Communications Security (COMSEC)
description
Transcript of Communications Security (COMSEC)
Section Eight: Communication Security (COMSEC)
Note: All classified markings contained within this presentation are for training purposes only.
• Communications Security (COMSEC) – A series of countermeasures used to prevent unauthorized attempts to
access U.S. technology and national security information by securing voice and data communication and ensuring its authentication
• COMSEC Equipment– NSA-approved encryption devices are used to protect classified
information that traverses a network or area of lesser control (i.e. over the internet or in between two secure rooms)
– The lead time for acquiring COMSEC equipment typically ranges from 30 to 60 days
– It is important to incorporate this lead time in the project planning phase• Common types of NSA-approved encryptors include:
– General Dynamics Encryptors– L-3 Communications– Safe Net (Mykotronx)– Sypris– ViaSat
Communications Security (COMSEC) Overview
Communications Security (COMSEC) Access Requirements
• Due to the unique sensitivity of COMSEC material, special eligibility requirements must be met
– Non-U.S. citizens, including resident aliens, are not eligible for access
• An appropriate U.S. Department of Defense (DoD) final security clearance is required for access to COMSEC information, cryptographic material and operational keys for other encryption devices
– Access by an individual with an interim Top Secret clearance is permissible, but only at the Secret level
• A cryptographic access briefing is required prior to accessing
– Top Secret and Secret keying material and authenticators that are designated CRYPTO
– Classified cryptographic media that represent, describe or implement classified cryptographic logic
Communications Security (COMSEC) Access Requirements
• Prior to disclosure of COMSEC information, personnel must understand the sensitivity of the COMSEC system and their personal responsibility to support it
– This is accomplished through access briefings and periodic updates
• Personnel are not authorized to disclose to anyone not approved for COMSEC/ CRYPTO access the fact that any feature of design or construction of equipment has a cryptographic application
• Extreme care must be exercised in the receipt and disposition of COMSEC and cryptographic information
– Only appropriately briefed and authorized personnel are permitted access
• Classified COMSEC information will be marked, stored, controlled and, when authorized, destroyed, shipped or transmitted outside {Company} facilities in accordance with instructions issued by the NSA Central Office of Record
Communications Security (COMSEC) Transmitting and Receiving
SECURE TRANSMISSIONS
• Secure Telephone Units
– The Secure Telephone Equipment provides a means by which classified telephone conversations, up to TOP SECRET, when authorized, can take place
– Assistance is available for the acquisition, installation, and programming of these units by contacting the Security Department
• Secure Facsimiles
– Secure facsimile equipment is available to transmit and receive classified information
– Information sent should be limited to the Top Secret Collateral level
• Hand-carrying COMSEC material outside the {Company} for valid contract-related activities requires
– The user must have prior COMSEC Administrator authorization
– A courier authorization
Communications Security (COMSEC) Information Control
• All NATO transactions must be reported to the NATO Control Officer
– Control includes retrieval, safeguarding, controlling, accounting for, and properly disposing of NATO material
• All TOP SECRET transactions must be reported to the TOP SECRET Control Officer (TSCO) or alternate
– Control includes logging, transferring material, and accounting for reproductions made within the {Company}
– Request for assistance should be made at least three days prior to the actual transaction
Communications Security (COMSEC) Reporting
• All persons who deal in any way with COMSEC material are responsible for immediately reporting any of the following to the Security Department
– The compromise, possible compromise, loss (known or suspected), unauthorized access or other violation of the security regulations
– The unauthorized destruction of classified or accountable COMSEC information
– Any damage to classified or accountable COMSEC information that raises the possibility of sabotage
– The emergency disposition of classified COMSEC information
– A CRYPTO Card left unattended in the STE terminal