180 likes | 788 Views
Section Eight: Communication Security (COMSEC) Note: All classified markings contained within this presentation are for training purposes only. Communications Security (COMSEC) Overview. Communications Security (COMSEC)
E N D
Section Eight: Communication Security (COMSEC)Note: All classified markings contained within this presentation are for training purposes only.
Communications Security (COMSEC) Overview • Communications Security (COMSEC) • A series of countermeasures used to prevent unauthorized attempts to access U.S. technology and national security information by securing voice and data communication and ensuring its authentication • COMSEC Equipment • NSA-approved encryption devices are used to protect classified information that traverses a network or area of lesser control (i.e. over the internet or in between two secure rooms) • The lead time for acquiring COMSEC equipment typically ranges from 30 to 60 days • It is important to incorporate this lead time in the project planning phase • Common types of NSA-approved encryptors include: • General Dynamics Encryptors • L-3 Communications • Safe Net (Mykotronx) • Sypris • ViaSat
Communications Security (COMSEC) Access Requirements • Due to the unique sensitivity of COMSEC material, special eligibility requirements must be met • Non-U.S. citizens, including resident aliens, are not eligible for access • An appropriate U.S. Department of Defense (DoD) final security clearance is required for access to COMSEC information, cryptographic material and operational keys for other encryption devices • Access by an individual with an interim Top Secret clearance is permissible, but only at the Secret level • A cryptographic access briefing is required prior to accessing • Top Secret and Secret keying material and authenticators that are designated CRYPTO • Classified cryptographic media that represent, describe or implement classified cryptographic logic
Communications Security (COMSEC) Access Requirements • Prior to disclosure of COMSEC information, personnel must understand the sensitivity of the COMSEC system and their personal responsibility to support it • This is accomplished through access briefings and periodic updates • Personnel are not authorized to disclose to anyone not approved for COMSEC/ CRYPTO access the fact that any feature of design or construction of equipment has a cryptographic application • Extreme care must be exercised in the receipt and disposition of COMSEC and cryptographic information • Only appropriately briefed and authorized personnel are permitted access • Classified COMSEC information will be marked, stored, controlled and, when authorized, destroyed, shipped or transmitted outside {Company} facilities in accordance with instructions issued by the NSA Central Office of Record
Communications Security (COMSEC) Transmitting and Receiving • Secure Telephone Units • The Secure Telephone Equipment provides a means by which classified telephone conversations, up to TOP SECRET, when authorized, can take place • Assistance is available for the acquisition, installation, and programming of these units by contacting the Security Department • Secure Facsimiles • Secure facsimile equipment is available to transmit and receive classified information • Information sent should be limited to the Top Secret Collateral level • Hand-carrying COMSEC material outside the {Company} for valid contract-related activities requires • The user must have prior COMSEC Administrator authorization • A courier authorization SECURE TRANSMISSIONS
Communications Security (COMSEC) Information Control • All NATO transactions must be reported to the NATO Control Officer • Control includes retrieval, safeguarding, controlling, accounting for, and properly disposing of NATO material • All TOP SECRET transactions must be reported to the TOP SECRET Control Officer (TSCO) or alternate • Control includes logging, transferring material, and accounting for reproductions made within the {Company} • Request for assistance should be made at least three days prior to the actual transaction
Communications Security (COMSEC) Reporting • All persons who deal in any way with COMSEC material are responsible for immediately reporting any of the following to the Security Department • The compromise, possible compromise, loss (known or suspected), unauthorized access or other violation of the security regulations • The unauthorized destruction of classified or accountable COMSEC information • Any damage to classified or accountable COMSEC information that raises the possibility of sabotage • The emergency disposition of classified COMSEC information • A CRYPTO Card left unattended in the STE terminal