Cross domain approach and architecture

How to safely enable data flows between areas of different trust within and between modern digital systems.

This guidance describes the NCSC’s approach to using cross domain technology and architectures. It helps developers, integrators and risk owners to understand what cross domain is, and how it can be implemented as part of an organisation’s wider cyber security risk management activities.

Cross domain is not just a single appliance which sits between two networks with the intention of eliminating risk – often referred to as a ‘cross domain solution’ or CDS. Rather, it is an approach to understanding and mitigating risks within your data flows to enable your business objectives.

This guidance will explain how to implement the NCSC’s architectural approach to cross domain. It will cover:

• the core concepts you need to understand to design cross domain data flows
• cross domain controls that can be used to enable data flows safely
• how to develop an end-to-end cross domain architecture
• how to choose appropriate technology in line with your organisation’s threat model and risk appetite

Note

Cross domain has primarily been used in defence and intelligence environments. However, this guidance will help any organisation where the threat model assumes systems will be under targeted attack, and the harm to the organisation from security compromised would be great. Attackers in this case will have the capability to either develop or obtain attacks that can target zero-day vulnerabilities in deployed systems, and be able to chain attacks together to achieve their outcomes.

To read the full guidance follow the link below