880 likes | 1.24k Views
COMSEC (Communications Security). Overview. The types of COMSEC information you may access The handling of COMSEC items and keying material The directives and rules which prescribe those safeguards
E N D
Overview • The types of COMSEC information you may access • The handling of COMSEC items and keying material • The directives and rules which prescribe those safeguards • The penalties you will incur for willful disclosure of COMSEC information to unauthorized persons • EKMS/KMI Transition
COMSECDefinition • COMSEC is the general term used for all steps taken to protect information of value when it is being communicated • This includes measures which are taken: • To prevent unauthorized persons from gaining access to telecommunications that are related to national security • To ensure the authenticity of such telecommunications
Transmission Security Transmission Security or TRANSEC is the component of COMSEC which is designed to protect transmissions from unauthorized intercepts, traffic analysis, imitative deception and disruption.
Types of Transmissions Radio:The most widely used form of electronic transmission. No matter the type of end equipment in use, in most cases at some time between transmittal and receipt, radio signals are used for delivery. Because radio signals are sent out through the open air, they are one of the least secure forms of transmission. Telephone:One of the most widely used, and most convenient forms of communication. Not only are telephone lines used for voice communications, but data is also transferred over these lines. Telephone lines are easily tapped, making the phone a very unsecure form of communication.
Types of Transmissions Cell Phones: Very popular and widely used today. However, they are even less secure than regular phones because their transmissions can be picked up just like radio signals. Email:This has become one of the most widely used forms of communications, and one of the greatest risks to the security of classified and sensitive information. They can be easily intercepted or can be found stored on servers and copied. U.S. Postal & Courier Services:This is when data or materials are transferred through registered mail or hand delivered by bonded couriers. In most cases this is a very secure means of communication, but is not useful when time constraints exist.
Types of Transmissions Face to Face:This is when two or more parties meet and talk with each other. Hand Delivery:This is when data in written or hardcopy form is hand carried from point of transmission to point of receipt. NOTE: The security of face to face and hand delivery transmissions is totally dependent on the parties communicating.
Cryptographic Security Cryptographic Security or Cryptosecurity is the component of COMSEC which results from the use of technically sound cryptosystems, and from their proper use.
Cryptographic Security Cryptographic Security includes correctly applying encryption equipment to protect voice and data communications. When properly applied, encryption can secure all electronic transmission.
Cryptographic Security Includes the development of Key Management Plans and Procedures that provide instructions for the operation and protection of the Cryptographic devices and their key material. Includes all measures taken to ensure only authorized personnel install, operate and perform maintenance on cryptographic devices.
Physical Security Physical security is the component of COMSEC that results from all physical measures to safeguard cryptographic materials, information, documents and equipment from access by unauthorized persons.
Physical Security Includes Storage Facilities And Security Containers
Physical Security Storage of Classified Materials: The preferable storage requirement for items classified as Top Secret, Secret and Confidential is a vault. When necessary, such items can be stored in a GSA approved security container. Storage of FOUO and SBU: These items may be stored using the same methods as classified materials. When other methods are not available, a filing cabinet equipped with a locking bar and GSA changeable combination lock is the most preferable. However, in most cases it is acceptable to use any lockable container or room, but you should check with your COMSEC Custodian.
Physical Security It includes applying methods to ensure only authorized persons have access to classified, sensitive and COMSEC materials and information. These methods include but are not limited to: Badges, Guards and Alarm Systems It includes the proper handling and accounting for all classified, sensitive or COMSEC information/materials on a continuous basis. Inventories of these materials must be taken semi-annually as required by NSA.
Physical Security Whenever classified, sensitive or COMSEC materials are removed from storage, the person removing these materials or information must maintain constant control or surveillance over them. No matter how important a task may be, if it involves classified, sensitive or COMSEC materials or information: You may NEVER take it home or away from its secure area to be completed.
Physical Security • Includes the proper disposal of classified and sensitive materials and information no longer needed. • Some approved methods of destruction are: • Burning • Disintegration • Chopping • High Security Crosscut Shredding • Classified Trash Receptacle Most of you will not be performing the destruction of the materials. Most of you will either shred or burn your COMSEC items that need to be destroyed.
Physical Security The destruction of COMSEC materials is even more strict than those of other classified materials. For this reason, there are even fewer personnel authorized to perform this destruction. For more information contact your COMSEC Custodian.
Emissions Security Emissions Security is the component of COMSEC which results from all measures taken to prevent compromising emanations from cryptographic equipment or telecommunications systems.
Emissions Security All electronic equipment produces and radiates RF signals. TEMPEST Rated How do we control these radiated RF signals from being intercepted by unauthorized parties? We use TEMPEST rated equipment We use Red/Black separation We shield and filter our facilities and sensitive areas
COMSEC Access CCI Access Cryptographic Access Three Types of Access
COMSEC Access • Access to classified COMSEC information may be afforded U.S. citizens who: • Have been granted a final security clearance by the U.S. Government. • Have a need-to-know. • Personnel who have been granted an interim TOP SECRET clearance may be granted access to COMSEC material, but only at the SECRET level and below. An interim SECRET clearance is not valid for access to any classified COMSEC information.
CCI Access • Access to Controlled Cryptographic Items (CCIs) will be limited to U.S. citizens who have a need-to-know. • When CCI equipment is keyed, individuals loading the key or otherwise operating the equipment must possess a security clearance at least equal to the classification level of any key contained within. A security clearance is not required for visual access, if properly escorted. Know and Obey the Rules Governing Use of the vIPER, Omni or STE
Jimmy Cryptographic Access • Cryptographic access control (CAC) is an approach to securing data by encrypting it with a key, so that only the users in possession of the correct key are able to decrypt the data and/or perform further encryptions. • Access to classified Cryptographic information may be afforded U.S. citizens who: • Possesses a security clearance appropriate to the level of classification of the cryptographic information to be accessed. • Have a need-to-know. • Receives a security briefing appropriate to the cryptographic information to be accessed.
COMSEC Briefings • Initial Briefing. U.S. Government entities and contractors will ensure that all individuals having a need for access to the types of COMSEC information will receive the COMSEC briefing. • COMSEC briefings shall be administered by the COMSEC Custodian or Alternate COMSEC Custodian of U.S. Government entities and contractor facilities. • For contractor facilities, when the FSO is the COMSEC Custodian or Alternate COMSEC Custodian or is assigned duties that require access, the FSO must be briefed by a U.S. Government representative. • Periodic COMSEC re-briefings and debriefings are not required. • Briefings are maintained for a minimum of five years upon clearance or employment termination.
Cryptographic Briefings • Individuals who have a continuing need for access to TOP SECRET and SECRET key and authenticators that are designated CRYPTO, and to classified cryptographic media, will receive the cryptographic access briefing. • The cryptographic access briefing shall be administered by the COMSEC Custodian or Alternate COMSEC Custodian of U.S. Government entities and contractor facilities. • For contractor facilities, when the FSO is the COMSEC Custodian or Alternate COMSEC Custodian or is assigned duties that require access, the FSO must be briefed by a U.S. Government representative. • Cryptographic debriefings are required • Briefings are maintained for a minimum of five years upon debriefing, clearance or employment termination.
TPI Requirement • Access to Top Secret cryptographic keying material can be conducted only under the Two Person Integrity (TPI) requirement. • The TPI requirement is mandated until the keying material has been converted or has been properly stored or destroyed, in accordance with approved procedures.
COMSEC/Crypto Access Verification • COMSEC access and/or Cryptographic access may be verified by contacting your respective COMSEC Custodian, FSO, or the ISSO assigned to the lab in which you are working.
Security Oversight • Security oversight for the operation of most COMSEC accounts is shared between the National Security Agency (NSA) and the Defense Security Service (DSS).
Role of NSA The NSA: • Functions as the Central Office of Record (COR) and receives all transaction reports (receipt, generation, destruction, and inter-facility transfers) from the COMSEC Custodian. • Serves as the U. S. Government’s central library for all publications related to COMSEC. • Dispatches NSA auditors to the COMSEC Account approximately every5 years to conduct assessments.
Role of DSS The DSS: • Oversees implementation of the NISPOM, through periodic audits and inspections. • Coordinates with NSA regarding COMSEC issues between the COMSEC Custodian and foreign governments.
COMSEC Accounts • A COMSEC account is required when a contract has a DD254 with the 11.h. box checked. 11.h. Request a COMSEC Account
COMSEC Accounts • To open a new COMSEC account with NSA, you must complete the COMSEC Account Application Form L-7187. It can be obtained by going to the NSA Key Support Central Facility website at: https://www.iad.gov/COR/index.cfm. If you have any questions, contact NSA Registration at 410-854-8523. • NSA sends an appointment letter within 7 to 14 days. You will then submit a signature card to NSA. • All new COMSEC Custodians and Alternates must take the COMSEC Custodian Training Course (IAEC-2112) within six months after being appointed. More information can also be found regarding the course on the Key Support Central Facility website. • COMSEC and Cryptographic briefings must be completed, as required. • To apply for access to the NSA Key Support Central Facility website go to: https://www.iad.gov/COR/index.cfm and click to join.
COMSEC ITEMS • Classified and unclassified keying material, both hard copy and digital formats. • Classified and unclassified encryption equipment embedded with cryptographic firmware. • Classified and unclassified material, data, hardware, and software under development – which embodies, implements, or describes cryptographic logic. • Classified and unclassified documents relating to the maintenance and operation of COMSEC equipment. • In most cases, one of the following labels will be displayed on the outside of such items: “Controlled Cryptographic Item, CCI, /TSEC, or CRYPTO”.
COMSEC ITEMS STE III phone – secure point-to-point voice/data communications up to Top Secret vIPER secure phone – secure point-to-point voice/data communications up to Top Secret Talon card - encrypts traffic sent through it (an in-line Network Encryptor) primarily with a laptop Omni encryptor- secure point-to-point voice/data communications up to Top Secret
COMSEC ITEMS KG-175D Encryptor– provides network communications security on Internet Protocol (IP) and Asynchronous Transfer Mode (ATM) networks RASKL- used to store electronic keys then load into crypto equipment Data Transfer Device (DTD) - used to store electronic keys then load into crypto equipment Simple Key Loader - used to store electronic keys then load into crypto equipment
Procurement of COMSEC Equipment • The procurement of CCI should always be coordinated through GFE, FMS, or Company Owned channels. • The following conditions apply to ALL CCI: • CCI must be used ONLY for the purpose for which it was obtained. • If unclassified and “unkeyed,” CCI must be protected and stored as “high value property,” physically accessible only to COMSEC briefed personnel, and secured within a locked cabinet or area. • If classified or “keyed,” CCI must be protected at its assigned security classification level and/or at the classification level of its key and secured within an approved security container or closed area when unattended.
Obey the rules. Keying Material • The procurement of keying material should always be coordinated through the COMSEC Custodian. • The following handling conditions apply to ALL keying material: • Keying material can be used only for the purpose for which it was obtained. • All keying material has a “controlling authority,” which authorizes distribution, usage on specific CCI, and the duration of usage (effective period/crypto period). • If unclassified, keying material must be protected, accessible only to COMSEC-briefed personnel, and secured within an approved security container or closed area.
Keying Material • If classified, keying material must be protected at its assigned security classification level, accessible to only properly cleared and briefed personnel, and secured within an approved security container or closed area. • Top Secret keying material marked “CRYPTO” must be accessed and stored only under TPI controls. • When issued to a Hand Receipt Holder, specific instructions will be provided by the COMSEC Custodian regarding usage of the keying material, its effective crypto period, its suppression rate, and the time superseded segments must be destroyed.
Keying Material • If keying material is classified, the key’s effective date and crypto period are classified at the Confidential level and (along with the key’s nomenclature and edition identifier) should never be mentioned outside secure channels. • It is permissible to mention the key’snomenclature or the key’s edition – but never together (which would be classified). • For instance, in the unclassified example – “USKAT 1539, Edition G, is effective 1 June 1998” – it would be permissible to say, “We’re currently on Edition G,” or “We’re currently using USKAT 1539.” But it would not be permissible to say, “We’re currently using Edition G, USKAT 1539.” • The effective date and/or crypto period of unclassified keying material is For Official Use Only (FOUO), which must not be disclosed in the public domain.
Keying Material • Keying material must be destroyed and/or equipment be zeroized when its crypto period has expired and/or when the key has been superseded. • Keying material designated CRYPTO, which has been issued for use, must be destroyed within 12 hours following the expiration of individual key segments and/or supersession. • If special circumstances prevent compliance with the 12-hour standard (e.g., facility unmanned over weekend or holiday period), the chief of the U.S. Government entity or FSO (if applicable) may authorize an extension to a maximum of 72 hours. • Destruction of physical key requires the identities and keys of the person conducting the destruction and the person who actually witnesses the destruction.
Two Types of Accounts • Traditional Account - established to support a program that is required to hold and/or produce classified COMSEC material accountable within the CMCS. • Seed Key-Only COMSEC Account (SOCA) - established to support a program that holds Controlled Cryptographic Item(s) and the associated Seed Key. • The COMSEC Custodian is responsible and accountable for all COMSEC material charged to the COMSEC Account.
COMSEC Accounting • The COMSEC Distributed INFOSEC Accounting System (DIAS) automates the accounting and tracking procedures for handling all items (classified and unclassified) controlled under the COMSEC Material Control System (CMCS). DIAS is a user-friendly application that allows users to store and transfer accounting information electronically between COMSEC accounts and the Central Office of Record (COR).
COMSEC Accounting • Accounting reports are prepared on an SF-153. These reports are prepared electronically using either the NSA Distributed INFOSEC Accounting System (DIAS) or another NSA COR (I5131) approved automated system. • All transactions (e.g., receipt, transfer, destruction, etc.) for COMSEC items are controlled through the DIAS or other NSA COR approved automated system. • Items which must be transferred outside the COMSEC Custodian’s immediate control (whether inside or outside the facility) must be transferred via an SF 153 (COMSEC Material Report).
Transferring COMSEC Items • Depending on the classification level, COMSEC items under cognizance of the CMCS can be forwarded via U.S. Postal Services, a bonded trucking/transportation company, Defense Courier Service (DCS), or overnight air service. • COMSEC items can be received as Government Furnished Equipment (GFE), Company Owned Equipment, or property furnished under Foreign Military Sales (FMS). • Regardless of how received (and for what purpose), the following condition must be adhered to, under the NSA/CSS Policy Manual No. 3-16: Packages addressed to the “COMSEC Account (or COMSEC Custodian)” must be delivered to COMSEC personnel unopened.
Hand Receipts • The person who receives COMSEC items from the COMSEC Custodian is called a “Hand Receipt Holder,” because the SF 153 (used for local transfers) is called a “hand receipt”. • The Hand Receipt Holder is responsible for the control, safeguarding, storage, and usage of the items issued to him/her. • Other personnel who use the COMSEC items must be aware of the required controls, briefed to the appropriate level of classification, and under continuous operational control of the Hand Receipt Holder.
Hand Receipts • The Hand Receipt Holder cannot reissue COMSEC items to another individual outside his/her span of control. • If items need to be reissued, they must be returned first to the COMSEC Custodian for reissuance. • The Hand Receipt Holder is relieved from responsibility only when the items have been returned to the COMSEC Custodian.
Special Handling • COMSEC documents can be ordered through the COMSEC Custodian from NSA. • Depending on the type of document received, disbursement may be through the COMSEC Custodian or through document control personnel. • In any event, the following special handling conditions apply to ALL COMSEC documents: • If not controlled through the COMSEC Custodian, the document may be reproduced – unless there is a notice on the document to restrict reproduction. • If controlled through the COMSEC Custodian, a TOTAL reproduction of the document is not allowed without authorization from the NSA or the originating office. • Extractions and partial reproductions are allowed so long as the information which is extracted or reproduced is identified as COMSEC information, identified via the same means as the source document.
Storage/Destruction/Transfer • Unclassified COMSEC documents must be protected from unauthorized personnel; i.e., secured in a locked file cabinet with access provided only to COMSEC-briefed personnel. • Classified COMSEC documents must be protected at the assigned security classification level; i.e., stored in an approved container or closed area with access provided only to appropriately cleared and briefed personnel. • Destruction and transfer of COMSEC documents must be coordinated through the entity that disbursed the documents.
Overnight Delivery Way Out COMSEC Shipments • All shipments of COMSEC items controlled through the CMCS must be coordinated through the COMSEC Custodian. • The shipment of those not controlled through CMCS must be coordinated through document control. • The method of shipment must be approved by the COMSEC Custodian or document control before any shipping documentation is prepared. • The functional organization responsible for the use or delivery of the item must obtain authorization for the shipment (e.g., approval from the Contracting Office, Government Property, Contracts, etc.) and must prepare any shipment document required within the company. • The COMSEC Custodian and document control will prepare external receipt documentation, which is required separately from any other company or government documentation that may accompany the shipment.