How Archon Works.
Within the virtual containers, the virtual machine may run a guest operating system (e.g. Windows, Linux, Android) and several tested and validated thin client operating systems, including Forcepoint TTC. However, because critical security components remain under the control of the trusted RTOS, each of the applications are isolated from the guest operating system. Secure authentication and communication between each are allowed with a high degree of assurance.
Leveraging these secure containers and in compliance with CSfC guidelines, classified network access is delivered through its own security stack without any interference, or threat of data leak to the FOUO side-service. What this means for the customers is that a deployed system is able to function in an environment with, or without connectivity.
Additionally, Archon ZV implements security address space within the RTOS Separation Kernel to provide the orchestration and enforcement of all CSfC-consistent double encryption processes. The Separation Kernel Orchestrator is utilized to enforce all flows for both network security as well as data-at-rest, providing protection for stored information using NSA approved cryptography while the EUD is powered off, or in an unauthenticated state. As a result, a system may be lost or discarded without compromising applications or data.
Finally, key management is included to enable dual encryption of all data-at-rest as well as dual encryption of any wired/wireless communications. This follows the Key Management Algorithm (KMA) implementation of OTA rekeying for EUDs. This dual encryption adheres to the NSA requirements for the Key Management Annex within the CSfC program.