Blog

Comparing Encryption Standards and Associated Countries

September 28, 2020 | BY: Steven Petric

When it comes to protecting classified data, you have your choice of encryption standards. A number of them exist around the world, and each encryption standard has a testing authority and an approval authority. This blog talks about the most influential and well-known standards for securing data-at-rest (DAR) and what it takes to protect classified information from falling into the wrong hands.

Encryption Standards

Type 1 and Commercial Solutions for Classified (CSfC)

In the United States, the U.S. Government recognizes two basic standards for the protection of United States Government (USG) classified data. These two standards are managed by the National Security Agency (NSA).

Type 1

The Type 1 program has been around for decades. While the technology performing the encryption may have changed, the processes and approvals have remained intact. Details regarding the program are not publicly available. Think of the Type 1 program as government off-the-shelf (GOTS). These evaluations are performed by the NSA itself (in conjunction with the vendor), and the products are then “certified.” No public list is available of certified products, but companies may advertise those products separately. Type 1 encryption products are international.

CSfC

The CSfC program was started by NSA a few years back and is gaining traction and infrastructure. The processes are all publicly available and free to read. Think of the CSfC program as commercial off-the-shelf (COTS). While the program is managed by the NSA, the evaluations are performed in the U.S. by the National Information Assurance Partnership (NIAP) following the appropriate Common Criteria (CC) protection profiles. So, while CSfC is mainly a U.S. standard, the results are recognized by 31 other countries.  

FIPS 140-2

Canada and the U.S. share a commercial encryption standard known as FIPS 140-2. This standard is widely known around the world but supported primarily by the U.S. and Canada. “FIPS” (as most people refer to it) is only concerned with encryption and not with the implementation of that encryption (see Common Criteria below). Hence some say that FIPS is an “inch wide and a mile deep.” In the U.S., encryption modules are evaluated and certified by the National Institute of Standards and Technology (NIST). FIPS 140-3 will replace 140-2 in September 2021.  

Common Criteria Recognition Agreement (CCRA)

Currently, 31 countries are part of the CCRA. 17 are “authorizing” members while 14 are “consuming” members. The authorizing members actively participate in development of the requirements in documents called “protection profiles.” Evaluations performed in one country are recognized in the other member countries. In the U.S., CC evaluations are performed by NIAP, and the products are then “certified.” In contrast with FIPS, Common Criteria is sometimes said to be a “mile wide and an inch deep”. CC products often use FIPS 140-2 certified encryption modules as the basis for encryption systems.  

NATO Information Assurance Product Catalogue (NIAPC)

The North Atlantic Treaty Organization (NATO) publishes a list of information assurance products that may be used in NATO equipment. NATO does not perform a separate evaluation itself, but depends on the host country for that endorsement. For U.S. products, an endorsement must be received from the NSA.

Table 1 shows each of these standards and the countries that recognize them. Type 1 products are GOTS products, subject to International Traffic in Arms Regulations (ITAR) restriction, and may only be sold to members of the “5 Eyes” or “FVEY.” CSfC, FIPS, and Common Criteria products are typically ITAR free, allowing export to many approved countries. NIAPC products are approved for use by NATO countries but may also be CSfC approved, CCRA certified, and FIPS 140-2 certified.

To find out more about CSfC encryption, check out our white paper CSfC Series: Data-at-Rest Capability Package 4.8.

Table - Encryption Standards and Associated Countries

Countries

Type 1 (5 Eyes)

CSfC

CCRA

FIPS 140-2

NATO

United States

X

X

X

X

X

Canada

X

 

X

X

X

United Kingdom

X

 

X

 

X

New Zealand

X

 

X

 

 

Australia

X

 

X

 

 

France

 

 

X

 

X

Germany

 

 

X

 

X

India

 

 

X

 

X

Italy

 

 

X

 

X

Japan

 

 

X

 

X

Malaysia

 

 

X

 

X

Netherlands

 

 

X

 

X

New Zealand

 

 

X

 

X

Norway

 

 

X

 

X

Republic of Korea

 

 

X

 

 

Singapore

 

 

X

 

 

Spain

 

 

X

 

X

Sweden

 

 

X

 

X

Turkey

 

 

X

 

X

Austria

 

 

X

 

X

Czech Republic

 

 

X

 

X

Denmark

 

 

X

 

X

Ethiopia

 

 

X

 

 

Finland

 

 

X

 

 

Greece

 

 

X

 

X

Hungary

 

 

X

 

X

Indonesia

 

 

X

 

 

Israel

 

 

X

 

 

Pakistan

 

 

X

 

 

Poland

 

 

X

 

X

Qatar

 

 

X

 

 

Slovak Republic

 

 

 

 

X

Belgium

 

 

 

 

X

Denmark

 

 

 

 

X

Iceland

 

 

 

 

X

Luxembourg

 

 

 

 

X

Bulgaria

 

 

 

 

X

Estonia

 

 

 

 

X

Latvia

 

 

 

 

X

Lithuania

 

 

 

 

X

Montenegro

 

 

 

 

X

North Macedonia

 

 

 

 

X

Steven Petric

Author’s Biography

Steven Petric

Senior Product Manager, Data Storage

The Product Manager for our data storage solutions, Steven is a data driven product management professional with over 20 years of experience in bringing new offerings to market and improving existing offerings. He has a Masters in Business along with Pragmatic Marketing Certification and is a Project Management Professional (PMP).

Share This Article

  • Share on Linkedin
  • Share on Twitter
  • Share on Facebook
  • Share on Google+
Want to add a comment? Please login
Loading...
Connect With Curtiss-Wright Connect With Curtiss-Wright Connect With Curtiss-Wright
Sales

CONTACT SALES

Contact our sales team today to learn more about our products and services.

YOUR LOCATION

PRODUCT INFORMATION

Support

GET SUPPORT

Our support team can help answer your questions - contact us today.

REQUEST TYPE

SELECT BY

SELECT Topic