CSfC

Any cybersecurity strategy needs Commercial Solutions for Classified (CSfC) to deliver secure cybersecurity solutions using commercial technologies and products. It is based on the principle that properly configured, layered solutions can protect classified data in a variety of different applications.

The National Information Assurance Partnership (NIAP) collaborates with technical communities across industry, government, and academia to develop, maintain, and publish product-level security requirements known as Protection Profiles (PPs) through the development, approval, and publication of solution-level specifications called Capability Packages (CPs).

CPs include Mobile Access, Multi-Site Connectivity, Campus Wireless LAN, and Data at Rest. In order to achieve mission objectives, U.S. Government customers require the most up-to-date commercial hardware and software technologies.

The CSfC Program enables commercial products to be used in layered solutions protecting classified data. The program provides the ability to securely communicate based on commercial standards in a solution that can be fielded in months, not years.

The Committee on National Security Systems (CNSS) has issued a CSfC Advisory Memorandum that provides guidance to U.S. Government departments and agencies as to their responsibilities for maintaining the security posture using CSfC solutions.

In addition, the program shall use technologies that have been validated by Common Criteria Testing Labs, in accordance with the National Information Assurance Partnership’s Protection Profiles. If a desired product has not been validated against a Protection Profile, the program shall direct the vendor to have their product validated against the appropriate corresponding Protection Profile.

Where classified data is being protected at rest or in transit by commercial products, technologies from NSA’s CSfC Components List shall be used in accordance with published CSfC Capability Packages. CSfC Capability Packages and the CSfC Components List can be found by visiting the NSA CSfC Components List page. Validated products can be found on NIAP’s CCEVS Product Compliant List page.”

The National Security Agency protects the nation’s most critical information and systems against cyber-attacks by hardening and defending the cyber infrastructure. This is accomplished by using encryption solutions to protect NSS customers, and this includes responsibly leveraging commercial technologies. CSfC continues to be an important component in NSA’s overall commercial cybersecurity and assurance strategy.

FCN has worked with and can assist any government agency with these tools to ensure the security of their systems.