Security domain

A security domain is an application or a set of applications that collectively rely on a shared security token for processes such as authentication, authorization, and session management. In essence, a security token is granted to a user following their active authentication using a user ID and password within the security domain. The token establishes a foundation of trust, enabling secure interactions across the applications within the defined security domain. More specifically, the Committee of National Security Systems (CNSSI) in CNSSI 4009, defines a security domain as "A domain operating at a single security level (which includes a unique combination of classification, releasabilities, and dissemination controls) that implements a security policy and is administered by a single authority."^[1]

A security domain is the determining factor in the classification of an enclave of servers/computers. A network with a different security domain is kept separate from other networks. For example, NIPRNet, SIPRNet, JWICS, and NSANet are all kept separate.

Examples of a security domain include:

• All the web applications that trust a session cookie issued by a Web Access Management product
• All the Windows applications and services that trust a Kerberos ticket issued by Active Directory

In an identity federation that spans two different organizations that share a business partner, customer or business process outsourcing relation – a partner domain would be another security domain with which users and applications (from the local security domain) interact.

More modern security architectures such as Zero Trust Architecture (ZTA) exclude the use of traditional security domains in favor of multistage authentication and authorization.^[2]