UNCLASSIFIED

January 2014

IT Security Directive for the

Application of Communications Security Using CSE-Approved Solutions

ITSD-01A

UNCLASSIFIED

ITSD-01A

Foreword January 2014 ii

Foreword

As the national authority for Communications Security, the Communications Security

Establishment has published the IT Security Directive for the Application of Communications

Security Using CSE-Approved Solutions (ITSD-01A) as its authoritative cornerstone policy

instrument. The following regulatory publications provide the GC with amplified security

requirements identified in this directive:

IT Security Directive for the Control of COMSEC Material in the Government of Canada

(ITSD-03A);

Directive for the Use of CSEC-Approved COMSEC Equipment and Key on a

Telecommunications Network (ITSD-04);

Directive for Reporting and Evaluating COMSEC Incidents Involving Accountable

COMSEC Material (ITSD-05);

Directive for the Control of COMSEC Material in the Canadian Private Sector (ITSD-06);

IT Security Directive for the Control of CSE-Approved Cryptographic High Value Products

(ITSD-07), under development; and

IT Security Directive for the Control of In-Process COMSEC Material (ITSD-08), under

development.

This directive is an UNCLASSIFIED publication issued under the authority of the Chief,

Communications Security Establishment in accordance with the Treasury Board of Canada

Secretariat Policy on Government Security.

This directive supersedes the Directives for the Application of Communications Security in the

Government of Canada (ITSD-01), January 2005, and the Information Technology Security

Bulletin, Amendment 1-2010 to the Directives on the Application of Communications Security in

the Government of Canada (ITSD-01), July 2010.

General inquiries and suggestions for amendments are to be forwarded through departmental

communications security channels to COMSEC Client Services at the Communications Security

Establishment.

The Communications Security Establishment will notify users of changes to this publication.

UNCLASSIFIED

ITSD-01A

Foreword January 2014 iii

Effective Date

This Directive takes effect on date of signature.

____________________________________________________

Toni Moffa

Deputy Chief, IT Security

January 10, 2014

Date

© Government of Canada, Communications Security Establishment, 2014

Physical or electronic copies of this publication, in part or in whole, may be made for official

Government of Canada use only. Reproduction of multiple copies of this publication for the

purpose of commercial redistribution is prohibited except with written permission from the

Government of Canada’s copyright administrator, Public Works and Government Services

Canada.

UNCLASSIFIED

ITSD-01A

Summary of Changes January 2014 iv

Summary of Changes

With the introduction of several new Information Technology Security Directives recently

published by the Communication Security Establishment to support Communications Security in

the Government of Canada, many chapters, articles and annexes of the original Directives for the

Applications of Communications Security in the Government of Canada (ITSD-01) dated

January 2005, have been removed or updated as indicated below.

Removed

Annex A Communications Security Organizations and Responsibilities

Annex E Emission Security – now part of Annex D

Annex G Communications Security Incidents and Compromises –

Removed - Refer to ITSD-05

Annex I Cryptographic Network Management – Refer to ITSD-04

Annex J Cryptographic Equipment Ownership and Acquisition –

Refer to Chapter 4, as wells as ITSD-03A and ITSD-06

Annex K Committees – Terms of Reference – Removed

Annex L Points of Contact – Refer to Article 1.11

Annex M Accountable COMSEC Material Control Agreement – Removed –

Refer to http://www.cse-cst.gc.ca/its-sti/services/cmac-

cagmc/forms-formulaires-eng.html

Annex N COMSEC Access Requests – Requirements – Removed –

Refer to ITSD-03A and ITSD-06

Annex O Cryptographic Equipment Procurement – Authorization –

Refer to Chapter 4, as well as ITSD-03A and ITSD-06

Amended

Appendix 1 and 2 Replaced with COMSEC Equipment Requirements (CER) form

and COMSEC Equipment Purchase Authorization (CEPA) form

Annex B Personnel and Physical Security

Annex C Cryptographic Security

Annex D Transmission Security – now includes Emission Security

Annex F Managing COMSEC Material – Now part of Annex E

UNCLASSIFIED

ITSD-01A

Table of Contents January 2014 v

Table of Contents

Foreword ........................................................................................................................ ii

Summary of Changes .................................................................................................. iv

List of Tables ............................................................................................................... vii

List of Abbreviations and Acronyms ........................................................................ viii

1 Introduction ......................................................................................................... 1

1.1 Purpose ..................................................................................................... 1

1.2 Authority ..................................................................................................... 1

1.3 Scope ........................................................................................................ 1

1.4 Context ...................................................................................................... 2

1.5 Application ................................................................................................. 2

1.6 Expected Results ....................................................................................... 2

1.7 Compliance ................................................................................................ 2

1.8 Consequence of Non-Compliance ............................................................. 2

1.9 Conflict Resolution ..................................................................................... 3

1.10 Request for Exception or Waiver ............................................................... 3

1.11 Contact Information ................................................................................... 3

1.12 COMSEC User Portal ................................................................................ 4

1.13 Communications Security Establishment Web Site ................................... 4

2 Lead Agency Roles and Responsibilities ......................................................... 5

2.1 General ...................................................................................................... 5

2.2 Treasury Board of Canada Secretariat ...................................................... 5

2.3 Communications Security Establishment................................................... 5

2.4 Public Works Government Services Canada ............................................. 5

2.5 Royal Canadian Mounted Police ............................................................... 5

3 Communications Security ................................................................................. 6

3.1 General ...................................................................................................... 6

3.2 COMSEC Components .............................................................................. 6

3.3 Protection of COMSEC Material ................................................................ 6

3.4 Export of Accountable COMSEC Material ................................................. 7

3.5 Shipment of Accountable COMSEC Material ............................................ 7

3.6 Travel with Accountable COMSEC Device ................................................ 7

3.7 COMSEC Incidents – Accountable COMSEC Material ............................. 8

3.8 COMSEC Training ..................................................................................... 8

4 Cryptographic Equipment – Procurement and Ownership ............................. 9

4.1 General ...................................................................................................... 9

4.2 Government of Canada Departments ........................................................ 9

UNCLASSIFIED

ITSD-01A

Table of Contents January 2014 vi

4.3 Sponsored Government of Canada Departments and Other Levels or Government ............................................................................................... 9

4.4 Canadian Private Sector .......................................................................... 10

4.5 Additional Regulations ............................................................................. 10

4.6 Purchase of CSE-Approved Solutions from the United States ................ 11

5 Glossary ............................................................................................................ 12

6 Bibliography ...................................................................................................... 14

Annex A COMSEC Management Roles and Responsibilities .......................... A-1

A.1 General ...................................................................................................A-1

A.2 Communications Security Establishment................................................A-1

A.3 Government of Canada Departments .....................................................A-2

Annex B Personnel and Physical Security ....................................................... B-1

B.1 Personnel................................................................................................B-1

B.2 Physical ..................................................................................................B-1

Annex C Cryptographic Security ....................................................................... C-1

C.1 Telecommunications Networks .............................................................. C-1

C.2 Satellites, Space Systems and Avionics ................................................ C-1

C.3 Cryptographic Equipment ...................................................................... C-1

Annex D Emission and Transmission Security ................................................ D-1

D.1 Emission Security Controls .................................................................... D-1

D.2 Transmission Security ........................................................................... D-1

Annex E COMSEC Material Management and Control ......................................E-1

E.1 General ...................................................................................................E-1

E.2 Appointment of COMSEC Account Personnel ........................................E-2

E.3 Distribution ..............................................................................................E-2

Annex F Installation and Maintenance of Cryptographic Equipment and

Software ................................................................................................ F-1

F.1 General ................................................................................................... F-1

F.2 COMSEC Awareness ............................................................................. F-1

F.3 Installation............................................................................................... F-1

F.4 Maintenance ........................................................................................... F-2

F.5 Modifications ........................................................................................... F-2

F.6 Configuration Management .................................................................... F-2

F.7 Training ................................................................................................... F-3

F.8 Installation and Maintenance Manuals ................................................... F-3

UNCLASSIFIED

ITSD-01A

List of Tables January 2014 vii

List of Tables

Table 1 – Contact Information for COMSEC Offices ....................................................... 3

UNCLASSIFIED

ITSD-01A

List of Abbreviations and Acronyms January 2014 viii

List of Abbreviations and Acronyms

ACM Accountable COMSEC Material ACMCA Accountable COMSEC Material Control Agreement AFU Approval for Use ALC Accounting Legend Code

CA Controlling Authority CCI Controlled Cryptographic Item CE Compromising Emanations CEPA COMSEC Equipment Purchase Authorization CER COMSEC Equipment Requirements CGP Controlled Goods Program CHVP Cryptographic High Value Product CICA CSE Industrial COMSEC Account CISD Canadian Industrial Security Directorate CMAC Crypto Material Assistance Centre COMSEC Communications Security cryptonet Cryptographic Network CSE Communications Security Establishment CUP COMSEC User Portal

DCA Departmental COMSEC Authority DCITS Deputy Chief, Information Technology Security DDSM Directive on Departmental Security Management DS Direct Sales DSO Departmental Security Officer

EKMS Electronic Key Management System EMSEC Emission Security

FAA Financial Administration Act FMS Foreign Military Sales FOCI Foreign Ownership Control or Influence FSU Field Software Upgrade

GC Government of Canada

HACP High Assurance Cryptographic Product HAIPE High Assurance Internet Protocol Encryptor

IISD International Industrial Security Directorate ISP Industrial Security Program IT Information Technology ITAR International Traffic in Arms Regulations ITSC Information Technology Security Coordinator ITSD Information Technology Security Directive

UNCLASSIFIED

ITSD-01A

List of Abbreviations and Acronyms January 2014 ix

ITSG Information Technology Security Guidance ITSLC IT Security Learning Centre

KP Key Processor

LMD Local Management Device LPDFH Low Probability of Detection and Frequency Hopping

MITS Management of Information Technology Security MOA Memorandum of Agreement MOU Memorandum of Understanding MTU Maximum Transfer Unit

NATO North Atlantic Treaty Organization NCA National Cryptographic Authority NCAT National COMSEC Audit Team NCIO National COMSEC Incidents Office NCMCS National COMSEC Material Control System NCOR National Central Office of Record NDA National Distribution Authority

OLG Other Levels of Government

PC Personal Computer PGS Policy on Government Security PWGSC Public Works and Government Services Canada

RCMP Royal Canadian Mounted Police

SGSM Secure Global System for Mobile Communications Security Module SSC Shared Services Canada

TAA Technical Assistance Agreement TBS Treasury Board of Canada Secretariat TFS Traffic Flow Security TRA Threat and Risk Assessment TRANSEC Transmission Security TT&C Telemetry, Tracking and Control

U.S. United States USML United States Munitions List

UNCLASSIFIED

ITSD-01A

Introduction January 2014 1

1 Introduction

The Government of Canada (GC) has established a program known as Communications Security

(COMSEC) to assist in the protection of classified and PROTECTED C information and data.

The COMSEC program involves the application of cryptographic security, transmission and

emission security, physical security measures, operational practices and controls. The objective

of COMSEC is to deny unauthorized access to information and data derived from

telecommunications and to ensure the confidentiality, integrity and authenticity of such

telecommunications.

For the purpose of this directive, the term “GC department” includes any federal institution

(e.g. Department, Agency, Organization) subject to the Policy on Government Security (PGS)

and to Schedules I, I.1, II, IV and V of the Financial Administration Act (FAA), unless excluded

by specific acts, regulations or Orders in Council.

1.1 Purpose

This directive provides baseline COMSEC requirements for the use of Communications

Security Establishment (CSE)–approved COMSEC solutions used to safeguard GC classified

and PROTECTED C information and data.

1.2 Authority

This directive is promulgated pursuant to the PGS that delegates the CSE as the lead security

agency and national authority for COMSEC. CSE is responsible for the development, approval

and promulgation of COMSEC policy instruments and for the development of guidelines and

tools related to Information Technology (IT) security.

1.3 Scope

The direction provided within this directive is designed to meet the control and safeguard

requirements for the use of Accountable COMSEC Material (ACM), including High Assurance

Cryptographic Products (HACPs) and Cryptographic High Value Products (CHVPs), that are

approved for use by CSE for the protection of GC classified and PROTECTED C information

and data.

“Accountable COMSEC Material” is COMSEC material that requires control and accountability

within the National COMSEC Material Control System (NCMCS).

“COMSEC material” is designed to secure or authenticate telecommunications information.

COMSEC material includes cryptographic key, devices, hardware, firmware or software that

embodies or describes cryptographic logic. It also includes the documents that describe and

support these items.

UNCLASSIFIED

ITSD-01A

Introduction January 2014 2

1.4 Context

The PGS, the Directive on Departmental Security Management (DDSM), and the Operational

Security Standard: Management of Information Technology Security (MITS) are supported by

this directive.

1.5 Application

This directive applies to GC departments that are authorized to handle, control and safeguard

CSE-approved COMSEC solutions to protect classified and PROTECTED C information and

data for the GC.

1.6 Expected Results

Implementation of this directive will help ensure the protection of GC classified and protected

information and data. It will also ensure that Canada’s commitments to safeguard and control

COMSEC material are aligned with the agreements and security requirements of its international

partners.

1.7 Compliance

Compliance with this directive is the responsibility of each GG department that has been

authorized to use CSE-approved COMSEC solutions.

NOTE: GC departments that sponsor Other Levels of Government (OLG) or private sector

companies to hold and use CSE-approved solutions as detailed in this directive, the

IT Security Directive for the Control of COMSEC Material in the Government of

Canada (ITSD-03A) and the Directive for the Control of COMSEC Material in the

Canadian Private Sector (ITSD-06) are responsible to ensure that a sponsored OLG or

private sector company complies with this directive, where applicable.

For the purpose of this directive, the terms:

“Other Levels of Government” includes provincial, municipal and local government

organizations (e.g. law enforcement agencies); and

“private sector company” includes Canadian companies, organizations or individuals that do

not fall under the FAA or are not subordinate to a provincial or municipal government. It

also includes Canadian-based industries (or other non-government organizations) where

security is administered by the Public Works and Government Services Canada (PWGSC)

Industrial Security Program (ISP).

1.8 Consequence of Non-Compliance

Failure to comply with this directive may result in escalated administrative controls being placed

on CSE-provided COMSEC solutions.

UNCLASSIFIED

ITSD-01A

Introduction January 2014 3

1.9 Conflict Resolution

When a conflicting national-level COMSEC directive (e.g. ITSD series) is encountered, this

directive will take precedence. Any conflict between the requirements contained in this directive

and any other national (e.g. PGS, DDSM and MITS) or international (e.g. International Traffic in

Arms Regulations [ITAR]) requirements are to be submitted to COMSEC Client Services for

resolution.

1.10 Request for Exception or Waiver

A request for an exception (substitution) or a waiver (a temporary exemption from a specific

requirement) in regards to the direction provided within must be submitted, by the Departmental

Security Officer (DSO), to COMSEC Client Services for approval.

1.11 Contact Information

The following table contains contact information for offices within CSE that provide COMSEC

support to users.

Unless otherwise specified, telephone numbers listed are attended from 8 a.m. to 4 p.m. Eastern

Standard Time, Monday to Friday.

Table 1 – Contact Information for COMSEC Offices

COMSEC Client Services

Telephone: 613-991-8495

Secure Fax: 613-991-8565 comsecclientservices@cse-cst.gc.ca

Crypto Material Assistance Centre (CMAC)

and National Central Office of Record (NCOR)

Telephone: 613-991-8600

Secure Fax: 613-991-8565 cmac-camc@cse-cst.gc.ca

National COMSEC Incidents Office (NCIO)

During work hours:

Telephone: 613-991-8175

Fax: 613-991-7588

Secure Fax: Call 613-991-8175 for set up

ncio@cse-cst.gc.ca

After office hours:

Telephone: 613-991-8762

Fax: 613-991-8766

cansoc@cse-cst.gc.ca

UNCLASSIFIED

ITSD-01A

Introduction January 2014 4

1.12 COMSEC User Portal

Authorized users may access the CSE COMSEC User Portal (CUP) at

https://comsecportal.cse-cst.gc.ca. The CSE CUP provides COMSEC-related UNCLASSIFIED

and PROTECTED A information and Field Software Upgrades (FSUs) associated with

CSE-approved high assurance products, systems and services. For information on becoming an

authorized user of the CSE CUP, contact CMAC.

1.13 Communications Security Establishment Web Site

COMSEC directives and information (UNCLASSIFIED only) associated with CSE-approved

high assurance products, systems and services are available at

http://www.cse-cst.gc.ca/its-sti/publications/index-eng.html.

UNCLASSIFIED

ITSD-01A

Lead Agency January 2014 5 Roles and Responsibilities

2 Lead Agency Roles and Responsibilities

2.1 General

The PGS provides direction to lead security agencies that play a role in the protection of

COMSEC material in the GC. This Chapter highlights the services these agencies provide in

regards to the protection of COMSEC material. For information on roles and responsibilities as

they relate to management of ACM refer to Annex A.

2.2 Treasury Board of Canada Secretariat

The Treasury Board of Canada Secretariat (TBS) establishes and oversees a

whole-of-government approach to security and identity management as a key component of all

management activities and monitors the adequacy of services to support these activities and

practices across government.

2.3 Communications Security Establishment

As the national COMSEC authority, CSE is responsible for approving the certification,

acquisition and use of cryptographic equipment and cryptographic key, as well as developing

COMSEC-related policy instruments, that protect classified and PROTECTED C information.

The Deputy Chief, Information Technology Security (DCITS) has overall responsibility to ensure

provision and application of CSE-approved COMSEC solutions, as detailed in Article 1.2.

2.4 Public Works Government Services Canada

PWGSC provides leadership and coordination that helps ensure the application of security

safeguards through all phases of contracting with private sector companies within the scope of

the ISP. The ISP enables the Canadian private sector to compete for domestic and international

government contracts, protects public safety by safeguarding sensitive and controlled assets and

provides contract security services through the Canadian Industrial Security Directorate (CISD)

and the International Industrial Security Directorate (IISD).

2.5 Royal Canadian Mounted Police

The Royal Canadian Mounted Police (RCMP) provides leadership and coordination for

departmental activities that helps ensure the physical protection of government information,

assets, facilities and people and provides services related to crime prevention, personnel

screening, policing, law enforcement and investigations.

UNCLASSIFIED

ITSD-01A

Communications Security January 2014 6

3 Communications Security

3.1 General

The protection of information transmitted by electrical means and of certain electronic emissions

associated with classified or PROTECTED C information involves the use of specialized

technical, operational and physical security measures. The doctrine required and the technical,

operational and physical means employed to achieve this protection are collectively referred to as

COMSEC.

3.2 COMSEC Components

COMSEC is comprised of the following components:

Personnel and Physical Security (refer to Annex B)

Cryptographic Security (refer to Annex C), and

Emission and Transmission Security (refer to Annex D).

3.3 Protection of COMSEC Material

3.3.1 General

Dependence on distributed IT is growing and becoming more complex as GC departments

continue to interconnect. The protection of electronic information delivery and data at rest must

preserve the security of the nation-sensitive information, which is dependent on specially

produced cryptographic devices and associated COMSEC material (e.g. cryptographic key).

COMSEC material, especially ACM, is a primary target of hostile intelligence services and

others who wish to exploit secure communications. Access to COMSEC material could be used

to gain knowledge, which can be employed to defeat the security provided by COMSEC.

Due to the sensitive nature of ACM that protects classified and PROTECTED C information,

general safeguards and control measures must be supplemented by security standards and

procedures (e.g. CSE provided directives, doctrine and guidelines) additional to those that apply

to other sensitive information.

3.3.2 Foreign COMSEC Material

There are times when CSE and GC departments will enter into a formal agreement or

understanding (e.g. Memorandums of Agreements [MOAs], Memorandums of Understanding

[MOUs] and Technical Assistance Agreements [TAAs]) with a foreign agency to facilitate the

protection of foreign COMSEC material and exchange of information to improve the COMSEC

capability of the GC. GC departments must contact COMSEC Client Services for guidance when

CSE-approved solutions are involved.

UNCLASSIFIED

ITSD-01A

Communications Security January 2014 7

3.3.3 Access to Accountable COMSEC Material

3.3.3.1 Canadian Citizens

Access to ACM is restricted to Canadian citizens (including those of dual nationality) who meet

the following criteria:

require access to ACM in the normal performance of their duties (e.g. those authorized as

COMSEC Custodians and Local Elements);

possess a GC security clearance at least equivalent to the sensitivity of the ACM to which

they will have access;

have received a COMSEC briefing; and

have signed a COMSEC Briefing Certificate.

NOTE: Access by persons with Permanent Resident Status is not authorized.

When, for any reason, a person is considered to be no longer qualified or suitable to access ACM,

the responsible manager must refer the case to the Departmental COMSEC Authority (DCA) or

departmental security and personnel authorities for appropriate action.

3.3.3.2 Foreign Nationals

Access to ACM by foreign nationals is prohibited unless approved by CSE.

3.4 Export of Accountable COMSEC Material

ACM must not be exported to another country (e.g. sold or loaned) without prior authorization

from COMSEC Client Services.

3.5 Shipment of Accountable COMSEC Material

Due to the sensitivity of ACM, special procedures must be put in place to safeguard ACM and to

ensure that any attempt to access a shipment can be detected. Detailed instructions for the

shipping of ACM within and outside of Canada are provided in ITSD-03A.

3.6 Travel with Accountable COMSEC Device

3.6.1 Domestic

For operational requirements, GC departments may permit departmental users of portable

accountable cryptographic equipment (e.g. Secure Global System for Mobile Communications

Security Module [SGSM]) to carry an item as personal property while traveling within Canada.

NOTE: OLG and Canadian private sector personnel are permitted to carry portable

cryptographic equipment while travelling within Canada if the requirement is stated in

a contract, MOA or MOU – refer to ITSD-06.

UNCLASSIFIED

ITSD-01A

Communications Security January 2014 8

3.6.2 Foreign

Subject to Canadian and foreign national laws (contact COMSEC Client Services for guidance),

as well as equipment specific doctrine, a GC department may permit departmental users of

portable cryptographic equipment to carry an item for official use to locations outside Canada.

The DCA must ensure there is an operational requirement prior to permitting CSE-approved

portable cryptographic equipment to be taken outside Canada.

NOTE: OLG and private sectors companies are not permitted to carry CSE-approved portable

cryptographic equipment outside Canada unless authorized by COMSEC Client

Services.

3.7 COMSEC Incidents – Accountable COMSEC Material

Loss or compromise of ACM can seriously damage national security. The compromise of ACM

does not merely involve the material itself but all information affected by the ACM (e.g. all

information transmitted over a particular circuit or circuits, or encrypted with particular

cryptographic key). Access to ACM could provide hostile agencies or groups with information

that would aid them in the exploitation of intercepted traffic or the penetration of cryptographic

systems and networks. The Directive for Reporting and Evaluating COMSEC Incidents Involving

Accountable COMSEC Material (ITSD-05) and equipment specific doctrine provide detailed

information on the identification and the reporting of COMSEC incidents.

3.8 COMSEC Training

To the extent possible, personnel who operate or handle ACM must be trained and tested for

proficiency in its use and management. Periodic refresher training and drills should be conducted

to ensure personnel maintain the skills required to securely operate and handle ACM in the

performance of their duties.

The CSE IT security training schedule and registration information are available from the

IT Security Learning Centre (ITSLC).

3.8.1 Manufacturer Provided Training

Some manufacturers of CSE-approved cryptographic equipment provide training for the

cryptographic equipment they produce. In order to attend this training, a visit clearance

authorization must be requested through IISD. If the training requires ACM access, COMSEC

Client Services will have to provide COMSEC access authority as detailed in ITSD-03A.

UNCLASSIFIED

ITSD-01A

Cryptographic Equipment January 2014 9 Procurement and Ownership

4 Cryptographic Equipment – Procurement and Ownership

4.1 General

Procurement of cryptographic equipment (e.g. HACPs and CHVPs) intended for secure exchange

of GC classified and PROTECTED C information must be approved by COMSEC Client

Services. Currently these devices are vetted through the CSE Approval for Use (AFU) process.

4.1.1 Approval for Use Process

Once a product has been released to Canada and client requirements identified, CSE completes

an approval process. In addition to confirming the security boundaries and compatibilities of the

product, the key production and management, technical, training and doctrinal guidance support

mechanisms are developed before approval is given for operational deployment.

4.2 Government of Canada Departments

A GC department must complete and submit a COMSEC Equipment Requirements (CER) form

and a COMSEC Equipment Purchase Authorization (CEPA) form to CSE before it will be

permitted to purchase CSE-approved cryptographic equipment. Once authorization is provided

by CSE for the purchase of cryptographic equipment, the GC department is responsible to

arrange the purchase through PWGSC.

NOTE: Shared Services Canada (SSC) is responsible for requesting approval to purchase

cryptographic equipment for GC departments for which it manages COMSEC

requirements.

4.3 Sponsored Government of Canada Departments and Other

Levels or Government

GC departments not identified in Article 1.5, as well as OLGs, are not permitted to purchase or

own CSE-approved cryptographic equipment. However, they are permitted to hold and use

cryptographic equipment (including cryptographic key and ancillaries) if authorized by

COMSEC Client Services and if sponsored by a GC department that has an established

COMSEC Account. The sponsor must:

purchase the equipment as detailed in Article 4.2;

coordinate the signing of an Accountable COMSEC Material Control Agreement (ACMCA),

by all parties;

develop or coordinate the development of a MOA or a MOU, if required by COMSEC

Client Services;

UNCLASSIFIED

ITSD-01A

Cryptographic Equipment January 2014 10 Procurement and Ownership

provide oversight at the sponsored GC department or OLG in the same manner as it would a

Local Element within its own department (refer to ITSD-03A); and

ensure minimum security requirements identified in this directive and ITSD-03A are met

prior to authorizing the loan.

NOTE: Information and data to be secured by an OLG must not be classified higher than

SECRET.

4.4 Canadian Private Sector

A private sector company is not permitted to purchase or own CSE-approved cryptographic

equipment. However, it is permitted to hold and use cryptographic equipment (including

cryptographic key and ancillaries) if authorized by COMSEC Client Services and if sponsored by

a GC department that has an established COMSEC Account. For additional direction on

providing ACM to a private sector company, refer to ITSD-06 or contact COMSEC Client

Services.

4.4.1 Installation and Maintenance of Cryptographic Equipment

The sponsoring GC department is responsible to ensure proper installation and maintenance

(refer to Annex F) of CSE-approved cryptographic equipment provided to a private sector

company.

4.5 Additional Regulations

4.5.1 Foreign Ownership, Control or Influence

A private sector company will normally require a PWGSC CISD Foreign Ownership, Control or

Influence (FOCI) assessment before being provided access to ACM to fulfil a GC contract

deliverable or in support of a CSE-approved requirement. This assessment is designed to ensure

there are no factors present in a private sector company’s ownership and control arrangements

that could allow unauthorized access to ACM. A private sector company will be considered

under FOCI when a reasonable basis exists, as determined by a PWGSC FOCI assessment, to

conclude that the nature and extent of FOCI is such that control over the management or

operations of the facility may result in the unauthorized access to ACM by foreign parties or their

agents.

NOTE: Requests for FOCI exemption must be submitted to COMSEC Client Services.

UNCLASSIFIED

ITSD-01A

Cryptographic Equipment January 2014 11 Procurement and Ownership

4.5.2 Canadian Controlled Goods Program

The Canadian Controlled Goods Program (CGP) is a domestic industrial security program

within the PWGSC that is mandated to help strengthen Canada’s defence trade controls and to

prevent the proliferation of tactical and strategic assets. Acceptance of the control and

management requirements of ACM detailed in this and other CSE directives and ACMCAs,

MOUs, MOAs, Non-Disclosure Agreements and TAAs, does not exempt a GC department from

having to implement the requirements of the Canadian CGP.

4.5.3 United States International Traffic in Arms Regulations

The ITAR is a set of United States (U.S.) government regulations that control the export and

import of defense-related items and services on the United States Munitions List (USML).

A significant amount of GC COMSEC material is of U.S. origin. Acceptance of the control and

management requirements of ACM detailed in this directive and other CSE directives including

ACMCAs, MOUs, MOAs and Non-Disclosure Agreements does not exempt a GC department

from having to implement the requirements of ITAR. For advice and guidance on the movement

of ITAR controlled ACM, contact COMSEC Client Services.

4.6 Purchase of CSE-Approved Solutions from the United States

The Information Technology Security Guidance for Purchasing CSEC-Approved Cryptographic

Equipment from the United States Government (ITSG-26) provides instructions and guidance on

the purchase of CSE-approved cryptographic equipment available from the U.S. via Foreign

Military Sales (FMS) and Direct Sales (DS).

UNCLASSIFIED

ITSD-01A

Glossary January 2014 12

5 Glossary

This glossary contains definitions for the terms used in this directive.

Accountable COMSEC Material

(ACM)

Communications Security (COMSEC) material that

requires control and accountability within the National

COMSEC Material Control System in accordance with

its accounting legend code and for which transfer or

disclosure could be detrimental to the national security

of Canada.

Accountable COMSEC Material

Control Agreement (ACMCA)

A binding agreement between Communications

Security Establishment and an entity (Government or

Canadian private sector) not listed in Schedules I, I.1,

II, IV and V of the Financial Administration Act that

will permit the acquisition, accounting, control,

management and final disposition of communications

security material.

Accounting Legend Code (ALC) A numeric code used to indicate the minimum

accounting controls for Communication Security

(COMSEC) material which requires control and

accountability within the National COMSEC Material

Control System.

Canadian Private Sector Canadian organizations, companies or individuals that

do not fall under the Financial Administration Act or

are not subordinate to a provincial or municipal

government.

Communications Security

(COMSEC)

The application of cryptographic, transmission,

emission and physical security measures, and

operational practices and controls, to deny unauthorized

access to information derived from telecommunications

and to ensure the authenticity of such

telecommunications.

Controlled Cryptographic Item

(CCI)

An unclassified secure telecommunications or

information system, or associated cryptographic

component, that is governed by a special set of control

requirements within the National COMSEC Material

Control System and marked “CONTROLLED

CRYPTOGRAPHIC ITEM” or, where space is limited,

“CCI”.

UNCLASSIFIED

ITSD-01A

Glossary January 2014 13

Cryptographic Equipment Equipment that performs encryption, decryption,

authentication or key generation functions.

Cryptographic High Value

Product (CHVP)

A product incorporating only UNCLASSIFIED

components and UNCLASSIFIED cryptographic

algorithms. A Cryptographic High Value Product is not

classified nor designated as a Controlled Cryptographic

Item.

Doctrine

(IT Security Doctrine)

The fundamental rules and procedures that govern the

protection, control and use of information technology

security equipment, systems and material as

promulgated by the responsible national authority.

Government of Canada (GC)

Department

Any federal department, organization, agency or

institution subject to the Policy on Government

Security.

High Assurance The demonstration of confidence that a product or

system, through the robustness of its security controls,

its related policies, doctrine, processes, procedures, and

the thorough evaluation and validation of its design and

operations is able to protect Government of Canada

information and communications requiring the most

stringent protection controls available.

In-Process (IP) COMSEC

Material

Communications Security (COMSEC) material being

developed, produced, manufactured or repaired.

Other Levels of Government

(OLG)

Provincial, municipal and local government

organizations (e.g. law enforcement agencies).

RED Designation applied to an information system, and

associated areas, circuits, components, and equipment

in which unencrypted information is being processed.

TEMPEST Refers to the investigation and study of Compromising

Emanations (CE). The unintentional transmission of CE

results in a secondary, unwanted communications

channel known as a TEMPEST channel.

UNCLASSIFIED

ITSD-01A

Bibliography January 2014 14

6 Bibliography

The following source documents were used in the development of this directive:

Communications Security Establishment:

o Compromising Emanations Laboratory Test Requirements, Electromagnetics

(NSTISSAM TEMPEST/1-91) (CID/09/15A), June 1995.

o COMSEC Installation Planning – TEMPEST Guidance and Criteria (ITSG-11).

o Criteria for the Design, Fabrication, Supply, Installation and Acceptance Testing of

Walk In Radio Frequency Shielded Enclosures (ITSG-02), 1999.

o Directive for Reporting and Evaluating COMSEC Incidents Involving Accountable

COMSEC Material (ITSD-05), April 2012.

o Directive for the Control of COMSEC Material in the Canadian Private Sector

(ITSD-06), June 2013.

o Directive for the Use of CSEC-Approved COMSEC Equipment and Key on a

Telecommunications Network (ITSD-04), November 2011.

o Government of Canada Facility Evaluation Procedures (ITSG-12), June 2005.

o Harmonized Threat and Risk Assessment (TRA) Methodology, October 23, 2007.

o Information Security Guidance for Purchasing CSEC-Approved Cryptographic

Equipment from the United States Government (ITSG-26), January 2013.

o IT Security Directive for the Control and Management of In-Process COMSEC

Material (ITSD-08), under development.

o IT Security Directive for the Control of COMSEC Material in the Government of

Canada (ITSD-03A), March 2014.

o IT Security Directive for the Control of CSE-Approved Cryptographic High Value

Products (ITSD-07), under development.

Department of Justice:

o Financial Administration Act (FAA), 1985.

Public Works and Government Services Canada:

o Industrial Security Manual, December 11, 2009.

UNCLASSIFIED

ITSD-01A

Bibliography January 2014 15

Royal Canadian Mounted Police:

o Guide to the Application of Physical Security Zones (G1-026), September 2005.

o Physical Security Guide - Control of Access (G1-024), August 2004.

o Physical Security Guide - Protection, Detection and Response (G1-025),

December 2004.

o Physical Security Guide - Secure Rooms (G1-029), April 2006.

o Security Equipment Guide (G1-001), March 2006.

Treasury Board of Canada Secretariat:

o Controlled Goods Directive, November 1, 2006.

o Directive on Departmental Security Management (DDSM), July 2009.

o Operational Security Standard: Management of Information Technology Security

(MITS) May 31, 2004.

o Operation Security Standard on Physical Security, December, 2004.

o Policy on Government Security (PGS), July 2009.

United States Department of State:

o International Traffic in Arms Regulations (ITAR), April 1, 2012.

UNCLASSIFIED

ITSD-01A

Annex A – COMSEC Management January 2014 A-1 Roles and Responsibilities

Annex A COMSEC Management Roles and

Responsibilities

A.1 General

This Annex provides the roles and responsibilities of the Communications Security

Establishment (CSE) and Government of Canada (GC) departments as they relate to

Communications Security (COMSEC) management.

A.2 Communications Security Establishment

A.2.1 COMSEC Client Services

Under the direction of the Deputy Chief Information Technology Security (DCITS), COMSEC

Client Services is responsible to provide advice, guidance and direction to the GC, as well as the

private sector, for the handling of CSE-approved COMSEC solutions.

A.2.2 CSE Industrial COMSEC Account

Under the direction of the CSE Industrial COMSEC Account (CICA) Departmental COMSEC

Authority (DCA), CICA is responsible for the management and control of CSE-approved

COMSEC solutions provided to private sector COMSEC Sub-Accounts – refer to the Directive

for the Control of COMSEC Material in the Canadian Private Sector (ITSD-06).

A.2.3 National Central Office of Record

The National Central Office of Record (NCOR) is the entity at CSE that is responsible for the

oversight, management and accounting of Accountable COMSEC Material (ACM) produced in,

or entrusted to, Canada. The NCOR responsibilities include three distinct roles: Registration

Authority, COMSEC Account Manager and Key Processor (KP) Privilege Certificate Manager.

These roles are administered by the Crypto Material Assistance Centre (CMAC) – refer to the

IT Security Directive for the Control of COMSEC Material in the Government of Canada

(ITSD-03A).

A.2.4 National Distribution Authority

The National Distribution Authority (NDA) is the entity at CSE responsible for the receipt and

distribution of ACM within and outside Canada.

A.2.5 National COMSEC Incident Office

The National COMSEC Incidents Office (NCIO) is the entity at CSE responsible for managing

COMSEC incidents involving ACM through registration, validation, assessment, evaluation and

closure – refer to Article 3.7. The NCIO also provides for direct liaison and coordination with

other national and international COMSEC incidents offices.

UNCLASSIFIED

ITSD-01A

Annex A – COMSEC Management January 2014 A-2 Roles and Responsibilities

A.2.6 National COMSEC Audit Team

The National COMSEC Audit Team (NCAT) is responsible for conducting audits of all GC and

private sector COMSEC Accounts, on a cyclical basis. COMSEC audits are conducted to ensure

COMSEC Accounts are complying with applicable requirements governing accountability,

handling, and safeguarding of ACM. Refer to ITSD-03A and ITSD-06 for detailed information

on COMSEC audit requirements.

A.3 Government of Canada Departments

A.3.1 General

Within a GC department, the Deputy Minister is ultimately responsible for the safeguarding of all

COMSEC material held within the department.

A.3.2 Departmental Security Officer

The Departmental Security Officer (DSO) is appointed by the department Deputy Head. Among

other duties, as listed in the Policy on Government Security (PGS), the DSO is responsible to

manage the departmental security program. For additional information on the roles and

responsibilities of the DSO, consult the Directive on Departmental Security Management

(DDSM).

A.3.3 Departmental COMSEC Authority

A DCA may be appointed by the DSO to manage the departmental COMSEC program. The

DCA is responsible for developing, implementing, maintaining, coordinating and monitoring a

departmental COMSEC program that is consistent with the PGS and its operational standards.

NOTE 1: A GC department may determine that the departmental Information Technology

Security Coordinator (ITSC) will appoint the DCA.

NOTE 2: In departments where a DCA is not appointed, the DSO or ITSC must assume the

roles and responsibilities of the DCA.

A.3.4 COMSEC Custodian

COMSEC Custodians are responsible for the generation, receipt, custody, distribution,

disposition or destruction, and accounting of ACM entrusted to their COMSEC Account or

Sub-Account. COMSEC Custodians are also responsible for providing their departmental users

with COMSEC equipment troubleshooting support and guidance on the use of cryptographic

products (e.g. key). ITSD-03A provides detailed information on the roles and responsibilities of

the COMSEC Custodian Personnel, Local Elements and authorised users.

UNCLASSIFIED

ITSD-01A

Annex B – Personnel and January 2014 B-1 Physical Security

Annex B Personnel and Physical Security

B.1 Personnel

Deputy Heads of all Government of Canada (GC) departments are responsible for establishing a

security program for the coordination and management of departmental security activities.

Modern Information Technology (IT) systems, networks and terminals could, at any given

moment, contain or display extensive holdings of sensitive information. The quantity and

availability of information or the presence of classified or PROTECTED C information on or in

any system mandates additional personnel security measures for effective Communications

Security (COMSEC). Personnel who access, control and manage the volumes of information

conveyed over modern systems must meet stringent personnel security prerequisites.

Before COMSEC personnel (including maintenance personnel) are authorized access to

Accountable COMSEC Material (ACM), they must meet the access requirements detailed in

Article 3.3.3 and the IT Security Directive for the Control of COMSEC Material in the

Government of Canada (ITSD-03A).

COMSEC personnel employed outside Canada must be GC employees unless authorized by

COMSEC Client Services.

B.2 Physical

Protecting COMSEC material from unauthorized access is the goal of physical security. Access

to COMSEC material will permit any person with hostile intent to exploit communications data

and perhaps to recover information on a cryptographic system. Therefore, it is important to

protect COMSEC material from physical loss or unauthorized access in order to ensure the

security of all communications and to preserve any cryptographic principles employed.

Existing or proposed safeguards and physical security design standards should be periodically

evaluated against a current Threat and Risk Assessment (TRA). Normally, SECRET, TOP

SECRET and PROTECTED C information must be processed in a security zone, to which access

is limited to personnel who work there and to properly escorted visitors. In addition, when

recommended by the TRA, a high security zone should be used (refer to Annex F for details on

installation of cryptographic equipment).

NOTE: For additional information on security zones, refer to the Royal Canadian Mounted

Police (RCMP) Application of Physical Security Zones (G1-026) and the ITSD-03A.

UNCLASSIFIED

ITSD-01A

Annex B – Personnel and January 2014 B-2 Physical Security

B.2.1 Buildings and Accommodations

The physical security posture of buildings and accommodation must be designed to prevent

casual access, and to deter, delay and detect unauthorized access. The specific measures will be

based on the assets to be protected, an evaluation of the threat and the environment in which

sensitive assets are located. For additional information on physical security requirements refer to

the Operational Security Standard on Physical Security.

B.2.2 Security Containers and Locks

Security containers and locks used for the storage and protection of sensitive information and

assets must be of a type listed in the RCMP Security Equipment Guide (G1-001). Additional

information regarding secure storage of COMSEC material is contained in ITSD-03A.

NOTE: Departmental Security Officers (DSOs) should be consulted prior to selecting or

repairing security containers and locks.

UNCLASSIFIED

ITSD-01A

Annex C – Cryptographic Security January 2014 C-1

Annex C Cryptographic Security

C.1 Telecommunications Networks

Pursuant to the Management of Information Technology Security (MITS) standard and the

Directive for the Use of CSEC-Approved COMSEC Equipment and Key on a

Telecommunications Network (ITSD-04), Communications Security Establishment

(CSE)-approved cryptographic equipment and key must be used for the protection of classified

and PROTECTED C information transmitted on telecommunications networks. CSE must also

approve the use of cryptography endorsed by allied national security authorities prior to use by a

Government of Canada (GC) department for the protection of classified or PROTECTED C

information.

C.2 Satellites, Space Systems and Avionics

A GC or GC-sponsored satellite, space system or avionic system that has a classified or

PROTECTED C payload (data) must use CSE-approved cryptographic solutions to protect the

payload, the command and control link (i.e. Telemetry, Tracking and Control [TT&C]) and the

ground segment.

NOTE: It is recommended that a GC or GC-sponsored satellite, space system or avionic

system be considered for a CSEC-approved cryptographic solution to safeguard TT&C

regardless of the classification of the payload data.

The procedure for procuring CSE-approved cryptographic devices and key in support of

satellites, space systems and avionic systems is the same as for any other cryptographic device or

key. It is critical that CSE be involved as early in the concept and design phase of these systems

as practical to ensure national COMSEC concerns are addressed appropriately.

C.3 Cryptographic Equipment

C.3.1 General

Cryptographic equipment is designed to provide a secure means of moving information over

various transmission media, such as wireless, wirelines, fibre optic cables, or free space.

Cryptographic equipment may be either on-line or off-line.

C.3.2 Types of Cryptographic Equipment

There are two types of cryptographic equipment that CSE approves for use to protect classified

and PROTECTED C information:

High Assurance Cryptographic Products (HACP) (formerly known as Type 1) –

classified cryptographic equipment or unclassified Controlled Cryptographic Items (CCIs)

approved by CSE for securing GC classified (all levels) and protected (all levels)

information.

UNCLASSIFIED

ITSD-01A

Annex C – Cryptographic Security January 2014 C-2

Cryptographic High Value Products (CHVP) – UNCLASSIFIED cryptographic

equipment incorporating only UNCLASSIFIED components and Suite B algorithms

approved by CSE for securing classified (up to and including SECRET) and protected (all

levels) information. For information on the procurement, control and management of

CHVPs refer to the IT Security Directive for the Control of CSE-Approved Cryptographic

High Value Products (ITSD-07) or contact COMSEC Client Services.

C.3.2.1 On-line Cryptographic Equipment

On-line cryptographic equipment provides real-time encryption of information during its

transmission from the source device and decryption during its reception at the receiving end of a

circuit. On-line cryptographic equipment may be discrete cryptographic equipment installed

independently of the source RED device or embeddable module(s) mounted inside host

equipment (e.g. a radio transceiver or Personal Computer [PC]).

C.3.2.2 Off-line Cryptographic Equipment

Off-line cryptographic equipment provides encryption for data at rest. It also provides encryption

of information prior to its processing or transmission over a telecommunications network and

decryption of the encrypted information following its processing or reception.

C.3.3 Embeddable Cryptographic Modules

Embeddable or insertable cryptographic modules and cards provide secure digital communication

links (e.g. between PCs, workstations, facsimile equipment, radios). Cryptographic modules can

be software or hardware modules depending on the level of protection required for the

information being handled. In the case of a hardware token (e.g. Talon Cryptographic Token) in

which all encryption is performed on the token, the card is embedded only while in operation and

removed by the user when not in operation.

C.3.4 Cryptographic Algorithms

Historically, cryptography referred almost exclusively to encryption, which is the process of

converting plaintext information into ciphertext. Decryption is the reverse process which

converts the unintelligible ciphertext back to plaintext. A cryptographic algorithm is that

mathematical process which performs the encryption and the reversing decryption operations.

The operation of a cryptographic algorithm is controlled both by the algorithm itself and in each

instance by a key variable(s), and sometimes an initialization vector. Symmetric-key

cryptography refers to encryption methods in which both the sender and receiver share the same

key. Asymmetric cryptography (also known as public key cryptography) uses two different but

mathematically related key, (i.e. a public key and a private key). Cryptographic algorithms are

used in many more applications than just encryption and decryption (e.g. authentication,

integrity, non-repudiation). Suite A and Suite B refer to two sets of cryptographic algorithms,

containing both symmetric and asymmetric algorithms, which are approved by CSE for the

protection of classified and protected information.

UNCLASSIFIED

ITSD-01A

Annex C – Cryptographic Security January 2014 C-3

C.3.4.1 Suite A

Suite A cryptography contains classified algorithms that are not for release or use outside of the

5-Eyes community (i.e. Canada, Australia, New Zealand, United States and United Kingdom)

and North Atlantic Treaty Organization (NATO) nations. Suite A algorithms are most

appropriate for use in communities to provide security services for classified information that has

a long intelligence life (e.g. TOP SECRET strategic information) where the cryptographic

equipment is located in protected environments such as secured enclaves.

C.3.4.2 Suite B

Suite B cryptography contains unclassified cryptographic algorithms that are CSE-approved for

classified and protected use in the GC. Only those implementations that have been CSE approved

may be used for classified (up to SECRET) and PROTECTED C applications. Suite B

cryptography is most suitable in applications involving information with a short intelligence life

in environments where there is a higher risk of equipment loss or compromise (e.g. tactical

usage).

C.3.5 Cryptographic Key

Cryptographic key (also referred to as “key” throughout this directive) provides the means not

only to hide information but also to protect it from unauthorized modification, undetected

modification and unauthorized use. In addition to encryption and decryption, some key can also

be used for digital signatures. Encryption provides for confidentiality of information and the

digital signature provides for authentication, non-repudiation and integrity of the data.

Key can be produced in physical format or generated in electronic format.

C.3.5.1 Physical Key

CSE no longer produces physical key; however, it may still distribute physical key that has been

provided to the GC from another country and that CSE has approved for use.

C.3.5.2 Electronic Key

CSE is the authority for the generation and distribution of electronic key to protect classified and

PROTECTED C information and data. Electronic key may be generated locally utilizing

CSE-approved key generation equipment (e.g. Electronic Key Management System [EKMS],

Local Management Device/Key Processor [LMD/KP]). GC department requirements for

electronic key, including authorization for the generation of key, must be directed to Crypto

Material Assistance Centre (CMAC).

C.3.5.3 Use

Physical and electronic key must be employed only under the specific conditions detailed in the

operational doctrine pertinent to the cryptographic system or equipment in use. Any deviation

from doctrine requirements could result in a COMSEC incident.

UNCLASSIFIED

ITSD-01A

Annex D – Transmission and January 2014 D-1 Emission Security

Annex D Emission and Transmission Security

D.1 Emission Security Controls

Emission Security (EMSEC) is the discipline of reducing electromagnetic interference between

Information Technology (IT) and telecommunications equipment, as well as reducing

unintentional electromagnetically radiated signals, that, when intercepted, divulge classified or

protected information.

EMSEC controls are security measures that can be implemented into a facility to reduce the

overall risk of an unauthorized interception of Compromising Emanations or Emissions (CE)

from RED (unencrypted) IT systems. For more information on EMSEC controls refer to the

documents COMSEC Installation Planning – TEMPEST Guidance and Criteria (ITSG-11) and

Compromising Emanations Laboratory Test Requirements, Electromagnetics (CID/09/15A),

available through COMSEC Client Services.

D.2 Transmission Security

Transmission Security (TRANSEC) is that component of communications security that results

from the application of measures designed to protect transmissions from interception and

exploitation by means other than cryptanalysis.

Monitoring encrypted or encoded communications can provide considerable information from

the characteristics and circumstances of transmissions, particularly over a period of observation.

The interception and analysis of improperly protected transmissions provide an attractive and

profitable form of intelligence and provides opportunities for exploitation.

TRANSEC includes, but is not limited to, Low Probability of Detection, Frequency Hopping

(LPDFH) radios, Traffic Flow Security (TFS) and High Assurance Internet Protocol Encryptor

(HAIPE) Maximum Transfer Unit (MTU) fixed packet configuration controls. TRANSEC key

for classified and PROTECTED C sovereign applications is provided by Communications

Security Establishment (CSE).

NOTE: TRANSEC is that field of COMSEC which deals with the security of communication

transmissions, rather than that of the information being communicated.

UNCLASSIFIED

ITSD-01A

Annex E – COMSEC Material January 2014 E-1 Management and Control

Annex E COMSEC Material Management and Control

E.1 General

As stated in Article A.2.3, The National Central Office of Record (NCOR) oversees the

management of all Accountable COMSEC Material (ACM) produced by Canada or entrusted to

Canada. In fulfilment of this responsibility, the National COMSEC Material Control System

(NCMCS) provides for the accounting and control of all ACM through the NCOR and a series of

Communications Security (COMSEC) Accounts and Sub-Accounts.

Methods of COMSEC material accounting and control vary and are determined by the nature of

the material, such as:

ACM

ACM under development, and

specific COMSEC material (other than above).

E.1.1 Accountable COMSEC Material

COMSEC material, including foreign COMSEC material, assigned an accountability requirement

by the country of origin which requires formal accounting, and which is considered ACM and

must be managed through the NCMCS. All ACM is subject to the COMSEC controls and

handling requirements as detailed in the IT Security Directive for the Control of COMSEC

Material in the Government of Canada (ITSD-03A) and the Directive for the Control of

COMSEC Material in the Canadian Private Sector (ITSD-06).

E.1.2 Accountable COMSEC Material under Development

The security of ACM is dependent upon adequate controls from inception of the material through

eventual destruction.

The NCMCS provides the desired degree of control over ACM approved for use, but the

NCMCS procedures would entail a prohibitive amount of management if applied to ACM in the

various stages of fabrication within a facility or when moved between facilities. In lieu of

entering such in-production or "In-Process" ACM into the formal NCMCS, organizations

engaged in ACM development or production must handle and control In-Process ACM as

detailed in the IT Security Directive for the Control of In-Process COMSEC Material (ITSD-08)

and ITSD-06, as applicable.

UNCLASSIFIED

ITSD-01A

Annex E – COMSEC Material January 2014 E-2 Management and Control

E.1.3 Specific COMSEC Material

Communications Security Establishment (CSE) may designate specific non-accountable

COMSEC material to be controlled and locally tracked by the COMSEC Custodian outside of

the NCMCS. Control and handling must be at the classification level of the material and as

detailed in ITSD-03A, unless otherwise specified.

For additional information on management of specific COMSEC material, or if in doubt as to the

accountability and control requirements of non-ACM, contact COMSEC Client Services.

E.1.4 Other COMSEC Material

For access to CSE produced non- accountable COMSEC technical documentation

(e.g. directives, guidelines, alerts and bulletins) pertaining to relevant COMSEC issues refer to

Articles 1.2 and 1.13, or contact COMSEC Client Services.

E.2 Appointment of COMSEC Account Personnel

The Departmental Security Officer (DSO) is responsible for the screening of personnel selected

to become a Departmental COMSEC Custodian (DCA), COMSEC Custodian or Alternate

COMSEC Custodian. Detailed information in regards to the prerequisites for appointment of

COMSEC Custodian personnel, specific roles and responsibilities are detailed in ITSD-03A and

ITSD-06.

E.2.1 Controlling Authority

The DCA must appoint a Controlling Authority (CA) for each Cryptographic Network

(cryptonet) established within its department to protect the electronic communication of

classified and PROTECTED C information. For detailed information regarding roles and

responsibilities of a CA refer to the Directive for the Use of CSEC-Approved COMSEC

Equipment and Key on a Telecommunications Network (ITSD-04).

E.3 Distribution

E.3.1 General

The danger of loss or compromise of ACM is increased substantially during distribution.

COMSEC Account personnel must be fully conversant with the rules detailed in ITSD-03A or

ITSD-06 (as applicable) regarding the movement of ACM (e.g. shipments).

NOTE: COMSEC Account personnel include all individuals (including Local Elements and

authorized users) associated with a COMSEC Account.

UNCLASSIFIED

ITSD-01A

Annex E – COMSEC Material January 2014 E-3 Management and Control

E.3.1.1 Transfer to a Foreign Nation

COMSEC Client Services is the authority for transferring Canadian ACM to a foreign entity

(e.g. allied nations, North Atlantic Treaty Organization [NATO], foreign private sector). As

detailed in ITSD-03A, Canadian ACM destined for a foreign nation must exit the NCMCS via

the National Distribution Authority (NDA).

E.3.1.2 Transfer from a Foreign Nation

Allied nations (including NATO nations and 5-Eyes community [Canada, Australia,

New Zealand, United States and United Kingdom]) will only deal with a nation’s National

Cryptographic Authority (NCA) when there is a requirement to transfer highly sensitive

COMSEC material (known as ACM in Canada) to an entity within another country. To

accommodate such transfers, COMSEC Client Services must be contacted.

E.3.2 Storage

Classified and protected ACM must be stored within security zones (refer to the Operational

Security Standard on Physical Security) and access safeguards put in place that are consistent

with the following Royal Canadian Mounted Police (RCMP) publications must be considered:

Guide to the Application of Physical Security Zones (G1-026),

Physical Security Guide – Control of Access (G1-024),

Physical Security Guide – Protection, Detection and Response (G1-025),

Physical Security Guide – Secure Rooms (G1-029), and

Security Equipment Guide (G1-001).

When planning storage facilities, consideration must be given to the efficient handling of the

ACM to be stored, as well as ease of disposal in an emergency situation.

Storage containers used to hold ACM must be under the direct control of the responsible

COMSEC Custodian.

For detailed information and direction on the use of security containers for the protection of

ACM, refer to ITSD-03A.

E.3.3 Destruction of Accountable COMSEC Material

ACM must not be destroyed without specific authorization from COMSEC Client Services

unless the risk of compromise in a hazardous situation or an emergency is greater than the

security in place to prevent the compromise. For detailed direction on destruction of COMSEC

material refer to ITSD-03A.

UNCLASSIFIED

ITSD-01A

Annex E – COMSEC Material January 2014 E-4 Management and Control

E.3.4 Modification and Reproduction of COMSEC Material

No modification or reproduction of any kind is permitted to be made to ACM without prior

approval of COMSEC Client Services. Approved modification and reproduction of ACM must

be documented and controlled as detailed in ITSD-03A.

E.3.5 Declassification or Classification Downgrading

GC departments must consult COMSEC Client Services before declassifying or downgrading the

classification of ACM or classified and protected COMSEC information or material related to

ACM. This includes information or material produced before 1975 when CSE was the

Communications Branch of the National Research Council.

E.3.6 COMSEC Emergency Planning

GC departments that hold ACM must prepare a plan that will provide for the security of ACM

during emergencies. For natural disasters and accidental emergencies, planning should emphasize

maintaining security control over the ACM until order is restored. Planning for potential hostile

action must concentrate on the safe evacuation or secure destruction of the ACM. The emergency

plan should be incorporated into the Business Continuity Plan established for the entire facility.

If the plan calls for the destruction of ACM, all destruction material, devices and facilities used

in the destruction process must be readily available and in good working order. The plan must be

realistic, workable and must accomplish the goals for which it is prepared. Additional

information regarding COMSEC emergency planning, as well as emergency destruction of ACM

is contained in ITSD-03A.

E.3.7 COMSEC Incidents

The protection of ACM is dependent on the timely reporting of any compromise, or suspected

compromise. When a compromise is reported, action must be taken to minimize the damage

caused, determine the impact of the compromise and to implement corrective changes. Detailed

direction on identifying and reporting COMSEC incidents involving ACM is provided in

COMSEC incidents are detailed in the Directive for Reporting and Evaluating COMSEC

Incidents Involving Accountable COMSEC Material (ITSD-05).

It is the responsibility of every person who handles or otherwise has access to ACM to promptly

report all COMSEC incidents (confirmed or suspected) involving ACM.

UNCLASSIFIED

ITSD-01A

Annex F – Installation and Maintenance January 2014 F-1 of Cryptographic Equipment

Annex F Installation and Maintenance of Cryptographic

Equipment and Software

F.1 General

Sound installation, maintenance, procedures and practices in regards to cryptographic equipment

and software are essential to preserve Communications Security (COMSEC) integrity. These

activities must be performed in accordance with the equipment specific doctrine and this

directive, with doctrine taking precedence.

Personnel provided access to cryptographic equipment and software for installation and

maintenance purposes must meet the prerequisites set forth in the IT Security Directive for the

Control of COMSEC Material in the Government of Canada (ITSD-03A) for access to ACM.

F.2 COMSEC Awareness

Government of Canada (GC) departments must ensure all personnel tasked with installation or

maintenance of cryptographic equipment, or equipment containing cryptographic components or

software, receive COMSEC awareness training.

COMSEC awareness training on COMSEC directives, doctrine and guidelines pertaining to

Communications Security Establishment (CSE)-approved COMSEC solutions should include:

departmental COMSEC procedures and regulations and standard operating procedures;

principles and applications of TEMPEST (where appropriate);

security and technical threat awareness;

awareness of special protective technology hardware (where appropriate);

unique security requirements pertaining to the cryptographic equipment or systems; and

physical handling, accounting, and destruction requirements.

NOTE: COMSEC awareness training does not in itself qualify personnel to perform

installation of or maintenance on cryptographic equipment.

F.3 Installation

The equipment Approval For Use (AFU) and doctrine must be reviewed prior to the installation

of cryptographic equipment.

Cryptographic equipment and software selected for an application are dependent on the

conclusions drawn from a Threat and Risk Assessment (TRA). If the TRA warrants the use of

TEMPEST, the installers should consult the COMSEC Installation Planning - TEMPEST

Guidance and Criteria (ITSG-11) as well as the Government of Canada Facility Evaluation

Procedures (ITSG-12).

UNCLASSIFIED

ITSD-01A

Annex F – Installation and Maintenance January 2014 F-2 of Cryptographic Equipment

NOTE: ITSG-11 and ITSG-12 are available through COMSEC Client Services.

In addition to a TRA and a Security Assessment and Authorization (formerly known as a

Certification and Accreditation), an Emission Security (EMSEC) evaluation based on ITSG-11

should be completed and validated.

F.4 Maintenance

In context of this directive, maintenance includes the repair, preventive maintenance, software

upgrades, and configuration of security and non-security parameters.

Accounting and control of cryptographic equipment, including any ancillaries, undergoing repair,

overhaul, software upgrade and configuration security and non-security parameters must be in

accordance with ITSD-03A. Non-accountable related material such as TEMPEST equipment and

ancillaries, and documents must be handled commensurate with the appropriate classification

level.

Only qualified technicians (refer to Article F.7) are permitted to perform maintenance of

cryptographic equipment and ancillaries. If uncertain as to whether cryptographic equipment can

be maintained or repaired locally, GC departments must contact COMSEC Client Services.

NOTE: Qualified technicians are persons who have satisfactorily completed a CSE-approved

formal maintenance training course for specific cryptographic equipment.

F.5 Modifications

All modifications to cryptographic equipment, whether hardware or software, must be approved

by COMSEC Client Services:

cryptographic equipment, software, spare parts and technical residue material, whether

serviceable or unserviceable, must not be destroyed or disposed of without the approval of

COMSEC Client Services; and

to prevent unauthorized modification, cryptographic equipment and ancillaries, as well as

TEMPEST equipment, must be repaired using only CSE-approved material.

F.6 Configuration Management

The hardware and software configuration of cryptographic equipment must be managed and kept

current. This is to assure system security integrity, and interoperability.

UNCLASSIFIED

ITSD-01A

Annex F – Installation and Maintenance January 2014 F-3 of Cryptographic Equipment

F.7 Training

Personnel installing or maintaining cryptographic equipment and software must successfully

complete a CSE-approved course. Information on recognized courses can be sought from

COMSEC Client Services. Exceptions to this requirement are:

GC departments may permit installation and maintenance field-training to meet immediate

operational requirements; however, formal training must be taken at the earliest opportunity;

and

technicians who successfully complete a CSE-approved generic cryptographic equipment

maintenance course are qualified to perform general maintenance on the cryptographic

equipment without requiring training on each piece of equipment. The maintenance

permitted must be completed as detailed in the equipment maintenance manual.

NOTE 1: Contact COMSEC Client Services for additional guidance on exceptions.

NOTE 2: GC departments using contract cryptographic equipment installation and

maintenance training services must include provision for compliance with this

directive and associated equipment doctrine.

F.8 Installation and Maintenance Manuals

Requests for issue of maintenance and installation manuals from foreign COMSEC authorities

are to be directed to COMSEC Client Services.