Learn About Cross Domain Solutions

Cross domain solutions (CDSs) are secure data transfer devices designed to assure the integrity and data confidentiality of sensitive networks. They are used to secure connections between domains of differing security levels or classification, using sophisticated content inspection and filtering mechanisms that go far beyond those of standard network security tools, such as firewalls.

New to Cross Domain Solutions? Start Here!

Step 1

Definitive Guide to Cross Domain

READ

Step 2

Difference between CDS & Firewalls

READ

Step 3

Cross Domain Solution Products (IXD)

READ

What is a “Cross Domain Solution” (CDS)?

The U.S. National Institute of Standards and Technology (NIST) defines cross domain solutions as:

“A form of controlled interface (a boundary with a set of mechanisms that enforces the security policies and controls the flow of information between interconnected information systems) that provides the ability to manually and/or automatically access and/or transfer information between different security domains.”

Do I Need a CDS?

Are you transferring data between domains that do not trust each other (two - or more - parties)?

Cross domain transfer of information helps make otherwise siloed data persistently available regardless of security level or geographic location. However, data transfers between networks of differing security levels requires complex control mechanisms. This is why CDSs were created.

Do you require content filtering?

Content filtering is one of the key differentiators of cross domain solutions from other network security solutions. It enables the removal, redaction, destruction, logging, and/or quarantine of unauthorized or malicious data from the data flow. There are both standard data filters that have been developed by government agencies and standards bodies, and custom filters which can be designed for fit-for-purpose applications.

Who uses a CDS?

Today, certified CDSs are in use across the U.S. Government, Intelligence Community (IC), and DOD to transfer data both high-to-low and low-to-high. There are also derivative CDS technologies in use in critical infrastructure, commercial, and international defense and intelligence applications, providing secure data transfers between vital networks.

How are CDSs Different?

Learn More

What distinguishes CDSs from other network security devices, such as firewalls and data diodes, is the combination of security technologies, including bidirectional network- and application-layer traffic and data filtering, trusted operating systems, logging and auditing, and typically a hardware-enforced domain separation (with a data diode), to provide layers of assurance rather than a single checkpoint on network access.

Context-appropriate Security enforcing Mechanisms

Leverage industry-leading expertise to enable unmatched security in your sensitive networks. Discover more about our Custom Data Filtering Services

Policy enforcement
Known-good / whitelisting
Content filtering & quarantine
Data transformation & normalization
DLP
Data provenance
Protocol break
Flow control

View Now

Security Architecture and Design

Comprehensive security assessment of system architecture and configuration for all aspects of operating systems and platform security. Discover more about our Security Architecture Assessments

Defense in depth
Secure by design
Redundant
Always-Invoked
Non-bypassable

View Now

System Assurance and Secure Operation

Custom security assessments of integrated systems and applications to inform actionable decisions. Learn more about the Owl System Evaluation, Exploitation, and Research (SEER) Laboratory.

Independent assessments and LBSA
Trusted platforms (OS) & components
Secure administration
Self-protection
Secure failure
Opaque operation
Regular maintenance, training & support

View Now

Defense in Depth

As a cybersecurity best practice for all systems, it’s vital to implement multiple layers of diverse defenses to prevent compromise from a single point of failure. This includes everything from the OS and hardware to the applications and data filters.

“RAIN”

Redundancy

Redundancy, especially within an air-gapped data transfer system, prevents a single side failure from impacting the security controls on the other side of the device.

Always-Invoking

By always-invoking security, there is no chance that a threat could sneak through under the guise of a trusted file or data stream.

Independent

Each function within the transfer and filtering must be created and implemented independently, reducing or eliminating a single point of failure by compromising a single component or programming code.

Non-Bypassable

CDS security measures must be non-bypassable, including within the data stream, the device hardware, and the physical environment, or a threat could find and exploit “backdoors” and other circumvention methods.

What are Cross Domain Solutions used for?

Cross domain solutions transfer data between a secure/trusted network (including classified networks) and other domains of differing security level or policy. They can transfer any data type, from unstructured files to structured data, to streaming media. CDSs were developed specifically for use in critical and national security networks where reactive security measures, such as firewalls, SIEM, and IDS, are not sufficient to proactively ensure the security of a trusted domain.

Structured Content Filtering

Uniform content or “fixed format” messages, including text or schema-based XML, is filtered using a process known as linear pipeline. This straightforward approach applies a series of filters and checks in order, each separated into isolated, independent tasks, with handoffs from one to the next.

XD Bridge ST

XD Guardian XML

V2CDS

Unstructured Content Filtering

Complex content or unstructured data, e.g., MS Office, PDF, or imagery, is broken down into more basic elements and filtered using a process known as recursive decomposition. This divide and conquer approach involves decomposing data so that it can be inspected using standard content filters. In some cases, custom filters may still be required for specific data formats.

Streaming Content Filtering

Streaming content including FMV and UDP-based video, sensor data, and other real-time data types with or without metadata. Provides data inspection and sanitization using validated data schemas to ensure data is “clean” prior to transfer.

Products:

V2CDS

XD Vision

Assured Transfer for Mission Critical Data

Owl cross domain solutions (CDSs) enable the secure transfer of authorized, filtered and verified data between security domains.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.