The National Security Agency’s Commercial Solutions for Classified (CSfC) program requires continuous monitoring of network security functions. Under the Continuous Monitoring requirements, numerous monitoring locations in CSfC’s Black-Gray-Red architecture must deliver log data to Management Services systems and Security Information and Event Management (SIEM) solutions. When monitoring data is aggregated from multiple enclaves (for example, Black to Gray, or Gray to Red), an approved one-way transfer (OWT) mechanism is required to protect the independent sources from potentially malicious content. For large-scale deployments, this can result in a large concentration of OWT devices. Compliance with these requirements using conventional OWT devices will consume an impractical amount of rack space and power. This approach will also create an administrative nightmare for network operators who need to configure, manage, and monitor an individual OWT appliance for every logging port connection.
