V-251349

Discussion

CJCSI 6211.02D instruction establishes policy and responsibilities for the connection of any information systems to the Defense Information Systems Network (DISN) provided transport. Enclosure E mandates that the CC/S/A document all IP tunnels transporting classified communication traffic in the enclave's security authorization package prior to implementation. An ATC or IATC amending the current connection approval must be in place prior to implementation. Enclosure D of the CJCSI 6211.02D also provides guidance on the requirements of tunneling classified data (section 15.a), which helps a CC/S/A determine applicability to their mission. Items include but are not limited to: - minimize tunneling of classified data over transport other than DISN provided transport (i.e., SIPRNET); - ensure the Authorizing Official (DAA) validates all requirements to tunnel classified information across unclassified IP infrastructure; - obtain DSAWG approval before tunneling classified data across unclassified IP infrastructure; - ensure transmission of classified information is secured through use of authorized cryptographic equipment and algorithms and/or PDSs; - document IP tunnels transporting classified communication traffic in the enclave’s security authorization package prior to implementation; - an ATC or IATC amending the current connection approval must be in place prior to implementation.

Check Content

Review the enclave's security authorization package and the ATC or Interim ATC amending the connection approval received.

If the tunneling of classified traffic is not documented in the security authorization package and an ATC or Interim ATC, this is a finding.