COMSEC Policies for TPC/SAS Materiel Handling

Questions and Answers

What chapter discusses the establishment, disestablishment or transfer of a COMSEC account?

• Chapter 8
• Chapter 6
• Chapter 2 (correct)
• Chapter 4

Which chapter focuses on the management of COMSEC materiel?

• Chapter 1
• Chapter 7 (correct)
• Chapter 5
• Chapter 3

Which of the following is NOT included in the list of annexes?

• Inventory Management (correct)
• COMSEC Points of Contact (POC) Listing
• Emergency Protection of COMSEC Materiel
• Glossary

What chapter covers practices that are considered dangerous to security?

Chapter 10 (B)

Which organization is mentioned in Chapter 1 in relation to COMSEC materiel?

National Security Agency (NSA) (D)

Which chapter provides information about training and audits related to COMSEC accounts?

Chapter 3 (A)

Which annex details the retention periods for COMSEC files, records, and logs?

Annex G (C)

What does Chapter 8 of the content specifically address?

Management of Electronic Key (A)

What is one of the primary functions of NCMS in relation to COMSEC material?

Maintain storage and distribution of COMSEC materiel. (A)

Which task involves NCMS drafting and publishing policy directives?

Acting as the DON COMSEC policy author. (A)

What is the role of NCMS regarding the Protective Packaging Program?

Monitor compliance with national standards for cryptographic keying material. (C)

How does NCMS contribute to the acquisition of COMSEC material?

By coordinating fleet requirements for acquisition. (B)

What is the responsibility of NCMS concerning COMSEC incidents?

Log, track, and evaluate incidents to assess existing policies. (D)

Which of the following describes an action taken by NCMS regarding COMSEC training?

Manage the DON COMSEC training program. (A)

What does NCMS do with excess or obsolete COMSEC equipment?

Provide disposition instructions for the equipment. (B)

Which function does NCMS NOT perform?

Perform audits for corporate compliance. (B)

What document outlines the policies for handling TPC/SAS materiel?

CJCSI 3260.01 (series) (B)

Who must requests for disposition of SAS/TPC materiel be addressed to?

The Controlling Authority (B)

Which document provides guidance that supplements but does not alter provisions of SECNAVINSTs?

CMS-1A Amendment 1 (A)

What must COMSEC Account Managers consult to be aware of device-specific incidents?

Operational Security Doctrines (D)

Where can CMS-1A Amendment 1 be accessed and is authorized for reproduction?

NCMS NIPR Portal and CAS Page (B)

What is the effective date of CMS-1A Amendment 1?

July 15, 2022 (D)

Which organization is NOT authorized to provide disposition instructions for SAS/TPC materiel?

Naval Communications Security Material System (C)

What should be done with comments and recommendations regarding changes to NCMS?

Submit them to NCMS (D)

What is the main responsibility of the Personnel Registration Manager (PRM)?

To validate authoritative data and register users. (C)

What does the Primary Services Node (PRSN) primarily serve as?

An interface between Client Nodes and KMI components. (C)

Which role is responsible for producing Type 1 certificates and credentials?

Product Source Node (PSN) (B)

What is regular supersession in COMSEC materiel?

Supersession that occurs after specific time intervals (A)

Who must request products and services from the KMI?

Product Requester (PR) (B)

What must any person fulfilling the TSO role complete?

A standardized training program developed by the NSA. (D)

When should irregularly superseded COMSEC materiel be destroyed?

When CONAUTH directs supersession (B)

What is a restriction applied to a KOAM acting as a TSO?

A KOAM cannot be TSO for their own token. (D)

What characterizes emergency supersession?

An unplanned change due to a compromise (B)

Which statement about the Product Requester (PR) is true?

The PR is required to be enrolled as a manager. (A)

How is the expiration of modern keying materiel determined?

When they are created and ordered (B)

What must the TSO do before resetting a KOAM's operational password?

Confirm the token is personalized to the correct KOAM. (A)

What does the Status of COMSEC Materiel Report (SCMR) represent?

A monthly guide for traditional COMSEC materiel (B)

What is included in the key-tag information for modern keying material?

Expiration date for the key (C)

Which document contains status information for NATO COMSEC materiel?

AMSG-600 (A)

Which situation is associated with irregular supersession?

Use of maintenance keying (A)

What is the primary purpose of a COMSEC account?

To manage controlled cryptographic items. (C)

Which type of COMSEC materiel includes items like keying material?

Keying Materiel (C)

What does CCI stand for in the context of COMSEC?

Controlled Cryptographic Item (B)

What type of supersession is classified as 'irregular'?

Emergency supersession (D)

Which of these is a source of supersession information?

Status of COMSEC Materiel Report (SCMR) (B)

How are electronic keys converted from physical keys classified?

ID and AL Code Assignments (B)

What does the term 'crypto marking' refer to?

A method for indicating the security level of cryptographic items. (A)

Which of the following is NOT a category of COMSEC materiel?

Digital Media Tools (C)

What are ALC codes used for?

To denote accounting legend codes relevant to COMSEC materiel. (A)

What is the purpose of controlled cryptographic item (CCI) status?

To denote the operational integrity of cryptographic items. (B)

Flashcards

CJCSI 3260.01 (series)

A directive that outlines policies for handling, safeguarding, and using Two Person Control/Sealed Authentication System (TPC/SAS) materiel.

What is the COMSEC Materiel Control System (CMCS)?

The system used to manage, control, and safeguard COMSEC materiel.

Controlling Authority

The entity responsible for handling requests for disposition of SAS/TPC materiel.

What is the National Security Agency (NSA) in the KMI?

The highest level in the Key Management Infrastructure (KMI) hierarchy, responsible for providing cryptographic keys and management services.

What is the Central Facility (CF)?

A dedicated facility that helps manage key distribution, account maintenance, and other security operations.

NCMS (Naval Communications Security Material System)

The organization responsible for managing the Naval Communications Security Material System.

What is the role of the Department of the Navy (DON) in COMSEC?

The agency within the Department of the Navy (DON) that oversees secure communications.

Cryptographic Operating Manual (KAO) or Operational Security Doctrine (OSD)

The manuals that provide device or system-specific guidance for COMSEC equipment not covered by this manual.

What is the role of the Chief of Naval Operations (CNO) in COMSEC?

The Chief of Naval Operations (CNO) directs COMSEC activities within the Navy.

COMSEC Account Managers (CAMs)

Individuals responsible for managing COMSEC equipment within an account and ensuring the security of the equipment.

What is the role of the Headquarters Marine Corps (C4 CY) in COMSEC?

The Headquarters Marine Corps (C4 CY) is responsible for COMSEC within the Marine Corps.

CMS-1A Amendment 1

The latest revision of the CMS-1A document, which supersedes the previous version dated 08 Mar 2021.

NCMS NIPR Portal

The location where the summary of changes made to CMS-1A Amendment 1 can be found on the non-classified network.

What is the role of the Commandant, U.S. Coast Guard (CG) in COMSEC?

The U.S. Coast Guard (CG) manages COMSEC within its own branch.

NCMS Collaboration-at-Sea (CAS) Page

The location where the summary of changes made to CMS-1A Amendment 1 can be found on the secret network.

What are Digraphs?

A two-letter code used to identify the type of keying material.

What is an Accounting (serial/register) Number?

A unique identification number assigned to each piece of COMSEC equipment.

What are Accounting Legend Codes (ALCs)?

A code that identifies the type and category of COMSEC material.

What is Controlled Cryptographic Item (CCI)?

A special category of COMSEC equipment, including keying material, cryptographic devices, and supporting software.

What is COMSEC Material Supersession?

The process of replacing old COMSEC material with newer versions.

What are COMSEC Aids?

Documents, information, and procedures that support the operation of COMSEC equipment.

Who are COMSEC Account Managers (CAMs)?

The individuals responsible for the security of COMSEC equipment within a specific unit or organization.

What is the role of the Controlling Authority in the COMSEC system?

The entity responsible for ensuring the security of COMSEC materials and systems.

What is a Central Facility (CF)?

A facility that provides critical support services for secure communications, including key management and account administration.

What is the role of the NCMS in COMSEC?

The NCMS is responsible for safeguarding and managing COMSEC materials, ensuring their proper storage, distribution, and inventory for the Navy, Marine Corps, and other branches.

What is the role of the NCMS in establishing COMSEC policies?

The NCMS ensures COMSEC policy directives, standards, and procedures are followed and enforced within the DON to ensure compliance with national security policies.

How does the NCMS control the distribution of COMSEC equipment?

The NCMS operates and manages the CMIO, responsible for distributing COMSEC equipment and keying material to all Navy branches.

What is the NCMS's role in the Protective Packaging Program?

The NCMS monitors compliance with national standards for safeguarding cryptographic keying material, ensuring proper packaging and handling procedures.

How does the NCMS manage COMSEC materiel acquisition?

The NCMS coordinates fleet requirements for acquiring COMSEC materials, ensuring all branches have the necessary resources for secure communications.

What is the NCMS's responsibility for COMSEC resources during operations?

The NCMS ensures that all branches have adequate COMSEC resources for missions, exercises, and contingency operations.

How does the NCMS handle the disposal of COMSEC equipment?

The NCMS provides guidance for disposing of excess, failed, or obsolete COMSEC equipment, ensuring proper handling and accountability.

What is the NCMS's role in COMSEC incident monitoring?

The NCMS serves as the CIMA for the DON, tracking and reviewing COMSEC incidents and security breaches to identify weaknesses and improve policies.

What is the Primary Services Node (PRSN) in the KMI?

The main interface for users to access the Key Management Infrastructure (KMI), ensuring communication between different components.

Who is a Product Requester (PR) in KMI?

An individual with the responsibility of requesting cryptographic products and services within the KMI. They must be authorized and have defined privileges.

What is the function of the Product Source Node (PSN) in KMI?

This role is responsible for producing and distributing most keying materials in the KMI based on product or service orders received from the PRSN.

Who is the Personnel Registration Manager (PRM) in KMI?

This individual oversees the validation of the authoritative data and user registration process within the KMI.

What is the role of a Type 1 Token Security Officer (TSO) in KMI?

The individual responsible for ensuring the security of Type 1 Tokens, comparing certificate information with presented identification to validate a KOAM's identity before resetting their operational password.

What is COMSEC Materiel Control System (CMCS)?

A specialized software system designed to manage, control, and safeguard COMSEC materiel, ensuring its proper handling and distribution.

What is CJCSI 3260.01 (series)?

This directive sets forth the procedures and guidelines for handling, safeguarding, and utilizing Two Person Control/Sealed Authentication System (TPC/SAS) materiel.

COMSEC Materiel Supersession

Replacing outdated COMSEC materiel with newer versions.

Regular Supersession

Supersession based on a predetermined date set by the Controlling Authority.

Irregular Supersession

Supersession that occurs unexpectedly, often due to material usage or compromise.

Emergency Supersession

A sudden supersession triggered by a compromise or security breach.

Modern Key Expiration

The expiration of keys used in modern, asymmetric encryption systems.

Status of COMSEC Materiel Report (SCMR)

The primary document for tracking COMSEC materiel status, sent monthly.

AMSG-600

A document with status information for NATO COMSEC materiel.

Key Expiration Date

The expiration date of keys in modern/FIREFLY/asymmetric keying materiel.

Study Notes

TPC/SAS Materiel Handling Policies

• Policies for handling, safeguarding, and using Two Person Control/Sealed Authentication System (TPC/SAS) materiel are outlined in CJCSI 3260.01 (series). This directive is mandatory for all commands possessing TPC/SAS materiel.
• Disposition requests for SAS/TPC materiel must be submitted to the Controlling Authority, via the Naval Communications Security Material System (NCMS).
• NCMS cannot provide disposition instructions for this materiel.

Policy Derivation and Supplements

• Policies in this manual are based on National Security Agency (NSA), OPNAV, SECNAV, and other national/service COMSEC policy manuals.
• This guidance complements, but does not change, SECNAVINST 5510.30 (series), SECNAVINST 5510.36 (series), or U.S. Navy regulations.
• Device/system-specific guidance is found in the respective Cryptographic Operating Manual (KAO) or Operational Security Doctrine (OSD).

COMSEC Account Manager Responsibilities

• COMSEC Account Managers (CAMs) must consult and understand Operational Security Doctrines (OSDs) for equipment under their account to understand device-specific COMSEC incidents.

Effective Date and Changes

• CMS-1A Amendment 1 is effective upon receipt and supersedes CMS-1A dated 08 Mar 2021.
• Summary of changes is available on the NCMS NIPR Portal and NCMS Collaboration-at-Sea (CAS) page.

Reproduction and Distribution

• CMS-1A Amendment 1 is authorized for reproduction, distribution, and use in any operational environment.
• It's available via the NCMS NIPR Portal and NCMS Collaboration-at-Sea (CAS) page.

Comments and Suggestions

• Comments, recommendations, and suggestions for changes should be submitted to NCMS.

COMSEC Materiel Supersession

• Supersession means a COMSEC item is no longer permitted for use.
• Regular Supersession: Pre-determined expiration dates for materiel versions.
• Irregular Supersession: Not pre-determined; results from use and is usually for one-time pads, test keys, maintenance keys, and publications. Items are destroyed after use unless otherwise directed by the CONAUTH.
• Emergency Supersession: Unplanned due to compromise.
• Modern Key Expiration: Expiration of modern/FIREFLY/asymmetric keys determined by creation date (included in key-tag information). Validate the expiration date in KEY-TAG INFORMATION.

COMSEC Materiel Status

• The Status of COMSEC Materiel Report (SCMR) is a SECRET document distributed monthly. Used as a guide, NOT an authority for destroying materiel.
• AMSG-600 provides status information for NATO COMSEC materiel.

NCMS Functions

• NCMS maintains the Central Office of Record (COR) for COMSEC materiel storage, accounting, distribution, and safeguarding for the Navy, Marine Corps, Coast Guard, Military Sealift Command, and joint and allied commands.
• NCMS drafts and publishes COMSEC policy for the Department of the Navy (DON).
• Administers, operates, and technically controls the CMIO for COMSEC equipment distribution and keying materiel.
• Monitors compliance for cryptographic keying materiel protective packaging.
• Coordinates fleet requirements for COMSEC materiel and publications.
• Establishes and disestablishes DON COMSEC accounts.
• Distributes COMSEC materiel to Vault Distribution Logistics System (VDLS).
• Provides disposition instructions for excess, failed, or obsolete COMSEC equipment.
• Serves as senior Command Authority for the DON.
• Logs, tracks, reviews, evaluates COMSEC incidents and Practices Dangerous to Security (PDS).
• Establishes standards for the CMS Assistance and Audit Program.
• Manages the DON COMSEC Training Program.
• Registers and assigns COMSEC IDs to Key Management Entities (KME).
• Orders initialization keys and maintains KME registration.

Key Management Infrastructure Roles

• Personnel Registration Manager (PRM) validates KMI user data.
• Primary Services Node (PRSN) (KMI Storefront) interfaces between client nodes and KMI components.
• Product Source Node (PSN) generates cryptographic keying materiel.
• Product Requester (PR) requests products and services.
• Type 1 Token Security Officer (TSO) validates tokens for KOAMs (Knowledge of Account Management). A KOAM can fulfill TSO duties for another manager's token, but not for their own. All TSOs must complete required training.