Posted on Feb 11, 2016
Is it against any regulation to have a commercial network in the same environment as a NIPR and SIPR network?
11.5K
9
22
1
1
0
Posted >1 y ago
Responses: 12
Your SIPR should be self contained in a secured room. No other network is allowed in that room, including NIPR. There should be no wireless access in that room, as well. Having said that, my last unit provided a civilian commercial wirless network for general use. It was justified as an MWR resource. It should never be used for official business, unless the user is using a vpn to access DOD resources, and then only if no available NIPR workstation is available. I do not believe that such a setup is covered in any regulation, and is, instead, a local command level decision.
(3)
(0)
Capt Bob Abbott
There are regulations on how they're set up. I speak from having worked in a server room recently in SWA.
(0)
(0)
SGT Edward Wilcox
Please, sir, list the relevant regulations. As a 25B in a brigade S6, I held admin credentials on the NIPER and SIPR networks. When the brigade staff wanted a wireless network installed, I could find nothing in any published regulation that dealt with what they wanted.
(0)
(0)
SCPO Joshua I
SIPR and NIPR can be in the same room with no problem, it's set up that way essentially everywhere. I've had JWICS/SIPR/NIPR all on my desk before. There are wireless networks now that are legal for NIPR traffic, that may also be allowed, but I'm not up on those regulations as that came around after I moved out of that world a little bit.
(2)
(0)
I would guess it's a security problem, regular network access might open a security hole in secure military networks. Just a guess though.
(0)
(0)
For example what the US Navy classifies as NOFORN (not releaseable to foreign nationals) the Army may classsify as Secret . . . Further examples within each branch at differnt levels also apply.
What an air unit in the Navy would classify is different than what a submarine command would . . .
What an air unit in the Navy would classify is different than what a submarine command would . . .
(0)
(0)
No uniform regulation covers this. It is bound from departmental governance of information: NOFORN, Confidential, secret, top-secret.... I think (Opinion / not fact)
(0)
(0)
Have you asked the BAMO? There should be a BAMO or NetOps Warrant that has your answer.
(0)
(0)
Likely no, however SDN/traditional firewalls , and proper fedramp and fisma compliance on some nodes and comercial nodes is a pain. A Few cloud hosting providers do so.
However muti-layer dmz also a factor.
YouTube has a Dod and federal government compliance company out of Fort Wayne In. One internal network supports stock business website hosting.
The others various Federal government cloud hosted products.
Verizon has been Nashin at the bit for a FISMA certified. (250 +/- or less ppl have it in USA curently .. I've been training for CISSP.. I and after the 5th offer looked up diacap/fisma)
Not saying it's a means, however it's a long presentation. However some networks in dod are traditionally isolated.
However with SDN (software defined networks ) the ability to secure cloud computing of networking applications and services, with per user VPN could help the warfighter. Training and or other items can be VPN and virtually available to military units globally. Base is hit with a tornado, then training or operations is affected. I'd the item is cloud , then multiple secure instances can be run globaly. Congress is worried over cryptography... however perfect forward secrecy is becoming increasingly posible.
So telling VPN or who were or transparent traffic that doesn't leek it's destinations, what's encypted, ie disguised as plain traffic.
While some networks won't ever be online
It may become posible to have military grade private clouds.
However muti-layer dmz also a factor.
YouTube has a Dod and federal government compliance company out of Fort Wayne In. One internal network supports stock business website hosting.
The others various Federal government cloud hosted products.
Verizon has been Nashin at the bit for a FISMA certified. (250 +/- or less ppl have it in USA curently .. I've been training for CISSP.. I and after the 5th offer looked up diacap/fisma)
Not saying it's a means, however it's a long presentation. However some networks in dod are traditionally isolated.
However with SDN (software defined networks ) the ability to secure cloud computing of networking applications and services, with per user VPN could help the warfighter. Training and or other items can be VPN and virtually available to military units globally. Base is hit with a tornado, then training or operations is affected. I'd the item is cloud , then multiple secure instances can be run globaly. Congress is worried over cryptography... however perfect forward secrecy is becoming increasingly posible.
So telling VPN or who were or transparent traffic that doesn't leek it's destinations, what's encypted, ie disguised as plain traffic.
While some networks won't ever be online
It may become posible to have military grade private clouds.
(0)
(0)
PFC Michael Robert Lawrence
While it won't ever do for SIPR regs.
Some of the government fedramp private cloud products might allow to kill some boxes. Less work, multi factor authentication cac cards etc out of the box. For training materials etc.
As well if units deploys, on downtime units can advanced thier training..
It may be worth considering... for some things.
Of late my security clearances have long since expired, it's also been sometime since doing any "special" contracting.
Not as aware of regs, of late.
However if the mainstream US government is turning to secure private cloud...
Some of the government fedramp private cloud products might allow to kill some boxes. Less work, multi factor authentication cac cards etc out of the box. For training materials etc.
As well if units deploys, on downtime units can advanced thier training..
It may be worth considering... for some things.
Of late my security clearances have long since expired, it's also been sometime since doing any "special" contracting.
Not as aware of regs, of late.
However if the mainstream US government is turning to secure private cloud...
(0)
(0)
I'm not sure. However, it's usually in a policy letter from a J6/G6, in my experience It's definitely looked down upon, especially if there's Wireless involved.
(0)
(0)
NIPR/SIPR are commercial networks with encryption/decryption devices at the terminal. with that said, you are required to have so many feet separating them
(0)
(0)
MAJ (Join to see)
I know the Air Force requires a "stand off distance" but do you know if that is only Air Force or is it DoD wide?
(0)
(0)
MSgt John Taylor
MAJ (Join to see) - I always assumed it would be the same across the board. Your network or security guy should be able to answer that. Another source would be to talk to your intel folks.
(0)
(0)
(1)
(0)
I don't think anyone should really answer this one brother, this might be treading too close on the line of what's classified what's not. I know I wouldn't post any answers on rally point of what goes on inside a SCIF
(0)
(0)
MAJ (Join to see)
Not a SCIF. And it's not about any of the actual data being processed on any of the circuits. Set up procedure is not classified to my knowledge.
(0)
(0)
Capt Bob Abbott
MAJ (Join to see) - Since I see that you're serving member then I can presume this question has to do with a ongoing set up that is live right now. There are other avenues that you can take your concerns through outside of your chain of command. A cursory glance at the IC ombudsman can give you several resources
(0)
(0)
Read This Next