Communication Security (COMSEC) - NCMS

Download Report

Transcript Communication Security (COMSEC) - NCMS

Section Eight:
Communication Security (COMSEC)
Note: All classified markings contained within this presentation are for training purposes only.
Communications Security (COMSEC)
Overview
•
Communications Security (COMSEC)
– A series of countermeasures used to prevent unauthorized attempts to
access U.S. technology and national security information by securing
voice and data communication and ensuring its authentication
•
COMSEC Equipment
– NSA-approved encryption devices are used to protect classified
information that traverses a network or area of lesser control (i.e. over
the internet or in between two secure rooms)
– The lead time for acquiring COMSEC equipment typically ranges from
30 to 60 days
– It is important to incorporate this lead time in the project planning
phase
•
Common types of NSA-approved encryptors include:
–
–
–
–
–
General Dynamics Encryptors
L-3 Communications
Safe Net (Mykotronx)
Sypris
ViaSat
Communications Security (COMSEC)
Access Requirements
•
Due to the unique sensitivity of COMSEC material, special
eligibility requirements must be met
– Non-U.S. citizens, including resident aliens, are not eligible for
access
•
An appropriate U.S. Department of Defense (DoD) final
security clearance is required for access to COMSEC
information, cryptographic material and operational keys
for other encryption devices
– Access by an individual with an interim Top Secret clearance is
permissible, but only at the Secret level
•
A cryptographic access briefing is required prior to accessing
– Top Secret and Secret keying material and authenticators that
are designated CRYPTO
– Classified cryptographic media that represent, describe or
implement classified cryptographic logic
Communications Security (COMSEC)
Access Requirements
•
Prior to disclosure of COMSEC information, personnel must
understand the sensitivity of the COMSEC system and their personal
responsibility to support it
–
This is accomplished through access briefings and periodic updates
•
Personnel are not authorized to disclose to anyone not approved for
COMSEC/ CRYPTO access the fact that any feature of design or
construction of equipment has a cryptographic application
•
Extreme care must be exercised in the receipt and disposition of
COMSEC and cryptographic information
–
•
Only appropriately briefed and authorized personnel are permitted access
Classified COMSEC information will be marked, stored, controlled
and, when authorized, destroyed, shipped or transmitted outside
{Company} facilities in accordance with instructions issued by the
NSA Central Office of Record
Communications Security (COMSEC)
Transmitting and Receiving
•
Secure Telephone Units
– The Secure Telephone Equipment provides a means by which
classified telephone conversations, up to TOP SECRET, when
authorized, can take place
– Assistance is available for the acquisition, installation, and
programming of these units by contacting the Security Department
•
Secure Facsimiles
– Secure facsimile equipment is available to transmit and receive
classified information
– Information sent should be limited to the Top Secret Collateral
level
•
Hand-carrying COMSEC material outside the {Company} for
valid contract-related activities requires
– The user must have prior COMSEC Administrator authorization
– A courier authorization
Communications Security (COMSEC)
Information Control
•
All NATO transactions must be reported to the NATO
Control Officer
– Control includes retrieval, safeguarding, controlling,
accounting for, and properly disposing of NATO material
•
All TOP SECRET transactions must be reported to the TOP
SECRET Control Officer (TSCO) or alternate
– Control includes logging, transferring material, and
accounting for reproductions made within the {Company}
– Request for assistance should be made at least three days
prior to the actual transaction
Communications Security (COMSEC)
Reporting
•
All persons who deal in any way with COMSEC material are
responsible for immediately reporting any of the following to
the Security Department
– The compromise, possible compromise, loss (known or suspected),
unauthorized access or other violation of the security regulations
– The unauthorized destruction of classified or accountable COMSEC
information
– Any damage to classified or accountable COMSEC information that
raises the possibility of sabotage
– The emergency disposition of classified COMSEC information
– A CRYPTO Card left unattended in the STE terminal