Letter on Intent: Sub-Committee 3 Specific operating instructions for
Contents
1. COMSEC Account Number number participating site COMSEC Account Number number b nation B by participating site COMSEC Account Number number participating site COMSEC Account Number number DOCUMENT XI Specific Operating Instructions for Secure Communications 10 Version 2 0 Issued 20 07 2009 F nf E Gert SECTION III PROCEDURES A SECURE VOICE 1 The following procedures shall be implemented when utilising a lt device model gt for a classified voice communication a The terminal must be located in an area conducive to acoustic security The area should be constructed in a manner that would preclude non cleared personnel gaining access to the information being discussed b Secure calls should be prearranged to ensure system operators are available at both ends c The system operator initiating the call and the system operator receiving the call will execute the Secure Voice Record see Attachment 1 This shall include call duration date starting and ending times names citizenship and clearance level of all participants and the unclassified subject matter of discussion d It is the responsibility of each system operator to verify the identities and clearance levels of the participants at their respective sites e Every participant in a conversation has the responsibility of ensuring that the appropriate foreign disclosure authorisations for the information being discussed have been2. Transfer Request form Attachment 2 including the number of files to transfer and their names classifications and descriptions 3 The requesting sender will then obtain the approval of the facility DRA After DRA approval has been received the transfer medium along with the request will be provided to the system operator for transmission 4 Upon receipt of the Secure Data File Transfer Request and the transfer medium the sending system operator will a Ensure the Secure Data File Transfer Request is complete so far b Initiate a secure session with the distant system operator pass the details from the Secure Data File Transfer request including the number of files to transfer and their names classifications and descriptions and transmit the file s 5 After transmission the sending system operator shall a Confirm with the Receiving Facility System Operator that all data files listed on the Secure Data File Transfer Request were received b Complete the remainder of the Secure Data File Transfer Request c Retain the Secure Data File Transfer Request d Release the transfer medium back to the requesting sender in accordance with the host facility s security regulations and procedures 6 Upon initiation of a secure data file transfer session the receiving system operator shall begin completion of a Secure Data File Transfer Receipt Attachment 3 in accordance with the details passed by the sending system operato
3. Facility Status of Transmission successful partial Name amp Signature of Approving Designated Releasing Authority Receiving Facility COVERING Classification Level of Transmitted Document Classification Level of Cover sheet if required DOCUMENT XI Specific Operating Instructions for Secure Communications 18 Version 2 0 Issued 20 07 2009 F nf E DOCUMENT XI Specific Operating Instructions for Secure Communications 19
4. Version 2 0 Issued 20 07 2009 Lol nn DOCUMENT XI SPECIFIC OPERATING INSTRUCTIONS FOR SECURE COMMUNICATIONS 20 07 2009 2 0 Updated version with new shape and title 15 11 2006 1 0 Approved draft DOCUMENT XI Specific Operating Instructions for Secure Communications 1 Version 2 0 Issued 20 07 2009 FRAMEWORK AGREEMENT S O LS C SPECIFIC OPERATING INSTRUCTIONS for SECURE COMMUNICATIONS PROJECT NAME SECURE COMMUNICATIONS BETWEEN COMPANY NAME amp LOCATION AND COMPANY NAME amp LOCATION AND NATIONAL DEFENCE ESTABLISHMENT SECURE lt DEVICE gt lt DATA gt COMMUNICATIONS DURING PROJECT STAGE STAGE OF PROJECT NAME NAME OF COMMUNICATION SYSTEM ISSUED BY Insert name of NSA DSA Issue Dated DOCUMENT XI Specific Operating Instructions for Secure Communications 2 Version 2 0 Issued 20 07 2009 DOCUMENT XI Specific Operating Instructions for Secure Communications 3 Version 2 0 Issued 20 07 2009 Lof TABLE OF CONTENTS SECTION I INTRODUCTION ccccecccccccccccssssssesccccsseessesescececsssseueeusesecescsseesuuneneeeeses 5 A D I POS EE 5 IER EE 5 C AUTHORITY RESPONSIBILITY AND APRLICARBI IN 5 SECTION II GUIDELINES AND REQUIREMENTS un 7 A DESCRIPTION OF INFORMATION TRANSFERS cccccccecssscssscssscsescsesesecececeeecueeeueecueesueuseseseeeseeeseeeeeess T P SYSTEM RESTRICT ONS a aae ege eege eu 8 CV CONFIGURATION CONTROL ice
5. anager Guide which will be issued by the lt responsible gt COA national physical personnel and electronic security regulations for cryptographic equipment protecting lt appropriate security classification gt information The lt responsible gt COA will also issue a copy of the lt device model gt User Handbook and Security Operating Procedures to each participating facility DOCUMENT XI Specific Operating Instructions for Secure Communications 7 Version 2 0 Issued 20 07 2009 B SYSTEM RESTRICTIONS 1 System equipment shall not be connected to any local area network 2 System equipment shall be operated only in areas that have been accredited for work at the relevant security classification 3 Only information required in the support of the project name will be transferred via the secure telephone communications 4 When importing data into a receiving secure IT system the removable transfer medium shall not be classified higher than the system C CONFIGURATION CONTROL 1 The CSAs are responsible for configuration management of the communications link 2 Any proposed changes to the system configuration or to the operating procedures within this SOISC must be submitted by the participating facilities to the CSAs for approval prior to implementation D SECURITY AUDITS 1 The CSAs will review their respective facilities on a regular basis according to national rules and at least annually to ensure co
6. ever reason cannot be re established the session will be considered to be complete Any partial receipt of material data will be provided to the DRA for approval and processed in accordance with the host facility s security regulations and procedures 2 All transmission receipt records will be maintained during the Concession Period and disposed of at the conclusion of the Concession Period by each contractor security staff only in accordance with the instructions of insert relevant authority DOCUMENT XI Specific Operating Instructions for Secure Communications 14 Version 2 0 Lol mme E ATTACHMENT 1 SECURE VOICE RECORD TIME STARTING NAMES OF PARTICIPANTS CITIZENSHIP CLEARANCE Issued 20 07 2009 SUBJECT OF DISCUSSION Description must be UNCLASSIFIED DOCUMENT XI Specific Operating Instructions for Secure Communications 15 Version 2 0 Issued 20 07 2009 tm Lof H p St ATTACHMENT 2 SECURE DATA FILE TRANSFER REQUEST Name Position Title of Requesting Sender Name Position Title of Intended Addressee Number of Files To Transfer Name amp Signature of Approving Designated Releasing Authority Date Releasing Facility Transmitting Facility Transmission Number Date of transmission Start Time Stop Time Status of Transmission successful partial Receiving Facility System Operator Name Transmitting Facility System Operator Name Initia
7. ional defence establishments for use on the project name project during the project stage stage in accordance with relevant mutually agreed security rules of a company full postal address b national defence establishment full postal address B SCOPE 1 This SOISC complements respective national security policies pertinent to the control protection and transmission of classified information Additionally this SOISC identifies the security procedures for the transfer of classified information directly between the participating facilities listed in Paragraph A 2 Classified information shall be exchanged by secure voice secure data file transfer secure facsimile from authorised terminals The information will be limited to the following national classification levels delete as appropriate CONFIDENTIAL and SECRET 3 This SOISC will only be in effect during the period when the participants are in the project stage stage unless otherwise extended by agreement between contractors and their respective governments This period is known as the Concession Period Dates might be used instead of project stage but dates may slip C AUTHORITY RESPONSIBILITY AND APPLICABILITY 1 This SOISC has been approved by the following National Security Authorities Designated Security Authorities NSA s DSA s FR D l gation g n rale pour l Armement D partement central de la s curit de d fense et de l inf
8. ll respective national and facility security regulations pertinent to the safeguarding protection control and storage of classified material generated and received via the secure telephone communications H CONTROL OF THE lt DEVICE MODEL gt 2 delete if not appropriate Each participating site requires the appointment of a lt device model gt Local Manager The lt device model gt are registered cryptographic items in the lt responsible nation gt and are controlled cryptographic items in the other nations They will be issued to the designated system operators at each contractor facility by the controlling COMSEC Custodian within the COMSEC Material Control System All personnel responsible for the control accountability and operation of the terminals will be briefed by the respective COMSEC Custodian as to his her responsibilities lt device model gt use lt specific key material gt which is replaced lt time plan gt under the arrangements of the lt responsible nation gt COA lt device model gt cryptographic keys will be marked lt appropriate security classification gt but approved for use at lt appropriate security classification gt supplied by lt responsible nation agency gt and distributed by the lt responsible nation gt National Distribution Agency NDA to the relevant National Distribution Agencies for distribution within nations Encryption keys will be maintained in a nation A by participating site
9. ls DOCUMENT XI Specific Operating Instructions for Secure Communications 16 Version 2 0 Issued 20 07 2009 tm Lof H me ATTACHMENT 3 SECURE DATA FILE TRANSFER RECEIPT Name of Approving Designated Releasing Authority Date Sending Facility Transmitting Facility System Operator Name Transmission Number Receiving Facility System Operator Name amp Initials Number of Files Received Date of transmission Start Time Stop Time Name Position Title of Sender Name Position Title of Intended Addressee Name amp Signature of Approving Designated Releasing Authority Receiving Facility Date DOCUMENT XI Specific Operating Instructions for Secure Communications 17 Version 2 0 Issued 20 07 2009 Lol ae ATTACHMENT 4 secure FACSIMILE COVER SHEET Classification Level of Cover Sheet if required COVERING Classification Level of Transmitted Document FACSIMILE COVER SHEET Name Position Title of Requesting Sender Name Position Title of Intended Addressee Subject Description of Document Comments Name and Signature of Approving Designated Releasing Authority Releasing Facility Transmitting Facility Transmission Number Number of pages including this page Date amp Time of Transmission System Operator Name amp Initials Transmitting Facility System Operator Name amp Initials Receiving
10. ment for a CSA to be a Government agency although the nation leading on the project may wish to nominate its Ministry of Defence project management team as its CSA a The CSA for France is to be defined on a case by case basis b The CSA for Germany is c The CSA for Italy is d The CSA for Spain is e The CSA for Sweden is f The CSA for the UK is lt for a UK project the project management team gt lt for the project of another nation the Security Controller of the company concerned gt 5 The Project Security lt Officer Adviser gt is insert name full postal address telephone and facsimile numbers email address 6 lt The Cryptographic Operating Authority COA and point of contact is insert details as appropriate gt DOCUMENT XI Specific Operating Instructions for Secure Communications 6 Version 2 0 Issued 20 07 2009 Lol Le SECTION II GUIDELINES AND REQUIREMENTS A DESCRIPTION OF INFORMATION TRANSFERS 1 Secure telephone communications will allow the transfer of information classified up to insert appropriate security classification in secure voice data facsimile modes directly between the participating facilities listed in Section I Paragraph A Voice Communications Secure voice communications shall use lt device model gt secure telephones There will be a lt device model gt at each participating facility to allow for secure conversations up to in
11. nformance with these instructions and authorised local security regulations E MAINTENANCE 1 Should a lt device model gt at a site outside the lt responsible nation gt require maintenance it shall be returned to the lt responsible nation gt NDA through the nation s NDA F DESIGNATED RELEASING AUTHORITY DRA 1 A Designated Releasing Authority DRA and Alternate DRA for each participating facility will be appointed by the contractor lt or gt defence establishment these appointments are subject to the approval of the CSA These individuals will be DOCUMENT XI Specific Operating Instructions for Secure Communications 8 Version 2 0 Issued 20 07 2009 F nf E iy citizens of their respective countries who are cleared to at least SECRET level by their government and are responsible to their governments for the following Reviewing and approving all material and data prior to its actual transmission via the secure telephone communications Acknowledging receipt of all material and data transmitted via the secure telephone communications Briefing the system operators to their responsibilities Ensuring all records required to be executed by the system operators are maintained in a complete and accurate manner Producing upon request by the CSA any records required to be maintained for the secure telephone communications Reporting to their CSA any security violations unauthorised disclosures or po
12. or transmission 4 Upon receipt of the material and Secure Facsimile Cover Sheet the sending system operator will a Ensure that the cover sheet is complete b Assign a sequential transmission number c Annotate on the cover his her name and initials d Establish a voice connection with the receiving system operator e If the connection is made annotate the date and time of transmission on the cover f Initiate a secure facsimile session and transmit the material DOCUMENT XI Specific Operating Instructions for Secure Communications 13 Version 2 0 Issued 20 07 2009 F nf E iy 5 After transmission the sending system operator will confirm that all material was received The sending system operator will retain a copy of the facsimile cover sheet on file and release the material back to the requesting sender in accordance with the host facility s security regulations and procedures 6 Upon receipt of the facsimile transmission the receiving system operator will a Annotate on the Secure Facsimile Cover Sheet his her name and initials b Provide the material to the DRA for his her acceptance c After the DRA s acceptance retain a copy of the Secure Facsimile Cover Sheet on file and distribute the material to the addressee in accordance with the host facility s security regulations and procedures D MISCELLANEOUS 1 In the event a secure transmission is not completed during a session and the session for what
13. ormation DGA SDID GE Bundesministerium fur Wirtschaft und Arbeit Referat VIB 3 Villemombler Strasse 76 D 53107 Bonn IT Presidenza del Consiglio dei Ministri Autorit Nazionale per la Sicurezza CESIS HI Reparto U Can Via di Santa Susanna n 15 00187 Roma SP Secretario de Estado Director del Centro Nacional de Intelligencia DOCUMENT XI Specific Operating Instructions for Secure Communications 5 Version 2 0 Issued 20 07 2009 F nf E ae SW Defence Materiel Administration FMV Security SE 115 88 Stockholm Sweden UK Directorate of Defence Security Ministry of Defence MOD InfoSy Tech COMSEC 2 Requests for clarification proposed changes or revisions to this SOISC should be directed within the countries to the respective NSA DSA as listed above through established government channels Amendments will not be made without the approval of the NSA s DSA s concerned in consultations with the appropriate government authorities as appropriate 3 The NSA s DSAs have overall responsibility to ensure national compliance with the security requirements of this lt programme project gt 4 The Cognisant Security Agency CSA where applicable and or stated by relevant national rules is responsible for administering and implementing the security aspects of this SOISC for their respective NSA DSA s fA CSA may be any competent agency or person with security responsibility for the project programme There is no require
14. r 7 Upon completion of the transfer session the receiving system operator shall a Complete the Secure Data File Transfer Receipt DOCUMENT XI Specific Operating Instructions for Secure Communications 12 Version 2 0 Issued 20 07 2009 F nf E b Ensure that the transfer medium is marked with the highest classification level shown on the Secure Data File Transfer Receipt c Provide the transfer medium to the DRA for his her acceptance d Retain the Secure Data File Transfer Receipt and distribute the transfer medium to the Intended Addressee in accordance with the host facility s security regulations and procedures 8 As an alternative to passing the information about the transfer verbally to the receiving system operator the sending system operator may create a computer text file in which to list the relevant information from the Secure Data File Transfer Request and transmit this at the beginning of the data transfer C SECURE FACSIMILE 1 All material required to be transmitted via secure facsimile must be approved by the DRA prior to transmission 2 Material for a secure facsimile transmission must be accompanied by a Secure Facsimile Cover Sheet see Attachment 4 3 The requesting sender will complete the facsimile cover sheet and obtain the approval of the facility DRA After DRA approval has been received the material along with the Secure Facsimile Cover Sheet will be provided to the system operator f
15. received from their respective governments f Although prior approval to conduct a classified conversation is not required from the DRA any classified notes made during a call should be passed to the DRA It is the responsibility of the participant originating such material to classify or otherwise mark protect and control it in accordance with the host facility s security regulations and procedures g The DRA will review the Secure Voice Record on a weekly basis to ensure the records are being properly maintained By mutual agreement of the NSA s DSAs the Secure Voice Record may be not included B SECURE DATA FILE TRANSFER 1 All data to be transmitted over the secure telephone communications must be approved by the DRA prior to transmission Interactive processing between the system equipment PC workstations is not permitted DOCUMENT XI Specific Operating Instructions for Secure Communications 11 Version 2 0 Issued 20 07 2009 F nf E 2 The requesting sender of the data file is responsible for a Ensuring that the removable transfer medium to which the relevant data file will be copied is pre formatted to ensure erasure of all other information that may have previously resided on that medium Only files for transmission may reside on the medium b Ensuring that the appropriate classification level indicators are contained within the file and on the outside of the medium c Initiating a Secure Data File
16. ren neare ea r Eeee EE EE EENS EEN 8 DE SECURUET GEN 7 D KEE 8 E MAINTENANCE 2 2 nctbhcaPosveccacdesthcetensss sient yeedvadeocclssbbacspadencoubeabeleccccebccsewesbavene ch a a e eoa 8 F DESIGNATED RELEASING AUTHORITY DRA uo ccccccceccccceceessssscecececeeseseceececeeseaaecececessenseasseseeeceesenaes 8 G SYSTEM OPBRATORS EE 9 H CONTROL OF THE lt DEVICE MODEL 10 00 ceeesesseeeeeeeeeceeeeeeeeeeeeeeeeeeeeeeesueeauaeauaeauaeeuaeauaeauanauanananaes 10 SECTION III PROCEDURES cc cccccssssescecceccccessessscecceccssessessscecsessseeusueeaecseseseeuuansnsnss 11 ASSECURE VOICE rE rR nan a EEE eee il 11 B SECURE DATA FILE TRANSFER usines sesseenenesceseseeenneescesecenenenanseeceseecnenneeseceseesnneee 11 C SECURE ACS TEE EEN 13 TS IMIES OD NEE AIR 14 ATTACHMENT 1 SECURENVOICERECORD cccseseececccccscessesseseecceseseeseeneaeeseeess 15 ATTACHMENT 2 SECURE DATA FILE TRANSFER REQUEST sesesssssseeoeieieeeieee rererere 16 ATTACHMENT 3 SECURE DATA FILE TRANSFER RECEIPT iii 17 ATTACHMENT 4 SECURE FACSIMILE COVER SHEET 18 DOCUMENT XI Specific Operating Instructions for Secure Communications 4 Version 2 0 Issued 20 07 2009 F nf E ah SECTION I INTRODUCTION A PURPOSE The purpose of this SPECIFIC OPERATING INSTRUCTIONS for SECURE COMMUNICATIONS SOISC is to provide instructions for the exchange of classified information between the participating facilities of the under mentioned companies and or nat
17. sert appropriate security classification level Data Communications insert project name users will process classified information on a stand alone terminal within their facility Each participating facility may use a local area network of computers to process classified information but shall have a stand alone terminal for secure data transfers Data shall be transferred between the local area network and the stand alone PC on a removable transfer medium When there is a requirement to send data to other participants data will be transmitted from the stand alone PC through an attached lt device model gt terminal In all cases when data is sent from the PC the transaction shall be recorded Facsimile Communications Secure facsimile communications shall use lt device model gt secure telephones All facsimile transfers shall be recorded Software and Equipment Requirements a In the context of this SOISC lt device models gt and combinations of stand alone PC lt or gt facsimile machine with lt device model gt will be known as system equipment b The stand alone PCs and facsimile machines will be provided by the host facilities c The lt responsible gt COA will provide lt device model gt equipment to each facility detailed in Section I Part A lt device models gt will be installed by local technicians in accordance with delete as appropriate the instructions in the lt device model gt Local M
18. ssible compromises of information transmitted via the secure telephone communications 2 In the event the DRA is unable to perform his her duties the Alternate DRA will assume the responsibilities identified above G SYSTEM OPERATORS 1 At each participating site project name personnel who are nationals of participating nations cleared to at least appropriate security classification level will be assigned duties as system operators System operators are responsible for the following a Ensuring that only authorised personnel use the secure telephone communications for voice b Ensuring that only data authorised by the DRA is transmitted via the secure telephone communications c Providing to the DRA within a timely manner all material received via the secure telephone communications for his her review d Reporting to the DRA all system irregularities security violations unauthorised disclosures or possible compromises as the result of any transmission DOCUMENT XI Specific Operating Instructions for Secure Communications 9 Version 2 0 Issued 20 07 2009 F nf E ah e Executing all records as required relating to the utilisation of the secure telephone communications f Controlling system equipment as required within this SOISC and as directed by the controlling COMSEC Custodian 2 System operators are also responsible to the host Facility Security Control Officer for compliance with a
Download Pdf Manuals
Related Search