Crypto/COMSEC 3a

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Must change combo immediately when:

1 A person who knows the combo no longer requires access to the container for any reason other than death. 2 a container certified as locked is found open. 3 the combo is compromised 4 any repair work has been performed on the combo lock.

Lock Combo Requirements

1 combos will not dupl a combo for other lock 2 do not use easily deciphered #s 3 combos are changed every 2 yrs, or monthly (cipher)

1 When to Destroy 2 Unapproved Destruction 3 Inadvertent Destruction 4 Conditions of Destruction:

1 destroy superseded or obsolete aids asap 2 premature destruction occurs w.o proper authority 3 occurs when material is destroyed by accident 4 Three conditions: Routine, Precautionary, and Emergency

NSA/Chief, CSS is charged to

Collect, process, analyze, produce, and disseminate signals.... Act as the National Manager for National Sec Sys as established in law+policy.... prescribe sec regulatoins covering operating practices, including..... under control of the Director of NSA handles classified category

COMSEC Authorized User

Designated by the CRO, this individual uses COMSEC materials and equipment to perform his/her mission and must safeguard these assets at all times. once trained, may be designated and granted access to materials within their account.

Terms

Encryption, Decryption, Algorithm, Vulnerabilities, Threats Crypto-Key - aka, a Key Variable is the parameter or numeric value used in encryption and decryption Cryptanalysis - the act or science of deciphering a code or coded message w.o prior knowledge of the key.

Standard Form 701, Activity Sec Checklist

End-of-Day Checks - Organizations that process or store classified info must establish a system of security checks at the close of each duty and/or business day to ensure that any area where classified info is used or stored is secure.

Secret

GSA-approved safe or Class "B" vault ( or Class A vault with TS). safes and vaults equipped with a lock requiring a single combo.

Controlled Cryptographic Items CCI

Keyed CCI will be protected at the highest classifaction of the key it contains. Unkeyed CCI, while not classified are considered sensitive and should be stored in a secure place.

Accountability of COMSEC material

Personnel: 1 Will know what COMSEC materials they have. 2 Will know where those materials are. 3 Will know that the materials are properly protected and accounted for.

Routine Precautionary Emergency

ROUTINE - approved methods - burning, shredding, pulverizing/pulping PRECAUT - performed anytime theres imminent danger of compromise EMERGENCY - more urgent, in face of an enemy attack.

Secure Internet Protocol Routing SIPR

Signals identified as Red Data are info that contains unencrypted sensitive or classified plain text info. if acquired can be read w.o any deciphering thus plain text

CryptoSec

The component of COMSEC resulting from the provision and proper use of technically sound crypto systems demands we never bypass operating procedures. even with best TRANSEC techniques, we cannot always prevent our enemies from intercepting info.

AF Form 1109 Visitor Register Log

There will be situations where an individual may have proper id and a sufficient need-to-know, but does require a full time and unescorted access to the material. Not added to access list but on AF Form 1109 aka Visitor Register Log - distinct badge (usually red or pink) as "escorted" or restricted access

Access Requirements

Three following requirements must be authenticated: 1 Need-to-Know - confirm person has a valid need for info 2 Proper Security Clearance - you may require top secret clearance in order to do your job 3 Proper Identification - possess an official form of id as well as hold US citizenship.

COMSEC Management

Three roles: 1 COMSEC Manager 2 COMSEC Responsible Officer 3 Authorized User

COMSEC has been subdivided into manageable security programs:

Transmission Sec (TRANSEC), Cryptographic Sec (CRYPTOSEC), Emission Security (TEMPEST), and Physical Security.

Physical Security

Two areas protected by physical sec are: controlled areas and restricted areas. controlled - medical facilities, armory, academic testing rooms, etc restricted - Command Posts, Air Operations Centers, and SCIFs.

Access List

Unescorted access to COMSEC material should be limited to people named on an officially published access list. This ensures personnel have the proper authorization to gain access to a secure area. clearance must be equal or higher than COMSEC info. CRO sig required.

AF IMT 1109 or FAA Form 1600-8

Users positively identify all COMSEC assessors by comparing the identification card (DD Form 2, ArmedForces Identification Card [Active, Reserve, and Retired], Common Access Card, or Air Force Form 354,Civilian Identification Card) with the assessment/audit message notice, TDY orders, or records theCOMSEC manager provides

COMSEC Doctrine

according to AFMAN 33-283, COMSEC refers to measures and controls taken to deny unauthorized persons info derived from info systems of the US Gov related to national security and to ensure the authenticity of such info systems.

Emergency Action Plans EAPs

activities holding classified alc-1 or 2 material must develop and maintain a current EAP to protect during emergencies.

EO 12333

align eo12333 w the Intelligence Reform and Terrorism Prevention Act of 2004 Implement additional recommendations of the 9/11 and WMD Commissions Further integrate.. Maintain or strengthen privacy and civil...

Top Secret

approved safe or safe-type steel file container, or Class "A" vault, for top secret material. Must be alarmed areas, continuous surveillance by armed guards. safes and vaults equipped w a lock having dual-combo capability to ensure Two-Person Integrity.

National Security Agency NSA

approves all cryptographic systems and techniques used by or on behalf of DOD activities to encrypt classified and certain sensitive info. (top secret, NATO secret, etc.)

Accounting Legend Codes ALC

are used to identify the level of accountability of a particular COMSEC item. the main ALCs are ALC-1,2,4, and 6 1- requires continuous accountability.. 2- generally cryptographic equipment or.. 4- generally publications of some type 6- reserved for electronic keys

Red/Black Concept

for controlling of electrical and electronic circuits, components, equipment, and systems that handle national sec info, in electrical form... RED--------------------------BLACK PLAINTEXT -----------------CIPHERTEXT

COMSEC Inventory

for daily operations, material in locked or sealed containers on days when you open the containers. List material stored on AFCOMSEC Form 16 or AF IMT 4167

TEMPEST

is a codename and not an acronym referring to investigations and studies of compromising emanations. vulnerabilities are unintentionally emitted signals, or compromising emanations.

General Services Admin GSA

is a government agency that has worked to establish standards for storage containers used to safeguard materials classified under each of the 3 classifications: Top Secret Secret Confidential

National Institute of Standards and Technologies NIST

is a non-regulatory federal agency within the US Dep of Commerce. mission is to promote US innovation and industrial competitiveness by advancing measurement science, standards and technology...... approves techs and systems

Sensitive Compartmented Information Facility SCIF

is a restricted area, room, group of rooms, buildings, or installation where sensitive compartmented info SCI may be stored, used, discussed, and/or electronically processed.

Compromising Emanations CE

is defined as unintentional intelligence-bearing signals, which, if intercepted and analyzed, may disclose the info transmitted, received, handled, or otherwise processed by any info-processing equipment.

Two Person Integrity TPI

is required when dealing with Top Secret info and material. requires presence of at least two authorized ppl who have both been briefed on TPI procedures + capable of detecting unauthorized procedures being performed. if both are separated for some reason, they must both verify the package was not opened. must continue the 2person check at opening, transport, and through to destruction of container.

Transmission Security TRANSEC

is the component of COMSEC resulting from the application of measures designed to protect transmissions from interception and exploitation by means other than cryptanalysis, or complex code-breaking techniques used to reveal encrypted info. involves the minimum authorized transmission methods to safeguard our comms. Is not adv encryp techniques. Authorized Methods: 1 Implement radio silence 2 change radio frequencies 3 cancel or alter comm patterns 4 use frequency hopping systems 5 use directional antennas

AFCOMSEC Form 16, Inventory Checklist

is used to record daily, shift, or local inventories of accountable COMSEC material. in 24hr work centers where containers remain open, you must use inventory COMSEC material at beginning of shift

SF 702

is used to record events such as who opened/closed the container, the time it was opened/closed, and who checked the container to ensure it was secured properly

Standard Form 153, COMSEC Material Report

is used to report Inventory changes, transfers, destruction, and Hand Receipt. account for all items from date of receipt until date of destruction or return to the COMSEC account. is acknowledgement that right material was destroyed.

National Security Agency NSA / Central Security Service (NSA/CSS)

leads the US Gov in cryptology that encompasses both Signals Intelligence SIGINT and Information Ass IA products and services, and enables Computer Net Operations CNO in order to gain a decision adv for the nation and our allies under all circumstances.

Tempest (formerly EMSEC)

objective is to deny access to classified and, in some instances, unclassified info and contain compromising emanations within an inspectable space. is the investigation, study, and control of compromising emanations from telecomm and automated info sys equipment.

Central Security Services CSS

provides timely and accurate cryptologic support, knowledge, and assistance to the military cryptologic community the Director of NSA is dual-hatted as the Chief of CSS

RED/BLACK separation

requires that electrical and electronic components, equip, and sys processing plain text be kept separate from those that process Cipher text to reduce the compromising emanations DoD achieves RED/BLACK goals by using proper grounding, bonding, and shielding methods as well as filtering and isolation techniques to create physical, electrical and electromagnetic barriers around equipment, aircraft and facilities.

Nonsecure Internet Protocol Routing NIPR

signals identified as Black Data are info that carry encrypted classified info, or cipher text. can also be unclassified data or CUI data. Controlled Unclassified Info

Confidential

stored in secure room, but can be stored under the same safeguards as Top Secret or Secret COMSEC materials. any approved GSA container will have a Standard Form 702, Security Container Check Sheet (SF 702), attached to it.

COMSEC Responsible Officer CRO

the next lvl subordinate to the COMSEC manager, the CRO is the squadron or flight liaisons between the base COMSEC manager and authorized users. admins physical security procedures

Cryptography

the transformation of ordinary text data into coded form (ciphertext) then recovering the plaintext data from its ciphertext form two components, an algorithm and a Crypto-Key

Key Management Infrastructure (KMI) Operating Account Manager (KOAM)

this person is usually the wing-level manager for the base COMSEC account and all COMSEC programs and material on base. KMI is local point of contact for all matters of COMSEC The manager trains COMSEC Resp Officers CROs

Cryptographic Technology Group's CTG

work in cryptographic mechanisms addresses topics such as hash algorithms, symmetric and asymmetric cryptographic techniques, key management, authentication, and random number generation. strong cryp is used to improve security of info systems


Ensembles d'études connexes

User Interface Study Guide for EOC

View Set

Economics Macro Chapter 27; No terms; Multiple choice only; IRSC

View Set