Glossary

The National Security Agency (NSA) plays a key role in establishing compliance standards for National Security Systems (NSS), systems that handle classified information or are critical to military and intelligence activities.  Includes authority to prescribe appropriate protections and set security standards for these systems. 

The Commercial Solutions for Classified (CSfC) program is a National Security Agency (NSA) strategy that allows U.S. government departments and agencies to use commercial off-the-shelf (COTS) products in secure, layered solutions to protect classified National Security Systems (NSS) data, including up to Top Secret information. 

The program provides a faster, more flexible, and cost-effective alternative to traditional, government-exclusive "Type 1" encryption solutions. Used for protecting classified National Security Systems (NSS) data, up to Top Secret.

National Information Assurance Partnership (NIAP), which evaluates commercial off-the-shelf (COTS) IT products against established security requirements (Protection Profiles) for use in NSS environments.

The CSfC Component List is a publicly available catalog, maintained by the National Security Agency (NSA), of commercial off-the-shelf (COTS) products that are eligible for use in layered solutions to protect classified U.S. government information.

Commercial Off-The-Shelf (COTS) refers to readily available, pre-packaged hardware or software products that are mass-produced and sold to the general public.

A CSfC Capability Package (CP) is an NSA-developed and published solution-level specification that provides a complete, vendor-agnostic architectural and configuration guide for implementing a secure system to protect classified information using layered commercial off-the-shelf (COTS) products.

Manufacturer diversity is a security principle that requires two independent layers of a commercial cybersecurity solution to use either different vendors for encryption or for a single vendor to use fundamentally different software code and cryptographic implementations.  The intent of this requirement is to implement "defense-in-depth".

Federal Information Processing Standard (FIPS) 140-3 is a mandatory U.S. and Canadian government computer security standard that specifies the security requirements for cryptographic modules used within a security system to protect sensitive but unclassified (SBU) information.

Data at rest refers to digital information that is in a powered-down or unauthenticated state on any physical or digital storage medium. This contrasts with data that is actively moving across a network (data in transit) or being used/processed in volatile memory (data in use).

Hardware Full Disk Encryption (FDE) is a data security method in which the entire hard drive's contents, including the operating system, applications, and all user files, are automatically encrypted at the hardware level using a dedicated cryptographic processor built directly into the drive or the host system. These are often referred to as Self-Encrypting Drives (SEDs).

Software encryption is the process of scrambling digital data using mathematical algorithms that are executed by a computer's central processing unit (CPU) and implemented through an application, operating system, or utility program.

AES 256-bit encryption (Advanced Encryption Standard) is a highly secure, globally adopted symmetric encryption algorithm that uses a 256-bit key to protect sensitive digital data.

Pre-boot authentication (PBA) is a security method that requires a user to provide approved credentials (such as a password, PIN, smart card, or biometric scan) before the computer's operating system is allowed to load.

A self-encrypting drive (SED) is a type of hard disk drive (HDD) or solid-state drive (SSD) that has built-in, dedicated hardware encryption capabilities integrated directly into its controller board.

Multifactor authentication (MFA) is a security process that requires a user to provide two or more different pieces of evidence (called factors) to verify their identity before granting access to an account, system, or service.  The core principle of MFA is to create a layered defense such that compromising one factor is not enough to compromise the entire system.

BitLocker Drive Encryption is a full-volume encryption security feature included in certain editions of the Microsoft Windows operating system (Pro, Enterprise, and Education) that protects data from unauthorized access if a device is lost, stolen, or improperly decommissioned.

Data sanitization is the process of deliberately, permanently, and irreversibly removing or destroying data from a storage device to ensure that it cannot be recovered or reconstructed, even with advanced forensic tools.

Quantum computing is an advanced type of computation that uses the principles of quantum mechanics—such as superposition and entanglement—to perform calculations. 

Unlike classical computers that use bits (which can be either a 0 or a 1), quantum computers use quantum bits, or qubits.

Firmware is a specific class of persistent software that provides the low-level control and instructions for a device's specific hardware. It acts as a bridge between the hardware and the operating system or application software.

A PC, or Personal Computer, is a general-purpose, microcomputer intended to be operated directly by an end user for individual use.

A server is a specialized computer program or device on a network that manages network resources and provides data, services, or programs to other computers (called "clients"). 

Servers are designed to "serve" information and share resources with multiple users or client devices simultaneously. They are typically more powerful than regular personal computers, featuring faster processors, greater memory capacity, and larger storage arrays to handle the demands of a high volume of requests.

RAID, which stands for Redundant Array of Independent Disks (originally "Inexpensive Disks"), is a data storage virtualization technology that combines multiple physical hard disk drives (HDDs) or solid-state drives (SSDs) into a single logical unit.  RAID's primary purposes are to improve performance, provide data redundancy (fault tolerance), or both. This is achieved by distributing data across the physical drives in one of several configurations.

Unmanned vehicles are a broad category of vehicles that operate without a human physically present on board to control them. They are controlled either remotely by a human operator from a different location or autonomously by an onboard computer system using artificial intelligence and sensors.

An Industrial Control System (ICS) is a general term for various types of control systems and associated instrumentation used for managing and automating industrial processes across critical infrastructure, manufacturing, energy production, and transportation sectors.