Everfox

Everfox is the world's most trusted provider of Cross-Domain Solutions — purpose-built to move sensitive data between networks operating at different security classification levels. For more than 30 years, U.S. and allied government agencies have relied on Everfox to solve the hardest challenge in national security: sharing the right information at mission speed, without compromising the controls that protect it.

Their portfolio spans hardware guards, software-defined cross-domain capabilities, and Content Disarm and Reconstruction (CDR). The Everfox Data Guard is the primary integration point with Virtru — a Lua-based filtering engine that validates, sanitizes, and transfers TDF-protected objects between classification domains, applying Virtru policy checks and CDR in the DMZ before any file crosses to the high side.

When paired with the Virtru Data Security Platform, the Everfox Data Guard delivers not just boundary enforcement but end-to-end data-centric protection across every classification level it serves. TDF-wrapped objects carry embedded ABAC access policy through the Data Guard DMZ — where Virtru policy checks run alongside CDR — and arrive at the destination already protected. Coalition partners querying the same S3 bucket, analysts reading cursor on target streams, commanders accessing multi-domain situational awareness data: each sees exactly what their current entitlements authorize, enforced by the data itself rather than by the network perimeter they happen to be on.

Key Capabilities

• Transfer data securely between networks at different classification levels — without downgrading or compromising integrity
• Inspect and sanitize files with Content Disarm and Reconstruction (CDR) to eliminate malware at the domain boundary
• Validate TDF manifests inside the Data Guard DMZ — the Lua-based filtering engine inspects embedded Virtru policy attributes and security labels before any file is permitted to cross the classification boundary
• Deploy hardware-enforced cross-domain guards that meet NSA/CSS and intelligence community accreditation requirements
• Operate in air-gapped, tactical edge, and disconnected environments without sacrificing security control
• Enable multi-level information sharing across U.S. agencies, allied nations, and coalition partners — including Common Operating Picture (COP) applications that render different views of the same protected dataset based on each recipient's entitlements
• Protect Cursor on Target (CoT) structured data streams — redacting or obfuscating sensor IDs and targeting attributes in real time over TCP connections, without interrupting the data flow
• Accelerate compliance with ACP 240 — the allied standard governing Zero Trust data sharing in multinational operations
• Integrate with mission applications and S3-compatible storage through open standards and APIs

Better Together

Sharing operational data across classification levels forces an impossible choice: Share the full picture and expose sources, methods, and sensitive targeting data to coalition partners who should only see a portion of it - or spend mission-critical time manually creating sanitized, degraded copies of the dataset for each recipient tier (a process that is slow, error-prone, and incompatible with operational tempo).

The Everfox Data Guard and Virtru Data Security Platform eliminate that trade-off. Every object — cursor on target data, situational awareness feeds, intelligence reports, C2 map layers — is TDF-wrapped before it approaches the classification boundary, with ABAC policy bound to the object itself. Data Guard's Lua-based filtering engine validates the TDF manifest, applies CDR and Virtru policy checks in the DMZ, and delivers the approved file to the destination. At the destination, the Virtru Key Access Service evaluates each recipient's current entitlements in real time.

The result: a coalition partner terminal and a full-access command terminal can both read from the same dataset. One sees the complete tactical picture. The other sees a filtered view — sensor IDs redacted, targeting attributes scoped to what their clearance and mission assignment authorize. Same data. Same S3 bucket. No duplicate datasets. No manual sanitization. 

The Everfox Data Guard and Virtru Data Security Platform integration is designed for government agencies, defense contractors, and allied partners operating across multi-domain environments.

Prerequisites:

• Everfox Data Guard deployment at the classification boundary — with TDF manifest validation configured in the Data Guard filtering pipeline
• Virtru Data Security Platform (SaaS, on-premises, or air-gapped deployment)
• S3-compatible object storage at source and/or destination for TDF-aware mission applications such as COP systems
• Identity provider supporting OIDC/OAuth2 or Intelligence Community identity standards
• Network environments operating across two or more classification levels
• ACP 240 compliance alignment recommended for coalition or FVEY use cases

Security

Everfox Data Guard enforces domain boundary policy — SFTP-based pickup, TDF manifest validation, CDR sanitization, and security label checking in the DMZ before any object crosses to the high side or partner destination. Virtru Data Security Platform adds a second layer: TDF encryption and ABAC policy travel with every protected object, enforced at the moment of access regardless of where the data has moved. 

Compliance

The combined solution supports ACP 240 Zero Trust Data Format compliance — the Allied Communication Publication adopted by FVEY nations and NATO partners for multinational data sharing operations. Virtru Data Security Platform holds FedRAMP Moderate authorization and supports FIPS 140-2/3 validated key management, NATO STANAG 5636 classification markings, and IC metadata standards including IC-EDH, ISM, and IC-ID. Every access event at every classification level is logged in Virtru's comprehensive audit trail.

Privacy

Organizations retain full custody of their encryption keys and access policies throughout the data lifecycle. Virtru's Key Access Service (KAS) and Private Keystore options ensure that no third party — including Virtru — can access protected data without explicit authorization. Comprehensive audit logs capture every access event, supporting compliance reporting and incident response across classification boundaries.