Keeping Up To Date With CSfC Capability Packages
Published in Military Embedded Systems
Since its introduction in 2014, the National Security Agency Commercial Solutions for Classified (CSfC) program has proven very effective in lowering the cost and speeding the accessibility of encryption for critical data-at-rest (DAR). Compared to the time and expense associated with acquiring certification and approval for Type 1 encryption solutions, CSfC has provided a breakthrough for defense and aerospace system integrators by establishing an approved means for using commercial encryption to protect critical data. What makes CSfC innovative is that it provided, for the first time, an authorized process for employing two layers of commercial off-the-shelf (COTS) encryption. These could be two layers of hardware, two layers of software, or a mix of hardware and software.
The very problem that CSfC addresses, the constant and ever-evolving threat of cyberattacks, has led to a regular update for the directives – called a Capability Package (CP) – on how to best implement CSfC. The CPs, published by the NSA Capabilities Directorate, provide the architectures and configuration requirements that enable customers to implement secure solutions using independent, layered COTS products. While the DAR CP is primarily a guideline for solution users and integrators, it also provides a set of guidelines for COTS vendors and system developers.
CPs are product-neutral and describe system-level solution frameworks, document-ing security and configuration requirements for customers and/or integrators. The most recent CSfC CP for data-at-rest, the CSfC Data-at-Rest Capability Package 4.8 (CSfC DAR CP 4.8), was published in October 2019. The next major release, CSfC DAR CP 5.0, would likely have been released early in 2020, if not for delays caused by COVID-19, but it is expected to become available relatively soon.
Read the full article.
Getting Up to Speed on NSA-Approved Two-Layer Commercial Encryption
Paul Davis looks at how CSfC allows system designers to now deploy a commercial off-the-shelf (COTS) solution with encrypted data protection for Type 1 products reducing time and cost.
The Advantages of Netbooting for Embedded Systems
Paul Davis looks at how netbooting provides a superior alternative solution for installing and updating software that delivers huge labor savings.
Security and Solid-State Media Driving Data Storage
It's not enough to have rugged data storage with massive capacities and solid-state storage technology; today they also must offer multi-level data encryption, quick erase, and anti-tamper features.
Senior Product Manager
The Product Manager for our data storage solutions, Steven, is a data-driven professional with over 20 years of experience bringing new offerings to market and improving existing offerings. He has a Masters in Business along with Pragmatic Marketing Certification and is a Project Management Professional (PMP).
What's New? Commercial Solutions for Classified Data-at-Rest Capability Package 5.0 Review
U.S. Government customers require the market’s most modern commercial security technologies. To keep up with market and technology trends, NSA personnel have proposed several changes in data-at-rest capability package 4.8 and have since published version 5.0. This white paper takes a look at what's new.
Commercial Solutions for Classified (CSfC) is an important part of NSA’s commercial cybersecurity strategy to deliver secure solutions that leverage commercial technologies and products to deliver cybersecurity solutions quickly. The CSfC program is founded on the principle that properly configured, layered solutions can provide adequate protection of classified data in various applications.