Cross-Domain Information Exchange

Secure CDS for the public sector

Driven by open data and information sharing initiatives, public sector IT assets are increasingly shared across organizational boundaries. This cross-domain information exchange facilitates better interdepartmental collaboration, simplifies access to mission-critical data and empowers governments to make better decisions.

Typically, a governmental organization will employ a cross-domain solution (CDS) to enforce security policies between disparate information systems residing at different classification levels. A CDS will have been certified and accredited to protect the domain from attack and to secure sensitive information from being leaked across classification boundaries.

However, traditional CDS solutions are seldom fully equipped to deal with the technologies and standards associated with the most cutting-edge information sharing projects. These projects require security solutions specifically designed to work with APIs, service oriented architecture (SOA), enterprise services buses (ESBs), XML, cloud computing and—increasingly—mobile apps.

API gateways for secure information sharing

In the private sector, cross-boundary information sharing can sometimes be addressed with a traditional firewall. In the government however, where classification domains are prevalent, the situation is complicated by the need for high-assurance guards, processes and policies as well as the requirement for compliance with strict regulatory requirements.

Therefore, today’s public sector information sharing projects need to retain the high-assurance of a conventional CDS but offload tasks associated with API, SOA, cloud and mobile to dedicated appliances optimized for standards like REST, JSON, SOAP, XML, SAML and OAuth. These appliances must conform to the strict security certifications required by government use cases.

Battle-tested in the most demanding environments, CA API Gateway delivers an exceptional range of security functionality for today’s cross-domain programs. CA Mobile API Gateway adds advanced functionality for the most innovative projects. The pre-integrated OAuth Toolkit simplifies the process of applying strong but user-friendly access management features.

Government-grade API and SOA gateways

CA API Gateway provides industry-standard security technology for integrations that span organizational boundaries. The CAs gateway technology has achieved high levels of security certification, including FIPS 140-2. In July 2014, CA API Gateway had its Common Criteria certification renewed, making it the only technology of its kind to achieve this “military-grade” security certification.

The CA family of API gateways delivers data security measures that include:

  • Validation of HTTP parameters, REST query/POST parameters, JSON data structures etc.
  • Prevention of cross-site scripting (XSS), SQL injection and denial-of-service (DoS) attacks
  • Identification of suspicious activity to monitor patterns and potential threats
  • Proxying of mobile streaming protocols such as WebSocket and XMPP
  • PKI and certificate management
  • HMAC, RSA, SHA and fast elliptic curve cryptography
  • SAML-based security tokens
  • OAuth and OpenID Connect authentication framework
  • Secure identity federation and single sign-on (SSO)

Read the Data Sheet: CA API Gateway

Learn more about this solution

CA API Management Solutions for Government >

Data Sheet

CA Mobile API Gateway

Securely open enterprise and cloud applications to mobile devices.

CA Mobile API Gateway

Data Sheet

CA API Gateway OAuth Toolkit

Simplify authentication and authorization for Web and mobile APIs.

CA API Gateway OAuth Toolkit

White Paper

Protecting Your APIs Against Attack and Hijack

Secure enterprise APIs for mobile, cloud and open Web.

Protecting Your APIs Against Attack and Hijack