The Trusted Data format was born in the federal government: Virtru’s co-founder and CTO, Will Ackerly, invented the open standard while working at the National Security Agency (NSA). When Will and his brother, John Ackerly, co-founded Virtru in 2012, their mission was to bring the military-grade data security of the Trusted Data Format (TDF) to the world.
Since then, the TDF has taken on a life of its own, with versatile implementations across every industry, from small healthcare practices to the world’s largest banks, from public school systems to the federal government. The TDF specification is hosted by the Office of the Director of National Intelligence (ODNI).
A hallmark of TDF is its versatility: It adapts to a wide variety of scenarios that require secure data sharing and access control. Here are some of the most common variations and use cases of the Trusted Data Format.
Base TDF: Data Protection for Everyday Workflows
Base TDF is the basis of the TDF standard and the most common usage of TDF in commercial organizations. This is the standard hosted by ODNI. It’s also the standard that underpins most of Virtru’s products, including Virtru for Gmail, Virtru for Outlook, and the Virtru Data Protection Gateway. This modified format allows non-Virtru users to access encrypted email and attachments without needing to log in through a portal. .
This version of TDF is designed to be broadly leveraged across a wide range of organizations and use cases. What makes TDF so powerful is that it facilitates easy-to-use encryption and granular, attribute-based access control for data, at the data object level. While other encryption standards may apply basic controls, TDF is unique because the protection travels with the data and can be flexibly applied to each individual file. Senders can control who can access a piece of data and for how long using TDF.
TDF enables military-grade security that strengthens compliance with some of the world’s strictest data privacy regulations, including CMMC, ITAR, CJIS, and many more.
IC TDF (Intelligence Community TDF): Data Security for Defense Scenarios
The IC TDF is a variation of TDF designed with metadata handling assertions that plug into common intelligence community workflows. Because the U.S. intelligence community has well-established data releasability standards in place (such as “Top Secret,” or “Releasable to U.S., Great Britain, and Canada”), IC TDF maps and enforces data access controls to this existing framework.
ZTDF (Zero Trust Data Format): A Global Intelligence Standard for Interoperability
The Zero Trust Data Format is an interoperable variation of TDF that bridges the gap between the U.S. Intelligence Community and NATO member countries via NATO STANAGs (Standardization Agreements). ZTDF has been ratified by the NATO CCEB (Combined Communications Electronics Board), and it seamlessly reconciles all variations of the TDF standard, as well as various classification and naming conventions, across NATO partners and allies — making it easy to securely share sensitive data across domains and borders, without sacrificing control. The ZTDF format provides the basis for data-centric interoperability.
For example, the U.S. tag for a piece of data might be “Top Secret,” but the comparable tag in the U.K. may be “Above Secret.” ZTDF maps data access across these standards to ensure proper handling across borders and data sensitivity frameworks.
NanoTDF: Lightweight Security for Edge Data and Devices
NanoTDF is a lightweight, binary variation of TDF, contained in a 56-byte wrapper. Like the other variations of TDF, NanoTDF facilitates attribute-based access control and data tagging, as well as encryption. It’s designed to be low-overhead so that it can be used on sensors, Raspberry Pis, and other devices used in the field. Using NanoTDF, data transmitted via these devices is “born secure,” protected, tagged, and wrapped in encryption from the point of creation. NanoTDF also supports streaming, which means that an entire video or audio stream can be sent encrypted. The endpoint can decrypt the data as it streams in and does not have to wait for the entire payload to be downloaded. From maritime vessels to space missions, NanoTDF makes it possible to prioritize data protection even in the smallest-footprint and lowest-bandwidth scenarios.
OpenTDF: An Open Source Toolkit for Data-Centric Security
Available on GitHub, OpenTDF is an open-source toolkit that allows anyone to leverage the benefits of the Trusted Data Format. The OpenTDF project is an open set of standards, libraries, and services that allow you to enable zero-trust protection across your ecosystem to ensure complete data protection and access control. It allows you to build applications with privacy at the center: One example is the Secure Cycle application built on OpenTDF as part of a Virtru Hackathon.
TDF Data Protection for Zero Trust Security, Wherever You Work
Whether you’re using Google Workspace or a Raspberry Pi out in the middle of nowhere, the Trusted Data Format supports military-grade security and granular access control everywhere you work.
TDF is also a great way to ensure that the description of the data (metadata) travels with the data at all times, regardless of the underlying format. Furthermore, TDF enables faster, easier implementation of Zero Trust security, because data is the central and foundational pillar underlying a Zero Trust architecture. Ultimately, it’s all about the data, and TDF is a globally recognized standard for ensuring its safety at every point in its lifecycle.
Want to discuss how TDF could safeguard your organization’s data? Contact Virtru to start the conversation.
