Download
The acceleration of State Sponsored and Mercenary APT cyber-attacks, each of which possess new and more innovative layering of stealth and sophistication, has triggered a much needed response by the National Security Agency’s (NSA) Information Assurance Directorate (IAD). A more expedient path to technology approval has been introduced for qualified organizations. As a result, the NSA’s IAD is seeking vendor solutions to improve the national cyber-posture through the creation of a comprehensive and timely process and the establishment of the Commercial Solutions for Classified (CSfC) program.
In this report, entitled “Utilizing the NSA’s CSfC Process: Protecting National Security Systems with Commercial Layered Solutions,” ICIT provides an overview of the CSfC Process and addresses common misconceptions regarding how commercial and government entities can leverage CSfC. Specifically, this report discusses:
- NSA’s Commercial Solutions Strategy
- Capability Packages
- The Three Pillars of the CSfC Model
- Leveraging the CSfC Program
- Vendor Participation
This brief was authored by:
- James Scott (ICIT Senior Fellow – Institute for Critical Infrastructure Technology)
- Drew Spaniel (Researcher – Institute for Critical Infrastructure Technology)
The following experts contributed to this report
- Stacey Winn (Fellow – Institute for Critical Infrastructure Technology)
- Brian Zielke (Principal Cyber Engineer – ForcePoint)
Underwritten by:
