5 FAH-11 H-800
CONNECTIONS TO NON-DEPARTMENT ENTITIES
5 FAH-11 H-810
INTRODUCTION
(CT:IAH-26; 12-19-2023)
(Office of Origin: IRM/E-CISO)
5 FAH-11 H-811 PURPOSE
(CT:IAH-17; 11-08-2018)
a. Federal requirements relating to network connectivity in the U.S. Government require a formalized process incorporating security measures to protect the connected systems and shared data.
b. The requirements for interagency connectivity, including system interconnection and information sharing, are derived from OMB Circular A-130, Appendix III, as well as National Institute Standards and Technology (NIST) Special Publication (SP) 800-47 and Committee for National Security Systems (CNSS) policies and instructions. Network extensions must be in accordance with requirements in 12 FAM 600 and 5 FAM 550.
c. Chapter 5 FAH-11 H-800 provides procedures for planning, establishing, maintaining, and terminating interconnections between Department and non-Department information technology (IT) systems, including extensions of the Department’s OpenNet and ClassNet networks.
5 FAH-11 H-812 OBJECTIVES
(CT:IAH-26; 12-19-2023)
a. Agencies may interconnect their systems for a variety of reasons depending on the agency’s needs or the requirements of Executive or Congressional mandates. For example, agencies may:
(1) Exchange data and information among selected users;
(2) Provide customized levels of access to proprietary databases;
(3) Collaborate on joint projects;
(4) Provide full-time communications (i.e., 24 hours per day, 7 days per week);
(5) Provide on-line training; and
(6) Provide secure storage of critical data and backup files.
b. Agencies may realize significant benefits through a system interconnection, including reduced operating costs, greater functionality, improved efficiency, centralized data access, and strengthened communication and operational ties. The business case included in the connection application must document benefits for the Department.
5 FAH-11 H-813 TYPES OF CONNECTIONS
(CT:IAH-2; 03-12-2007)
Agencies may connect their systems using two primary types of connections:
(1) Dedicated lines: One agency can own these lines or a third party can lease these lines. This type of line provides a high level of security because the line may be breached only through a direct physical intrusion; or
(2) Virtual private network (VPN): A data network that enables two or more parties to communicate securely across a public network using a private connection or tunnel between them. Since unauthorized parties can intercept data transmitted over a public network, the use of authentication and encryption is necessary to ensure data integrity and confidentiality.
5 FAH-11 H-814 CONNECTION LEVELS
(CT:IAH-19; 12-19-2023)
The extent to which an agency may access data and information resources is dependent on its mission and security needs. Therefore, bureaus may elect from a range of system access levels as follows:
(1) Limited access: Users are restricted to a single application (e.g., e-mail) or file location with rules governing access;
(2) Medium access: A broader interconnection that enables users to access multiple applications, databases, or a network (e.g., OpenNet); or
(3) Full access: The broadest interconnection that permits users full transparency, access, and data exchanges across their respective enterprises.
5 FAH-11 H-815 EXTENSIONS
(CT:IAH-2; 03-12-2007)
a. A network extension is an expansion of a network’s boundaries to include a deployment of Department-approved hardware to a non-Department entity location and not involving an interconnection to another system or extranet.
b. The network hardware comprising an extension, while logically within the network’s boundaries, is physically located outside the Department’s immediate sphere of control. Therefore, the Department must provide and implement special guidance beyond that boundary, normally associated with the network, in order to ensure the integrity of the network.
5 FAH-11 H-816 THROUGH H-819 unassigned