encryption,  solutions  must hold  NIAP-CC  certification,  ensuring  they  meet rigorous  security  standards
            established by the National Information Assurance Partnership (NIAP).

            NIAP  plays a central  role in evaluating  cybersecurity  products  for use  with CUI and Classified  (CSfC)
            data. Overseen by the National Security Agency (NSA), NIAP validates FIPS-compliant modules against
            established Protection Profiles. This rigorous evaluation process typically takes 90-180 days.

            For  data  classified  as  National  Security  Systems  (NSS),  cryptographic  requirements  are  dictated  by
            Commercial National Security Algorithms (CNSA).  Crucially, CNSA 2.0 introduces new algorithms, with
            a 2025 deadline for transitioning to these updated standards.



            The Importance of Choosing the Right Encryption


            According to the Defense Contract Management Agency (DCMA), failing to meet the National Institute of
            Standards and Technology (NIST) Special Publication (SP) 800-171 security requirements has been the
            number one finding  across the last three years of audits for Department  of Defense  (DoD) contractors
            [1].  This  highlights  the  critical  role  that  proper  encryption  plays  in  securing  Controlled  Unclassified
            Information (CUI) and Classified data.









































            Image  Data  Source:  Defense  Contract  Management  Agency  (DCMA)  –  Defense  Industrial  Base
            Cybersecurity Assessment Center (DIBCAC) Powerpoint






            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          172
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.