Crypto/COMSEC 3a
Must change combo immediately when:
1 A person who knows the combo no longer requires access to the container for any reason other than death. 2 a container certified as locked is found open. 3 the combo is compromised 4 any repair work has been performed on the combo lock.
Lock Combo Requirements
1 combos will not dupl a combo for other lock 2 do not use easily deciphered #s 3 combos are changed every 2 yrs, or monthly (cipher)
1 When to Destroy 2 Unapproved Destruction 3 Inadvertent Destruction 4 Conditions of Destruction:
1 destroy superseded or obsolete aids asap 2 premature destruction occurs w.o proper authority 3 occurs when material is destroyed by accident 4 Three conditions: Routine, Precautionary, and Emergency
NSA/Chief, CSS is charged to
Collect, process, analyze, produce, and disseminate signals.... Act as the National Manager for National Sec Sys as established in law+policy.... prescribe sec regulatoins covering operating practices, including..... under control of the Director of NSA handles classified category
COMSEC Authorized User
Designated by the CRO, this individual uses COMSEC materials and equipment to perform his/her mission and must safeguard these assets at all times. once trained, may be designated and granted access to materials within their account.
Terms
Encryption, Decryption, Algorithm, Vulnerabilities, Threats Crypto-Key - aka, a Key Variable is the parameter or numeric value used in encryption and decryption Cryptanalysis - the act or science of deciphering a code or coded message w.o prior knowledge of the key.
Standard Form 701, Activity Sec Checklist
End-of-Day Checks - Organizations that process or store classified info must establish a system of security checks at the close of each duty and/or business day to ensure that any area where classified info is used or stored is secure.
Secret
GSA-approved safe or Class "B" vault ( or Class A vault with TS). safes and vaults equipped with a lock requiring a single combo.
Controlled Cryptographic Items CCI
Keyed CCI will be protected at the highest classifaction of the key it contains. Unkeyed CCI, while not classified are considered sensitive and should be stored in a secure place.
Accountability of COMSEC material
Personnel: 1 Will know what COMSEC materials they have. 2 Will know where those materials are. 3 Will know that the materials are properly protected and accounted for.
Routine Precautionary Emergency
ROUTINE - approved methods - burning, shredding, pulverizing/pulping PRECAUT - performed anytime theres imminent danger of compromise EMERGENCY - more urgent, in face of an enemy attack.
Secure Internet Protocol Routing SIPR
Signals identified as Red Data are info that contains unencrypted sensitive or classified plain text info. if acquired can be read w.o any deciphering thus plain text
CryptoSec
The component of COMSEC resulting from the provision and proper use of technically sound crypto systems demands we never bypass operating procedures. even with best TRANSEC techniques, we cannot always prevent our enemies from intercepting info.
AF Form 1109 Visitor Register Log
There will be situations where an individual may have proper id and a sufficient need-to-know, but does require a full time and unescorted access to the material. Not added to access list but on AF Form 1109 aka Visitor Register Log - distinct badge (usually red or pink) as "escorted" or restricted access
Access Requirements
Three following requirements must be authenticated: 1 Need-to-Know - confirm person has a valid need for info 2 Proper Security Clearance - you may require top secret clearance in order to do your job 3 Proper Identification - possess an official form of id as well as hold US citizenship.
COMSEC Management
Three roles: 1 COMSEC Manager 2 COMSEC Responsible Officer 3 Authorized User
COMSEC has been subdivided into manageable security programs:
Transmission Sec (TRANSEC), Cryptographic Sec (CRYPTOSEC), Emission Security (TEMPEST), and Physical Security.
Physical Security
Two areas protected by physical sec are: controlled areas and restricted areas. controlled - medical facilities, armory, academic testing rooms, etc restricted - Command Posts, Air Operations Centers, and SCIFs.
Access List
Unescorted access to COMSEC material should be limited to people named on an officially published access list. This ensures personnel have the proper authorization to gain access to a secure area. clearance must be equal or higher than COMSEC info. CRO sig required.
AF IMT 1109 or FAA Form 1600-8
Users positively identify all COMSEC assessors by comparing the identification card (DD Form 2, ArmedForces Identification Card [Active, Reserve, and Retired], Common Access Card, or Air Force Form 354,Civilian Identification Card) with the assessment/audit message notice, TDY orders, or records theCOMSEC manager provides
COMSEC Doctrine
according to AFMAN 33-283, COMSEC refers to measures and controls taken to deny unauthorized persons info derived from info systems of the US Gov related to national security and to ensure the authenticity of such info systems.
Emergency Action Plans EAPs
activities holding classified alc-1 or 2 material must develop and maintain a current EAP to protect during emergencies.
EO 12333
align eo12333 w the Intelligence Reform and Terrorism Prevention Act of 2004 Implement additional recommendations of the 9/11 and WMD Commissions Further integrate.. Maintain or strengthen privacy and civil...
Top Secret
approved safe or safe-type steel file container, or Class "A" vault, for top secret material. Must be alarmed areas, continuous surveillance by armed guards. safes and vaults equipped w a lock having dual-combo capability to ensure Two-Person Integrity.
National Security Agency NSA
approves all cryptographic systems and techniques used by or on behalf of DOD activities to encrypt classified and certain sensitive info. (top secret, NATO secret, etc.)
Accounting Legend Codes ALC
are used to identify the level of accountability of a particular COMSEC item. the main ALCs are ALC-1,2,4, and 6 1- requires continuous accountability.. 2- generally cryptographic equipment or.. 4- generally publications of some type 6- reserved for electronic keys
Red/Black Concept
for controlling of electrical and electronic circuits, components, equipment, and systems that handle national sec info, in electrical form... RED--------------------------BLACK PLAINTEXT -----------------CIPHERTEXT
COMSEC Inventory
for daily operations, material in locked or sealed containers on days when you open the containers. List material stored on AFCOMSEC Form 16 or AF IMT 4167
TEMPEST
is a codename and not an acronym referring to investigations and studies of compromising emanations. vulnerabilities are unintentionally emitted signals, or compromising emanations.
General Services Admin GSA
is a government agency that has worked to establish standards for storage containers used to safeguard materials classified under each of the 3 classifications: Top Secret Secret Confidential
National Institute of Standards and Technologies NIST
is a non-regulatory federal agency within the US Dep of Commerce. mission is to promote US innovation and industrial competitiveness by advancing measurement science, standards and technology...... approves techs and systems
Sensitive Compartmented Information Facility SCIF
is a restricted area, room, group of rooms, buildings, or installation where sensitive compartmented info SCI may be stored, used, discussed, and/or electronically processed.
Compromising Emanations CE
is defined as unintentional intelligence-bearing signals, which, if intercepted and analyzed, may disclose the info transmitted, received, handled, or otherwise processed by any info-processing equipment.
Two Person Integrity TPI
is required when dealing with Top Secret info and material. requires presence of at least two authorized ppl who have both been briefed on TPI procedures + capable of detecting unauthorized procedures being performed. if both are separated for some reason, they must both verify the package was not opened. must continue the 2person check at opening, transport, and through to destruction of container.
Transmission Security TRANSEC
is the component of COMSEC resulting from the application of measures designed to protect transmissions from interception and exploitation by means other than cryptanalysis, or complex code-breaking techniques used to reveal encrypted info. involves the minimum authorized transmission methods to safeguard our comms. Is not adv encryp techniques. Authorized Methods: 1 Implement radio silence 2 change radio frequencies 3 cancel or alter comm patterns 4 use frequency hopping systems 5 use directional antennas
AFCOMSEC Form 16, Inventory Checklist
is used to record daily, shift, or local inventories of accountable COMSEC material. in 24hr work centers where containers remain open, you must use inventory COMSEC material at beginning of shift
SF 702
is used to record events such as who opened/closed the container, the time it was opened/closed, and who checked the container to ensure it was secured properly
Standard Form 153, COMSEC Material Report
is used to report Inventory changes, transfers, destruction, and Hand Receipt. account for all items from date of receipt until date of destruction or return to the COMSEC account. is acknowledgement that right material was destroyed.
National Security Agency NSA / Central Security Service (NSA/CSS)
leads the US Gov in cryptology that encompasses both Signals Intelligence SIGINT and Information Ass IA products and services, and enables Computer Net Operations CNO in order to gain a decision adv for the nation and our allies under all circumstances.
Tempest (formerly EMSEC)
objective is to deny access to classified and, in some instances, unclassified info and contain compromising emanations within an inspectable space. is the investigation, study, and control of compromising emanations from telecomm and automated info sys equipment.
Central Security Services CSS
provides timely and accurate cryptologic support, knowledge, and assistance to the military cryptologic community the Director of NSA is dual-hatted as the Chief of CSS
RED/BLACK separation
requires that electrical and electronic components, equip, and sys processing plain text be kept separate from those that process Cipher text to reduce the compromising emanations DoD achieves RED/BLACK goals by using proper grounding, bonding, and shielding methods as well as filtering and isolation techniques to create physical, electrical and electromagnetic barriers around equipment, aircraft and facilities.
Nonsecure Internet Protocol Routing NIPR
signals identified as Black Data are info that carry encrypted classified info, or cipher text. can also be unclassified data or CUI data. Controlled Unclassified Info
Confidential
stored in secure room, but can be stored under the same safeguards as Top Secret or Secret COMSEC materials. any approved GSA container will have a Standard Form 702, Security Container Check Sheet (SF 702), attached to it.
COMSEC Responsible Officer CRO
the next lvl subordinate to the COMSEC manager, the CRO is the squadron or flight liaisons between the base COMSEC manager and authorized users. admins physical security procedures
Cryptography
the transformation of ordinary text data into coded form (ciphertext) then recovering the plaintext data from its ciphertext form two components, an algorithm and a Crypto-Key
Key Management Infrastructure (KMI) Operating Account Manager (KOAM)
this person is usually the wing-level manager for the base COMSEC account and all COMSEC programs and material on base. KMI is local point of contact for all matters of COMSEC The manager trains COMSEC Resp Officers CROs
Cryptographic Technology Group's CTG
work in cryptographic mechanisms addresses topics such as hash algorithms, symmetric and asymmetric cryptographic techniques, key management, authentication, and random number generation. strong cryp is used to improve security of info systems