Security Testing and Evaluation Labs
Security Evaluation Laboratory (SEL)
BAE Systems: MMHS Mail Guard
| Sponsor: | BAE Systems |
| Point of Contact: | John F.McMahon Phone: (703)563-8040 |
| Assurance Level: | EAL4 |
| Status: | Evaluated |
The Military Message Handling System (MMHS) enables users to electronically process and disseminate military message traffic, involving multiple levels of security classifications up to and including Secret, in a Secret System High environment. (Top Secret messages are also supported, but only after they have been encrypted offline prior to transfer via the MMHS). The system is based on ACP 123, which governs the origination and reception of military messages. The MMHS interfaces with the Defence Electronic Message System (DEMS) version 2 and external messaging systems (e.g., Automated Defence Data Network (ADDN) and Tactical Messaging Handling System (TMHS)) to form the DMHS.
MMHS end-user workstations (WS) are used to run the Entrust (S/MIME v3 with ESS) enabled UAs and are interconnected via subnets with other MMHS WS. These subnets are cryptographically isolated from DEMS Users and DEMS backbone nodes on local networks by NES encryption devices. The MMHS Mail and MLA/PUA Backbones are also cryptographically isolated from the local networks by NES devices. The MMHS Mail Backbones (MBB) features the DSA, MTA, MS, and DUA/ADUA servers while the MLA/PUA backbones (M/PBB) feature the MLA and PUA. The local networks are connected to the Defence Wide Area Network (DWAN) via a router. Some MMHS routers also connect the local networks and DWAN to the MFGW and TGW. The MFGW and TGW both consist of a Firewall (FW), used to enforce the security policy decisions related to the release of incoming and outgoing MMHS messages, and one or more Functional Converter (FC) that convert MMHS messages to/from the formats used by the external messaging networks.