National Security Memo on Improving Cybersecurity of National Security, Defense and Intelligence Community Systems

The White House issued a National Security Memorandum to improve the cybersecurity of National Security, Department of Defense, and Intelligence Community Systems  on January 19, 2022.  This Memo requires that National Security Systems (NSS) employ the network cybersecurity measures that are equivalent to or exceed those required of federal civilian networks in Executive Order (EO) 140281 and gives agencies 180 days to implement multifactor authentication and encryption for NSS data-at-rest and data-in-transit per guidance in Section 3 of EO 14028.



Thales Trusted Cyber Technologies (TCT) is a trusted, U.S. provider of cybersecurity solutions dedicated to U.S. Federal Government. We offer robust authenticationdata at rest encryption, and data in transit encryption solutions that address the requirements outlined in the Memo and EO 14028. Our solutions reduce the risks associated with the most critical attack vectors and address the most stringent encryption, key management, and access control requirements. In addition to our core solutions developed and manufactured in the U.S. specifically for the Government, we sell and support industry-leading, third-party commercial-off-the-shelf solutions. To mitigate the risks associated with procuring data security solutions developed outside of the U.S, we operate under a Proxy Agreement with Defense Counterintelligence & Security Agency (DCSA) for Foreign Ownership, Control & Influence (FOCI) and a Committee on Foreign Investment in the U.S. (CFIUS) National Security Agreement.

As a long-established provider of cybersecurity solutions currently deployed within National Security, Department of Defense, and Intelligence Community Systems, Thales TCT strongly supports the Biden Administration’s efforts to raise the bar on cybersecurity. All Thales TCT products currently support the recommended Commercial National Security Algorithms (CNSA) and are being enhanced with quantum resistant algorithms.

Thales TCT stands ready to provide solutions which meet the requirements of the Memo. We are prepared to provide industry input as the Committee on National Security Systems (CNSS) and federal agencies review and update policies as directed in the Memo.

From traditional high assurance and commercial-off-the-shelf authentication solutions to first-of-a-kind hardware security module-based identity credentials, Thales TCT offers the most secure, certificate-based authentication  platforms available to the U.S. Federal Government.

Our High Assurance Authentication products are currently approved for use within National Security Systems.

  • High Assurance Authentication that brings multi-factor authentication to applications and networks where security is critical.
  • Commercial-off-the-Shelf Multi-factor Authentication that offers the broadest range of authentication methods and form factors, Thales TCT allows customers to address numerous use cases, assurance levels, and threat vectors with unified, centrally managed policies—managed from one authentication back end delivered in the cloud or on premise.
  • Access Management through strong authentication services that enable agencies to pursue consistent authentication policies across the organization by automating and simplifying the deployment and management of a distributed estate of tokens, while securing a broad spectrum of resources, whether on-premises, cloud-based, or virtualize

Thales TCT offers data at rest encryption solutions that deliver granular encryption and role- based access control for structured and unstructured data residing in databases, applications, files, and storage containers through its CipherTrust Data Security Platform.


CipherTrust Data Security Platform unifies data discovery, classification, data protection, and unprecedented granular access controls with centralized key management – all on a single platform. This results in less resources dedicated to data security operations, ubiquitous compliance controls, and significantly reduced risk.

The platform includes:

  • CipherTrust Transparent Encryption delivers data at rest encryption, privileged user access controls and detailed data access audit logging. Connectors protect data in files, volumes and databases on Windows, AIX and Linux OS’s across physical and virtual servers, in cloud and big data environments.
    • Live Data Transformation Extension provides zero-downtime encryption and data rekeying.
    • CipherTrust Security Intelligence logs and reports streamline compliance reporting and speed up threat detection using SIEM systems.
  • CipherTrust Application Data Protection delivers crypto functions for key management, signing, hashing and encryption services through APIs, so that developers can easily secure data at the application server or big data node.
  • CipherTrust Tokenization is offered both vaulted and vaultless, and can help reduce the cost and complexity of complying with data security mandates.
  • CipherTrust Database Protection solutions integrate data encryption for sensitive fields in databases with secure, centralized key management and without the need to alter database applications. CipherTrust Database Protection solutions support Oracle, Microsoft SQL Server, and IBM DB2 and Teradata databases.
  • CipherTrust Manager  the central management point for the platform, provides centralized key lifecycle management and policy control, available in FIPS-compliant virtual and physical appliance form factors.
    environments and more. CipherTrust Manager can also be rooted to a hardware security module (HSM). Thales TCT T-Series Luna HSM (also embedded in CipherTrust Manager) is specifically approved via CNSS Memo for use in National Security Systems.
  • Luna T-Series Hardware Security Modules store, protect, and manage cryptographic keys used to secure sensitive data and critical applications. Meeting government mandates for U.S. Supply Chain, the high-assurance, tamper-resistant Luna T-Series HSMs are designed, developed, manufactured, sold, and supported in the United States.

Thales TCT offers a data discovery and classification solution that enables agencies to get complete visibility of sensitive data with efficient data discovery, classification, and risk analysis across cloud, big data, and traditional environments.

CipherTrust Data Discovery and Classification locates regulated sensitive data, both structured and unstructured, across the cloud, big data, and traditional data stores. A single pane of glass delivers understanding of sensitive data and its risks, enabling better decisions about closing security gaps, prioritizing remediation actions, and securing your cloud transformation and third-party data sharing.

Thales TCT offers network encryption solutions that provide a single platform to encrypt everywhere— from network traffic between data centers and the headquarters to backup and disaster recovery sites, whether on premises or in the cloud.

Thales TCT Network Encryptors leverage Quantum Key Distribution (QKD), Quantum Random Number Generation (QRNG) capabilities, and implement Quantum Resistant Algorithms  for future-proof data security.

  • CN9000 Network Encryptors: Delivering 100 Gbps of high assurance and secure encrypted data, the CN9000 Series provides mega data security (100 Gbps), with the lowest latency in the industry (<2μs).
  • CN6000 Network Encryptors: Offering variable-speed licenses from 100 Mbps to 10 Gbps. The CN6140 has a multi-port design that makes this encryptor variable, with speed licenses up to 40 Gbps (4×10 Gbps), highly flexible and cost effective.
  • CN4000 Network Encryptors: Versatile and compact, offering 10 Mbps-1 Gbps encryption in a small-form factor (SFF) chassis.  The CN4000 series is ideal for branch and remote locations, offering high-performance encryption, without comprising network performance.
  • CV1000 Virtual Encryptor: The first hardened virtual encryptor, is instantly scalable and may be deployed rapidly across hundreds of network links, providing robust encryption protection for data-in-motion. The Thales CV1000 Virtual Encryptor is a Virtual Network Function (VNF) that delivers an agile network and reduces capital expenditure requirements. Ideal for organizations that are virtualizing network functions and taking advantage of Software Defined Networking (SDN).
Thales TCT Solutions for the NSM on Improving Cybersecurity of NSS Solution Brief
White Paper: Top Five Ways to Address Requirements in National Security Memo on Improving Cybersecurity of National Security Systems