NCSC publishes new cross-domain architecture guidance
New guidance from NCSC outlines how organisations can build more secure cross-domain architectures for high-risk environments.
The UK’s National Cyber Security Centre has published new guidance on cross-domain architecture, outlining an updated framework for moving data safely between environments with differing security levels.
The guidance is intended to make cross-domain technology adoption simpler and more secure. In an accompanying blog post, the NCSC notes that such technologies have long been used in defence and intelligence settings, where organisations need to move data securely between systems operating at different security levels.
The NCSC links the revised guidance to a changing threat environment, including more capable and persistent attackers, greater exposure of critical national infrastructure, and risks associated with unknown vulnerabilities, supply chains, and AI-enabled discovery of weaknesses. It says the guidance should be used by organisations whose threat model assumes a targeted attack and where the consequences of compromise would be significant.
The new approach focuses on end-to-end architecture rather than fixed boundaries or specific technologies. It is intended to support business functions spanning systems with different levels of trust, including document import, video communications, and interactions with services hosted in other environments via APIs.
A central part of the guidance is a clear understanding of required data flows, system connections, and relevant threats. The NCSC describes cross-domain as a sequence of functions, often referred to as a pipeline, that builds confidence in data as it moves between trust zones.
The guidance largely replaces the organisation’s older security principles for new end-to-end architectures. However, those principles will remain part of its Principles-Based Assurance approach in the medium term. The blog also says the original import and export data design patterns are being deprecated and will, over time, be replaced by new cross-domain patterns.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!