SABI, TSABI, and WASABI

[](http://en.wikipedia.org/wiki/Wasabi)
WASABI is ugly and spicy

I am going to talk about something that most people are very reluctant to discuss, cross-domain solutions. It is the black magic of having a single display or ethernet jack hooked into multiple classified networks. There is press material from Boeing/eXMeritus that states: “Who would want to hook a Top Secret Network to the Internet? We aren’t allowed to say.” Education is the key to understanding what is cross-domain and why is it important. The community is small and the education material non-existent. I hope to share what I can for all those who will hear certain terms in meetings and rush back to Google. It is important that you don’t overplay your hand in what amounts to very important work and technology.

Having worked in the world of cross-domain, there is some amazing technology that safely and securely allows for data transfers. A rigorous process certifies products to process this information and sanitize data by a governing body. The different levels have acronyms:

  • SABI – Secret and Below Interoperability
  • TSABI – Top Secret SCI and Below Interoperability
    • I can’t tell you how many times I have heard very smart people call this Top Secret and Below rather than TS SCI and Below. Don’t be that guy
  • WASABI – The hot green stuff on your sushi plate that I avoid at all costs. I included it here because anytime I am in a briefing about SABI/TSABI I get hungry for raw fish

Each level is an additional layer of rigor to allow you to make these connections. Depending on the network you deal with a different governing body. In later posts I will talk more about those bodies, but for now lets focus on the “tickets”

In the CDS lingo a box may be the best thing since sliced bread, but without a pre-approved “ticket” no one will touch it with a 10 foot pole. Nobody wants to be the first team to go through the process. It is the same process as the second time, but CDS solutions are all about sphere of trust and warm fuzzy feelings. If Joe in the Springs has put a system through then I feel better as a certifier since he isn’t a big screwup. The key to remember about SABI/TSABI is that its really just DIACAP with some extra steps from other players. SABI is about 10 more check boxes and TSABI an additional 5-10 depending on the networks. It will always be the longest part of your process, so plan on at least 3-6 months for a SABI/TSABI with up to a year for a new solution not currently blessed with a ticket.

As cross-domain takes on a bigger role in our networks it is important to speak the lingo. Many folks think that these types of terms and solutions only apply to Federal networks, but the truth of the matter is commercial networks are beginning to share the same concerns. SOX/PCI is arguably more a pain in the arse than DCID/ICD. This post has covered what CDS does and what levels of rigor exist. In later posts I will cover the governing bodies and different vendors.

Updated: