Attention CSfC Customers: Solution Registrations will be processed only after all required forms, to include network diagrams, are submitted and validated.
Questions? Email the CSfC team at firstname.lastname@example.org
To assist their clients, NSA has developed Capability Packages (CPs) that contain information needed to satisfy operational requirements. They are published on the unclassified NSA website as well as on SIPRNet and JWICS. The first step in any client's solution registration is to review these to determine if there is an existing CP that meets their needs.
For information or assistance in determining whether an approved CP satisfies their requirements, a Government client may engage NSA through their designated NSA client advocate. The NSA Client Contact Center can be reached via NSA.gov.
Although not mandatory, CSfC strongly encourages working with a Trusted Integrator while designing, building and testing a CSfC-compliant solution based upon one or more of the published CPs. Users of a CP are responsible for obtaining certification and accreditation of its implementation under their organization's established accreditation and approval processes.
Capability Package Solution Registration Process
- Involve the CSfC PMO early in the process
- Before finalizing their design customers are strongly encouraged to email email@example.com to advise NSA of their plan to register a solution.
- Obtain a Solution Registration Identification Number from the CSfC PMO.
- Prior to submitting the AO-signed versions, coordinate the completed registration package (to include the Registration Form, the CP-specific Compliance Checklists and the network diagrams) with the CSfC PMO. This will allow CSfC engineers to review, advise, assist and potentially make recommendations to smooth the formal registration process.
- Using CSfC guidance, configure and test the system in a controlled manner
- Submit the signed Capability Package to the CSfC PMO, to include:
- Completed Registration Form, signed by the client's Authorizing Official
- Completed Compliance Checklist with brief, specific responses explaining how the solution is compliant with the CP
- Deviation Forms, if applicable, signed by the client's Authorizing Official
- Network diagrams
Upon verifying compliance, NSA will provide a letter acknowledging the registration for a specific time period.
All CSfC solutions operating on National Security Systems (NSS) or protecting NSS information must be registered with NSA.
By signing the registration form, the Authorizing Official is:
- Asserting compliance with the published CP and acknowledging and accepting the risk of fielding a CSfC solution; or
- Acknowledging inclusion of the appropriate CP Deviation Approval signed by NSA and acknowledging and accepting the risk of fielding a CSfC solution.
Please coordinate with the CSfC PMO before emailing any registration packages. Completed Solution Registration packages should be emailed to the CSfC PMO at: firstname.lastname@example.org
If the forms are classified, please contact the CSfC PMO at the above email address for additional delivery instructions.
Mobile Access Solution Registration
Campus WLAN Solution Registration
Multi-Site Connectivity Solution Registration
Data at Rest Solution Registration
Key Management Requirements Annex