CSfC – Commercial Solutions for Classified

GoSilent delivers a CSfC-certified plug-and-play security solution for classified and unclassified communication when using the public Internet.

To protect national security, the NSA sets strict criteria for accessing classified networks. Previously, device approval required configuration with custom firewalls and virtual private networks (VPNs). The end result was high development and maintenance costs for these COMSEC / Type 1 products. The Commercial Solutions for Classified (CSfC) program was established in order to enable U.S. government agencies and their customers to take advantage of affordable and readily available commercial off-the shelf (COTS) IT solutions that meet the NSA’s stringent security guidelines for the transmission of classified data.

Since different businesses and agencies have different operational requirements, the CSfC program established Capability Packages to help organizations quickly identify and evaluate those products that meet their specific mission and security requirements. At present, there are Capability Packages for Data at Rest, Mobile Access, Campus WLAN and Multi-Site Connectivity.

Double Encryption
At The Edge

The NSA Capability Package for mobile access calls for three firewalls, Red (inner tunnel), Gray (middle tunnel) and Black (outer tunnel) and double encryption as shown here.

For the highest level of protection, a virtual private network (VPN) creates a secure link with the first of three firewalls – the first sits in the “outer tunnel”, the second sits in the “middle tunnel” and the third  in the “inner tunnel”. Before entering the IPSec tunnel, the data is encrypted twice. Encrypted data packets travel from the device through the first firewall. If they are found to meet the security parameters, they are encrypted twice – by the outer VPN and by the inner encryption component. Then, once received, the data packet is decrypted twice – by the inner encryption component and the outer VPN. The outer tunnel or “black network” may be operated by an untrusted third party and connection may be made through public WiFi. Products that meet the CSfC standards associated with this technology combination of firewall and double encryption are certified for protecting NSS data.

GoSilent meets the NSA criteria for mobile access and offers a dedicated, plug-and-play outer VPN and firewall, thereby eliminating the need to download and integrate software for both outer and inner VPNs. GoSilent also integrates seamlessly with any previously installed software such as Microsoft Outlook. The outer tunnel meets IPSec IKEv2 standards with CSNA Suite B encryption. GoSilent’s double layered protection enables classified communications anytime and anywhere – even over public WiFi.

Flexible Use

In the past, senior level military personnel or government executives required technical teams to set up a secure communications channel. With GoSilent’s plug-and play set-up, secure communications and data transmission are available in minutes without the need for complex reconfigurations. The solution is highly flexible, connecting to smartphones, laptops, tablets or any IoT device. Security can also be extended to a VoIP phones, teleconferencing terminal or video cameras.

Read our product overview and customer use cases to learn more about how GoSilent secures the privacy and security of government agencies and enterprises in any sector.