Commercial Solutions for Classified (CSfC)



Similar documents
POLICY ON THE USE OF COMMERCIAL SOLUTIONS TO PROTECT NATIONAL SECURITY SYSTEMS

Commercial Solutions for Classified (CSfC) Customer Handbook Version 1.1

INFORMATION ASSURANCE DIRECTORATE

Building Robust Security Solutions Using Layering And Independence

Mobility Capability Package

Utilizing the NSA s CSfC Process

05 June 2015 A MW TLP: GREEN

DoD Mobility Kim Rice

Recommended Wireless Local Area Network Architecture

Remote Access Clients for Windows

WHITE PAPER COMBATANT COMMAND (COCOM) NEXT-GENERATION SECURITY ARCHITECTURE USING NSA SUITE B

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Remote Vendor Monitoring

Endpoint Security VPN for Mac

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Network Services Internet VPN

FREE VOICE CALLING IN WIFI CAMPUS NETWORK USING ANDROID

Security. TestOut Modules

Endpoint Security VPN for Mac

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

RAP Installation - Updated

POLICY ON WIRELESS SYSTEMS

White Paper. ZyWALL USG Trade-In Program

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

National Information Assurance Program (NIAP) Evolution

Summary of Technical Information Security for Information Systems and Services Managed by NUIT (Newcastle University IT Service)

Deploying a Secure Wireless VoIP Solution in Healthcare

Cisco Virtual Office Express

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

Cisco Which VPN Solution is Right for You?

SpiderCloud E-RAN Security Overview

TLP: GREEN FBI. FBI Liaison Alert System # A MW

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

Cisco Advanced Services for Network Security

Service Name Startup Type Log On As. ActiveX Installer (AxInstSV) Manual Local System. Adaptive Brightness Manual Local Service

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

HP E-PCM Plus Network Management Software Series

NOTICE: This publication is available at:

Remote Services. Managing Open Systems with Remote Services

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

Stable and Secure Network Infrastructure Benchmarks

Link Layer and Network Layer Security for Wireless Networks

Deploying iphone and ipad Security Overview

Cisco IOS Firewall. Scenarios

Privacy Impact Assessment. For Person Authentication Service (PAS) Date: January 9, 2015

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

CCIE Exam Certification CCIE Routing and Switching Exam Certification Guide dec-2009

Payment Card Industry Self-Assessment Questionnaire

Windows 7, Enterprise Desktop Support Technician

VPN. Date: 4/15/2004 By: Heena Patel

Configuring Security Solutions

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

Datasheet. Enterprise Gateway Router with Gigabit Ethernet. Models: USG, USG-PRO-4. Advanced Security, Monitoring, and Management

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

Microsoft TMG Replacement. How FORTINET integrated secuity platforms Help Protect the Perimeter in a Microsoft Infrastructure Environment

Copyright 2008 Link Technologies,Inc. A Proud Vendor Member of the

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

How To Understand And Understand The Security Of A Key Infrastructure

Networking for Caribbean Development

Seamless Roaming in a Remote Access VPN Environment

State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE NETWORK RESOURCES POLICY

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

Secure Traffic Inspection

Birdstep Intelligent Mobile IP Client v2.0, Universal Edition. Seamless secure mobility across all networks. Copyright 2002 Birdstep Technology ASA

Securing Cloud Computing by GED-i

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

A Web Broker Architecture for Remote Access A simple and cost-effective way to remotely maintain and service industrial machinery worldwide

Release the full potential of your Cisco Call Manager with Ingate Systems

Deploying iphone and ipad Virtual Private Networks

Cisco RV 120W Wireless-N VPN Firewall

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

Network Administrator Gateway Progression Plan

Network Access Security. Lesson 10

IPSec or SSL VPN? Copyright 2004 Juniper Networks, Inc. 1

JUNOS PULSE APPCONNECT

December 8, Security Authorization of Information Systems in Cloud Computing Environments

PART D NETWORK SERVICES

Enterprise SM VOLUME 1, SECTION 5.1: MANAGED TIERED SECURITY SERVICES

Diploma in Information Technology Network Integration Specialist COURSE INFO PACK

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

Cisco Secure BYOD Solution

MCSA Windows 8 (Exam )

Capitalizing on Commercial Innovation

How to configure your Thomson SpeedTouch 780WL for ADSL2+

Best Practices for Outdoor Wireless Security

TABLE OF CONTENTS. Section 5 IPv Introduction Definitions DoD IPv6 Profile Product Requirements...

The Information Security Specialists

Samsung Mobile Security

Transcription:

Commercial Solutions for Classified (CSfC) Program Overview CONFIDENCE IN CYBERSPACE Chris Magaha Deputy Program Manager c.magaha@radium.ncsc.mil

Strategic Initiative CSfC Layering commercial technologies to protect National Security Systems and information CSfC requirements are specified in Capability Packages (CPs) at the system level and in Protection Profiles (PPs) at the component level; use COTS components to meet requirements BENEFITS Improved access to information Releasable to int l partners Flexibility in selecting products Latest commercial IT technology Flexibility/speed updating IT ASSURANCES Layered solutions; diversity in components Component selection Security testing of Capability Packages Classified Risk Assessment Independent Senior Review of CPs 2

CSfC Elements USG & Industry requiring immediate use of the market s most modern commercial hardware and software technologies within NSS to achieve mission objectives Secure solution built by trusted integrators using NSA security requirements & layering approved components Vets Integrators against criteria regarding their organization & personnel User Composed Solution NSA s Trusted Integrator Process Approved COTS components are selected to meet requirements CSfC Components List CSfC requirements are specified in CPs at system level and PPs at component level NIAP Protection Profiles & CSfC Capability Packages Provides the ability to securely communicate based on commercial standards in a solution that can be fielded in months, not years 3

Responsibilities & Risks CSfC solutions follow a different risk paradigm from GOTS No shift/conveyance of authority for approving deviations More transparency of risks (shared risk assessments) Shared analysis and acceptance of risks NSA/IAD Customer/AO Responsibilities Author and maintain capability packages in accordance with official customer requirements Solicit community input and comments on capability packages Engage with commercial vendors Engage with NIAP Review and validate CSfC solution body of evidence, including CSfC compliance matrix Record all deviations and submit for approval by NSA Register all CSfC solutions with the CSfC PMO Act on national manager notifications Risks Assess CP/solution risks Publish classified risk assessment Issue national manager notifications Review NSA-published risk assessments Consider how residual risks will affect operational application Accept residual risks and approve operation of CSfC solution 4

Mitigating the Risks Specification Testing & Integration Deployment Monitoring & Response Capability Pkgs Trusted Integrators Protection Profiles Agreements with Vendors Component Evaluations Customer Registration Components List System Testing Owner C&A Layering Diversity Establish Situational Awareness Local Monitoring Incident Reporting & Discovery Vendor Mitigations Audit/Assessment Risk Assessments 5

Capability Packages Published Virtual Private Network (VPN) v3.0 Campus WLAN v1.1 Data at Rest (DAR) v1.0 Mobile Access CP v0.8 (draft of v1.0) In Process Mobile Access v1.0 (Cellular & Trusted Hotspot) Expected Approval: FEB/MAR15 Data at Rest (DAR) v2.0 Expected Pub: 3Q FY15 Future Mobile Access CP v2.0 Multi Site Connectivity (high speed) Expected Pub: CY16 Campus WLAN v2 (shared wireless layer) Expected Pub: JUN 15 Components CSfC Components Lists updated ~ weekly - Must be under contract with NIAP - NIAP PP with CSfC selections - MoA with NSA www.nsa.gov/ia/programs/csfc_program/index.shtml 6

CSfC Components List Published IPSec VPN Gateways Product Series from Apriva, Aruba, Cisco, Fortress and Juniper WLAN Access System Product Series from Aruba, Cisco and Fortress Certificate Authority Microsoft IPSec VPN Client Product Series from Aruba, Cisco, Microsoft and Samsung SIP Server Cisco Mobile Platform Product Series from Boeing and Samsung Mobile Device Management MobileIron Software Full Disk Encryption Microsoft BitLocker VoIP Applications Cisco and Cellcrypt Traffic Filter Firewall Product Series from Aruba, Cisco and Juniper In Progress IPS Email Clients WLAN Clients Web Browsers CSfC Components = in NIAP against PP w/csfc selections, MoA with NSA www.nsa.gov/ia/programs/csfc_program/index.shtml 7

CSfC Trusted Integrators CSfC Integrators Build, Test, Document, Maintain/Troubleshoot NSA s Trusted Integrator Process vets Integrators against criteria regarding their organization and personnel - Robust business practices - Access to secure facility/clearances - Test methodologies - Personnel certifications - Understanding of CSfC Memorandum of Agreement (MoA) with NSA Criteria and Application available on CSfC website List published on CSfC website 8

CSfC Way Ahead CSfC Specifications and More Publish New/Updated Capability Packages - Multi Site Connectivity (High speed) - WLAN v2 (shared WPA2) - Data at Rest - Mobile Access Update CSfC Components List Update Trusted Integrator List on www.nsa.gov 9

CSfC Registration Process 2 1 CP Execution Customer Implements Solution Based on CP Requirements CP Publication IAD Publishes CP 3 4 Solution Testing Customer Conducts Site Based Testing on Solution 5 Registration Acknowledgement Administrative Acknowledgement of Customer Registration CP Registration Customer Registers with IAD to use CP 6 AO Authorization AO Grants Authority to Operate 10

CSfC Takeaways CSfC For maximum benefit Authorizing Officials: Confirm compliance with Capability Package - Use compliance matrices for body of evidence Accept residual risks related to fielding CSfC solutions Ensure solutions are registered with the CSfC PMO Acquisition/Procurement for RFIs, RFPs, SOWs Require products from CSfC Components List - In accordance with CNSSP 11 Recommend CSfC Trusted Integrators For Up-to-Date Information: www.nsa.gov/ia/programs/csfc_program/index.shtml Sign-up to receive CSfC updates: csfc@nsa.gov 11

Commercial Solutions for Classified National Manager-approved CSfC solutions are specified in Capability Packages (CP) Initial CSfC Components List published on nsa.gov Components used in CSfC solutions are validated against NIAP Protection Profile requirements users ADOPTION Now applying IAD-approved layered commercial solutions to protect classified information CSFC REGISTRATIONS NIAP Protection Profile Evaluations: completed within 90 days (4-6x faster than EAL-based NIAP evals) NIAP Product Compliance List (PCL) grew 10x since Dec 2013. (2 product lines to 21) DoD and IC acquisitions increasingly comply with CNSSP-11 UP ~2X # of CSfC registrations in 1QCY14 exceeded CY13 total. 2013 Typically 2014 UP ~3X CSFC MOAS SIGNED 9 new CSfC MoA s signed with Component vendors in 2QCY14 2013 2014 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information