When is a Cross-Domain System Required?

A business decision to employ a CDS should evaluate the high cost of ownership involved with integration, procurement, and maintenance. Be aware that a high degree of customization is often required for each individual CDS deployment.

You would often deploy a CDS due to regulatory or policy requirements, or in situations where inappropriate access to data would cause significant impact to your organization. Because of these reasons, the CDS is an integral component of the architecture and may even be required to achieve an Authority to Operate (ATO) from your organization’s security and compliance program.

Once an ATO is achieved, it can be cumbersome to make changes to a CDS configuration (for example, altering the message rule set) without affecting the ATO’s approval. If these drawbacks outweigh the additional security provided by a CDS, you should consider another option, like a WAF.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

How Is a Cross-Domain System Different from Other Security Appliances?

Connecting Cloud-to-Cloud Infrastructure