Leveraging Commercial Encryption outside the United States
December 22, 2017 | BY: Paul DavisDownload PDF
As previously announced, Curtiss-Wright recently began the process of certifying the DTS1 for Common Criteria (ISO-15408) with the goal of being added to the NSA-approved Commercial Solutions for Classified (CSfC) list. With its unique 2-Layer encryption technology, the DTS1 seamlessly integrates both hardware and software full disk encryption to protect sensitive mission data. Once certified by National Information Assurance Partnership (NIAP) for Common Criteria (CC) and listed as a CSfC product, the DTS1 will provide system integrators an encrypted storage solution accepted by the NSA as an alternative to Type-1 encryptors. Type-1 products are certified by the NSA in an extremely lengthy and costly process that can create considerable risk to programs. For integrators in the United States, CSfC provides an affordable COTS solution when compared to the expensive and difficult to approve Type-1 products.
For integrators outside the US who are unable to obtain Type-1 technology due to ITAR restrictions, products certified with CC offer a compelling option. This is because CC is an internationally recognized standard for the evaluation of data protection devices under the Common Criteria Recognition Arrangement (CCRA). Established in 1998, the CCRA provides guidelines for the evaluation of IT products and the development of collaborative protection profiles, ensuring they are performed to both high and consistent standards. The intention was to improve the availability of evaluated products intended for deployment in government applications. Not only does the CCRA open up the availability of secure IT products, it also eliminates countries’ burden of performing duplicate evaluations. Participants of the CCRA also support the continuous improvements to the efficiency and cost-effectiveness of the evaluation and certification process.
Initially comprising of seven countries, today there are 28 participants recognizing the CCRA certification processes and certified products. Countries participating in CCRA are classified into two categories:
- Authorizing - members of the CCRA that are permitted to evaluate and certify new IT products with CC.
- Consuming – members of the CCRA that recognize certifications granted to IT products from authorizing members.
Representing each member is an established organization that supports the objectives of the CCRA and oversees product evaluation. In the United States, that organization is NIAP with each country having its own similar organization. Once the DTS1 receives its CC certification from NIAP, each of the 28 member countries of the CCRA will recognize that certification, giving system integrators in their respective countries access to a rugged, small data storage device providing encryption capabilities that have been tested to internationally recognized standards.
Find out more about the journey to Common Criteria and CSfC.