Cross-domain working is a key challenge area for the National Cyber Security Centre (NCSC)
XD-CORE™
Cross Domain Hybrid
Application (CDHA) Platform
Acubed IT's implementation of the CDHA Framework - delivering a production-ready, modular platform for building and operating cross-domain hybrid applications
The problem
Cross-domain working is a key challenge area for the National Cyber Security Centre (NCSC)
As national security threats evolve, data silos and fragmented security domains create operational inefficiencies and elevate security and compliance risks. These challenges are further compounded by two critical issues:
•Data Aggregation Risks:
Unprotected sensitive data at the OFFICIAL classification is a prime target for Hostile State Actors.
•Restricted Visibility & Access:
Isolated SECRET systems, limit operational agility and cross-domain collaboration.
To mitigate these risks, appropriate security measures must be implemented, enabling secure interoperability.
The Solution: XD-CORE™
XD-CORE™ is Acubed IT’s modular platform for building and operating Cross Domain Hybrid Applications (CDHA)
With increasing regulatory pressure from NIS2, CAF, and the Cyber Resilience Bill, organisations must adopt solutions that go beyond basic data transfer – they need operational efficiency, cryptographic security and seamless cross-domain application functionality.
Designed to address these challenges, XD-CORE™ is a secure platform built on the CDHA Framework, developed in collaboration with a UK Cyber Authority. It protects data across all classification levels, mitigates data aggregation risks at OFFICIAL, and enables authorised, application-mediated access to data stored at higher classifications (e.g., SECRET) from OFFICIAL-side user devices.
XD-CORE™ delivers application-level cross-domain capability, not just data exchange.
What is the CDHA Framework?
Acubed IT has developed the Cross Domain Hybrid Application (CDHA) Framework - a unique solution designed to address the challenges of cross-domain application development.
Built on a zero-trust model and leveraging next-generation high-assurance gateway technology, the CDHA Framework offers a comprehensive suite of design patterns, a reference architecture, code libraries, and implementation guidelines.
Built to facilitate Secure by Design principles, the CDHA Framework also helps ensure customer applications align with Secure by Default standards, while incorporating an advanced cryptographic key management system to address the complex security requirements of cross-domain applications.
XD-CORE™
The modular, policy-driven platform built on the CDHA Framework
Secure by Design
Built with multi-layered security controls to protect data at every stage — in transit, at rest, and in use
Policy-Driven Control
Fine-grained enforcement of access, transfer, and processing rules across domains
Modular & Scalable
Adopt only the capabilities you need, while maintaining a unified architecture
Gateway Agnostic
Integrates with existing High Assurance Gateways and cross-domain solutions
Future-Ready Security
Incorporates Post-Quantum Cryptography (PQC) to protect against emerging threats
Independently Assessed Resilience
Assessed against NCSC Cyber Resilience Testing (CRT) Assurance Principles and Claims, aligned with the Software Security Code of Practise
How it Works
XD-CORE™ enables a hybrid operating model:
-
Data is collected and processed at OFFICIAL
-
Sensitive aggregation and storage is secured at higher classifications (e.g., SECRET)
-
Users access applications seamlessly across domains with strict policy enforcement
This approach:
-
Reduces data exposure risk
-
Enables secure collaboration
-
Maintains operational efficiency
This reflects a shift from "move data between systems" to "run applications securely across domains."
Prepare your Applications for the Quantum Era
With quantum computing set to disrupte traditional encryption,
XD-CORE™ integrates:
-
Quantum-resistant cryptographic algorithms
-
Advanced encryption techniques (e.g., ABE)
-
Long-term data protection strategies
Ensuring your systems remain secure today and in the future.
When do you use XD-CORE™ CDHA Platform?
Users enter information into a form within the OFFICIAL or Low Trust domains, and the data is securely transferred to the High Trust area, leaving little to no trace behind.
If your application portal operates on a Low Trust domain and gathers data at the OFFICIAL level, that data must remain encrypted and protected at all times.
If your Low Trust application portal collects information at the OFFICIAL level and a segment of this data requires processing on a more secure network, then it's imperative to have the right protocols.
While data may reside in the higher security tier, specific portions of records or data should be securely made available to the OFFICIAL level to enhance application accessibility.
How XD-CORE™ differs from Traditional Cross Domain Solutions (CDS)
Data Protection at the OFFICIAL Domain - Traditional CDS primarily protects the SECRET domain but does not protect data at the OFFICIAL domain. XD-CORE™ encrypts data from the moment of creation, ensuring protection before it moves to higher domains.
Operational Efficiency - With traditional CDS, users are often required to manually transfer between domains for processing or analysis. XD-CORE™ enables secure data processing at lower classifications while keeping aggregation at higher domains – reducing duplication, manual handling, and inefficiencies.
Reduce Reliance on SECRET Devices - XD-CORE™ enables secure use of OFFICIAL-classified data from standard OFFICIAL devices, even when sensitive aggregation and storage is secured at higher classifications. This reduces the need for SECRET-classified end-user devices (EUDs) to work with data that is classified as OFFICIAL.
Future-Proof Cryptography - XD-CORE™ integrates Post-Quantum ready cryptographic capabilities, including support for Post Quantum Cryptography (PQC) and advanced approaches such as Attribute-Based Encryption (ABE), ensuring resilience against both current and emerging security threats.
XD-CORE CDHA Platform Benefits
Unique Cross Domain Cryptographic Key Management
Our solution is unique and has no direct competitors
Reduces Risk of Data Breaches
Protects sensitive date even before it reaches higher classifications
Data Storage at Secret
Aggregated data stored in a secure domain
Seamless User Key Management
Our solution enables a seamless experience of key management for end users
Minimising Dependency on Secret EUD
Significantly reduces the need for Tier 2 End User Devices and Infrastructure
Improves Operational Efficiency
Eliminates security bottlenecks by enabling secure data interoperability
Secure Cross-Domain Operations for Critical National Infrastructure
XD-CORE™ protects critical national infrastructure by enabling secure interactions at higher classifications, while isolating operational data from IT environments
Protect operational data across IT/OT boundaries
Enable secure interaction between enterprise and operational networks
Reduce risk from aggregated operational data at lower classifications
Support compliance with NIS2 and UK Cyber Security & Reliance requirements
Next-Generation National Security Applications
Using XD-CORE™ Cross Domain Hybrid Application (CDHA) Platform
Acubed IT is working with an HMG SECRET Platform team to deliver Next-Generation National Security Applications, enabling secure interoperability across OFFICIAL and SECRET networks.
HMG's SECRET Hosting
A Flexible, Tier 2 (SECRET) Hosting Service
HMG's SECRET Hosting is a Tier 2 Community Cloud designed specifically for the UK Government and its trusted partners, providing a highly secure and resilient infrastructure. Hosted across two data centres, HMG's SECRET Hosting leverages Broadcom V-Cloud Foundations technology to deliver a fully virtualised infrastructure and networking within an ‘air-gapped’ environment. With an in-house project delivery and engineering team, as well as dedicated service management and help desk functions, HMG's SECRET Hosting ensures seamless support and operational excellence. Security is reinforced through an in-house Tier 2 Security Operations Centre (SOC), offering continuous monitoring and protection:
Example Topology using XD-CORE™ CDHA Platform and HMG's SECRET Hosting
The CDHA and HMG's SECRET Hosting application will have the best of both worlds. Data will continue to be collected at OFFICIAL while enabling SECRET users to access the application from their networks. This approach allows many departments to mitigate the risks associated with data collection at OFFICIAL while also leveraging the investment made in the Rosa ecosystem.
