CSfC Components List

Skip to Components List Index

Customers select products from this listing to satisfy the reference architectures and configuration information contained in published Capability Packages. Customers must ensure that the components selected will permit the necessary functionality for the selected architecture.

For some technologies, the CSfC program requires specific, selectable requirements to be included in the Common Criteria evaluation validating that the product complies with the applicable NIAP-approved protection profile(s). Some selections, which are not required for the product to be listed on the NIAP Product Compliant List, are mandatory selections for products that are to be listed on the CSfC Components List.

To see the selectable requirements, go to the CSfC Components List and click on the links for IPSec VPN Gateways, IPSec VPN Clients, WLAN Clients, WLAN Access Systems, Certificate Authorities, MDM, SW FDE, Mobile Platforms, SIP Servers and VoIP Applications.

Open source components may be listed, provided they have a responsible sponsor, and an NSA-approved plan for, taking a component through Common Criteria evaluation and sustainment of the component. Customers wishing to use open source components should contact us with their evaluation and sustainment plans and the responsible parties for each.

Which protection profiles are published and which are in development?

View a current listing of NIAP approved U.S. Government Protection Profiles.

View a listing of U.S. Government Protection Profiles currently in development.

Additional information about NIAP and the Common Criteria Evaluation and Validation Scheme.

What is the process to get a commercial product CSfC-listed?

Vendors who wish to have their products eligible as CSfC components of a composed, layered information assurance solution must build their products in accordance with the applicable US Government approved Protection Profile(s) and submit their product using the Common Criteria Process.
For vendors utilizing either a U.S. Common Criteria Testing Laboratory (CCTL) or a foreign CCTL, the Product will not be added to the Components List until the NIAP/Common Criteria evaluation is in complete and the Product is posted to NIAP's Product Compliant List (PCL).

Vendors interested in having their products eligible as CSfC Components should notify NSA (csfc_components@nsa.gov) of your intent during the initial stage of the process (i.e. preferably during product development and before contracting to complete an evaluation). Vendors are encouraged to contact NSA with any questions or issues related to CSfC selections for Components and/or the CSfC Components List Process. NSA's objective is to collaborate with vendors to support the addition of suitable products to the CSfC Components List.

In deciding whether a particular product is appropriate for CSfC, NSA considers the totality of circumstances known to NSA, including the vendor's past willingness to fix vulnerabilities, supply chain, foreign ownership, control or influence, the proposed uses of the product under consideration and any other relevant information available to NSA. Vendors of products submitted for consideration under the CSfC process will be notified of NSA's decision on a product-by product basis.

The vendor will enter into a Memorandum of Agreement (MoA) with NSA. The MoA specifies that the vendor's product must be NIAP certified and that the vendor agrees to fix vulnerabilities in a timely fashion. The MoA may also reference technology-specific selections for NIAP testing.

Interested vendors must complete and submit the CSfC Questionnaire (PDF) for each product. Please submit completed questionnaires via email.

An Update to the Manufacturer Diversity Requirement

The manufacturer diversity requirement for CSfC layered solutions has been modified to permit, subject to certain conditions, single-manufacturer implementations of both layers. The manufacturer must show sufficient independence in the code base and cryptographic implementations of the products used to implement each layer. To demonstrate this, a manufacturer must document the similarities and differences between the two products, to include cryptographic hardware components, software code base (i.e. operating system), software cryptographic libraries, and development teams. It is a fundamental requirement that the code bases of the two products be significantly different. Additionally, the vendor must document measures taken to ensure that supply chain risk is no greater than would be the case for products from two different vendors. NSA will review the information and determine whether the documentation is sufficient to meet the requirements for independent layers. Manufacturer diversity will continue to be accepted to constitute independent layers.

Please contact the CSfC PMO at csfc_components@nsa.gov for approved Independence Layer Approval letters.

Curtiss-Wright DTS1 Implementation Independence Letter
- (1) The Curtiss-Wright DTS1 Hardware Encryption Layer (v5.4)
- (2) The Curtiss-Wright DTS1 Software Encryption Layer (v3.01.00)
Samsung Electronics Co., Ltd
- (1) Platform Encryption: Samsung Galaxy Devices on Android 13
- (2) File Encryption: Samsung Knox File Encryption 1.5
Galleon Embedded Computing
- (1) Galleon Embedded Computing XSR and G1 Hardware Encryption Layer
- (2) Galleon Embedded Computing XSR and G1 Software Encryption Layer

Vendors who wish to submit a statement may do so via email.

Components List Index

Archived Components List
Authentication Server
Certificate Authority
Client Virtualization Systems
E-mail Clients
End User Device / Mobile Platform
File Encryption
Hardware Full Drive Encryption
IPS
IPsec VPN Client
IPsec VPN Gateway
MACSEC Ethernet Encryption Devices
MDM
Session Border Controller
Enterprise Session Controller
Software Full Drive Encryption
TLS Protected Servers
TLS Software Applications
Traffic Filtering Firewall
VoIP Applications
Web Browsers
WIDS/WIPS
WLAN Access System
WLAN Client

Vendor	Model	Version	CNSSP-11 Compliance	Certification Date
Samsung Electronics Co., Ltd.	Samsung Galaxy Devices on Android 13 – Fall (Galaxy Z Flip5 5G, Galaxy A52 5G, Galaxy A71 5G, Galaxy Tab Active3 and Galaxy S23 FE	Android 13	NIAP Validation Completed (at Gossamer)	2023.10.23
Zebra Technologies	Zebra Devices on Android 13	Android 13	NIAP Validation Completed (at Gossamer)	2024.08.08
Samsung Electronics America	Samsung Galaxy Devices on Android 14-Spring (Galaxy S24 Ultra 5G, Galaxy S24 5G, Galaxy S23 Ultra 5G, Galaxy S22 Ultra 5G, Galaxy S22 5G, Galaxy S21 Ultra 5G, Galaxy XCover6 Pro, Galaxy Tab Active5)	Android 14	NIAP Validation Completed (at Gossamer)	2024.05.06
Google LLC	Pixel Devices (8 Pro, 8, Fold, Tablet, 7 Pro, 7, 7a, 6 Pro, 6, 6a and 5a-5G)	Android 14	NIAP Evaluation Completed (at Gossamer)	2024.03.27

Vendor	Model	Version	CNSSP-11 Compliance	Certification Date
Samsung Electronics Co, Ltd.	Samsung Android 13 with Knox 3.9 (see hardware models at NIAP link)	v1.5	NIAP Validation Completed (at Gossamer)	2023.03.23
Samsung Electronics Co., Ltd	Samsung Knox File Encryption 1.5 - Fall	v1.5	NIAP Validation Completed (at Gossamer)	2023.11.07
Samsung Electronics Co., Ltd	Samsung Knox File Encryption v1.6.0	v1.6.0	NIAP Validation Completed (at Gossamer)	2024.03.27
Samsung Electronics Co., Ltd	Samsung Knox File Encryption v1.6.0- Fall	v1.6.0	NIAP Validation Completed (at Gossamer)	2024.11.27

Vendor	Model	Version	CNSSP-11 Compliance	Certification Date	Notes
Cigent Technology Inc	Cigent PBA Software*	v1.0.6	NIAP Validation Completed (at Lightship Security)	2023.10.24	AA
Curtiss-Wright Defense Solutions	Data Transport System 1-Slot (DTS1) Hardware Encryption Layer	v5.4	NIAP Validation Completed (at Gossamer)	2023.04.04
Digistor	DIGISTOR TCG OPAL SSC FIPS SSD Series*	vSCPG13.0/ECPG13.0/ECPM13.1	NIAP Validation Completed (at Lightship Security)	2023.03.14	EE
Galleon Embedded Computing	XSR and G1 Hardware Encryption Layer	v4.0.11	NIAP Validation Completed (at Gossamer)	2022.07.28
Curtiss-Wright Defense Solutions	Data Transport System 1-Slot Plus Hardware Encryption Layer	v1.1.0	NIAP Validation Completed (at Gossamer)	2024.04.24
Seagate Federal Inc	Seagate® Secure NVMe Self-Encrypting Drives		NIAP Validation Completed (at Leidos)	2024.04.25	EE
KLC Group	KLC Advantech Drives*	Firmware Version: SCPB13.0/ECPB13.0	NIAP Validation Completed (at Lightship Security)	2024.06.25	EE
KLC Group	CipherDriveOne*	v2.0.1	NIAP Validation Completed (at Lightship	2024.06.27	AA
NetApp, Inc	NetApp Storage Encryption (NSE)	ONTAP 9.14.1	NIAP Validation Completed (at Leidos)	2024.11.18	AA
Curtiss-Wright Defense Solutions	XMC NVME Encryptor	v1.0.0	NIAP Validation Completed (at Gossamer)	2024.11.05	AA and EE

Vendor	Model	Version	CNSSP-11 Compliance	Certification Date
Juniper	vSRX3.0	Junos OS 22.2R2	NIAP Validation Completed (at Acumen)	2024.01.22
Juniper	Junos OS 22.2R1 for SRX Series (SRX300, SRX320, SRX340, SRX345, SRX345-DUAL-AC, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800)	22.2R1	NIAP Validation Completed (at Teron Labs)	2023.10.13
Palo Alto Networks	Next Generation Firewall (PA-410, PA-410R-5G, PA-415, PA-415-5G, PA-440, PA-445, PA-450, PA-450R, PA-450R-5G, PA-455, PA-460, PA-820, PA-850, PA-1410, PA-1420, PA-3220, PA-3250, PA-3260, PA-3410, PA-3420, PA-3430, PA-3440, PA-5220, PA-5250, PA-5260, PA-5280, PA-5410, PA-5420, PA-5430, PA-5440, PA-5445, PA-5450, PA-7050, PA-7080, PA-7500, VM-50, VM-100, VM-300, VM-500, VM-700	PAN-OS 11.1	NIAP Validation Completed (at Leidos)	2024.09.19

Vendor	Model	Version	CNSSP-11 Compliance	Certification Date	Notes
Cisco	AnyConnect for Android 12	v5.0	NIAP Validation Completed (at Gossamer)	2023.07.26
Cisco	Secure Client - AnyConnect 5.0 for iOS 16	v5.0	NIAP Validation Completed (at Gossamer)	2023.10.06
Cisco	Secure Client AnyConnect 5.0 for Windows 10	v5.0	NIAP Validation Completed (at Gossamer)	2023.12.19
Samsung Electronics Co., Ltd.	Samsung Galaxy Devices on Android 13 – Fall (Galaxy Z Flip5 5G, Galaxy A52 5G, Galaxy A71 5G, Galaxy Tab Active3 and Galaxy S23 FE	Android 13	NIAP Validation Completed (at Gossamer)	2023.10.23
DataSoft Corp	Secure Tactical VPN Client for Android	v2.3.7	NIAP Validation Completed (at Gossamer)	2023.08.14	For Tactical Use Only
Cisco	Secure Client- AnyConnect 5.1 for Red Hat Enterprise Linux 8.2	AnyConnect 5.1 for Red Hat Enterprise Linux 8.2	NIAP Validation Completed (at Gossamer)	2024.06.25
Samsung Electronics America	Samsung Galaxy Devices on Android 14-Spring (Galaxy S24 Ultra 5G, Galaxy S24 5G, Galaxy S23 Ultra 5G, Galaxy S22 Ultra 5G, Galaxy S22 5G, Galaxy S21 Ultra 5G, Galaxy XCover6 Pro, Galaxy Tab Active5)	Android 14	NIAP Validation Completed (at Gossamer)	2024.05.06

Vendor	Model	Version	CNSSP-11 Compliance	Certification Date	Notes
Apriva ISS, LLC.	Apriva MESA VPN	v3.0	NIAP Validation Completed (at Gossamer)	2023.07.31
Juniper	vSRX3.0	Junos OS 22.2R2	NIAP Validation Completed (at Acumen)	2024.01.22
Juniper	Junos OS 22.2R1 for SRX Series (SRX300, SRX320, SRX340, SRX345, SRX345-DUAL-AC, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800)	22.2R1	NIAP Validation Completed (at Teron Labs)	2023.10.13
DataSoft Corp	DataSoft Radio Access Point (RAP)-117	HW v2.0 and FW v2.2.0	NIAP Validation Completed (at Gossamer)	2023.07.26	For Tactical Use Only
Cisco	Embedded Services Router (ESR) 6300 v17.12 (ESR-6300-CON-K9, ESR-6300-NCP-K9)	v17.12	NIAP Validation Completed (at Gossamer)	2024.06.14
Aruba	Remote Access Points and Mobility Controllers (7210, 7220, 9004, 303H, 503H, and 505H)	ArubaOS 8.10	NIAP Validation Completed (at Lightship)	2023.11.20
Palo Alto Networks	Next Generation Firewall (PA-410, PA-410R-5G, PA-415, PA-415-5G, PA-440, PA-445, PA-450, PA-450R, PA-450R-5G, PA-455, PA-460, PA-820, PA-850, PA-1410, PA-1420, PA-3220, PA-3250, PA-3260, PA-3410, PA-3420, PA-3430, PA-3440, PA-5220, PA-5250, PA-5260, PA-5280, PA-5410, PA-5420, PA-5430, PA-5440, PA-5445, PA-5450, PA-7050, PA-7080, PA-7500, VM-50, VM-100, VM-300, VM-500, VM-700	PAN-OS 11.1	NIAP Validation Completed (at Leidos)	2024.09.19
Persistent Systems LLC	Wave Relay® Devices (WR-5100, WR-5200, WR-5250, WR-GVR5-SYS, WR-INT-ANT-SYS)	v1.0	NIAP Validation Completed (at Gossamer)	2025.03.27
Cisco	Adaptive Security Appliance (ASA) on Secure Firewall 3100 Series (FPR 3105, FPR 3110, FPR 3120, FPR 3130, FPR 3140)	ASA 9.20	NIAP Validation Completed (at Gossamer)	2025.01.06
Cisco	Adaptive Security Appliance (ASA) on Firepower 1000 Series (FPR 1010, FPR 1010E, FPR 1120, FPR 1140, FPR 1150)	ASA 9.20	NIAP Validation Completed (at Gossamer)	2024.11.14
Cisco	Adaptive Security Appliance (ASA) on Firepower 2100 Series (FPR 2110, FPR 2120, FPR 2130, FPR 2140)	ASA 9.20	NIAP Validation Completed (at Gossamer)	2024.11.14

Vendor	Model	Version	CNSSP-11 Compliance	Certification Date
Cisco	Catalyst 9200 and 9200L Series Switches running on IOS-XE v17.9 (C9200-24T, C9200-48T, C9200-24P, C9200-48P, C9200-24PB, C9200-48PB, C9200-24PXG, C9200-28PXG, C9200-NM-4G, C9200-NM-4X, C9200-NM-2Y, C9200-NM-2Q, C9200L-24P-4G, C9200L24P-4G, C9200L-48P-4G, C9200L-48PL-4G, C9200L-24P-4X, C9200L-48P-4X, C9200L-48PL-4X, C9200L-24T-4G, C9200L-48T-4G, C9200L-24T-4X, C9200L-48T-4X, C9200L-24PXG-2Y, C9200L-48PXG-2Y, C9200L-24PXG-4X and C9200L-48PXG-4X	v17.9	NIAP Validation Completed (at Gossamer)	2023.07.25
Cisco	Cisco Catalyst 9300/9300L/9400/9500/9600 Series Switches running IOS-XE 17.9 (C9300-24T, C9300-48T, C9300-24P, C9300-48P, C9300-24U, C9300-48U, C9300-24UX, C9300-48UXM, C9300-48UN, C9300-24S, C9300-48S, C9300D-24UB, C9300D-48UB, C9300D-24UXB, C9300-24H, C9300-48H, C9300NM-4G, C9300-NM-8X, C9300-NM-2Q, C9300-NM-4M,C9300NM-2Y, C9300L-24T-4G, C9300L-48T-4G, C9300L-24P-4G, C9300L-48P-4G, C9300L-24T-4X, C9300L-48T-4X, C9300L-24P-4X, C9300L-48P-4X, C9300L-48PF-4G, C9300L-48PF-4X, C9300L-24UXG-4X, C9300L-24UXG-2Q, C9300L-48UXG-4X, C9300L-48UXG-2Q, C9404R, C9407, C9410R Supervisor: C9400-SUP-1, C9400-SUP-1XL, C9400-SUP-1XL-Y, C400-LC-24S, C9400-LC-48S, C9400-LC-24XS, C9400-LC-48P, C9400-LC-48T, C9400-LC-48U, C9400-LC-48UX, C9400-LC-48H, C9500-12Q, C9500-24Q, C9500-40X, C9500-16X, C9500-32C, C9500-32QC, C9500-24Y4C, C9500-48Y4C, Network Modules: C9500-NM-8X, C9600-LC-48YL, C9600-LC-48TX, C9600-LC-24S	IOS-XE 17.9	NIAP Validation Completed (at Gossamer)	2023.07.18
Cisco	Cisco Catalyst 9400X and 9600X Series Switches running IOS-XE 17.9 (C9400X-SUP-2, C9400X-SUP-2XL, C9400-LC-48HX, C9400-LC-48XS, C9400X-LC-48HN, C9600X-SUP2, C9600-LC-40YL4CD, C9600X-LC-32CD)	IOS-XE 17.9	NIAP Validation Completed (at Gossamer)	2023.11.13
Cisco	Cisco Catalyst 9200CX, 9300X and 9500X Series Switches running IOS-XE 17.9 (C9200CX-12T-2X2G, C9200CX-12P-2X2G, C9200CX-8P-2X2G, C9200CX-12PD-2X2G, C9200CX-8PD-2G, C9200CX-8UXG-2X, C9300X-48HX, C9300X-48TX, C9300X-NM-4C, C9300X-NM-8M, C9300X-NM-2C, C9300X-NM-8Y, C9300X-12Y, C9300X-12Y, C9300X-24Y, C9300X-48HXN, C9300X-24HX, C9300LM-24U, C9300LM-48UX, C9300LM-48T, C9300LM-48U, C9500X-28C8D, C9500X-60L4D	IOS-XE v17.9	NIAP Validation Completed (at Gossamer)	2023.12.01
Cisco	Catalyst Industrial Ethernet 9300 Rugged Series Switches running IOS-XE 17.9 (IE-9310-26S2C, IE-9320-26S2C)	IOS-XE v17.9	NIAP Validation Completed (at Gossamer)	2023.11.08
Cisco	Embedded Services 9300 & 3300 Series Switches running IOS-XE 17.9 (ESS-3300-NCP, ESS-3300-CON ESS, ESS-9300-10X-E)	IOS-XE 17.9	NIAP Validation Completed (at Gossamer)	2023.10.04
Aruba	Aruba 6300M and 8360v2 Switch Series	v10.11	NIAP Validation Completed (at Gossamer)	2024.04.22
Cisco	Catalyst 9200/9200L Series Switches	IOS-XE 17.12	NIAP Validation Completed (at Gossamer)	2024.07.26
Aruba	Aruba 6300M and 8360V2 Series Switches	Aruba OS-CX v10.11	NIAP Validation Completed (at Gossamer)	2024.04.22
Cisco	Catalyst 9200CX/9300X/9300LM/9500X Series Switches running IOS-XE 17.12 ( C9200CX-12T-2X2G, C9200CX-12P-2X2G, C9200CX-8P-2X2G, C9200CX-8UXG-2X, C9300X-48HX, C9300X-48TX, C9300X-NM-4C, C9300X-NM-8M, C9300X-NM-2C, C9300X-NM-8Y, C9300X-12Y, C9300X-24Y, C9300X-48HXN, C9300X-24HX, C9300LM-24U, C9300LM-48UX, C9300LM-48T, C9300LM-48U, C9500X-28C8D,C9500X-60L4D)	IOS-XE 17.12	NIAP Validation Completed (at Gossamer)	2024.09.17
Cisco	Catalyst 9300/9300L/9400/9500/9600 Series Switches running IOS-XE 17.12 ( C9300L-48T-4G, C9300L-24T-4G, C9300L-24P-4G, C9300L-48P-4G, C9300L-24T-4X, C9300L-48T-4X, C9300L-24P-4X, C9300L-48P-4X, C9300L-48PF-4G, C9300L-48PF-4X, C9300L-24UXG-4X, C9300L-24UXG-2Q, C9300L-48UXG-4X, C9300L-48UXG-2Q, C9407R, C9404R , C9410R, C9400-SUP-1, C9400-SUP-1XL, C9400-SUP-1XL-Y, C9400-LC-48T, C9400-LC-24S, C9400-LC-48S, C9400-LC-24XS, C9400-LC-48P, C9400-LC-48U, C9400-LC-48UX, C9400-LC-48H, C9500-16X, C9500-32C, C9500-32QC, C9500-24Y4C, C9500-48Y4C, C9500-NM-8X, C9500-NM-2Q, C9606R, C9600-SUP-1, C9600-LC-24C,C9600-LC-48YL, C9600-LC-48TX, C9600-LC-24S)	IOS-XE 17.12	NIAP Validation Completed (at Gossamer)	2024.08.20
Persistent Systems LLC	Wave Relay® Devices (WR-5100, WR-5200, WR-5250, WR-GVR5-SYS, WR-INT-ANT-SYS)	v1.0	NIAP Validation Completed (at Gossamer)	2025.03.27
CommScope Technologies LLC	Ruckus FastIron ICX Series Switch/Router (ICX7550-48ZP, ICX7550-48P, ICX7550-48P, ICX-48F, ICX7650-48ZP, ICX7650-48P, ICX7650-48F, ICX7850-48FS)	10.0.10	NIAP Validation Completed (at Gossamer)	2024.07.23

Vendor	Model	Version	CNSSP-11 Compliance	Certification Date	Notes
Curtiss-Wright Defense Solutions	Data Transport System 1-Slot Software Encryption Layer	v3.01.00	NIAP Validation Completed (at Gossamer)	2023.04.04
Galleon Embedded Computing	XSR and G1 Software Encryption Layer	RHEL 8.4	NIAP Validation Completed (at Gossamer)	2022.07.28
KLC Group LLC	CipherDriveOne Kryptr	v1.1.0	NIAP Validation Completed (at Lightship Security)	2024.04.29
Curtiss-Wright Defense Solutions	Data Transport System 1-Slot Plus Software Encryption Layer	v1.01.00	NIAP Validation Completed (at Gossamer)	2024.04.29
NetApp	NetApp Volume Encryption (NVE)	ONTAP 9.14.1	NIAP Validation Completed (at Leidos)	2024.11.18	AA and EE
Curtiss Wright Defense Solutions	HSR10 CSFC Software Encryption Layer	v1.1.0	NIAP Validation Completed (at Gossamer)	2024.11.01	AA and EE

Vendor	Model	Version	CNSSP-11 Compliance	Certification Date	Notes
Palo Alto Networks	Panorama (M-200, M-300, M-500, M-600 and M-700, and Virtual Appliances)	v10.1, 10.2 and 11.0	NIAP Validation Completed (at Leidos)	2022.08.04
Palo Alto Networks	WF-500 and WF-500B WildFire	v10.1, 10.2 and 11.0	NIAP Validation Completed (at Leidos)	2022.08.04
VMware	Unified Access Gateway 2209		NIAP Validation Completed (at Leidos)	2023.07.06
Adtran Networks North America	Adtran FSP 3000R7 Network Element	r22.2.2	NIAP Validation Completed (at Booz Allen)	2024.03.28
F5, Inc.	BIG-IP including APM	v17.1.0.1	NIAP Validation Completed (at Atsec)	2024.11.10
F5, Inc.	BIG-IP including SSLO	v17.1.0.1	NIAP Validation Completed (at Atsec)	2024.10.11
F5, Inc.	BIG-IP including AFM	v17.1.0.1	NIAP Validation Completed (at Atsec)	2024.1265	Administrative Guide Document (AGD) Appendix for CSfC Transport Layer Security (TLS) Protected Server Use Case

Vendor	Model	Version	CNSSP-11 Compliance	Certification Date
SecuSUITE and SteelBox	v5.0	NIAP Validation Completed (at Gossamer)	2022.12.09
Palo Alto Networks	Cortex XSOAR Engine	v6.6	NIAP Validation Completed (at Gossamer)	2022.10.05
Palo Alto Networks	Cortex XSOAR Server	v6.6	NIAP Validation Completed (at Gossamer)	2022.09.21
Hypori, Inc	Hypori Halo Client for Android	v4.3	NIAP Validation Completed (at Leidos)	2024.02.20
Hypori, Inc	Hypori Halo Client for IOS	v4.3	NIAP Validation Completed (at Leidos)	2024.03.04
Hypori, Inc	Hypori Halo Client for Windows	v4.3	NIAP Validation Completed (at Leidos)	2024.03.21

Vendor	Model	Version	CNSSP-11 Compliance	Certification Date
HPE Aruba Networking	Aruba Mobility Controller 9004, 9012, 9240, 7005, 7008, 7010, 7024, 7030, 7205, 7210, 7220, 7240, 7240XM, 7280, MC-VA-50, MC-VA-250 and MC-VA-1k using ESXi v7 running on HPE EdgeLine EL8000, Pacstar 451/3 and GTS NXGEN-L 11/12	ArubaOS 8.10	NIAP Validation Completed (at Gossamer)	2023.11.20
Juniper	vSRX3.0	Junos OS 22.2R2	NIAP Validation Completed (at Acumen)	2024.01.22
Juniper	Junos OS 22.2R1 for SRX Series (SRX300, SRX320, SRX340, SRX345, SRX345-DUAL-AC, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800)	22.2R1	NIAP Validation Completed (at Teron Labs)	2023.10.13
Klas	Klas OS Keel 5.4.0 running on VoyagerVMM, TRX R2, and Voyager VM3.0	5.4.0	NIAP Validation Completed (at Acumen)	2024.07.16
Palo Alto Networks	Next Generation Firewall (PA-410, PA-410R-5G, PA-415, PA-415-5G, PA-440, PA-445, PA-450, PA-450R, PA-450R-5G, PA-455, PA-460, PA-820, PA-850, PA-1410, PA-1420, PA-3220, PA-3250, PA-3260, PA-3410, PA-3420, PA-3430, PA-3440, PA-5220, PA-5250, PA-5260, PA-5280, PA-5410, PA-5420, PA-5430, PA-5440, PA-5445, PA-5450, PA-7050, PA-7080, PA-7500, VM-50, VM-100, VM-300, VM-500, VM-700	PAN-OS 11.1	NIAP Validation Completed (at Leidos)	2024.09.19
F5, Inc.	BIG-IP including AFM	v17.1.0.1	NIAP Validation Completed (at Atsec)	2024.11.10
Cisco	Adaptive Security Appliances (ASA) on Firepower 1000 Series (FPR 1010, FPR 1010E, FPR 1120, FPR 1140, FPR 1150)	ASA 9.20	NIAP Validation Completed (at Gossamer)	2024.11.14
Cisco	Adaptive Security Appliance (ASA) on Firepower 2100 Series (FPR 2110, FPR 2120, FPR 2130, FPR 2140)	ASA 9.20	NIAP Validation Completed (at Gossamer)	2024.11.14
Cisco	Adaptive Security Appliance (ASA) on Secure Firewall 3100 Series (FPR 3105, FPR 3110, FPR 3120, FPR 3130, FPR 3140)	ASA 9.20	NIAP Validation Completed (at Gossamer)	2025.01.06

Vendor	Model	Version	CNSSP-11 Compliance	Certification Date	Notes
Commscope Technologies LLC	Ruckus SmartZone WLAN Controllers and Access Points with WIDS	R5.2.1.3	NIAP Validation Completed (at Gossamer)	2023.09.19
Cisco	Cisco Catalyst 9800 Series Wireless Controllers and Access Points running IOS-XE 17.6 (Cisco 9800-80-K9 Wireless Controller, Cisco 9800-40-K9 Wireless Controller, Cisco 9800-L Wireless Controller: C9800-L-F-K9, C98000L-C-K9 with Cisco Catalyst 9130 Series Wifi 6 Access Points (x=regulatory domain): C9130AXI-x, C9130AXE-x, C1930AXE-STA-x, Cisco Catalyst 9120 Series Wi-fi 6 Access Points (x= regulatory domain): C9120AXI-x, C9120AXE-x, C9120AXP-x, Cisco Catalyst 9115 Series Wi-fi 6 Access Points (x= regulatory domain): C9115AXI-x, C9115AXE-x Cisco Catalyst 9105 Series Wi-fi Access Points (x=regulatory domain): C9105AXI-x, C9105AXW-x, C9105AXIT-x, C9105AXWT-x	IOS-XE 17.6	NIAP Validation Completed (at Lightship Security)	2023.03.20
DataSoft Corp	DataSoft Radio Access Point (RAP)-117	HW v2.0 and FW v2.2.0	NIAP Validation Completed (at Gossamer)	2023.07.26	For Tactical Use Only

CSfC Components List

Which protection profiles are published and which are in development?

What is the process to get a commercial product CSfC-listed?

An Update to the Manufacturer Diversity Requirement

Authentication Server

Certification Authority

Client Virtualization Systems

E-mail Clients

End User Device / Mobile Platform

File Encryption

Hardware Full Drive Encryption

ONTAP 9.14.1

IPS

IPsec VPN Client

Secure Tactical VPN Client for Android

IPsec VPN Gateway

Embedded Services Router (ESR) 6300 v17.12 (ESR-6300-CON-K9, ESR-6300-NCP-K9)

Remote Access Points and Mobility Controllers (7210, 7220, 9004, 303H, 503H, and 505H)

ArubaOS 8.10

Wave Relay® Devices (WR-5100, WR-5200, WR-5250, WR-GVR5-SYS, WR-INT-ANT-SYS)

v1.0

MACSEC Ethernet Encryption Devices

MDM

Session Border Controller

Enterprise Session Controller (aka SIP Server)

Software Full Drive Encryption

TLS Protected Servers

r22.2.2

BIG-IP including AFM

v17.1.0.1

TLS Software Applications

Traffic Filtering Firewall

VoIP Applications

Web Browsers

WIDS/WIPS

WLAN Access System

DataSoft Radio Access Point (RAP)-117

WLAN Client

NSA.GOV

CULTURE

HELPFUL LINKS

RESOURCES

RELATED LINKS