From Traditional Security
Part of COMSEC Account Management - Equipment and Key Storage
Associated with IA controls: PESS-1, ECCM-1
Improper handling and storage of COMSEC material can result in the loss or compromise of classified cryptologic devices or classified key or unclassified COMSEC Controlled Items (CCI).
Ask the COMSEC Custodian, COMSEC Responsible Officer (CRO), Security Manager or IAM how COMSEC equipment and materials are transported, handled and stored. Physically check that crypto equipment, keys, and keyed crypto are handled and stored properly. Reviewers must annotate all types of crypto devices observed in the finding details or comments, (e.g. TACLANE, KIV 7, etc.)
COMSEC material must be stored in a GSA approved container such as safe, vault, or secure room IAW (NSA/CSS Policy Manual 3-16, Section XI, paragraph 89) Specific standards are: 1. Keyed crypto equipment must be housed within a proper GSA safe, vault or secure room. 2. If crypto equipment is not housed within a proper GSA safe, vault or secure room the Crypto Encryption Key must be removed and stored in a GSA approved safe or in a separate room from the crypto equipment when the equipment is not under the continuous observation and control of a properly cleared person. 3. Information Processing System (IPS) containers (safes) may be used to securely store and operate keyed equipment. 4. If unclassified crypto equipment is not operated in a safe, vault or secure room it must minimally be maintained within an approved Secret or higher Controlled Access Area (CAA) and further secured in a locked room (equipment closet) or equipment rack suitable for control of sensitive equipment to ensure only system administrator and COMSEC personnel have access to the equipment. 5. NOTES: This requirement applies to a tactical environment. Unless under continuous observation and control, Crypto Equipment Key must be removed and maintained separately from the encryption device - unless it is operated in a proper safe, vault or secure room. Ensure that any COMSEC account, materials or equipment being inspected is used for encryption of DISN assets. COMSEC items not used with DISN assets should not be inspected. Specifically, only those COMSEC items associated with the CCSDs being inspected are to be included in this check.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer