Data transfers between systems are controlled and accountable.

]]> This section covers the fundamental requirements of data transfers between systems and applies equally to data transfers using removal media and to data transfers via gateways.

]]> Additional requirements for data transfers using removal media can be found in the Section 13.3 – Media Usage and additional requirements for data transfers via gateways can be found in the Section 20.2 – Data Import and Export.

]]> Transfers from a classified system where strong information security controls exist to a system of lower classification where controls may not be as robust, can lead to data spills, information loss and privacy breaches.  It is important that appropriate levels of oversight and accountability are in place to minimise or prevent the undesirable loss or leakage of information.

]]> Relevant PSR requirements can be found at:

 

Reference Title Source

PSR Mandatory Requirements

 GOV2, GOV6, INFOSEC1, INFOSEC2, INFOSEC3, INFOSEC4, PERSEC1, PERSEC2, PERSEC3 and PERSEC4

Home | Protective Security Requirements

Security governance (GOV) | Protective Security Requirements

Information security (INFOSEC) | Protective Security Requirements  

Personnel security (PERSEC) | Protective Security Requirements
]]> When users transfer data to and from systems they need to be aware of the potential consequences of their actions.  This could include data spills of classified information onto systems not accredited to handle the classification of the data or the unintended introduction of malicious code.  Accordingly agencies will need to hold personnel accountable for all data transfers that they make.

]]> Agencies MUST establish a policy and train staff in the processes for data transfers between systems and the authorisations required before transfers can take place.

]]> Agencies MUST ensure that system users transferring data to and from a system are held accountable for the data they transfer.

]]> Personnel can assist in preventing information security incidents by checking protective markings (classifications, endorsements and releasability) checks to ensure that the destination system is appropriate for the protection of the data being transferred, performing antivirus checks on data to be transferred to and from a system, and following all processes and procedures for the transfer of data.

]]> Agencies MUST ensure that data transfers are performed in accordance with processes and procedures approved by the Accreditation Authority.

]]> Agencies SHOULD ensure that data transfers are performed in accordance with processes and procedures approved by the Accreditation Authority.

]]> Using a trusted source to approve transfers from a classified system to another system of a lesser classification or where a releasability endorsement is applied to the data to be transferred, ensures appropriate oversight and reporting of the activity.

]]> Agencies MUST ensure that all data transferred to a system of a lesser classification or a less secure system, is approved by a trusted source.

]]> Trusted sources are designated personnel who have the delegated authority to assess and approve the transfer or release of data or documents.  Trusted sources may include security personnel within the agency such as the CISO and the ITSM.

]]> Trusted sources MUST be:

  • a strictly limited list derived from business requirements and the result of a security risk assessment;
  • where necessary an appropriate security clearance is held; and
  • approved by the Accreditation Authority.
]]> Scanning imported data for active or malicious content reduces the security risk of a system or network being infected, thus allowing the continued confidentiality, integrity and availability of the system or network.

]]> Format checks provide a method to prevent known malicious formats from entering the system or network.  Keeping and regularly auditing these logs allow for the system or network to be checked for any unusual activity or usage.

]]> Personnel reporting unexpected events through the agency’s incident management process provide an early opportunity to contain malware, limit damage and correct errors.

]]> Agencies importing data to a system MUST ensure that the data is scanned for malicious and active content.

]]> Agencies importing data to a system MUST implement the following controls:

  • scanning for malicious and active content;
  • data format checks;
  • identify unexpected attachments or embedded objects;
  • log each event; and
  • monitoring to detect overuse/unusual usage patterns.
]]> When highly formatted textual data with no free text fields is to be transferred between systems, the checking requirements are lessened because the format of the information is strongly defined.

]]> When agencies export formatted textual data with no free text fields and all fields have a predefined set of permitted formats and data values, agencies MUST implement the following controls:

  • protective marking checks;
  • data validation and format checks;
  • size limits;
  • keyword checks;
  • identify unexpected attachments or embedded objects;
  • log each event; and
  • monitoring to detect overuse/unusual usage patterns.
]]> Textual data that it is not highly formatted can be difficult to check in an automated manner.  Agencies will need to implement measures to ensure that classified information is not accidentally being transferred to another system not accredited for that classification or transferred into the public domain.

]]> When agencies export data, other than highly formatted textual data, agencies MUST implement the following controls:

  • protective marking checks;
  • data validation and format checks;
  • limitations on data types;
  • size limits;
  • keyword checks;
  • identify unexpected attachments or embedded objects;
  • log each event; and
  • monitoring to detect overuse/unusual usage patterns.
]]> In order to reduce the security risk of spilling data with an endorsement onto foreign systems, it is important that procedures are developed to detect NZEO marked data and to prevent it from crossing into foreign systems or being exposed to foreign nationals.

]]> Agencies MUST:

  • ensure that keyword searches are performed on all textual data;
  • ensure that any identified data is quarantined until reviewed and approved for release by a trusted source other than the originator; and
  • develop procedures to prevent NZEO information in both textual and non-textual formats from being exported.
]]>