At Attila Security, we have superior tools and resources for government agencies and businesses alike. Often, when approaching cybersecurity, it’s difficult to differentiate between military grade encryption and NIAP approval.
To begin with, these are not interchangeable terms. The challenge lies in the fact that “military grade encryption” is, in fact, a largely undefined designation. Without specificity, it’s easiest to start with the more clearly-defined categorization (NIAP) and then provide useful distinctions between the two.
National Information Assurance Partnership (NIAP)
The National Information Assurance Partnership is an initiative by the United States Government. It is responsible for defining and implementing standards for secure and compliant products used within government agencies. The NIAP manages the Common Criteria Evaluation and Validation Scheme (CCEVS) body of validators. This includes national programs that develop evaluation methodologies, policies and Protection Profiles. The goal of these activities are to ensure that requirements are achievable, repeatable and testable, guaranteeing reliable levels of security.
NIAP plays a few roles and functions collaboratively with international tech communities and industry representatives. Academic partners, government partners and end users often participate in labs and test arrangement schemes. The NIAP is also actively involved with NATO and ISO to share findings and enhance protection on a global scale.
One of the key ways the NIAP applies its findings is through evaluating and certifying products. Based on established criteria, products may or may not align with and obtain levels of certification. This provides a standardization for technology used both within the government and in businesses.
Military Grade Encryption
While the phrase is used in various ways, military grade encryption often relates to security processes for national security data. This can (and commonly does) refer to Advanced Encryption Standard, or AES. AES has different key sizes:
- AES-128: secret, unclassified information
- AES-256: top secret, classified information
Typically, it would be required of the entity handling the information to adhere to the standard of the topmost classification level of information.
NIAP Approved Products
Here is the important distinction: not all NIAP compliant products have military grade encryption, although some do. The technical details of an NIAP approved product will state whether or not the product also has AES data encryption.
It is possible to search the NIAP database for certified or approved products. The types of products that should be approved by the NIAP include:
- Encrypted Storage
- Email Clients
- Multi Function Devices
- Remote Access
- SIP Servers
- Virtual Private Networks
NIAP and Military Grade VPNs
One example of how approved products may use both terms is in military grade Virtual Private Networks (VPNs). VPNs used in military communication have to meet several criteria, including NIAP and CSfC certifications. The encryption requirements are in place to ensure national security. In addition to meeting the NIAP standards, the term “military grade encryption” here may refer to CSNA (military-grade) encryption and relate to NIST algorithm verification.
It’s easy to see how these terms are often confused, as they tend to relate to similar products or are relevant in describing different features of the same product.
Read the Case Study: Securing Mobile Comms Kits
Attila’s GoSilent provides a low cost, high bandwidth solution to protect data, voice and video communications in comms kits.
Secure VPNs for Government Agencies and Businesses
More than ever, the idea of creating streamlined and utterly reliable VPNs is relevant. Both businesses and government agencies have adapted to a long-stretch of remote workers. When those workers must handle or access sensitive or classified information, a lot is at stake.
As requirements continue to develop, it’s vital that any operator with security in mind finds the right product.
Attila GoSilent Cube: NIAP Approved
Our latest offering, the GoSilent Cube, is an NIAP-approved product.
Achieving commercial cybersecurity product certification was an important step for us to ensure the best offering to the businesses and agencies we serve. Attila’s GoSilent Cube is NIAP-approved under the VPN Gateway Protection Profile. Go here to learn more about the GoSilent Cube.