The growth of state sponsored and APT cyber-attacks on the US government has triggered a much needed response by the US National Security Agency's (NSA) Information Assurance Directorate (IAD).


The NSA's IAD seeks vendor solutions to improve the national cyber-posture by creating a comprehensive and timely process (months rather than years) and establishing the Commercial Solutions for Classified (CSfC) programme.


The Institute for Critical Infrastructure Technology's (ICIT) recent report explains that the CSfC programme is designed to provide agencies with components vetted against a common framework that satisfies NSA IAD's security requirements while incorporating emerging technologies and improving national security. Such components include the enablement to design secure data transmission and storage methods and to implement layered security in a timely manner.   


CSfC solutions are composed of available commercial technology using open commercial standards and rely on commercial products, protocols, and encryption resulting in less of a regulatory burden and greater interoperability.


James Scott, senior fellow at the Institute for Critical Infrastructure Technology told, “The CSfC process modernises government systems with proven cutting-edge commercial solutions from trusted providers, to end the irrational cycle of government system breaches due to budget constraints, systemic bureaucracy, and antiquated technology. To ensure that CSfC solutions best serve government needs, they are subject to approval from the National Information Assurance Partnership (NIAP) created by NSA and NIST, they are constructed from independent layered defences, and they incorporate strong and universally supported Suite B algorithms.”