Keystone is a security architecture, comprised of a Broker, which is the central point of truth for security for tactical and strategic platforms,  and subscribing Agents, which secure the primary computing function in subsystems.

The Keystone Broker can be a standalone box on the platform or can be software added to a central controller/processing system (e.g., mission computer). Keystone Agents are security-enhanced COTS single board computers (SBCs) and other processing elements, primarily responsible for mitigating known vulnerabilities in commercial processors, particularly x86 processors. Any number of Keystone Agents can subscribe to a Keystone Broker to comprise a flexible, federated security architecture.

Keystone Agents can also act independent of the Broker to secure sensitive subsystems or operate in a peer-peer relationship with other Agents.