Tessera

Standards-Compliant Data Security Solutions

Data-centric file protection and controlled cross-domain exchange for classified and sensitive environments — built to ACP-240, STANAG 4774, STANAG 4778, and ADatP-5636.

Tessera for Windows Tessera for Cross Domain

What We Do

Tessera implements NATO's and CCEB's data-centric security model — where the protection is embedded in the data itself and travels with it regardless of where it goes.

Data-Centric Maturity Level 3

Encryption and ABAC policy are embedded directly in the .ztdf archive. Every decryption request is evaluated in real time by the Key Access Service against the requester's clearance attributes — classification level, categories, and COI membership. No key is released unless every policy condition is satisfied, regardless of where the file is stored or transferred.

Controlled Cross-Domain Exchange

Information crossing between security domains is evaluated against both domain security policies simultaneously. Every flow passes through a Guard — the only permitted path — with fail-closed enforcement and a full audit trail.

NATO and CCEB Standards Compliance

All components are designed against ACP-240, STANAG 4774, STANAG 4778, ADatP-5636, and XMLSPIF. Security labels are digitally signed per ADatP-4778. Interoperability with CWIX is tested using published test vectors.

Our Products

Two complementary solutions addressing different aspects of the classified information lifecycle — protection at rest and controlled exchange in transit.

Tessera for Windows

A standards-compliant Data-Centric Security solution for the Windows desktop. Files can be cryptographically bound with a STANAG 4774 Confidentiality Label and encrypted into .ztdf archives with classification and access policy embedded — enforced at the moment of decryption by a Key Access Service.

Microsoft Office add-ins (Word, Excel, PowerPoint, Outlook)
Windows Explorer context-menu integration
Kernel driver — transparent in-memory decryption, zero plaintext on disk
STANAG 4774 / 4778 / ADatP-5636 label binding with XML-DSIG
AES-256-GCM encryption with RSA-OAEP-SHA256 key wrap
ABAC policy enforcement at the Key Access Service
XMLSPIF v2.1 and v3.0 policy support

Learn more →

Tessera for Cross Domain

A STANAG-compliant Cross-Domain Solution (CDS) — a bi-directional security gateway mediating controlled information exchange between classification domains. Every information flow is evaluated against both domain security policies; no content passes without Guard approval.

Dual-SPIF enforcement — both domain policies evaluated on every flow
Guard-only cross-domain path — no direct network connection between domains
Fail-closed — any error results in denial, never pass-through
STANAG 4778 Binding-Data validation and generation
Malware scanning and Content Disarm & Reconstruct (CDR)
Full audit trail for every decision (ALLOW and DENY)

Learn more →

Data-Centric Security — The Model

Traditional perimeter security protects a network boundary. Once data leaves that perimeter — shared with a partner, archived, or transferred to another domain — the protection is gone.

The NATO data-centric model inverts this: the protection travels with the data. A .ztdf archive is an encrypted package whose access policy is embedded and cryptographically bound to the encrypted payload. No key is ever released without a real-time policy check against the requester's attributes.

Security labels (STANAG 4774) declare the sensitivity of the information. Binding assertions (STANAG 4778) tie those labels to the content with a digital signature that cannot be stripped or replaced without detection.

Read: How security labels work

File

encrypt →

.ztdf archive

AES-256-GCM Encrypted payload

STANAG 4774 Confidentiality Label

STANAG 4778 Binding Data Object

ACP-240 ABAC policy

Decrypt request

→

Key Access Service

Verify label binding

Evaluate ABAC policy

Check user clearance

ALLOW → release DEK DENY → no key, ever