Commercial COMSEC Evaluation

The CCEP allows an agreement to be forged between the NSA and a vendor to develop and produce products that help improve the IA posture of DoD customers.


The Commercial COMSEC Evaluation Program (CCEP) is a development program for Information Assurance (IA) products. Under the CCEP, the National Security Agency (NSA) enters into a business relationship with a vendor to develop and produce products that are of a direct benefit to improving the IA security posture for Department of Defense customers. NSA applies its IA resources to evaluate products that best provide for widespread availability of high-quality, low-cost, secure communication systems for use by the U.S. Government.

Interested vendors must complete a CCEP Product Summary Questionnaire (PSQ), detailing the product. The information provided will be measured against national IA standards, needs, and priorities to determine the suitability of a potential product for acceptance into the program.


  1. Product vendor contacts Client Advocates
  2. NSA provides vendor with CCEP Product Summary Questionnaire (PSQ)
  3. Vendor completes and submits PSQ
  4. A business case is determined
  5. Vendor then submits a detailed proposal
  6. Detailed proposal is reviewed for technology and market
  7. Product is accepted into program
  8. NSA and Vendor enter into a legal agreement
  9. NSA and Vendor participate in a security evaluation
  10. NSA certifies the security embedded within the product/service

Please contact IAD's Client Contact Center for more information.

Last Reviewed: 13 May 2015