Forcepoint SimShield
Bi-Directional Fixed-Format Data Filtering and Disguise
Click here to jump to more pricing!
Overview:
- Meet NSA Raise the Bar and NIST
Included on the U.S. NCDSMO Baseline for SABI environments (since 2009) with native support for DIS, HLA, TENA, RTP and MPEG2-TS, and meets NSA Raise the Bar and NIST guidelines. - Only authorized TENA guard available
Evaluated by the High Performance Computing Modernization Program Office (HPCMPO) for connection to Defense Research & Engineering Network (DREN) and Secure Defense Research & Engineering Network (SDREN). - Enable secure two-way communication
SimShield enables fully automated, predictable, controlled, and audited two-way communication and sanitization of events across segmented, air-gapped security domains.
Enable Multilevel Training and Testing Missions
Connecting training—Live, Virtual, and Constructive (LVC)—and testing environments across security boundaries and in a real-world manner allows for more effective training activities and more efficient test events. The result is overall cost savings, a better trained warfighter, and more thoroughly and quickly tested equipment. Training cost savings are realized through the ability to train multiple groups at the same time, whether different national agencies or multinational forces; testing cost savings are realized through earlier detection and correction of issues and errors. For example, an unclassified rail gun can be tested with a ship’s classified communications system before the gun is mounted and deemed “classified,” reducing rework and improving implementation time.
Forcepoint SimShield
Forcepoint SimShield is an accredited commercialoff-the-shelf (COTS) fixed-format data guard with the capability to label, segregate, protect, and exchange data between systems executing at different sensitivity or classification levels. Forcepoint SimShield meets the data format, near real-time performance and low latency requirements for distributed simulation operations, live training exercises, and test events.
In the LVC training environment, SimShield provides secure interoperability across networks at multiple classification levels, enabling training assets that operate under different security classification levels to fully communicate and securely interact, creating the most realistic and beneficial training exercises possible.
In the Research, Development, Test & Evaluation (RDT&E) environment, Forcepoint SimShield allows tests on distributed components to be performed in near realtime and analyzed in a matter of hours. This drastically reduces testing cycle time, which provides significant financial benefits.
SimShield is listed on the US National Cross Domain Strategy Management Office (NCDSMO) Baseline list for Secret and Below Interoperability (SABI) environments and meets current NSA Raise The Bar guidelines for an approved cross domain transfer solution. Because SimShield is an operationally accredited system, the Assessment and Authorization (A&A) process is streamlined for individual installations. SimShield consists of two components: Policy Editor and Trusted Bridge.
Forcepoint Simshield Policy Editor & Trusted Bridge
The Policy Editor is a stand-alone system in which security classification and domain experts define and build classification filtering and sanitization rules that govern the network communications and data flows through the Trusted Bridge. The graphical user interface provides for human review and approval, in addition to automated system checkpoints, to ensure the rule set is built accuratelyand locked down before loading into the Trusted Bridge. Policy Editor also provides persistent storage for rules and associated reclassification justifications for system and security auditing.
The Trusted Bridge is the guard component of SimShield and provides the solution’s multilevel security and bi-directional filtering capabilities. The administrator installs and implements the approved Policy Editor rule set on the Trusted Bridge to check the data for type and content. The rule set enforces separate and distinct filter rules before passing, failing, or sanitizing (disguising) the data, flowing from high to low and from low to high.
Data Types and Protocols
Forcepoint SimShield natively supports many data types and protocols for the cross domain transfer of video, audio, and metadata streams concurrently with live and virtual training, simulation, and testing data. For all protocols and data types, Forcepoint SimShield provides deep format validation, integrity checking, content inspection, and content sanitization at its most granular level of decomposition (i.e., the content’s lowest independently addressable data structure).
Administration and Management
SimShield architecture divides policy administration tasks and critical data transfer tasks onto separate hardware platforms: Trusted Bridge (guard) and Policy Editor. This separation provides strict security protection on the guard and prohibits filter policy generation on the guard system. Filter policies and rules are defined and generated on the Policy Editor system. A two-person control policy is rigorously enforced when moving the filter policies and rules from the Policy Editor to the Trusted Bridge.
Logging and Auditing
SimShield provides automatic logging within the Trusted Bridge for user and system activities. When enabled, logging is redirected to a remote syslog server at (and only at) the high side, which allows for central logging and archiving. Additionally, a logwatcher utility sends administrators email alert notifications and/or displays the alerts on-screen in real time.
System Integrity
SimShield uses various mechanisms for file system integrity checking and local configuration monitoring. Integrity validation can occur at any interval as specified by customer policy, typically hourly for most critical cross domain solution files and daily for normal system files.
Data Type or Protocol | Description |
---|---|
TENA LROM |
|
HLA FOM |
|
DIS |
|
RTP |
|
MPEG2-TS |
|
MPEG-PES, MPEG-PSI |
|
MPEG-Video, MPEG-Audio |
|
KLV Metadata |
|
Assessment & authorization (A&A)
SimShield is engineered to satisfy cross domain security requirements for the Top Secret/SCI and Below Interoperability (TSABI) and Secret and Below Interoperability (SABI) A&A processes to include meeting NSA’s Raise The Bar guidelines. Forcepoint products are installed and accredited in operational systems around the world.
SimShield is the only SABI and High Performance Computing Modernization Program Office (HPCMPO) approved TENA guard. This permits SimShield to securely transfer data between the Defense Research and Engineering Network (DREN) and the Secret Defense Research and Engineering Network (SDREN).
Conclusion
Forcepoint’s cross domain solutions have a proven track record of proactively preventing organizations from compromise, while fostering the secure access and transfer of information. This allows agencies to strike the right balance between information protection and information sharing—a vital component to national security.
Use Cases:
Commercial-Off-The-Shelf (COTS) solution
Always have the latest features without additional cost, vs. Government-Off-The-Shelf (GOTS) solutions.
Effective and efficient training environments
Train multiple national agencies or coalition forces at the same time in a single, real-world environment.
More rapid and efficient RDT&E
Sanitized information sharing for faster detection and correction of issues and errors during Research, Development, Test & Evaluation (RDT&E).
Ensure security through R.A.I.N. principles
Ensure that critical security actions are Redundant, Always Invoked, Independent, and Non-bypassable with dual filtering engines and robust security controls.
Enforce strong process and role separation
Use robust administration, logging, and auditing to separate hardware platforms for critical data transfer tasks (Trusted Bridge) and filter policy and rule development (Policy Editor).
Features:
Connect real-world training and testing environments
- Label, filter, protect, and exchange
Authorized system to label, filter, protect, and exchange data between segmented networks that execute at different sensitivity or classification levels. - Robust validation, inspection, and sanitization
For all protocols and data types, SimShield provides deep format validation, integrity checking, content inspection, and content sanitization. - Streaming video support
Real-time video streaming with unparalleled control and auditing. - User-friendly filter and policy rule creation
Standalone Policy Editor system for on-site filter and policy rule creation and verification. - Native support for many data types and protocols
Support for a variety of data types and protocols allows for the cross domain, concurrent transfer of video, audio, and metadata streams for live and virtual training, simulation, and testing data.
Benefits:
- Included on the US NCDSMO Baseline list
- First Forcepoint solution to meet NSA’s Raise The Bar guidelines
- The only authorized TENA guard available
- Natively supports multiple protocols and data types to include: DIS, HLA, TENA, RTP, and MPEG2-TS
- Enables interoperability between previously discrete testing and training activities eliminating redundancies and costs
- Supports near real-time cross domain Live, Virtual, and Constructive (LVC) Training with best-in-class performance
- Provides fully automated, predictable, controlled, and audited two-way communication and event sanitization across security domains
- Provides a standalone user-friendly interface for filter rule creation
- Allows object model and/or protocol changes without affecting security posture
Deployments:
Forcepoint SimShield Environment
Documentation:
Download the Forcepoint SimShield Datasheet (.PDF)
Pricing Notes:
- Pricing and product availability subject to change without notice.