Components List

Skip to Components List Index

Customers select products from this listing to satisfy the reference architectures and configuration information contained in published Capability Packages. Customers must ensure that the components selected will permit the necessary functionality for the selected architecture.

For some technologies, the CSfC program requires specific, selectable requirements to be included in the Common Criteria evaluation validating that the product complies with the applicable NIAP-approved protection profile(s). Some selections, which are not required for the product to be listed on the NIAP Product Compliant List, are mandatory selections for products that are to be listed on the CSfC Components List.

To see the selectable requirements, go to the CSfC Components List and click on the links for IPSec VPN Gateways, IPSec VPN Clients, WLAN Clients, WLAN Access Systems, Certificate Authorities, MDM, SW FDE, Mobile Platforms, SIP Servers and VoIP Applications.

Open source components may be listed, provided they have a responsible sponsor, and an NSA-approved plan for, taking a component through Common Criteria evaluation and sustainment of the component. Customers wishing to use open source components should contact csfc_components@nsa.gov with their evaluation and sustainment plans and the responsible parties for each.

Questions regarding the CSfC Components List may be directed to csfc_components@nsa.gov.

Which Protection Profiles are Published and in Development?

For a current listing of NIAP approved U.S. Government Protection Profiles, go to http://www.niap-ccevs.org/pp/.

For a listing of U.S. Government Protection Profiles currently in development, go to http://www.niap-ccevs.org/Profile/InDraft.cfm.

Additional information about NIAP and the Common Criteria Evaluation and Validation Scheme can be found at http://www.niap-ccevs.org/.

What is the Process to get a Commercial Product CSfC-Listed?

Vendors who wish to have their products eligible as CSfC components of a composed, layered IA solution must build their products in accordance with the applicable US Government approved Protection Profile(s) and submit their product using the Common Criteria Process.

For vendors utilizing a U.S. Common Criteria Testing Laboratory (CCTL), the Product will not be added to the Components List until the NIAP evaluation is in process. For vendors utilizing a foreign CCTL, the Product will not be added to the Components List until the Common Criteria evaluation is complete and the Product is posted to NIAP's Product Compliant List (PCL).

In deciding whether a particular product is appropriate for CSfC, NSA considers the totality of circumstances known to NSA, including the vendor's past willingness to fix vulnerabilities, supply chain, foreign ownership, control or influence, the proposed uses of the product under consideration and any other relevant information available to NSA. Vendors of products submitted for consideration under the CSfC process will be notified of NSA's decision on a product-by product basis.

The vendor will enter into a Memorandum of Agreement (MoA) with NSA. The MoA specifies that the vendor's product must be NIAP certified and that the vendor agrees to fix vulnerabilities in a timely fashion. The MoA may also reference technology-specific selections for NIAP testing.

Interested vendors must complete and submit the CSfC Questionnaire (PDF) for each product. Please submit completed questionnaires to csfc_components@nsa.gov.

An Update to the Manufacturer Diversity Requirement

The manufacturer diversity requirement for CSfC layered solutions has been modified to permit, subject to certain conditions, single-manufacturer implementations of both layers. The manufacturer must show sufficient independence in the code base and cryptographic implementations of the products used to implement each layer. To demonstrate this, a manufacturer must document the similarities and differences between the two products, to include cryptographic hardware components, software code base (i.e. operating system), software cryptographic libraries, and development teams. It is a fundamental requirement that the code bases of the two products be significantly different. Additionally, the vendor must document measures taken to ensure that supply chain risk is no greater than would be the case for products from two different vendors. NSA will review the information and determine whether the documentation is sufficient to meet the requirements for independent layers. Manufacturer diversity will continue to be accepted to constitute independent layers.

Cisco's Independence Layer Approval for Mobile Access CP

Cisco's Independence Layer Approval for Multi-Site Connectivity CP

Samsung's Independence Layer Approval for Data at Rest CP

Vendors who wish to submit a statement may do so at csfc_components@nsa.gov.

Components List Index

Archived Components List
Authentication Server
Certificate Authority
E-mail Clients
End User Device / Mobile Platform
File Encryption
Hardware Full Drive Encryption
IPS
IPsec VPN Client
IPsec VPN Gateway
MACSEC Ethernet Encryption Devices
MDM
Session Border Controller
Enterprise Session Controller
Software Full Drive Encryption
TLS Protected Servers
TLS Software Applications
Traffic Filtering Firewall
VoIP Applications
Web Browsers
WLAN Access System
WLAN Client

Vendor	Model	Version	CNSSP-11 Compliance
Aruba	ClearPass Policy Manager	v6.9	NIAP Validation Completed (Gossamer)
Cisco	Identity Services Engine v2.2 on the 3415, 3515, 3495 and 3595 Appliances	ADE-OS v2.2	NIAP Validation Completed (at Acumen)
Cisco	Identity Services Engine (SNS3515, SNS3595, SNS 3615, SNS3655, SNS3695, and ISE Virtual on ESXi6.x running on UCSC-C220-M5SX)	v2.6	NIAP Validation Completed (at Acumen)

Vendor	Model	Version	CNSSP-11 Compliance
Information Security Corporation	CertAgent	7.0	NIAP Validation Completed (at DXC Technology)
Red Hat, Inc.	Red Hat Certificate System v9.4	RHEL v7.6	NIAP Validation Completed (at Gossamer)

Vendor	Model	Version	CNSSP-11 Compliance
Apple	iOS 12 (iPhone and iPad devices using the A8, A8X, A9, A9X, A10 Fusion, A10X Fusion, A11 Bionic, A12 Bionic and A12X Bionic processors as validated on the iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus, iPhone X, iPhone Xs, iPhone XS Max, iPhone Xr, iPhone SE, iPad mini 4, iPad Air 2, iPad Pro 12.9, iPad 9.7, iPad Pro 9.7, iPad Pro 10.5 and iPad Pro 11)	iOS 12	NIAP Validation Completed (at ATSEC)
Apple	iOS 11 (iPhone and iPad devices using the A7, A8, A8X, A9, A9X, A10 Fusion, A10X Fusion and A11 Bionic processors as validated on the iPhone 5s, iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus, iPhone X, iPhone SE, iPad mini 3, iPad mini 4, iPad Air 2, iPad Pro 12.9, iPad Pro 9.7, iPad and iPad Pro 10.5)	iOS v.11.2	NIAP Validation Completed (at ATSEC)
Motorola	Motorola Lex L11	Android 9.0	NIAP Validation Completed (at Gossamer)
Samsung Research America	Samsung Galaxy Devices on Android 8 (Galaxy S8, Galaxy S8+, Galaxy S8 Active, Galaxy Note8, Galaxy Tab Active 2, Galaxy S9, Galaxy S9+, Galaxy S9 Tactical Edition, Galaxy XCover FieldPro)	Android 8	NIAP Validation Completed (at Gossamer)
Samsung Research America	Samsung Galaxy Devices with Android 8 & 8.1 (Galaxy Tab S3, Galaxy Tab S4, Galaxy Tab Active2, Galaxy S7, Galaxy S7 Edge, Galaxy S7 Active, Galaxy Note9, Galaxy XCover FieldPro)	Android 8 and 8.1	NIAP Validation Completed (at Gossamer)
Samsung Research America	Samsung Galaxy Devices with Android 9 (Galaxy Tab S4, Galaxy Tab S6, Galaxy Tab Active2, Galaxy S8, Galaxy S8+, Galaxy Note8, Galaxy S9, Galaxy S9+, Galaxy Note9, Galaxy S10, Galaxy S10 5G, Galaxy S10+, Galaxy Note S10+ 5G, Galaxy Note S10+, Galaxy Note 10, Galaxy S10E, Galaxy XCover FieldPro and Galaxy Fold)	Android 9	NIAP Validation Completed (at Gossamer)
Samsung Research America	Samsung Galaxy Devices with Android 10 (Galaxy Tab S6, Galaxy S9, Galaxy S9+, Galaxy Note9, Galaxy S10, Galaxy S10 5G, Galaxy Note S10+ 5G, Galaxy Note S10+, Galaxy S10E, Galaxy Fold, Galaxy Fold 5G, Galaxy S20 Ultra 5G, Galaxy S20+ 5G, Galaxy S20 5G, Galaxy S20 LTE, Galaxy S20+ LTE, Galaxy Z Flip, Galaxy XCover Pro, XCover FieldPro, Galaxy A51, Galaxy Note 10, Galaxy S10+, Galaxy Note 20 Ultra 5G, Galaxy Note 20 Ultra LTE, Galaxy Note 20 5G, Galaxy Note 20 LTE, Galaxy Tab S7+, Galaxy Tab S7, Galaxy Note 10 5G, Galaxy Z Fold 2, Galaxy Tab S6 5G and Galaxy Tab S6)	Android 10	NIAP Validation Completed (at Gossamer)

Vendor	Model	Version	CNSSP-11 Compliance
Samsung Research America	Knox File Encryption	Version 1.2	NIAP Validation Completed (at Gossamer)
Samsung Research America	Knox File Encryption	Version 1.0	NIAP Validation Completed (at Gossamer)
Trivalent	Trivalent Protect for Android	Version 2.6	NIAP Validation Complete (at Gossamer)

Vendor	Model	Version	CNSSP-11 Compliance
Curtiss-Wright Defense Solutions	Compact Network Storage 4-Slot (CNS4) Hardware Encryption Layer	Version A1	NIAP Validation Completed (at Gossamer)
Curtiss-Wright Defense Solutions	Data Transport System 1-Slot (DTS1) Hardware Encryption Layer	v5.1	NIAP Validation Completed (at Gossamer)
Mercury Systems	ASURRE-Stor Solid State Self-Encrypting Drive	Version 3.0	NIAP Validation Completed (at UL Verification Services)

Vendor	Model	Version	CNSSP-11 Compliance
Cisco	ASA with FirePOWER Services, ASA 9.8 with FirePOWER Services 6.2 (5506-X, 5506H-X, 5506W-X, 5508-X, 5516-X, 5525-X, 5545-X, 5555-X with FMC 6.2 on Cisco FireSIGHT FS750, FS1000, FS2000, FS2500, FS4000 and FS4500 or FMCv 6.2 on ESXi 5.5 or 6.0 on Cisco Unified Computing System (UCS) B200-M4, B200-M5, C220-M4S, C220-M4S, C220-M5, C240-M5, C240-M4SX, C240-M4L, C460-M4, C480-M5, EN120S-M2/K9, EN120E-208/KP, E140S-M2/K9, E160S-M3 and E180D-M2/KP installed on ISR)	ASA V9.8 with FirePOWER v6.2	NIAP Validation Completed (at Gossamer)
Cisco	Firepower Threat Defense on ASA and Virtual Firepower Threat Defense (5506-X, 5506H-X, 5506W-X, 5508-X, 5512-X, 5515-X, 5516-X, 5525-X, 5545-X, 5555-X with FirePOWER Services and FTDv)	Version 6.2	NIAP Validation Completed (at Gossamer)
Cisco	Firepower Threat Defense v6.2 and FX-OS v2.2 on the 4k and 9k Families (FPWR 4110, FPWR 4120, FPWR 4140, FPWR 4150, FPWR 9300 SM-24, FPWR 9300 SM-36 and FPWR 9300 SM-44)	FTD v6.2	NIAP Validation Completed (at Gossamer)
Cisco	Firepower Threat Defense v6.2 and FX-OS v2.2 on the 2k Families (FPWR 2110, FPWR 2120, FPWR 2130, FPWR 2140)	FTD v6.2	NIAP Validation Completed (at Gossamer)
Cisco	Firepower NGIPS/NGIPSv with FireSIGHT (FMC) and FMCv (Cisco Firepower NGIPS 6.2 (on Cisco FirePOWER 7000 Series, 8000 Series and Cisco AMP Appliances), and NGIPSv 6.2 (on ESXi 5.5 or 6.0 on Cisco UCS B200-M4, B200-M5, C220-M4S, C220-M5, C240-M5, C240-M4SX, C240-M4L, C460-M4, C480-M5, EN120S-M2/K9, EN120E-208/KP, E140S-M2/k9, E160S-M3, and E180D-M2/K9 installed on ISR), with FMC 6.2 (on Cisco FireSIGHT FS750, FS1000, FS2000, FS2500, FS4000, and FS4500) or FMCv 6.2 (on ESXi 5.5 or 6.0 on Cisco UCS B200-M4, B200-M5, C220-M4S, C220-M5, C240-M5, C240-M4SX, C240-M4L, C460-M4, C480-M5, EN120S-M2/K9, EN120E-208/KP, E140S-M2/k9, E160S-M3, and E180D-M2/K9 installed on ISR)	Version 6.2	NIAP Validation Completed (at Gossamer)
Juniper	SRX Product Series: SRX300, SRX320, SRX340, SRX345, SRX550M, SRX5400, SRX5600 and SRX5800	JUNOS 17.4R1	NIAP Validation Completed (at BAE Systems)
Juniper	SRX Product Series: SRX1500, SRX4100 and SRX4200	JUNOS 17.4R1	NIAP Validation Completed (at BAE Systems)
Juniper	SRX 4600 Product Series	Junos OS 18.1R1	Common Criteria Validation Completed (at BAE Systems)
Juniper	vSRX	Junos OS 17.4R1	NIAP Validation Completed (at Acumen)
Juniper	SRX Product Series (SRX300, SRX320, SRX340, SRX345, SRX345-DUAL-AC, SRX550M)	Junos OS 19.2R1	NIAP Validation Completed (at Teron Labs)
Juniper	vSRX 3.0	Junos OS 19.2R1-S3	NIAP Validation Completed (at Acumen)
Juniper	SRX Product Series (SRX1500, SRX4100, SRX4200, SRX4600)	Junos OS 19.2R1	NIAP Validation Completed (at Teron Labs)
McAfee	McAfee Network Security Platform (NSM Linux Application v9.1.x and NS Sensor appliances v9.1.x) (NS9300S, NS9300P, NS9200, NS9100, NS7350, NS7250, NS7150, NS7300, NS7200, NS7100, NS5200, NS5100, NS3200, NS3100 and Network Security Manager Linux Appliance)	v9.1.x	NIAP Validation Completed (at Acumen)
McAfee	McAfee Network Security Platform (NSM Linux Appliance v10.1.19.17 and NS Sensor Appliances v10.1.17.15) (NS3100, NS3200, NS5100, NS5200, NS3500, NS7100, NS7200, NS7300, NS7150, NS7250, NS7350, NS9100, NS9200, NS9300S, NS9300P, NS9500 and Network Security Manager Linux Appliance)	v10.1x	NIAP Validation Completed (at Acumen)
SonicWall	SonicOS Enhanced v6.5.2 with VPN and IPS on TZ, SOHOW, NSA and SM Appliances (TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500. TZ 500W, TZ 600, SOHOW, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, NSA 9250, NSA 9450, NSA 9650, SM 9200, SM 9400, SM 9600 and SM 9800)	Version 6.5.4	NIAP Validation Completed (at Acumen)
SonicWall	SonicOS Enhanced v6.5.4 with VPN and IPS on TZ and SOHO Appliances (TZ 300P, TZ 350, TZ 350W, TZ 600P, SOHO 250, SOHO 250W)	Version 6.5.4	NIAP Validation Completed (at Acumen)

Vendor	Model	Version	CNSSP-11 Compliance
Apriva	Apriva MESA VPN	Version 2.0	NIAP Validation Completed (at UL Verification Services)
Architecture Technology Corporation	Compact Rugged Router CRR-1000	V1.0	NIAP Validation Completed (at UL Verification Services)
Aruba	Virtual Mobility Controller		NIAP Validation Completed (at CSC Australia)
Aruba	600 Series Mobility Controllers	Aruba OS 6.5-FIPS	NIAP Validation Completed (at CSC Australia)
Aruba	3000 Series Mobility Controllers	Aruba OS 6.5-FIPS	NIAP Validation Completed (at CSC Australia)
Aruba	6000 Series Mobility Controllers	Aruba OS 6.5-FIPS	NIAP Validation Completed (at CSC Australia)
Aruba	7000 Series Mobility Controllers	Aruba OS 6.5-FIPS	NIAP Validation Completed (at CSC Australia)
Aruba	Aruba Mobility Controller Series (7005, 7008, 7010, 7024, 7030, 7205, 7210, 7220, 7240, 7240XM) and Virtual Mobility Controllers (MC-VA-50, MC-VA-250 and MC-VA-1k using ESXi v6.5.0 on the HPE EdgeLine 20, DTECH M3-SE-SVR4, DTECH M3x, Klas TDC Blade, Klas VoyagerVMm, PacStar PS451-4330 Series, PacStar PS451-1258 Series, IAS VPN Gateway Module NANO-VM and IAS VPN Gateway Module Classic Plus)	Aruba OS 8.2	NIAP Validation Completed (at Gossamer)
Aruba	Aruba Remote Access Point Series with Aruba Mobility Controllers (AP-203R, AP-203RP, AP-205H and AP-303H with Mobility Controllers 7205, 7210, 7220, 7240 and 7240XM)	Aruba OS 8.2	NIAP Validation Ongoing (at Leidos)
Aruba	Aruba Mobility Controller Series (7005, 7008, 7010, 7024, 7030, 7205, 7210, 7220, 7240, 7240XM, 7280, 9004, Virtual Mobility Controller running on HPE EdgeLine EL8000, PacStar 451, PacStar 453, KLAS Telecom TDC Blade, Klas Telecom VoyagerVMm, IAS VPN Gateway Module NANO-VM, IAS VPN Gateway Module Classic Plus, DTECH M3-SE-SVR4, DTECHM3x)	Aruba OS 8.6	NIAP Validation Ongoing (at Gossamer)
Attila Security	SilentEdge Enterprise Server and GoSilent Client	Debian 9 Linux	NIAP Validation Completed (at Acumen)
Check Point Software Technologies	Security Gateway Appliances	R80.30	NIAP Validation Completed (at Gossamer)
Cisco	IR1101 Integrated Services Router	IOS-XE 16.12	NIAP Validation Completed (at Acumen)
Cisco	ISR 1100 Product Series (ISR 1101, ISR 1109, ISR 1111, ISR 1112, ISR 1113, ISR 1116, ISR 1117 and ISR 1118)	IOX-XE 16.9 and IOS-XE 16.12	NIAP Validation Completed (at Acumen)
Cisco	1905, 1921, 1941, 2901, 2911, and 2921 Integrated Services Routers	15.5(3)M IOS	NIAP Validation Completed (at Leidos)
Cisco	2951, 3925, and 3945 Integrated Services Routers	15.5(3)M IOS	NIAP Validation Completed (at Leidos)
Cisco	3925E and 3945E Integrated Services Routers	15.5(3)M IOS	NIAP Validation Completed (at Leidos)
Cisco	4351, 4331, 4321 Integrated Services Routers	IOS XE 3.13.2	NIAP Validation Completed (at CGI)
Cisco	ASA with FirePOWER Services, ASA 9.8 with FirePOWER Services 6.2 (5506-X, 5506H-X, 5506W-X, 5508-X, 5516-X, 5525-X, 5545-X, 5555-X with FMC 6.2 on Cisco FireSIGHT FS750, FS1000, FS2000, FS2500, FS4000 and FS4500 or FMCv 6.2 on ESXi 5.5 or 6.0 on Cisco Unified Computing System (UCS) B200-M4, B200-M5, C220-M4S, C220-M5, C240-M5, C240-M4SX, C240-M4L, C460-M4, C480-M5, EN120S-M2/K9, EN120E-208/KP, E140S-M2/K9, E160S-M3 and E180D-M2/KP installed on ISR)	ASA V9.9 with FirePOWER v6.2	NIAP Validation Completed (at Gossamer)
Cisco	ASA 5500 Series (5506-X, 5506H-X, 5506W-X, 5508-X, 5516-X, 5525-X, 5545-X, 5555-X and ASA on FPWR 1000, 2110, 2120, 2130, 2140, 4110, 4120, 4140, 4150, 9300 SM-24, 9300 SM-36, and 9300 SM-44)	v9.8	NIAP Validation Completed (at Gossamer)
Cisco	ASAv (ASAv5, ASAv10, ASAv30, ASAv50) running ESXi 5.5 or 6.0 and NFVIS 3.5.1 on the UCS B200-M4, B200-M5, C220-M4S, C220-M5, C240-M5, C240-M4SX, C240-M4L, C460-M4, C480-M5, E140S-M2/K9, E160S-M3 and E180D-M2K9 installed on ISR and ASAv running on NFVIS 3.5.1 on the ENCS 5406, 5408 and 5412	v9.8	NIAP Validation Completed (at Gossamer)
Cisco	Aggregation Services Router 1000 Series (ASR1K) (ASR 1001-X, ASR 1001-HX, ASR 1002-HX, ASR 1006-X(ESP 100, RP2/3), ASR 1009-X(ESP 100/200, RP2/3), ASR 1013(ESP 100/200, RP2/3) w/ MACsec EPAs: ASR1000-MIP100, 18X1GE, 10X0GE, 1X100GE, CPAK-2X40GE, 1X100GE QSFP+, 2X40GE QSFP+, 1X40GE QSFP+)	IOS-XE 16.9 and IOS-XE 16.12	NIAP Validation Completed (at Acumen)
Cisco	ESR 5900 Series (5915, 5921, 5940)	15.7M	NIAP Validation Completed (at Acumen)
Cisco	Integrated Services Router 4000 Series (ISR4K) (ISR 4321, ISR 4331, ISR 4351, ISR 4431, ISR 4451, ISR 4461 w/MACsec NIMs: NIM-1GE-CU-SFP, NIM-2GE-CUSFP)	IOS-XE 16.9 and IOS-XE 16.12	NIAP Validation Completed (at Acumen)
Cisco	NGFW running ASA v9.8 and FX-OS v2.2 on the 4K and 9K families (FP 4110, FP4120, FP 4140, FP 4150, FPWR 9300 SM-24, FPWR 9300 SM-36, FPWR 9300 SM-44)	ASA v9.8	NIAP Validation Completed (at Gossamer)
Cisco	NGFW running ASA v9.8 and FX-OS v2.2 on the Firepower 2100 Series (2110, 2120, 2130 and 2140)	ASA v9.8	NIAP Validation Completed (at Gossamer)
Cisco	Cloud Service Router 1000v and Aggregation Services Router (ASR) 1000 Series (ASR 1002X, ASR 1006, ESP 100, RP2 and CSR1000V	IOS-XE 16.3	NIAP Validation Completed (at Acumen)
Cisco	Cloud Services Router (CSR) 1000v running on ESXi 6.0 Release 2	IOS-XE 16.9 and IOS-XE 16.12	NIAP Validation Completed (at Acumen)
Cisco	Firepower Threat Defense on ASA and Virtual Firepower Threat Defense (5506-X, 5506H-X, 5506W-X, 5508-X, 5512-X, 5515-X, 5516-X, 5525-X, 5545-X, 5555-X with FirePOWER Services and FTDv)	ASA v6.2	NIAP Validation Completed (at Gossamer)
Cisco	Firepower Threat Defense v6.2 and FX-OS v2.2 on the 4k and 9k Families (FPWR 4110, FPWR 4120, FPWR 4140, FPWR 4150, FPWR 9300 SM-24, FPWR 9300 SM-36 and FPWR 9300 SM-44)	FTD v6.2	NIAP Validation Completed (at Gossamer)
Cisco	Firepower Threat Defense v6.2 and FX-OS v2.2 on the 2k Families (FPWR 2110, FPWR 2120, FPWR 2130, FPWR 2140)	FTD v6.2	NIAP Validation Completed (at Gossamer)
Cisco	ISR 1100 Product Series: 1111, 1112, 1113, 1114, 1115, 1116, 1117 and 1118	IOS-XE 16.6	NIAP Validation Completed (at Acumen)
Cisco	ISR 4000 Product Series (4321, 4331, 4351, 4431 and 4451)	IOS v16.3	NIAP Validation Completed (at Acumen)
Cisco	NGFW running ASA v9.8 and FX-OS v2.2 on the Firepower 2100 Series (2110, 2120, 2130 and 2140)	ASA v9.8	NIAP Validation Ongoing (at Gossamer)
Cisco	Adaptive Security Appliances (ASA) running on Firepower 2100 Series Appliances (FPR 2110, FPR 2120, FPR 2130, FPR 2140)	ASA v9.12 and FX-OS 2.6	NIAP Validation Completed (at Gossamer)
Cisco	Adaptive Security Appliances (ASA) running on Firepower 4100 and 9300 Security Appliances (FPR 4110, FPR 4115, FPR 4120, FPR 4125, FPR 4140, FPR 4145, FPR 4150, FPR 9300 SM-24, FPR 9300 SM-36, FPR 9300 SM-44, FPR 9300 SM-40, FPR 9300 SM-48, FPR 9300 SM-56)	ASA v9.12 and FX-OS 2.6	NIAP Validation Completed (at Gossamer)
Extreme Networks	NetIron Family Devices with Multi-Service Ironware (BR-MLXE-4-AC, BR-MLXE-8-AC, BR-MLXE-16-AC with Management Card BR-MLX-MR2-X and BR-MLX-10GX4-IPSEC-M Card and BR-MLXE-32-AC with Management Card BR-MLX-MR2-32X and BR-MLX-10GX4-IPSEC-M Card)	R06.3.0aa	NIAP Validation Completed (at Gossamer)
General Dynamics C4 Systems	Fortress Mesh Point ES210, ES520, ES820, ES2440 Product Series	Rev 5.4.3.1608	NIAP Validation Completed (at InfoGard)
Juniper	SRX Product Series: SRX300, SRX320, SRX340, SRX345, SRX550M, SRX5400, SRX5600 and SRX5800	JUNOS 17.4R1	NIAP Validation Completed (at BAE Systems)
Juniper	SRX Product Series: SRX1500, SRX4100 and SRX4200	JUNOS 17.4R1	NIAP Validation Completed (at BAE Systems)
Juniper	SRX 4600 Product Series	Junos OS 18.1R1	Common Criteria Validation Completed (at BAE Systems)
Juniper	vSRX	Junos OS 17.4R1	NIAP Validation Completed (at Acumen)
Juniper	SRX Product Series (SRX300, SRX320, SRX340, SRX345, SRX345-DUAL-AC, SRX550M)	Junos OS 19.2R1	NIAP Validation Completed (at Teron Labs)
Juniper	vSRX 3.0	Junos OS 19.2R1-S3	NIAP Validation Completed (at Acumen)
Juniper	SRX Product Series (SRX1500, SRX4100, SRX4200, SRX4600)	Junos OS 19.2R1	NIAP Validation Completed (at Teron Labs)
PacStar	PacStar 351, 451, 455 and 551 with Cisco ASAv	V9.6	NIAP Validation Completed (at Acumen)
Palo Alto Networks	Next Generation Firewall (PA-200, PA-220, PA-220R, PA-500, PA-820, PA-850, PA-2050, PA-3020, PA-3050, PA-3060, PA-3220, PA-3250, PA-3260, PA-5020, PA-5050, PA-5060, PA-5220, PA-5250, PA-5260, PA-5280, PA-7050, PA-7080)	PAN-OS 8.0.12 and PAN-OS 8.0.6 and PAN-OS 8.1.3	NIAP Validation Completed (at Leidos)
Palo Alto Networks	VM-50, VM-100, VM-200, VM-300, VM-500, VM-700 and VM-1000-HV when installed using VMWare ESXi 5.5, KVM, Microsoft Hyper-V and Intel Xeon processor based on Ivy Bridge, Broadwell or Haswell microarchitectures, which implement Intel Secure Key either on Dell PowerEdge R730 and PacStar PS451 servers or equivalent platforms; i.e, Intel Ivy Bridge, Broadwell or Haswell-based processor with Broadcom or Intel Networks Interface Controllers supported by the server. The VM-series virtual appliance must be the only guest running in the virtual environment.	PAN-OS 8.0.12 and PAN-OS 8.0.6 and PAN-OS 8.1.3	NIAP Validation Completed (at Leidos)
SonicWall	SonicOS Enhanced v6.5.2 with VPN and IPS on TZ, SOHOW, NSA and SM Appliances (TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500. TZ 500W, TZ 600, SOHOW, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, NSA 9250, NSA 9450, NSA 9650, SM 9200, SM 9400, SM 9600 and SM 9800)	Version 6.5.4	NIAP Validation Completed (at Acumen)
SonicWall	SonicOS Enhanced v6.5.4 with VPN and IPS on TZ and SOHO Appliances (TZ 300P, TZ 350, TZ 350W, TZ 600P, SOHO 250, SOHO 250W)	Version 6.5.4	NIAP Validation Completed (at Acumen)
WatchGuard Technologies	FireWare on Firebox Next Generation Firewalls (T20, T20-W, T35, T35-W, T40, T40-W, T55, T55-W, T70, T80, M270, M370, M470, M570, M670, M4600, M5600)	OS v12.6.2	NIAP Validation Completed (at Gossamer)

Vendor	Model	Version	CNSSP-11 Compliance
Cisco	ASR 1000 Product Series (1001-X, 1001-HX, 1002-X, 1002-HX, 1006-X, 1009-X and 1013)	IOS v16.3	NIAP Validation Completed (at Acumen)
Cisco	ASR 9000 Product Series (9000v, 9001, 9006, 9010, 9904, 9910, 9912 and 9922)	6.1 and 6.6	NIAP Validation Completed (at Acumen)
Cisco	Aggregation Services Router 1000 Series (ASR1K) (ASR 1001-X, ASR 1001-HX, ASR 1002-HX, ASR 1006-X(ESP 100, RP2/3), ASR 1009-X(ESP 100/200, RP2/3), ASR 1013(ESP 100/200, RP2/3) w/ MACsec EPAs: ASR1000-MIP100, 18X1GE, 10X0GE, 1X100GE, CPAK-2X40GE, 1X100GE QSFP+, 2X40GE QSFP+, 1X40GE QSFP+)	IOS-XE 16.9 and IOS-XE 16.12	NIAP Validation Completed (at Acumen)
Cisco	Catalyst 9300 and 9500 Series Switches	IOS-XE 16.6	NIAP Validation Completed (at Acumen)
Cisco	Catalyst 9600 Series Switches (C9606R Chassis, C9600-SUP-1, C9600-LC-24C and C9600-LC-48YL)	IOS-XE 16.12	NIAP Validation Completed (at Acumen)
Cisco	Catalyst 9200/9300/9400 Series Switches (C9200-24T, C9200-48T, C9200-24P, C9200-48P, C9200-24P8X, C9200-48P8X, C9200L-24P-4G, C9200L-24P-4X, C9200L-24T-4G, C9200L-24T-4X, C9200L-48P-4G, C9200L-48P-4X, C9200L-48T-4G, C9200L-48T-4X, C9200L-24P8X-2Y, C9200L-24P8X-4X, C9200L-48P12X-4X, C9200L-48P8X-2Y, C9300-24S, C9300-48S, C9300L-24T-4G, C9300L-24P-4G, C9300L-48T-4G, C9300L-48P-4G, C9300L-24T-4X, C9300L-24P-4X, C9300L-48T-4X, C9300L-48P-4X, C9300L-24UX-4X, C9300L-48UX-4X, C9300L-24UX-2Q, C9300L-48UX-2Q, Chassis C9404R, C9407R, C9410R; Supervisor C9400-SUP-1, C9400-SUP-1XL, C9400-SUP-1XL-Y)	IOS-XE 16.12	NIAP Validation Ongoing (at Acumen)
Cisco	ISR 4000 Product Series (4321, 4331, 4351, 4431 and 4451)	IOS v16.3	NIAP Validation Completed (at Acumen)
Cisco	Integrated Services Router 4000 Series (ISR4K) (ISR 4321, ISR 4331, ISR 4351, ISR 4431, ISR 4451, ISR 4461 w/MACsec NIMs: NIM-1GE-CU-SFP, NIM-2GE-CUSFP)	IOS-XE 16.9 and IOS-XE 16.12	NIAP Validation Completed (at Acumen)
Cisco	Catalyst 3650 and 3850 Series Switches (WS-C3650-24TS, WS-C3650-48TS, WS-C3650-24PS, WS-C3650-48PS, WS-C3650-48FS, WS-C3650-24TD, WS-C3650-48TD, WS-C3650-24PD, WS-C3650-48PD, WS-C3650-48FD, WS-C3650-48TQ, WS-C3650-48PQ, WS-C3650-48FQ, WS-C3850-24T, WS-C3850-48T, WS-C3850-24P, WS-C3850-48P, WS-C3850-48F, WS-C3850-24U, WS-C3850-48U, WS-C3850-12S AND WS-C3850-24S)	IOS-XE 16.9	NIAP Validation Completed (at Acumen)
Cisco	Catalyst 9300 and 9500 Series Switches (C9300-24T, C9300-48T, C9300-24P, C9300-48P, C930024U, C930024UX and C9500-12Q, C9500-24Q, C9500-40X)	IOS-XE 16.9	NIAP Validation Completed (at Acumen)
Cisco	Catalyst 9300 and 9500 Series Switches (C9300-24T, C9300-48T, C9300-24P, C9300-48P, C930024U, C930024UX, C9300-48UXM, C9300-48UN, C9500-12Q, C9500-16X, C9500-24Q, C9500-24Y4C, C9500-32C, C9500-32QC, C9500-40X and C9500-48Y4C)	IOS-XE 16.12	NIAP Validation Completed (at Acumen)
Cisco	Network Convergence System 5500 Series, (Modular Chassis – NCS5504, NCS 5508, NCS 5516, each with 36X100GMACsec Modular LC or NC55-6X200-DWDMS LC and Fixed Chassis – NCS-55A1-36H-S)	IOS XR 6.3	NIAP Validation Completed (at Acumen)
Cisco	Embedded Services 3300 Series Switches (ESS-3300-NCP, ESS-3300-24T-CON, ESS-3300-24T-NCP, ESS-3300-CON)	IOS-XE 16.12	NIAP Validation Ongoing (at Acumen)
Juniper	Junos Product Series (MX240, MX480, MX960, MX2010, MX2020, EX9204, EX9208 and EX9214 with MPC7E-10G/EX9200-40XS)	Junos OS 18.3R1-S1	NIAP Validation Completed (at Acumen)
Juniper	Junos Product Series (MX80, MX104, MX240, MX480 and MX960 with MICMACSEC-20G)	Junos OS 18.3R1-S1	NIAP Validation Ongoing (at Acumen)

Vendor	Model	Version	CNSSP-11 Compliance
Cisco	CUCM	V11.5	NIAP Validation Completed (at Acumen)
Cisco	CUCM	v12.5	NIAP Validation Completed (at Acumen)
Cisco	CUCM and the IM and Presence Service	v12.5	NIAP Validation Completed (at Acumen)
Blackberry	SecuGATE	v4.0	NIAP Validation Completed (at Gossamer)

Vendor	Model	Version	CNSSP-11 Compliance
Curtiss-Wright Defense Solutions	Compact Network Storage 4-Slot Software Encryption Layer	CentOS (Linux)	NIAP Validation Completed (at Gossamer)
Curtiss-Wright Defense Solutions	Data Transport System 1-Slot (DTS1) Software Encryption Layer	v3.0.1	NIAP Validation Completed (at Gossamer)

Vendor	Model	Version	CNSSP-11 Compliance
Bivio Networks Inc.	Bivio 6310-NC (B6310-NC, B6310R-NC, PacStar 451)	Red Hat Enterprise Linux v8.2	NIAP Validation Completed (at UL Verification Services)
Blackberry	SecuSUITE	v4.0	NIAP Validation Completed (at Gossamer)
Cisco	Expressway	x12.5	NIAP Validation Completed (at Acumen)
Cisco	CUCM and the IM and Presence Service	v12.5	NIAP Validation Completed (at Acumen)
Cisco	Stealthwatch Enterprise (ST-SMC2200-K9, ST-SMC2210-K9, L-ST-SMC-VE-K9, ST-FC4200-K9, ST-FC4210-K9, ST-FC5200D with ST-FC5200E, ST-FC5210-D with ST-FC5210-E, L-ST-FC-VE-K9, ST-FS1200-K9, ST-FS1210-K9, ST-FS2200-K9, ST-FS3200-K9, ST-FS3210-K9, ST-FS4200-K9, ST-FS4210-K9, L-ST-FS-VE-K9, ST-UDP2200-K9, ST-UDP2210-K9, L-ST-UDP-VE-K9)	v7.1	NIAP Validation Completed (at Gossamer)
Palo Alto	M-100, M-200, M-500, M600 Hardware and Virtual Appliances	Panorama 9.0	NIAP Validation Completed (at Leidos)
Palo Alto	WF-500	WildFire 9.0	NIAP Validation Completed (at Leidos)
Red Hat	Red Hat Enterprise Linux	v7.6	NIAP Validation Completed (at Acumen)

Vendor	Model	Version	CNSSP-11 Compliance
Enveil	ZeroReveal Compute Fabric	V1.1.1	NIAP Validation Completed (at Leidos)
Intelligent Waves	Hypori Client for Android	v4.1	NIAP Validation Completed (at Leidos)
Intelligent Waves	Hypori Client for iOS	v4.1	NIAP Validation Completed (at Leidos)
Nubo	Software Thin Client	v2.0	NIAP Validation Completed (at Acumen)
Palo Alto	GlobalProtect App	v5.1.5	NIAP Validation Completed (at Leidos)
Perspecta Labs Inc	SecureIO	Android 6.0.1 and 7.0	NIAP Validation Completed (at Acumen)

Vendor	Model	Version	CNSSP-11 Compliance
Aruba	Virtual Mobility Controller	Version 6.5.0	NIAP Validation Completed (at Australia)
Aruba	600 Series Mobility Controllers	Aruba OS 6.5-FIPS	NIAP Validation Completed (at CSC Australia)
Aruba	3000 Series Mobility Controllers	Aruba OS 6.5-FIPS	NIAP Validation Completed (at CSC Australia)
Aruba	6000 Series Mobility Controllers	Aruba OS 6.5-FIPS	NIAP Validation Completed (at CSC Australia)
Aruba	7000 Series Mobility Controllers	Aruba OS 6.5-FIPS	NIAP Validation Completed (at CSC Australia)
Aruba	Aruba Mobility Controller Series (7005, 7008, 7010, 7024, 7030, 7205, 7210, 7220, 7240, 7240XM) and Virtual Mobility Controllers (MC-VA-50, MC-VA-250 and MC-VA-1k using ESXi v6.5.0 on the HPE EdgeLine 20, DTECH M3-SE-SVR4, DTECH M3x, Klas TDC Blade, Klas VoyagerVMm, PacStar PS451-4330 Series, PacStar PS451-1258 Series, IAS VPN Gateway Module NANO-VM and IAS VPN Gateway Module Classic Plus)	Aruba OS 8.2	NIAP Validation Completed (at Gossamer)
Aruba	Aruba Mobility Controller Series (7005, 7008, 7010, 7024, 7030, 7205, 7210, 7220, 7240, 7240XM, 7280, 9004, Virtual Mobility Controller running on HPE EdgeLine EL8000, PacStar 451, PacStar 453, KLAS Telecom TDC Blade, Klas Telecom VoyagerVMm, IAS VPN Gateway Module NANO-VM, IAS VPN Gateway Module Classic Plus, DTECH M3-SE-SVR4, DTECHM3x)	Aruba OS 8.6	NIAP Validation Ongoing (at Gossamer)
Attila Security	SilentEdge Enterprise Server and GoSilent Client	Debian 9 Linux	NIAP Validation Completed (at Acumen)
Check Point Software Technologies	Security Gateway Appliances	R80.30	NIAP Validation Completed (at Gossamer)
Cisco	ASA with FirePOWER Services, ASA 9.8 with FirePOWER Services 6.2 (5506-X, 5506H-X, 5506W-X, 5508-X, 5516-X, 5525-X, 5545-X, 5555-X with FMC 6.2 on Cisco FireSIGHT FS750, FS1000, FS2000, FS2500, FS4000 and FS4500 or FMCv 6.2 on ESXi 5.5 or 6.0 on Cisco Unified Computing System (UCS) B200-M4, B200-M5, C220-M4S, C220-M4S, C220-M5, C240-M5, C240-M4SX, C240-M4L, C460-M4, C480-M5, EN120S-M2/K9, EN120E-208/KP, E140S-M2/K9, E160S-M3 and E180D-M2/KP installed on ISR)	ASA V9.8 with FirePOWER v6.2	NIAP Validation Completed (at Gossamer)
Cisco	ASA 5500 Series (5506-X, 5506H-X, 5506W-X, 5508-X, 5516-X, 5525-X, 5545-X, 5555-X and ASA on FPWR 1000, 2110, 2120, 2130, 2140, 4110, 4120, 4140, 4150, 9300 SM-24, 9300 SM-36, and 9300 SM-44)	v9.8	NIAP Validation Completed (at Gossamer)
Cisco	ASAv (ASAv5, ASAv10, ASAv30, ASAv50) running ESXi 5.5 or 6.0 and NFVIS 3.5.1 on the UCS B200-M4, B200-M5, C220-M4S, C220-M5, C240-M5, C240-M4SX, C240-M4L, C460-M4, C480-M5, E140S-M2/K9, E160S-M3 and E180D-M2K9 installed on ISR and ASAv running on NFVIS 3.5.1 on the ENCS 5406, 5408 and 5412	v9.8	NIAP Validation Completed (at Gossamer)
Cisco	Firepower Threat Defense on ASA and Virtual Firepower Threat Defense (5506-X, 5506H-X, 5506W-X, 5508-X, 5512-X, 5515-X, 5516-X, 5525-X, 5545-X, 5555-X with FirePOWER Services and FTDv)	ASA v9.8 and FTD v6.2	NIAP Validation Completed (at Gossamer)
Cisco	Firepower Threat Defense v6.2 and FX-OS v2.2 on the 4k and 9k Families (FPWR 4110, FPWR 4120, FPWR 4140, FPWR 4150, FPWR 9300 SM-24, FPWR 9300 SM-36 and FPWR 9300 SM-44)	FTD v6.2	NIAP Validation Completed (at Gossamer)
Cisco	Firepower Threat Defense v6.2 and FX-OS v2.2 on the 2k Families (FPWR 2110, FPWR 2120, FPWR 2130, FPWR 2140)	FTD v6.2	NIAP Validation Completed (at Gossamer)
Cisco	NGFW running ASA v9.8 and FX-OS v2.2 on the 4K and 9K families (FP 4110, FP4120, FP 4140, FP 4150, FPWR 9300 SM-24, FPWR 9300 SM-36, FPWR 9300 SM-44)	ASA v9.8	NIAP Validation Completed (at Gossamer)
Cisco	NGFW running ASA v9.8 and FX-OS v2.2 on the Firepower 2100 Series (2110, 2120, 2130 and 2140)	ASA v9.8	NIAP Validation Completed (at Gossamer)
Cisco	Adaptive Security Appliances (ASA) running on Firepower 2100 Series Appliances (FPR 2110, FPR 2120, FPR 2130, FPR 2140)	ASA v9.12 and FX-OS 2.6	NIAP Validation Completed (at Gossamer)
Cisco	Adaptive Security Appliances (ASA) running on Firepower 4100 and 9300 Security Appliances (FPR 4110, FPR 4115, FPR 4120, FPR 4125, FPR 4140, FPR 4145, FPR 4150, FPR 9300 SM-24, FPR 9300 SM-36, FPR 9300 SM-44, FPR 9300 SM-40, FPR 9300 SM-48, FPR 9300 SM-56)	ASA v9.12 and FX-OS 2.6	NIAP Validation Completed (at Gossamer)
F5 Networks	BIG-IP for LTM+AFM	Version 12.1.3.4	NIAP Validation Completed (at ATSEC)
F5 Networks	BIG-IP for LTM+AFM	Version 13.1.1	NIAP Validation Completed (at ATSEC)
F5 Networks	BIG-IP for LTM+AFM	v14.1.0	NIAP Validation Completed (at ATSEC)
Forcepoint Federal	Next Generation Firewall	LINUX v6.3.1	NIAP Validation Completed (at Gossamer)
Forcepoint Federal	Next Generation Firewall	LINUX v6.5	NIAP Validation Completed (at Gossamer)
Juniper	SRX Product Series: SRX300, SRX320, SRX340, SRX345, SRX550M, SRX5400, SRX5600 and SRX5800	JUNOS 17.4R1	NIAP Validation Completed (at BAE Systems)
Juniper	SRX Product Series: SRX1500, SRX4100 and SRX4200	JUNOS 17.4R1	NIAP Validation Completed (at BAE Systems)
Juniper	SRX 4600 Product Series	Junos OS 18.1R1	Common Criteria Validation Complete (at BAE Systems)
Juniper	vSRX	Junos OS 17.4R1	NIAP Validation Completed (at Acumen)
Juniper	SRX Product Series (SRX300, SRX320, SRX340, SRX345, SRX345-DUAL-AC, SRX550M)	Junos OS 19.2R1	NIAP Validation Completed (at Teron Labs)
Juniper	vSRX 3.0	Junos OS 19.2R1-S3	NIAP Validation Completed (at Acumen)
Juniper	SRX Product Series (SRX1500, SRX4100, SRX4200, SRX4600)	Junos OS 19.2R1	NIAP Validation Completed (at Teron Labs)
PacStar	PacStar 351, 451, 455 and 551 with Cisco ASAv	V9.6	NIAP Validation Completed (at Acumen)
Palo Alto Networks	Next Generation Firewall (PA-200, PA-220, PA-220R, PA-500, PA-820, PA-850, PA-2050, PA-3020, PA-3050, PA-3060, PA-3220, PA-3250, PA-3260, PA-5020, PA-5050, PA-5060, PA-5220, PA-5250, PA-5260, PA-5280, PA-7050, PA-7080)	PAN-OS 8.0.12 and PAN-OS 8.0.6 and PAN-OS 8.1.3	NIAP Validation Completed (at Leidos)
Palo Alto Networks	VM-50, VM-100, VM-200, VM-300, VM-500, VM-700 and VM-1000-HV when installed using VMWare ESXi 5.5, KVM, Microsoft Hyper-V and Intel Xeon processor based on Ivy Bridge, Broadwell or Haswell microarchitectures, which implement Intel Secure Key either on Dell PowerEdge R730 and PacStar PS451 servers or equivalent platforms; i.e, Intel Ivy Bridge, Broadwell or Haswell-based processor with Broadcom or Intel Networks Interface Controllers supported by the server. The VM-series virtual appliance must be the only guest running in the virtual environment.	PAN-OS 8.0.12 and PAN-OS 8.0.6 and PAN-OS 8.1.3	NIAP Validation Completed (at Leidos)
SonicWall	SonicOS Enhanced v6.5.2 with VPN and IPS on TZ, SOHOW, NSA and SM Appliances (TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500. TZ 500W, TZ 600, SOHOW, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, NSA 9250, NSA 9450, NSA 9650, SM 9200, SM 9400, SM 9600 and SM 9800)	Version 6.5.4	NIAP Validation Completed (at Acumen)
SonicWall	SonicOS Enhanced v6.5.4 with VPN and IPS on TZ and SOHO Appliances (TZ 300P, TZ 350, TZ 350W, TZ 600P, SOHO 250, SOHO 250W)	Version 6.5.4	NIAP Validation Completed (at Acumen)
WatchGuard Technologies	FireWare on Firebox Next Generation Firewalls (T20, T20-W, T35, T35-W, T40, T40-W, T55, T55-W, T70, T80, M270, M370, M470, M570, M670, M4600, M5600)	OS v12.6.2	NIAP Validation Completed (at Gossamer)

Components List

Which Protection Profiles are Published and in Development?

What is the Process to get a Commercial Product CSfC-Listed?

An Update to the Manufacturer Diversity Requirement

Authentication Server

Certificate Authority

E-mail Clients

End User Device / Mobile Platform

File Encryption

Hardware Full Drive Encryption

IPS

IPsec VPN Client

IPsec VPN Gateway

MACSEC Ethernet Encryption Devices

MDM

Session Border Controller

Enterprise Session Controller (aka SIP Server)

Software Full Drive Encryption

TLS Protected Servers

TLS Software Applications

Traffic Filtering Firewall

VoIP Applications

Web Browsers

WLAN Access System

WLAN Client

NSA Resources

External Resources

Learn About Our Seals