Commercial Solutions for Classified (CSfC) Programs
Harnessing the Power of Commercial Industry for Secure Data at Rest Solutions
What is CSfC?
The Commercial Solutions for Classified (CSfC) program was launched by the National Security Administration (NSA) and the Central Security Service (CSS) to protect classified, secret and top secret data by simultaneously implementing two compliant commercial security components in a layered solution. By adopting these agile commercial innovations, the CSfC program will save time and money for classified programs in all branches of government -- from benign data centers to forward-deployed systems in harsh, insecure environments.
Capability Packages (CP)
CSfC implementation requirements are defined by Capability Packages (CP) published by the NSA. CP deliver data security solutions using approved components from participating technology leaders. In the Data at Rest (DAR) CP, data protection can be accomplished by integrating an inner and outer layer of hardware and software encryption. Below is an example of two-layer DAR Solution with Mercury's ASURRE-Stor and software file encryption.
Two-Layer DAR Solution Example with ASURRE-Stor and Software File Encryption
Mercury’s CSfC Military Data Storage
A self-encrypting solid state drive, Mercury's ASURRE-Stor™ SSD, is the inner layer while a file encryption or software full disk encryption solution is selected as the outer layer. These two independent components using advanced encryption standard (AES) with 256-bit keys incorporate different encryption algorithms. This approach eliminates the likelihood that a single vulnerability can be exploited in both security layers simultaneously. Classified, secret and top secret data can be safely stored if all of the CSfC program requirements are successfully validated per the CP criteria defined by the NSA. It is absolutely imperative to use only hardware and software solutions approved by the NSA and included on the NSA's CSfC component list.
Join the Experts - CSfC Technology Day
Mercury hosted the first annual DAR CSfC Technology Day in October 2018, bringing together the CSfC ecosystem of component suppliers, trusted integrators and companies implementing CSfC solutions. Our event included speakers from the NSA, Tribalco, Star Lab, KeyPair Consulting and Cigent Technology as well as interactive panel discussions and a two-layer solution demo. Topics included:
- Introduction to the CSfC program
- Data at Rest (DAR) capability package
- Two layer solution process
- Mitigations and deployments in the quantum era
- Keynote on emerging cyber threats and mitigation techniques