Super-secret NSA transitioning to commercial services model

The National Security Agency, the enigmatic signals intelligence arm of the Defense Department, is breaking away from its traditional role of building "black boxes" for encrypting highly classified information in favor of offering security and certification services similar to those in commercial industry.

Mike Jacobs, deputy director of information systems at NSA, said that while the agency "will always have a traditional portion of our business building 'black boxes' . . . we are an organization in transition."

The agency increasingly is offering security assessment, testing, red teams and diagnostics services to other Defense and civilian agencies, Jacobs said Wednesday at the National Information Systems Security Conference. "This is the growth area [and a] burgeoning new business," he said.

Rather than doing all the testing and validation of its own products for itself, NSA will be relying on the National Information Assurance Partnership (NIAP), a joint validation effort between NSA and the National Institute of Standards and Technology.

In the past, NSA endorsed security products and procedures, and encouraged their use by assuring members of the Defense and intelligence community that such products would be "bulletproof" solutions, said Lou Giles, a member of the NIAP from NSA.

Now, instead of products receiving NSA's endorsement, agencies will have to bring their protection profiles—the description of their information environment and security needs—to NSA, which will then certify that process as one that meets certain NSA-approved security standards. NSA also will evaluate and certify proposals from vendors.

"The customer still wants that NSA endorsement, Giles said. "But this is a new philosophical paradigm of evaluation for commercial products that we're moving to."


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected