Cross Domain Solutions

NEWS Update

introducing our new nGXS HIGH-SPEED Gateways

Next Gen X-Domain Solutions

Most cross domain solutions, developed by the U.S. industry in collaboration with U.S. security, military, or intelligence agencies, are ITAR controlled, posing challenges for non-U.S. governments in terms of access, cost, and support. Our Next Generation X-domain Solution (NGXS) addresses these issues by being fully compliant with U.S. security agency guidance, offering an affordable, scalable, and extensible cross domain solution that supports multiple domains, fixed format flows, complex dataflows, and streaming data. NGXS enables federal government departments, agencies, and Five Eyes partners to easily and cost-effectively acquire and implement cross domain solutions.


Data diodes are one-way information transfer devices that control information flow in one direction while preventing information flow in the reverse direction.

We offer two different versions of the NGXS Data Diode: 

An evaluated version, used in the NGXS Unidirectional Gateway, which employs optical connectivity and signal conversion, including custom circuitry to guarantee that no reverse path is available for data transmission.

The second version, which can be purchased separately, is a passive solution that employs optical connectivity and an optical isolator to ensure unidirectionality.

NGXS UGW-100: unidirectional GATEWAY

EAL 4+ and NSA Approved

Defence in depth and diversity of defence are security best practices intended to mitigate potential damage when an individual safeguard is compromised. Defence in depth espouses the use of successive layers of safeguards, while
diversity in defence encourages the use of different safeguard implementations in order to prevent cascading failures.

The NGXS Gateway fully implements both best practices. It is a self-contained, tamper resistant, 1U rack-mounted appliance, equipped with 10Gbps interfaces and capable of reliably transferring data at high speeds.

The NGXS Gateway permits data transfer in only one direction with out-of-the-box support for TCP and UDP streaming, file transfers and XML transfers with schema validation.

Highest Standards

EAL 4+ Certified & NSA Approved

Our NGXS Unidirectional Gateway has achieved the prestigious Common Criteria EAL 4+ certification, marking it as one of the most secure solutions available in the cybersecurity market. This globally-recognized certification attests to our product’s capability to meet rigorous international standards for data protection and secure transfer, making it an ideal choice for environments requiring the highest level of security.

The EAL 4+ designation signifies that our gateway has undergone comprehensive testing by an accredited lab, and it confirms the product’s resilience against sophisticated cyber threats.

Our NGXS Unidirectional Gateway has also been NSA-approved as of 2024.

NGXS UGW-100 Features

Assured unidirectional transfer

Guarantees unidirectional transfer using optical-electrical-optical signal conversion and connectivity.

Hardened Operating System

By stripping away unnecessary services and functionalities, and enforcing mandatory access control, we significantly reduce the attack surface.

Mandatory Access Control (MAC)

Implements a linear assured pipeline using the Security Enhanced Linux (SELinux) National Security Agency (NSA) Reference Policy.

Supply Chain Protection

Complicates supply chain attacks by using hardware components from multiple vendors.

Secure Boot

Validates the operating system being loaded to ensure that no malware has tampered with the boot process.

Software Diversity

Leverages multiple compilers and XML validation engines in order to prevent a single vulnerability from compromising the device.

Enterprise Ready

A 10 Gigabits per second (Gbps) interface allows the NGXS UGW-100 Unidirectional Gateway to reliably perform high speed data transfer. In addition, each system comes equipped with dual RAIDed hard drives in order to provide continued operation in the event of hard drive failure.

Role-based administration is provided in multiple languages through a custom administrative interface. The interface mandates a two-person approval system (TKPC), ensuring that a minimum of two administrators with distinct roles are needed for major configuration modifications. It also blocks direct access to the operating system shell, which further minimizes potential vulnerabilities.

Head Office

1000 Innovation Drive 5th Floor
Kanata, ON
K2K 3E7


1-888-774-9762 (Head Office)

+44 7921 835031 (UK)

Sphyrna Security