CSfC Trusted Integrator


The National Security Agency/Central Security Services (NSA/CSS) is developing new ways to leverage emerging technologies to deliver more timely Information Assurance (IA) solutions for rapidly evolving customer requirements. The NSA/CSS’s Commercial Solutions for Classified (CSfC) process enables commercial products to be used in layered solutions to protect classified NSS information. This process provides the ability to securely communicate, based on commercial standards, with a solution that can be fielded in months, rather than years.

What does it mean to be a ‘CSfC Trusted Integrator’?

A CSfC Trusted Integrator designation means the organization has demonstrated they have the staff and processes in place to architect, design, integrate, document, field, and support systems which meet the requirements within the CSfC program and specifically within a CSfC capability package.

Information Assurance Capabilities - Criteria for Integators

How does an organization become a ‘CSfC Trusted Integrator’?

To become a CSfC Trusted Integrator, a organization must complete the NSA application.

The application requests information about processes, testing methodology, and specific levels of personnel required for the ‘Trusted Integrator’ title. Once this form has been submitted to the NSA, a meeting is scheduled with the CSfC Program Management Office (PMO) and the organization. The PMO asks a number of questions to understand the level of knowledge of the CSfC Capability Packages and the company’s commitment to testing documentation and assisting a government organization in implementing a CSfC solution.

What services does this title help MAG provide?

Using the CSfC Campus Wireless Capability Package, MAG has implemented the first full implementation of secure (SIPR) wireless within the Department of Defense. MAG has not only met the criteria for being a CSfC Trusted Integrator but has had a wireless CSfC registrations approved since 2014. Beyond Campus, MAG has the expertise and experience to provide a government client a turn-key solution for any of the four capability programs – Campus Wireless, Mobility Access (MA), Multi-Site Connectivity (MSC), and Data at Rest (DAR). What differentiates MAG from other CSfC Trusted Integrator is our practical experience with the full CSfC process and our relationship with the CSfC teams.

What prior experience makes MAG qualified to provide this service?

Campus WLAN

What is Public Keying Infrastructure?

One of the key components to any of the CSfC capability programs is the use of Public Keying Infrastructure (PKI). You have undoubtedly experienced this when using the web and seeing a ‘pop-up’ about a certificate. Normal government encryption uses symmetric keys, for example, the same key is used on both sides using a single key for government ‘type’ encryptors. With PKI, an asymmetric key is used with a public key and private keys used.  The PKI architecture that a government customer must develop includes root certificate authority which is maintained but is offline from the network and enterprise certificate authorities which provides the keys for servers and clients. Within the government sector, customers use their Common Access Cards (CAC) to access their NIPRnet. The CAC has a ‘certificate’ embedded which is authenticated through enterprise servers on the NIPR network. Within the CSfC capability packages using the dual tunnel architecture, the government customer needs to understand the nuances of a PKI architecture for both tunnels.

Within the CSfC architecture there are always three networks referenced – Black, Gray, and Red. The Red network is the classified network being supported which means it has no encryption, the Black network is the transport which requires both encrypted tunnels, and the Gray network terminates one of the encryption tunnels, therefore only having only a single encryption for the data. The take away point is that a customer needs to be aware of the additional network ‘Gray’ that must be created and consider the additional management/manpower that may be involved. MAG has identified this and worked with the CSfC on the ‘Enterprise Gray Network’ concept in part working on the overall management of this new network.

Trusted CSfC Integrator Logo

CSfC Trusted Integrator POC’s

John Doe, Management
(703) 376-8993

John Doe, Management
(703) 376-8993
Email: [email protected]

Additional information on the at www.nsa.gov.

MAG 2016 Annual Report

MAG’s 2016 Annual Report highlights our expanding capabilities, customers, and contracts as one of the fastest growing companies in aerospace, defense, and government services. The Report summarizes MAG operations, training, and technical services worldwide as the leading independent provider of manned/unmanned full-spectrum outsourced ISR services.

Download Report