The National Security Agency/Central Security Services (NSA/CSS) is developing new ways to leverage emerging technologies to deliver more timely Information Assurance (IA) solutions for rapidly evolving customer requirements. The NSA/CSS’s Commercial Solutions for Classified (CSfC) process enables commercial products to be used in layered solutions to protect classified NSS information. This provides the ability to securely communicate, based on commercial standards, with a solution that can be fielded in months, versus years.
What does it mean to be a ‘CSfC Trusted Integrator’?
A CSfC Trusted Integrator has demonstrated that they have the staff and processes in place to architect, design, integrate, document, field, and support systems that meet the requirements within the CSfC program and specifically within a CSfC capability package.
How does an organization become a ‘CSfC Trusted Integrator’?
In order to become a CSfC Trusted Integrator, a company must fill out the appropriate paperwork laid out in this pdf.
This includes having processes, testing methodology, and specific levels of personnel required for the ‘Trusted Integrator’ title. Once this form has been sent in to the NSA, a meeting is scheduled with the CSfC Program Management Office (PMO) and the company. The PMO asks a number of questions to understand the level of knowledge of the CSfC Capability Packages and the company’s commitment to testing documentation and assisting a government organization in implementing a CSfC solution.
What services does this title help MAG provide?
Using the CSfC Campus Wireless Capability Package, MAG has implemented the first full implementation of secure (SIPR) wireless within the Department of Defense. MAG has not only met the criteria for being a CSfC Trusted Integrator but has had a wireless CSfC registration approved since 2014. Beyond Campus, MAG has the expertise and experience to provide a government client with a turn-key solution for any of the four capability programs – Campus Wireless, Mobility Access (MA), Multi-Site Connectivity (MSC), and Data at Rest (DAR). What differentiates MAG from other CSfC Trusted Integrator is our practical experience with the full CSfC process and our relationship with the CSfC teams.
What prior experience makes MAG qualified to provide this service?
What is Public Keying Infrastructure?
One of the key components to any of the CSfC capability programs is the use of Public Keying Infrastructure (PKI). You have undoubtedly experienced this when using the web and seeing a ‘pop-up’ about a certificate. Normal government encryption uses symmetric keys, i.e. the same key is used on both sides using a single key for government ‘type’ encryptors. With PKI, an asymmetric key is used with a public key and private keys used. The PKI architecture that a government customer must develop includes root certificate authority which is maintained but is offline from the network and enterprise certificate authorities which provides the keys for servers and clients. Within the government sector, customers use their Common Access Cards (CAC) to access their NIPRnet. The CAC has a ‘certificate’ embedded which is authenticated through enterprise servers on the NIPR network. Within the CSfC capability packages using the dual tunnel architecture, the government customer needs to understand the nuances of a PKI architecture for both tunnels.
Within the CSfC architecture, there are always three networks referenced – Black, Gray, and Red. The Red network is the classified network being supported which means it has no encryption, the Black network is the transport that requires both encrypted tunnels, and the Gray network terminates one of the encryption tunnels, therefore only having single encryption for the data. The takeaway point is that a customer needs to be aware of the additional network ‘Gray’ that must be created and consider the additional management/manpower that may be involved. MAG has identified this and worked with the CSfC on the ‘Enterprise Gray Network’ concept in part working on the overall management of this new network.
CSfC Trusted Integrator POC’s
William Tilley, Program Manager
Email: [email protected]
Additional information at www.nsa.gov.