Operational Mission Needs and IT Security Reviews For Operational Systems


capabilitypackageAny warfighter that has ever tried to implement an innovative IT solution to a real world problem has run up against the seemingly endless requirements imposed on solutions in the name of security. Of course, we understand the necessity of this, but it can often be quite frustrating when a solution seems so close at hand (technically feasible, financially attainable), but is so far away in implementation. And too frequently the many checks and paperwork drills seem to be very disconnected from any real security needs.

I recently met with some folks at NSA that are trying hard to improve that. Mr. Jerry Watkins, the Communications and Outreach Manager for the Commercial Solutions for Classified Program (CSfC) Office has developed a promising solution. Recognizing that the rate of technology change will always stay ahead of the ability of existing proprietary solutions to keep up, he has designed a layered approach to commercial products. Standards-based from the start, solutions are preapproved in “capability packages” that are vendor agnostic. The user can use this capability package, which points to approved vendor devices that meet NSA requirements.

As DoD works more with our coalition partners, these solutions are available to international partners, as well as internal DoD. Because they are based on the latest commercial technologies available, there is a great opportunity for innovative solution providers to push their products forward.

The technology pieces of a capability package will be subjected to a prequalification, with US government protection profiles and commercial lab testing. If the product is approved, CSfC includes that product in their list and an MOA is developed between vendor and NSA. Having all of this work done before the solution is needed is a great advantage.

The desired outcome, of course, is fielded solutions that are useful and grow throughout the warfighters community. A successful solution will be integrated into the way our forces operate and be included in operational CONOPS. So far, NSA has had great success with some needed, repeatable solutions such as multi-site VPNs, campus WIFI’s, and mobility secure VoIP.

Original post

Leave a Comment

Leave a comment

Leave a Reply