Solution options

Solutions propose and analyze different approaches to the challenges identified in scenarios. Multiple solutions can address the same scenario, and cross-cutting solutions span multiple scenarios.

Each solution documents how it works, advantages and disadvantages, which acceptance criteria it meets, and its operational fit.

Cross-cutting solutions

• Classification and Labelling -- Batch and hybrid approaches for applying DCS labels to data, plus a comparison of classification methods
• Offline Key Management Options -- Six approaches for handling encryption and key management in offline/tactical environments

Scenario-specific solutions

Scenario 03: Legacy system DCS retrofit

• JLTS Legacy Application Profile -- Detailed description of a fictional COBOL/DB2 NATO logistics system used as a concrete example for DCS retrofit approaches
• Option 1: Shadow Label Store -- DB2 metadata tables for classification labels (DCS Level 1)
• Option 2: User Attribute Store -- Security attributes mapped to RACF user IDs (DCS Level 2 prerequisite)
• Option 3: TN3270 Security Proxy -- Protocol-aware proxy for interactive access filtering (DCS Level 2)
• Option 4: Batch Export Gateway -- Filtering and STANAG 4778 labeling for outbound data (DCS Level 1 assured + Level 2)
• Option 5: TDF Encryption on Export -- TDF-wrapping outbound data with ABAC policies (DCS Level 3)
• Option 6: Encrypted Data Mirror -- Off-mainframe TDF-encrypted replica for compliance and DR (DCS Level 3)

Scenario 04: Cross-domain sanitisation

• LLM-Based Intelligent Sanitisation -- Using large language models for automated content redaction and cross-domain transfer

More solutions coming

Solutions for additional scenarios are in development. See the gap analysis for the full list of unresolved challenges.