Electronics Material Officer

Electronics Material Officer Course






















This lesson topic presents information on security responsibilities, areas and markings, procedures, CMS, maintenance, and TEMPEST.

The LEARNING OBJECTIVES of this LESSON TOPIC are as follows:

2.8 State the purpose for inspecting operational conditions of Combat Systems Electronics division.

2.9 Describe procedures for inspecting operational conditions of Combat Systems Electronics division.

2.10 State the purpose of inspecting material conditions of Secure Processing Centers.

2.11 Describe procedures for inspecting material conditions of Secure Processing Centers.

2.12 Identify references used for the administration of security and TEMPEST.

2.13 Describe the security responsibilities in the Electronics Division chain of command.

2.14 Define the term TEMPEST.

2.15 Describe afloat TEMPEST program procedures.

2.16 Describe the purpose, content, and preparation/update of a DD Form 1435.

2.17 Prepare/update a DD Form 1435.

2.18 Describe the procedures to determine current cryptographic qualification of cryptographic technicians.

2.19 Determine current cryptographic qualification of cryptographic technicians.

2.20 Describe the procedures for re-qualifying cryptographic technicians.


The student should review the "LIST OF STUDY RESOURCES" and read the Lesson Topic LEARNING OBJECTIVES before beginning the lesson topic.








To learn the material in this LESSON TOPIC, you will use the following study resources:

Written Lesson Topic presentations in the Module Booklet:

1. Lesson Topic Summary

2. Narrative Form of Lesson Topic

3. Lesson Topic Progress Check

Additional Materials:

1. Assignment Sheet

2. Job Sheet

3. Answer Booklet


1. Installation Criteria for Shipboard Secure Electrical Information Processing Systems, MIL-STD-1680

2. COMSEC Security Equipment Maintenance and Training, OPNAVINST 2221.3

3. Communications Security Material System Cryptographic Equipment Information/Guidance Manual, CMS-5

4. Communications Security Material System Policy and Procedures Manual, CMS-1

5. Department of the Navy Information and Personnel Security Program Regulation, OPNAVINST 5510.1

6. Fleet Communications, NTP 4







This lesson topic will introduce you to security as it relates to you as an EMO. It discusses responsibilities, security areas and markings, security procedures, CMS, emergency destruction, cryptographic equipment maintenance, and TEMPEST. The lesson narrative is organized as follows:

Electronics Security

A. Introduction to Security

B. Security Responsibilities

C. Security Areas

D. Classification Markings

E. Transmission of Classified Material

F. Communications Security Material

G. CMS Training and Inspections

H. Safeguarding COMSEC Material/Facilities

I. Cryptographic Equipment Maintenance

J. Emergency Destruction










Electronic Material Officers must be security conscious. Electronics technicians use and have access to documents and publications that contain classified information, such as messages, frequencies, call signs, specifications, and procedures. This classified information must be safeguarded. Security awareness must be an automatic and integral part of the daily routine. Ensure that your technicians have been briefed on security precautions and requirements. The basic reference for security is Department of the Navy Information and Personnel Security Program Regulations, OPNAVINST 5510.1. The security program deals with safeguarding information that should not fall into the hands of foreign governments or foreign nationals. Compromise of this information may be detrimental to the United States. Information can be compromised by careless talk, improper handling of classified material, etc. The Department of Defense security formula is based on the premise of circulation control of classified information. According to this policy, dissemination of classified information is limited to personnel whose official duties require knowledge or possession of such material.




The Commanding Officer is responsible for the effective management of the command Information and Personnel Security Program. This includes:

l Designating a Security Manager

l Designating a Top Secret Control Officer

l Designating an ADP Security Officer

l Designating a Special Security Officer

l Preparing written command security instructions

l Preparing an emergency plan for the protection of classified material

l Reviewing and inspecting the effectiveness of the security program

The Commanding Officer designates the Command Security Manager. In commands that initiate, receive, or process Top Secret Documents, a Top Secret Control Officer is also appointed. If the command is involved in processing data in an automated system, an ADP Security Officer is designated. Additionally, certain commands may designate a Special Security Officer.



The security manager is the principal advisor on information and personnel security in the command and is responsible for the management of the program. That does not mean that the security manager will personally handle all of the security duties described below. The personnel officer may handle personnel security, the administrative officer may have classified material control, and the training officer may be responsible for security training. The security manager keeps the big picture, advises the command of changes in policies and procedures, and assists in solving security problems.



The Top Secret Control Officer or TSCO is responsible to the security manager for the receipt, custody, accounting, and disposition of Top Secret material in the command. The TSCO maintains a system of accountability that will record the source, downgrading, movement from one office to another, current custodian, destruction, or other disposition of all Top Secret material. Top Secret messages handled by communications facilities for relay or broadcast delivery only may not be under the control of the command TSCO. Responsibility for accounting, control, and destruction of these messages is given to communications supervisors as described in Fleet Communications, NTP 4. The TSCO is responsible for the following:

l Disseminating the absolute minimum amount necessary of Top Secret information necessary for proper planning or action. "Standard routing" of Top Secret material is forbidden.

l Delivering Top Secret material within the command by direct personal contact. The material does not have to be delivered personally by the TSCO, but it must be delivered directly to the person who is to assume responsibility for it. Top Secret material will never be left in an "IN" basket.

l Maintaining a continuous chain of signed receipts and disclosure records for all Top Secret material. Person-to-person contact is necessary for receipt.

l Ensuring that physical inventories of Top Secret material are conducted at least once per year.

l Maintaining a current roster of persons within the command who are authorized access to Top Secret information. The TSCO should know who in the command requires access and be able to assist the security manager in determining who is granted access.

l Ensuring that all Top Secret material is accounted for and properly transferred when custodians are relieved of their duties. This requirement applies to the subcustodians of the command as well as the TSCO.


ADP Security Officer

Any command that uses Automated Data Processing (ADP) systems or equipment (including microcomputers) must designate an ADP Security Officer. The ADP Security Officer is responsible to the security manager for the protection of classified information being processed in the automated system.


Special Security Officer

Certain commands are accredited for and authorized to receive, process, and store Sensitive Compartmented Information (SCI). These commands have a designated Sensitive Compartmented Information Facility (SCIF). The Special Security Officer (SSO) is responsible for the operation of the SCIF and the security, control, and use of SCI. All matters relating to SCI or SSO requirements are referred to the SSO.


Communications Security Material (CMS) Custodian

The CMS Custodian is responsible for the maintenance of CMS material.



The restrictions, controls, and protective measures required for a security area vary according to the degree of security importance. To meet different levels of security sensitivity, there are three different types of security areas: exclusion, limited, and controlled. These areas must be clearly marked by signs reading:






Exclusion Area

A space requiring the strictest control of access is designated an exclusion area (e.g., a safe or vault). This area contains classified material of such a nature that, for practical purposes, admittance to the area permits access to the classified material. An exclusion area is fully

enclosed by a perimeter barrier of solid construction. Exits and entrances are guarded, or they are secured and alarm protected. Only personnel whose duties require access and who possess appropriate security clearances are authorized to enter an exclusion area.

Limited Area

A limited area is one in which the uncontrolled movement of personnel permits access to the classified information within (e.g., CIC and Radio Central). Access to classified material inside a limited area may be prevented by escort and other internal controls. A limited area is enclosed by a clearly defined perimeter barrier. Entrances and exits are guarded, controlled by attendants to check personal identification, or alarmed. Operation and maintenance personnel who require freedom of movement within a limited area must have a proper security clearance. The Commanding Officer may authorize access to personnel who do not have clearances. In such cases, escorts or attendants and other security precautions must be used to prevent access to classified information located within the area.


Controlled Area

A controlled area does not contain classified information. It serves as a buffer zone to provide greater administrative control and protection for limited and exclusion areas. Passageways or spaces surrounding or adjacent to limited or exclusion areas may be designated as a controlled area. Proper identification is required to enter controlled areas. Additionally, these areas will have control systems sufficient to limit admittance only to those with a need for access.




Classified markings serve the following purposes:

l Identify the proper classification

l Inform recipients of the assigned classification

l Indicate the level of protection required

l Indicate information that must be withheld from unauthorized persons

l Provide a basis for derivative classification

l Facilitate downgrading and declassification actions


On documents, the classification marking of Top Secret, Secret, or Confidential is stamped, printed, or written in capital letters that are larger than those in the text. On other types of material, the classification marking is stamped, printed, written, painted, or affixed by means of a tag, sticker, decal, or similar device in a conspicuous manner. If a marking on the material is not physically possible, written notice of the assigned classification is provided to recipients of the material.


When classified information requires a different level of protection than presently assigned, or no longer requires protection, it is regraded or declassified. A time schedule has been established for automatically downgrading and declassifying documents originated within the Department of Defense. The automatic downgrading and declassification system was instituted to ensure that all classified matter is available to the general public when secrecy is no longer necessary. It also relieves the originators of future concern for the classified aspects of documents or materials they have produced.




Transmission of material is the transfer of custody and responsibility for a document or other material from one command to another command or to another authorized addressee. The transmission may be accomplished by messenger, mail, wire circuits, secure radio, or other means. Regardless, the information must be kept out of the hands of those not authorized to have it. The following are all available means of transmission, in order of security:

l Messenger

l Registered mail

l Approved wire circuit

l Ordinary mail

l Non-approved wire circuit

l Visual

l Sound system

l Radio



Classified matter (Top Secret) is transmitted by messenger when security, not speed, is the paramount objective. The principal messenger agency for the Department of Defense is the Defense Courier Service (DCS), formerly the Armed Forces Courier Service (ARFCOS). This agency is responsible for the safe transmittal of classified matter for direct turnover to military addressees and certain civilian agencies throughout the world. Every item of classified material sent via DCS is in the physical custody and control of a military courier from the time of its entry into the system until the addressee or an authorized representative accepts receipt of it. Classified material that may go by registered United States mail is not transmitted by DCS.


In addition to transmitting unclassified material, the U.S. postal system is used to transmit classified material, except for Top Secret material and cryptographic aids and devices. Secret material must be sent by registered mail and must not enter a foreign postal system. Confidential material can be mailed through the U.S. Postal Service as certified or first class mail within the boundaries of the United States. U.S. Postal Service registered mail is used for the transmission of Confidential material to APO/FPO addressees and other addressees when the originator is uncertain that their location is within United States boundaries. Material addressed to Canadian government activities is permitted to pass through the Canadian postal service.



Radio Transmission Security

When a message is transmitted by radio, it is impossible to identify all receivers. It must be assumed that an enemy receives every transmission. Properly prepared messages transmitted via cryptographic equipment combined with the security of COMSEC material can help prevent an enemy from understanding message traffic. Traffic analysis by the enemy cannot be prevented, it can be made more difficult and less reliable by taking the following measures:

l Maximum use of communication means other than radio

l Strict circuit discipline

l Use of the broadcast method where possible

l Rotation of call signs and address groups

l Reduction of the use of service messages

l Use coaddressed messages

l Encrypt all classified messages

l Reduce test transmission to a minimum

l Avoid external routing instructions


Radiotelephone Security

Radiotelephone nets are operated so frequently that operators may become careless. Remember that VHF/UHF transmissions can be intercepted for thousands of miles. All personnel that use radiotelephones should be thoroughly familiar with the following precautions:

l Use each circuit for its intended purpose only. Reduce the number of transmissions to a minimum.

l Consider contents and wording before starting a transmission, to ensure that information of military value is not revealed.

l Write the message down prior to transmission.

l Keep all transmissions brief, concise, and clear.

l Do not transmit classified information in plain language, including plain language references to classified titles, units, places, chart references, or personnel.

l Avoid linkage between radiotelephone call signs and other call signs.

l Follow prescribed radiotelephone procedure at all times.



The COMSEC Material Control System (CMCS) was developed to protect vital, sensitive information processed by government communications systems. COMSEC material/equipment is used to encrypt transmissions to render them unintelligible. COMSEC material/equipment must be safeguarded; compromises can allow an enemy to decipher years of communications.



COMSEC Material

COMSEC material is used to protect U.S. Government transmissions, communications, and the processing of classified or sensitive unclassified information related to national security. COMSEC material includes the material used to ensure the authenticity of such communications.


COMSEC Material Control System (CMCS)

CMCS distributes, controls, and safeguards COMSEC materials. CMCS consists of production facilities, COMSEC Central Offices of Records (COR), distribution and storage facilities, and CMS accounts.


National Security Agency (NSA)

The NSA develops and implements national level policy affecting control of COMSEC material. It is responsible for the production of most COMSEC material used to control communications and for the development and production of cryptographic equipment.


Department of the Navy (DON)

The DON administers its own CMCS which includes Navy, Marine Corps, Coast Guard, and

Military Sealift Command CMS accounts. The DON system implements national policy, publishes procedures, establishes own CMS accounts, and provides a Central Office of Record (COR) to account for CMS material.


Director, Communications Security Material System (DCMS)

DCMS administers the Department of the Navy CMS Program and acts as COR for all DON CMS accounts. Specific functions of DCMS are outlined in CMS-1.


Commander, Naval Computer and Telecommunications Command (COMNAVTELCOM) -implements DON CMS program.


Controlling Authority

A Controlling Authority is a command designated to be responsible for directing the establishment and operation of a cryptocircuit and managing the operational use and control of related keying material. In addition to controlling and managing assigned COMSEC material, Controlling Authorities evaluate COMSEC incidents and authorize the issue and destruction of COMSEC material under their control.


Commanding Officer

The Commanding Officer administers command CMS account and ensures compliance with policies/procedures.


CMS Custodian

The CMS Custodian (usually the communications officer) is designated in writing by the Commanding Officer and is responsible for managing COMSEC material issued to the command's CMS account.


Alternate CMS Custodian

The Alternate CMS Custodian (may be the EMO) is designated in writing by Commanding Officer and is responsible for assisting the CMS custodian and assuming the duties of the CMS custodian in their absence.


CMS Clerk

CMS Clerks are designated in writing by Commanding Officer. They assist the CMS Custodian and CMS Alternate Custodian(s) with administrative duties.

Local Holder Account/Custodian

This term applies to commands that require COMSEC material held as subaccounts of a numbered CMS account. Normally CMS material is received from a parent CMS account, rather than from a CMIO (COMSEC Material Issuing Office).


CMS User

CMS users are designated in writing by the Commanding Officer and require the use of COMSEC material to accomplish an assigned duty.



The presence or lack of a security classification is indicated on COMSEC material using the standard security classifications covered in SWOS Division Officer Course. These classifications determine storage requirements and access to COMSEC material. Control of COMSEC material is based on a continuous chain of custody receipts, accounting records (includes periodic inventory reports, destruction records, transfer reports, and local custody records), and immediate reporting of COMSEC material incidents. Your technicians must handle and safeguard COMSEC material (e.g., keying material) based on its assigned classification and account for it based on its account legend (AL). The AL code determines how COMSEC material is accounted for within CMCS.

l AL Code 1 - Continuously accountable by accounting number from production to destruction

l AL Code 2 - Continuously accountable by quantity from production to destruction

l AL Code 3 - Locally accountable by serial number and handled/safeguarded based on classification

l AL Code 4 - Locally accountable by quantity and handled/safeguarded based on classification


CRYPTO Marking

CRYPTO identified COMSEC keying material is used to protect/authenticate classified/sensitive information. CRYPTO is not a classification.


Controlled Cryptographic Item (CCI)

CCI is a designation that identifies secure telecommunications or information handling equipment, or an associated crypto component. CCI is unclassified, but controlled within CMCS.


Keying Material

Keying material is a COMSEC aid that supplies encoding for manual/automanual cryptosystems or key for machine cryptosystems. Keying material may or may not be marked CRYPTO.


COMSEC Equipment

Equipment designed to provide security to telecommunications by converting information to an unintelligible form, and subsequently reconverting it for authorized recipients.


COMSEC-Related Information

Policy, procedural, and general doctrinal publications (e.g., CMS 1), equipment maintenance manuals (KAM-410 or LMM, i.e., Limited Maintenance Manual), equipment operating instructions (e.g., KAO-207), call signs, frequency systems, and miscellaneous material. Selected limited maintenance KAMs are being/have been replaced by Limited Maintenance Manuals. LMMs are not classified and are not accountable as COMSEC or COMSEC-related material. LMMs are numbered by TMIN and NSN and are stocked at NPFC.




Basic skills and advice/assistance training is available to train CMS custodians and users as follows:

CMS Custodian Course

A five-day course of instruction that provides basic skills necessary to fill a CMS Custodian or Clerk position.


CMS A&A (Advise and Assistance) Training Team

CMS A&A training responsibilities are divided among eleven teams responsible for a specific geographical region, identified in CMS 1. CMS A&A Training Teams provide the following:

l CMS A&A Training Team Visit - All CMS accounts and their associated local holders are required to receive a CMS A&A Training Visit every 18 months. These visits last six to eight hours, are informal, and provide guidance for self-improvement.

l CMS for Commanding Officers

l CMS Inspector Certification/Recertification

l CMS User Workshops

l CMS Seminars

l STU-III Briefs

l Automated CMS Systems Training and Assistance

l CMS Videocassette Library



CMS accounts must undergo a formal, unannounced CMS inspection every twenty-four months. This inspection is conducted for and under the authority of the requesting ISIC.



This section identifies general information about safeguards. Specifics are provided in CMS 1.

Safeguarding COMSEC material is accomplished by access requirements (access + need to know), Two-Person Integrity (TPI), storage requirements, packaging and transporting requirements, and routine destruction. Open public display of COMSEC material and information at non-government symposia, meetings, open houses, or other non-official purposes is prohibited. Photographs, drawings, or descriptive information for press release or private use is prohibited. Exterior photographs of COMSEC equipment used for command training need not be marked "For Official Use Only".




Access to keyed COMSEC equipment requires a clearance equal to or higher than the classification of the equipment or keying material, whichever is higher.



Access to unkeyed COMSEC equipment may be granted to U.S. citizens whose official duties require access and who possess a security clearance equal to or higher than the classification of the equipment.



TPI handling requires at least two people, authorized access to COMSEC keying material, to be in constant view of each other and the COMSEC material requiring TPI whenever that material is accessed and handled. TPI storage requires the use of two approved combination locks with no

one person authorized access to both combinations. Note that Crypto Repair Facilities (CRF), maintenance facilities, and laboratory requirements are not required to maintain TPI for fill

devices where operational key is not handled. See CMS 1 for specific requirements for storing, protecting and shipping COMSEC equipment, fill devices, and other material, and safeguarding secure communications facilities. The following material requires TPI at the custodian level:

l All classified paper keying material marked or designated CRYPTO (except codes and authenticators classified SECRET and below)

l Fill devices containing classified key

l Equipment that contains classified key that allows for key extraction


The following material requires TPI at the local holder/user level:

l All classified paper keying material marked or designated CRYPTO (except codes and authenticators classified SECRET and below)

l Classified electronic key whenever it is generated, transferred, relayed , or received

l Fill devices containing classified key

l Unloaded fill devices in an operational communications environment containing keyed crypto equipment from which classified key may be extracted

l Equipment that contains classified key that allows for key extraction

l Certified key variable generator equipment installed for operational use. (Specially designed locking bars may be used to meet TPI requirements)


The following COMSEC material is completely exempt from TPI requirements:

l PROMS (Programmable Read-Only Memories)

l ROMS (Read-Only Memories)

l MOS (Metallic Oxide Semiconductor) chips

l Unclassified Data Encryption Standard keying material

l Maintenance key

l Training key not marked or designated CRYPTO

l Test Key, unclassified and not marked or designated crypto

l Repair kits

l KAMs (limited or full cryptographic maintenance manuals)

l KAOs (cryptographic operating manuals)

l MAMMs (manufacturer maintenance manuals), SAMs (Navy maintenance procedures for COMSEC test equipment), and SAMMs (developmental R&D - new equipment)

l One-time pads and tapes

l Unclassified keying material (regardless of crypto markings)

l Unclassified, unkeyed equipment (less fill devices)

l Unclassified equipment keyed with unclassified key

l Confidential and Secret codes and authenticators (regardless of crypto markings)



COMSEC equipment requires special handling during repair and maintenance. Cryptographic equipment is divided into two general types: basic and related equipment/devices. Basic cryptographic equipment is non-paper material that has a direct function in the encryption process. It includes on-line transmitters and receivers, IFF units, and off-line encryption/decryption equipment. Related cryptographic equipment and devices are non-paper items that do not have direct encryption/decryption process functions, but relate to the process (e.g., power units, remote units, extender cables, maintenance/modification kits, and cabinets).



Operator Maintenance

Operator maintenance is maintenance that is authorized for, performed by, and the responsibility of COMSEC equipment operators. This normally consists of inspecting, cleaning, servicing, preserving, lubricating, and adjusting equipment. It may also include minor parts replacement not requiring highly technical skills. Operators should receive indoctrination and training from FTSC activities or their own COMSEC equipment repair personnel (your technicians) on how to do this work. KAM or KAO manuals provide specific instructions.


Intermediate (or Field) Maintenance

Intermediate maintenance of cryptographic equipment is performed by designated maintenance activities or by qualified COMSEC equipment repair technicians attached to user commands.

Intermediate maintenance is normally limited to replacement of unserviceable parts,

subassemblies, or assemblies by cleared personnel who graduated from a crypto repair school for

a specific model or type of COMSEC equipment. This is generally the highest level of shipboard COMSEC equipment maintenance.

Depot Maintenance

Depot maintenance involves a major overhaul or complete rebuilding of parts, subassemblies, or the entire equipment. This maintenance is intended to augment stocks of serviceable equipment or to support lower levels of maintenance by using additional shop equipment and personnel with higher technical skills than are available in organizational or field maintenance activities. Overhaul of ship COMSEC equipment should normally be done by a CRF.


Maintenance Procedures

CMS custodians are responsible for ensuring that all of the equipment they hold is complete and operational at all times. Emphasis should be placed on determining defects and correcting them, and, when replacement parts are not carried or have been used up, on the expeditious submission of requisitions to the supply system. MILSTRIP forms should not be accumulated for one-time preparation and lot submission to a supply point at a later date or on a delayed basis. Replacement parts not on hand should be requisitioned as the defects occur. Cryptographic equipment turned into a CMIO (COMSEC Material Issuing Office) or into the DCMS (Director, Communications Security Material System) is cycled through a Crypto Repair Facility (CRF) before it is reissued. If cryptographic equipment is received that is not in proper operating condition, the receiving user will attempt to repair the equipment, using qualified repair personnel. If the equipment is beyond ship's force repair capabilities, the user will turn the equipment into a CRF for repair and return. All cryptographic equipment transfers must be in accordance with CMS-1 CMS Policy and Procedures Manual. See your CMS Custodian. Should operational necessity dictate, contact your CMS custodian to initiate action to obtain replacement equipment.

Detailed authorized maintenance and repair procedures for a particular cryptographic equipment are contained in the associated maintenance manuals (KAMs, SAMs, LMMs), crypto EIBs (CEIBs), and MRCs. Separate repair kits (also known as Q-kits) and spare cryptographic equipment are provided in quantities sufficient to satisfy anticipated usage or failure rates. It is the responsibility of the unit's parent CMS account, or parent local holder account, to determine the quantity of spare equipment and/or associated maintenance and repair parts to be held. These spares will be provided by DCMS when available in CMS assets. SPCC provides logistic support for cryptographic equipment. DCMS issues repair parts kits for immediate logistic support. Cryptographic repair kits contain classified and unclassified material and are CMS-accountable. An inventory list is kept in the kit. Parts/assemblies contained in the kit must be replenished/repaired as they are used. Note that while shipboard CRFs are not technically secure processing centers, physical security criteria for a secure processing center applies.



Modifications to cryptographic equipment are generated to install improved or special capabilities, improve electrical processing capabilities and security, correct equipment

deficiencies, satisfy specific operational requirements, and adapt to local conditions. Modifications are mandatory, operational/special mission modifications, or repair actions. Installed modifications are indicated on the equipment modification record plate.

Mandatory Modifications

Mandatory modifications must be installed in order to ensure continued effectiveness of the cryptographic equipment and to retain its approval for use. Mandatory modifications must be installed by a predetermined, time-compliance date that is determined on the basis of security, human safety, TEMPEST, or reliability. There are two types of mandatory modifications:

l NSA-Mandatory - These modifications are mandatory for all U.S. commands or user activities. Kits for NSA-mandatory modifications contain the necessary parts, instructions, and two report-back forms.

l Navy-Mandatory - These modifications are NSA-optional modifications that have been designated as mandatory for all DON user commands. Kits for Navy-mandatory modifications contain parts and instructions.


NSA-Optional/Special Mission Modifications

NSA-optional modifications are not required to be installed by all users. They are generally tailored to specific operational/environmental needs and may be installed at the discretion of the command or as directed by higher authority. They are issued in kit form when the required assemblies/parts are unique and not obtainable elsewhere; otherwise, modification parts are obtained through the Navy Supply System.


NSA Repair Actions

NSA repair actions are optional and do not affect the original characteristics of the cryptographic equipment. Repair actions are limited to minor electrical and/or mechanical improvements to the equipment operation, maintenance, reliability, etc. Authorized repair actions are listed in the appropriate KAM/SAM manuals.



All DON military and civilian personnel involved in the installation, maintenance, and repair of COMSEC equipment must be trained and complete work in accordance with OPNAVINST 2221.3C, Communications Security Equipment Maintenance and Training and all current, applicable cryptosecurity rules, regulations, procedures, and instructions. COMSEC equipment includes cryptoequipment, cryptoancilliary equipment, cryptoproduction equipment, and authentication equipment. Formal schools operated by the military departments, agencies, and other agencies of DOD are the primary sources of training in cryptographic equipment installation, maintenance, and repair. DCMS arranges initial factory training for the implementation of new cryptographic equipment.

The complexity of modern COMSEC equipment places the maintenance technician in a critical position of responsibility that directly affects secure operation. Since technical proficiency is largely dependent on the quality and amount of maintenance training received and on the extent of experience acquired in applying this training, all DOD components must ensure the following:

l Only personnel who are graduates of an approved course of instruction for either unlimited or limited maintenance on a specific cryptographic equipment, or associated cryptoancilliary equipment, are permitted to install, maintain, and repair such equipment. If no maintenance action or external wiring change is involved, cryptographic equipment may be installed/deinstalled by other than a certified limited or full maintenance technician. This exception does not apply to initial cryptographic installations which must be accomplished by a certified maintenance technician.

l Supervisory personnel must determine the proficiency of technicians before they are assigned the responsibility for COMSEC equipment installation and maintenance.

l Supervisory personnel must maintain the scope of and the graduation requirements for COMSEC maintenance courses at a level sufficient to ensure that technicians who install and maintain COMSEC equipment are qualified in all aspects of their assigned responsibilities.


Maintenance personnel will be trained to the minimum level (limited or full maintenance) required for accomplishment of their assigned duties. Personnel operating general purpose COMSEC Automatic Test Equipment (ATE) are not required to be trained on the individual COMSEC equipment or components being tested. Personnel performing piece-part replacement

of components on COMSEC elements, previously identified as defective by either ATE or a certified full COMSEC maintenance technician at the full maintenance site, are not required to be trained on the COMSEC equipment.



The proficiency of trained personnel is determined and certification maintained in accordance with the DD Form 1435, COMSEC Maintenance Training and Experience Record, shown in Figure 2.2-1, and more detailed guidelines in NTP-7, Navy, Marine Corps, Coast Guard Cryptographic Equipment/Guidance Manual. You will fill out a DD Form 1435 in Job Sheet


A DD Form 1435 must be completed for each technician who completes a COMSEC maintenance course and may be used as a graduation certificate. This form constitutes a chronological record of all COMSEC training and maintenance experience received by the technician, and will become a part of the technician's permanent personnel record. Each form will be reviewed and updated every twelve months and before a permanent change of station. Technicians trained to perform only limited maintenance are excluded from this review requirement. Supervisory personnel must review each DD Form 1435 to ensure that the training and experience requirements on particular equipment are met before the technician is assigned maintenance responsibility. When (1) a previously trained and qualified technician, who no longer meets the requirements for installing and maintaining a particular equipment because they have not had training, nor experience with, the equipment in the preceding thirty-six months, or

(2) retraining is required due to major changes in the equipment, the technician will be retrained or requalified by approved examination. Certification to perform maintenance on certain

ancillaries can be granted to personnel by on the job training, provided they are presently



(See reverse side for instructions)


1. NAME (Last - First - Middle) 2. SERVICE NUMBER/SSN



SHORT TITLE(Yes/No) (YYMMDD)(Include School or Organization)├──────────────────┬──────────────────┤

signature of organization of

a b c d e certifying officercertifying officer





Figure 2.2-1 COMSEC Maintenance Training and Experience Record


certified to maintain the equipment associated with the ancillaries. Individuals maintaining ancillaries must have received general TEMPEST training and any unique TEMPEST training applicable to the ancillary being maintained. TEMPEST is addressed later in this lesson topic.



Note that CMS-1 supersedes CMS-4L and CSP-1A as of April 14, 1993. CMS-5, Communications Security Material System Cryptographic Equipment Information/Guidance Manual, is being revised as CMS-5A, as of this writing.




Annex M of CMS-1 prescribes policy and procedures for planning, protecting, and destroying COMSEC material during emergency conditions. Every command that holds classified COMSEC or CCI material must prepare emergency plans for safeguarding such material in the

event of an emergency. These plans must be incorporated into the command Emergency Action

Plan. Planning and training must include every individual who uses COMSEC material. For commands located in CONUS, emergencies include natural disasters, e.g., fires, floods, tornados, and earthquakes. For commands located outside CONUS, emergencies include natural disasters and hostile actions, e.g., enemy attack, mob action, or civil uprising. For natural disasters, security control over the material should be maintained until order is restored. For hostile actions, COMSEC material must be safely evacuated or destroyed.



Guidelines for minimizing the number/complexity of emergency actions are:

l Hold only the minimum COMSEC material required at any time

l Store COMSEC material to facilitate emergency removal or destruction

l As emergency situations develop, initiate precautionary destruction or evacuation of all material not immediately needed for operational effectiveness


Planning for disasters must include:

l Fire reporting and initial firefighting by assigned personnel

l Assignment of on-scene responsibility for protection of COMSEC material

l Securing or removing classified COMSEC material and evacuating the area

l Protection of material when admission of outside firefighters to the secure space is necessary

l Assessment and reporting of possible exposure of classified COMSEC material to unauthorized personnel during the emergency

l Post-emergency inventory of classified COMSEC and CCI material and reporting losses or unauthorized exposure


Planning for hostile actions must include:

l Assessing the threat of various hostile emergencies and the threat that these emergencies pose to COMSEC material

l Availability and adequacy of physical security protection, i.e. perimeter controls, guard forces, and physical defenses, at individual buildings and other locations where COMSEC material is held

l Emergency evacuation of COMSEC material, including an assessment of risks associated with evacuation

l Precautionary destruction of COMSEC material, particularly maintenance manuals (KAMs) and keying material which is not operationally required

l Establishment of specific emergency procedures


Except under extraordinary conditions, e.g., an urgent need to restore secure communications after relocation, COMSEC keying material should be destroyed rather than evacuated. Facilities and emergency procedures must also address:

l Adequate number of destruction devices

l Availability of electrical power

l Secure storage facilities nearby

l Adequately protected destruction areas

l Personnel assignments



The emergency destruction plan should be prepared by the person most aware of the extent and significance of the COMSEC material on hand. The commanding officer or other responsible official must approve the plan. All destruction material, devices, and facilities must be readily available and in good working order. The plan must be realistic, workable, and effective. This is accomplished by ensuring the following:

l All duties under the plan are clearly and concisely described

l All authorized personnel are aware of the existence of the plan

l Each individual assigned duties under the plan has received detailed instructions on how to carry out those duties

l All personnel are familiar with all duties so assignment changes can be made

l Training exercises are conducted periodically (quarterly exercises are recommended)



Printed Matter

Destroy keying material and publications beyond reconstruction. Destroy full maintenance

manuals or, when time does not permit, remove and destroy sensitive pages by removing post/rings, inserting rod in top left binder holes, and shaking out sensitive pages.

Crypto Equipment

Render equipment inoperable. Destroy cryptographic logic beyond reconstruction if time permits.


Aboard Ship

If ship is in imminent danger of sinking in a U.S. controlled area, zeroize equipment and destroy COMSEC material as completely as possible, lock it in security containers, and permit it to sink with the ship. If ship is in imminent danger of capture or sinking in an area where foreign elements have salvage opportunities, destroy all COMSEC material and keying material.



In a deteriorating situation all "full" maintenance manuals (i.e., those containing cryptographic logic information) which are not absolutely essential to continued mission accomplishment must be destroyed. When there is insufficient time under emergency conditions to completely destroy such manuals, every reasonable effort must be made to remove and destroy their sensitive pages. To prepare for emergency destruction of KAMs with sensitive pages:

l Apply distinctive markings (e.g., red stripes) to binder edge and covers of KAMs with sensitive pages.

l Remove screw posts or binder rings, or open multi-ring binder.

l Remove each sensitive page and cut off the upper left hand corner of the page so the first binder hole is removed. Do not delete text or diagrams.





Compromising emanations (CE), generally referred to as TEMPEST, are data-related or intelligence-bearing signals unintentionally radiated from equipment and the ship's structure. If CE is intercepted or analyzed, it can disclose the classified information processed by electrical information processing equipment or systems. Classified Information Processing Systems, although commonly associated with communications systems, also include any equipment or

system that processes classified information in an electrical form. Such systems include, but are not limited to, computers and word processors, Mode 4 IFF (Identification Friend or Foe), AN/SLQ-32 countermeasures sets, Tomahawk weapons systems, LAMPS (Light Airborne Multi-Purpose System) III sonar systems, SSES (Special Signals Exploitation System), OUTBOARD (classified information processing system), and any closed circuit television system used for classified briefings and programs. Countermeasures taken to protect against CE include:

l Equipment designs in which CE is suppressed

l Approved installation criteria that limit interaction between classified and unclassified signal lines, power lines, grounds, equipment, and systems

l Low-level keying and signaling (discussed earlier in this chapter)

l Shielded enclosures for equipment installations

l Proper grounding of equipment


MIL-STD-1680 (SHIPS), Installation Criteria for Shipboard Secure Electrical Information Processing Systems is the definitive guidance for TEMPEST. You must have a thorough working knowledge of the requirements outlined in MIL-STD-1680 (SHIPS) to be able to ensure that system modifications are properly installed and inspected.



Every command, activity, and contracting officer responsible for the design, development, procurement, installation, inspection, testing, evaluation, operation, maintenance, or repair of equipment or systems, which are or will be used to electrically process classified information, must take necessary actions to fulfill the responsibilities for TEMPEST. TEMPEST familiarization courses are taught at all FTSCs. Recall from Lesson Topic 1.3 that the COMNAVSURFLANT TEMPEST Instruction requires, at a minimum, that the communications officer, EMO, ERO, leading radioman, and leading electronics technician attend a TEMPEST familiarization course. The Communications Security (COMSEC) Equipment Maintenance and Training instruction requires that personnel maintaining cryptoancillaries receive general TEMPEST training.



There are two types of TEMPEST inspections. One is the instrumented TEMPEST survey,

an on-site field test to determine the nature and amplitude of conducted or radiated signals that may contain compromising (classified) information. A field test normally includes detection and measurement of such signals, and an analysis to determine the correlation between emanating signals and classified information being processed. A National Policy Certification is issued to the ship when the ship's equipment has been found to meet requirements. This certification permits the ship to operate all of its information processing systems according to prescribed

procedures. Because of its cost, the instrumented survey is usually completed on only one ship of a class.

The second inspection is the Visual TEMPEST Configuration Control Inspection (VTCCI), which is conducted independently or concurrently with the instrumented TEMPEST survey, to determine whether shipboard secure electrical processing systems are installed properly. A VTCCI is required for all ships that have a secure electrical information processing system

installed. The VTCCI will include Visual TEMPEST Inspection (VTI) and configuration control plan and elevation view drawings. The VTI will determine compliance or noncompliance of the

system. The diagrams identify the type and relative location of all equipment in the system. The

most recent VTCCI report and amendments must be retained by the ship and reflect the existing configuration and all installation discrepancies that exist. Any change, however minor, in the secure electrical processing center, by forces afloat or installation activity, must be made and inspected in accordance with criteria outlined in MIL-STD-1680.



Communications systems, equipment, and conductors are designated as RED or BLACK. These designations are defined in the following paragraphs.

Red Criteria

The RED designation is applied to all cryptographic equipments, subscriber terminal equipments, and interconnecting conductors involved in processing classified plain language information. The designation also applies to primary power circuits, DC circuits, control wiring, and ground conductors serving cryptographic equipments and subscriber terminal equipments, that are designated RED. The RED designation is also applied to junction boxes, terminal boxes, distribution frames, conduit, ducts, cable racks and hangers, patching and switching panels, cabinets, AC/DC power distribution panels, and other ancillary devices serving the conductors and equipments mentioned above. To provide direct correlation with other agency definitions, RED wiring terminology is as follows:

l Primary Red - Any conductor intended to carry classified plain language terminating in RED equipment or the RED side of cryptographic equipment is designated as primary red.

l Secondary Red - Any conductor, other than Primary RED, that connects to RED equipment, the RED side of cryptographic equipment, or the RED side of isolation devices, that does not intentionally carry classified information, but because of the coupling mechanism with the RED equipment might carry compromising information, is designated secondary red. Some examples are indicator lines, control lines, and timing lines. Power distribution panels and grounding systems serving RED conductors/equipment are also designated secondary red.


Black Criteria

The BLACK designation is applied to all conductors and equipment involved in handling or processing unclassified plain language and/or encrypted information in electrical form. It is also applied to all facilities and circuits that are not designated RED.


System Changes

Any change to a red (classified) side of a system must be followed with a Partial TEMPEST Inspection (PVTCCI). If the ship has red high level keying, any change to the black side of the processing system also requires an inspection. Additionally, if the black processor in any way interfaces with a red processor (i.e. single audio system, shared displays, shared junction boxes, etc.), the installation will require an inspection regardless of whether the red keying level is high

or low level. If alterations are performed by an industrial activity, the installing activity is

responsible for the inspection and the correction of any discrepancies found. If the installation or modification is done by ship's force, the ship is required to obtain the services of a certified Field Technical Authority (FTA) to hold a PVTCCI.



Any correspondence that mentions specific TEMPEST discrepancies must be classified at least Confidential. Discrepancies determined by the FTA inspection activity to be of a serious nature are classified Secret. Since TEMPEST discrepancies are classified, they will not be discussed on a non-secure phone. All installation discrepancies documented in a TEMPEST inspection report must be corrected. These corrections must themselves be inspected. Inspection reports that document compliance (zero discrepancies) are Unclassified. All discrepancies identified in a VTCCI report are assigned a correction priority. Priority 1 requires immediate correction, since these violations greatly increase the possibility of compromising classified information. All other discrepancies must be corrected in a timely manner. Discrepancies that cannot be corrected in a timely manner because they require an industrial assist to correct must be documented on the CSMP. The CSMP must reference the discrepancy number only, NOT the discrepancy narrative or MIL-STD-1680 paragraph number. Relating a ship name or hull number to a TEMPEST discrepancy makes the CSMP at least Confidential.



Ensure that you have the following documents aboard your ship: OPNAVINST 5510.93, MIL-STD-1680, and TEMPEST Survey Results.

Installation Criteria for Shipboard Secure Electrical Information Processing Systems (MIL-STD-1680)

This standard sets forth the design and installation criteria applicable to shipboard secure electrical information processing systems. This includes definitions, detailed hardware and equipment requirements, applicable inspection, reporting procedures, and documentation. It is of utmost importance that installation and maintenance managers of these processing systems be well versed in the contents of this standard. Specifically, this instruction provides requirements regarding:

l Red and black signal and control line interfaces

l Red and black primary power and power line filters

l Rotary or tone dial telephone installations in a secure processing center

l Landline terminations

l Parallel data

l NTDS communications

l Isolation of clocking and control circuits

l Equipment, equipment cabinets, relay devices, cable-connecting enclosures, cable junction boxes, patch panels, and temporary installations

l Cables, conduit, conductors, waveguides, and bonding

l Perimeter barriers, accesses, and alarms

l TEMPEST Inspections

l Inspection check-off sheets


The installation standards of MIL-STD-1680 must be implemented as specified to reduce or eliminate CE. In new construction ships and ships undergoing a major rip-out to the exterior communications system, the secure electrical information processing system should be installed using a red low level signaling distribution system. There are no TEMPEST related installation requirements for cryptographic equipment in a portable configuration. This includes, but is not limited to, cryptographic attachments to portable radio sets, vehicular mounted equipment used in a flight or hanger deck applications, and cryptographic devices used to load or fill a cryptographic system.