Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
37 Cards in this Set
- Front
- Back
|
COMSEC Protection |
COMSEC refers to measures and controls taken to deny unauthorized persons information derived from information systems of the United States Government related to national security and to ensure the authenticity of such information systems. |
|
|
Cryptosecurity |
This is a component of COMSEC resulting from the provisioning of technically sound cryptosystems and their proper use. A Cryptographic solution is the component of COMSEC resulting from the provision and proper use of technically sound crypto systems. |
|
|
Transmission Security (TRANSEC) |
This is the component of COMSEC resulting from the application of measures designed to protect transmissions from interception and exploitation by means other than crypto-analysis. |
|
|
TEMPEST |
This is to deny access to classified and, in some instances, unclassified information and contain compromising emanations within an inspectable space. TEMPEST is defined as the investigation, study, and control of compromising emanations from telecommunications and automated information systems equipment. |
|
|
Physical Security |
This is the part of COMSEC that results from using all physical measures necessary to safeguard COMSEC material from access by unauthorized persons. Physical security measures include the application of control procedures and physical barriers. |
|
|
Transportation of COMSEC Material |
The term "transportation" is used when no distinction is made as to the method of conveyance. "Shipment" is used to denote a method of conveyance that does not allow personal custody or control of the material while it is in transit. Double-wrap or otherwise encase all classified COMSEC material in two opaque containers and securely seal prior to transportation. Use strong and durable packing material that provides protection while in transit, prevents items from breaking through the container, and facilitates the detection of any tampering with the container. |
|
|
Management of COMSEC Materials |
Producing COMSEC Aids. Only the NSA, the service cryptologic elements, and EKMS elements (i.e., Local Management Device/Key Processor) are authorized to produce nomenclature and non-nomenclature COMSEC aids. Other Air Force activities must not originate, formulate, or produce key lists, codes, ciphers, call signs, authenticators, or any other form of nomenclature or non-nomenclature COMSEC aids. Do not remove, copy, reproduce, or make extracts of any part of COMSEC aids unless the ConAuth permits it or it is authorized in the material's handling instructions. |
|
|
Requesting COMSEC Material |
CROs tell the CAM what COMSEC material they need to support their mission (to include increase/decrease of material). |
|
|
Minimum On-Hand Requirements |
Typically, COMSEC accounts must plan on maintaining 120 days’ worth of physical or electronic material on hand to satisfy user requirements in case of sudden contingencies. |
|
|
Issuing to Deploying Units |
Home station COMSEC accounts provide initial COMSEC material. Accounts can issue the amount of material they need for the deployment based on the requirements of the operations plan. |
|
|
Issuing Keying Material in Tactical Situations |
TPI handling is not required in tactical situations. The amount of key that may be issued in tactical situations is not limited; issue keying material in sufficient quantities to support mission requirements. Issue keying material in either hard copy or electronic form depending on the risk as determined by the local commander. |
|
|
High Risk of Capture |
Issue only mission essential COMSEC material to users located in environments where there is a high risk of capture by an adversary. Attachment 7, Determining High Risk of Capture Environments, provides a guide for determining whether a particular environment presents a high risk of capture. In high risk tactical environments, issue key in electronic form whenever possible. In high risk fixed environments, use electronically generated key whenever possible. |
|
|
Physical Security Requirement for COMSEC Operations |
Authorized Access. Only United States citizens, who have an appropriate clearance and whose official duties require it, may access keying material and equipment, except those specifically authorized for release to allies.Store classified COMSEC in a manner that prevents unauthorized persons from gaining access. Areas containing classified COMSEC material which are not stored in an approved security container must be constructed in a manner consistent to the protection of other information of the same classification. |
|
|
Crypto-Ignition Keys (CIKs) |
Consult the operational security doctrine for the specific COMSEC equipment/system for the proper storage procedures for CIKs. |
|
|
Other COMSEC Material |
Safeguard material other than those that paragraphs 7.4.5.1. and 7.4.5.2. identify, i.e., KAMs, KAOs, SAMs, crypto ancillary material, like other national security information of the same classification. Allow access to those who need to know. |
|
|
Access Control Devices |
(e.g., cipher lock, magnetic card swipe locks, etc.). Because it does not offer the required degree of protection, use this type device only for convenience to facilitate admittance of authorized personnel when classified COMSEC material is properly protected. |
|
|
Security Checks |
Perform a required security check to ensure proper storage and safety of all classified COMSEC material. For daily operations, perform the security check at the end of each workday; for part-time operations, at the beginning of each shift and also at the end of each workday; and for 24-hour operations, at the beginning of each shift. |
|
|
Use of Private Vehicles |
Private or corporate-owned vehicles to carry COMSEC material may be used; however, notify the recipient organization of the itinerary and estimated time of arrival so appropriate steps can be taken if the courier does not arrive on time |
|
|
Protective Technologies Inspections |
NSA provides state-of-the-art tamper-revealing products for some COMSEC equipment and keying material. |
|
|
Control of TOP SECRET Keying Material |
TOP SECRET keying material protects the most sensitive national security information. Losing it to an adversary can endanger all the information the key protects. S ingle-person access to TOP SECRET keying material increases opportunities for unauthorized handling, use, production, dissemination, removal, and possession of the material. |
|
|
No-Lone Zone |
This is an area, room, or space which, when attended, must be occupied by two or more appropriately cleared individuals who remain within sight of each other. |
|
|
Handling Packages Containing TOP SECRET Material |
Packages received into the COMSEC account can have the outer wrapper removed by one person. If the inner wrap is stamped TOP SECRET CRYPTO, terminate further opening of the package until a second TOP SECRET-cleared individual is present. |
|
|
Storing Material |
Store TOP SECRET keying material, not in NSA protective packaging, under TPI controls. Use an X-09 (or equivalent) combination lock with no one person authorized access to both combinations. Make sure at least one combination lock is built- in, as in a vault door or in a security container drawer. |
|
|
Recording Combinations |
To provide ready access to secured material in emergencies, it is permissible to keep a central record of all lock combinations used to protect TOP SECRET keying material in a single secure container, approved for TOP SECRET storage. Protect the combinations by using part 2 of the SF 700. Seal this to prevent undetected, unauthorized access to the combination. |
|
|
Two-Person Integrity Incidents |
In addition to COMSEC incidents identified in Chapter 9, report any violation of TPI or CNLZ requirements, including situations in which an individual not under the CAP program accesses TOP SECRET keying material alone without a valid waiver. |
|
|
Requirements for Aircraft Containing COMSEC Material |
Due to space limitations, it is not always possible for U.S. guards to accompany a flight. When aircrew's layover is in overseas countries and U.S. guards are not available for the plane, aircrews must attempt to transport classified keying material to a U.S. facility for secure storage. If this is not possible, COMSEC material may remain onboard the aircraft provided the following requirements are strictly adhered to. Use guards employed by the host country for area control only. |
|
|
Disposition of COMSEC Material |
The term "disposition", as defined here, is the transfer (to another account or return to a distribution agency) or destruction of COMSEC material. |
|
|
Routine Destruction |
Superseded keying material is extremely sensitive because its compromise potentially compromises all traffic encrypted with it as well. To safeguard encrypted traffic and US COMSEC operations, destroy superseded or obsolete COMSEC aids as soon as possible after they have served their purpose. This prevents the possibility of reconstructing them. |
|
|
Destruction Precautions |
Take extreme care not to accidentally destroy COMSEC aids. Do not destroy COMSEC aids unless: A superseding document authorizes, in its handling instructions, the superseded COMSEC aid to be destroyed. The ConAuth supersedes it and authorizes its destruction. |
|
|
Approval of Routine Destruction Devices |
NSA is the approving authority for equipment used for the destruction of COMSEC aids. |
|
|
Routine Destruction Security |
Make facilities available for routinely destroying superseded keying material and other COMSEC aids either within the facility or nearby so that it can be completed without delay and without losing or compromising material being transported to the destruction facility. After destroying the material, check the destruction remains, the destruction equipment, and the surrounding area to make sure that destruction is complete and that no pieces are left behind. |
|
|
Routine Destruction Methods |
The authorized methods for routinely destroying paper COMSEC aids are burning, pulverizing or chopping, high security crosscut shredding, and pulping. Destroy non-paper COMSEC aids authorized for routine destruction by burning, chopping or pulverizing, or chemical alteration. |
|
|
Paper COMSEC Aids |
The following applies to classified COMSEC keying material and media which hold, describe, or implement a classified cryptographic logic. Such media include full maintenance manuals, cryptographic descriptions, drawings or cryptographic logics, specifications describing a cryptographic logic, and cryptographic software. |
|
|
Non paper COMSEC Aids |
The authorized methods of routinely destroying non paper COMSEC aids are burning, melting, chopping, pulverizing, and chemical alteration. Destroy the items so that no one can reconstruct classified information by physical, chemical, electrical, optical, or other means. |
|
|
Scheduling Routine Destruction |
Do not destroy traditional COMSEC aids before their supersession date unless proper disposition instructions have been received (i.e., message from the ConAuth). Destroy superseded keying material designated CRYPTO as soon as the crypto period expires or in accordance with the equipment's operating instruction, but no later than 12 hours after supersession. |
|
|
Destruction and Witnessing Officials |
A destruction official must be the person who performs the destruction of COMSEC items. |
|
|
Emergency Action Plans (EAPs) |
Each activity using COMSEC material must understand that emergencies could arise exposing their classified COMSEC material to loss or compromise. Planning can prevent or reduce loss or compromise and help facilities cope with two types of emergencies: accidental and hostile. |
