Curtiss-Wright’s Defense Solutions division today announced that it has formally commenced the Common Criteria (ISO-15408) certification process for its Data Transport System (DTS1) Network Attached Storage (NAS) storage device.
The rugged single-slot data recorder is the embedded industry’s first commercial-off-the-shelf (COTS) data-at-rest (DAR) storage solution designed to support Commercial Solutions for Classified (CSfC) 2-Layer Encryption. CSfC 2-Layer Encryption is an NSA-approved approach for protecting classified National Security Systems (NSS) information in aerospace and defence applications that uses cost-effective commercial encryption technologies in a layered solution.
In order to accelerate the protection of Top Secret data, the NSA established the CSfC programme as an alternative approach to Type 1 encryption. By incorporating a 2-Layer encrypted CSfC solution, system integrators can significantly reduce the cost and time to develop and deploy secure DAR solutions. The small form-factor DTS1 is designed to store and protect large amounts of data on helicopters, unmanned aerial vehicles (UAV), unmanned underwater vehicles (UUV), unmanned ground vehicles (UGV), and intelligence surveillance reconnaissance (ISR) aircraft that require the protection of sensitive DAR.
“We are very proud to announce that we have begun the Common Criteria certification process for our DTS1 product, the industry’s first rugged network attached storage device to support 2 layers of encryption as described in NSA’s Data-at-Rest Capability Package,” said Lynn Bamford, Senior Vice President and General Manager, Defense Solutions division.
“Use of the DTS1, with its software and hardware encryption layers, will ease and speed the ability of system designers to protect Top Secret data with an NSA-approved cost-effective alternative to Type 1 encryption.”
To achieve NSA approval, COTS-based encryption components first require evaluation by the National Information Assurance Partnership (NIAP), the agency that oversees US implementation of the Common Criteria validation of commercial IT products for use in national security systems. After beginning the Common Criteria evaluation process, the COTS component vendor can then commence the NSA’s CSfC review process in parallel.
Upon successful completion of the Common Criteria evaluation, the results are then validated by NIAP and a Common Criteria certification is posted. NSA CSfC review and approval are the next steps. Then the DTS1 can be added to the NSA’s CSfC Components List and proposed in a layered CSfC solution by an integrator.
Selecting a pre-approved device from the CSfC Components List enables system architects to rapidly design a COTS encryption solution and begin their system development, saving significant development cost and time, while also greatly reducing their programme risk.
The NIAP evaluation is structured to meet the Common Criteria Evaluation and Validation Scheme (CCEVS) and is conducted by a commercial testing lab accredited under the National Voluntary Laboratory Accreditation Program (NVLAP). The DTS1 NAS system is being evaluated by Gossamer Laboratories’ Common Criteria Testing Laboratory, one of the nation’s leading evaluation and testing laboratories approved by the NIAP to conduct testing and evaluation for Common Criteria and other certifications critical to US Government customers.