The interconnection of the STU-III (Secure Telephone Unit) and a multilevel secure (MLS) host computer is a layered composition of systems. The composed systems that form the layers result from the connection processing done to establish the host-to-host link. To ensure that the system represented by each composed layer is consistent with the security policy, an additional agent must be added to the host's trusted computing base (TCB). This agent manages the STU-III data port interface and undertakes the coordination necessary to ensure that the security state is consistent between each layer; this coordination includes the security coordination between the two host TCBs and the eventual establishment of the remote session. The agent is implemented as a trusted process and is invisible to a process requesting connection to another host. This implementation allows for the greatest flexibility in the use of hardware at some additional cost in complexity.<>