20 May 2000. Thanks to Dominick LaTrappe <seraf@2600.com>
Source: NASA Security Handbook, February 1, 1993:
http://cryptome.org/nasa-sec.zip
(Zipped, 275K)
4600 REFERENCES
1. National Security Directive No. 42, July 5, 1990.
2. NTISSI 4000 Series On Communications Security (COMSEC). (Multiple dates).
3. NTISSI No. 7000, "TEMPEST Countermeasures for Facilities," October 17, 1988.
4. NACSIM 5203, "Guidelines for Facility Design and Red/Black Installation," June 30, 1982.
5. NTISSIP Nr. 1. National Policy on Application of Communications Security to U.S. Civil and Commercial Space Systems, June 17, 1985.
6. National Communications Security Committee (NCSC)-6, "National Policy Governing the Disclosure or Release of Communications Security Information to Foreign Governments and International Organizations," January 16, 1981.
7. National Communications Security Committee (NCSC)-1, "National Policy for safeguarding and Control of COMSEC Material, January 16, 1991.
4601 GENERAL
This Chapter establishes the responsibilities and provides guidelines for implementation of a totally integrated NASA Communications Security Program.
4602 DEFINITIONS
Communications Security (COMSEC). The protection resulting from all measures designed to deny unauthorized persons information of value which might be derived from the possession and study of telecommunications, or to mislead unauthorized persons in their interpretation of the results of such possession and study. COMSEC includes the following types of security:
1. Cryptosecurity. The provision of technically sound crypto-systems and their proper use.
2. Transmission Security. All measures designed to protect transmissions from interception and exploitation by means other than cryptanalysis.
3. Physical Security. All physical measures necessary to safeguard classified equipment, material, and documents from access thereto or observation thereof by unauthorized persons.
4. Emission Security. Frequently referred to as TEMPEST. All measures taken to deny unauthorized persons information of value that might be derived from intercept and analysis of compromising emanations from cryptoequipment and telecommunications systems. TEMPEST countermeasures are considered on a case-by-case basis consistent with the policy and procedures established in NTISSI No. 7000.
4603 BACKGROUND
1. Secure Communications. The security of Federal telecommunications is a national responsibility requiring all participants' adherence to policy. Experience has shown that failure to plan and integrate appropriate telecommunications security measures early in a system's life-cycle, whether it be a classic acquisition program or a purely research and development effort, has caused many problems relating to adequacy and optimization of COMSEC measures based on limited program funds. NASA participants responsible for COMSEC must satisfy the requirements of the National Security Telecommunications and Information Systems Security Committee (NSTISSC), and the departments and agencies of the Federal Government, throughout the life-cycle of various programs.
2. The Secretary of Defense is the U.S. Government's Executive Agent for COMSEC. The Director, National Security Agency (NSA), is the national manager for COMSEC matters.
3. All types of nonsecure telecommunications are vulnerable to interception and exploitation by foreign signals intelligence (SIGINT). SIGINT incorporates communications intelligence (COMINT), electronic intelligence (ELINT), and telemetry intelligence (TELINT). COMINT has the greatest impact on NASA telecommunications on a day-to-day basis. Prime sources of valuable COMINT include clear voice and data, or unencrypted telephone/radio, and unencrypted facsimile (Fax) communications. Foreign Intelligence Services, using various intercept platforms, have a worldwide COMINT capability. In addition to the traditional nations utilizing Hostile Intelligence Services (HoIS) as a threat to our communications, it is estimated that a growing number of nations are developing SIGINT capabilities to gain an economic and technological edge over the United States. This is particularly true as strategic emphases shift from military strength to economic competitiveness. Still other elements are using information gained from the interception of communications for furthering their terrorist and/or criminal activities.
4. The application of COMSEC measures protects telecommunications from foreign intelligence exploitation and ensures the authenticity of such communications. Encryption with an approved cryptosystem and radio silence are the best defenses against HoIS and adversarial COMINT efforts.
5. Communications circuits can be protected by appropriate physical, acoustical, electrical or electromagnetic safeguards, such that classified data can be transmitted on these links in clear text (when information is transmitted to or from an area not under access controls consistent with that required for the classification of the information). These circuits must be formally approved as a Protected Distribution System (PDS). The following COMSEC measures may also be required:
a. Authentication;b. Proper operator skills, discipline and training;
c. Safeguarding and control of COMSEC material;
d. Transmission security;
e. COMSEC awareness; and
f. Command emphasis on COMSEC matters.
6. COMSEC measures should be periodically reevaluated because of advances in SIGINT technology.
4604 POLICY
1. NASA cannot totally protect its communications systems and networks from intercept and exploitation. However, NASA will comply fully with national COMSEC policy by ensuring that U.S. Government national security systems shall be secured by such means as are necessary to prevent compromise, denial of service, or exploitation. National security systems that are operated and maintained by U.S. Government contractors must likewise be secured.
2. It is NASA policy to comply with national policy and measures shall be instituted within NASA to ensure:
a. Classified information is transmitted securely by telephone, and digital data are exchanged between mainframes, personal computers (PC), Fax machines, and video teleconferencing. Classified information transmitted from an area not under access controls will be secured by encryption or a PDS. Fiber optic lines can also be adequately protected by Intrusion Detection Optical Communications Systems approved by NSA.b. Government or Government contractor sensitive national security-related information transmitted over NASA telecommunications links will be protected by approved COMSEC techniques.
c. COMSEC requirements for NASA telecommunications systems, including space operations, shall be identified during preliminary design reviews, development, installation, and operation.
3. Command uplinks, classified payload information and information revealing classified aspects of a mission, will be transmitted only by secure means. NASA protection of unclassified satellite and space systems command/control uplinks will be determined by the responsible NASA program office in coordination with Code JIS and the National Security Agency.
4. Upon determination by data owners that sensitive unclassified information requires cryptographic protection, the Data Encryption Standard (DES) should be employed except under the following circumstances:
a. Compliance with the standard would adversely affect the accomplishment of the mission of an operation of a Federal computer system.b. Compliance would cause a major adverse financial impact on the operator, which is not offset by Government savings.
5. The following items shall be cryptographically protected by the use of NSA-endorsed COMSEC equipment:
Classified, Unclassified Government, or Government-derived sensitive information involving intelligence activities; cryptographic activities; direct command and control of military forces; equipment which is an integral part of a weapon or weapon system; direct fulfillment of a military or intelligence mission; and other items related to national security.
6. Commercially developed privacy or security equipment using the DES or a commercial algorithm shall not be used to protect or encrypt any form of classified data within NASA.
7. NASA should consider only commercial telecommunications equipment that meets Federal Information Processing Standard Publication 140 (General Security Requirements for Equipment Using the Data Encryption Standard) for the protection of unclassified national security-related sensitive information.
8. NSA- and National Institute of Standards and Technology (NIST) approved techniques may be used separately, or in various combinations, to protect the transmission of unclassified sensitive information. There are a number of cryptographic products and associated keying materials acceptable for this purpose:
a. Type I Products. May be used to protect both classified and unclassified information.b. Type II Products. May be used only to protect unclassified information and are handled as Endorsed for Unclassified Cryptographic Items (EUCI).
9. Only NSA-produced keying material shall be used to encrypt classified information.
10. Only NSA-produced or -endorsed authentication systems shall be used for NASA telecommunications systems.
[11. not used]
12. TEMPEST countermeasure(s) determination decisions and Red/Black separation criteria will be coordinated with the NASA COMSEC Manager prior to the following actions:
a. The acquisition and installation of all telecommunications and automated information systems equipment and facilities which electrically or electromagnetically generate, store, process, transfer, or communicate NASA classified information.b. Installation of an unclassified system in a facility that has existing classified processing systems.
13. The NASA TEMPEST policy is in consonance with national policy, requiring the use of TEMPEST countermeasures in proportion to the threat of exploitation and the associated potential damage to national security.
a. NASA and NASA contractors shall strictly adhere to NTISSI 7000, TEMPEST Countermeasures For Facilities, when determining the applicable TEMPEST countermeasures for NASA and NASA-owned contractor equipment, systems, and facilities that process classified national security information.b. Prior to making a TEMPEST countermeasure(s) determination and implementation, the NASA Installation TEMPEST Officer/TEMPEST Focal Point should always review a security and cost analysis and coordinate with the NASA COMSEC Manager.
14. Applicable PDS requirements shall be addressed early in the facility design phase, and coordinated with the NASA COMSEC Manager prior to approval.
15. NASA telecommunications systems shall be continually assessed for threat and vulnerability, and should be protected through the continuous use of safeguards such as COMSEC, computer security, and administrative, procedural, physical, and personnel security controls.
4605 RESPONSIBILITIES
1. NASA's primary authority for managing an Agencywide communications security program has been delegated through the Associate Administrator for Management Systems and Facilities (Code J), through the Director, Logistics and Security Division (Code JI), to the Chief, NASA Security Office (Code JIS).
2. Code JI is responsible for programming, funding, and allocating resources to support NASA COMSEC management activities and ensuring that NASA implements national COMSEC policies, directives, criteria, standards, and doctrine.
3. Code JIS is responsible for overall COMSEC Program management, including policy and oversight. Specific responsibilities include designating a management official knowledgeable in both communications and communications security management principles and practices, to serve as the NASA COMSEC Manager and apprising Installation Directors, through appropriate Associate Administrators, of COMSEC audits and recommending appropriate improvements.
4. NASA COMSEC Custodian and Alternate COMSEC Custodian selection criteria and responsibilities are outlined in the NASA Communications Security Manual:
Receiving, storing, shipping, and accounting for all material issued to NASA accounts, and maintaining accurate records of these transactions.
5. NASA Program Managers are responsible for ensuring that Government-prescribed communications security policies, standards, guidelines, and procedures are promulgated and implemented in all organizations under their management by:
a. Ensuring compliance with all security requirements, standards, and procedures applicable to secure communications systems; and ensuring only COMSEC materials distributed through the COMSEC Material Control System (CMCS) are used.b. Ensuring COMSEC requirements are considered from the conceptual stage for all new facilities, systems, and applications through which classified or unclassified Government or Government-derived national security-related information is to be processed.
c. Ensuring the NASA COMSEC Manager's involvement and concurrence is obtained from the conceptual stage for all COMSEC systems.
d. Ensuring secure communications systems are approved by the NASA COMSEC Manager prior to commencing classified or unclassified, but sensitive, operation.
e. Coordinating with the NASA COMSEC Manager, prior to the release of any Requests for Proposals (RFP), Statements of Work (SOW), or other contract packages where COMSEC measures may be required.
f. Ensuring that contracts that require the transmission of classified and/or sensitive Government-derived national security-related information, by and between NASA and NASA contractors, identify the requirement for COMSEC protection.
g. Ensuring that contracts involving the electrical processing of classified information by NASA contractors at Government-owned facilities (including Sensitive Compartmented Information Facility [SCIF's]), the DD Form 254 (DOD Contract Security Classification Specification) and other contractual documents will specify that TEMPEST control measures will comply with NTISSI 7000.
h. Identifying and prioritizing COMSEC requirements to protect NASA telecommunications and providing such information to the NASA COMSEC Manager.
i. Providing validated, qualitative, and quantitative operational requirements for COMSEC material, equipment, and systems to the COMSEC Central Office of Record (COR), Code JIS, through their supporting COMSEC Custodians.
j. Determining operational requirements for secure communications with NASA participants in other countries. Program managers, in coordination with the NASA COMSEC Manager, will collaborate with NSA and appropriate foreign governments or international military authorities to identify and recommend the COMSEC material and procedures to be used to satisfy validated requirements. Such actions shall be limited to COMSEC matters for each specific release authorized by national authorities.
6. Field Installations. NASA Field Installations are responsible for the following actions:
a. Naming a COMSEC representative responsible for consulting with the NASA COMSEC Manager on COMSEC issues impacting on their respective Field Installation operation, and attending any COMSEC conferences or working groups prescribed by the NASA COMSEC Manager.b. Naming a TEMPEST single focal point familiar with national TEMPEST threat and vulnerability assessment methodology, who shall be responsible for coordinating with the NASA COMSEC Manager details concerning TEMPEST countermeasure(s) applications.
Note: NASA Installations with only moderate COMSEC requirements may choose to designate their primary COMSEC Office as their COMSEC Custodian and their TEMPEST single point of contact. A single individual may be designated for these functions with the concurrence of the NASA COMSEC Manager.
c. Ensuring Field Installation COMSEC custodians coordinate the following with the NASA COMSEC Manager:
All Field Installation COMSEC account-related matters, all day-to-day business with NSA, and those COMSEC account transactions impacting on NASA COMSEC COR operations, along with issues and initiatives that impact on the overall NASA COMSEC program.
4606 COMSEC EVALUATION
Staff assistance visits including an audit of each NASA COMSEC account will be conducted periodically. NASA contractor accounts established solely for the purpose of servicing NASA will continue to be audited by NSA.