> I'm happy to share anything that is not under NDA.
Meta-questions that you quite possibly can't answer: broadly speaking, what parts of this system are under NDA? Why would any part of this system be under NDA? Did any government agencies impose the NDA, or was it private companies? Is the NDA intended to protect those running the system, or is it intended to protect those using the system (IOW, is it security by obscurity)?
In my line of US government coding (no relationship with this project), NDA is orthogonal to security. NDA is used to protect confidential vendor information. For example: that they have a contract with the government at all (in the case of a stealth startup), specific technical capabilities they don’t want broadcast to their competitors, the size of the contract vs. committed resources, etc
Basically everything that is not publicly documented on the Federal Reserve's website. Unfortunately, it is really common in the financial services space to overuse a NDA. Things like specific fraud safeguards, hardware information, network diagrams, etc. are all under NDA.
Meta-questions that you quite possibly can't answer: broadly speaking, what parts of this system are under NDA? Why would any part of this system be under NDA? Did any government agencies impose the NDA, or was it private companies? Is the NDA intended to protect those running the system, or is it intended to protect those using the system (IOW, is it security by obscurity)?