Labgram #114, CSfC Updates
NIAP has added a new database feature when proposing a new evaluation project to support increased collaboration with the Commercial Solutions for Classified (CSfC) Program. If interested in pursuing CSfC, a vendor must now identify the planned CSfC component(s) at the time an evaluation project is proposed.
The CSfC Program would like to remind all interested parties that when deciding whether a particular product is appropriate for CSfC, NSA considers the totality of circumstances known to NSA, including NIAP evaluation, the vendor's past willingness to fix vulnerabilities, supply chain, foreign ownership, control or influence, the proposed uses of the product under consideration, and any other relevant information available to NSA. Vendors of products submitted for consideration under the CSfC process will be notified of NSA's decision on a product-by-product basis.
In addition, for vendors utilizing a U.S. Common Criteria Testing Laboratory (CCTL), the product will not be added to the Components List until the NIAP evaluation is in process. For vendors utilizing a foreign CCTL, the product will not be added to the Components List until the Common Criteria evaluation is complete and the Product is posted to NIAP's Product Compliant List (PCL).
More information can be found at CSfC's webpage here: https://www.nsa.gov/Resources/Commercial-Solutions-for-Classified-Program/Components-List/
If you have any questions or concerns, please contact us at 410-854-4458 or by email firstname.lastname@example.org.