Author
cisco-public-sector
View
349
Download
1
Embed Size (px)
Cisco Live 2014
Next-Generation Encryption (NGE) and the Commercial Solutions for Classified (CSfC) ProgramNeil LoveringCCIE #1772Consulting Systems Engineer [email protected] 3, 2016Navy Tech Day San Diego
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
13/2/16Cisco Live 2014
AgendaNext-Generation Encryption OverviewNGE and the Commercial Solution for Classified ProgramCSfC Use-CaseCisco NGE Innovation Focus AreasSummary2
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
2Cisco Live 20143/2/16
Next-Generation Encryption Overview3
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicGive some examples of the current environmentGiven the last few monthsLets all put our hacker faces onNow lets put our IT Security analyst faces onIts not goodCisco Live 20143/2/163
CryptographyCryptography is embedded in all Cisco productsCryptography is critical to every solution and marketCryptography is vital to Cybersecurity efforts across all markets
On the flip side Cryptography makes network traffic invisible
The Universal Security Feature
4
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicCryptographic Mechanisms5
EncryptionData AuthenticationKey EstablishmentSignaturesHashing
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicSecurity at Different Layers6
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public802.11 WPA2 Wireless Security7
ApplicationPresentationSessionTransportNetworkLinkPhysical802.11i
802.11i
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicEthernet MACSec8ApplicationPresentationSessionTransportNetworkLinkPhysical
MACSec802.1AEMACSec
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
IPSec9ApplicationPresentationSessionTransportNetworkLinkPhysical
IPSec
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicTransport Layer Security (TLS) 10ApplicationPresentationSessionTransportNetworkLinkPhysical
TLS
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicSecure Shell (SSH)11
SSHApplicationPresentationSessionTransportNetworkLinkPhysical
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicSecure RTP12
SRTPApplicationPresentationSessionTransportNetworkLinkPhysical
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicDefense in Depth13ApplicationPresentationSessionTransportNetworkLinkPhysical
IPSec
802.11i
MACSec
TLS
SRTP
SSH
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicWhat is Next-Generation Encryption (NGE)?14
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicNext-Generation Encryption: Why is it Important?Crypto moves in ten-year investment waves/cycles Starting with Governments, Financials, etc.The explosion of mobile devices (BYOD)Low-power endpoint evolution driving need for more efficient, stronger crypto Higher data throughputs driving scalability needsCurrent cryptographic implementations *will not* scale to 10G, 40G and 100GVulnerabilities and threats continue to change, and hackers are becoming more skilled and funded15
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicNext-Generation Encryption: Why is it Needed?Cryptography is a fundamental underpinning of nearly all security products, solutions, and architecturesCisco has increased the R&D and innovation focus on its Security portfolioNGE is the strongest and most efficient commercial cryptographyLeverages standards-based solutionsElliptic Curve, AES-GCM (Galois Counter Mode), etcNetworking technologies continue to evolve:Ethernet (10/100Mb,1Gb,10Gb, 40Gb, 100Gb, ) Wi-Fi (11, 54, 150, 300, 450, etc )Cryptography (3DES, AES-CBC, AES-GCM)16
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicNext-Generation Encryption Protocol Suite
Key EstablishmentECDH-P256/384/521
Digital Signatures
ECDSA-P256/384/521
HashingSHA-256/384/512
Authenticated EncryptionAES-128/256-GCM
AuthenticationHMAC-SHA-256/384/512
EntropySP800-90
17
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
What is Suite B?NSA encryption guidance titled Suite Bhttp://www.nsa.gov/ia/_files/SuiteB_Implementer_G-113808.pdfSuite B is not a protocol It is a profile for consistent security when using multiple cryptographically strong protocolsIt enables government customers to conform to Suite B requirementsSuite B offers the best technologies for future-proof cryptography, setting the trend for the industryCNSSP-15 Policy Compliant (Committee on National Security Systems Policy)(6) The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET levelTOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use.18
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicStandards and ProtocolsThe following documents provide guidance for using Suite B cryptography with Internet protocols:19Source: http://www.nsa.gov/ia/programs/suiteb_cryptography/
RFC 6239: "Suite B Cryptographic Suites for Secure Shell (SSH)RFC 6318: "Suite B in Secure/Multipurpose Internet Mail Extensions (S/MIME)RFC 6380: "Suite B Profile for Internet Protocol Security (IPSec)RFC 6460: "Suite B Profile for Transport Layer Security (TLS)RFC 7030: Enrollment over Secure Transport
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicCisco NGE and Suite BNGE is a super set of Suite B Cisco has additional Cipher SuitesUpgrades all crypto mechanisms New/Upgraded algorithms, key sizes, protocols and entropyCompatible with existing security architectures, e.g., DMVPN, GETVPN, P2P SAsStandards-based components, available today in next-generation solutionsTargets Suite B (US), FIPS-140 (US/Canada), NATO20
NGE(Cisco)Suite B(NSA)
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicNext-Generation Encryption vs. Suite B
EncryptionData AuthenticationKey EstablishmentDigital SignaturesHashing
AES-128-GCM
ECDH-P256
SHA-256ECDSA-P256
AES-256-GCMECDH-P384SHA-384ECDSA-P384ECDH-P521SHA-512ECDSA-P521AES-192-GCM
Suite BmLoS 12821
Suite BmLoS 192
mLoS = Minumum Level of Security
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicNGE, Suite B and the Commercial Solution for Classified Program22
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicGive some examples of the current environmentGiven the last few monthsLets all put our hacker faces onNow lets put our IT Security analyst faces onIts not goodCisco Live 20143/2/1622
CNSSP-15CNSSP-15 (Committee on National Security Systems Policy 15), National Information Assurance Policy (NIAP) on the Use of Public Standards for Secure Sharing of Information Among National Security SystemsCNSSP-15 states:IA and IA-enabled IT products with integrated cryptography acquired to protect NSS and information therein shall adhere to the following:After 1 October 2015, the appropriate Suite B cryptographic algorithms or a commensurate suite of NSA-approved cryptographic algorithms shall be included;Prior to 1 October 2015, the appropriate Suite B cryptographic algorithms and/or the appropriate legacy cryptographic algorithms, or a commensurate suite of NSA-approved cryptographic algorithms shall be included;Be compliant with NSA-approved public key and key management infrastructures as appropriate; andSuccessfully complete security protocol interoperability testing by an NSA-approved security protocol interoperability testing service.23
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicNGE Target Use-Cases24NGE for UnclassifiedUse: For protection of unclassified dataStrengthens existing data protection needsOpportunity to leverage NGE for advanced protectionTraditional deployment modelsUpgrade cipher suites for added securityCNSSP-15 compliance
Why not?
Because they said soNGE for ClassifiedUse: For protection of classified dataNSA-led CSfC programWell-defined Deployment ArchitecturesMore stringent deployment policies than Civilian/non-DoD customersLeverages a Layered Architectural Approach
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicNGE Enabled Encryption Architectures:Available Today25Remote Access VPNsASA Firewall
CSM / ASDM
GM4GM5GM6GM7GM8GM9GM1GM2GM3KS
GETVPN*&^*RTW#(*J^*&*sd#J$%UJ&(
802.1XSupplicantwithMACSec
Guest User
MACSec Capable Devices&^*RTW#(*J^*&*sd#J$%UJWD&(
Data sent in clear
MACSec LinkEncryptDecryptAuthenticated UserMACSec
Spoke-3
..
.
Site-to-Site, DMVPN and FlexVPN
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicCommercial Solutions for Classified ProgramNSA/CSS's Commercial Solutions for Classified (CSfC) Program has been established to enable commercial products to be used in layered solutions protecting classified NSS dataThis will provide the ability to securely communicate based on commercial standards in a solution that can be fielded in months, not yearsCSfC program requirements are customer-driven CSfC vendors do not request features or drive requirements26
http://www.nsa.gov/ia/programs/csfc_program/index.shtml
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicWhy is CSfC Interesting to Customers?Leverages well-known COTS encryption solutions and operation modelsOperational SimplicityOperational expense complexity of COTS is not new and risk has diminishedWell understood capabilities, troubleshooting, etc.Quicker time-to-market of innovationCan leverage COTS technology, speeds/feeds, innovation and scale testing by vendorsWill not lag industry best practices and SW feature innovations Reduced CostCOTS TCO will be lower given open market chip sets, silicon and vendor familiarityAvailabilityEAR export restrictions mean fewer availability, handling issuesRapid Deployment: Allows field to deploy solutions more rapidly27
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicCSfC Layered Architectures for ClassifiedArchitectural, defense-in-depth (e.g. layers), approach to securitySECRET require 2 Layers of countable Crypto mLoS 128TOP SECRET requires 2 layers of countable Crypto mLoS 192
Example: 1+1 = 2 countable layers sufficient for protecting SECRET information
28
Suite B VPN / Countable Layer #1
Suite B Application Layer Security / Countable Layer #2
Approved Encryption Technologies can vary at each LayerOuter TunnelInner Tunnel
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicCSfC Components29VPNMobilityCampus WLANMust be validated against an approved PPNDPP v1.1 minimumVPNGW EPSIP ServerApplication (VPN, VoIP, etc.)WLANFIPS 140-2Capability PackagesNIAP EvaluationsFIPSMemorandum of Agreement (MoA) is entered between the CSfC Program office and the VendorThe MoA states that the vendors product must be NIAP certified, FIPS certified, and that the vendor agrees to fix vulnerabilities in a timely fashionThe MoA may also reference technology-specific selections for NIAP testing
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicWhat is a Capabilities Package (CP)?Contain product-neutral information that will allow customers/integrators to successfully implement their own solutionsCustomers/integrators make product selections while following the guidelines/restrictions to create an architecture with specific commercial products configured in a particular mannerProvide sufficient guidance for accreditors to make informed decisions on whether solutions meet their mission and security requirements30Source: CSfC Website (http://www.nsa.gov/ia/programs/csfc_program/)
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicNGE vs Suite B vs CSfC (1)NGE is a super-set of Suite BIncludes older, transitional ciphers as well as Suite B compliant and stronger ciphersSuite B is a consistent and specific implementation of cryptographic ciphers CSfC is a layered architecture of Suite B compliant COTS equipment31
NGE(Cisco)Suite B(NSA)
CSfC(NSA)
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicNGE vs Suite B vs CSfC (2)Therefore Suite B = NGE but NGE > Suite BCSfC = two compliant layers of Suite BCustomers can deploy Suite B and be compliant with CNSSP-15 and not require a CSfC ArchitectureCustomers that are tasked with protecting CLASSIFIED material must adhere to the CSfC requirements32
NGE(Cisco)Suite B(NSA)
CSfC(NSA)
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicManufacturer Diversity RequirementCSfC layered solutions, with a single vendor is now permitted under certain conditionsThe manufacturer must document the similarities and differences between the two products, including: cryptographic HW components, SW code base (i.e. operating system), software cryptographic libraries, and development teamsNSA will review the information of solutions and determine if they meet the requirements for independent layersCiscos variation of OSs, across certain platforms are targeting this single-vendor solution that is compliant with the CSfC guidelines33The manufacturer diversity requirement for CSfC layered solutions has been modified to permit, subject to certain conditions, single-manufacturer implementations of both layers.
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicCisco as the Single Vendor Multi-Platform for CSfCAllows Cisco ASA to be used as an Inner or Outer VPN Gateway when paired with an approved IOS/IOS-XE VPN router34
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicCSfC Use-Cases35
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicGive some examples of the current environmentGiven the last few monthsLets all put our hacker faces onNow lets put our IT Security analyst faces onIts not goodCisco Live 20143/2/1635
Some Quick TerminologyCSfC Commercial Solutions for Classified an NSA-sponsored programRed NetworkRed Data consists of unencrypted classified data including Voice and Video36
Gray NetworkGray Data consists of classified data (including Voice/Video) that has been encrypted once (TLS/SRTP/IPSec)Black NetworkBlack Data consists of classified data (including Voice/Video) that has been encrypted twice (typically but not limited to IPSec)
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicCSfC VPN Compatibility Package37
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicGive some examples of the current environmentGiven the last few monthsLets all put our hacker faces onNow lets put our IT Security analyst faces onIts not goodCisco Live 20143/2/1637
CSfC Site-to-Site VPN38 Solution BoundaryOuter IPSec Tunnel 2nd encryptionInner IPSec Tunnel 1st encryptionCustomer Traffic - unencryptedSource: CSfC Website (http://www.nsa.gov/ia/programs/csfc_program/ )* SECRET requires mLoS 128** TOP SECRET requires mLoS 192
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
CSfC Multiple Security Levels39Source: CSfC Website (http://www.nsa.gov/ia/programs/csfc_program/ )* SECRET requires mLoS 128** TOP SECRET requires mLoS 192 Solution BoundaryOuter IPSec Tunnel 2nd encryptionInner IPSec Tunnel 1st encryptionCustomer Traffic - unencrypted
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
CSfC Client-to-Site (Remote Access)40Source: CSfC Website (http://www.nsa.gov/ia/programs/csfc_program/ )* SECRET requires mLoS 128** TOP SECRET requires mLoS 192 Solution BoundaryOuter IPSec Tunnel 2nd encryptionInner IPSec Tunnel 1st encryptionCustomer Traffic - unencrypted
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicCisco NGE Innovation Focus AreasOptical EncryptionMACSec41
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicGive some examples of the current environmentGiven the last few monthsLets all put our hacker faces onNow lets put our IT Security analyst faces onIts not goodCisco Live 20143/2/1641
Foundations of High Speed Crypto42
IPSec Encryption
Layer 3
Layer 2
Layer 1Cisco Product Lines: ISRs, ASR1K, ASR9K 802.11AE (aka MACSec) Ethernet EncryptionCisco Product Lines: Cat 2k,3K,4K,6K; Nexus 7K; ISRNG, ASR1K, ASR9KOTN EncryptionCisco Product Lines: ONS 15454OSI Layers
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicDWDM Encryption Architecture43
256 bitAES
Key exchange over OTU2 GCCOTU2 Payload Encrypted with 256-bit AES
DWDM Wavelength(s)EthernetFibre ChannelOTNEthernetFibre ChannelOTN
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicWhy MACSec in the WAN?Ethernet services have moved beyond the campusEthernet is growing rapidly as a WAN/Metro wire-line transport serviceWAN/Metro SP offerings are replacing existing T1, ATM/FR, and SONET OC-x with EthernetEthernet services apply to:WAN links for core, edge, remote branch back-haulPE-CE backhaulMetro-E service hand-offs (E-LINE, E-LAN, E-TREE)Current IPSec encryption rates cannot run line-rate, for all packet sizes beyond 40GbpsCiscos goal is to integrate MACsec as part of new Ethernet interface/LC development moving forward44
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicConfidentiality and Integrity: 802.1AE based EncryptionMACSec provides Layer-2 hop-by-hop encryption and integrity, based on IEEE 802.1AE standard128bit AES-GCM (Galois/Counter Mode) NIST ApprovedLine-rate Encryption/Decryption for 1/10/40/100GbE interfacesReplay protection of each and every frame802.1AE encryption to protect CMD field (SGT value)45
802.1AE
Customer BenefitsProtects against man-in-the-middle attacks (snooping, tampering, replay)Standards-based frame format and algorithm (AES-GCM) 802.1X-2010/MKA addition supports per-device security associations in shared media environments (e.g. PC vs. IP Phone) to provide secured communicationNetwork service amenable hop-by-hop approach compared to end-to-end approach (e.g. Microsoft Domain Isolation/virtualization)
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public802.1AE (MACSec) TaggingFrames are encrypted and protected with an integrity check value (ICV)MACSec Ethertype is 0x88e5No impact to IP MTU/FragmentationL2 Frame MTU Impact*: ~ 40 bytes = less than baby giant frame (~1600 bytes with 1552 bytes MTU)46
D-MACS-MAC
802.1AE Header
802.1Q
CMD
E-Type
Payload
ICV
CRC
MACSec EtherType
TCI/AN
SL
Packet Number
SCI (optional)TrustSec Frame Format
Encrypted
0x88e5
Authenticated
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicNGE and Cisco VPNs47
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicGive some examples of the current environmentGiven the last few monthsLets all put our hacker faces onNow lets put our IT Security analyst faces onIts not goodCisco Live 20143/2/1647
VPN ReviewThe players in large, multi-site VPN deployments:Site-to-site (S2)Dynamic Multipoint VPN (DMVPN)Group Encrypted Transport VPN (GETVPN)FlexVPN48
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicDMVPN Deployment Scenario49
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
DMVPN Benefits (1)Cisco IOS DMVPN provides the following benefits:Dynamic Routing over VPN: EIGRP, OSPF, and BGPReduced Configuration Overhead No crypto maps tied to the physical interfaceFor a 1000-site deployment, DMVPN reduces the hub from 3900 lines to 13 linesAdding new spokes to the VPN requires no changes at the hubCentralized configuration change at the hub controls the split tunneling behaviorZero-Touch Deployment: Easy Secure Device Deployment Devices can be bootstrapped remotely, no extensive staging operationsDynamic Spoke-to-Spoke Tunnels Reduces latency Improves scalability50
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
DMVPN Benefits (2)Cisco IOS DMVPN provides the following benefits:Dynamic Addressing for Spoke Routers: think cable/DSL connectionsNetwork Address Translation (NAT) Traversal DMVPN routers can be behind NATIP Multicast Support: between hub and spokesQoS Support: hub to spoke (or spoke group)High Availability: two or more hubsScalability: additional hubs and/or hierarchical hubsVRF Awareness: allows separation of customer trafficMultiprotocol Label Switching (MPLS) Support (2547oDMVPN) MPLS networks can be encrypted over DMVPN tunnels
51
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicGETVPN Deployment Scenario52
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
GETVPN BenefitsCisco IOS GETVPN provides the following benefits:Native any-to-any mesh topologyFor Multiprotocol Label Switching (MPLS) networks, maintains network intelligence (such as full-mesh connectivity, natural routing path, and QoS)Grants easy membership control with centralized key serversDirect site-to-site communications: low latencyIP Address Preservation: original outer IP headerEnables features like QoS and Multicast in the core53
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
FlexVPN Deployment Scenario54
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
FlexVPN Benefits (1)Cisco IOS FlexVPN is a unified VPN solution and provides the following benefits:Transport network: Public internet or a private MPLS networkDeployment style: S2S and remote access VPNsFailover redundancy:Dynamic routing protocols (OSPF, EIGRP and BGP)IKEv2-based dynamic route distribution and server clusteringIPSec/IKEv2 active/standby stateful failover between two chassis (available in the future)Third-party compatibility: Compatible with any IKEv2-based third-party VPN vendors55
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
FlexVPN Benefits (2)Cisco IOS FlexVPN is a unified VPN solution and provides the following benefits:IP Multicast support: At the hub or in the transport network (future)Centralized policy control: Use of AAA/RADIUS server on a per-peer basisVRF awareness: integration with MPLS VPN networksWorks with all previous IPsec VPNsCan use GRE over IPsec or VTI as encapsulationIPv4 and IPv6 capable56
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
FlexVPN Benefits (3)Cisco IOS FlexVPN is a unified VPN solution and provides the following benefits:Multiple simultaneous functionalities Uses virtual interfaces allows per-spoke features like firewall, QoS, ACLs, etc.Remote access server and client (software and hardware) similar to EZVPNDynamic spoke to spoke tunnels similar to DMVPNEase of configuration by using defaultsBased on IKEv2: Improves many aspects of negotiation and protocol stability57
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
IKEv2 BenefitsUses less bandwidth than IKEv1Supports EAP authentication (not standard in IKEv1)Supports Mobile IKE (MOBIKE)Changing IP addressesBuilt-in NAT traversal Can detect whether a tunnel is still aliveAnti-DOS58
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicVPN Technology Comparison59FeaturesDMVPNGETVPNFlexVPN3rd Party CompatibilityxAAA attributes supportxDynamically addressed spokexxxDynamic RoutingxxxDynamic Spoke to Spoke tunnelxxxIKEv2xxPublic TransportxxIPv6xxxIP MulticastxxxNATxxNon-IPQoSxxxVRFxxx
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicFlexVPN Cisco Platforms800-Series Routers1900-Series ISRs (G2)2900-Series ISRs (G2)3900-Series ISRs (G2)4400-Series ISRs1000-Series ASRs60
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicWrap-Up61
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicGive some examples of the current environmentGiven the last few monthsLets all put our hacker faces onNow lets put our IT Security analyst faces onIts not goodCisco Live 20143/2/1661
NGE and CSfC SummaryCisco has many products that can satisfy all current CSfC CPsNGE/Suite B impacts all Federal customers (CNSSP-15)Cisco is actively engaging with the Program office to add more productsCSfC requirements are Customer led, not Vendor ledCustomers should contact [email protected] for specific Mission requirements that fall outside the Capability Packages
6262
2016 Cisco and/or its affiliates. All rights reserved.Cisco PublicNeil LoveringCCIE #[email protected]
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
63Cisco Live 20143/2/16
2016 Cisco and/or its affiliates. All rights reserved.Cisco Public
643/2/16Cisco Live 2014
Chart11128611286112861128611286
Series 1Series 2
Sheet1Series 1Series 219901128670200011286782010112868620201128693203011286101To resize chart data range, drag lower right corner of range.