The National Security Agency’s (NSA’s) new Commercial Solutions for Classified (CSfC) program provides US government agencies with unprecedented capabilities to deploy and secure classified networks. Rather than requiring the use of Type I encryptors or proprietary solutions, CSfC is allows the integration of NSA’s Suite B cryptographic algorithms into commercial off-the-shelf (COTS) IT equipment (VPN concentrators, WLAN controllers, VPN/WLAN clients, etc.). The CSfC program is supported by several Fortune 500 COTS vendors such as Cisco, Juniper, Palo Alto, and Aruba Networks. Since its establishment in 2010, the number of products and vendors working with NSA on the CSfC program has continued to grow.
NSA’s CSfC program office has established several CSfC “Capability Packages” to provide DoD and government agencies with specific technical architectures and well-documented approaches to protect data in transit as well as data at rest. CSfC solutions allow the DoD and government agencies to use Suite B-enabled VPN capability to securely tunnel classified networks over their existing NIPRNET (Non-classified Internet Protocol Router Network) or black infrastructure. NSA continues to release new—and update existing—CSfC Capability Packages, and is also establishing a new one to enable even greater functionality.
In spite of the tremendous capabilities that CSfC provides, deploying a CSfC solution is a complex process. It requires new security testing and documentation to successfully register a CSfC deployment with NSA. To aid in this process, NSA has established a CSfC Trusted Integrator Program.
A CSfC Trusted Integrator is defined by NSA as an organization qualified to assemble and integrate components according to a CSfC Capability Package, test the resulting solution, and provide the body of evidence—and CSfC Registration Package for the deployed solution—to NSA and the Authorizing Official/Designated Approving Authority.
Assured Information Security (AIS) was selected by NSA as a Trusted Integrator, and has been a participant since 2015, the inaugural year of the program.
As a CSfC Trusted Integrator, we help customers:
- Fully understand the technical and administrative requirements of deploying CSfC solutions
- Plan and engineer their CSfC solutions to minimize or eliminate deviations to NSA’s CSfC Capability Package(s)
- Administer and maintain the solutions after deployment
We are also the first line of response in troubleshooting or responding to security incidents.
We have assisted several DoD and Federal Government customers plan and engineer their CSfC architectures and solutions using the VPN Capability Package, the Campus Wireless LAN Capability Package, the Mobile Access Capability Package, and the Data-at-Rest Capability Package. We are recognized as a key leader and Center of Excellence in the CSfC Integrator community, and a key advocate across the DoD and Federal Government for NSA’s Commercial Solutions for Classified program.