NSA CSfC and Common Criteria

What is the NSA CSfC?

Commercial Solutions for Classified (CSfC) is an important part of NSA’s commercial cybersecurity strategy to deliver secure solutions that leverage commercial technologies and products to deliver cybersecurity solutions quickly. The CSfC program is founded on the principle that properly configured, layered solutions can provide adequate protection of classified data in various applications. NSA has developed, approved, and published solution-level specifications called Capability Packages (CPs) and works with technical communities from across industry, governments, and academia to develop and publish product-level requirements in U.S. Government Protection Profiles (PPs).

Curtiss-Wright offers CSfC solutions in both the data-at-rest (DAR) and data-in-transit (DIT) CSfC categories. These solutions reflect Curtiss-Wright’s knowledge, experience and commitment to the CSfC Program. Information sharing and data storage is critical to ensure mission success. Curtiss-Wright is committed to provide CSfC solutions that are trusted and proven.

The Benefits of the NSA's CSfC Program

The CSfC program enables organizations to transmit classified information using commercial-grade encryption solutions (when appropriately tested, certified and configured), eliminating the need for expensive, difficult-to-use classified equipment.

Providing such benefits as:

  • Enabling entirely new classes of wireless access to classified networks for warfighting
  • Enabling U.S. coalition partners to access classified information without taking possession of controlled cryptographic items (CCI)
  • Significantly reduces equipment costs and simplifies key management
  • Simplifies equipment handling/security procedures

The NSA now allows classified information to be transmitted on wired and wireless connections, even over public and partner networks by using two sets of encryption technologies (such as Cisco and Aruba VPNs), one layered inside the other. The NSA has also approved combinations of solutions that include a layer of VPN combined with encryption provided by Wi-Fi, TLS or MACsec, following specific guidelines.

What is Common Criteria?

Common Criteria is a standard administered by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). It serves as a framework that allows products to be evaluated against a defined Security Target (ST) and Security Functional Requirements (SFR). Normally, products will pull much of their ST from an already defined Protection Profile (PP) for a given set of products. Products are then evaluated against their defined ST and SFR at an independent lab.

Review DAR Encryption Approaches

NSA Type 1 Encryption

Endorsed by the NSA for securing classified and sensitive U.S. Government information when appropriately keyed.

NIST FIPS 140-2 Cryptography

An internationally recognized security certification standard for commercial cryptography.