Cross-Domain Governance Chain Umbrella

Regulatory and Domain Context

The defense baseline is the Joint Targeting Cycle codified in Joint Publication 3-60 (Joint Targeting, January 2024), which prescribes a six-phase process — end state and commander's objectives, target development, capabilities analysis, commander's decision and force assignment, mission planning and execution, and assessment — that today must execute across air, sea, land, cyber, and space components in compressed timelines. JADC2 layers onto this an explicit cross-domain coordination expectation: a sensor in one domain produces an observation that feeds a decision in another and an effect in a third, and the targeting record must survive coalition review, congressional oversight, and law-of-armed-conflict scrutiny. The Combined Joint All-Domain Command and Control (CJADC2) extension brings Five Eyes partners into the same operational record under coalition release authorities.

Cross-domain cybersecurity adds a parallel regime. The Department of Defense Cross Domain Solutions (CDS) program, governed by the National Cross Domain Strategy and Management Office (NCDSMO) within NSA, accredits the technical means by which information transits classification boundaries. NSA's Raise the Bar (RTB) initiative, refreshed in 2023, imposes hardened design requirements on CDS implementations: filter pipelines, hardware-enforced separation, content inspection, and audit. Any cross-domain operation that crosses a classification boundary must do so through an accredited CDS, and the operation's record must reflect the CDS's filtering decisions as authoritative events. Civilian analogs include CISA's Trusted Internet Connections (TIC) 3.0 and the cross-agency information-sharing arrangements under the Cybersecurity Information Sharing Act of 2015.

Beyond defense, cross-domain governance is the operational reality of disaster response under the National Incident Management System (NIMS) and the Stafford Act, of cross-border financial enforcement under FinCEN's Bank Secrecy Act regime intersecting with OFAC sanctions, of cross-sector critical infrastructure protection under Presidential Policy Directive 21 and the National Critical Functions framework, and of joint medical-public-health-law-enforcement operations under HIPAA's public health exceptions at 45 CFR 164.512. Each of these is a cross-domain regime in everything but name, and each currently runs on ad-hoc bridging rather than architectural support.

Architectural Requirement

A cross-domain governance umbrella must satisfy three structural constraints simultaneously. First, each contributing domain must retain its statutory authority over its own observations and actuations: an air-component sensor observation remains an air-component record under air-component classification and release rules; an FBI investigative observation remains FBI evidence under DOJ chain-of-custody requirements; a hospital observation remains protected health information under HIPAA. Second, the cross-domain operation must compose a single admissible record that survives review by every contributing authority and by any cross-domain oversight body (a combatant commander, a joint task force, a unified command post, an inspector general). Third, adversarial actions targeting the cross-domain seam — forced cross-domain transit, credential laundering across domains, deception injected at the boundary — must surface as named integrity events rather than disappear into the gap between domains.

The architectural requirement is therefore a chain whose primitives are credentialed at the contributing domain level, weighted under each domain's evidentiary norms, admitted under the cross-domain operation's composite admissibility profile, actuated under explicit authority composition, and traced under lineage that preserves the contributing-domain credentials through every cross-domain step. No contributing domain surrenders its authority; the umbrella is a composition of authorities, not a replacement for them.

Why Procedural Cross-Domain Coordination Fails

Today's cross-domain operations rely on procedural bridging: liaison officers, joint operations centers, common operating pictures assembled from per-domain feeds, after-action reports reconciled by hand. The bridging works for slow, deliberate operations and fails for the high-tempo cross-domain operations JADC2 is designed to enable. Per-domain data fabrics produce records in formats their owning domain can consume; cross-domain integration is paid as a tax on every operation, every coalition partner, and every retrospective review. When a cross-domain incident requires reconstruction — a friendly-fire investigation, a civil liberties review of cross-agency information sharing, a coalition disclosure dispute — the bridging artifacts that supported the original operation are not the same artifacts that the review demands, and the reconstruction cost is paid again.

The deeper failure is that procedural cross-domain coordination cannot represent authority composition. When an air-component sensor cues a cyber effect against a target nominated by a land-component commander under coalition release authority, the resulting action has at least four authorities attached to it; procedural records typically attribute it to one. The missing authorities reappear later as audit gaps, congressional questions, and coalition trust failures. Cross-domain coordination is structurally a multi-authority regime, and procedural records are structurally single-authority artifacts.

What the Governance-Chain Primitive Provides

The governance-chain primitive supplies five properties that compose naturally across domains. Authority-credentialed observation means each contributing-domain observation enters the chain bearing the credentials of its originating authority — an air-component sensor, an FBI agent, a hospital clinician, a financial-institution compliance officer — so that downstream consumers in other domains see not only the observation but the authority that warrants it. Evidential weighting allows each domain's measurement-uncertainty and methodological-provenance norms to travel with the observation, so that a cross-domain decision integrates evidence on terms each contributing domain recognizes.

Composite admissibility evaluates a cross-domain operation against the admissibility profile of every contributing domain at once: an operation that would be inadmissible in any contributing domain is inadmissible cross-domain, and the failure surfaces with the contributing-domain authority that rejected it identified. Governed actuation binds each cross-domain effect — a kinetic strike, a cyber action, a financial freeze, a public-health intervention — to the chain of authorities that approved it, including any cross-domain coordinating authority where one exists. Lineage-recorded provenance preserves the full multi-authority chain through every cross-domain step, so that an after-action review or oversight inquiry can reconstruct who saw what, who approved what, and who acted, in the order it occurred, without the bridging artifacts that today's procedural records require.

The five properties — authority-credentialed observation, evidential weighting, composite admissibility, governed actuation, and lineage-recorded provenance — are specified as a unitary chain in U.S. provisional application 64/049,409, and they compose only when treated as an indivisible sequence: an observation that enters without authority credentials cannot be evidentially weighted on terms a contributing domain recognizes, an actuation that bypasses composite admissibility cannot be governed against any contributing-domain authority, and a lineage record that drops any prior link cannot reconstruct the cross-domain operation under oversight inquiry. Breaking the chain at any link collapses the umbrella back into the procedural-bridge regime it replaces.

Compliance Mapping Across Domains

Joint Publication 3-60 targeting-cycle phases map onto chain primitives directly: target development is authority-credentialed observation under intelligence-component authority; capabilities analysis is evidential weighting against doctrinal effects data; commander's decision and force assignment is governed actuation under combatant-command authority; assessment is lineage-recorded reconstruction. JADC2 cross-domain integration is composite admissibility across component-command authorities, with coalition operations adding a coalition-release authority to the composition. NSA Raise the Bar CDS filtering events become credentialed integrity observations within the chain, so that cross-classification transit is itself an audited event rather than an invisible boundary crossing.

Civilian regimes map onto the same primitives. National Incident Management System unified command becomes authority composition across responding agencies; the Stafford Act federal-state-tribal-local authority structure is preserved through credentialed observation. HIPAA public-health and law-enforcement disclosures under 45 CFR 164.512 become governed actuations bound to the statutory authority that warrants disclosure. Bank Secrecy Act suspicious activity reporting intersecting OFAC sanctions enforcement composes financial-institution authority with Treasury enforcement authority. PPD-21 cross-sector critical infrastructure coordination composes sector risk management agency authority with CISA national coordination authority. In every case the chain represents the authority composition that the underlying statute or doctrine already requires but that procedural records cannot natively express.

Adoption Pathway

Adoption begins at a high-tempo cross-domain seam where procedural bridging is most expensive and most consequential. Candidate seams include a JADC2 sensor-to-shooter pilot integrating a single sensor class across two component commands and a coalition partner; a CISA-led cross-sector incident-response exercise spanning a critical-infrastructure sector and federal cybersecurity authorities; a joint health-and-law-enforcement opioid investigation spanning HIPAA-covered entities and DEA enforcement. The first deliverable is a chain that contributing-domain authorities each recognize as their own record, and that the cross-domain operation can run against without parallel bridging.

From a single-seam pilot, adoption extends to the full set of cross-domain operations the participating authorities conduct, then to additional contributing domains, then to coalition partners and cross-sector counterparts. The endpoint is a substrate on which combatant-command operations, federal-agency cross-sector coordination, coalition information sharing, and civilian-sector cross-domain enforcement settle against a chain whose authority composition reflects the statutory and doctrinal reality of cross-domain governance, replacing today's procedural bridging with architecturally-supported composition.