The security controls in this section apply to new cable installations or upgrades. Organisations do not need to retrofit existing cable infrastructure to align with these security controls.
This section is applicable to all domestic facilities. For deployable platforms or facilities outside of Australia, consult the emanation security section of these guidelines.
Terminations to patch panels
Connecting a system to another system of a lower classification will result in a data spill, possibly resulting in inadvertent or deliberate access by non-cleared personnel, or the lower system not meeting the appropriate requirements to secure the information from unauthorised access or tampering.
Security Control: 0213; Revision: 2; Updated: Sep-18; Applicability: O, P, S, TS
Only approved cable groups terminate on a patch panel.
Patch cable and fly lead connectors
Ensuring that cables are equipped with connectors of a different configuration to all other cables prevents inadvertent connection of different systems.
Security Control: 1093; Revision: 2; Updated: Sep-18; Applicability: O, P, S
In areas containing cables for systems of different classifications, connectors for each system are different from those of other systems; unless the higher classified patch cables cannot bridge the distance between the higher classified patch panel and any patch panel of a lower classification.
Security Control: 0214; Revision: 3; Updated: Sep-18; Applicability: O, P, S, TS
In areas containing cables for TOP SECRET systems and systems of lower classifications, the connectors for TOP SECRET systems are different from those of other systems.
Security Control: 1094; Revision: 2; Updated: Oct-19; Applicability: O, P, S, TS
In areas containing cables for systems of different classifications, the selection of connector types is documented.
Physical separation of patch panels
Appropriate physical separation between a TOP SECRET system and a system of a lower classification reduces or eliminates the chances of cross-patching between systems and reduces or eliminates the possibility of unauthorised personnel gaining access to TOP SECRET systems.
Security Control: 0216; Revision: 2; Updated: Sep-18; Applicability: O, P, S, TS
TOP SECRET and non-TOP SECRET patch panels are physically separated by installing them in separate cabinets.
Security Control: 0217; Revision: 4; Updated: Sep-18; Applicability: O, P, S, TS
Where spatial constraints demand patch panels of lower classifications than TOP SECRET be located in the same cabinet as a TOP SECRET patch panel:
- a physical barrier in the cabinet is provided to separate patch panels
- only personnel holding a Positive Vetting security clearance have access to the cabinet
- approval from the TOP SECRET system’s authorising officer is obtained prior to installation.
Fly lead installation
Keeping the lengths of fibre-optic fly leads to a minimum prevents clutter around desks, prevents damage and reduces the chance of cross-patching and tampering. If lengths become excessive, fly leads should be treated as infrastructure and run in conduit or fixed infrastructure such as desk partitioning.
Security Control: 0218; Revision: 4; Updated: Dec-19; Applicability: TS
If fibre-optic fly leads exceeding five meters in length are used to connect wall outlet boxes to ICT equipment, they are run in a protective and easily inspected pathway and clearly labelled at the ICT equipment end with the wall outlet box’s identifier.