The short answer is yes. The Commercial Solutions for Classified (CSfC) program established by the National Security Agency in 2014 has been growing since its inception. CSfC solutions are being proposed, approved, and deployed in increasing numbers.
In data provided by the NSA, the number of approved CSfC solutions has increased by 255% between 2019 and 2020. The number of approved data at rest (DAR) solutions has increased by 43% between 2019 and 2020. Even more striking are the number of data at rest solutions being processed, which has gone up 500% year over year.
| FEBRUARY 2019 | FEBRUARY 2020 | YOY % INCREASE | |
|---|---|---|---|
| Approved Data at Rest Only Solutions | 7 | 10 | 43% |
| In-Processing Data at Rest Only Solutions | 3 | 15 | 500% |
| Preliminary Data at Rest Only Solutions1 | N/A | 6 | - |
| Approved Total CSfC Solutions | 20 | 51 | 255% |
| In-Processing Total CSfC Solutions | 45 | 45 | 0% |
| Preliminary Total CSfC Solutions1 | 41 | 47 | 15% |
Table 1 - CSfC Metrics 2019 vs. 2020
Remember that a CSfC solution is an NSA-approved system with two independent layers of encryption products, known as components, which protect U.S. Government Top Secret data.
Basic CSfC Solution Concept
Possible CSfC solutions for Data at Rest must be composed of a combination of two of the CSfC component types:
- SF = software full disk encryption (SWFDE) + file encryption (FE)
- PF = platform encryption (PE) + FE
- HF = hardware full disk encryption (HWFDE) + FE
- HS = HWFDE + SWFDE
- HH2 = HWFDE + HWFDE
The increases in solution processing and approval speaks to several possible factors.
- End customers like the U.S. Army, Navy, and Air Force are accepting CSfC programs to meet their encryption and data protection requirements. They are now using requirement phrases like “NSA-approved encryption,” which opens it up to the possibility of using a CSfC product instead of a Type 1 encryption option.
- Solutions developers (like Boeing, Lockheed, or Northrop Grumman) are responding to end users’ new requirements by including CSfC components as well as other alternatives in their trade studies.
- Components vendors are investing independent research and development (IRAD) funds in the development of new commercial off-the-shelf (COTS) encryption products.
- The NSA has done a great job of listening to the marketplace and supporting vendors, integrators, and end customers alike. Without NSA responsiveness, this type of success would not have been possible.
The CSfC program is robust and growing. COTS developers like Curtiss-Wright are investing significantly in IRAD well ahead of the end customer’s needs to ensure CSfC components are developed, tested, and approved for proposal into CSfC solutions. The number of approved CSfC solutions are increasing year over year and large defense contractors are embracing designing these solutions into new vehicles that will be deployed for many years, if not decades.
1 Requested ID but has not been submitted.
2 Proposed in draft DAR Capability Package 4.8 as of this writing.