ZTDFZero TrustNSADefenseData Security

NSA Named ZTDF and IC-TDF the Interoperability Schemas. Procurement Catches Up Next.

May 12, 2026

Lattix branded cover for NSA Named ZTDF and IC-TDF the Interoperability Schemas. /13 section number, ZIG Phase Two metadata, Data Rights Management schema callout, IBM Plex Mono on dark grid background, surgical yellow accent.

The National Security Agency released Phase Two of the Zero Trust Implementation Guidelines on January 30, 2026, covering forty-one activities that support thirty-four capabilities under the Department of War target-level zero trust definition. The phase begins the integration of distinct zero trust solutions across pillars, and it does something Phase One did not. It names a data rights management schema.

In the Data Rights Management Enforcement section, the guideline states that to achieve interoperability, each participating component should standardize a DRM schema, such as Intelligence Community Trusted Data Format or Zero Trust Data Format, to ensure end products for all components can decrypt shared files. That is the naming the federal data-centric conversation has been carrying without authoritative reference for several years. Phase Two changes the reference.

What the naming actually does

The NSA guideline does not invent a standard. ZTDF and IC-TDF predate Phase Two. Virtru open-sourced TDF in 2022, and the Intelligence Community variant has been in operational use across cross-domain workflows since well before that. The guideline's contribution is not a new technical artifact. It is a procurement and architectural reference that program offices, integrators, and vendors can cite without producing the standard themselves.

Three downstream effects follow from the naming.

First, FY27 acquisition language for systems that handle data across components now has a schema to reference. The previous default for cross-component interoperability was a custom integration written against a vendor proprietary protocol. The Phase Two language gives the contracting officer a defensible alternative. Solicitations that read "DRM schema shall be IC-TDF or ZTDF" pass written-evaluation criteria without further justification.

Second, vendor capability claims now have a verifiable test. A product that claims to enforce zero trust at the data layer either implements ZTDF or IC-TDF or it does not. Implementation is testable against the published specifications, not against marketing characterizations. The previous default for vendor zero trust claims was a self-attested capability mapping. Phase Two replaces that with a schema check.

Third, agency programs that already deployed alternative DRM patterns now face a decision about migration cost. The migration question is not whether the alternative pattern enforces policy. The question is whether the alternative pattern interoperates with another component that adopts the named schema. Phase Two's interoperability framing makes the schema choice a network effect, not a vendor preference.

Where this aligns with the broader 2026 federal architecture

Phase Two ships into a federal landscape where the data pillar has been undermarked for years. The CISA Zero Trust Maturity Model 2.0 names data as one of five pillars, but most agency programs have hit target maturity on identity, devices, networks, and applications well before data. CISA's April 2026 binding directive locks Q3 and Q4 milestones on the first four pillars while leaving the data pillar implicit. NSA's Phase Two completes the gap by naming the schema that closes it.

The DoD Zero Trust Strategy 2.0, published in early 2026, extends the same target-level maturity expectations to operational technology, IoT, defense critical infrastructure, and weapon systems. The data pillar across these new surfaces is harder than across enterprise IT because the data crosses vendor maintenance access, regulator submissions, and joint-operations boundaries. Cross-component DRM enforcement is the architectural primitive that makes the strategy achievable. The Phase Two schema naming is what makes that primitive procurable.

NSA's framing on interoperability is direct. The end products for all components must decrypt shared files. The implication is that the schema is the contract between components, not the property of any single component. That framing matches how the Trusted Data Format was originally designed and how Lattix Technologies builds against it.

What Lattix does with the schema

Lattix Technologies binds policy to the data object through attribute-based access control at the policy enforcement point, post-quantum key encapsulation using ML-KEM-768 and ML-KEM-1024, and Merkle-tree lineage in content-addressed storage. The wrapped object format is ZTDF. The policy enforcement model is ABAC against an attribute set evaluated at access time. The cryptographic envelope binds the wrapping key release to the satisfied policy.

This is the architecture the Phase Two guideline implicitly requires for cross-component data sharing. The architecture handles the interoperability question by construction. A ZTDF object produced by one Lattix-protected component decrypts in another ZTDF-aware component when the requesting attribute set satisfies the policy bound to the object. The decryption check is not a coordination protocol between the components. It is a property of the schema.

The architecture also handles the failure mode that procurement language tends to leave out. If the receiving component is not ZTDF-aware, the object remains ciphertext. The failure is fail-closed, not fail-open. Federal data does not leak through schema mismatch.

Where this lands in the next twelve months

NSA has signaled additional phases of the implementation guidelines on a rolling cadence. The pattern of Phase One in January and Phase Two later in January suggests follow-on phases through 2026 and into 2027. Each phase is expected to deepen the activities mapping under the target-level zero trust definition and to surface additional capability outcomes that procurement language can reference.

The schema naming in Phase Two is the central pivot for the data pillar across this cadence. Vendors with a schema-aligned product line are positioned for the FY27 solicitation cycle. Vendors without one will be writing migration roadmaps against the acquisition language that the Phase Two reference enables. The schema is now the procurement question, not the architecture question.

References

NSA, Zero Trust Implementation Guideline Phase Two, January 30, 2026. https://media.defense.gov/2026/Jan/30/2003868308/-1/-1/0/CTR_ZIG_PHASE_ONE.PDF
NSA Press Release, NSA Releases Phase One and Phase Two of the Zero Trust Implementation Guidelines, January 30, 2026. https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4393480/nsa-releases-phase-one-and-phase-two-of-the-zero-trust-implementation-guidelines/
Virtru, Trusted Data Format Highlighted as Interoperability Standard in NSA Zero Trust Implementation Guideline, April 8, 2026. https://www.globenewswire.com/news-release/2026/04/08/3270234/0/en/Trusted-Data-Format-Highlighted-as-Interoperability-Standard-in-NSA-Zero-Trust-Implementation-Guideline.html
NSA, Zero Trust Implementation Guideline Primer, January 8, 2026. https://media.defense.gov/2026/Jan/08/2003852320/-1/-1/0/CTR_ZERO_TRUST_IMPLEMENTATION_GUIDELINE_PRIMER.PDF
CISA, Zero Trust Maturity Model 2.0, April 2023.
DoD, Zero Trust Strategy and Roadmap (2022), Zero Trust Overlays (September 2024).