CSfC
Sell directly into the Intel Community by completing the Commercial Solutions for Classified (CSfC) program
CSfC
Sell directly into the Intel Community by completing the Commercial Solutions for Classified (CSfC) program
What Is CSfC?
The National Security Administration (NSA) developed the Commercial Solutions for Classified (CSfC) program as part of a cybersecurity strategy to quickly deliver secured and innovative commercial layered solutions to Government agencies which protect classified NSS data.
U.S. Government customers increasingly require immediate use of the market’s most modern commercial hardware and software technologies within National Security Systems (NSS) in order to achieve mission objectives.
The Program The Essentials The Process
The Program: CSfC
The CSfC program was developed to ensure readily available solutions for procurement provided adequate protection of classified data in a variety of different applications.
NSA/CSS policy mandates CSfC as the first option to be considered to satisfy a CS requirement. The Committee on National Security Systems (CNSS) has issued a CSfC Advisory Memorandum that provides guidance to U.S. Government departments and agencies as to the responsibilities for maintaining the security posture of NSS using CSfC solutions.
In accordance with CNSS Policy 7, only approved products on the CSfC Components List can be used in commercial cybersecurity solutions protecting classified NSS data.
CSfC is a secure alternative to GOTS. NSA will examine the client’s needs to ensure the right tool is used at the right place and in the right environment.
NSA’s strategy for protecting classified information continues to employ both COTS and GOTS solutions. However, NSA will look first to CSfC in helping clients meet their needs for protecting classified information.
Typical CSfC clients are National Security Systems (NSS) stakeholders, which includes the Department of Defense (DoD), the Intelligence Community (IC), Military Services and other federal agencies. These clients utilize commercial solutions based on CSfC Capability Packages (CPs) to quickly implement Cybersecurity solutions to satisfy their mission objectives.
The Essentials: Security Requirements
- Vendors who wish to have their products eligible as CSfC components of a composed, layered CS/IA solution, must build their products in accordance with the applicable U.S. Protection Profiles and submit their products using the Common Criteria process.
- NSA considers the totality of circumstances known to NSA
- The vendor will enter into a Memorandum of Agreement (MoA) with NSA
- Interested vendors must complete and submit the CSfC Questionnaire (PDF) for each product.