Operations Billet Specialty

---

REFERENCES:

(a) CMS-l

(b) CMS-3

(c) CMS-5

(d) CMS-6

Communications Security (COMSEC) material is that material used to protect U.S. Government transmissions, communications, and the processing of classified or sensitive unclassified information related to national security from unauthorized persons and that material used to ensure the authenticity of such communications. The protection of vital and sensitive information moving over government communications systems is crucial to the effective conduct of the government and specifically to the planning and execution of military operations. To this end, a system has been established to distribute, control, and safeguard COMSEC material This system which consists of production facilities, COMSEC Central Offices of Records (COR's), distribution and storage facilities (ie., depots, and CMS accounts), is known collectively as the COMSEC Material Control System (CMCS). COMSEC material is managed m COMSEC accounts throughout the federal government to include departments and civil agencies as well as the civilian sector supporting the federal government.

The National Security Agency is the executive agent for developing and implementing national level policy affecting the control of COMSEC material NSA is also responsible for the production of most COMSEC material used to secure communications as well as the development and production of cryptographic equipment.

1. Commander, Naval Computer and Telecommunications Command (COMNAVCOMTELCOM) - Implements the DON CMS Program.

1. Director, Communications Security Material System (DCMS) -- administers the DON CMS program and acts as the COR for all DON CMS accounts. DCMS performs these specific functions:

1. Drafts and publishes CMS policy directives, standards, and procedures pertaining to COMSEC material security, distribution, training, handling, and accounting with the DON.

1. Operates and maintains the DON COR and exercises administrative, operational, and technical control over the two Navy COMSEC Material Issuing Offices (CMIO's) for distribution of COMSEC material.

1. Develops procedures for and monitors compliance with proper physical storage and account management of COMSEC material (4) Monitors compliance with national standards of the Protective Packaging Program for cryptographic keying material

1. Reviews requests for and authorizes waivers to physical security requirements and the release of DON COMSEC material to contractors.

1. Reviews fleet operation plans and coordinates requirements for the acquisition of all COMSEC material and publications for DON commands.

1. Establishes and disestablishes DON CMS and STU-3 COMSEC accounts (SCA's).

1. Plans distribution of COMSEC material to the CMIO's to ensure quantities are sufficient for CMS account requirements, exercises and contingency operations.

1. Provides status of Navy COMSEC material to CMS accounts and planners.

1. Provides disposition instructions for DON COMSEC material

1. Evaluates instances of loss, compromise, and procedural violations of CMS procedures to determine the adequacy of existing procedures as well as overall compliance with existing policy.

1. Receives, verifies, stores, and ships COMSEC material in support of DON worldwide requirements.

1. Receives and stores new and Ready For Issue (RFI) equipment for subsequent distribution.
2. Manages the CMS Advise and Assistance (A&A) Training Team program within the DON, including training and certification of CMS Inspectors.

4. CONTROLLING AUTHORITY (CA)

In the context of the CMCS, each item of COMSEC material is control or managed by a designated official known as a controlling authority (CA). A CA is responsible for evaluating COMSEC incidents and authorizing the issue/destruction of COMSEC material under their control By definition, a CA is the command designated responsibility for directing the establishment and operation of a cryptonet/circuit and managing the operational use and control of keying material assigned to a cryptonet/circuit.

Immediate Superior m Command is responsible for the administrative oversight of all CMS matters for their subordinate commands.

A flag or general officer in command status, or any officer occupying the billet of a flag or general officer with command status, may either assume personal responsibility for routine CMS matters or may designate the responsibility to a senior staff officer (04/GS-12 and above). Officers not meeting the above requirement may not designate a SCMSRO.

The Commanding Officer (CO) is responsible for properly administering his/her command's CMS account and ensuring compliance with established policy and procedures. Annex D of CMS-I is written specifically for COs and contains a CMS account assurance checklist.

A CMS account is an administrative entity, identified by a six-digit account number, in which custody and control of COMSEC material are maintained.

An individual designated in writing by the Commanding Officer to manage COMSEC material issued to a CMS account. The CMS Custodian is the Commanding Officer's primary advisor on matters concerning the security and handling of COMSEC material and the associated records and reports.

The individual(s) designated in using by the Commanding Officer responsible for assisting the CMS Custodian in the performance of his/her duties and assuming the duties of

the CMS Custodian his/her absence. Alternate Custodian(s) share equally with the CMS Custodian the responsibility for the proper management and administration of a CMS account.

Local Holder accounts are separate units or commands that require COMSEC material and function essentially as sub-accounts of a numbered CMS account. LH accounts are managed much the same way as a CMS account except they are not assigned a CMS account number and normally receive their COMSEC material from a parent CMS account instead of directly from a CMIO or other source.

Individuals designated in writing by a Commanding Officer manage the COMSEC material issued to a LH account.

13. CMS CLERK

An individual designated in writing by the Commanding Officer who assists the CMS Custodian and Alternate(s) with routine administrative account matters. Appointment of a CMS Clerk is not mandatory but is at the discretion of the Commanding Officer.

An individual designated in writing by the Commanding Officer who, regardless of whether or not they have personally signed for COMSEC material requires COMSEC material to accomplish an assigned duty and has obtained the material from a Custodian or another User on local custody. CMS Users must comply with the procedures for the handling and accountability of COMSEC material placed in their charge.

Any properly cleared U.S. Government employee (military or civilian) who may be called upon to assist a Custodian or User in performing routine administrative tasks related to the handling of COMSEC material A witness must be authorized in writing, access to keying material

COMSEC material must be handled and safeguarded based on its assigned classification and accounted for based on its accountability legend (AL) code. COMSEC material control within the U.S. Government is based on a system of centralized and local accounting and decentralized custody and protection. COMSEC material is centrally accountable to DCMS and/or accounted for locally at the account command.

2. CONTROL AND REPORTING

1. Control of COMSEC material is based on the following:

1. A continuous chain of custody receipts using both transfer reports and local custody documents.

1. Immediate reporting of COMSEC material incidents to ensure compromise decisions are made expeditiously by controlling/evaluating authorities.

The classification of COMSEC material is indicated by the standard classification markings: Top Secret (TS), Secret (S), Confidential (C), or Unclassified (U). The security classification assigned to COMSEC material determines its storage and access requirements.

1. SHORT TITLE: An identifying combination of letters and or digits (e.g., KG-84A, USKAT 2333) assigned to certain COMSEC material to facilitate accounting and control A Short title consists of 5 fields:

1. System First field consists of a group of letters and/or digits (e.g., KAM, KG, USKAK, AKAT).

1. AL Code 4: COMSEC material is locally accountable by quantity and handled/safeguarded based on its classification after initial receipt to DCMS.

2. CMIO's are required to continuously account to DCMS for all AL3 and 4 material

All transfers of AL 3 and 4 material to or from a CMIO, cache, or a non-DON account must be reported to DCMS.

3. AL codes are assigned by the originating government department or agency that produces the COMSEC material and represent the minimum accounting standard.

4. AL codes will appear on all accounting reports but not necessarily on the material . If DCMS changes the AL code for any COMSEC material, the material must be accounted for based on its new AL code effective upon notification of the change. The classification of COMSEC material has no bearing on the AL code assigned to an item. For example, Top Secret COMSEC material may be assigned AL 1 or AL 3; however, there is also Secret, Confidential and Unclassified COMSEC material that is assigned AL 1 or AL 3. AL codes determine how material is accounted for and classification determines handling and storage requirements.

5. The DCMS COR computer system, ACMS (Automated COMSEC Material System), requires assignment of an AL code to each short title in the system to permit automated processing (ie., automatic distribution and report generation requirements).

The marking or designation "CRYPTO" identifies all COMSEC keying material which is used to protect or authenticate classified or sensitive unclassified government or government derived information, the loss of which could adversely affect national security. The marking "CRYPTO" is not a security classification

1. AL Code 3: COMSEC material is locally accountable by serial number and handled/safeguarded based on its classification after initial receipt to DCMS. (NOTE: Assigned to COMSEC keying material in lieu of AL 1 when tactical or operational need dictates decentralized accounting.)

1. AL Code 4: COMSEC material is locally accountable by quantity and handled/safeguarded based on its classification after initial receipt to DCMS.

CMIO's are required to continuously account to DCMS for all AL3 and 4 material

All transfers of AL 3 and 4 material to or from a CMIO, cache, or a non-DON account must be reported to DCMS. AL codes are assigned by the originating government department or agency that produces the COMSEC material and represent the minimum accounting standard.

AL codes will appear on all accounting reports but not necessarily on the material. If DCMS changes the AL code for any COMSEC material the material must be accounted for based on its new AL code effective upon notification of the change. The classification of COMSEC material has no bearing on the AL code assigned to an item. For example, Top Secret COMSEC material may be assigned AL 1 or AL 3; however, there is also Secret, Confidential and Unclassified COMSEC material that is assigned AL 1 or AL 3. AL codes determine how material is accounted for and classification determines handling and storage requirements.

The DCMS COR computer system, ACMS (Automated COMSEC Material System), requires assignment of an AL code to each short title in the system to permit automated processing (ie., automatic distribution and report generation requirements).

Controlled Cryptographic Item (CCI) is the designator which identifies secure telecommunications or information handling equipment, or an associated cryptographic component, which is unclassified but controlled within the CMCS.

1. The usability of COMSEC material is determined by its status (ie., one of three possible conditions). Status for COMSEC material is assigned at the direction of the controlling authority or originator of the material

1. The status for equipment and non-keying material items is changed infrequently as they are used for extended periods of time. This material is in effect until it is replaced or superseded.

1. The status for COMSEC keying material is promulgated repeatedly as its life span can vary from hours to or indefinite period of time. Most keying material is superseded on a regular or routine basis due to operational use. COMSEC keying material will, at all times, be in one of three status conditions:

1. RESERVE: held for future use
2. EFFECTIVE: In use to support an operational requirement

c. SUPERSEDED: No longer authorized for use; must be immediately destroyed.

NOTE: An edition of COMSEC keying material is one in a series of printings of the same short title. Each edition has its own effective period and contains different key variables divided into parts, known as segments. Each segment within an edition will have a designated effective period (ie., daily, weekly, monthly, bi-monthly, etc.) assigned to it based on the key's crypto-equipment. 2. Some keying material (e.g., Inter-Theater COMSEC Package (ICP)) may be categorized as being in a contingency status. Material in this category is defined as material held for use under specific operational conditions or in support of specific contingency plans. Status documents (e.g., CSPM MIC-3) will reflect this material as when directed (WHENDI).

1. Supersession refers to a time when a particular item of COMSEC material is no longer eligible for use. COMSEC material is superseded m one of three ways:

1. The supersession or status of COMSEC material held by CMS accounts can be determined using the following sources:

a. CSPM MIC-3:

1. The CSPM MIC-3 is classified SECRET and is issued by DCMS on a monthly basis and contains a composite listing of most COMSEC material distributed to DON CMS accounts.
2. As the CSPM MIC-3 shows the status for the material listed thereon, the CSPM MIC-3 must be held by every DON CMS account that holds COMSEC keying material
3. The CSPM MIC-3 shows the short title, long title, controlling authority, AL code (if applicable), status (ie., effective and supersession date, or reserve (ie., when directed (WHENDI)), classification, and disposition code.
4. The CSPM MIC-3 is not COMSEC material and is to be accounted for/handled based on its classification after receipt.
5. The CSPM MIC-3 is available on-line via the COMSEC Automated Reporting System (CARS). Viewing the CSPM MIC-3 via CARS provides the most up-to-date status information on COMSEC material CMS-l Annex F contains the procedures for accessing CARS.
6. In the event of conflicting information with regard to the status of or authorization to destroy COMSEC material, Custodians must use the most recent information available or contact DCMS//T30// for guidance.

1. AMSG-600: Contains status information for NATO COMSEC material and must be held by every DON CMS account which holds NATO material AMSG-600 takes precedence over the CSPM MIC-3 in case of conflicting information for NATO COMSEC material
3. JOINT STAFF ICP MANAGER MACDILL AFB, FL: Status information for keying material designated for use in the Inter-Theater COMSEC Package (ICP) is promulgated by a series of GENSER messages using a pre-determined date-time-group (DTG). Joint Staff ICP Manager Mac Dill AFB, FL distributes this information as show below: (read DTG, Address Indicator Group (AIG), subject, and frequency):

1. Varies 8712 USKAT-5360 Yearly
2. 211600Z 7863 CONVENTIONAL PACAKGE MONTHLY
3. 211602Z 901 SOC PACKAGE MONTHLY
4. 211603Z 7092 KEYMAT USAGE MONTHLY
5. 211604Z 902 TRI-TRAC MONTHLY
6. 211605Z 907 KG-84 MONTHLY
7. 211607Z 7093 JTAO PACKAGE MONTHLY
8. 211611Z 8709 IFF PACKAGE MONTHLY

1. Status information for SAS material is promulgated by JCS via message and is not listed on the CSPM MIC-3. Type Commanders also promulgate status information for SAS material For example, COMSUBPAC and COMSUBLANT disseminate a monthly message to the connective address group (CAG), "SUBPAC" and "SUBLANT," which lists the latest SAS related messages promulgated by theater Commanders.

1. Status information is also promulgated by controlling authorities via GENERAL messages (e.g., ALCOM, ALCOMPAC P, ALCOML ANT A). CMS Custodians are strongly encouraged to coordinate with their servicing communications facility to establish procedures which will ensure that all messages pertaining to COMSEC material are delivered in a timely manner.

K. CATEGORIES OF COMSEC MATERLAL

1. COMSEC material consists of aids and hardware which secure telecommunications or ensure the authenticity of such communications. COMSEC material includes, but is not limited to, COMSEC key, items which embody COMSEC logic, and other items which perform COMSEC functions. COMSEC material is divided into three categories: keying material, equipment, and related information.

1. KEYING MATERIAL: A type of COMSEC aid which supplies either encoding means for manual and auto-manual crypto systems or key for machine crypto systems. Keying material may or may not be marked or designated "CRYPTO." Keying Material includes both paper, which may be extractable or non-extractable, and non-paper items.

Keylists (AKAK/USKAK)

Keycards (AKAY/USKAY)

Keytapes (AKAT/USKAT)

Codes (AKAC/USKAC)

Authenticators (AKAA/USKAA)

One-time Pads (AKAP/USKAP)

1. Extractable keying material is designed to permit the extraction and removal of individual segments of key for hourly, daily, weekly, etc., use. Individual segments are indicated by perforations, dotted lines, or similar separations to permit removal Some examples of extractable keying material are keycards, keytapes, and authentication systems consisting of hourly or daily authentication tables.

1. Non-paper keying material includes electronically generated key, keying plugs, keyed microcircuits, floppy disk magnetic tapes, and keying material in solid state form such as programmable read only memories (PROM's), read-only memories (ROM's), metallic oxide semi-conductor (MOS) chips, and micro-miniature tamper protection systems (micro-TPS).

3. COMSEC EQUIPMENT: Equipment designed to provide security to telecommunications by converting information to a form unintelligble to an unauthorized interceptor and subsequently by reconverting such information to its original form for authori7ed recipient as well as equipment designed specifically to aid in, or as an essential element of the conversion process.

4. COMSEC-RELATED INFORMATION: Includes policy, procedural, and general doctrinal publication (e.g., CMS 1, CMS 5), equipment maintenance manuals (e.g., KAM-410) and operating instructions (e.g., KAO-207), CAD sign frequency systems and miscellaneous material not listed above (e.g., CSPM MIC-3, NAG 16, CMS 2- lA12-3/4, CMS )

1. Selected limited maintenance KAM's are being/have been replaced by Limited

Maintenance Manuals (LMMs). LMMs are unclassified and are not accountable as

COMSEC or COMSEC-related material

2. Status information on LMMs will be promulgated by DCMS//60//.

1. CMS Advise and Assistance (A&A) Training Team personnel should be viewed as a CMS Custodians right-hand asset. Their training and experience provide a readily available source of technical expertise in a~ areas related to COMSEC material Their charter--to train and assist should be used advantageously at every opportunity by every command handling COMSEC material

1. Education and training are available on a worldwide basis to provide basic skills required to fulfill Custodian responsibilities and to assist/train personnel in the procedures required to properly manage a CMS account. These efforts include:

1. CMS Custodian Course of Instruction (COI) (A-4C-0014).
2. CMS Local Holder (LH) Custodian (COI) (A-4C-003 1).

c. Training and assistance provided by CMS A&A Training Teams.

2. Locations: The CMS COI is offered in the following areas:

1. Naval Education ~ Training Center, Newport, RI
2. Naval Submarine School, Groton, CT
3. Fleet Training Center, Norfolk, VA
4. Trident Training Faci1ity, Kings Bay, CA
5. Fleet Training Center, Mayport, FL

1. Trident Training Facility, Bangor, WA
2. Fleet Training Center, San Diego, CA

(3) Submarine Training Facility, San Diego, CA

(1) NCTAMS MED DET Rota, Spain

1. ATG MIDPAC, Pearl Harbor, HI

(2) ATG, Yokosuka, Japan

3. Quotas for the CMS Custodian COI are available from each of the sites and should be coordinated through the command CMS Custodian and Training Officer.

4. Criteria for Attending: Criteria for attending the CMS Custodian COI are:

U.S. citizenship (includes naturalized) SECRET security clearance E-6/GS-7 and above (Custodians only) Six months of government service Be assigned to or designated to fill a CMS Custodian or CMS Clerk Position.

NOTE: LH Custodians/Alternates are not authorized to attend the CMS Custodian COI.

1. General: The CMS LH Custodian COI provides personnel the basic skills necessary to fill a CMS LH Custodian position. The CMS LH Custodian COI is a three-day course of instruction, emphasizing management of a CMS LH account and operation of the data transfer device (DTD).

2. Locations/Quotas: Same as paragraphs B.2. and B.3. above.

Criteria for attending: Same as paragraph B.4. above except that attendance is for personnel assigned to or designated to fill a LH CMS Custodian position.

1. CMS TRAINING VISITS: All CMS accounts and their associated LHs are required to receive a CMS A&A Training Visit every 18 months. The 18 month requirement may be waived by an ISIC if a ship or submarine is m an overhaul period.

1. CMS INSPECTIONS: AU CMS accounts must undergo a formal CMS inspection every 24 months. This inspection well be unannounced and conducted in accordance with the procedures contained in CMS 3.
1. CMS A&A TRAINING TEAMS

1. CMS A&A Training Teams constitute a worldwide network of CMS subject matter experts. They were established to provide assistance and training to personnel assigned CMS responsibilities. Training may be conducted at the account command or at the facility of the area CMS A&A Training Team

1. Specific training topics are scheduled by the Training Team offices at established intervals and cover both general and specific subjects of interest to CO's, OICs, ISICs, CMS Inspectors, CMS Custodians and CMS Users.

1. CMS A&A Training Team assistance is limited to CMS issues only, and not the operational aspects of communications or cryptology.

1. General: CMS A&A Training Teams can provide assistance in resolving general or specific problems and in most cases this can be done over the telephone. When required, a date can be arranged for a Training Team to visit a command.
2. Request for Services: Submit a request for services to the closest CMS A&A Training Team in your area.
3. Types of Services: CMS A&A Training Teams provide the following services:

a. CMS TRAINING VISITS:

2. Results of a Training Team visit are not reported outside of the command visited. A debrief to the Commanding Officer (or designated representative) and the Custodian is provided covering specific areas of training and the personnel involved.

4. CMS FOR COMMANDlNG OFFICER's:

1. This training is for CO's, and OIC's to enable them to effectively monitor their account's compliance with established procedures. Training lasts approximately two hours and may be conducted at the account command or other location as coordinated by the requesting command.

1. Provides CMS Custodians with supplemental training for their Users. This training lasts approximately three hours and can be provided at the account command or at the CMS A&A Training Team site.

1. Addresses changes to CMS policy and procedures, recurring problems m account management, insecurity trends and topics of concern introduced by attendees. CMS Seminars are primarily for CO's, CMS Inspectors, and CMS Custodians. Seminars are conducted semiannually and hosted by either an ISIC or an area CMS A&A Training Team.

(l) CARS provides a method for electronically transferring CMS reports and CMS-related information in the form of ASC II files to and from the DCMS word processing software, and other commmunication software. Annex F of CMS l contains procedures for accessing/using CARS.

Each CMS A&A Training Team maintains a library of VHS tapes covering a variety of CMS topics to supplement area training efforts or for use as training material at remote locations that are not visited on a regular basis. Contact you area CMS A&A Training Team office for a list of available tapes.