Skip to content Skip to navigation Skip to footer


National Security Agency (NSA) Commercial Solutions for Classified (CSfC)

Overview, Goals, and Scope


The NSA CSfC is an acquisition decision support tool for Department of Defense (DoD) and Intelligence organizations interested in integrating commercial technologies and products in approved capability packages for classified mission-critical networks and applications.


The purpose of NSA CSfC compliance is to qualify eligible Fortinet products for sale to DoD and U.S. Intelligence organizations in classified environments. Vendors that need their products eligible as CSfC components of a composed and layered information assurance solution must build their products in accordance with the applicable U.S. Government approved Protection Profile(s) and submit their product using the Common Criteria Process.


  • FortiGate (Pending Application Approval)

Key Principles

Validated Security

  • Security effectiveness
  • Sensitive application and function validation

Reduced Risk

  • NSA approved vendor
  • Assured responsible vulnerability remediation

Lowered Cost

  • Total cost of ownership decreases over long term compared to NSA Type 1 solutions
  • Cost savings through market-place competition without compromising risk


Access the NSA Component List:

Click here to access the NSA CSfC archived component list.