About IA at NSA
Partners
Rowlett Awards
Award Recipients
Background
Nomination Procedures
Links
IA Client and Partner Support
IA News
IA Events
IA Mitigation Guidance
Media Destruction Guidance
Security Configuration Guides
Applications
Archived Guides
Cisco Router Guides
Database Servers
Fact Sheets
Industrial Control Systems (ICS)
IPv6
Operating Systems
Supporting Documents
Switches
VoIP and IP Telephony
Vulnerability Technical Reports
Wireless
System Level IA Guidance
TEMPEST Overview
TEMPEST Products: Level I
Certified
Confirmed Deficiencies
Suspended
Terminated
No Longer Produced
TEMPEST Products: Level II
Certified
Confirmed Deficiencies
Suspended
Terminated
No Longer Produced
TEMPEST Company POCs
Certified
Suspended
Terminated
Trusted Computing
IA Academic Outreach
National Centers of Academic Excellence in IA Education
Colloquium
Institutions
SEAL Program
IA Courseware Evaluation Program
Institutions
Student Opportunities
IA Business and Research
IA Business Affairs Office
Certified Product Sales and Support
Commercial COMSEC Evaluation Program
Commercial Satellite Protection Program
Independent Research and Development Program
User Partnership Program
Partnerships with Industry
NIAP and COTS Product Evaluations
IA Programs
Commercial Solutions for Classified Program
Global Information Grid
High Assurance Platform
HAP Technology Overview
HAP Technology Partner Program
HAP Resource Library
Inline Media Encryptor
Suite B Cryptography
NSA Mobility Program
IA Careers
Contact Information
|
Commercial Solutions for Classified ProgramBackgroundU.S. Government customers increasingly require immediate use of the market's most modern commercial hardware and software technologies within National Security Systems (NSS) in order to achieve mission objectives. Consequently, the National Security Agency/Central Security Service's (NSA/CSS) Information Assurance Directorate (IAD) is developing new ways to leverage emerging technologies to deliver more timely IA solutions for rapidly evolving customer requirements. NSA/CSS's Commercial Solutions for Classified (CSfC) Program has been established to enable commercial products to be used in layered solutions protecting classified NSS data. This will provide the ability to securely communicate based on commercial standards in a solution that can be fielded in months, not years. Click to view Commercial Solutions for Classified Brochure (PDF) What is the Process to get a Commercial Product CSfC-Listed?Vendors who wish to have their products eligible as CSfC components of a composed, layered IA solution must build their products in accordance with the applicable U.S. Government Protection Profile(s) and submit their products using the Common Criteria Process. NSA/CSS enters into an agreement with the vendor which may stipulate other requirements for the particular technology. Once the product has met these requirements, NSA/CSS will add it to the list of commercial products available for use in the CSfC program. Interested vendors must complete and submit the CSfC Questionnaire (PDF) for each product. What Protection Profiles are Published and in Development?For a current listing of NIAP approved U.S. Government Protection Profiles, go to http://www.niap-ccevs.org/pp/. For a listing of U.S. Government Protection Profiles currently in development, go to http://www.niap-ccevs.org/pp/draft_pps/. Additional information about NIAP and the Common Criteria Evaluation and Validation Scheme can be found at http://www.niap-ccevs.org/. What is a Capability Package?NSA/CSS is developing sets of Capability Packages in order to provide our customers with ready access to the information needed to satisfy their operational requirements. Capability Packages contain product-neutral information that will allow customers/integrators to successfully implement their own solutions. Using the information in the Capability Package, customers/integrators make product selections while following the guidelines/restrictions to create an architecture with specific commercial products configured in a particular manner. CSfC Capability Packages will provide sufficient guidance for accreditors to make informed decisions on whether solutions meet their mission and security requirements. How can Customers/Integrators Implement a CSfC Capability Package?For information or assistance in determining whether an approved Capability Package satisfies their requirements, U.S. Government customers (e.g., Department of Defense Components, Intelligence Community Organizations, and Federal Agencies) can engage NSA/CSS through their designated IAD Customer Advocates. Integrators should coordinate through their U.S. Government customer points of contact. The FutureAlthough NSA/CSS's strategy for protecting classified information continues to employ both commercially-based and traditional Government-Off-The-Shelf (GOTS) IA solutions, IAD will look first to commercial technology and commercial solutions in helping customers meet their needs for protecting classified information while continuing to support customers with existing GOTS IA solutions or needs that can only be met via GOTS. Updates will be posted to this site as the Commercial Solutions for Classified program continues to progress. Frequently Asked QuestionsClick here to download the Non-Technical Frequently Asked Questions Click here to download the Technical Frequently Asked Questions CSfC Customer HandbookClick here to download the Customer Handbook. This will serve as a guide for CSfC customers on how to use the Capability Packages, CSfC Component Listing, Registration, and Lifecycle Support resources. General QuestionsFor general queries about the Commercial Solutions for Classified Program, email CSfC at csfc@nsa.gov. Capability PackagesCampus WLAN Capability PackageThe first Campus Wi-Fi Capability Package document to be released is the initial draft release of the Campus Wi-Fi Capability architecture for securing data in transit between mobile users to the Government enterprise. It is intended to be a living reference that will be updated to keep pace with technology and policies as they change over time, as additional security products and services are developed, and as lessons learned from early adopters of this architecture are applied. As a first step, this version contains guidance on the required procedures and requirements for building and implementing a Campus Wi-Fi using commercial devices, including laptops. This document is being provided to initiate discussions with our customers and industry. The Information Assurance Directorate welcomes comments, which can be sent to Wi-Fi@nsa.gov. Click here to download the public comment release of this Capability Package: Campus Wi-Fi Capability Package (PDF) Updates to this Capability Package will be posted to this site. Check back frequently in order to keep up with the dynamic changes. Multi-Site Virtual Private Network (VPN) Capability PackageVersion 1.0 of the Multi-Site VPN Capability Package, dated 17 August 2012, has been approved by the IAD Director. This Capability Package provides VPN architectures for securing data in transit between multiple enclaves. It is intended to be a living reference that will be reviewed twice a year to ensure that the defined architecture and other instructions still provide the required security services and robustness. Users of this Capability Package are responsible for obtaining, under their organization's established accreditation and approval processes, certification and accreditation of the user's implementation of this Capability Package. Solutions designed according to this Capability Package must be registered with NSA/IAD. Once registered, a signed IAD Approval Letter will be provided validating that the Multi-Site VPN Capability Package represents a CSFC solution approved for protecting classified information. Click here to download the approved Multi-Site VPN Capability Package v1.0: Multi-Site Virtual Private Network Capability Package v1.0. IAD welcomes comments on the approved Multi-Site VPN Capability Package v1.0, which can be sent to your NSA/IAD Client Advocate or the Multi-Site VPN Capability Package maintenance team at MultiSiteVPN@nsa.gov. Updates to this Capability Package will be posted to this site. Check back frequently in order to keep up with the dynamic changes. Mobility Capability PackageGo to NSA Mobility Program to download the Mobility Capability Package. |
|
Date Posted: Mar 21, 2012 | Last Modified: Feb 21, 2013 | Last Reviewed: Feb 21, 2013 |