Possibly a modification of it or enforced through the security kernel. Look up Epstein's "15 years after TX" paper for example of older, secure X. Nitpicker GUI is a modern approach. Otherwise, they just ported old crap over due to customer demand with a warning to only use it in trustworthy environments. That happens too.
However, XTS-400's are usually operated in console mode as cross-domain solutions. These are like ultra-thorough firewalls with content scanning, assurance that OS resists hackers, and various covert/side channels plugged. Guards actually predate firewalls: a knockoff of guards that had less features and always (even today) less assurance of secure implementation. Defense sector still prefers guards on points where multiple levels, esp Internet and classified, connect. Although, even most guards are at weak EAL4 OS's now. (sighs)
However, XTS-400's are usually operated in console mode as cross-domain solutions. These are like ultra-thorough firewalls with content scanning, assurance that OS resists hackers, and various covert/side channels plugged. Guards actually predate firewalls: a knockoff of guards that had less features and always (even today) less assurance of secure implementation. Defense sector still prefers guards on points where multiple levels, esp Internet and classified, connect. Although, even most guards are at weak EAL4 OS's now. (sighs)