HomeResources For …EveryoneCommercial Solutions for Classified ProgramComponents List

Components List

Skip to Components List Index

Customers select products from this listing to satisfy the reference architectures and configuration information contained in published Capability Packages. Customers must ensure that the components selected will permit the necessary functionality for the selected architecture.

Non NIAP-approved components used in solutions may be listed on the CSfC Components List provisionally until a US Government approved Protection Profile for the technology is available. Once the Protection Profile is available, the company has six months to enter into a Memorandum of Agreement with NSA to remain listed as a CSfC component.

For some technologies, the CSfC program requires specific, selectable requirements to be included in the Common Criteria evaluation validating that the product complies with the applicable NIAP-approved protection profile(s). Some selections, which are not required for the product to be listed on the NIAP Product Compliant List, are mandatory selections for products that are to be listed on the CSfC Components List.

To see the selectable requirements, go to the CSfC Components List and click on the links for IPSec VPN Gateways, IPSec VPN Clients, WLAN Clients, WLAN Access Systems, Certificate Authorities, MDM, SW FDE, Mobile Platforms, SIP Servers and VoIP Applications.

Open source components may be listed, provided they have a responsible sponsor, and an NSA-approved plan for, taking a component through Common Criteria evaluation and sustainment of the component. Customers wishing to use open source components should contact csfc_components@nsa.gov with their evaluation and sustainment plans and the responsible parties for each.

Questions regarding the CSfC Components List may be directed to csfc_components@nsa.gov.

Which Protection Profiles are Published and in Development?

For a current listing of NIAP approved U.S. Government Protection Profiles, go to http://www.niap-ccevs.org/pp/.

For a listing of U.S. Government Protection Profiles currently in development, go to http://www.niap-ccevs.org/Profile/InDraft.cfm.

Additional information about NIAP and the Common Criteria Evaluation and Validation Scheme can be found at http://www.niap-ccevs.org/.

What is the Process to get a Commercial Product CSfC-Listed?

Vendors who wish to have their products eligible as CSfC components of a composed, layered IA solution must build their products in accordance with the applicable US Government approved Protection Profile(s) and submit their product using the Common Criteria Process.

The vendor will enter into a Memorandum of Agreement (MoA) with NSA. The MoA specifies that the vendor's product must be NIAP certified and that the vendor agrees to fix vulnerabilities in a timely fashion. The MoA may also reference technology-specific selections for NIAP testing.

Interested vendors must complete and submit the CSfC Questionnaire (PDF) for each product. Please submit completed questionnaires to csfc_components@nsa.gov.

An Update to the Manufacturer Diversity Requirement

The manufacturer diversity requirement for CSfC layered solutions has been modified to permit, subject to certain conditions, single-manufacturer implementations of both layers. The manufacturer must show sufficient independence in the code base and cryptographic implementations of the products used to implement each layer. To demonstrate this, a manufacturer must document the similarities and differences between the two products, to include cryptographic hardware components, software code base (i.e. operating system), software cryptographic libraries, and development teams. It is a fundamental requirement that the code bases of the two products be significantly different. Additionally, the vendor must document measures taken to ensure that supply chain risk is no greater than would be the case for products from two different vendors. NSA will review the information and determine whether the documentation is sufficient to meet the requirements for independent layers. Manufacturer diversity will continue to be accepted to constitute independent layers.

Vendors who wish to submit a statement may do so at csfc_components@nsa.gov.


Components List Index

 


 

Authentication Server

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance

Aruba

Clearpass Policy Manager

6.7.3

NIAP Validation Completed (at Gossamer)

Cisco

Identity Services Engine v2.2 on the 3415, 3515, 3495 and 3595 Appliances

ADE-OS v2.2

NIAP Validation Completed (at Acumen)


Certificate Authority

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance
Information Security Corporation CertAgent 7.0 NIAP Validation Completed (at DXC Technology)
Red Hat, Inc. Red Hat Certificate System v9.4 RHEL v7.6 NIAP Validation Completed (at Gossamer)

E-mail Clients

Click for Selections

 


End User Device / Mobile Platform

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance
Apple iOS 12 (iPhone and iPad devices using the A8, A8X, A9, A9X, A10 Fusion, A10X Fusion, A11 Bionic, A12 Bionic and A12X Bionic processors as validated on the iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus, iPhone X, iPhone Xs, iPhone XS Max, iPhone Xr, iPhone SE, iPad mini 4, iPad Air 2, iPad Pro 12.9, iPad 9.7, iPad Pro 9.7, iPad Pro 10.5 and iPad Pro 11) iOS 12 NIAP Validation Completed (at ATSEC)
Apple iOS 11 (iPhone and iPad devices using the A7, A8, A8X, A9, A9X, A10 Fusion, A10X Fusion and A11 Bionic processors as validated on the iPhone 5s, iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus, iPhone X, iPhone SE, iPad mini 3, iPad mini 4, iPad Air 2, iPad Pro 12.9, iPad Pro 9.7, iPad and iPad Pro 10.5) iOS v.11.2 NIAP Validation Completed (at ATSEC)
Blackberry Blackberry Smartphones 10.3.3 NIAP Validation Completed (at EWA Canada)
Samsung Research America Samsung Galaxy Devices on Android 7.1 (Galaxy Note 8, Galaxy Tab Active2) Android 7.1 NIAP Validation Completed (at Gossamer)
Samsung Research America Samsung Galaxy Devices on Android 8 (Galaxy S8, Galaxy S8+, Galaxy S8 Active, Galaxy Note8, Galaxy S9, Galaxy S9+, Galaxy S9 Tactical Edition) Android 8 NIAP Validation Completed (at Gossamer)
Samsung Research America Samsung Galaxy Devices with Android 8 & 8.1 (Galaxy Tab S3, Galaxy Tab S4, Galaxy S7, Galaxy S7 Edge, Galaxy S7 Active, Galaxy Note9) Android 8 and 8.1 NIAP Validation Completed (at Gossamer)
Samsung Research America Samsung Galaxy Devices with Android 9 (Galaxy Tab S4, Galaxy S8, Galaxy Note8, Galaxy S9, Galaxy Note9, Galaxy S10, Galaxy S10+, Galaxy S10E and Galaxy Fold) Android 9 NIAP Validation Completed (at Gossamer)

 


File Encryption

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance
Dell Data Protection Encryption Personal Edition 8.14.0 NIAP Validation Completed (at EWA Canada)
KeyW Corp. KeyW BlackBerry Suite B Data at Rest Version 1.2.2.1 NIAP Validation Completed (at Gossamer)
Monkton, Inc. Monkton IA Docs Reinforced by Rebar iOS 10.0.0 NIAP Validation Completed (at Acumen)
Trivalent Trivalent Protect for Android Version 2.6 NIAP Validation Complete (at Gossamer Security Solutions)

Hardware Full Drive Encryption

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance
Curtiss-Wright Defense Solutions DTS1 Hardware Encryption Layer Version 1.0 NIAP Validation Completed (at Gossamer)
Curtiss-Wright Defense Solutions Compact Network Storage 4-Slot (CNS4) Hardware Encryption Layer Version A1 NIAP Validation Completed (at Gossamer)
Mercury Systems ASURRE-Stor Solid State Self-Encrypting Drive Version 3.0 NIAP Validation Completed (at UL Verification Services)

IPS

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance
Cisco FirePOWER (FPR 7010, FPR7020, FPR 7030, FPR 7050, FPR 7110, FPR 7115, FPR 7120, FPR 7125, FPR 8350, FPR 8370, FPR 8390, FMC 750, FMC 2000, FMC 4000, FMCv and NGIPSv) Version 6.1 NIAP Validation Completed (at Gossamer)
Cisco Firepower Threat Defense on ASA and Virtual Firepower Threat Defense (5506-X, 5506H-X, 5506W-X, 5508-X, 5512-X, 5515-X, 5516-X, 5525-X, 5545-X, 5555-X with FirePOWER Services and FTDv) Version 6.2 NIAP Validation Completed (at Gossamer)
Cisco Firepower Threat Defense v6.2 and FX-OS v2.2 on the 4k and 9k Families (FPWR 4110, FPWR 4120, FPWR 4140, FPWR 4150, FPWR 9300 SM-24, FPWR 9300 SM-36 and FPWR 9300 SM-44) FTD v6.2 NIAP Validation Completed (at Gossamer)
Cisco Firepower Threat Defense v6.2 and FX-OS v2.2 on the 2k Families (FPWR 2110, FPWR 2120, FPWR 2130, FPWR 2140) FTD v6.2 NIAP Validation Completed (at Gossamer)
Cisco Firepower NGIPS/NGIPSv with FireSIGHT (FMC) and FMCv (Cisco Firepower NGIPS 6.2 (on Cisco FirePOWER 7000 Series, 8000 Series and Cisco AMP Appliances), and NGIPSv 6.2 (on ESXi 5.5 or 6.0 on Cisco UCS B200-M4, B200-M5, C220-M4S, C220-M5, C240-M5, C240-M4SX, C240-M4L, C460-M4, C480-M5, EN120S-M2/K9, EN120E-208/KP, E140S-M2/k9, E160S-M3, and E180D-M2/K9 installed on ISR), with FMC 6.2 (on Cisco FireSIGHT FS750, FS1000, FS2000, FS2500, FS4000, and FS4500) or FMCv 6.2 (on ESXi 5.5 or 6.0 on Cisco UCS B200-M4, B200-M5, C220-M4S, C220-M5, C240-M5, C240-M4SX, C240-M4L, C460-M4, C480-M5, EN120S-M2/K9, EN120E-208/KP, E140S-M2/k9, E160S-M3, and E180D-M2/K9 installed on ISR) Version 6.2 NIAP Validation Ongoing (at Gossamer)
Fortinet FortiGate UTM Appliances (VM, 50E, 51E, 52E, 60E, 60E-PoE, 61E, 80E, 81E, 81E-PoE, 90D, 100D, 100E, 101E, 200D, 200E, 201E, 300D, 500D, 600D, 900D, 1000D, 1200D, 1500D, 2000E, 2500E, 3000D, 3100D, 3200D, 3700D, 3810D, 3815D, 5000 and 50001D series) FortiWiFi Appliances (50E, 51E, 60E, 61E) FortiOS 5.4.4 NIAP Validation Completed (at BAE Systems)
Juniper SRX Product Series: SRX300, SRX320, SRX340, SRX345, SRX550M, SRX5400, SRX5600 and SRX5800 JUNOS 17.4R1 NIAP Validation Completed (at BAE Systems)
Juniper SRX Product Series: SRX1500, SRX4100 and SRX4200 JUNOS 17.4R1 NIAP Validation Completed (at BAE Systems)
Juniper SRX 4600 Product Series Junos OS 18.1R1 Common Criteria Validation Ongoing (at BAE Systems)
Juniper vSRX Junos OS 17.4R1 NIAP Validation Completed (at Acumen)
SonicWall SonicOS Enhanced v6.5.2 with VPN and IPS on TZ, SOHOW, NSA and SM Appliances (TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500. TZ 500W, TZ 600, SOHOW, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, NSA 9250, NSA 9450, NSA 9650, SM 9200, SM 9400, SM 9600 and SM 9800) Version 6.5.2 NIAP Validation Completed (at Acumen)

IPSec VPN Client

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance
Apple iOS 12 (iPhone and iPad devices using the A8, A8X, A9, A9X, A10 Fusion, A10X Fusion, A11 Bionic, A12 Bionic and A12X Bionic processors as validated on the iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus, iPhone X, iPhone Xs, iPhone XS Max, iPhone Xr, iPhone SE, iPad mini 4, iPad Air 2, iPad Pro 12.9, iPad 9.7, iPad Pro 9.7, iPad Pro 10.5 and iPad Pro 11) iOS 12 NIAP Validation Completed (at ATSEC)
Apple iOS 11 VPN Client on iPhone and iPad Devices (using the A7, A8, A8X, A9, A9X, A10, A10X and A11 processors as validated on the iPhone 5s, iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus, iPhone X, iPhone SE, iPad mini 3, iPad mini 4, iPad Air 2, iPad Pro 12.9", iPad Pro 9.7", iPad, iPad 10.5) iOS 11 NIAP Validation Completed (at Acumen)
Aruba VIA Version 3.0 NIAP Validation Completed (at Gossamer)
Blackberry Blackberry Smartphones 10.3.3 NIAP Validation Completed (at EWA Canada)
Cisco AnyConnect Secure Mobility Client for Apple iOS 11.2 Version 4.7 NIAP Validation Completed (at Gossamer)
Cisco AnyConnect Secure Mobility Client for Apple iOS Version 4.6 NIAP Validation Completed (at Gossamer)
Cisco AnyConnect Secure Mobility Client for Windows 10 Version 4.7 NIAP Validation Completed (at Gossamer)
Cisco  AnyConnect Secure Mobility Client for Android Version 4.7 NIAP Validation Completed (at Gossamer)
Cog Systems D4 Secure, HTC A9 Version 1.0 NIAP Validation Completed (at Gossamer)
Microsoft Windows VPN Client Windows 10 NIAP Validation Completed (at Leidos)
Oceus Networks Xiphos TMD SafeMove Android 6 In Contracting Phase
Samsung Research America Samsung Galaxy VPN Client on Android 7.1 (Galaxy Note 8, Galaxy Tab Active2) Android 7.1 NIAP Validation Completed (at Gossamer)
Samsung Research America Samsung Galaxy Devices on Android 8 (Galaxy S8, Galaxy S8+, Galaxy S8 Active, Galaxy Note 8, Galaxy S9, Galaxy S9+, Galaxy S9 Tactical Edition) Android 8 NIAP Validation Completed (at Gossamer)
Samsung Research America Samsung Galaxy Devices with Android 8 & 8.1 (Galaxy Tab S3, Galaxy Tab S4, Galaxy S7, Galaxy S7 Edge, Galaxy S7 Active, Galaxy Note 9) Android 8 & 8.1 NIAP Validation Completed (at Gossamer)
Samsung Research America Samsung Galaxy Devices with Android 9 (Galaxy Tab S4, Galaxy S8, Galaxy Note8, Galaxy S9, Galaxy Note9, Galaxy S10, Galaxy S10+, Galaxy S10E and Galaxy Fold) Android 9 NIAP Validation Completed (at Gossamer)

IPsec VPN Gateway

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance

Apriva

Apriva MESA VPN

Version 2.0

NIAP Validation Ongoing (at UL Verification Services)

Architecture Technology Corporation Compact Rugged Router CRR-1000 V1.0 NIAP Validation Completed (at UL Verification Services)
Aruba Virtual Mobility Controller   NIAP Validation Completed (at CSC Australia)
Aruba 600 Series Mobility Controllers Aruba OS 6.5-FIPS NIAP Validation Completed (at CSC Australia)
Aruba 3000 Series Mobility Controllers Aruba OS 6.5-FIPS NIAP Validation Completed (at CSC Australia)
Aruba 6000 Series Mobility Controllers Aruba OS 6.5-FIPS NIAP Validation Completed (at CSC Australia)
Aruba 7000 Series Mobility Controllers Aruba OS 6.5-FIPS NIAP Validation Completed (at CSC Australia)
Aruba Aruba Mobility Controller Series (7005, 7008, 7010, 7020, 7030, 7205, 7210, 7220, 7240, 7280 and MC-VA) Aruba OS 8.2 NIAP Validation Ongoing (at Gossamer)
Aruba Aruba Remote Access Point Series with Aruba Mobility Controllers (AP-203R, AP-203RP, AP-205H and AP-303H with Mobility Controllers 7205, 7210, 7220, 7240 and 7240XM)  Aruba OS 8.2 NIAP Validation Ongoing (at Leidos)
Attila Security SilentEdge Enterprise Server and GoSilent Client Debian 9 Linux NIAP Validation Ongoing (at Acumen)
Cisco ISR 1100 Product Series (ISR 1101, ISR 1109, ISR 1111, ISR 1112, ISR 1113, ISR 1116, ISR 1117 and ISR 1118) IOX-XE 16.9 NIAP Validation Completed (at Acumen)
Cisco 1905, 1921, 1941, 2901, 2911, and 2921 Integrated Services Routers 15.5(3)M IOS NIAP Validation Completed (at Leidos)
Cisco 2951, 3925, and 3945 Integrated Services Routers 15.5(3)M IOS NIAP Validation Completed (at Leidos)
Cisco 3925E and 3945E Integrated Services Routers 15.5(3)M IOS NIAP Validation Completed (at Leidos)
Cisco 4351, 4331, 4321 Integrated Services Routers IOS XE 3.13.2 NIAP Validation Completed (at CGI)
Cisco ASA 5500 Series (5506-X, 5506H-X, 5506W-X, 5508-X, 5516-X, 5525-X, 5545-X, 5555-X and ASA on FPWR 1000, 2110, 2120, 2130, 2140, 4110, 4120, 4140, 4150, 9300 SM-24, 9300 SM-36, and 9300 SM-44) v9.8 NIAP Validation Completed (at Gossamer)
Cisco ASAv (ASAv5, ASAv10, ASAv30, ASAv50) running ESXi 5.5 or 6.0 and NFVIS 3.5.1 on the UCS B200-M4, B200-M5, C220-M4S, C220-M5, C240-M5, C240-M4SX, C240-M4L, C460-M4, C480-M5, E140S-M2/K9, E160S-M3 and E180D-M2K9 installed on ISR and ASAv running on NFVIS 3.5.1 on the ENCS 5406, 5408 and 5412 v9.8 NIAP Validation Completed (at Gossamer)
Cisco Aggregation Services Router 1000 Series (ASR1K) (ASR 1001-X, ASR 1001-HX, ASR 1002-HX, ASR 1006-X(ESP 100, RP2/3), ASR 1009-X(ESP 100/200, RP2/3), ASR 1013(ESP 100/200, RP2/3) w/ MACsec EPAs: ASR1000-MIP100, 18X1GE, 10X0GE, 1X100GE, CPAK-2X40GE, 1X100GE QSFP+, 2X40GE QSFP+, 1X40GE QSFP+) IOS-XE 16.9 NIAP Validation Completed (at Acumen)
Cisco ESR 5900 Series (5915, 5921, 5940) 15.7M NIAP Validation Completed (at Acumen)
Cisco Integrated Services Router 4000 Series (ISR4K) (ISR 4221, ISR 4321, ISR 4331, ISR 4351, ISR 4431, ISR 4451, ISR 4461 w/MACsec NIMs: NIM-1GE-CU-SFP, NIM-2GE-CUSFP) IOS-XE 16.9 NIAP Validation Ongoing (at Acumen)
Cisco NGFW running ASA v9.8 and FX-OS v2.2 on the 4K and 9K families (FP 4110, FP4120, FP 4140, FP 4150, FPWR 9300 SM-24, FPWR 9300 SM-36, FPWR 9300 SM-44) ASA v9.8 NIAP Validation Completed (at Gossamer)
Cisco NGFW running ASA v9.8 and FX-OS v2.2 on the Firepower 2100 Series (2110, 2120, 2130 and 2140) ASA v9.8 NIAP Validation Completed (at Gossamer)
Cisco ASR 1000 Product Series (1001-X, 1001-HX, 1002-X, 1002-HX, 1006, 1006-X, 1009-X and 1013) IOS v16.3 NIAP Validation Completed (at Acumen)
Cisco Cloud Service Router 1000v and Aggregation Services Router (ASR) 1000 Series (ASR 1002X, ASR 1006, ESP 100, RP2 and CSR1000V IOS-XE 16.3 NIAP Validation Completed (at Acumen)
Cisco Cloud Services Router (CSR) 1000v running on ESXi 6.0 Release 2 IOS-XE 16.9 NIAP Validation Completed (at Acumen)
Cisco Firepower 4100 9.6 and 9300 9.6 with FX-OS v2.0 ASA v9.6 NIAP Validation Completed (at Gossamer)
Cisco Firepower Threat Defense on ASA and Virtual Firepower Threat Defense (5506-X, 5506H-X, 5506W-X, 5508-X, 5512-X, 5515-X, 5516-X, 5525-X, 5545-X, 5555-X with FirePOWER Services and FTDv) ASA v6.2 NIAP Validation Completed (at Gossamer)
Cisco Firepower Threat Defense v6.2 and FX-OS v2.2 on the 4k and 9k Families (FPWR 4110, FPWR 4120, FPWR 4140, FPWR 4150, FPWR 9300 SM-24, FPWR 9300 SM-36 and FPWR 9300 SM-44) FTD v6.2 NIAP Validation Completed (at Gossamer)
Cisco Firepower Threat Defense v6.2 and FX-OS v2.2 on the 2k Families (FPWR 2110, FPWR 2120, FPWR 2130, FPWR 2140) FTD v6.2 NIAP Validation Completed (at Gossamer)
Cisco ISR 1100 Product Series: 1111, 1112, 1113, 1114, 1115, 1116, 1117 and 1118 IOS-XE 16.6 NIAP Validation Completed (at Acumen)
Cisco ISR 4000 Product Series (4321, 4331, 4351, 4431 and 4451) IOS v16.3 NIAP Validation Completed (at Acumen)
Cisco NGFW running ASA v9.8 and FX-OS v2.2 on the Firepower 2100 Series (2110, 2120, 2130 and 2140) ASA v9.8 NIAP Validation Ongoing (at Gossamer)
Fortinet FortiGate UTM Appliances (VM, 50E, 51E, 52E, 60E, 60E-PoE, 61E, 80E, 81E, 81E-PoE, 90D, 100D, 100E, 101E, 200D, 200E, 201E, 300D, 500D, 600D, 900D, 1000D, 1200D, 1500D, 2000E, 2500E, 3000D, 3100D, 3200D, 3700D, 3810D, 3815D, 5000 and 50001D series) FortiWiFi Appliances (50E, 51E, 60E, 61E) FortiOS 5.4.4 NIAP Validation Completed (at BAE Systems)
General Dynamics C4 Systems Fortress Mesh Point ES210, ES520, ES820, ES2440 Product Series Rev 5.4.3.1608 NIAP Validation Completed (at InfoGard)
Juniper SRX Product Series: SRX300, SRX320, SRX340, SRX345, SRX550M, SRX5400, SRX5600 and SRX5800 JUNOS 17.4R1 NIAP Validation Completed (at BAE Systems)
Juniper SRX Product Series: SRX1500, SRX4100 and SRX4200 JUNOS 17.4R1 NIAP Validation Completed (at BAE Systems)
Juniper SRX 4600 Product Series Junos OS 18.1R1 Common Criteria Validation Ongoing (at BAE Systems)
Juniper vSRX Junos OS 17.4R1 NIAP Validation Completed (at Acumen)
Klas Telecom Government Klas Voyager Version 1.0 NIAP Validation Completed (at UL Verification Services Inc)
PacStar PacStar 351, 451, 455 and 551 with Cisco ASAv V9.6 NIAP Validation Completed (at Acumen)
Palo Alto Networks Next Generation Firewall (PA-200, PA-220, PA-220R, PA-500, PA-820, PA-850, PA-2050, PA-3020, PA-3050, PA-3060, PA-3220, PA-3250, PA-3260, PA-5020, PA-5050, PA-5060, PA-5220, PA-5250, PA-5260, PA-5280, PA-7050, PA-7080) PAN-OS 8.0.12 and PAN-OS 8.0.6 and PAN-OS 8.1.3 NIAP Validation Completed (at Leidos)
Palo Alto Networks VM-50, VM-100, VM-200, VM-300, VM-500, VM-700 and VM-1000-HV when installed using VMWare ESXi 5.5, KVM, Microsoft Hyper-V and Intel Xeon processor based on Ivy Bridge, Broadwell or Haswell microarchitectures, which implement Intel Secure Key either on Dell PowerEdge R730 and PacStar PS451 servers or equivalent platforms; i.e, Intel Ivy Bridge, Broadwell or Haswell-based processor with Broadcom or Intel Networks Interface Controllers supported by the server. The VM-series virtual appliance must be the only guest running in the virtual environment. PAN-OS 8.0.12 and PAN-OS 8.0.6 and PAN-OS 8.1.3 NIAP Validation Completed (at Leidos)
Ruckus Networks ICX 7450 Router V8.0.7.0 NIAP Validation Completed (at Gossamer)
SonicWall SonicOS Enhanced v6.5.2 with VPN and IPS on TZ, SOHOW, NSA and SM Appliances (TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500. TZ 500W, TZ 600, SOHOW, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, NSA 9250, NSA 9450, NSA 9650, SM 9200, SM 9400, SM 9600 and SM 9800) Version 6.5.2 NIAP Validation Completed (at Acumen)

MACSEC Ethernet Encryption Devices

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance
Cisco ASR 1000 Product Series (1001-X, 1001-HX, 1002-X, 1002-HX, 1006-X, 1009-X and 1013) IOS v16.3 NIAP Validation Completed (at Acumen)
Cisco ASR 9000 Product Series (9004, 9006, 9010, 9912 and 9922) 6.1 NIAP Validation Completed (at Acumen)
Cisco Aggregation Services Router 1000 Series (ASR1K) (ASR 1001-X, ASR 1001-HX, ASR 1002-HX, ASR 1006-X(ESP 100, RP2/3), ASR 1009-X(ESP 100/200, RP2/3), ASR 1013(ESP 100/200, RP2/3) w/ MACsec EPAs: ASR1000-MIP100, 18X1GE, 10X0GE, 1X100GE, CPAK-2X40GE, 1X100GE QSFP+, 2X40GE QSFP+, 1X40GE QSFP+) IOS-XE 16.9 NIAP Validation Completed (at Acumen)
Cisco Catalyst 3650 and 3850 Series Switches IOS-XE 16.3 NIAP Validation Completed (at Acumen)
Cisco Catalyst 9300 and 9500 Series Switches IOS-XE 16.6 NIAP Validation Completed (at Acumen)
Cisco ISR 4000 Product Series (4321, 4331, 4351, 4431 and 4451) IOS v16.3 NIAP Validation Completed (at Acumen)
Cisco Integrated Services Router 4000 Series (ISR4K) (ISR 4221, ISR 4321, ISR 4331, ISR 4351, ISR 4431, ISR 4451, ISR 4461 w/MACsec NIMs: NIM-1GE-CU-SFP, NIM-2GE-CUSFP) IOS-XE 16.9 NIAP Validation Ongoing (at Acumen)
Cisco Catalyst 3650 and 3850 Series Switches (WS-C3650-24TS, WS-C3650-48TS, WS-C3650-24PS, WS-C3650-48PS, WS-C3650-48FS, WS-C3650-24TD, WS-C3650-48TD, WS-C3650-24PD, WS-C3650-48PD, WS-C3650-48FD, WS-C3650-48TQ, WS-C3650-48PQ, WS-C3650-48FQ, WS-C3850-24T, WS-C3850-48T, WS-C3850-24P, WS-C3850-48P, WS-C3850-48F, WS-C3850-24U, WS-C3850-48U, WS-C3850-12S AND WS-C3850-24S) IOS-XE 16.9 NIAP Validation Completed (at Acumen)
Cisco Catalyst 9300 and 9500 Series Switches (C9300-24T, C9300-48T, C9300-24P, C9300-48P, C930024U, C930024UX and C9500-12Q, C9500-24Q, C9500-40X) IOS-XE 16.9 NIAP Validation Completed (at Acumen)
Cisco Network Convergence System 5500 Series, (Modular Chassis – NCS5504, NCS 5508, NCS 5516, each with 36X100GMACsec Modular LC or NC55-6X200-DWDMS LC and Fixed Chassis – NCS-55A1-36H-S) IOS XR 6.3 NIAP Validation Completed (at Acumen)
Juniper Junos Product Series (MX240, MX480, MX960, MX2010, MX2020, EX9204, EX9208 and EX9214 with MPC7E-10G/EX9200-40XS) Junos OS 18.3R1-S1 NIAP Validation Ongoing (at Acumen)

MDM

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance
Apple iOS 11 (iPhone and iPad devices using the A7, A8, A8X, A9, A9X, A10 Fusion, A10X Fusion and A11 Bionic processors as validated on the iPhone 5s, iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus, iPhone X, iPhone SE, iPad mini 3, iPad mini 4, iPad Air 2, iPad Pro 12.9, iPad Pro 9.7, iPad and iPad Pro 10.5) iOS v.11.2 NIAP Validation Completed (at ATSEC)
Blackberry Blackberry Enterprise Service v12.5 NIAP Validation Completed (at EWA-Canada)
MobileIron MobileIron Core Platform v10 NIAP Validation Ongoing (at Gossamer)

Session Border Controller

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance
Cisco CUBE on Cloud Services Router 1000V IOS-XE 16.9 NIAP Validation Completed (at Acumen)
Cisco Expressway X12.5 NIAP Validation Completed (at Acumen)

Enterprise Session Controller (aka SIP Server)

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance
Cisco CUCM V11.5 NIAP Validation Completed (at Acumen)

Software Full Drive Encryption

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance
Curtiss-Wright Defense Solutions Compact Network Storage 4-Slot Software Encryption Layer CentOS (Linux) NIAP Validation Completed (at Gossamer)
Curtiss-Wright Defense Solutions DTS1 Software Encryption Layer v1.0 NIAP Validation Completed (at Gossamer)

TLS Protected Servers

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance
Bivio Networks, Inc. Bivio 6110-NC Red Hat Enterprise Linux v7.1 NIAP Validation Completed (at UL Verification Services)
Bivio Networks, Inc. Bivio 6310-NC (B6310-NC, B6310R-NC, PacStar 451) Red Hat Enterprise Linux v7.4 NIAP Validation Completed (at UL Verification Services)

TLS Software Applications

Click for Selections

Note: Components listed here are validated for their ability to establish a TLS connection as specified in the Capability Packages.  Additional functionality not described within the Capability Packages and evaluated by the Protection Profile for Application Software are beyond the scope of CSfC approval.

Vendor Model Version (or later) CNSSP-11 Compliance
Enveil ZeroReveal Compute Fabric V1.1.1 NIAP Validation Completed (at Leidos)
Intelligent Waves Hypori Client for Android v4.1 NIAP Validation Completed (at Leidos)
Intelligent Waves Hypori Client for iOS v4.1 NIAP Validation Completed (at Leidos)
Nubo Software Thin Client v2.0 NIAP Validation Completed (at Acumen)
Perspecta Labs Inc SecureIO Android 6.0.1 and 7.0 NIAP Validation Completed (at Acumen)

Traffic Filtering Firewall

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance
Aruba Virtual Mobility Controller Version 6.5.0 NIAP Validation Completed (at Australia)
Aruba 600 Series Mobility Controllers Aruba OS 6.5-FIPS NIAP Validation Completed (at CSC Australia)
Aruba 3000 Series Mobility Controllers Aruba OS 6.5-FIPS NIAP Validation Completed (at CSC Australia)
Aruba 6000 Series Mobility Controllers Aruba OS 6.5-FIPS NIAP Validation Completed (at CSC Australia)
Aruba 7000 Series Mobility Controllers Aruba OS 6.5-FIPS NIAP Validation Completed (at CSC Australia)
Aruba Aruba Mobility Controller Series (7005, 7008, 7010, 7020, 7030, 7205, 7210, 7220, 7240, 7280 and MC-VA) Aruba OS 8.2 NIAP Validation Ongoing (at Gossamer)
Attila Security SilentEdge Enterprise Server and GoSilent Client Debian 9 Linux NIAP Validation Ongoing (at Acumen)
Cisco ASA 5500 Series (5506-X, 5506H-X, 5506W-X, 5508-X, 5516-X, 5525-X, 5545-X, 5555-X and ASA on FPWR 1000, 2110, 2120, 2130, 2140, 4110, 4120, 4140, 4150, 9300 SM-24, 9300 SM-36, and 9300 SM-44) v9.8 NIAP Validation Completed (at Gossamer)
Cisco ASAv (ASAv5, ASAv10, ASAv30, ASAv50) running ESXi 5.5 or 6.0 and NFVIS 3.5.1 on the UCS B200-M4, B200-M5, C220-M4S, C220-M5, C240-M5, C240-M4SX, C240-M4L, C460-M4, C480-M5, E140S-M2/K9, E160S-M3 and E180D-M2K9 installed on ISR and ASAv running on NFVIS 3.5.1 on the ENCS 5406, 5408 and 5412 v9.8 NIAP Validation Completed (at Gossamer)
Cisco Firepower 4100 9.6 and 9300 9.6 with FX-OS v2.0 ASA v9.6 NIAP Validation Completed (at Gossamer)
Cisco Firepower Threat Defense on ASA and Virtual Firepower Threat Defense (5506-X, 5506H-X, 5506W-X, 5508-X, 5512-X, 5515-X, 5516-X, 5525-X, 5545-X, 5555-X with FirePOWER Services and FTDv) ASA v9.8 and FTD v6.2 NIAP Validation Completed (at Gossamer)
Cisco Firepower Threat Defense v6.2 and FX-OS v2.2 on the 4k and 9k Families (FPWR 4110, FPWR 4120, FPWR 4140, FPWR 4150, FPWR 9300 SM-24, FPWR 9300 SM-36 and FPWR 9300 SM-44) FTD v6.2 NIAP Validation Completed (at Gossamer)
Cisco Firepower Threat Defense v6.2 and FX-OS v2.2 on the 2k Families (FPWR 2110, FPWR 2120, FPWR 2130, FPWR 2140) FTD v6.2 NIAP Validation Completed (at Gossamer)
Cisco NGFW running ASA v9.8 and FX-OS v2.2 on the 4K and 9K families (FP 4110, FP4120, FP 4140, FP 4150, FPWR 9300 SM-24, FPWR 9300 SM-36, FPWR 9300 SM-44) ASA v9.8 NIAP Validation Completed (at Gossamer)
Cisco NGFW running ASA v9.8 and FX-OS v2.2 on the Firepower 2100 Series (2110, 2120, 2130 and 2140) ASA v9.8 NIAP Validation Completed (at Gossamer)
F5 Networks BIG-IP for LTM+AFM Version 12.1.3.4 NIAP Validation Completed (at ATSEC)
Forcepoint Federal Next Generation Firewall LINUX v6.3.1 NIAP Validation Completed (at Gossamer)
Fortinet FortiGate UTM Appliances (VM, 50E, 51E, 52E, 60E, 60E-PoE, 61E, 80E, 81E, 81E-PoE, 90D, 100D, 100E, 101E, 200D, 200E, 201E, 300D, 500D, 600D, 900D, 1000D, 1200D, 1500D, 2000E, 2500E, 3000D, 3100D, 3200D, 3700D, 3810D, 3815D, 5000 and 50001D series) FortiWiFi Appliances (50E, 51E, 60E, 61E) FortiOS 5.4.4 NIAP Validation Completed (at BAE Systems)
Juniper SRX Product Series: SRX300, SRX320, SRX340, SRX345, SRX550M, SRX5400, SRX5600 and SRX5800 JUNOS 17.4R1 NIAP Validation Completed (at BAE Systems)
Juniper SRX Product Series: SRX1500, SRX4100 and SRX4200 JUNOS 17.4R1 NIAP Validation Completed (at BAE Systems)
Juniper SRX 4600 Product Series Junos OS 18.1R1 Common Criteria Validation Ongoing (at BAE Systems)
Juniper vSRX Junos OS 17.4R1 NIAP Validation Completed (at Acumen)
PacStar PacStar 351, 451, 455 and 551 with Cisco ASAv V9.6 NIAP Validation Completed (at Acumen)
Palo Alto Networks Next Generation Firewall (PA-200, PA-220, PA-220R, PA-500, PA-820, PA-850, PA-2050, PA-3020, PA-3050, PA-3060, PA-3220, PA-3250, PA-3260, PA-5020, PA-5050, PA-5060, PA-5220, PA-5250, PA-5260, PA-5280, PA-7050, PA-7080) PAN-OS 8.0.12 and PAN-OS 8.0.6 and PAN-OS 8.1.3 NIAP Validation Completed (at Leidos)
Palo Alto Networks VM-50, VM-100, VM-200, VM-300, VM-500, VM-700 and VM-1000-HV when installed using VMWare ESXi 5.5, KVM, Microsoft Hyper-V and Intel Xeon processor based on Ivy Bridge, Broadwell or Haswell microarchitectures, which implement Intel Secure Key either on Dell PowerEdge R730 and PacStar PS451 servers or equivalent platforms; i.e, Intel Ivy Bridge, Broadwell or Haswell-based processor with Broadcom or Intel Networks Interface Controllers supported by the server. The VM-series virtual appliance must be the only guest running in the virtual environment. PAN-OS 8.0.12 and PAN-OS 8.0.6 and PAN-OS 8.1.3 NIAP Validation Completed (at Leidos)
SonicWall SonicOS Enhanced v6.5.2 with VPN and IPS on TZ, SOHOW, NSA and SM Appliances (TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500. TZ 500W, TZ 600, SOHOW, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, NSA 9250, NSA 9450, NSA 9650, SM 9200, SM 9400, SM 9600 and SM 9800) Version 6.5.2 NIAP Validation Completed (at Acumen)


VoIP Applications

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance
CellCrypt CellCrypt Classified 2.0 (also known as Cellcrypt Federal) Version 2.0 NIAP Validation Ongoing (at Acumen)
Cisco Jabber (for Windows 10) Version 12.5 NIAP Validation Ongoing (at Acumen)
Cisco Jabber (for Android 8 and iOS 12) Version 12.5 NIAP Validation Ongoing (at Acumen)
Secusmart SecuSUITE Secure Call Client Version 3.0 NIAP Validation Completed (at EWA Canada)

Web Browsers

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance
Apple iOS 11 Safari iOS 11 NIAP Validation Completed (at Acumen)

WLAN Access System

Click for Selections

Vendor Model Version (or later) CNSSP-11 Compliance
Aruba Aruba Mobility Controller Series (7005, 7008, 7010, 7020, 7030, 7205, 7210, 7220, 7240, 7280 and MC-VA) Aruba OS 8.2 NIAP Validation Ongoing (at Gossamer)
Cisco Aireos WLAN Controllers: 2504, 5508, WiSM-2, 7510; Access Points: 1142, 1262, 1552E, 1552I, 1532E, 1532I, 3502E, 3502I, 1602E, 1602I, 2602E, 2602I, 3602I, 3602P, 2702E, 2702I, 3702E, 3702I, AIR-RM3000M Security Module AireOS 8.0 NIAP Validation Completed (at CSC Australia)
Cisco IOS WLAN Controllers: 5760, 3850, 3650; Access Points: 1532E, 1532I, 3502E, 3502I, 1602E, 1602I, 2602E, 2602I, 3602E, 3602I, 3602P, 2702E, 2702I, 3702E, 3702I, AIR-RM3000M Security Module IOS-XE 3.6.0E NIAP Validation Completed (at CSC Australia)
Cisco Wireless Local Area Network (WLAN) (Controllers 8540, 5520, 3504 and Aironet Access Points 3802, 2802, 1560, 1702, 2702, 3702, 1572) v8.5 NIAP Validation Completed (at Acumen)

WLAN Client

All validated End User Device / Mobile Platform components include validated WLAN Client implementations

Attention CSfC Customers: Please ensure all submitted registration packages contain solution diagrams. Also, please advise us when you are deciding to implement a CSfC solution. We would like to ensure your solution can be registered as quickly as possible for approval. However, deviations discovered at the end of the process can be time-consuming for you and resource-intensive for NSA. Please email the CSfC team at csfc_register@nsa.gov.