NSTISSI 7003 Network Integrity Systems

NSTISSI 7003 Protective Distribution Systems (PDS) Specification MAIN PRODUCTS WHY INTERCEPTOR WHERE TO BUY » Sales Partners » Contract Vehicles » Contact Us SUPPORT » Technical Support » Request A Manual » Application Notes » Request Support » Training » Contact Us » Service Partners » Resource Library FAQs EVENTS » Trade Shows » Training COMPANY » About Us » News Center » Contact Us	For More Information (877) NIS-4PDS
NSTISSI 7003
National Security Telecommunications and Information Systems Security Instruction (NSTISSI) No. 7003, Protective Distribution Systems (PDS), provides guidance for the protection of wireline and optical fiber cables transmitting unencrypted classified National Security Information (NSI). This instruction stipulates approval authority, standards, and guidance for the design, installation, and maintenance of protected distribution systems (PDS) to U.S. government departments and agencies and their contractors and vendors. This instruction describes the requirements for all PDS installations within the U.S. and for low and medium threat locations outside the U.S. NSTISSI 7003 incorporates a philosophy of “risk management” in lieu of the “risk avoidance.” The instruction advises that sensible risk management practice dictates that each facility must be evaluated on its own risks and vulnerabilities based on factors such as location, physical security, environment, access controls, personnel security requirements, etc. and that the overall security afforded by PDS is the result of a layered approach incorporating various protection techniques. It further advises that the emphasis be placed on “detection” of attempted penetration in lieu of “prevention” of penetration. Criteria called out are based on threat or risk analysis relative to the location of the PDS. This generally results in reduced requirements and cost savings during installation and maintenance of PDS, but the decision as to what extent the guidance provided is followed ultimately rests with the department or agency Approval Authority. While NSTISSI 7003 provides overall guidance, in some cases the actual requirements are governed by individual agency and service instructions. This is especially true for the military services, which have established their own standards, based on NSTISSI 7003. NSTISSI 7003 as well as the specific service instructions also outline the process required for the approval and certification of a PDS. Generally speaking, an agency or service specific approval is the authority of a Certified Tempest Technical Authority (CTTA). The individual site specific approvals are the responsibility of a Designated Approval Authority (DAA). Catagories of PDS described in NSTISSI 7003: There are two categories of PDS: Hardened Distribution Systems and Simple Distribution Systems (Simple Distribution Systems will not be discussed below). Hardened Distribution Systems: The two most prevalent forms of Hardened Distribution Systems are Hardened Carrier PDS and Alarmed Carrier PDS (such as the Interceptor). Hardened Carrier: In a Hardened Carrier PDS, the data cables are installed in a carrier constructed of electrical metallic tubing (EMT), ferrous conduit or pipe, or ridged sheet steel ducting. All of the connections in a Hardened Carrier System are permanently sealed completely around all surfaces with welds, epoxy or other such sealants. If the hardened carrier is buried under ground, to secure cables running between buildings for example, the carrier containing the cables is encased in concrete. With a Hardened Carrier System, detection of an attempted intrusion is accomplished via human inspections that are required to be performed periodically. To make the inspections possible, hardened carriers are installed below ceilings or above flooring - in other words, visible and accessible. These periodic visual inspections (PVIs) occur at a frequency dependent upon the level of threat to the environment, the security classification of the data, and the access control to the area. Alarmed Carrier: As an alternative to conducting periodic visual inspections, an Alarmed Carrier system may be utilized to automate the inspection process through electronic monitoring or with an alarm system. In legacy Alarmed Carrier systems, derived from perimeter security applications, the carrier system is “alarmed” with specialized optical fibers deployed within the conduit for the purpose of sensing acoustic vibrations that usually occur when an intrusion is being attempted on the conduit in order to gain access to the cables. More advanced systems (such as the Interceptor™ Optical Network Security System) were designed specifically for information assurance applications. The major difference is that Interceptor monitors the fibers within, or intrinsic to, the cables being protected. This essentially turns the cables into sensors, allowing Interceptor to detect any attempts to tamper with the cables. This offers many advantages including the potential to eliminate the need for a metallic raceway all together to carry the cables as well as the cost and complexity associated with the construction of the metallic raceway system. Alarmed Carrier PDS offers several advantages over Hardened Carrier PDS: 1. Provides continuous monitoring 24/7/365 2. Eliminates the requirement for periodic visual inspections 3. Allows the carrier to be hidden above the ceiling or below the floor, since PVIs are not required 4. Eliminates the need for the welding and epoxying of the connections 5. Eliminates the requirement for concrete encasement outdoors 6. Eliminates the need to lock down manhole covers 7. Enables rapid redeployment for evolving network arrangements 8. Possible elimination of the metallic carrier all together when using an intrinsic alarmed system » Click here to download a PDF of NSTISSI 7003 Protective Distribution Systems (PDS) Specification	The Interceptor™ Optical Network Security System is a fully approved Alarmed Carrier PDS
For More Information or to Schedule a Demonstration Call: 877 NIS-4PDS