5 FAH-11 H-800
CONNECTIONS TO NON-DEPARTMENT ENTITIES
5 FAH-11 H-810
INTRODUCTION
(CT:IAH-17; 11-08-2018)
(Office of Origin: IRM/IA)
5 FAH-11 H-811 PURPOSE
(CT:IAH-17; 11-08-2018)
a. Federal requirements relating to network
connectivity in the U.S. Government require a formalized process incorporating
security measures to protect the connected systems and shared data.
b. The requirements for interagency connectivity, including
system interconnection and information sharing, are derived from OMB Circular
A-130, Appendix III, as well as National
Institute Standards and Technology (NIST) Special Publication (SP) 800-47 and
Committee for National Security Systems (CNSS) policies and instructions.
Network extensions must be in accordance with requirements in 12 FAM 600 and 5 FAM 550.
c. Chapter 5 FAH-11 H-800 provides
procedures for planning, establishing, maintaining, and terminating
interconnections between Department and non-Department information technology
(IT) systems, including extensions of the Departments OpenNet and ClassNet
networks.
5 FAH-11 H-812 OBJECTIVES
(CT:IAH-2; 03-12-2007)
a. Agencies may interconnect their systems for a
variety of reasons depending on their agencys needs or the requirements of
Executive or Congressional mandates. For example, agencies may:
(1) Exchange data and information among selected
users;
(2) Provide customized levels of access to proprietary
databases;
(3) Collaborate on joint projects;
(4) Provide full-time communications (i.e., 24 hours
per day, 7 days per week);
(5) Provide on-line training; and
(6) Provide secure storage of critical data and backup
files.
b. Agencies may realize significant benefits through a
system connection, including reduced operating costs, greater functionality,
improved efficiency, centralized data access, and strengthened communication
and operational ties. The business case included in the connection application
must document anticipated benefits for the Department.
5 FAH-11 H-813 TYPES OF CONNECTIONS
(CT:IAH-2; 03-12-2007)
Agencies may connect their systems using two primary types
of connections:
(1) Dedicated lines: One agency can own these lines
or a third party can lease these lines. This type of line provides a high
level of security because the line may be breached only through a direct
physical intrusion; or
(2) Virtual private network (VPN): A data network
that enables two or more parties to communicate securely across a public network
using a private connection or tunnel between them. Since unauthorized parties
can intercept data transmitted over a public network, the use of authentication
and encryption is necessary to ensure data integrity and confidentiality.
5 FAH-11 H-814 CONNECTION LEVELS
(CT:IAH-2; 03-12-2007)
The extent to which an agency may access data and
information resources is dependent on its mission and security needs.
Therefore, agencies may elect from a range of system access levels as follows:
(1) Limited access: Users are restricted to a single
application (e.g., e-mail) or file location with rules governing access;
(2) Medium access: A broader interconnection that
enables users to access multiple applications, databases, or a network (e.g.,
OpenNet); or
(3) Full access: The broadest interconnection that
permits users full transparency, access, and data exchanges across their
respective enterprises.
5 FAH-11 H-815 EXTENSIONS
(CT:IAH-2; 03-12-2007)
a. A network extension is an expansion of a networks boundaries
to include a deployment of Department-approved hardware to a non-Department
entity location and not involving an interconnection to another system or
extranet.
b. The network hardware comprising an extension, while
logically within the networks boundaries, is physically located outside the
Departments immediate sphere of control. Therefore, the Department must
provide and implement special guidance beyond that boundary, normally
associated with the network, in order to ensure the integrity of the network.
5 FAH-11 H-816 THROUGH H-819 unassigned