it security directive for the application of communications security using cse ... · unclassified...
TRANSCRIPT
UNCLASSIFIED
January 2014
IT Security Directive for the
Application of Communications Security Using CSE-Approved Solutions
ITSD-01A
UNCLASSIFIED
ITSD-01A
Foreword January 2014 ii
Foreword
As the national authority for Communications Security, the Communications Security
Establishment has published the IT Security Directive for the Application of Communications
Security Using CSE-Approved Solutions (ITSD-01A) as its authoritative cornerstone policy
instrument. The following regulatory publications provide the GC with amplified security
requirements identified in this directive:
IT Security Directive for the Control of COMSEC Material in the Government of Canada
(ITSD-03A);
Directive for the Use of CSEC-Approved COMSEC Equipment and Key on a
Telecommunications Network (ITSD-04);
Directive for Reporting and Evaluating COMSEC Incidents Involving Accountable
COMSEC Material (ITSD-05);
Directive for the Control of COMSEC Material in the Canadian Private Sector (ITSD-06);
IT Security Directive for the Control of CSE-Approved Cryptographic High Value Products
(ITSD-07), under development; and
IT Security Directive for the Control of In-Process COMSEC Material (ITSD-08), under
development.
This directive is an UNCLASSIFIED publication issued under the authority of the Chief,
Communications Security Establishment in accordance with the Treasury Board of Canada
Secretariat Policy on Government Security.
This directive supersedes the Directives for the Application of Communications Security in the
Government of Canada (ITSD-01), January 2005, and the Information Technology Security
Bulletin, Amendment 1-2010 to the Directives on the Application of Communications Security in
the Government of Canada (ITSD-01), July 2010.
General inquiries and suggestions for amendments are to be forwarded through departmental
communications security channels to COMSEC Client Services at the Communications Security
Establishment.
The Communications Security Establishment will notify users of changes to this publication.
UNCLASSIFIED
ITSD-01A
Foreword January 2014 iii
Effective Date
This Directive takes effect on date of signature.
____________________________________________________
Toni Moffa
Deputy Chief, IT Security
January 10, 2014
Date
© Government of Canada, Communications Security Establishment, 2014
Physical or electronic copies of this publication, in part or in whole, may be made for official
Government of Canada use only. Reproduction of multiple copies of this publication for the
purpose of commercial redistribution is prohibited except with written permission from the
Government of Canada’s copyright administrator, Public Works and Government Services
Canada.
UNCLASSIFIED
ITSD-01A
Summary of Changes January 2014 iv
Summary of Changes
With the introduction of several new Information Technology Security Directives recently
published by the Communication Security Establishment to support Communications Security in
the Government of Canada, many chapters, articles and annexes of the original Directives for the
Applications of Communications Security in the Government of Canada (ITSD-01) dated
January 2005, have been removed or updated as indicated below.
Removed
Annex A Communications Security Organizations and Responsibilities
Annex E Emission Security – now part of Annex D
Annex G Communications Security Incidents and Compromises –
Removed - Refer to ITSD-05
Annex I Cryptographic Network Management – Refer to ITSD-04
Annex J Cryptographic Equipment Ownership and Acquisition –
Refer to Chapter 4, as wells as ITSD-03A and ITSD-06
Annex K Committees – Terms of Reference – Removed
Annex L Points of Contact – Refer to Article 1.11
Annex M Accountable COMSEC Material Control Agreement – Removed –
Refer to http://www.cse-cst.gc.ca/its-sti/services/cmac-
cagmc/forms-formulaires-eng.html
Annex N COMSEC Access Requests – Requirements – Removed –
Refer to ITSD-03A and ITSD-06
Annex O Cryptographic Equipment Procurement – Authorization –
Refer to Chapter 4, as well as ITSD-03A and ITSD-06
Amended
Appendix 1 and 2 Replaced with COMSEC Equipment Requirements (CER) form
and COMSEC Equipment Purchase Authorization (CEPA) form
Annex B Personnel and Physical Security
Annex C Cryptographic Security
Annex D Transmission Security – now includes Emission Security
Annex F Managing COMSEC Material – Now part of Annex E
UNCLASSIFIED
ITSD-01A
Table of Contents January 2014 v
Table of Contents
Foreword ........................................................................................................................ ii
Summary of Changes .................................................................................................. iv
List of Tables ............................................................................................................... vii
List of Abbreviations and Acronyms ........................................................................ viii
1 Introduction ......................................................................................................... 1
1.1 Purpose ..................................................................................................... 1
1.2 Authority ..................................................................................................... 1
1.3 Scope ........................................................................................................ 1
1.4 Context ...................................................................................................... 2
1.5 Application ................................................................................................. 2
1.6 Expected Results ....................................................................................... 2
1.7 Compliance ................................................................................................ 2
1.8 Consequence of Non-Compliance ............................................................. 2
1.9 Conflict Resolution ..................................................................................... 3
1.10 Request for Exception or Waiver ............................................................... 3
1.11 Contact Information ................................................................................... 3
1.12 COMSEC User Portal ................................................................................ 4
1.13 Communications Security Establishment Web Site ................................... 4
2 Lead Agency Roles and Responsibilities ......................................................... 5
2.1 General ...................................................................................................... 5
2.2 Treasury Board of Canada Secretariat ...................................................... 5
2.3 Communications Security Establishment................................................... 5
2.4 Public Works Government Services Canada ............................................. 5
2.5 Royal Canadian Mounted Police ............................................................... 5
3 Communications Security ................................................................................. 6
3.1 General ...................................................................................................... 6
3.2 COMSEC Components .............................................................................. 6
3.3 Protection of COMSEC Material ................................................................ 6
3.4 Export of Accountable COMSEC Material ................................................. 7
3.5 Shipment of Accountable COMSEC Material ............................................ 7
3.6 Travel with Accountable COMSEC Device ................................................ 7
3.7 COMSEC Incidents – Accountable COMSEC Material ............................. 8
3.8 COMSEC Training ..................................................................................... 8
4 Cryptographic Equipment – Procurement and Ownership ............................. 9
4.1 General ...................................................................................................... 9
4.2 Government of Canada Departments ........................................................ 9
UNCLASSIFIED
ITSD-01A
Table of Contents January 2014 vi
4.3 Sponsored Government of Canada Departments and Other Levels or Government ............................................................................................... 9
4.4 Canadian Private Sector .......................................................................... 10
4.5 Additional Regulations ............................................................................. 10
4.6 Purchase of CSE-Approved Solutions from the United States ................ 11
5 Glossary ............................................................................................................ 12
6 Bibliography ...................................................................................................... 14
Annex A COMSEC Management Roles and Responsibilities .......................... A-1
A.1 General ...................................................................................................A-1
A.2 Communications Security Establishment................................................A-1
A.3 Government of Canada Departments .....................................................A-2
Annex B Personnel and Physical Security ....................................................... B-1
B.1 Personnel................................................................................................B-1
B.2 Physical ..................................................................................................B-1
Annex C Cryptographic Security ....................................................................... C-1
C.1 Telecommunications Networks .............................................................. C-1
C.2 Satellites, Space Systems and Avionics ................................................ C-1
C.3 Cryptographic Equipment ...................................................................... C-1
Annex D Emission and Transmission Security ................................................ D-1
D.1 Emission Security Controls .................................................................... D-1
D.2 Transmission Security ........................................................................... D-1
Annex E COMSEC Material Management and Control ......................................E-1
E.1 General ...................................................................................................E-1
E.2 Appointment of COMSEC Account Personnel ........................................E-2
E.3 Distribution ..............................................................................................E-2
Annex F Installation and Maintenance of Cryptographic Equipment and
Software ................................................................................................ F-1
F.1 General ................................................................................................... F-1
F.2 COMSEC Awareness ............................................................................. F-1
F.3 Installation............................................................................................... F-1
F.4 Maintenance ........................................................................................... F-2
F.5 Modifications ........................................................................................... F-2
F.6 Configuration Management .................................................................... F-2
F.7 Training ................................................................................................... F-3
F.8 Installation and Maintenance Manuals ................................................... F-3
UNCLASSIFIED
ITSD-01A
List of Tables January 2014 vii
List of Tables
Table 1 – Contact Information for COMSEC Offices ....................................................... 3
UNCLASSIFIED
ITSD-01A
List of Abbreviations and Acronyms January 2014 viii
List of Abbreviations and Acronyms
ACM Accountable COMSEC Material ACMCA Accountable COMSEC Material Control Agreement AFU Approval for Use ALC Accounting Legend Code
CA Controlling Authority CCI Controlled Cryptographic Item CE Compromising Emanations CEPA COMSEC Equipment Purchase Authorization CER COMSEC Equipment Requirements CGP Controlled Goods Program CHVP Cryptographic High Value Product CICA CSE Industrial COMSEC Account CISD Canadian Industrial Security Directorate CMAC Crypto Material Assistance Centre COMSEC Communications Security cryptonet Cryptographic Network CSE Communications Security Establishment CUP COMSEC User Portal
DCA Departmental COMSEC Authority DCITS Deputy Chief, Information Technology Security DDSM Directive on Departmental Security Management DS Direct Sales DSO Departmental Security Officer
EKMS Electronic Key Management System EMSEC Emission Security
FAA Financial Administration Act FMS Foreign Military Sales FOCI Foreign Ownership Control or Influence FSU Field Software Upgrade
GC Government of Canada
HACP High Assurance Cryptographic Product HAIPE High Assurance Internet Protocol Encryptor
IISD International Industrial Security Directorate ISP Industrial Security Program IT Information Technology ITAR International Traffic in Arms Regulations ITSC Information Technology Security Coordinator ITSD Information Technology Security Directive
UNCLASSIFIED
ITSD-01A
List of Abbreviations and Acronyms January 2014 ix
ITSG Information Technology Security Guidance ITSLC IT Security Learning Centre
KP Key Processor
LMD Local Management Device LPDFH Low Probability of Detection and Frequency Hopping
MITS Management of Information Technology Security MOA Memorandum of Agreement MOU Memorandum of Understanding MTU Maximum Transfer Unit
NATO North Atlantic Treaty Organization NCA National Cryptographic Authority NCAT National COMSEC Audit Team NCIO National COMSEC Incidents Office NCMCS National COMSEC Material Control System NCOR National Central Office of Record NDA National Distribution Authority
OLG Other Levels of Government
PC Personal Computer PGS Policy on Government Security PWGSC Public Works and Government Services Canada
RCMP Royal Canadian Mounted Police
SGSM Secure Global System for Mobile Communications Security Module SSC Shared Services Canada
TAA Technical Assistance Agreement TBS Treasury Board of Canada Secretariat TFS Traffic Flow Security TRA Threat and Risk Assessment TRANSEC Transmission Security TT&C Telemetry, Tracking and Control
U.S. United States USML United States Munitions List
UNCLASSIFIED
ITSD-01A
Introduction January 2014 1
1 Introduction
The Government of Canada (GC) has established a program known as Communications Security
(COMSEC) to assist in the protection of classified and PROTECTED C information and data.
The COMSEC program involves the application of cryptographic security, transmission and
emission security, physical security measures, operational practices and controls. The objective
of COMSEC is to deny unauthorized access to information and data derived from
telecommunications and to ensure the confidentiality, integrity and authenticity of such
telecommunications.
For the purpose of this directive, the term “GC department” includes any federal institution
(e.g. Department, Agency, Organization) subject to the Policy on Government Security (PGS)
and to Schedules I, I.1, II, IV and V of the Financial Administration Act (FAA), unless excluded
by specific acts, regulations or Orders in Council.
1.1 Purpose
This directive provides baseline COMSEC requirements for the use of Communications
Security Establishment (CSE)–approved COMSEC solutions used to safeguard GC classified
and PROTECTED C information and data.
1.2 Authority
This directive is promulgated pursuant to the PGS that delegates the CSE as the lead security
agency and national authority for COMSEC. CSE is responsible for the development, approval
and promulgation of COMSEC policy instruments and for the development of guidelines and
tools related to Information Technology (IT) security.
1.3 Scope
The direction provided within this directive is designed to meet the control and safeguard
requirements for the use of Accountable COMSEC Material (ACM), including High Assurance
Cryptographic Products (HACPs) and Cryptographic High Value Products (CHVPs), that are
approved for use by CSE for the protection of GC classified and PROTECTED C information
and data.
“Accountable COMSEC Material” is COMSEC material that requires control and accountability
within the National COMSEC Material Control System (NCMCS).
“COMSEC material” is designed to secure or authenticate telecommunications information.
COMSEC material includes cryptographic key, devices, hardware, firmware or software that
embodies or describes cryptographic logic. It also includes the documents that describe and
support these items.
UNCLASSIFIED
ITSD-01A
Introduction January 2014 2
1.4 Context
The PGS, the Directive on Departmental Security Management (DDSM), and the Operational
Security Standard: Management of Information Technology Security (MITS) are supported by
this directive.
1.5 Application
This directive applies to GC departments that are authorized to handle, control and safeguard
CSE-approved COMSEC solutions to protect classified and PROTECTED C information and
data for the GC.
1.6 Expected Results
Implementation of this directive will help ensure the protection of GC classified and protected
information and data. It will also ensure that Canada’s commitments to safeguard and control
COMSEC material are aligned with the agreements and security requirements of its international
partners.
1.7 Compliance
Compliance with this directive is the responsibility of each GG department that has been
authorized to use CSE-approved COMSEC solutions.
NOTE: GC departments that sponsor Other Levels of Government (OLG) or private sector
companies to hold and use CSE-approved solutions as detailed in this directive, the
IT Security Directive for the Control of COMSEC Material in the Government of
Canada (ITSD-03A) and the Directive for the Control of COMSEC Material in the
Canadian Private Sector (ITSD-06) are responsible to ensure that a sponsored OLG or
private sector company complies with this directive, where applicable.
For the purpose of this directive, the terms:
“Other Levels of Government” includes provincial, municipal and local government
organizations (e.g. law enforcement agencies); and
“private sector company” includes Canadian companies, organizations or individuals that do
not fall under the FAA or are not subordinate to a provincial or municipal government. It
also includes Canadian-based industries (or other non-government organizations) where
security is administered by the Public Works and Government Services Canada (PWGSC)
Industrial Security Program (ISP).
1.8 Consequence of Non-Compliance
Failure to comply with this directive may result in escalated administrative controls being placed
on CSE-provided COMSEC solutions.
UNCLASSIFIED
ITSD-01A
Introduction January 2014 3
1.9 Conflict Resolution
When a conflicting national-level COMSEC directive (e.g. ITSD series) is encountered, this
directive will take precedence. Any conflict between the requirements contained in this directive
and any other national (e.g. PGS, DDSM and MITS) or international (e.g. International Traffic in
Arms Regulations [ITAR]) requirements are to be submitted to COMSEC Client Services for
resolution.
1.10 Request for Exception or Waiver
A request for an exception (substitution) or a waiver (a temporary exemption from a specific
requirement) in regards to the direction provided within must be submitted, by the Departmental
Security Officer (DSO), to COMSEC Client Services for approval.
1.11 Contact Information
The following table contains contact information for offices within CSE that provide COMSEC
support to users.
Unless otherwise specified, telephone numbers listed are attended from 8 a.m. to 4 p.m. Eastern
Standard Time, Monday to Friday.
Table 1 – Contact Information for COMSEC Offices
COMSEC Client Services
Telephone: 613-991-8495
Secure Fax: 613-991-8565 [email protected]
Crypto Material Assistance Centre (CMAC)
and National Central Office of Record (NCOR)
Telephone: 613-991-8600
Secure Fax: 613-991-8565 [email protected]
National COMSEC Incidents Office (NCIO)
During work hours:
Telephone: 613-991-8175
Fax: 613-991-7588
Secure Fax: Call 613-991-8175 for set up
After office hours:
Telephone: 613-991-8762
Fax: 613-991-8766
UNCLASSIFIED
ITSD-01A
Introduction January 2014 4
1.12 COMSEC User Portal
Authorized users may access the CSE COMSEC User Portal (CUP) at
https://comsecportal.cse-cst.gc.ca. The CSE CUP provides COMSEC-related UNCLASSIFIED
and PROTECTED A information and Field Software Upgrades (FSUs) associated with
CSE-approved high assurance products, systems and services. For information on becoming an
authorized user of the CSE CUP, contact CMAC.
1.13 Communications Security Establishment Web Site
COMSEC directives and information (UNCLASSIFIED only) associated with CSE-approved
high assurance products, systems and services are available at
http://www.cse-cst.gc.ca/its-sti/publications/index-eng.html.
UNCLASSIFIED
ITSD-01A
Lead Agency January 2014 5 Roles and Responsibilities
2 Lead Agency Roles and Responsibilities
2.1 General
The PGS provides direction to lead security agencies that play a role in the protection of
COMSEC material in the GC. This Chapter highlights the services these agencies provide in
regards to the protection of COMSEC material. For information on roles and responsibilities as
they relate to management of ACM refer to Annex A.
2.2 Treasury Board of Canada Secretariat
The Treasury Board of Canada Secretariat (TBS) establishes and oversees a
whole-of-government approach to security and identity management as a key component of all
management activities and monitors the adequacy of services to support these activities and
practices across government.
2.3 Communications Security Establishment
As the national COMSEC authority, CSE is responsible for approving the certification,
acquisition and use of cryptographic equipment and cryptographic key, as well as developing
COMSEC-related policy instruments, that protect classified and PROTECTED C information.
The Deputy Chief, Information Technology Security (DCITS) has overall responsibility to ensure
provision and application of CSE-approved COMSEC solutions, as detailed in Article 1.2.
2.4 Public Works Government Services Canada
PWGSC provides leadership and coordination that helps ensure the application of security
safeguards through all phases of contracting with private sector companies within the scope of
the ISP. The ISP enables the Canadian private sector to compete for domestic and international
government contracts, protects public safety by safeguarding sensitive and controlled assets and
provides contract security services through the Canadian Industrial Security Directorate (CISD)
and the International Industrial Security Directorate (IISD).
2.5 Royal Canadian Mounted Police
The Royal Canadian Mounted Police (RCMP) provides leadership and coordination for
departmental activities that helps ensure the physical protection of government information,
assets, facilities and people and provides services related to crime prevention, personnel
screening, policing, law enforcement and investigations.
UNCLASSIFIED
ITSD-01A
Communications Security January 2014 6
3 Communications Security
3.1 General
The protection of information transmitted by electrical means and of certain electronic emissions
associated with classified or PROTECTED C information involves the use of specialized
technical, operational and physical security measures. The doctrine required and the technical,
operational and physical means employed to achieve this protection are collectively referred to as
COMSEC.
3.2 COMSEC Components
COMSEC is comprised of the following components:
Personnel and Physical Security (refer to Annex B)
Cryptographic Security (refer to Annex C), and
Emission and Transmission Security (refer to Annex D).
3.3 Protection of COMSEC Material
3.3.1 General
Dependence on distributed IT is growing and becoming more complex as GC departments
continue to interconnect. The protection of electronic information delivery and data at rest must
preserve the security of the nation-sensitive information, which is dependent on specially
produced cryptographic devices and associated COMSEC material (e.g. cryptographic key).
COMSEC material, especially ACM, is a primary target of hostile intelligence services and
others who wish to exploit secure communications. Access to COMSEC material could be used
to gain knowledge, which can be employed to defeat the security provided by COMSEC.
Due to the sensitive nature of ACM that protects classified and PROTECTED C information,
general safeguards and control measures must be supplemented by security standards and
procedures (e.g. CSE provided directives, doctrine and guidelines) additional to those that apply
to other sensitive information.
3.3.2 Foreign COMSEC Material
There are times when CSE and GC departments will enter into a formal agreement or
understanding (e.g. Memorandums of Agreements [MOAs], Memorandums of Understanding
[MOUs] and Technical Assistance Agreements [TAAs]) with a foreign agency to facilitate the
protection of foreign COMSEC material and exchange of information to improve the COMSEC
capability of the GC. GC departments must contact COMSEC Client Services for guidance when
CSE-approved solutions are involved.
UNCLASSIFIED
ITSD-01A
Communications Security January 2014 7
3.3.3 Access to Accountable COMSEC Material
3.3.3.1 Canadian Citizens
Access to ACM is restricted to Canadian citizens (including those of dual nationality) who meet
the following criteria:
require access to ACM in the normal performance of their duties (e.g. those authorized as
COMSEC Custodians and Local Elements);
possess a GC security clearance at least equivalent to the sensitivity of the ACM to which
they will have access;
have received a COMSEC briefing; and
have signed a COMSEC Briefing Certificate.
NOTE: Access by persons with Permanent Resident Status is not authorized.
When, for any reason, a person is considered to be no longer qualified or suitable to access ACM,
the responsible manager must refer the case to the Departmental COMSEC Authority (DCA) or
departmental security and personnel authorities for appropriate action.
3.3.3.2 Foreign Nationals
Access to ACM by foreign nationals is prohibited unless approved by CSE.
3.4 Export of Accountable COMSEC Material
ACM must not be exported to another country (e.g. sold or loaned) without prior authorization
from COMSEC Client Services.
3.5 Shipment of Accountable COMSEC Material
Due to the sensitivity of ACM, special procedures must be put in place to safeguard ACM and to
ensure that any attempt to access a shipment can be detected. Detailed instructions for the
shipping of ACM within and outside of Canada are provided in ITSD-03A.
3.6 Travel with Accountable COMSEC Device
3.6.1 Domestic
For operational requirements, GC departments may permit departmental users of portable
accountable cryptographic equipment (e.g. Secure Global System for Mobile Communications
Security Module [SGSM]) to carry an item as personal property while traveling within Canada.
NOTE: OLG and Canadian private sector personnel are permitted to carry portable
cryptographic equipment while travelling within Canada if the requirement is stated in
a contract, MOA or MOU – refer to ITSD-06.
UNCLASSIFIED
ITSD-01A
Communications Security January 2014 8
3.6.2 Foreign
Subject to Canadian and foreign national laws (contact COMSEC Client Services for guidance),
as well as equipment specific doctrine, a GC department may permit departmental users of
portable cryptographic equipment to carry an item for official use to locations outside Canada.
The DCA must ensure there is an operational requirement prior to permitting CSE-approved
portable cryptographic equipment to be taken outside Canada.
NOTE: OLG and private sectors companies are not permitted to carry CSE-approved portable
cryptographic equipment outside Canada unless authorized by COMSEC Client
Services.
3.7 COMSEC Incidents – Accountable COMSEC Material
Loss or compromise of ACM can seriously damage national security. The compromise of ACM
does not merely involve the material itself but all information affected by the ACM (e.g. all
information transmitted over a particular circuit or circuits, or encrypted with particular
cryptographic key). Access to ACM could provide hostile agencies or groups with information
that would aid them in the exploitation of intercepted traffic or the penetration of cryptographic
systems and networks. The Directive for Reporting and Evaluating COMSEC Incidents Involving
Accountable COMSEC Material (ITSD-05) and equipment specific doctrine provide detailed
information on the identification and the reporting of COMSEC incidents.
3.8 COMSEC Training
To the extent possible, personnel who operate or handle ACM must be trained and tested for
proficiency in its use and management. Periodic refresher training and drills should be conducted
to ensure personnel maintain the skills required to securely operate and handle ACM in the
performance of their duties.
The CSE IT security training schedule and registration information are available from the
IT Security Learning Centre (ITSLC).
3.8.1 Manufacturer Provided Training
Some manufacturers of CSE-approved cryptographic equipment provide training for the
cryptographic equipment they produce. In order to attend this training, a visit clearance
authorization must be requested through IISD. If the training requires ACM access, COMSEC
Client Services will have to provide COMSEC access authority as detailed in ITSD-03A.
UNCLASSIFIED
ITSD-01A
Cryptographic Equipment January 2014 9 Procurement and Ownership
4 Cryptographic Equipment – Procurement and Ownership
4.1 General
Procurement of cryptographic equipment (e.g. HACPs and CHVPs) intended for secure exchange
of GC classified and PROTECTED C information must be approved by COMSEC Client
Services. Currently these devices are vetted through the CSE Approval for Use (AFU) process.
4.1.1 Approval for Use Process
Once a product has been released to Canada and client requirements identified, CSE completes
an approval process. In addition to confirming the security boundaries and compatibilities of the
product, the key production and management, technical, training and doctrinal guidance support
mechanisms are developed before approval is given for operational deployment.
4.2 Government of Canada Departments
A GC department must complete and submit a COMSEC Equipment Requirements (CER) form
and a COMSEC Equipment Purchase Authorization (CEPA) form to CSE before it will be
permitted to purchase CSE-approved cryptographic equipment. Once authorization is provided
by CSE for the purchase of cryptographic equipment, the GC department is responsible to
arrange the purchase through PWGSC.
NOTE: Shared Services Canada (SSC) is responsible for requesting approval to purchase
cryptographic equipment for GC departments for which it manages COMSEC
requirements.
4.3 Sponsored Government of Canada Departments and Other
Levels or Government
GC departments not identified in Article 1.5, as well as OLGs, are not permitted to purchase or
own CSE-approved cryptographic equipment. However, they are permitted to hold and use
cryptographic equipment (including cryptographic key and ancillaries) if authorized by
COMSEC Client Services and if sponsored by a GC department that has an established
COMSEC Account. The sponsor must:
purchase the equipment as detailed in Article 4.2;
coordinate the signing of an Accountable COMSEC Material Control Agreement (ACMCA),
by all parties;
develop or coordinate the development of a MOA or a MOU, if required by COMSEC
Client Services;
UNCLASSIFIED
ITSD-01A
Cryptographic Equipment January 2014 10 Procurement and Ownership
provide oversight at the sponsored GC department or OLG in the same manner as it would a
Local Element within its own department (refer to ITSD-03A); and
ensure minimum security requirements identified in this directive and ITSD-03A are met
prior to authorizing the loan.
NOTE: Information and data to be secured by an OLG must not be classified higher than
SECRET.
4.4 Canadian Private Sector
A private sector company is not permitted to purchase or own CSE-approved cryptographic
equipment. However, it is permitted to hold and use cryptographic equipment (including
cryptographic key and ancillaries) if authorized by COMSEC Client Services and if sponsored by
a GC department that has an established COMSEC Account. For additional direction on
providing ACM to a private sector company, refer to ITSD-06 or contact COMSEC Client
Services.
4.4.1 Installation and Maintenance of Cryptographic Equipment
The sponsoring GC department is responsible to ensure proper installation and maintenance
(refer to Annex F) of CSE-approved cryptographic equipment provided to a private sector
company.
4.5 Additional Regulations
4.5.1 Foreign Ownership, Control or Influence
A private sector company will normally require a PWGSC CISD Foreign Ownership, Control or
Influence (FOCI) assessment before being provided access to ACM to fulfil a GC contract
deliverable or in support of a CSE-approved requirement. This assessment is designed to ensure
there are no factors present in a private sector company’s ownership and control arrangements
that could allow unauthorized access to ACM. A private sector company will be considered
under FOCI when a reasonable basis exists, as determined by a PWGSC FOCI assessment, to
conclude that the nature and extent of FOCI is such that control over the management or
operations of the facility may result in the unauthorized access to ACM by foreign parties or their
agents.
NOTE: Requests for FOCI exemption must be submitted to COMSEC Client Services.
UNCLASSIFIED
ITSD-01A
Cryptographic Equipment January 2014 11 Procurement and Ownership
4.5.2 Canadian Controlled Goods Program
The Canadian Controlled Goods Program (CGP) is a domestic industrial security program
within the PWGSC that is mandated to help strengthen Canada’s defence trade controls and to
prevent the proliferation of tactical and strategic assets. Acceptance of the control and
management requirements of ACM detailed in this and other CSE directives and ACMCAs,
MOUs, MOAs, Non-Disclosure Agreements and TAAs, does not exempt a GC department from
having to implement the requirements of the Canadian CGP.
4.5.3 United States International Traffic in Arms Regulations
The ITAR is a set of United States (U.S.) government regulations that control the export and
import of defense-related items and services on the United States Munitions List (USML).
A significant amount of GC COMSEC material is of U.S. origin. Acceptance of the control and
management requirements of ACM detailed in this directive and other CSE directives including
ACMCAs, MOUs, MOAs and Non-Disclosure Agreements does not exempt a GC department
from having to implement the requirements of ITAR. For advice and guidance on the movement
of ITAR controlled ACM, contact COMSEC Client Services.
4.6 Purchase of CSE-Approved Solutions from the United States
The Information Technology Security Guidance for Purchasing CSEC-Approved Cryptographic
Equipment from the United States Government (ITSG-26) provides instructions and guidance on
the purchase of CSE-approved cryptographic equipment available from the U.S. via Foreign
Military Sales (FMS) and Direct Sales (DS).
UNCLASSIFIED
ITSD-01A
Glossary January 2014 12
5 Glossary
This glossary contains definitions for the terms used in this directive.
Accountable COMSEC Material
(ACM)
Communications Security (COMSEC) material that
requires control and accountability within the National
COMSEC Material Control System in accordance with
its accounting legend code and for which transfer or
disclosure could be detrimental to the national security
of Canada.
Accountable COMSEC Material
Control Agreement (ACMCA)
A binding agreement between Communications
Security Establishment and an entity (Government or
Canadian private sector) not listed in Schedules I, I.1,
II, IV and V of the Financial Administration Act that
will permit the acquisition, accounting, control,
management and final disposition of communications
security material.
Accounting Legend Code (ALC) A numeric code used to indicate the minimum
accounting controls for Communication Security
(COMSEC) material which requires control and
accountability within the National COMSEC Material
Control System.
Canadian Private Sector Canadian organizations, companies or individuals that
do not fall under the Financial Administration Act or
are not subordinate to a provincial or municipal
government.
Communications Security
(COMSEC)
The application of cryptographic, transmission,
emission and physical security measures, and
operational practices and controls, to deny unauthorized
access to information derived from telecommunications
and to ensure the authenticity of such
telecommunications.
Controlled Cryptographic Item
(CCI)
An unclassified secure telecommunications or
information system, or associated cryptographic
component, that is governed by a special set of control
requirements within the National COMSEC Material
Control System and marked “CONTROLLED
CRYPTOGRAPHIC ITEM” or, where space is limited,
“CCI”.
UNCLASSIFIED
ITSD-01A
Glossary January 2014 13
Cryptographic Equipment Equipment that performs encryption, decryption,
authentication or key generation functions.
Cryptographic High Value
Product (CHVP)
A product incorporating only UNCLASSIFIED
components and UNCLASSIFIED cryptographic
algorithms. A Cryptographic High Value Product is not
classified nor designated as a Controlled Cryptographic
Item.
Doctrine
(IT Security Doctrine)
The fundamental rules and procedures that govern the
protection, control and use of information technology
security equipment, systems and material as
promulgated by the responsible national authority.
Government of Canada (GC)
Department
Any federal department, organization, agency or
institution subject to the Policy on Government
Security.
High Assurance The demonstration of confidence that a product or
system, through the robustness of its security controls,
its related policies, doctrine, processes, procedures, and
the thorough evaluation and validation of its design and
operations is able to protect Government of Canada
information and communications requiring the most
stringent protection controls available.
In-Process (IP) COMSEC
Material
Communications Security (COMSEC) material being
developed, produced, manufactured or repaired.
Other Levels of Government
(OLG)
Provincial, municipal and local government
organizations (e.g. law enforcement agencies).
RED Designation applied to an information system, and
associated areas, circuits, components, and equipment
in which unencrypted information is being processed.
TEMPEST Refers to the investigation and study of Compromising
Emanations (CE). The unintentional transmission of CE
results in a secondary, unwanted communications
channel known as a TEMPEST channel.
UNCLASSIFIED
ITSD-01A
Bibliography January 2014 14
6 Bibliography
The following source documents were used in the development of this directive:
Communications Security Establishment:
o Compromising Emanations Laboratory Test Requirements, Electromagnetics
(NSTISSAM TEMPEST/1-91) (CID/09/15A), June 1995.
o COMSEC Installation Planning – TEMPEST Guidance and Criteria (ITSG-11).
o Criteria for the Design, Fabrication, Supply, Installation and Acceptance Testing of
Walk In Radio Frequency Shielded Enclosures (ITSG-02), 1999.
o Directive for Reporting and Evaluating COMSEC Incidents Involving Accountable
COMSEC Material (ITSD-05), April 2012.
o Directive for the Control of COMSEC Material in the Canadian Private Sector
(ITSD-06), June 2013.
o Directive for the Use of CSEC-Approved COMSEC Equipment and Key on a
Telecommunications Network (ITSD-04), November 2011.
o Government of Canada Facility Evaluation Procedures (ITSG-12), June 2005.
o Harmonized Threat and Risk Assessment (TRA) Methodology, October 23, 2007.
o Information Security Guidance for Purchasing CSEC-Approved Cryptographic
Equipment from the United States Government (ITSG-26), January 2013.
o IT Security Directive for the Control and Management of In-Process COMSEC
Material (ITSD-08), under development.
o IT Security Directive for the Control of COMSEC Material in the Government of
Canada (ITSD-03A), March 2014.
o IT Security Directive for the Control of CSE-Approved Cryptographic High Value
Products (ITSD-07), under development.
Department of Justice:
o Financial Administration Act (FAA), 1985.
Public Works and Government Services Canada:
o Industrial Security Manual, December 11, 2009.
UNCLASSIFIED
ITSD-01A
Bibliography January 2014 15
Royal Canadian Mounted Police:
o Guide to the Application of Physical Security Zones (G1-026), September 2005.
o Physical Security Guide - Control of Access (G1-024), August 2004.
o Physical Security Guide - Protection, Detection and Response (G1-025),
December 2004.
o Physical Security Guide - Secure Rooms (G1-029), April 2006.
o Security Equipment Guide (G1-001), March 2006.
Treasury Board of Canada Secretariat:
o Controlled Goods Directive, November 1, 2006.
o Directive on Departmental Security Management (DDSM), July 2009.
o Operational Security Standard: Management of Information Technology Security
(MITS) May 31, 2004.
o Operation Security Standard on Physical Security, December, 2004.
o Policy on Government Security (PGS), July 2009.
United States Department of State:
o International Traffic in Arms Regulations (ITAR), April 1, 2012.
UNCLASSIFIED
ITSD-01A
Annex A – COMSEC Management January 2014 A-1 Roles and Responsibilities
Annex A COMSEC Management Roles and
Responsibilities
A.1 General
This Annex provides the roles and responsibilities of the Communications Security
Establishment (CSE) and Government of Canada (GC) departments as they relate to
Communications Security (COMSEC) management.
A.2 Communications Security Establishment
A.2.1 COMSEC Client Services
Under the direction of the Deputy Chief Information Technology Security (DCITS), COMSEC
Client Services is responsible to provide advice, guidance and direction to the GC, as well as the
private sector, for the handling of CSE-approved COMSEC solutions.
A.2.2 CSE Industrial COMSEC Account
Under the direction of the CSE Industrial COMSEC Account (CICA) Departmental COMSEC
Authority (DCA), CICA is responsible for the management and control of CSE-approved
COMSEC solutions provided to private sector COMSEC Sub-Accounts – refer to the Directive
for the Control of COMSEC Material in the Canadian Private Sector (ITSD-06).
A.2.3 National Central Office of Record
The National Central Office of Record (NCOR) is the entity at CSE that is responsible for the
oversight, management and accounting of Accountable COMSEC Material (ACM) produced in,
or entrusted to, Canada. The NCOR responsibilities include three distinct roles: Registration
Authority, COMSEC Account Manager and Key Processor (KP) Privilege Certificate Manager.
These roles are administered by the Crypto Material Assistance Centre (CMAC) – refer to the
IT Security Directive for the Control of COMSEC Material in the Government of Canada
(ITSD-03A).
A.2.4 National Distribution Authority
The National Distribution Authority (NDA) is the entity at CSE responsible for the receipt and
distribution of ACM within and outside Canada.
A.2.5 National COMSEC Incident Office
The National COMSEC Incidents Office (NCIO) is the entity at CSE responsible for managing
COMSEC incidents involving ACM through registration, validation, assessment, evaluation and
closure – refer to Article 3.7. The NCIO also provides for direct liaison and coordination with
other national and international COMSEC incidents offices.
UNCLASSIFIED
ITSD-01A
Annex A – COMSEC Management January 2014 A-2 Roles and Responsibilities
A.2.6 National COMSEC Audit Team
The National COMSEC Audit Team (NCAT) is responsible for conducting audits of all GC and
private sector COMSEC Accounts, on a cyclical basis. COMSEC audits are conducted to ensure
COMSEC Accounts are complying with applicable requirements governing accountability,
handling, and safeguarding of ACM. Refer to ITSD-03A and ITSD-06 for detailed information
on COMSEC audit requirements.
A.3 Government of Canada Departments
A.3.1 General
Within a GC department, the Deputy Minister is ultimately responsible for the safeguarding of all
COMSEC material held within the department.
A.3.2 Departmental Security Officer
The Departmental Security Officer (DSO) is appointed by the department Deputy Head. Among
other duties, as listed in the Policy on Government Security (PGS), the DSO is responsible to
manage the departmental security program. For additional information on the roles and
responsibilities of the DSO, consult the Directive on Departmental Security Management
(DDSM).
A.3.3 Departmental COMSEC Authority
A DCA may be appointed by the DSO to manage the departmental COMSEC program. The
DCA is responsible for developing, implementing, maintaining, coordinating and monitoring a
departmental COMSEC program that is consistent with the PGS and its operational standards.
NOTE 1: A GC department may determine that the departmental Information Technology
Security Coordinator (ITSC) will appoint the DCA.
NOTE 2: In departments where a DCA is not appointed, the DSO or ITSC must assume the
roles and responsibilities of the DCA.
A.3.4 COMSEC Custodian
COMSEC Custodians are responsible for the generation, receipt, custody, distribution,
disposition or destruction, and accounting of ACM entrusted to their COMSEC Account or
Sub-Account. COMSEC Custodians are also responsible for providing their departmental users
with COMSEC equipment troubleshooting support and guidance on the use of cryptographic
products (e.g. key). ITSD-03A provides detailed information on the roles and responsibilities of
the COMSEC Custodian Personnel, Local Elements and authorised users.
UNCLASSIFIED
ITSD-01A
Annex B – Personnel and January 2014 B-1 Physical Security
Annex B Personnel and Physical Security
B.1 Personnel
Deputy Heads of all Government of Canada (GC) departments are responsible for establishing a
security program for the coordination and management of departmental security activities.
Modern Information Technology (IT) systems, networks and terminals could, at any given
moment, contain or display extensive holdings of sensitive information. The quantity and
availability of information or the presence of classified or PROTECTED C information on or in
any system mandates additional personnel security measures for effective Communications
Security (COMSEC). Personnel who access, control and manage the volumes of information
conveyed over modern systems must meet stringent personnel security prerequisites.
Before COMSEC personnel (including maintenance personnel) are authorized access to
Accountable COMSEC Material (ACM), they must meet the access requirements detailed in
Article 3.3.3 and the IT Security Directive for the Control of COMSEC Material in the
Government of Canada (ITSD-03A).
COMSEC personnel employed outside Canada must be GC employees unless authorized by
COMSEC Client Services.
B.2 Physical
Protecting COMSEC material from unauthorized access is the goal of physical security. Access
to COMSEC material will permit any person with hostile intent to exploit communications data
and perhaps to recover information on a cryptographic system. Therefore, it is important to
protect COMSEC material from physical loss or unauthorized access in order to ensure the
security of all communications and to preserve any cryptographic principles employed.
Existing or proposed safeguards and physical security design standards should be periodically
evaluated against a current Threat and Risk Assessment (TRA). Normally, SECRET, TOP
SECRET and PROTECTED C information must be processed in a security zone, to which access
is limited to personnel who work there and to properly escorted visitors. In addition, when
recommended by the TRA, a high security zone should be used (refer to Annex F for details on
installation of cryptographic equipment).
NOTE: For additional information on security zones, refer to the Royal Canadian Mounted
Police (RCMP) Application of Physical Security Zones (G1-026) and the ITSD-03A.
UNCLASSIFIED
ITSD-01A
Annex B – Personnel and January 2014 B-2 Physical Security
B.2.1 Buildings and Accommodations
The physical security posture of buildings and accommodation must be designed to prevent
casual access, and to deter, delay and detect unauthorized access. The specific measures will be
based on the assets to be protected, an evaluation of the threat and the environment in which
sensitive assets are located. For additional information on physical security requirements refer to
the Operational Security Standard on Physical Security.
B.2.2 Security Containers and Locks
Security containers and locks used for the storage and protection of sensitive information and
assets must be of a type listed in the RCMP Security Equipment Guide (G1-001). Additional
information regarding secure storage of COMSEC material is contained in ITSD-03A.
NOTE: Departmental Security Officers (DSOs) should be consulted prior to selecting or
repairing security containers and locks.
UNCLASSIFIED
ITSD-01A
Annex C – Cryptographic Security January 2014 C-1
Annex C Cryptographic Security
C.1 Telecommunications Networks
Pursuant to the Management of Information Technology Security (MITS) standard and the
Directive for the Use of CSEC-Approved COMSEC Equipment and Key on a
Telecommunications Network (ITSD-04), Communications Security Establishment
(CSE)-approved cryptographic equipment and key must be used for the protection of classified
and PROTECTED C information transmitted on telecommunications networks. CSE must also
approve the use of cryptography endorsed by allied national security authorities prior to use by a
Government of Canada (GC) department for the protection of classified or PROTECTED C
information.
C.2 Satellites, Space Systems and Avionics
A GC or GC-sponsored satellite, space system or avionic system that has a classified or
PROTECTED C payload (data) must use CSE-approved cryptographic solutions to protect the
payload, the command and control link (i.e. Telemetry, Tracking and Control [TT&C]) and the
ground segment.
NOTE: It is recommended that a GC or GC-sponsored satellite, space system or avionic
system be considered for a CSEC-approved cryptographic solution to safeguard TT&C
regardless of the classification of the payload data.
The procedure for procuring CSE-approved cryptographic devices and key in support of
satellites, space systems and avionic systems is the same as for any other cryptographic device or
key. It is critical that CSE be involved as early in the concept and design phase of these systems
as practical to ensure national COMSEC concerns are addressed appropriately.
C.3 Cryptographic Equipment
C.3.1 General
Cryptographic equipment is designed to provide a secure means of moving information over
various transmission media, such as wireless, wirelines, fibre optic cables, or free space.
Cryptographic equipment may be either on-line or off-line.
C.3.2 Types of Cryptographic Equipment
There are two types of cryptographic equipment that CSE approves for use to protect classified
and PROTECTED C information:
High Assurance Cryptographic Products (HACP) (formerly known as Type 1) –
classified cryptographic equipment or unclassified Controlled Cryptographic Items (CCIs)
approved by CSE for securing GC classified (all levels) and protected (all levels)
information.
UNCLASSIFIED
ITSD-01A
Annex C – Cryptographic Security January 2014 C-2
Cryptographic High Value Products (CHVP) – UNCLASSIFIED cryptographic
equipment incorporating only UNCLASSIFIED components and Suite B algorithms
approved by CSE for securing classified (up to and including SECRET) and protected (all
levels) information. For information on the procurement, control and management of
CHVPs refer to the IT Security Directive for the Control of CSE-Approved Cryptographic
High Value Products (ITSD-07) or contact COMSEC Client Services.
C.3.2.1 On-line Cryptographic Equipment
On-line cryptographic equipment provides real-time encryption of information during its
transmission from the source device and decryption during its reception at the receiving end of a
circuit. On-line cryptographic equipment may be discrete cryptographic equipment installed
independently of the source RED device or embeddable module(s) mounted inside host
equipment (e.g. a radio transceiver or Personal Computer [PC]).
C.3.2.2 Off-line Cryptographic Equipment
Off-line cryptographic equipment provides encryption for data at rest. It also provides encryption
of information prior to its processing or transmission over a telecommunications network and
decryption of the encrypted information following its processing or reception.
C.3.3 Embeddable Cryptographic Modules
Embeddable or insertable cryptographic modules and cards provide secure digital communication
links (e.g. between PCs, workstations, facsimile equipment, radios). Cryptographic modules can
be software or hardware modules depending on the level of protection required for the
information being handled. In the case of a hardware token (e.g. Talon Cryptographic Token) in
which all encryption is performed on the token, the card is embedded only while in operation and
removed by the user when not in operation.
C.3.4 Cryptographic Algorithms
Historically, cryptography referred almost exclusively to encryption, which is the process of
converting plaintext information into ciphertext. Decryption is the reverse process which
converts the unintelligible ciphertext back to plaintext. A cryptographic algorithm is that
mathematical process which performs the encryption and the reversing decryption operations.
The operation of a cryptographic algorithm is controlled both by the algorithm itself and in each
instance by a key variable(s), and sometimes an initialization vector. Symmetric-key
cryptography refers to encryption methods in which both the sender and receiver share the same
key. Asymmetric cryptography (also known as public key cryptography) uses two different but
mathematically related key, (i.e. a public key and a private key). Cryptographic algorithms are
used in many more applications than just encryption and decryption (e.g. authentication,
integrity, non-repudiation). Suite A and Suite B refer to two sets of cryptographic algorithms,
containing both symmetric and asymmetric algorithms, which are approved by CSE for the
protection of classified and protected information.
UNCLASSIFIED
ITSD-01A
Annex C – Cryptographic Security January 2014 C-3
C.3.4.1 Suite A
Suite A cryptography contains classified algorithms that are not for release or use outside of the
5-Eyes community (i.e. Canada, Australia, New Zealand, United States and United Kingdom)
and North Atlantic Treaty Organization (NATO) nations. Suite A algorithms are most
appropriate for use in communities to provide security services for classified information that has
a long intelligence life (e.g. TOP SECRET strategic information) where the cryptographic
equipment is located in protected environments such as secured enclaves.
C.3.4.2 Suite B
Suite B cryptography contains unclassified cryptographic algorithms that are CSE-approved for
classified and protected use in the GC. Only those implementations that have been CSE approved
may be used for classified (up to SECRET) and PROTECTED C applications. Suite B
cryptography is most suitable in applications involving information with a short intelligence life
in environments where there is a higher risk of equipment loss or compromise (e.g. tactical
usage).
C.3.5 Cryptographic Key
Cryptographic key (also referred to as “key” throughout this directive) provides the means not
only to hide information but also to protect it from unauthorized modification, undetected
modification and unauthorized use. In addition to encryption and decryption, some key can also
be used for digital signatures. Encryption provides for confidentiality of information and the
digital signature provides for authentication, non-repudiation and integrity of the data.
Key can be produced in physical format or generated in electronic format.
C.3.5.1 Physical Key
CSE no longer produces physical key; however, it may still distribute physical key that has been
provided to the GC from another country and that CSE has approved for use.
C.3.5.2 Electronic Key
CSE is the authority for the generation and distribution of electronic key to protect classified and
PROTECTED C information and data. Electronic key may be generated locally utilizing
CSE-approved key generation equipment (e.g. Electronic Key Management System [EKMS],
Local Management Device/Key Processor [LMD/KP]). GC department requirements for
electronic key, including authorization for the generation of key, must be directed to Crypto
Material Assistance Centre (CMAC).
C.3.5.3 Use
Physical and electronic key must be employed only under the specific conditions detailed in the
operational doctrine pertinent to the cryptographic system or equipment in use. Any deviation
from doctrine requirements could result in a COMSEC incident.
UNCLASSIFIED
ITSD-01A
Annex D – Transmission and January 2014 D-1 Emission Security
Annex D Emission and Transmission Security
D.1 Emission Security Controls
Emission Security (EMSEC) is the discipline of reducing electromagnetic interference between
Information Technology (IT) and telecommunications equipment, as well as reducing
unintentional electromagnetically radiated signals, that, when intercepted, divulge classified or
protected information.
EMSEC controls are security measures that can be implemented into a facility to reduce the
overall risk of an unauthorized interception of Compromising Emanations or Emissions (CE)
from RED (unencrypted) IT systems. For more information on EMSEC controls refer to the
documents COMSEC Installation Planning – TEMPEST Guidance and Criteria (ITSG-11) and
Compromising Emanations Laboratory Test Requirements, Electromagnetics (CID/09/15A),
available through COMSEC Client Services.
D.2 Transmission Security
Transmission Security (TRANSEC) is that component of communications security that results
from the application of measures designed to protect transmissions from interception and
exploitation by means other than cryptanalysis.
Monitoring encrypted or encoded communications can provide considerable information from
the characteristics and circumstances of transmissions, particularly over a period of observation.
The interception and analysis of improperly protected transmissions provide an attractive and
profitable form of intelligence and provides opportunities for exploitation.
TRANSEC includes, but is not limited to, Low Probability of Detection, Frequency Hopping
(LPDFH) radios, Traffic Flow Security (TFS) and High Assurance Internet Protocol Encryptor
(HAIPE) Maximum Transfer Unit (MTU) fixed packet configuration controls. TRANSEC key
for classified and PROTECTED C sovereign applications is provided by Communications
Security Establishment (CSE).
NOTE: TRANSEC is that field of COMSEC which deals with the security of communication
transmissions, rather than that of the information being communicated.
UNCLASSIFIED
ITSD-01A
Annex E – COMSEC Material January 2014 E-1 Management and Control
Annex E COMSEC Material Management and Control
E.1 General
As stated in Article A.2.3, The National Central Office of Record (NCOR) oversees the
management of all Accountable COMSEC Material (ACM) produced by Canada or entrusted to
Canada. In fulfilment of this responsibility, the National COMSEC Material Control System
(NCMCS) provides for the accounting and control of all ACM through the NCOR and a series of
Communications Security (COMSEC) Accounts and Sub-Accounts.
Methods of COMSEC material accounting and control vary and are determined by the nature of
the material, such as:
ACM
ACM under development, and
specific COMSEC material (other than above).
E.1.1 Accountable COMSEC Material
COMSEC material, including foreign COMSEC material, assigned an accountability requirement
by the country of origin which requires formal accounting, and which is considered ACM and
must be managed through the NCMCS. All ACM is subject to the COMSEC controls and
handling requirements as detailed in the IT Security Directive for the Control of COMSEC
Material in the Government of Canada (ITSD-03A) and the Directive for the Control of
COMSEC Material in the Canadian Private Sector (ITSD-06).
E.1.2 Accountable COMSEC Material under Development
The security of ACM is dependent upon adequate controls from inception of the material through
eventual destruction.
The NCMCS provides the desired degree of control over ACM approved for use, but the
NCMCS procedures would entail a prohibitive amount of management if applied to ACM in the
various stages of fabrication within a facility or when moved between facilities. In lieu of
entering such in-production or "In-Process" ACM into the formal NCMCS, organizations
engaged in ACM development or production must handle and control In-Process ACM as
detailed in the IT Security Directive for the Control of In-Process COMSEC Material (ITSD-08)
and ITSD-06, as applicable.
UNCLASSIFIED
ITSD-01A
Annex E – COMSEC Material January 2014 E-2 Management and Control
E.1.3 Specific COMSEC Material
Communications Security Establishment (CSE) may designate specific non-accountable
COMSEC material to be controlled and locally tracked by the COMSEC Custodian outside of
the NCMCS. Control and handling must be at the classification level of the material and as
detailed in ITSD-03A, unless otherwise specified.
For additional information on management of specific COMSEC material, or if in doubt as to the
accountability and control requirements of non-ACM, contact COMSEC Client Services.
E.1.4 Other COMSEC Material
For access to CSE produced non- accountable COMSEC technical documentation
(e.g. directives, guidelines, alerts and bulletins) pertaining to relevant COMSEC issues refer to
Articles 1.2 and 1.13, or contact COMSEC Client Services.
E.2 Appointment of COMSEC Account Personnel
The Departmental Security Officer (DSO) is responsible for the screening of personnel selected
to become a Departmental COMSEC Custodian (DCA), COMSEC Custodian or Alternate
COMSEC Custodian. Detailed information in regards to the prerequisites for appointment of
COMSEC Custodian personnel, specific roles and responsibilities are detailed in ITSD-03A and
ITSD-06.
E.2.1 Controlling Authority
The DCA must appoint a Controlling Authority (CA) for each Cryptographic Network
(cryptonet) established within its department to protect the electronic communication of
classified and PROTECTED C information. For detailed information regarding roles and
responsibilities of a CA refer to the Directive for the Use of CSEC-Approved COMSEC
Equipment and Key on a Telecommunications Network (ITSD-04).
E.3 Distribution
E.3.1 General
The danger of loss or compromise of ACM is increased substantially during distribution.
COMSEC Account personnel must be fully conversant with the rules detailed in ITSD-03A or
ITSD-06 (as applicable) regarding the movement of ACM (e.g. shipments).
NOTE: COMSEC Account personnel include all individuals (including Local Elements and
authorized users) associated with a COMSEC Account.
UNCLASSIFIED
ITSD-01A
Annex E – COMSEC Material January 2014 E-3 Management and Control
E.3.1.1 Transfer to a Foreign Nation
COMSEC Client Services is the authority for transferring Canadian ACM to a foreign entity
(e.g. allied nations, North Atlantic Treaty Organization [NATO], foreign private sector). As
detailed in ITSD-03A, Canadian ACM destined for a foreign nation must exit the NCMCS via
the National Distribution Authority (NDA).
E.3.1.2 Transfer from a Foreign Nation
Allied nations (including NATO nations and 5-Eyes community [Canada, Australia,
New Zealand, United States and United Kingdom]) will only deal with a nation’s National
Cryptographic Authority (NCA) when there is a requirement to transfer highly sensitive
COMSEC material (known as ACM in Canada) to an entity within another country. To
accommodate such transfers, COMSEC Client Services must be contacted.
E.3.2 Storage
Classified and protected ACM must be stored within security zones (refer to the Operational
Security Standard on Physical Security) and access safeguards put in place that are consistent
with the following Royal Canadian Mounted Police (RCMP) publications must be considered:
Guide to the Application of Physical Security Zones (G1-026),
Physical Security Guide – Control of Access (G1-024),
Physical Security Guide – Protection, Detection and Response (G1-025),
Physical Security Guide – Secure Rooms (G1-029), and
Security Equipment Guide (G1-001).
When planning storage facilities, consideration must be given to the efficient handling of the
ACM to be stored, as well as ease of disposal in an emergency situation.
Storage containers used to hold ACM must be under the direct control of the responsible
COMSEC Custodian.
For detailed information and direction on the use of security containers for the protection of
ACM, refer to ITSD-03A.
E.3.3 Destruction of Accountable COMSEC Material
ACM must not be destroyed without specific authorization from COMSEC Client Services
unless the risk of compromise in a hazardous situation or an emergency is greater than the
security in place to prevent the compromise. For detailed direction on destruction of COMSEC
material refer to ITSD-03A.
UNCLASSIFIED
ITSD-01A
Annex E – COMSEC Material January 2014 E-4 Management and Control
E.3.4 Modification and Reproduction of COMSEC Material
No modification or reproduction of any kind is permitted to be made to ACM without prior
approval of COMSEC Client Services. Approved modification and reproduction of ACM must
be documented and controlled as detailed in ITSD-03A.
E.3.5 Declassification or Classification Downgrading
GC departments must consult COMSEC Client Services before declassifying or downgrading the
classification of ACM or classified and protected COMSEC information or material related to
ACM. This includes information or material produced before 1975 when CSE was the
Communications Branch of the National Research Council.
E.3.6 COMSEC Emergency Planning
GC departments that hold ACM must prepare a plan that will provide for the security of ACM
during emergencies. For natural disasters and accidental emergencies, planning should emphasize
maintaining security control over the ACM until order is restored. Planning for potential hostile
action must concentrate on the safe evacuation or secure destruction of the ACM. The emergency
plan should be incorporated into the Business Continuity Plan established for the entire facility.
If the plan calls for the destruction of ACM, all destruction material, devices and facilities used
in the destruction process must be readily available and in good working order. The plan must be
realistic, workable and must accomplish the goals for which it is prepared. Additional
information regarding COMSEC emergency planning, as well as emergency destruction of ACM
is contained in ITSD-03A.
E.3.7 COMSEC Incidents
The protection of ACM is dependent on the timely reporting of any compromise, or suspected
compromise. When a compromise is reported, action must be taken to minimize the damage
caused, determine the impact of the compromise and to implement corrective changes. Detailed
direction on identifying and reporting COMSEC incidents involving ACM is provided in
COMSEC incidents are detailed in the Directive for Reporting and Evaluating COMSEC
Incidents Involving Accountable COMSEC Material (ITSD-05).
It is the responsibility of every person who handles or otherwise has access to ACM to promptly
report all COMSEC incidents (confirmed or suspected) involving ACM.
UNCLASSIFIED
ITSD-01A
Annex F – Installation and Maintenance January 2014 F-1 of Cryptographic Equipment
Annex F Installation and Maintenance of Cryptographic
Equipment and Software
F.1 General
Sound installation, maintenance, procedures and practices in regards to cryptographic equipment
and software are essential to preserve Communications Security (COMSEC) integrity. These
activities must be performed in accordance with the equipment specific doctrine and this
directive, with doctrine taking precedence.
Personnel provided access to cryptographic equipment and software for installation and
maintenance purposes must meet the prerequisites set forth in the IT Security Directive for the
Control of COMSEC Material in the Government of Canada (ITSD-03A) for access to ACM.
F.2 COMSEC Awareness
Government of Canada (GC) departments must ensure all personnel tasked with installation or
maintenance of cryptographic equipment, or equipment containing cryptographic components or
software, receive COMSEC awareness training.
COMSEC awareness training on COMSEC directives, doctrine and guidelines pertaining to
Communications Security Establishment (CSE)-approved COMSEC solutions should include:
departmental COMSEC procedures and regulations and standard operating procedures;
principles and applications of TEMPEST (where appropriate);
security and technical threat awareness;
awareness of special protective technology hardware (where appropriate);
unique security requirements pertaining to the cryptographic equipment or systems; and
physical handling, accounting, and destruction requirements.
NOTE: COMSEC awareness training does not in itself qualify personnel to perform
installation of or maintenance on cryptographic equipment.
F.3 Installation
The equipment Approval For Use (AFU) and doctrine must be reviewed prior to the installation
of cryptographic equipment.
Cryptographic equipment and software selected for an application are dependent on the
conclusions drawn from a Threat and Risk Assessment (TRA). If the TRA warrants the use of
TEMPEST, the installers should consult the COMSEC Installation Planning - TEMPEST
Guidance and Criteria (ITSG-11) as well as the Government of Canada Facility Evaluation
Procedures (ITSG-12).
UNCLASSIFIED
ITSD-01A
Annex F – Installation and Maintenance January 2014 F-2 of Cryptographic Equipment
NOTE: ITSG-11 and ITSG-12 are available through COMSEC Client Services.
In addition to a TRA and a Security Assessment and Authorization (formerly known as a
Certification and Accreditation), an Emission Security (EMSEC) evaluation based on ITSG-11
should be completed and validated.
F.4 Maintenance
In context of this directive, maintenance includes the repair, preventive maintenance, software
upgrades, and configuration of security and non-security parameters.
Accounting and control of cryptographic equipment, including any ancillaries, undergoing repair,
overhaul, software upgrade and configuration security and non-security parameters must be in
accordance with ITSD-03A. Non-accountable related material such as TEMPEST equipment and
ancillaries, and documents must be handled commensurate with the appropriate classification
level.
Only qualified technicians (refer to Article F.7) are permitted to perform maintenance of
cryptographic equipment and ancillaries. If uncertain as to whether cryptographic equipment can
be maintained or repaired locally, GC departments must contact COMSEC Client Services.
NOTE: Qualified technicians are persons who have satisfactorily completed a CSE-approved
formal maintenance training course for specific cryptographic equipment.
F.5 Modifications
All modifications to cryptographic equipment, whether hardware or software, must be approved
by COMSEC Client Services:
cryptographic equipment, software, spare parts and technical residue material, whether
serviceable or unserviceable, must not be destroyed or disposed of without the approval of
COMSEC Client Services; and
to prevent unauthorized modification, cryptographic equipment and ancillaries, as well as
TEMPEST equipment, must be repaired using only CSE-approved material.
F.6 Configuration Management
The hardware and software configuration of cryptographic equipment must be managed and kept
current. This is to assure system security integrity, and interoperability.
UNCLASSIFIED
ITSD-01A
Annex F – Installation and Maintenance January 2014 F-3 of Cryptographic Equipment
F.7 Training
Personnel installing or maintaining cryptographic equipment and software must successfully
complete a CSE-approved course. Information on recognized courses can be sought from
COMSEC Client Services. Exceptions to this requirement are:
GC departments may permit installation and maintenance field-training to meet immediate
operational requirements; however, formal training must be taken at the earliest opportunity;
and
technicians who successfully complete a CSE-approved generic cryptographic equipment
maintenance course are qualified to perform general maintenance on the cryptographic
equipment without requiring training on each piece of equipment. The maintenance
permitted must be completed as detailed in the equipment maintenance manual.
NOTE 1: Contact COMSEC Client Services for additional guidance on exceptions.
NOTE 2: GC departments using contract cryptographic equipment installation and
maintenance training services must include provision for compliance with this
directive and associated equipment doctrine.
F.8 Installation and Maintenance Manuals
Requests for issue of maintenance and installation manuals from foreign COMSEC authorities
are to be directed to COMSEC Client Services.