E5.1.1. For purposes of accreditation, a network shall be treated as either an interconnection of accredited AISs (which may be networks) or as a unified network. These two cases are discussed below:

E5.1.1.1. Case I . Interconnections of Accredited AISs

E5.1.1.1.1. If a network consists of previously accredited AISs, an MOA is required between the DAA of each DoD Component AIS and the DAA responsible for the network (as provided in section D. of this Directive). The network DAA must ensure that interface restrictions and limitations are observed for connections between DoD Component AISs. The NCSC-TG-005 (reference (v)) provides interface restriction and limitation that may be applicable. In particular, connections between accredited AISs must be consistent with the mode of operation of each AIS, the specific sensitivity level or range of sensitivity levels for which each AIS is accredited, any additional interface constraints associated with the particular interface device used for the connection, and any other restrictions required by the MOA.

E5.1.1.1.2. Each AIS shall be assigned an accreditation range, consisting of the set of security levels that may be associated with data it sends over the network connection. If the accreditation range is more than a single level, the AIS reliably must segregate data by level within its accreditation range, and label it accurately for transmission over multilevel interfaces.

E5.1.1.1.3. DAAs of DoD Component AISs should be aware that connection to a network may involve additional risks because of the potential exposure of data in their own AIS to the larger community of all users of AISs in the network. In connections to adjacent AISs, the operational modes and security mechanisms of those AISs should be taken into consideration, beyond the simple fact of their accreditation.

E5.1.1.1.4. Untrusted, unaccredited AISs, either individual computer systems or subnetworks, also may be components of a network. Connections between them and other component AISs are permissible under the same conditions in paragraph E5.1.1.1.1., above. Only unclassified information, which does not include sensitive unclassified information, may be sent to and from the untrusted, unaccredited AISs.

E5.1.1.1.5. Special AISs or support, such as packet switching nodes and terminal access interfaces, also must have received individual accreditation if they carry classified or sensitive unclassified information. The network DAA serves as the DAA for all such AISs.

E5.1.1.2. Case II . Unified Networks

E5.1.1.2.1. Some networks may be accredited as a whole without prior accreditation of each of their component AISs. It is necessary to treat a network as unified when some of its component AISs are so specialized or dependent on other components of the network for security support that individual accreditation of such components is not possible or meaningful with respect to secure network operation. In order to be accredited, a unified network shall possess a coherent network security architecture and design, and it should be developed with an attention to security requirements, mechanisms, and assurances commensurate with the range of sensitivity of information for which it is to be accredited.

E5.1.1.2.2. The recommended approach for accrediting a unified network is to apply enclosure 4 to the entire network to derive an evaluation class. Requirements to meet that evaluation class then are obtained from an applicable interpretation of DoD 5200.28-STD (reference (k)), such as NCSC-TG-005 (reference (v)).