CSfC Components List


Skip to Components List Index

Customers select products from this listing to satisfy the reference architectures and configuration information contained in published Capability Packages. Customers must ensure that the components selected will permit the necessary functionality for the selected architecture.

For some technologies, the CSfC program requires specific, selectable requirements to be included in the Common Criteria evaluation validating that the product complies with the applicable NIAP-approved protection profile(s). Some selections, which are not required for the product to be listed on the NIAP Product Compliant List, are mandatory selections for products that are to be listed on the CSfC Components List.

To see the selectable requirements, go to the CSfC Components List and click on the links for IPSec VPN Gateways, IPSec VPN Clients, WLAN Clients, WLAN Access Systems, Certificate Authorities, MDM, SW FDE, Mobile Platforms, SIP Servers and VoIP Applications.

Open source components may be listed, provided they have a responsible sponsor, and an NSA-approved plan for, taking a component through Common Criteria evaluation and sustainment of the component. Customers wishing to use open source components should contact us with their evaluation and sustainment plans and the responsible parties for each.

Contact us here for questions regarding the CSfC Components List.

Which protection profiles are published and which are in development?

View a current listing of NIAP approved U.S. Government Protection Profiles.

View a listing of U.S. Government Protection Profiles currently in development.

Additional information about NIAP and the Common Criteria Evaluation and Validation Scheme. 

What is the process to get a commercial product CSfC-listed?


Vendors who wish to have their products eligible as CSfC components of a composed, layered information assurance solution must build their products in accordance with the applicable US Government approved Protection Profile(s) and submit their product using the Common Criteria Process.
For vendors utilizing either a U.S. Common Criteria Testing Laboratory (CCTL) or a foreign CCTL, the Product will not be added to the Components List until the NIAP/Common Criteria evaluation is in complete and the Product is posted to NIAP's Product Compliant List (PCL). 

Vendors interested in having their products eligible as CSfC Components should notify NSA (csfc_components@nsa.gov) of your intent during the initial stage of the process (i.e. preferably during product development and before contracting to complete an evaluation). Vendors are encouraged to contact NSA with any questions or issues related to CSfC selections for Components and/or the CSfC Components List Process. NSA's objective is to collaborate with vendors to support the addition of suitable products to the CSfC Components List.
 

In deciding whether a particular product is appropriate for CSfC, NSA considers the totality of circumstances known to NSA, including the vendor's past willingness to fix vulnerabilities, supply chain, foreign ownership, control or influence, the proposed uses of the product under consideration and any other relevant information available to NSA. Vendors of products submitted for consideration under the CSfC process will be notified of NSA's decision on a product-by product basis.

The vendor will enter into a Memorandum of Agreement (MoA) with NSA. The MoA specifies that the vendor's product must be NIAP certified and that the vendor agrees to fix vulnerabilities in a timely fashion. The MoA may also reference technology-specific selections for NIAP testing.

Interested vendors must complete and submit the CSfC Questionnaire (PDF) for each product. Please submit completed questionnaires via email.

An Update to the Manufacturer Diversity Requirement

The manufacturer diversity requirement for CSfC layered solutions has been modified to permit, subject to certain conditions, single-manufacturer implementations of both layers. The manufacturer must show sufficient independence in the code base and cryptographic implementations of the products used to implement each layer. To demonstrate this, a manufacturer must document the similarities and differences between the two products, to include cryptographic hardware components, software code base (i.e. operating system), software cryptographic libraries, and development teams. It is a fundamental requirement that the code bases of the two products be significantly different. Additionally, the vendor must document measures taken to ensure that supply chain risk is no greater than would be the case for products from two different vendors. NSA will review the information and determine whether the documentation is sufficient to meet the requirements for independent layers. Manufacturer diversity will continue to be accepted to constitute independent layers.

Please contact the CSfC PMO at csfc_components@nsa.gov for approved Independence Layer Approval letters.

  • Curtiss-Wright DTS1 Implementation Independence Letter
    • (1) The Curtiss-Wright DTS1 Hardware Encryption Layer (v5.4)
    • (2) The Curtiss-Wright DTS1 Software Encryption Layer (v3.01.00)
  • KLC Group LLC 
    • (1) KLC CipherDriveOne Kryptr 1.1.0
    • (2) KLC CipherDriveOne 2.0.1 paired with KLC Advantech Drive, Firmware Version: SCPB13.0/ECPB13.0
  • Curtiss-Wright Defense Solutions 
    • (1) Curtiss-Wright DTS1+ Hardware Encryption Layer (VID 11437)
    • (2) Curtiss-Wright DTS1+ Software Encryption Layer (VID 11438)

Vendors who wish to submit a statement may do so via email.

Components List Index

 

 

Authentication Server

Click for Selections

Vendor Model Version CNSSP-11 Compliance Certification Date Notes

Certification Authority

Click for Selections

Vendor Model Version CNSSP-11 Compliance Certification Date Notes
Information Security Corporation CertAgent/Dhuma  v8.0, Patch Level 0.2 NIAP Evaluation Completed (at Leidos) 2024.09.03  
 


Client Virtualization Systems

Click for Selections

Vendor Model Version CNSSP-11 Compliance Notes

 

 

 

 

  
 

E-mail Clients

Click for Selections

Vendor Model Version CNSSP-11 Compliance Notes
         
 

End User Device / Mobile Platform

Click for Selections

Vendor Model Version CNSSP-11 Compliance Certification Date Notes
Zebra Technologies Zebra Devices on Android 13  Android 13 NIAP Validation Completed (at Gossamer) 2024.08.08  
Samsung Electronics America Samsung Galaxy Devices on Android 14-Spring (Galaxy S24 Ultra 5G, Galaxy S24 5G, Galaxy S23 Ultra 5G, Galaxy S22 Ultra 5G, Galaxy S22 5G, Galaxy S21 Ultra 5G, Galaxy XCover6 Pro, Galaxy Tab Active5) Android 14 NIAP Validation Completed (at Gossamer) 2024.05.06  
Google LLC Pixel Devices (8 Pro, 8, Fold, Tablet, 7 Pro, 7, 7a, 6 Pro, 6, 6a and 5a-5G) Android 14 NIAP Evaluation Completed (at Gossamer) 2024.03.27  
Google LLC Pixel 9 Pro XL, Pixel 9 Pro, Pixel 9, Pixel 9 Pro Fold, Pixel 8 Pro, Pixel 8, Pixel 8a, Pixel Tablet, Pixel Fold, Pixel Pro 7, Pixel 7, Pixel 7a, as detailed in VID 11545 Android 15 NIAP Evaluation Completed (at Gossamer) 2025.04.10  
Samsung Samsung Galaxy Devices on Android 14-Fall (Galaxy Z Flip6 5G, Galaxy A52 5G, Galaxy A53 5G, Galaxy S24 FE), as detailed in VID 11539 Android 14 NIAP Validation Completed (at Gossamer) 2024.12.23  
Samsung Samsung Galaxy Devices on Android 15–Spring (Galaxy S25 Ultra 5G, Galaxy S24 Ultra 5G, Galaxy S24 5G, Galaxy S23 Ultra 5G, Galaxy S22 Ultra 5G, Galaxy S22 5G, Galaxy S21 Ultra 5G, Galaxy XCover6 Pro, Galaxy Tab Active5 Pro, Galaxy Tab Active5, Galaxy A36 5G), as detailed in VID 11593 Android 15 NIAP Validation Completed (at Gossamer) 2025.07.09  

 

File Encryption

Click for Selections

Vendor Model Version CNSSP-11 Compliance Certification Date Notes
Samsung Electronics Co., Ltd Samsung Knox File Encryption v1.6.0 v1.6.0 NIAP Validation Completed (at Gossamer) 2024.03.27  
Samsung Electronics Co., Ltd Samsung Knox File Encryption v1.6.0 - Fall v1.6.0 NIAP Validation Completed (at Gossamer) 2024.11.27  
Samsung Electronics Co., Ltd Knox File Encryption v1.7.0 - Spring, as detailed in VID 11594 v1.7.0 NIAP Validation Completed (at Gossamer) 2025.06.19  



General Purpose Operating System
Click for Selections

Vendor Model Version CNSSP-11 Compliance



General Purpose Compute Platform
Click for Selections

Vendor Model Version CNSSP-11 Compliance


Hardware Full Drive Encryption

Click for Selections

​Note: Products that only fulfill Authorization Acquisition (AA) OR the Encryption Engine (EE) are reflected as AA or EE in the notes column next to the appropriate product. HWFDE products falling into these split evaluations categories must be used with another AA or EE product from the HWFDE product list so that both the AA and EE are met. If a registration is using an AA or EE that is not on the product list, a Deviation Request for requirement DAR-PS-7 must be submitted.

Vendor Model Version CNSSP-11 Compliance Certification Date Notes
Curtiss-Wright Defense Solutions Data Transport System 1-Slot (DTS1) Hardware Encryption Layer v5.4 NIAP Validation Completed (at Gossamer) 2023.04.04  
Curtiss-Wright Defense Solutions Data Transport System 1-Slot Plus Hardware Encryption Layer v1.1.0 NIAP Validation Completed (at Gossamer) 2024.04.24  
Seagate Federal Inc Seagate® Secure NVMe Self-Encrypting Drives   NIAP Validation Completed (at Leidos) 2024.04.25 EE
KLC Group KLC Advantech Drives* Firmware Version: SCPB13.0/ECPB13.0 NIAP Validation Completed (at Lightship Security) 2024.06.25 EE
KLC Group  CipherDriveOne* v2.0.1 NIAP Validation Completed (at Lightship  2024.06.27 AA
NetApp, Inc NetApp Storage Encryption (NSE)

ONTAP 9.14.1

 NIAP Validation Completed (at Leidos) 2024.11.18 AA
Curtiss-Wright Defense Solutions  XMC NVME Encryptor v1.0.0 NIAP Validation Completed (at Gossamer) 2024.11.05 AA and EE 
Novachips Scalar and Express P-Series SSD as detailed in VID 11567 NV.R1900 NIAP Validation Completed (at UL Verification Services) 2025.05.15 AA and EE
Cigent PBA Software, as detailed in VID 11638 v2.0 NIAP Validation Completed (at Gossamer) 2025.09.05 AA
Cigent PBA Software with Cigent M.2 2230 PCIe Gen 4 Self-Encrypting Drive (SED), as detailed in VID 11629 v2.0 NIAP Validation Completed (at Gossamer) 2025.11.19 AA and EE (Note: NIAP URL for VID 11629 is mistakenly 11630)
Cigent Secure SSD Gen 4 M.2 2280, Firmware Version: EIQM50.0, as detailed in VID 11641 EIQM50.0 NIAP Validation Completed (at Lightship Security) 2026.01.29 EE

IPS

Click for Selections

Vendor Model Version CNSSP-11 Compliance Certification Date Notes
Juniper vSRX3.0 Junos OS 22.2R2 NIAP Validation Completed (at Acumen) 2024.01.22  
Juniper Junos OS 22.2R1 for SRX Series (SRX300, SRX320, SRX340, SRX345, SRX345-DUAL-AC, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800) 22.2R1 NIAP Validation Completed (at Teron Labs) 2023.10.13  
Palo Alto Networks  Next Generation Firewall (PA-410, PA-410R-5G, PA-415, PA-415-5G, PA-440, PA-445, PA-450, PA-450R, PA-450R-5G, PA-455, PA-460, PA-820, PA-850, PA-1410, PA-1420, PA-3220, PA-3250, PA-3260, PA-3410, PA-3420, PA-3430, PA-3440, PA-5220, PA-5250, PA-5260, PA-5280, PA-5410, PA-5420, PA-5430, PA-5440, PA-5445, PA-5450, PA-7050, PA-7080, PA-7500, VM-50, VM-100, VM-300, VM-500, VM-700  PAN-OS 11.1  NIAP Validation Completed (at Leidos) 2024.09.19  
Juniper 

SRX1600

Junos OS 23.4R1

 NIAP Validation Completed (at Teron) 2025.03.18  
Cisco Firepower 2100 Series with FMC/FMCv (FP2110, FP2120, FP2130, FP2140, FMC1600, FMC2600, FMC4600, FMC1700, FMC2700, FMC4700); FMCv running ESXi 7.0 on the Unified Computing System (UCS) UCSC-C220-M5, UCSC-C240-M5, UCSC-C480-M5, UCSC-C220-M6, UCSC-C225-M6, UCSC-C240-M6, UCSC-C220-M7, UCSC-C240-M7, UCSC-E1100D-M6 as detailed in VID 11497 FTD 7.4 NIAP Validation Completed (at Gossamer) 2025.02.28  
Cisco FMC1600, FMC2600, FMC4600, FMC1700 and FMC4700, UCSC-C220-M5, UCSC-C240-M5, UCSC-C480-M5, UCSC-C220-M6, UCSC-C225-M6, UCSC-C240-M6, UCSC-C220-M7, UCSC-C240-M7and UCS-E1100D-M6 and general-purpose computing platform with Intel Xeon D-1746TER (Ice Lake) processor, as detailed in VID 11510 FTDv 7.4 NIAP Validation Completed (at Gossamer) 2025.03.18  
SonicWall SonicWall OS/X v7.0.1 with VPN and IPS on NSsp 15700 as detailed in VID 11528 Sonic OS/X v7.0.1 NIAP Validation Completed (at Acumen) 2025.04.25  

IPsec VPN Client

Click for Selections

Vendor Model Version CNSSP-11 Compliance Certification Date Notes
Cisco Secure Client- AnyConnect 5.1 for Red Hat Enterprise Linux 8.2 AnyConnect 5.1 for Red Hat Enterprise Linux 8.2 NIAP Validation Completed (at Gossamer) 2024.06.25  
Samsung Electronics America Samsung Galaxy Devices on Android 14-Spring (Galaxy S24 Ultra 5G, Galaxy S24 5G, Galaxy S23 Ultra 5G, Galaxy S22 Ultra 5G, Galaxy S22 5G, Galaxy S21 Ultra 5G, Galaxy XCover6 Pro, Galaxy Tab Active5) Android 14 NIAP Validation Completed (at Gossamer) 2024.05.06  
Samsung Samsung Galaxy Devices on Android 14-Fall (Galaxy Z Flip6 5G, Galaxy A52 5G, Galaxy A53 5G, Galaxy S24 FE), as detailed in VID 11539 Android 14 NIAP Validation Completed (at Gossamer) 2024.12.23  
Samsung Samsung Galaxy Devices on Android 15–Spring (Galaxy S25 Ultra 5G, Galaxy S24 Ultra 5G, Galaxy S24 5G, Galaxy S23 Ultra 5G, Galaxy S22 Ultra 5G, Galaxy S22 5G, Galaxy S21 Ultra 5G, Galaxy XCover6 Pro, Galaxy Tab Active5 Pro, Galaxy Tab Active5, Galaxy A36 5G), as detailed in VID 11593 Android 15 NIAP Validation Completed (at Gossamer) 2025.07.09  

IPsec VPN Gateway

Click for Selections

Vendor Model Version CNSSP-11 Compliance Certification Date Notes
Juniper vSRX3.0  Junos OS 22.2R2 NIAP Validation Completed (at Acumen) 2024.01.22  
Juniper  Junos OS 22.2R1 for SRX Series (SRX300, SRX320, SRX340, SRX345, SRX345-DUAL-AC, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800) 22.2R1 NIAP Validation Completed (at Teron Labs) 2023.10.13  
Cisco

Embedded Services Router (ESR) 6300 v17.12 (ESR-6300-CON-K9, ESR-6300-NCP-K9)

 v17.12 NIAP Validation Completed (at Gossamer) 2024.06.14  
Palo Alto Networks  Next Generation Firewall (PA-410, PA-410R-5G, PA-415, PA-415-5G, PA-440, PA-445, PA-450, PA-450R, PA-450R-5G, PA-455, PA-460, PA-820, PA-850, PA-1410, PA-1420, PA-3220, PA-3250, PA-3260, PA-3410, PA-3420, PA-3430, PA-3440, PA-5220, PA-5250, PA-5260, PA-5280, PA-5410, PA-5420, PA-5430, PA-5440, PA-5445, PA-5450, PA-7050, PA-7080, PA-7500, VM-50, VM-100, VM-300, VM-500, VM-700  PAN-OS 11.1  NIAP Validation Completed (at Leidos) 2024.09.19  
Persistent Systems LLC 

Wave Relay® Devices (WR-5100, WR-5200, WR-5250, WR-GVR5-SYS, WR-INT-ANT-SYS)

v1.0

 NIAP Validation Completed (at Gossamer) 2025.03.27  
Cisco Adaptive Security Appliance (ASA) on Secure Firewall 3100 Series (FPR 3105, FPR 3110, FPR 3120, FPR 3130, FPR 3140) ASA 9.20  NIAP Validation Completed (at Gossamer) 2025.01.06  
Cisco Adaptive Security Appliance (ASA) on Firepower 1000 Series (FPR 1010, FPR 1010E, FPR 1120, FPR 1140, FPR 1150) ASA 9.20 NIAP Validation Completed (at Gossamer) 2024.11.14  
Cisco Adaptive Security Appliance (ASA) on Firepower 2100 Series (FPR 2110, FPR 2120, FPR 2130, FPR 2140) ASA 9.20 NIAP Validation Completed (at Gossamer) 2024.11.14  
Juniper  SRX1600 Junos OS 23.4R1 NIAP Validation Completed (at Teron) 2025.03.18  
Cisco

Firepower 4100 and 9300 Security Appliances  (4112, 4115, 4125, 4145, SM-40, SM-48, SM-56 as detailed in VID 11512)

 ASA 9.20 NIAP Validation Completed (at Gossamer) 2025.01.10 CSfC solution owners should deploy this component on ESXi 8.0 (VID 11533) and submit a deviation request for the applicable NIAP-evaluated configuration Product Selection Capability Package requirement.
Cisco ESXi 7.0 and Cisco USC-C and E series (ASAv5, ASAv10, ASAv30, ASAv50, ASAv100 running on VMware ESXi 7.0 on Unified Computing System (UCS) UCSC-C220-M5, UCSC-C240-M5, UCSC-C480-M5, UCSC-C220-M6, UCSC-C225-M6, UCSC-C240-M6, UCSC-C220-M7, UCSC-C240-M7, and UCS-E1100D-M6). ASAv 9.20  NIAP Validation Completed (at Gossamer) 2024.01.06 CSfC solution owners should deploy this component on ESXi 8.0 (VID 11533) and submit a deviation request for the applicable NIAP-evaluated configuration Product Selection Capability Package requirement.
Cisco Firepower 2100 Series with FMC/FMCv (FP2110, FP2120, FP2130, FP2140, FMC1600, FMC2600, FMC4600, FMC1700, FMC2700, FMC4700); FMCv running ESXi 7.0 on the Unified Computing System (UCS) UCSC-C220-M5, UCSC-C240-M5, UCSC-C480-M5, UCSC-C220-M6, UCSC-C225-M6, UCSC-C240-M6, UCSC-C220-M7, UCSC-C240-M7, UCSC-E1100D-M6 as detailed in VID 11497 FTDv 7.4 NIAP Validation Completed (at Gossamer) 2025.02.28 For FMCv, CSfC solution owners should deploy this component on ESXi 8.0 (VID 11533) and submit a deviation request for the applicable NIAP-evaluated configuration Product Selection Capability Package requirement.
Cisco FMC1600, FMC2600, FMC4600, FMC1700 and FMC4700, UCSC-C220-M5, UCSC-C240-M5, UCSC-C480-M5, UCSC-C220-M6, UCSC-C225-M6, UCSC-C240-M6, UCSC-C220-M7, UCSC-C240-M7and UCS-E1100D-M6 and general purpose computing platform with Intel Xeon D-1746TER (Ice Lake) processor, as detailed in VID 11510 FTDv 7.4 NIAP Validation Completed (at Gossamer) 2025.03.18  
Cisco 1000 Series Integrated Services Routers (C1100), Catalyst Rugged Series Routers (IR1800) and (IR8300), C1101, C1109, C1111, C1112, C1113, C1116, C1117, C1118, C1121, C1126, C1127, C1128, C1131, C1161, IR1835-K9, IR1821-K9, IR1831-K9, IR1833-K9, IR8340-K9 as detailed in VID 11643 IOS-XE 17.15 NIAP Validation Completed (at Lightship Security) 2025.10.14  
Cisco Catalyst 8200, 8300, 8500 Series Edge Routers (C8500-12X, C8500-12X4QC, C8500L-8S4X, C8200-IN-4T as detailed in VID 11642 IOS-XE 17.15 NIAP Validation Completed (at Lightship Security) 2025.09.29  
Cisco Catalyst 8500 Series Edge Router (C8500-20X6C) IOS-XE 17.15 NIAP Validation Completed (at Lightship Security) 2025.08.29  
Cisco Secure Firewall 3100 Series (3105, 3110, 3120, 3130, 3140) with FMC-FMCv (FMC1600, FMC2600, FMC4600, FMC1700, FMC2700, FMC4700) as detailed in VID 11458 FTD 7.4 NIAP Validation Completed (at Gossamer) 2025.01.31  
Cisco Secure Firewall 4200 (FP 4215, FP 4225, FP 4245) Series with FMC/FMCv (FMC1600, FMC2600, FMC4600, FMC1700, FMC2700, FMC4700) and (FMCv running on ESXi 7.0 on the Unified Computing System (UCS) UCSC-C220-M5, UCSC-C240-M5, UCSC-C480-M5, UCSC-C220-M6, UCSC-C225-M6, UCSC-C240-M6, UCSC-C220-M7, UCSC-C240-M7, UCS-E1100D-M6) as detailed in VID 11460 FTD 7.4 NIAP Validation Completed (at Gossamer) 2025.02.19  
Cisco Firepower 1000 (FP 1010, FP 1010E, FP 1120, FP 1140, FP 1150) Series with FMC/FMCv (FMC1600, FMC2600, FMC4600, FMC1700, FMC2700, FMC4700) and (FMCv running on ESXi 7.0 on the Unified Computing System (UCS) UCSC-C220-M5, UCSC-C240-M5, UCSC-C480-M5, UCSC-C220-M6, UCSC-C225-M6, UCSC-C240-M6, UCSC-C220-M7, UCSC-C240-M7, UCS-E1100D-M6) as detailed in VID 11496 FTD 7.4 NIAP Validation Completed (at Gossamer) 2025.02.19  

MACSEC Ethernet Encryption Devices

Click for Selection

Vendor Model Version CNSSP-11 Compliance Certification Date Notes
Aruba  Aruba 6300M and 8360v2 Switch Series  v10.11 NIAP Validation Completed (at Gossamer) 2024.04.22  
Cisco Catalyst 9200/9200L Series Switches  IOS-XE 17.12 NIAP Validation Completed (at Gossamer) 2024.07.26  
Aruba Aruba 6300M and 8360V2 Series Switches  Aruba OS-CX v10.11 NIAP Validation Completed (at Gossamer) 2024.04.22  
Cisco Catalyst 9200CX/9300X/9300LM/9500X Series Switches running IOS-XE 17.12 (

C9200CX-12T-2X2G, C9200CX-12P-2X2G, C9200CX-8P-2X2G, C9200CX-8UXG-2X, C9300X-48HX, C9300X-48TX, C9300X-NM-4C, C9300X-NM-8M, C9300X-NM-2C, C9300X-NM-8Y, C9300X-12Y, C9300X-24Y, C9300X-48HXN, C9300X-24HX, C9300LM-24U, C9300LM-48UX, C9300LM-48T, C9300LM-48U, C9500X-28C8D,C9500X-60L4D)

 IOS-XE 17.12 NIAP Validation Completed (at Gossamer) 2024.09.17  
Cisco Catalyst 9300/9300L/9400/9500/9600 Series Switches running IOS-XE 17.12 (

C9300L-48T-4G, C9300L-24T-4G, C9300L-24P-4G, C9300L-48P-4G, C9300L-24T-4X, C9300L-48T-4X, C9300L-24P-4X, C9300L-48P-4X, C9300L-48PF-4G, C9300L-48PF-4X, C9300L-24UXG-4X, C9300L-24UXG-2Q, C9300L-48UXG-4X, C9300L-48UXG-2Q, C9407R, C9404R , C9410R, C9400-SUP-1, C9400-SUP-1XL, C9400-SUP-1XL-Y, C9400-LC-48T, C9400-LC-24S, C9400-LC-48S, C9400-LC-24XS, C9400-LC-48P, C9400-LC-48U, C9400-LC-48UX, C9400-LC-48H, C9500-16X, C9500-32C, C9500-32QC, C9500-24Y4C, C9500-48Y4C, C9500-NM-8X, C9500-NM-2Q, C9606R, C9600-SUP-1, C9600-LC-24C,C9600-LC-48YL, C9600-LC-48TX, C9600-LC-24S)

 IOS-XE 17.12 NIAP Validation Completed (at Gossamer) 2024.08.20  
Persistent Systems LLC Wave Relay® Devices (WR-5100, WR-5200, WR-5250, WR-GVR5-SYS, WR-INT-ANT-SYS) v1.0 NIAP Validation Completed (at Gossamer) 2025.03.27  
CommScope Technologies LLC Ruckus FastIron ICX Series Switch/Router (ICX7550-48ZP, ICX7550-48P, ICX7550-48P, ICX-48F, ICX7650-48ZP, ICX7650-48P, ICX7650-48F, ICX7850-48FS) 10.0.10 NIAP Validation Completed (at Gossamer) 2024.07.23  
Cisco Aggregation Services Router 1000 Series (ASR1k), Catalyst 8200, 8300, 8500 Series Edge Routers (Cat8k) to include models C8500-12X, C8500-12X4QC, C8500L-8S4X, C8200-1N-4T w/MACsec NIMs C8200L-1N-4T, w/MACsec NIM 8300-1N1S-6T, C8300-1N1S-4T2X, C8300-2N2S-6T, C8300-2N2S-4T2X, ASR1006-X (ESP100-X, 200-X, RP3, MACsec NIM, EPAs) ASR1009-X (ESP100-X, 200-X, RP3, MACsec NIM, EPAs) as detailed in VID 11642 IOS-XE 17.15 NIAP Validation Completed (at Lightship Security) 2025.09.29  
Cisco Aggregation Services Router 9000 (ASR9k) to include models ASR-9006-SYS, ASR-9010-SYS, ASR-9902, ASR-9903, ASR-9904, ASR-9906, ASR-9910, ASR-9912, ASR-9922, A99-RP3, A9K-RSP5, A99-RP3-X, A9K-RSP5-X, A99-RP-F, A99-4GH-FLEX, A9K-4HG-FLEX, A9K-8HG-FLEX, A9K-20HG-FLEX, A99-10X400GE-X, A99-4T, A9903-8HG-PEC, A9903-20HG-PEC as detailed in VID 11484 IOS-XR 7.11 NIAP Validation Completed (at Lightship Security) 2025.01.23  
Cisco Catalyst 9300/9400/9500/9600 Series Switches (C9300-24T, C9300-48T, C9300-24P, C9300-48P, C9300-24U, C9300-48U, C9300-24UX, C9300-48UXM, C9300-48UN, C9300-24S, C9300-48S, C9300D-24UB, C9300D-48UB, C9300D-24UXB, C9300-24H, C9300-48H, C9300-NM-4G, C9300-NM-8X, C9300-NM-2Q, C9300-NM-4M, C9300-NM-2Y, C9300L-24T-4G, C9300L-48T-4G, C9300L-24P-4G, C9300L-48P-4G, C9300L-24T-4X, C9300L-48T-4X, C9300L-24P-4X, C9300L-48P-4X, C9300L-48PF-4G, C9300L-48PF-4X, C9300L-24UXG-4X, C9300L-24UXG-2Q, C9300L-48UXG-4X, C9300L-48UXG-2Q, C9300LM-24U, C9300LM-48UX, C9300LM-48T, C9300LM-48U, C9404R, C9407R, C9410R, C9400-SUP-1, C9400-SUP-1XL, C9400-SUP-1XL-Y, C9400-LC-24S, C9400-LC-48S, C9400-LC-24XS, C9400-LC-48P, C9400-LC-48T, C9400-LC-48U, C9400-LC-48UX, C9400-LC-48H, C9500-16X, C9500-32C, C9500-32QC, C9500-24Y4C, C9500-48Y4C, C9500-NM-8X, C9500-NM-2Q, C9606R, C9600-SUP-1, C9600-LC-24C, C9600-LC-48YL, C9600-LC-48TX, C9600-LC-24S) as detailed in VID 11581 IOS-XE 17.15 NIAP Validation Completed (at Gossamer) 2025.08.07  
Cisco Catalyst 8500 Series Edge Routers (C8500-20X6C) as detailed in VID 11637 IOS-XE 17.15 NIAP Validation Completed (at Lightship Security) 2025.08.29  

MDM

Click for Selections

Vendor Model Version CNSSP-11 Compliance Certification Date  Notes
Blackberry Ltd. BlackBerry UEM Server and Android Client  v12 NIAP Validation Completed (at Gossamer) 2024.05.23  
Samsung SDS - EMM and EMM Agent Android v2.2.5 NIAP Validation Completed (at Gossamer) 2025.12.05  

Session Border Controller

Click for Selections

Vendor Model Version CNSSP-11 Compliance
       

Enterprise Session Controller (aka SIP Server)

Click for Selections

Vendor Model Version CNSSP-11 Compliance Certification Date Notes
           

Software Full Drive Encryption

Click for Selections

Vendor Model Version CNSSP-11 Compliance Certification Date Notes

Curtiss-Wright Defense Solutions

 Data Transport System 1-Slot Software Encryption Layer

v3.01.00

NIAP Validation Completed (at Gossamer)

 2023.04.04  
KLC Group LLC CipherDriveOne Kryptr v1.1.0 NIAP Validation Completed (at Lightship Security) 2024.04.29  
Curtiss-Wright Defense Solutions Data Transport System 1-Slot Plus Software Encryption Layer v1.01.00 NIAP Validation Completed (at Gossamer) 2024.04.29  
NetApp NetApp Volume Encryption (NVE) ONTAP 9.14.1 NIAP Validation Completed (at Leidos) 2024.11.18 AA and EE 
Curtiss Wright Defense Solutions  HSR10 CSFC Software Encryption Layer  v1.1.0 NIAP Validation Completed (at Gossamer) 2024.11.01 AA and EE
CACI Archon Linux Unified Key Setup (LUKS) v3.0.0.2 NIAP Validation Completed (at Acumen Security) 2025.05.19 AA and EE
Ampex Running Red Hat Enterprise Linux 8.8 executing on an Intel Xeon D-1746TER (Ice Lake/Sunny Cove) CPU v1.10 NIAP Validation Completed (at Gossamer) 2025.08.18 AA and EE
L3Harris Common Data Loader, as detailed in VID 11503 v02.01 NIAP Validation Completed (at Gossamer) 2024.12.23 AA and EE

TLS Protected Servers

Click for Selections

Vendor Model Version CNSSP-11 Compliance Certification Date Notes
Adtran Networks North America Adtran FSP 3000R7 Network Element

r22.2.2

 NIAP Validation Completed (at Booz Allen) 2024.03.28  
F5, Inc. BIG-IP including APM v17.1.0.1 NIAP Validation Completed (at Atsec) 2024.11.10  
F5, Inc. BIG-IP including SSLO  v17.1.0.1 NIAP Validation Completed (at Atsec) 2024.10.11  
F5, Inc.

BIG-IP including AFM

v17.1.0.1 

 NIAP Validation Completed (at Atsec) 2024.10.11 Administrative Guide Document (AGD) Appendix for CSfC Transport Layer Security (TLS) Protected Server Use Case
F5, Inc. BIG-IP including SSLO v16.1.3.1 NIAP Validation Completed (at Atsec) 2024.04.16 Administrative Guide Document (AGD) Appendix for CSfC Transport Layer Security (TLS) Protected Server Use Case

TLS Software Applications

Click for Selections

Note: Components listed here are validated for their ability to establish a TLS connection as specified in the Capability Packages.  Additional functionality not described within the Capability Packages and evaluated by the Protection Profile for Application Software are beyond the scope of CSfC approval.

Vendor Model Version CNSSP-11 Compliance Certification Date Notes
Hypori, Inc Hypori Halo Client for Android  v4.3 NIAP Validation Completed (at Leidos) 2024.02.20  
Hypori, Inc Hypori Halo Client for IOS v4.3 NIAP Validation Completed (at Leidos) 2024.03.04  
Hypori, Inc Hypori Halo Client for Windows v4.3 NIAP Validation Completed (at Leidos)  2024.03.21  

Traffic Filtering Firewall

Click for Selections

Vendor Model Version CNSSP-11 Compliance Certification Date Notes
Juniper vSRX3.0 Junos OS 22.2R2 NIAP Validation Completed (at Acumen) 2024.01.22  
Juniper  Junos OS 22.2R1 for SRX Series (SRX300, SRX320, SRX340, SRX345, SRX345-DUAL-AC, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800) 22.2R1 NIAP Validation Completed (at Teron Labs) 2023.10.13  
Klas Klas OS Keel 5.4.0 running on VoyagerVMM, TRX R2, and Voyager VM3.0 5.4.0 NIAP Validation Completed (at Acumen) 2024.07.16  
Palo Alto Networks  Next Generation Firewall (PA-410, PA-410R-5G, PA-415, PA-415-5G, PA-440, PA-445, PA-450, PA-450R, PA-450R-5G, PA-455, PA-460, PA-820, PA-850, PA-1410, PA-1420, PA-3220, PA-3250, PA-3260, PA-3410, PA-3420, PA-3430, PA-3440, PA-5220, PA-5250, PA-5260, PA-5280, PA-5410, PA-5420, PA-5430, PA-5440, PA-5445, PA-5450, PA-7050, PA-7080, PA-7500, VM-50, VM-100, VM-300, VM-500, VM-700  PAN-OS 11.1  NIAP Validation Completed (at Leidos) 2024.09.19  
F5, Inc. BIG-IP including AFM  v17.1.0.1 NIAP Validation Completed (at Atsec)  2024.11.10  
Cisco  Adaptive Security Appliances (ASA)  on Firepower 1000 Series (FPR 1010, FPR 1010E, FPR 1120, FPR 1140, FPR 1150) ASA 9.20 NIAP Validation Completed (at Gossamer) 2024.11.14  
Cisco Adaptive Security Appliance (ASA) on Firepower 2100 Series (FPR 2110, FPR 2120, FPR 2130, FPR 2140) ASA 9.20 NIAP Validation Completed (at Gossamer) 2024.11.14  
Cisco Adaptive Security Appliance (ASA) on Secure Firewall 3100 Series (FPR 3105, FPR 3110, FPR 3120, FPR 3130, FPR 3140) ASA 9.20 NIAP Validation Completed (at Gossamer) 2025.01.06  
Juniper  SRX1600

Junos OS 23.4R1

 NIAP Validation Completed (at Teron) 2025.03.18  
Cisco Firepower 4100 and 9300 Security Appliances (4112, 4115, 4125, 4145, SM-40, SM-48, SM-56 as detailed in VID 11512) ASA 9.20 NIAP Validation Completed (at Gossamer) 2025.01.10 CSfC solution owners should deploy this component on ESXi 8.0 (VID 11533) and submit a deviation request for the applicable NIAP-evaluated configuration Product Selection Capability Package requirement.
Cisco ESXi 7.0 and Cisco USC-C and E series (ASAv5, ASAv10, ASAv30, ASAv50, ASAv100 running on VMware ESXi 7.0 on Unified Computing System (UCS) UCSC-C220-M5, UCSC-C240-M5, UCSC-C480-M5, UCSC-C220-M6, UCSC-C225-M6, UCSC-C240-M6, UCSC-C220-M7, UCSC-C240-M7, and UCS-E1100D-M6) ASA v9.20 NIAP Validation Completed (at Gossamer) 2024.01.06 CSfC solution owners should deploy this component on ESXi 8.0 (VID 11533) and submit a deviation request for the applicable NIAP-evaluated configuration Product Selection Capability Package requirement.
Cisco FMC1600, FMC2600, FMC4600, FMC1700 and FMC4700, UCSC-C220-M5, UCSC-C240-M5, UCSC-C480-M5, UCSC-C220-M6, UCSC-C225-M6, UCSC-C240-M6, UCSC-C220-M7, UCSC-C240-M7and UCS-E1100D-M6 and general purpose computing platform with Intel Xeon D-1746TER (Ice Lake) processor, as detailed in VID 11510  FTDv 7.4  NIAP Validation Completed (at Gossamer) 2025.03.18  
Cisco Firepower 2100 Series with FMC/FMCv (FP2110, FP2120, FP2130, FP2140, FMC1600, FMC2600, FMC4600, FMC1700, FMC2700, FMC4700); FMCv running ESXi 7.0 on the Unified Computing System (UCS) UCSC-C220-M5, UCSC-C240-M5, UCSC-C480-M5, UCSC-C220-M6, UCSC-C225-M6, UCSC-C240-M6, UCSC-C220-M7, UCSC-C240-M7, UCSC-E1100D-M6 as detailed in VID 11497 FTD 7.4 NIAP Validation Completed (at Gossamer) 2025.02.28  
Cisco Secure Firewall 3100 Series (3105, 3110, 3120, 3130, 3140) with FMC-FMCv (FMC1600, FMC2600, FMC4600, FMC1700, FMC2700, FMC4700) as detailed in VID 11458 FTD/FMC/FMCv
v7.4		 NIAP Validation Completed (at Gossamer) 2025.01.31  
SonicWall SonicWall OS/X v7.0.1 with VPN and IPS on NSsp 15700 as detailed in VID 11528 Sonic OS/X v7.0.1 NIAP Validation Completed (at Acumen) 2025.04.25  

VoIP Applications

Click for Selections

Vendor Model Version CNSSP-11 Compliance Certification Date Notes
Blackberry SecuSUITE and SteelBox v5.0 NIAP Validation Completed (at Gossamer) 2022.12.09  

Web Browsers

Click for Selections

Vendor Model Version CNSSP-11 Compliance

WIDS/WIPS

There is currently no WIDS/WIPS Selection document.

Vendor Model Version CNSSP-11 Compliance Certification Date Notes


WLAN Access System

Click for Selections

Vendor Model Version CNSSP-11 Compliance Certification Date Notes
Cisco Cisco Catalyst 9800 Series Wireless Controllers and Access Points running IOS-XE 17.6  (Cisco 9800-80-K9 Wireless Controller, Cisco 9800-40-K9 Wireless Controller, Cisco 9800-L Wireless Controller: C9800-L-F-K9, C98000L-C-K9 with Cisco Catalyst 9130 Series Wifi 6 Access Points (x=regulatory domain): C9130AXI-x, C9130AXE-x, C1930AXE-STA-x, Cisco Catalyst 9120 Series Wi-fi 6 Access Points (x= regulatory domain): C9120AXI-x, C9120AXE-x, C9120AXP-x, Cisco Catalyst 9115 Series Wi-fi 6 Access Points (x= regulatory domain): C9115AXI-x, C9115AXE-x Cisco Catalyst 9105 Series Wi-fi Access Points (x=regulatory domain): C9105AXI-x, C9105AXW-x, C9105AXIT-x, C9105AXWT-x IOS-XE 17.6 NIAP Validation Completed (at Lightship Security) 2023.03.20  
Cisco C9800-40, C9800-80, C9800-L, C9800-CL (Catalyst Access Points C9124, C9130, C9136, CW9162, CW9164, CW9166, IW6300, ESW6300, IW9167 Series Access Points) as detailed in VID 11456 IOS-XE 17.12 NIAP Validation Completed (at Lightship Security) 2025.04.10  

WLAN Client

All validated End User Device / Mobile Platform components include validated WLAN Client implementations