Sphyrna NGXS UGW-100 Unidirectional Gateway

The Sphyrna NGXS UGW-100 Unidirectional Gateway is a hardware appliance designed to enforce one-way data transfer between security domains. The device uses optical-electrical-optical signal conversion to physically guarantee unidirectional data flow, preventing any reverse path for data transmission. The gateway is a 1U rack-mounted appliance with a 10Gbps interface capable of high-speed data transfer. It has achieved Common Criteria EAL 4+ certification and NSA approval, complying with NCDSMO's Raise the Bar (RTB) guidance. The system implements defense in depth through multiple security layers including a hardened operating system with reduced attack surface, Security Enhanced Linux (SELinux) with mandatory access control using the NSA Reference Policy, and secure boot validation. It employs software diversity by using multiple compilers and XML validation engines to prevent single-point vulnerabilities. The device supports TCP and UDP streaming, file transfers, and XML transfers with schema validation out of the box. It includes dual RAIDed hard drives for continued operation during hardware failures. Administration is role-based with a two-person approval system (TKPC) requiring two administrators with distinct roles for major configuration changes. The administrative interface blocks direct shell access and supports multiple languages. The solution addresses cross-domain security requirements for federal government departments, agencies, and Five Eyes partners requiring secure data transfer between different security classification levels.