Today’s defense and aerospace platforms are required to protect critical data-at-rest (DAR) from unauthorized access. Curtiss-Wright offers cost-effective, proven, and certified commercial off-the-shelf (COTS) storage solutions that match various data security requirements, including National Security Agency (NSA) Type 1, NSA Commercial Solutions for Classified (CSfC), Common Criteria (CC), and FIPS 140-2.
DAR Encryption Solutions
Following the NSA government off-the-shelf (GOTS) approach, Curtiss-Wright offers DAR solutions with Type 1 encryption. As well, following the NSA COTS approach, Curtiss-Wright offers DAR solutions with CSfC and CC encryption. For simpler encryption requirements, Curtiss-Wright offers a FIPS encryption DAR approach. Note that the Type 1-based GOTS solutions are International Traffic in Arms Regulation (ITAR)-controlled and the CSfC, CC, and FIPS solutions are not ITAR-controlled.
NSA Type 1
A Type 1 product is a Classified or Controlled Cryptographic Item (CCI) endorsed by the NSA for securing classified and sensitive U.S. Government information, when appropriately keyed. The term refers only to products, and not to information, key, services, or controls. The Type 1 products below contain approved NSA algorithms and are available to U.S. Government users, their contractors, and federally sponsored non-U.S. Government activities subject to export restrictions in accordance with ITAR.
|UNS-Unattended Network Storage|
NSA CSfC and Common Criteria
CSfC is an important part of NSA’s commercial cybersecurity strategy to deliver secure solutions that leverage commercial technologies and products to deliver cybersecurity solutions quickly. The CSfC program is founded on the principle that properly configured, layered solutions can provide adequate protection of classified data in a variety of different applications. NSA has developed, approved, and published solution-level specifications called Capability Packages (CPs), and works with technical communities from across industry, governments, and academia to develop and publish product-level requirements in U.S. Government Protection Profiles (PPs).
For CSfC approval, a DAR component must complete CC certification. In the U.S., the CC certification process is managed by NIAP and the certifications are recognized by 29 other Common Criteria Recognition Agreement (CCRA) member countries. The CCRA was formed to produce a set of stringent standards for IT products and to allow certification in one country, to apply in another country without re-validation.
Thanks to CSfC, system designers can now deploy a COTS solution with encrypted data protection in a matter of months and at a fraction of the cost typically required to achieve certification for more sensitive Type 1 products. As an alternative, CSfC defines an approach for protecting critical data using two-layer commercial encryption technologies. In many cases, system integrators considering a Type 1 approach may be pleasantly surprised to find that their application can instead use the pre-approved and less-costly CSfC approach.
|Common Criteria Recognition Arrangement (CCRA) countries|
The products below incorporate two COTS full disk encryption layers (hardware and software) which have been certified by NIAP for CC and approved by the NSA for the CSfC Component List. These products can protect data at top secret and below as defined by NSA in the DAR Capability Package.
|Data Transport System 1-Slot (DTS1)|
|Compact Network Storage 4-Slot (CNS4)|
NIST FIPS 140-2
Federal Information Processing Standard (FIPS) Publication 140-2 issued by National Institute of Standards and Technology (NIST) is used to accredit cryptographic modules. The products below are FIPS validated using the Advanced Encryption Standard (AES) and a 256-bit encryption key; sensitive data can be protected as prescribed by the FIPS criteria. FIPS 140-2 is used to secure sensitive but unclassified (SBU) information.
|Compact Network Storage 2-Slot With Fibre Channel (CNS2-FC)|
|Data Transport System 3-Slot (DTS3)|
|Data Transport System 1-Slot Non-Certified (DTS1)|
|Compact Network Storage 4-Slot Non-Certified (CNS4)|