Recent years have seen significant growth of NSA’s Commercial Solutions for Classified (CSfC) program.
The CSfC Program uses the production volume of commercial vendors in order to provide alternatives to existing methods of achieving secure transmission of classified data. In doing so, it allows the organizations that use it to more efficiently meet their security needs and provides some benefits over Type 1 and government-off-the-shelf solutions.
CSfC Trusted Integrators
Proper implementation of CSfC requires at least half a dozen components from different vendors in which each component within your final product will need to be CSfC approved.
If you’re daunted by the very prospect of getting started, NSA also provides a list of Trusted Integrators - third-party contractors who have met a strict set of criteria. These organizations can help you navigate the CSfC process, offering their assistance and technical expertise along the way.
CSfC Trusted Integrators have strong relationships both with the clients they serve and a deep understanding of many components on the CSfC Approved Component List. All trusted integrators are individually vetted by the CSfC project management office (PMO) prior to inclusion on the list.
While it is not required to use a CSfC Trusted Integrator to build your solution, it is highly encouraged by CSfC and will improve your chances of getting a solution registered quickly.
The expertise of Trusted Integrators is invaluable in navigating the CSfC process and building a CSfC solution. So, we asked some of them what their most important tips are to keep in mind as you consider building your own CSfC solution.
Advice from CSfC Trusted Integrators
Find expert advice from these CSfC Trusted Integrators:
- Jon Korecki: Vice President, Cybersecurity at Viasat Inc.
- Chuck Reiche: Senior Vice President of Business Development at iGov
- Scott Morrison: Founder, Information Technology Architect at 4n2n Solutions, LLC
Jon Korecki: Vice President, Cybersecurity at Viasat Inc.
Jon shares: "The best advice I can give is to use a trusted integrator and preferably one that also has type 1 experience.
Why, you ask? Because, I have seen many a customer struggle with their systems integrator, already on contract, and end up spending significantly more time and money to complete it than if they had used an expert.
Also, the reason for using someone with type 1 experience is, if you are building something new and slightly different than any existing approved solutions, then having that security insight and expertise will help you avoid hidden pitfalls you otherwise would have missed, causing multiple submissions with NSA."
About Viasat Inc.: "Viasat Inc. (NASDAQ: VSAT) is a global communications company that believes everyone and everything in the world can be connected. We’re developing the ultimate communications network to power high-quality, secure, affordable, fast connections to impact people’s lives anywhere" (source).
Read the Complete CSfC Guide
Your Complete Guide to Building a CSfC Approved Solution.
Chuck Reiche: Senior Vice President of Business Development at iGov
Chuck shares: "Most organizations are looking to implement a CSfC solution as a means to provide a specific capability. Success with CSfC really boils down to one word, and that word is collaboration.
When working with a Trusted Integrator, you should prepare yourself to communicate and articulate your requirements. A good Trusted Integrator will help you delineate between 'requirements' and 'desirements,' identify technology gaps, explain the process, and shepherd the package through to approval.
You should be not just comfortable, but aggressive, with sharing your needs early on with your Trusted Integrator. Our job is to translate your requirements into architectures and solutions that will provide the capability you need as well as solve any process and certification challenges you may have, and collaboration makes that possible."
About iGov: "iGov is an efficient, lean organization with an eye on the future. We provide our customers more services for less cost and with faster response times than our competition" (source).
Read the Case Study: CSfC Case Study
Attila’s GoSilent implemented as a secure, portable, low cost, high-bandwidth VPN for CSfC communications campus-wide.
Scott Morrison: Founder, Information Technology Architect at 4n2n Solutions, LLC
Scott shares: "The most important tip I can offer is to make sure you understand the process of building and submitting a CSfC solution before you start.
Most people I work with ask what the process is, and want to understand how long it will take and how much money it will cost to complete. Most organizations don’t really understand the depths of what is required before jumping in.
Get started by understanding the basics and work with an integrator to understand your use case. You should make sure your integrator works in milestones and you have a good idea of what to expect at each milestone. Ideally, you should be paying in incremental steps of the process with your integrator rather than all up front."
About 4n2n Solutions, LLC: "4n2n Solutions, LLC is a global professional Information Technology consultant and advisory company with services that specialize in the technical design, development, implementation and maintenance of secure network solutions" (source).