Controlled Cryptographic Item

Last updated

Controlled Cryptographic Item (CCI) is a U.S. National Security Agency term for secure telecommunications or information handling equipment, associated cryptographic component or other hardware item which performs a critical communications security (COMSEC) function. Items so designated may be unclassified but are subject to special accounting controls and required markings.

Part of the physical security protection given to COMSEC equipment and material is afforded by its special handling and accounting. CCI equipment must be controlled in a manner that affords protection at least equal to other high value equipment, such as money, computers, and Privacy Act-controlled. There are two separate channels used for the handling of such equipment and materials: "the COMSEC channel" and "the administrative channel." The COMSEC channel, called the COMSEC Material Control System, is used to distribute accountable COMSEC items such as classified and CCI equipment, keying material, and maintenance manuals. Some military departments have been authorized to distribute CCI equipment through their standard logistics system.

The COMSEC channel is composed of a series of COMSEC accounts, each of which has an appointed COMSEC Custodian who is personally responsible and accountable for all COMSEC materials charged to his/her account. The COMSEC Custodian assumes accountability for the equipment or material upon receipt, then controls its dissemination to authorized individuals on job requirements and a need-to-know basis. The administrative channel is used to distribute COMSEC information other than that which is accountable in the COMSEC Material Control System.

Persons with access to COMSEC materials are asked, among other restrictions, to avoid unapproved travel to any countries which are adversaries of the United States, or their establishments or facilities within the U.S. [1]

Related Research Articles

Communications security Discipline of telecommunications

Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients.

Authorization Function of specifying access rights and privileges to resources

Authorization is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular. More formally, "to authorize" is to define an access policy. For example, human resources staff are normally authorized to access employee records and this policy is often formalized as access control rules in a computer system. During operation, the system uses the access control rules to decide whether access requests from (authenticated) consumers shall be approved (granted) or disapproved (rejected). Resources include individual files or an item's data, computer programs, computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer software and other hardware on the computer.

KY-57 Cryptographic device

The Speech Security Equipment (VINSON), TSEC/KY-57, is a portable, tactical cryptographic device in the VINSON family, designed to provide voice encryption for a range of military communication devices such as radio or telephone.

Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.

STU-III Telephone

STU-III is a family of secure telephones introduced in 1987 by the NSA for use by the United States government, its contractors, and its allies. STU-III desk units look much like typical office telephones, plug into a standard telephone wall jack and can make calls to any ordinary phone user. When a call is placed to another STU-III unit that is properly set up, one caller can ask the other to initiate secure transmission. They then press a button on their telephones and, after a 15-second delay, their call is encrypted to prevent eavesdropping. There are portable and militarized versions and most STU-IIIs contained an internal modem and RS-232 port for data and fax transmission. Vendors were AT&T, RCA and Motorola.

The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems have become known and its most modern systems share at least some features with commercial products.

The Electronic Key Management System (EKMS) is a United States National Security Agency led program responsible for Communications Security (COMSEC) key management, accounting, and distribution. Specifically, EKMS generates and distributes electronic key material for all NSA encryption system whose keys are loaded using standard fill devices, and directs the distribution of NSA produced key material. Additionally, EKMS performs account registration, privilege management, ordering, distribution, and accounting to direct the management and distribution of physical COMSEC material for the services. The common EKMS components and standards facilitate interoperability and commonality among the armed services and civilian agencies.

VINSON is a family of voice encryption devices used by U.S. and allied military and law enforcement, based on the NSA's classified Suite A SAVILLE encryption algorithm and 16 kbit/s CVSD audio compression. It replaces the Vietnam War-era NESTOR (KY-8/KY-28|28/KY-38|38) family.

KG-84 Encryption device

The KG-84A and KG-84C are encryption devices developed by the U.S. National Security Agency (NSA) to ensure secure transmission of digital data. The KG-84C is a Dedicated Loop Encryption Device (DLED), and both devices are General-Purpose Telegraph Encryption Equipment (GPTEE). The KG-84A is primarily used for point-to-point encrypted communications via landline, microwave, and satellite systems. The KG-84C is an outgrowth of the U.S. Navy high frequency (HF) communications program and supports these needs. The KG-84A and KG-84C are devices that operate in simplex, half-duplex, or full-duplex modes. The KG-84C contains all of the KG-84 and KG-84A modes, plus a variable update counter, improved HF performance, synchronous out-of-sync detection, asynchronous cipher text, plain text, bypass, and European TELEX protocol. The KG-84 (A/C) is certified to handle data at all levels of security. The KG-84 (A/C) is a Controlled Cryptographic Item (CCI) and is unclassified when unkeyed. Keyed KG-84 equipment assumes the classification level equal to that of the keying material used.

Tradecraft Espionage techniques

Tradecraft, within the intelligence community, refers to the techniques, methods and technologies used in modern espionage (spying) and generally, as part of the activity of intelligence assessment. This includes general topics or techniques, or the specific techniques of a nation or organization.

Two-man rule Action only authorized by two or more people

The two-man rule is a control mechanism designed to achieve a high level of security for especially critical material or operations. Under this rule access and actions require the presence of two or more authorized people at all times.

The United States government classification system is established under Executive Order 13526, the latest in a long series of executive orders on the topic. Issued by President Barack Obama in 2009, Executive Order 13526 replaced earlier executive orders on the topic and modified the regulations codified to 32 C.F.R. 2001. It lays out the system of classification, declassification, and handling of national security information generated by the U.S. government and its employees and contractors, as well as information received from other governments.

Radioman

Radioman (RM) was a rating for United States Navy and United States Coast Guard enlisted personnel, specializing in communications technology.

Public Health Security and Bioterrorism Preparedness and Response Act

Signed into effect on 12 June 2002, the Public Health Security and Bioterrorism Preparedness and Response Act, (PHSBPRA) was signed by the President, the Department of Health and Human Services (DHHS) and the U.S. Department of Agriculture (USDA).

Export control is legislation that regulates the export of goods, software and technology. Some items could potentially be useful for purposes that are contrary to the interest of the exporting country. These items are considered to be controlled. The export of controlled item is regulated to restrict the harmful use of those items. Many governments implement export controls. Typically, legislation lists and classifies the controlled items, classifies the destinations, and requires exporters to apply for a licence to a local government department.

Homeland Security Grant Program

Homeland Security Grant Program (HSGP) is a program in the United States established in 2003 and was designated to incorporate all projects that provide funding to local, state, and Federal government agencies by the Department of Homeland Security. The purpose of the grants is to purchase surveillance equipment, weapons, and advanced training for law enforcement personnel in order to heighten security. The HSGP helps fulfill one of the core missions of the Department of Homeland Security by enhancing the country's ability to prepare for, prevent, respond to and recover from potential attacks and other hazards. The HSGP is one of the main mechanisms in funding the creation and maintenance of national preparedness, which refers to the establishment of plans, procedures, policies, training, and equipment at the Federal, State, and local level that is needed to maximize the ability to prevent, respond to, and recover from major events such as terrorist attacks, major disasters, and other emergencies. The HSGP's creation stemmed from the consolidation of six original projects that were previously funded by the Office of State and Local Government Coordination and Preparedness. The HSGP now encompasses five projects in the program: State Homeland Security Program, Urban Areas Security Initiative, Operation Stonegarden, Metropolitan Medical Response System Program, and Citizen Corps Program. During the 2010 fiscal year, the Department of Homeland Security will spend $1,786,359,956 on the Homeland Security Grant Program.

Nuclear Non-Proliferation Act of 1978

Nuclear Non-Proliferation Act of 1978, 22 U.S.C. § 3201, is a United States federal law declaring that nuclear explosive devices pose a perilous threat to the security interests of the United States and continued international progress towards world peace and the development of nations.

A Multibook or a TACLANE Multibook is a single laptop that combines two to three different classified networks into a single device solution. Currently, most secure computing standards require the federal government and military personnel to maintain multiple PCs on different networks in an effort to allow users simultaneous access to unclassified and classified information. A multibook simply through a complex configuration allows separate enclaves and virtual machines through one display. A Multibook has no hard drive and uses a cryptographic ignition key to create a virtual hard drive space with a Type 1 COMSEC element found inside the MultiBook’s integrated Suite B security module.

Cryptographic High Value Product (CHVP) is a designation used within the information security community to identify assets that have high value, and which may be used to encrypt / decrypt secure communications, but which do not retain or store any classified information. When disconnected from the secure communication network, the CHVP equipment may be handled with a lower level of controls than required for COMSEC equipment.

Mahlon E. Doyle was an American cryptologist, inventor, innovator, and author. He enjoyed a three decade career at the National Security Agency and its predecessor organizations.

References

Further reading