Skip to main content

Cross-Domain

Considerations to be taken into account when specifying data flows.

A Cross-Domain solution is an integrated information assurance system composed of specialized hardware and software, which provides a controlled interface to allow and/or restrict the transfer of information between two security domains based on a predetermined security policy. These solutions are designed to enforce domain separation and usually include some form of content filtering to authorize the transfer of information between security domains.

Defined flows and
specified

ALL flows must be defined and specified, including control flows, etc. It is common that when an interconnection is planned, flows appear that were not taken into account.

Limit flows
to a minimum

Each flow has a cost (analysis, design, implementation, functional and security validation and verification) and consumes resources in execution (process, bandwidth, latency, etc.) and involves potential risks.

Flows
unidirectional

Unidirectional flows through the interconnection should be preferred as far as possible; they are easier to analyze and manage securely.

Downstream’ flows
delicate

In typical scenarios where the confidentiality of the high-security domain has to be protected, downstream flows are more risky and usually require special security measures.

A family of application level, high-assurance guards which allow controlled data transfer in both directions independently (bidirectional scenarios), guaranteeing the impossibility of any type of traffic between the two networks, other than that transferred by the system itself.

Learn More

Hardware data diode that allows the transfer of information only in one direction with physical guarantee of one-way transmission.

Based on the PSTdiode ATKDDL® one-way communication device developed by Autek and certified Common Criteria EAL 4+ (AVA_VAN.5, ALC_FLR.3).

Learn More

Certifications and approvals

CC to EAL4+

Included in the NIAPC

Frequently Asked Questions

Our Cross-Domain products and solutions.

Contact

What are PSTgateways secure gateways?

PSTgateways are hardware-based application level gateways (High Assurance Guards). They provide data flow filtering and physical separation of networks with complete breakage of the TCP/IP protocol stack.

How do PSTgateways work?

They are based on two appliances and each of the appliances acts as the communication endpoint in a domain. Its operation is transparent to the nodes with which it communicates. The existence of the other domain is hidden from the participants in the communication.

The gateway exchanges high-level elements (files, messages, etc.) that are extracted from the application level and transferred to the other domain after applying filtering mechanisms, content control and/or ‘strong’ authorization of each element to be transferred.

Administration and monitoring is always performed from the HIGH domain and preferably through a dedicated administration network.

What is a PSTdiode data diode?

PSTdiode diodes are hardware diodes based on two appliances, with the corresponding part of the unidirectional communication hardware in each of them, one the transmitter and the other the receiver.
The system is integrated with the existing infrastructure: there is no need to install proxies or additional dedicated servers.

How do PSTdiode diodes work?

The diode automatically transfers high-level elements (UDP files or payloads) that are extracted from the application layer and transferred to the other security domain.

Administration and monitoring is always performed from the target domain and preferably via a dedicated management network.

Join the Autek team

A team that works with the objective of growing together doing what we like and facing the challenge of improving at every step.

Join us

Secure Information Exchange Experts

® 2025 Autek

Cookie Policy

Privacy Policy

Legal Notice