About IA at NSA
Partners
Rowlett Awards
Award Recipients
Background
Nomination Procedures
Links
IA Client and Partner Support
IA News
IA Events
IA Mitigation Guidance
Media Destruction Guidance
Security Configuration Guides
Applications
Archived Guides
Cisco Router Guides
Database Servers
Fact Sheets
Industrial Control Systems (ICS)
IPv6
Operating Systems
Supporting Documents
Switches
VoIP and IP Telephony
Vulnerability Technical Reports
Wireless
System Level IA Guidance
TEMPEST Overview
TEMPEST Products: Level I
Certified
Confirmed Deficiencies
Suspended
Terminated
No Longer Produced
TEMPEST Products: Level II
Certified
Confirmed Deficiencies
Suspended
Terminated
No Longer Produced
TEMPEST Company POCs
Certified
Suspended
Terminated
Trusted Computing
IA Academic Outreach
National Centers of Academic Excellence in IA Education
CAE/IAE Program Criteria
CAE-R Program Criteria
Colloquium
Institutions
SEAL Program
Applying
FAQs
IA Courseware Evaluation Program
Institutions
FAQs
Student Opportunities
IA Business and Research
IA Business Affairs Office
Certified Product Sales and Support
Commercial COMSEC Evaluation Program
Commercial Satellite Protection Program
Independent Research and Development Program
User Partnership Program
Partnerships with Industry
NIAP and COTS Product Evaluations
IA Programs
Commercial Solutions for Classified Program
Global Information Grid
High Assurance Platform
HAP Technology Overview
HAP Technology Partner Program
HAP Resource Library
Inline Media Encryptor
Suite B Cryptography
NSA Mobility Program
IA Careers
Contact Information
|
Commercial Solutions for Classified ProgramBackgroundU.S. Government customers increasingly require immediate use of the market's most modern commercial hardware and software technologies within National Security Systems (NSS) in order to achieve mission objectives. Consequently, the National Security Agency/Central Security Service's (NSA/CSS) Information Assurance Directorate (IAD) is developing new ways to leverage emerging technologies to deliver more timely IA solutions for rapidly evolving customer requirements. NSA/CSS's Commercial Solutions for Classified (CSfC) Program has been established to enable commercial products to be used in layered solutions protecting classified NSS data. This will provide the ability to securely communicate based on commercial standards in a solution that can be fielded in months, not years. Click to view Commercial Solutions for Classified Brochure (PDF) What is the Process to get a Commercial Product CSfC-Listed?Vendors who wish to have their products eligible as CSfC components of a composed, layered IA solution must build their products in accordance with the applicable U.S. Government Protection Profile(s) and submit their products using the Common Criteria Process. NSA/CSS enters into an agreement with the vendor which may stipulate other requirements for the particular technology. Once the product has met these requirements, NSA/CSS will add it to the list of commercial products available for use in the CSfC program. Interested vendors must complete and submit the CSfC Questionnaire (PDF) for each product. What Protection Profiles are Published and in Development?For a current listing of NIAP approved U.S. Government Protection Profiles, go to http://www.niap-ccevs.org/pp/. For a listing of U.S. Government Protection Profiles currently in development, go to http://www.niap-ccevs.org/pp/draft_pps/. Additional information about NIAP and the Common Criteria Evaluation and Validation Scheme can be found at http://www.niap-ccevs.org/. What is a Capability Package?NSA/CSS is developing sets of Capability Packages in order to provide our customers with ready access to the information needed to satisfy their operational requirements. Capability Packages contain product-neutral information that will allow customers/integrators to successfully implement their own solutions. Using the information in the Capability Package, customers/integrators make product selections while following the guidelines/restrictions to create an architecture with specific commercial products configured in a particular manner. Capability Packages identify the critical architectural components and provide descriptions of the role each component plays in protecting the data. They will also include: a list of approved CSfC products, guidance for customers/integrators, administrators, testers, and accreditors. How can Customers/Integrators Implement a CSfC Capability Package?For information or assistance in determining whether an approved Capability Package satisfies their requirements, U.S. Government customers (e.g., Department of Defense Components, Intelligence Community Organizations, and Federal Agencies) can engage NSA/CSS through their designated IAD Customer Advocates. Integrators should coordinate through their U.S. Government customer points of contact. The FutureAlthough NSA/CSS's strategy for protecting classified information continues to employ both commercially-based and traditional Government-Off-The-Shelf (GOTS) IA solutions, IAD will look first to commercial technology and commercial solutions in helping customers meet their needs for protecting classified information while continuing to support customers with existing GOTS IA solutions or needs that can only be met via GOTS. Updates will be posted to this site as the Commercial Solutions for Classified program continues to progress. Frequently Asked QuestionsClick here to download the Non-Technical Frequently Asked Questions Click here to download the Technical Frequently Asked Questions General QuestionsFor general queries about the Commercial Solutions for Classified Program, email CSfC at csfc@nsa.gov. Capability PackagesMulti-Site Virtual Private Network (VPN) Capability PackageThe first Virtual Private Network (VPN) Capability Package document to be released is the initial draft release of the Multi-Site VPN architecture for securing data in transit between multiple enclaves. It is intended to be a living reference that will be updated to keep pace with technology and policies as they change over time, as additional security products and services are developed, and as lessons learned from early adopters of this architecture are applied. As a first step, this version contains guidance on the required procedures and requirements for building and implementing a Multi-Site VPN using commercial VPN devices. This document is being provided to initiate discussions with our customers and industry. The Information Assurance Directorate welcomes comments, which can be sent to MultiSiteVPN@nsa.gov. Click here to download the public comment release of this Capability Package: Multi-Site Virtual Private Network Capability Package (PDF) Updates to this Capability Package will be posted to this site. Check back frequently in order to keep up with the dynamic changes. Secure VoIP Mobility Ver 1.1 Capability PackageThis Capability Package defines the first phase of the Enterprise Mobility Architecture and focuses on the architectural components of providing a Secure VoIP capability using commercial grade products. Future releases will build on this architecture and will include mobile device management and data applications; and ultimately integrate the Wi-Fi service with an expanded list of end devices. Go to NSA Mobility Program to download this Capability Package. |
|
Date Posted: Mar 21, 2012 | Last Modified: Aug 14, 2012 | Last Reviewed: Aug 14, 2012 |