COMSEC. Communications Security

Transcription

1 COMSEC Communications Security For copies of the additional NSA reference materials mentioned in this brief, Please send requests to:

2 COMSEC CRYPTOGRAPHY (Cryptology) κρυπτός Hidden, Secret Graphein Writing Or -logia Study

3 COMSEC Protection of electronically transmitted classified and sensitive information Ensures authenticity of US National Security electronic information transmissions NSA (National Security Agency) primary US Government Agency responsible for COMSEC

4 COMSEC May be classified or unclassified Governed by the NSA 3-16 May be applied to: Documents Information Hardware (equipment)

5 COMSEC General Components of the program Transmission Security Emission Security Cryptographic Security Physical Security

6 COMSEC Basic Access requirements U S Citizen Need to Know COMSEC briefing

7 COMSEC CLASSIFIED COMSEC Access requirements Final US Government granted security clearance to the appropriate level Check with Security to verify clearance level and briefing status

8 COMSEC A separate/additional Cryptographic COMSEC briefing is required before personnel can access key material. Access to UNCLASSIFIED COMSEC and CCI May be granted on Need to Know and Citizenship status (i.e., no clearance or interim clearance) on a case by case basis

9 COMSEC Material Types of Material Classified documents COMSEC hardware (equipment) Crypto key material

10 COMSEC Material Hand Held Paper Tape Reader (KOI-18) Electronic Transfer Device or KYK-13 (KYK-13) Simple Key Loader or SKL (AN/PYQ-10) TACLANE- Micro (KG-175D) Data Transfer Device or CYZ-10 (AN/CYZ-10) Left: PLGR (Right: DAGR

11 Custodian Responsibilities Coordination with NSA Briefings Incoming/Outgoing Shipments Issuing Material & Accountability Inventories Hand Receipts Encrypted Electronic transmission Disposal / Destruction Compromise Investigations Subcontracting

12 Safeguarding COMSEC Safeguarding Classified same manner as DoD CCI Computer Processing

13 Safeguarding COMSEC CCI Controlled Cryptographic Item Unkeyed CCI required safeguarding equal to Sensitive material Security clearance not required for unkeyed CCI Guided further by NSA supplemental: NSTISSI No rev July 1996 Controlled Cryptographic Items

14 Safeguarding COMSEC Computer Processing U S Government restricted Requires specific safeguarding procedures

15 Safeguarding COMSEC Approved electronic transmissions Secure Phones (STE/SECTERA/OMNI) T1 Line with Encryption Network Encryption (General Dynamics KG SERIES and TACLANES) SIPRNET

16 Safeguarding COMSEC Hand carry Not all COMSEC items may be hand carried Hand Carry requirements very depending on the method of travel and the material being carried

17 COMSEC PERSONNEL INSECURITIES PHYSICAL SAFEGUARDING SHIPMENT

18 Additional Guidance INFOSEC Policy and Doctrine Division of NSA CNSS(I) stands for Committee on National Security Systems (Issuance) NSTISS(I) stands for National Security Telecommunications and Information Systems Security (Issuance)

19 Additional Guidance NSTISSI 4001 Controlled Cryptographic Items Issued July 1996 CNSSI No Destruction and Emergency Procedures Amended in October 2008 CNSSI No Safeguarding COMSEC Issued August 2011

20 Additional Guidance CNSSI No Clarifies Fixed and Mobile COMSEC facility requirements Expands and details COMSEC Custodian responsibilities Section X.76.l: Ensuring Standard Operating Procedures (SOPs), emergency protection or destruction plans are prepared in accordance with the requirements of CNSSI No (Reference y), are provided to all hand receipt holders, and are present at all COMSEC facilities served by the COMSEC account; Mandates labels can not be applied to Protective Packaging Section XV.142.a: The outside surface of COMSEC equipment is considered protective packaging.

21 Additional Guidance CNSSI No Discusses outdated equipment Section XII.106.c : The KYK-13 and KYX-15 Common Fill Devices store key only in unencrypted form and do not provide an audit trail. They must not be used to hold key for longer than 12 hours from the time the key is loaded into the end-equipment or 12 hours after the end of the applicable cryptographic period (cryptoperiod) whichever is longer, except in cases of operational necessity.

22 Protective Technologies Free standard product in small amounts Tamper Evident Bags Indicative Locks Loop Seals Security Labels Security Tape Government Off-The-Shelf or program specific customized products

23 Questions?