Keeping Up To Date With CSfC Capability Packages

article
article
Article
September 09, 2020

Keeping Up To Date With CSfC Capability Packages

Published in Military Embedded Systems

Since its introduction in 2014, the National Security Agency Commercial Solutions for Classified (CSfC) program has proven very effective in lowering the cost and speeding the accessibility of encryption for critical data-at-rest (DAR). Compared to the time and expense associated with acquiring certification and approval for Type 1 encryption solutions, CSfC has provided a breakthrough for defense and aerospace system integrators by establishing an approved means for using commercial encryption to protect critical data. What makes CSfC innovative is that it provided, for the first time, an authorized process for employing two layers of commercial off-the-shelf (COTS) encryption. These could be two layers of hardware, two layers of software, or a mix of hardware and software.

The very problem that CSfC addresses, the constant and ever-evolving threat of cyberattacks, has led to a regular update for the directives – called a Capability Package (CP) – on how to best implement CSfC. The CPs, published by the NSA Capabilities Directorate, provide the architectures and configuration requirements that enable customers to implement secure solutions using independent, layered COTS products. While the DAR CP is primarily a guideline for solution users and integrators, it also provides a set of guidelines for COTS vendors and system developers.

CPs are product-neutral and describe system-level solution frameworks, document-ing security and configuration requirements for customers and/or integrators. The most recent CSfC CP for data-at-rest, the CSfC Data-at-Rest Capability Package 4.8 (CSfC DAR CP 4.8), was published in October 2019. The next major release, CSfC DAR CP 5.0, would likely have been released early in 2020, if not for delays caused by COVID-19, but it is expected to become available relatively soon.

Read the full article.

Steven Petric

Steven Petric

Senior Product Manager

The Product Manager for our data storage solutions, Steven, is a data-driven professional with over 20 years of experience bringing new offerings to market and improving existing offerings. He has a Masters in Business along with Pragmatic Marketing Certification and is a Project Management Professional (PMP).

What's New? Commercial Solutions for Classified Data-at-Rest Capability Package 5.0 Review

U.S. Government customers require the market’s most modern commercial security technologies. To keep up with market and technology trends, NSA personnel have proposed several changes in data-at-rest capability package 4.8 and have since published version 5.0. This white paper takes a look at what's new.

NSA CSfC

Commercial Solutions for Classified (CSfC) is an important part of NSA’s commercial cybersecurity strategy to deliver secure solutions that leverage commercial technologies and products to deliver cybersecurity solutions quickly. The CSfC program is founded on the principle that properly configured, layered solutions can provide adequate protection of classified data in various applications.