Implementing CDS for Secure Network Segmentation
Cross Domain Solutions connect SECRET or TOP SECRET networks with other networks securely.
Plain language
This control is about making sure that very sensitive information, like national secrets, is kept safe when systems that manage this data are connected to other networks. If this isn't done properly, confidential information could fall into the wrong hands and cause significant harm to national security or privacy.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for gatewaysSection
Cross Domain SolutionsOfficial control statement
CDSs are implemented between SECRET or TOP SECRET networks and any other networks belonging to different security domains.
Why it matters
Without an approved CDS between SECRET/TOP SECRET and other domains, classified data may leak or be exfiltrated across network boundaries.
Operational notes
Operate CDS only at SECRET/TOP SECRET domain boundaries; review transfer rules/allowlists, validate filters, and audit logs for all cross-domain transfers.
Implementation tips
- IT Managers should identify which networks within your organisation need higher security due to sensitive information they handle. You can do this by reviewing the types of data each network manages and consulting with your security officer.
- IT Teams should implement Cross Domain Solutions, which act like secure gates, between networks dealing with top secret data and other networks. This can involve installing specialised systems that ensure only safe and authorised information is shared.
- Security Officers should regularly review and update protocols for data exchange between different network domains. This means setting clear rules on what kind of information can be shared and verifying that these rules are being followed.
- System Administrators should maintain and monitor logs of all data transactions passing through these secure gateways. Use security tools to help track and flag any unusual activity, ensuring any suspicious behaviour is immediately addressed.
- Policy Makers should ensure that comprehensive training programs are in place for staff who interact with secure networks. This training should include understanding the importance of handling sensitive information and the steps required to maintain system integrity.
Audit / evidence tips
-
Askthe documentation detailing the networks identified as requiring Cross Domain Solutions
Goodwill include clear justification for each network's classification and a summary of risks
-
Askthe configuration documents of the Cross Domain Solutions in place. Look to see that they describe the systems and technologies used, and how they secure data
Goodshows thorough descriptions and evidence that they match industry guidelines
-
Goodincludes complete logs, analysis of incidents, and resolutions for any issues flagged
-
Askto review the data exchange protocols
Goodincludes comprehensive, easy-to-understand rules that are regularly reviewed and updated
-
Goodwill be a detailed account of training sessions, including topics covered and participant feedback
Cross-framework mappings
How ISM-0626 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.22 | ISM-0626 requires organisations to implement Cross Domain Solutions (CDSs) between SECRET or TOP SECRET networks and any other networks i... | |
| handshake Supports (1) expand_less | ||
| Annex A 5.14 | ISM-0626 mandates the use of CDSs to manage cross-domain connectivity between SECRET or TOP SECRET networks and other domains | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.