White Paper Series: Data-At-Rest Encryption

blog
blog
Blog
August 27, 2020

White Paper Series: Data-At-Rest Encryption

The Data-At-Rest Encryption Series white papers are aimed to provide engineers, system architects, and program managers with background information, technical details, and a methodology for selecting a data-at-rest (DAR) security approach. The series is meant for professionals developing deployed systems that host classified data.

Data-at-Rest Two-Layered Approach

The first in the series, Data Threats and Protection, explores the reasons to protect DAR, encryption basics, and National Security Agency (NSA) programs, namely Commercial Solutions for Classified (CSfC) and Type 1. Both NSA CSfC and Type 1 are encryption programs that support the protection of classified DAR. This paper is aimed to provide engineers, system architects, and program managers with background information, technical details, and a methodology for selecting a DAR security approach.

The second in the series, Commercial Solutions for Classified, provides details and background information on this vital NSA program. It discusses what the CSfC program is, CSfC terminology, information for CSfC resources, and ways CSfC solutions are being deployed. The paper discusses how the CSfC program is robust and growing, and how COTS developers like Curtiss-Wright are investing significantly in IRAD well ahead of the end customer’s needs to ensure CSfC components are developed, tested, and approved for proposal into CSfC solutions.

To be released in Q3 2020, the third white paper in the Data-At-Rest Encryption Series will discuss NSA Type 1 encryption devices. Type 1 certification is a rigorous process that includes testing and formal analysis of (among other things) cryptographic security, functional security, tamper resistance, emissions security (EMSEC/TEMPEST), and security of the product manufacturing and distribution process. Type 1 products contain approved NSA algorithms (Suite A or CNSA) and are available to U.S. Government users, their contractors, and federally sponsored non-U.S. Government activities subject to export restrictions in accordance with ITAR. The third white paper will discuss NSA Type 1 encryption devices using publically available information.

The fourth and final white paper in the series will be released in Q4 2020. The final paper will be a comparative analysis of Type 1 and CSfC, and will discuss the necessary factors to consider when deciding on an encryption approach. It will summarize the information and provide guidelines for DAR encryption approach selection.

What's New? CSfC Data-at-Rest Capability Package 5.0 Review

The National Security Agency/Central Security Service (NSA/CSS) is constantly developing new ways to leverage emerging technologies to deliver more timely Information Assurance (IA) solutions for rapidly evolving customer requirements.