The National Security Agency (NSA) publishes a set of guidelines and processes by which commercial solutions are officially granted permission into classified networks. The program is rightfully called Commercial Solutions for Classified (CSfC).
- The NSA wants to the United States agencies to use the newest, best technology out there as quickly as possible.
The business reason:
- Vendors need to see a return on investment (ROI) for the work they put in.
- Going through the type 1 product classification is not necessarily easy and a vendor may not see the return.
- To get the return on investment on these qualifications, vendors jack up the price to the government.
These guidelines are as happy a medium as can be had with incentivizing vendors without compromising security.
Once the vendor has gone through the process and meets the requirements, the vendor is added to the approved commercial products lists.
One key component of the process is picking out a Capability Package to conform to.
- Mobile Access Capability Package
- Campus WLAN Capability Package
- Multi-Site Connectivity Capability Package
- Data at Rest Capability Package
For a data management or storage system, the most applicable capability package is the Data at Rest Capability Package.
To meet the Capability Package, two layers of suite B algorithms must be used in conjunction to provide the security required.
With these two native layers, NetApp is the vendor who is closest to meeting the NSA requirements natively. ONTAP is able to apply storage efficiencies (de-duplication, compression, compaction) and then apply the two layers of encryption. Who says you can’t have your cake and eat it too?
Check out the what NetApp and ONTAP can do for your security posture.
Why Does the NSA Publish These Guidelines?
The published reason:- The NSA wants to the United States agencies to use the newest, best technology out there as quickly as possible.
The business reason:
- Vendors need to see a return on investment (ROI) for the work they put in.
- Going through the type 1 product classification is not necessarily easy and a vendor may not see the return.
- To get the return on investment on these qualifications, vendors jack up the price to the government.
These guidelines are as happy a medium as can be had with incentivizing vendors without compromising security.
Once the vendor has gone through the process and meets the requirements, the vendor is added to the approved commercial products lists.
What’s the Process to Get On the CSfC List?
There are several good resources published by the NSA that list out the process.One key component of the process is picking out a Capability Package to conform to.
What a Capability Package?
A Capability Package defines the set of architectural requirements that a product must conform to. This is the list of capability packages.- Mobile Access Capability Package
- Campus WLAN Capability Package
- Multi-Site Connectivity Capability Package
- Data at Rest Capability Package
For a data management or storage system, the most applicable capability package is the Data at Rest Capability Package.
What’s in the Data at Rest Capability Package?
This Capability Package lists the algorithms that are acceptable for encryption and hashing – all of these algorithms are suite B algorithms.To meet the Capability Package, two layers of suite B algorithms must be used in conjunction to provide the security required.
Where Does ONTAP Fit In?
With NetApp Volume Encryption running on top of NetApp Storage Encryption, ONTAP provides two layers of suite B algorithms to protect your data at rest!With these two native layers, NetApp is the vendor who is closest to meeting the NSA requirements natively. ONTAP is able to apply storage efficiencies (de-duplication, compression, compaction) and then apply the two layers of encryption. Who says you can’t have your cake and eat it too?
Check out the what NetApp and ONTAP can do for your security posture.
Comments
Post a Comment