Super-secret NSA transitioning to commercial services model

The National Security Agency, the enigmatic signals intelligence arm of the Defense Department, is breaking away from its traditional role of building "black boxes" for encrypting highly classified information in favor of offering security and certification services similar to those in commercial industry.

Mike Jacobs, deputy director of information systems at NSA, said that while the agency "will always have a traditional portion of our business building 'black boxes' . . . we are an organization in transition."

The agency increasingly is offering security assessment, testing, red teams and diagnostics services to other Defense and civilian agencies, Jacobs said Wednesday at the National Information Systems Security Conference. "This is the growth area [and a] burgeoning new business," he said.

Rather than doing all the testing and validation of its own products for itself, NSA will be relying on the National Information Assurance Partnership (NIAP), a joint validation effort between NSA and the National Institute of Standards and Technology.

In the past, NSA endorsed security products and procedures, and encouraged their use by assuring members of the Defense and intelligence community that such products would be "bulletproof" solutions, said Lou Giles, a member of the NIAP from NSA.

Now, instead of products receiving NSA's endorsement, agencies will have to bring their protection profiles—the description of their information environment and security needs—to NSA, which will then certify that process as one that meets certain NSA-approved security standards. NSA also will evaluate and certify proposals from vendors.

"The customer still wants that NSA endorsement, Giles said. "But this is a new philosophical paradigm of evaluation for commercial products that we're moving to."


  • FCW Perspectives
    zero trust network

    Can government get to zero trust?

    Today's hybrid infrastructures and highly mobile workforces need the protection zero trust security can provide. Too bad there are obstacles at almost every turn.

  • Cybersecurity
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    NDAA process is now loaded with Solarium cyber amendments

    Much of the Cyberspace Solarium Commission's agenda is being pushed into this year's defense authorization process, including its crown jewel idea of a national cyber director.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.