responsibilities and procedures when handling comsec material unclassified - for official use only...

Responsibilities and Procedures When Handling

COMSEC Material

UNCLASSIFIED - FOR OFFICIAL USE ONLY (FOUO)


Material being presented in this training has been condensed to provide the minimum required guidance.

It is highly recommended and encouraged to read the HQMC (ARS) Communication Material System (CMS) Standard Operating Procedures (SOP) , applicable enclosures, and annexes of the EKMS 1 (series) publication for detailed information.



Required USER forms

Mandatory Training

User Responsibilities

Required User Forms

Handling and Safeguarding of COMSEC

COMSEC incidents

Practice Dangerous to Security

Destruction Procedures and Documentation



EKMS – Electronic Key Management System

COMSEC – Communications Security

CCI – Controlled Cryptographic Item

PIN – Personal Identification Number

ZEROIZE – To delete

Crypto – Material used to secure or authenticate telecommunications carrying classified or sensitive information

CIK – Crypto Ignition Key used to enable secure operations of equipment

LE – Local Element is the unit receiving COMSEC material for operations




Reference: HQMC CMS SOP – CMS User

“An individual responsible for the proper security, control, accountability, and disposition of the COMSEC material placed in their charge. CMS User is also referred to as a LE entity. Users are required to take the initial Basic COMSEC User take the initial Basic COMSEC User trainingtraining, continued by mandatory annual trainingcontinued by mandatory annual training. The user must have an approved/signed SD 572 form prior to handling COMSEC material”.

NOTE:NOTE: ARSC EKMS and LECO will send annual ARSC EKMS and LECO will send annual reminders for COMSEC Users to review and sign the reminders for COMSEC Users to review and sign the completion certificate of the Basic COMSEC User completion certificate of the Basic COMSEC User training.training.



USERS – Must complete (ARS) COMSEC training within 10 days prior to signing the SD Form 572 and provide a copy of the certificate for record to the Security Coordinator or Local Element Control Officer (LECO).

HQMC (ARS) also provides individual training upon request.

SD Form 572

Your command and nature of your job deems it necessary for you to have a “need to know” which requires access to COMSEC material.

Example – The Command provides you a Secure Telephone Equipment (STE) with an Enhanced Crypto Card (ECC KSV-21) or a SME/PED (Secure Mobile Environment/Portable Electronic Device) cellular phone.

Both are utilized to conduct SECURE conversations or handle CLASSIFIED data.



SD Form 572

Note: USER’s - by executing this form you must y executing this form you must read and understand Title 18 USC sections 641, 793, read and understand Title 18 USC sections 641, 793, 798, 952 and Title 50 USC section 783(b).798, 952 and Title 50 USC section 783(b).

IMPORTANT:: A copy of Title 18 USC and Title 50 A copy of Title 18 USC and Title 50 USC of referenced sections will be issued to the USC of referenced sections will be issued to the COMSEC User upon signing the SD 572 for record. COMSEC User upon signing the SD 572 for record. The COMSEC User will sign for receipt of both Title 18 The COMSEC User will sign for receipt of both Title 18 USC and Title 50 USC.USC and Title 50 USC.



Title 18 USCTitle 18 USCSection 641Section 641: : Public money, property or records Section 793Section 793: : Gathering, transmitting or losing

defense informationSection 794:Section 794: Gathering or delivering defense

information to aid foreign governmentSection 798Section 798: : Disclosure of classified

informationSection 952Section 952: : Diplomat codes and

correspondence

Title 50 USCTitle 50 USCSection 783(b): Receipt of, or attempt to

receive, by foreign agent or member of Communist organization, classified information.





Verified by ARS Security

USERS Sign

LECO Sign

SECTION 1 - SECTION 1 - Users Users clearances clearances will be will be verified by verified by ARS only!ARS only!

IMPORTANT IMPORTANT CHANGE!CHANGE!





USERS Sign

LECO Sign

Must sign

before departu

re or PCS

The SD 572 Form has Section 2 where it is required by USERS to sign prior to discharge, PCS or departure and/or no longer require ACCESS to COMSEC.

What it means to you…

Once you sign the SD Form 572, it means that you understand the responsibility for the handling and safeguard of the COMSEC material you utilize or is in your possession.

This is important because YOU as the USER must understand the ramifications to your clearance, access and even your job if you are found negligent on the handling and safeguarding of COMSEC material.

At any time you are in doubt, ASK your Security Coordinator or ARS EKMS manager (703) 614-2305.





Ref. HQMC (ARS) CMS Standard Operating Procedures

CMS User: An individual responsible for the proper security, control , accountability, and disposition of the COMSEC material placed in their charge. CMS User is also referred to as a LE entity.


Security – Safeguard from unauthorized personnel.

Control – Have active sight or handling of material.

Accountability – From the time you receive the material you are liable for the material if lost or compromised.

Disposition – Once material is no longer needed, superseded, damaged, or obsolete it will be disposed via HQMC (ARS) EKMS Managers ONLY!

- At any time you are in doubt, ASK your Security Coordinator or ARS EKMS manager (703) 614-2305.





Verified by ARS

Only agency/commandCO/EA/Director

can sign here

Command designated

Only; not every user.


Personnel designated by the Command and listed on this form, must have a clearance equal to or higher than the material they receive. In addition, they must sign a SD 572, take the Basic COMSEC User training and understand the responsibility for the handling and safeguard of the COMSEC material while in their possession.

- At any time you are in doubt, ASK your Security Coordinator or ARS EKMS manager (703) 614-2305.





Once you receive COMSEC material it must be used for it’s intended purpose and must be safeguarded, accounted for, and handled via positive control. Your job is to protect it to the best of your ability and be able to maintain National Security of the system it protects.



Top Secret (TS) COMSEC material –

•The USER must have equal or higher clearance.•Others without the proper clearance and “need to know” must leave premises when handling TS.•TS COMSEC requires Two-People-Integrity (TPI) when handling.•TS COMSEC must not be mixed with other classification of material (messages, pubs, etc.).•TS must be stored in a GSA approved safe with X-09 TPI lock.



Secret (S) and Confidential (C) COMSEC material – •The USER must have equal or higher clearance.•Others without the proper clearance and “need to know” must leave premises when material is being handled.•Does not require TPI when handling or transporting. •Secret and Confidential can be stored in same location unlike TS COMSEC material.•Must be stored in a GSA approved safe with X-09 lock.



Secure Telephone Equipment (STE) & Enhanced Crypto Card (ECC/KSV-21) –

•The USER must have equal or higher clearance.

•Others without the proper clearance and “need to know” must leave premises when handling.

•In an office environment the USER can leave the ECC card in the phone as long they have positive control. When leaving for the day, place in lock desk drawer or safe.

•Residential STEs are handled in the same manner.



Secure Mobile Environment /Portable Electronic Device (SME/PED SMBP21) –

•SME/PED User Agreement must be filled out and training must be provided prior to receiving the unit.•When using the SME/PED isolate yourself from the public and ensure sufficient privacy to minimize risk of compromise of classified information.•Know the procedures to “panic zeroize” the device.•Keep it fully charged and when not in use safeguard by placing in locked drawer or safe.



Some COMSEC Users will be issued a Motorola RAZR Maxx or compatible smartphone. This item is not CCIis not CCI and and is not accountable to ARS EKMSis not accountable to ARS EKMS. If the item is lost it is considered a HIGH Value item loss and reportable to Defense Information Security Agency (DISA) for accountability and ARI (HQMC issue point).

The RAZR Maxx phone issued from DMCC program is the replacement to the SME/PED phone.



Iridium Secure Module Future Narrow Band Digital Terminal (FNBA20) – •The phone itself is not a cryptographic item but the secure mode adapter sleeve is considered CCI.•When using the IRIDIUM in the secured mode isolate yourself from the general population and ensure sufficient privacy to minimize risk of compromise of classified information.•Know the procedures to “panic zeroize” the device.•Keep it fully charged• When not in use place in a GSA approved safe.



Transporting COMSEC –

•Personnel must have a Courier Card issued by HQMC (ARS) in their possession when traveling with COMSEC material.•Cryptographic equipment must be double packed and not shipped in a keyed condition unless the key is impossible to retrieve.•SME/PED when logged off or in unclassified mode, may be x-rayed or physically/visually examined at airports. Do not surrender if in secure mode!•If material is Top Secret, it will require TPI during transport.



COMSEC Incidents are reportable to the National Level and they are forwarded through the chain of command.

Below are the types of incidents and examples of each:•Physical Incidents – Loss of material•Cryptographic Incidents – Use of keying material that is compromised, defective, or incorrectly applied key material and *late destruction of key (*as per AMD8 of EKMS 1)•Personnel Incidents – Defection, espionage, capture by enemy having knowledge of COMSEC, unauthorized disclosure of PINS & passwords, and attempts by unauthorized persons to find information of COMSEC material.Report it immediately to your Security Manager, LECO, and HQMC (ARS) EKMS Manager. If it happened to you, don’t hide it!

Ref. Chapter 9 of EKMS 1 (series)



Practices Dangerous to Security (PDS) are not reportable to the National Level, but have the potential to jeopardize security of COMSEC material, if allowed to perpetuate.

Below are examples of PDS:•Premature or out-of-sequence – Using keying material before its effective date as long as the material was not reused.•Inadvertent destruction – COMSEC material zeroized or destroyed before its supersession date but properly logged and reported.Report it immediately to your Security Manager, LECO and HQMC (ARS) EKMS Manager. If it happened to you, don’t hide it!

Ref. Chapter 10 of EKMS 1 (series)



COMSEC material (electronic or physical) will have a supersession date or expiration

•Destroy or delete – 12 hours upon supersession material must be deleted (electronic) or physically destroyed using shredder.•TWO People for Destruction – It is mandatory that two people conduct destruction (one will be a witness) of COMSEC. Both personnel must have a clearance equal to or higher than the material being destroyed.•CMS25/Modern Key Tracker & SF153 – COMSEC material that is zeroized or destroyed must be documented on a CMS25 form or applicable Modern Key Tracker form. Return the CMS25 form to HQMC (ARS) EKMS Manager and a SF153 form will be supplied for your signature.



Ref. Chapter 5, Art. 540 of EKMS 1 (series)

NOTE: FAILURE TO DESTROY COMSEC MATERIAL WITHIN THE TIMEFRAMES OUTLINED IN ART. 540 IS CONSIDERED A COMSEC INCIDENT IN ACCORDANCE WITH EKMS 1 (series) CH 9



Classified CONFIDENTIAL when filled in Hand deliver

form to HQMC (ARS)

EKMS manager or

send via SIPRNet ONLY!

Classified for training purpose only



Can be used in lieu of CMS25 for Electronic Key only!



Can be used for Destruction,

Transfers, Inventory,

Hand Receipts and other

transactions.



When in doubt ask !

•Training on COMSEC procedures is important and required to avoid INCIDENTS or Practices Dangerous to Security from happening to you.

•Avoid losing your clearance or access because you were careless in handling or safeguarding the COMSEC material in your possession.

•Your Security Coordinator and/or LECO in addition to HQMC (ARS) EKMS Manager are there to assist you in COMSEC matters. Do not hesitate to call them.

CongratulationsCongratulations



Upon completion of this instruction power point presentation:

•Send an email to your Security Coordinator/LECO indicating you acknowledge, understand, and have completed the training. Keep a copy of the email in your personal records.

•You now have basic knowledge of COMSEC and USER responsibilities but there is more information in the SOP.

•Ask your Security Coordinator/LECO to provide you with an electronic copy the HQMC (SOP) and the EKMS 1 (series) publication.

•Remember that your command may also impose further guidance and safeguard procedures for COMSEC.



I certify that I have read the Basic COMSEC User training. I understand and will comply with the requirements covered by this briefing.

________________________________ PRINT NAME

________________________________ SIGN & DATE

________________________________ AGENCY/TELEPHONE

Email certificate to HQMC (ARSC) EKMS Managers at:

SMB HQMC COMSEC (mailbox)

responsibilities and procedures when handling comsec material unclassified - for official use only...

Documents

official use

comsec users

ars comsec training

copy of title

usc sections

individual training

hqmc ars

fouosd form