To date, Cross Domain Solutions (CDS) systems have usually been employed to protect information in a "high" security domain from being accessed by systems or individuals in a "low" security domain. This common situation is a case of hierarchical domains in that from a security policy perspective, the high side can have unrestricted access to all the information on the low side. As a result, the CDS usually employs a "pass all" rule set that permits all the low side information to flow freely while restricting the high side information that passes to the low side.

This paper considers the case of non-hierarchical domains in which there is no unambiguous high side or low side, but rather two domains, each of which contains information that must be restricted from the other, but both also have common information that must be shared to allow for interoperability. The policy implications are numerous: is a single CDS device sufficient, or are two required? Can a rule set be constructed that can physically reside in one or both domains or is a third location required to comply with security policy? How can the common domain be defined in general? How can Operation Security (OPSEC) rules be defined in such a way to allow participants in each domain to be properly briefed? If battlespace content restrictions are to be imposed, how can the "master" site be defined to enforce them and how can scenario development be done by the domain participants without revealing inference to one another? We discuss each of these implications by showing how they fall into general cases, provide guidance on identifying the appropriate case for any specific instance, and describe what solutions are available to accommodate them.