Cargando · Loading
Zero trust network gateway authenticating each device and user per individual session via PKI X.509 identity certificates and FIDO2 tokens, applying identity-based network micro-segmentation without static VLANs, recording every access flow in immutable log, and meeting DISA STIG V2R2 requirements for deployment on classified and unclassified tactical networks of the Armed Forces.
Bitstream
Bitstream ZTA Gateway Zero Trust Access Gateway for Tactical Networks with Per-Session Authentication Micro-Segmentation and DISA STIG Compliance
Technical specifications
Technical overview
The Bitstream ZTA Gateway is the zero trust network gateway designed to replace the perimeter security model in military tactical networks — the model where any device inside the local area network is implicitly trusted once it has passed the perimeter firewall — with a model where every access to any network resource requires explicit authentication and per-session authorization, regardless of whether the device is inside or outside the physical installation perimeter.
In the context of a brigade or division tactical network, the traditional perimeter model fails in two frequent scenarios: when a legitimate device (planning laptop, ATAK tablet) is compromised by a hostile actor obtaining physical device access in the field — with perimeter access, that compromised device can move laterally through the entire network without restriction — and when the tactical network extends beyond the physically controlled perimeter via mesh radio links, SATCOM, or encrypted WAN, making the concept of 'inside the perimeter' lose geographic meaning. The ZTA Gateway authenticates the device via its device identity X.509 certificate issued by the organization's PKI, and authenticates the user via FIDO2 token (physical USB or NFC security key) or CAC/PIV certificate — both authentication layers are simultaneously required to establish any session, so device compromise without the user's physical token, or vice versa, provides no access.
The ZTA Gateway's identity-based micro-segmentation replaces static VLANs with dynamic access policies based on user identity, device certified role, and session context — time, device GPS location, classification level of requested resource. A platoon sergeant's ATAK tablet can access the tactical map server and messaging server, but not the battalion-level operations planning server, even if they are on the same physical network, without VLANs or ACLs manually configured by a network administrator.
Key features
Applications
Related products
Rugged IP router with hardware AES-256 Layer 2/3 encryption for classified tactical networks, FIPS 140-2 Level 2 certified, and -40 to +70 degrees Celsius operation.
View details →Bitstream16-port managed Layer 3 Ethernet switch for tactical networks, TEMPEST Zone B certified, -40 to +70 degrees Celsius fanless, direct installation in 24V vehicle rack.
View details →Bitstream8-port GigE + 2 SFP Layer 2/3 managed Ethernet switch with web/SNMP management, operational-function VLAN, voice/data/video QoS, per-port MACsec encryption, and MIL-STD-810H certification for tactical IP network nodes in fixed and mobile command posts.
Live IEC 61850 migration of a 220 kV transmission substation in Ica, Peru. Kalkitech Arc One gateways for legacy IEDs, Bitstream TS-3000 PTP synchronization, unified SCADA for 14 bays. Protection MTTR reduced from 6.2h to 22 minutes.
Comprehensive technical guide to Rajant's BreadCrumb family for defense operations: InstaMesh architecture, ATAK integration, LynX roles in dismounted operations, island mode for jungle and highlands, and EAR acquisition considerations for Peru.
Local technical support
EMAR SYSTEMS provides integration, training, and after-sales support for all represented products. Contact the technical team for specifications, demos, and quotes.