The U.S.
National Security Agency
The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the director of national intelligence (DNI). The NSA is responsible for global monitoring, collection, and proces ...
(NSA) used to rank
cryptographic
Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adversarial behavior. More gen ...
products or
algorithms
In mathematics and computer science, an algorithm () is a finite sequence of mathematically rigorous instructions, typically used to solve a class of specific problems or to perform a computation. Algorithms are used as specifications for per ...
by a certification called product types. Product types were defined in the
National Information Assurance Glossary Committee on National Security Systems Instruction No. 4009, National Information Assurance Glossary, published by the United States federal government, is an unclassified glossary of Information security terms intended to provide a common vocabular ...
(CNSSI No. 4009, 2010) which used to define Type 1, 2, 3, and 4 products. The definitions of numeric type products have been removed from the government lexicon and are no longer used in government procurement efforts.
Type 1 product
A Type 1 product was a device or system certified by NSA for use in
cryptographically
Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adversarial behavior. More gener ...
securing
classified
Classified may refer to:
General
*Classified information, material that a government body deems to be sensitive
*Classified advertising or "classifieds"
Music
*Classified (rapper) (born 1977), Canadian rapper
* The Classified, a 1980s American ro ...
U.S. Government
information
Information is an Abstraction, abstract concept that refers to something which has the power Communication, to inform. At the most fundamental level, it pertains to the Interpretation (philosophy), interpretation (perhaps Interpretation (log ...
. A Type 1 product was defined as:
Cryptographic equipment, assembly or component classified or certified by NSA for encrypting and decrypting classified and sensitive national security information when appropriately keyed. Developed using established NSA business processes and containing NSA approved algorithms. Used to protect systems requiring the most stringent protection mechanisms.
They were available to
U.S. Government
The Federal Government of the United States of America (U.S. federal government or U.S. government) is the national government of the United States.
The U.S. federal government is composed of three distinct branches: legislative, executi ...
users, their
contractors
A contractor (North American English) or builder (British English), is responsible for the day-to-day oversight of a construction site, management of vendors and trades, and the communication of information to all involved parties throughout the c ...
, and federally sponsored non-U.S. Government activities subject to export restrictions in accordance with
International Traffic in Arms Regulations
International Traffic in Arms Regulations (ITAR) is a set of U.S. Department of State regulations that control the export of defense and military technologies to safeguard national security and further its foreign policy objectives.
Overvi ...
.
Type 1 certification was a rigorous process that included testing and formal analysis of (among other things) cryptographic security, functional security,
tamper resistance
Tamperproofing is a methodology used to hinder, deter or detect unauthorised access to a device or circumvention of a security system. Since any device or system can be foiled by a person with sufficient knowledge, equipment, and time, the term " ...
, emissions security (
EMSEC/
TEMPEST), and security of the product manufacturing and distribution process.
Type 2 product
A Type 2 product was unclassified cryptographic equipment, assemblies, or components, endorsed by the NSA, for use in
telecommunications
Telecommunication, often used in its plural form or abbreviated as telecom, is the transmission of information over a distance using electronic means, typically through cables, radio waves, or other communication technologies. These means of ...
and automated
information system
An information system (IS) is a formal, sociotechnical, organizational system designed to collect, process, Information Processing and Management, store, and information distribution, distribute information. From a sociotechnical perspective, info ...
s for the protection of
national security
National security, or national defence (national defense in American English), is the security and Defence (military), defence of a sovereign state, including its Citizenship, citizens, economy, and institutions, which is regarded as a duty of ...
information, as defined as:
Cryptographic equipment, assembly, or component certified by NSA for encrypting or decrypting sensitive national security information when appropriately keyed. Developed using established NSA business processes and containing NSA approved algorithms. Used to protect systems requiring protection mechanisms exceeding best commercial practices including systems used for the protection of unclassified national security information.
Type 3 product
A Type 3 product was a device for use with
Sensitive, But Unclassified (SBU) information on non-national security systems, defined as:
Unclassified cryptographic equipment, assembly, or component used, when appropriately keyed, for encrypting or decrypting unclassified sensitive U.S. Government or commercial information, and to protect systems requiring protection mechanisms consistent with standard commercial practices. Developed using established commercial standards and containing NIST approved cryptographic algorithms/modules or successfully evaluated by the National Information Assurance Partnership (NIAP).
Approved encryption algorithms included three-key
Triple DES
In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The 56-bit key of the Dat ...
, and
AES (although AES can also be used in NSA-certified
Type 1 products). Approvals for
DES, two-key Triple DES and
Skipjack have been withdrawn as of 2015.
[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, NIST.SP.800-131A Rev1, November 6, 2015, Elaine Barker, Allen Roginsky]
Type 4 product
A Type 4 product was an
encryption
In Cryptography law, cryptography, encryption (more specifically, Code, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the inf ...
algorithm that was registered with
NIST
The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical s ...
but is not a
Federal Information Processing Standard The Federal Information Processing Standards (FIPS) of the United States are a set of publicly announced standards that the National Institute of Standards and Technology (NIST) has developed for use in computer systems of non-military United Stat ...
(FIPS), defined as:
Unevaluated commercial cryptographic equipment, assemblies, or components that neither NSA nor NIST certify for any Government usage. These products are typically delivered as part of commercial offerings and are commensurate with the vendor’s commercial practices. These products may contain either vendor proprietary algorithms, algorithms registered by NIST, or algorithms registered by NIST and published in a FIPS.
See also
*
NSA encryption systems
The National Security Agency took over responsibility for all US government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still Classified information in the United States, classified, but m ...
, for a historically oriented list of NSA encryption products (most of them Type 1).
*
NSA cryptography
The vast majority of the National Security Agency's work on encryption is classified, but from time to time NSA participates in standards processes or otherwise publishes information about its cryptographic algorithms. The NSA has categorized en ...
for algorithms that NSA has participated in the development of.
*
NSA Suite B Cryptography
NSA Suite B Cryptography was a set of cryptographic algorithms promulgated by the National Security Agency as part of its Cryptographic Modernization Program. It was to serve as an interoperable cryptographic base for both unclassified informat ...
*
NSA Suite A Cryptography
NSA Suite A Cryptography is NSA cryptography which "contains classified algorithms that will not be released." "Suite A will be used for the protection of some categories of especially sensitive information (a small percentage of the overall nati ...
References
{{reflist
''Parts of this article have been derived from Federal Standard 1037C
Federal Standard 1037C, titled Telecommunications: Glossary of Telecommunication Terms, is a United States Federal Standard issued by the General Services Administration pursuant to the Federal Property and Administrative Services Act of 1949, ...
, the National Information Systems Security Glossary Committee on National Security Systems Instruction No. 4009, National Information Assurance Glossary, published by the United States federal government, is an unclassified glossary of Information security terms intended to provide a common vocabula ...
, and 40 USC 1452.''
Cryptographic algorithms
National Security Agency encryption devices