Oceus is an NSA Commercial Solutions for Classified (CSfC) trusted integrator, providing CSfC support for over six years. Established by the National Security Agency and Central Security Service (NSA/CSS), CSfC enables commercial products to be used in layered solutions protecting classified National Security Systems (NSS) data. Oceus has had a long-standing relationship as a trusted integrator. One of the first firms to achieve the status, we have long used CSfC to solve data security issues.
The NSA developed, approved and published solution-level specifications called Capability Packages (CPs) and works with Technical Communities from across industry, governments and academia to develop and publish product-level requirements in U.S. Government Protection Profiles (PPs). Oceus was commissioned by the Joint Staff J6 to develop an NSA approvable/registerable solution that would leverage the capabilities and benefits of two CPs, the Mobile Access Capability Package (MA CP) and the Campus Wireless Lan Capability Package (CWLAN CP).
These packages were merged into one small form factor kit using PacStar server and switching hardware, along with 4G/5G LTE hardware from industry-leading Ericsson and Hewlett Packard Enterprise Aruba Access Points serving as the black transport. This package, known as Smart Gateway, was granted approval by the NSA on 29 May 2019.
The Smart Gateway solution permits Unclassified and Classified End User Devices (EUDs) to connect to the Black WLAN Access Network. Per the CWLAN CP, role-based authentication utilizing different IP pools, tailored policies on the Palo Alto Traffic Filtering Firewall and parallel Inner encryption components permit Unclassified and Classified EUDs to access their respective Inner security domains.
CSfC-approved clients from Aruba and Cisco are utilized to create the Outer and Inner VPN connections. EUD VPN client tunnel management is performed by the Oceus-developed VPN Manager application. VPN Manager monitors and automatically reconnects the single VPN client connection over the WPA2 encrypted WIFI link and the dual nested Inner and Outer VPN client connections over LTE transport.
VPN Manager is part of a larger Oceus software suite, Secure Mobile Platform (SMP), which also includes EUD certificate management and automatic network switching that senses the connected transport network and connects the correct profile for that network.
To learn more about our CSfC compliant solutions, contact us now.
Additional information about the CSfC program is available at https://www.nsa.gov/CSfC
