this ability.
 |
This computer-related article is a stub. You can help Wikipedia by expanding it. |
