COMSEC Policies for TPC/SAS Materiel Handling

Questions and Answers

What chapter discusses the establishment, disestablishment or transfer of a COMSEC account?

Chapter 8

Chapter 6

Chapter 2 (correct)

Chapter 4

Which chapter focuses on the management of COMSEC materiel?

Chapter 1

Chapter 7 (correct)

Chapter 5

Chapter 3

Which of the following is NOT included in the list of annexes?

Inventory Management (correct)

COMSEC Points of Contact (POC) Listing

Emergency Protection of COMSEC Materiel

Glossary

What chapter covers practices that are considered dangerous to security?

Chapter 10

Which organization is mentioned in Chapter 1 in relation to COMSEC materiel?

National Security Agency (NSA)

Which chapter provides information about training and audits related to COMSEC accounts?

Chapter 3

Which annex details the retention periods for COMSEC files, records, and logs?

Annex G

What does Chapter 8 of the content specifically address?

Management of Electronic Key

What is one of the primary functions of NCMS in relation to COMSEC material?

Maintain storage and distribution of COMSEC materiel.

Which task involves NCMS drafting and publishing policy directives?

Acting as the DON COMSEC policy author.

What is the role of NCMS regarding the Protective Packaging Program?

Monitor compliance with national standards for cryptographic keying material.

How does NCMS contribute to the acquisition of COMSEC material?

By coordinating fleet requirements for acquisition.

What is the responsibility of NCMS concerning COMSEC incidents?

Log, track, and evaluate incidents to assess existing policies.

Which of the following describes an action taken by NCMS regarding COMSEC training?

Manage the DON COMSEC training program.

What does NCMS do with excess or obsolete COMSEC equipment?

Provide disposition instructions for the equipment.

Which function does NCMS NOT perform?

Perform audits for corporate compliance.

What document outlines the policies for handling TPC/SAS materiel?

CJCSI 3260.01 (series)

Who must requests for disposition of SAS/TPC materiel be addressed to?

The Controlling Authority

Which document provides guidance that supplements but does not alter provisions of SECNAVINSTs?

CMS-1A Amendment 1

What must COMSEC Account Managers consult to be aware of device-specific incidents?

Operational Security Doctrines

Where can CMS-1A Amendment 1 be accessed and is authorized for reproduction?

NCMS NIPR Portal and CAS Page

What is the effective date of CMS-1A Amendment 1?

July 15, 2022

Which organization is NOT authorized to provide disposition instructions for SAS/TPC materiel?

Naval Communications Security Material System

What should be done with comments and recommendations regarding changes to NCMS?

Submit them to NCMS

What is the main responsibility of the Personnel Registration Manager (PRM)?

To validate authoritative data and register users.

What does the Primary Services Node (PRSN) primarily serve as?

An interface between Client Nodes and KMI components.

Which role is responsible for producing Type 1 certificates and credentials?

Product Source Node (PSN)

What is regular supersession in COMSEC materiel?

Supersession that occurs after specific time intervals

Who must request products and services from the KMI?

Product Requester (PR)

What must any person fulfilling the TSO role complete?

A standardized training program developed by the NSA.

When should irregularly superseded COMSEC materiel be destroyed?

When CONAUTH directs supersession

What is a restriction applied to a KOAM acting as a TSO?

A KOAM cannot be TSO for their own token.

What characterizes emergency supersession?

An unplanned change due to a compromise

Which statement about the Product Requester (PR) is true?

The PR is required to be enrolled as a manager.

How is the expiration of modern keying materiel determined?

When they are created and ordered

What must the TSO do before resetting a KOAM's operational password?

Confirm the token is personalized to the correct KOAM.

What does the Status of COMSEC Materiel Report (SCMR) represent?

A monthly guide for traditional COMSEC materiel

What is included in the key-tag information for modern keying material?

Expiration date for the key

Which document contains status information for NATO COMSEC materiel?

AMSG-600

Which situation is associated with irregular supersession?

Use of maintenance keying

What is the primary purpose of a COMSEC account?

To manage controlled cryptographic items.

Which type of COMSEC materiel includes items like keying material?

Keying Materiel

What does CCI stand for in the context of COMSEC?

Controlled Cryptographic Item

What type of supersession is classified as 'irregular'?

Emergency supersession

Which of these is a source of supersession information?

Status of COMSEC Materiel Report (SCMR)

How are electronic keys converted from physical keys classified?

ID and AL Code Assignments

What does the term 'crypto marking' refer to?

A method for indicating the security level of cryptographic items.

Which of the following is NOT a category of COMSEC materiel?

Digital Media Tools

What are ALC codes used for?

To denote accounting legend codes relevant to COMSEC materiel.

What is the purpose of controlled cryptographic item (CCI) status?

To denote the operational integrity of cryptographic items.

Study Notes

TPC/SAS Materiel Handling Policies

• Policies for handling, safeguarding, and using Two Person Control/Sealed Authentication System (TPC/SAS) materiel are outlined in CJCSI 3260.01 (series). This directive is mandatory for all commands possessing TPC/SAS materiel.
• Disposition requests for SAS/TPC materiel must be submitted to the Controlling Authority, via the Naval Communications Security Material System (NCMS).
• NCMS cannot provide disposition instructions for this materiel.

Policy Derivation and Supplements

• Policies in this manual are based on National Security Agency (NSA), OPNAV, SECNAV, and other national/service COMSEC policy manuals.
• This guidance complements, but does not change, SECNAVINST 5510.30 (series), SECNAVINST 5510.36 (series), or U.S. Navy regulations.
• Device/system-specific guidance is found in the respective Cryptographic Operating Manual (KAO) or Operational Security Doctrine (OSD).

COMSEC Account Manager Responsibilities

• COMSEC Account Managers (CAMs) must consult and understand Operational Security Doctrines (OSDs) for equipment under their account to understand device-specific COMSEC incidents.

Effective Date and Changes

• CMS-1A Amendment 1 is effective upon receipt and supersedes CMS-1A dated 08 Mar 2021.
• Summary of changes is available on the NCMS NIPR Portal and NCMS Collaboration-at-Sea (CAS) page.

Reproduction and Distribution

• CMS-1A Amendment 1 is authorized for reproduction, distribution, and use in any operational environment.
• It's available via the NCMS NIPR Portal and NCMS Collaboration-at-Sea (CAS) page.

Comments and Suggestions

• Comments, recommendations, and suggestions for changes should be submitted to NCMS.

COMSEC Materiel Supersession

• Supersession means a COMSEC item is no longer permitted for use.
• Regular Supersession: Pre-determined expiration dates for materiel versions.
• Irregular Supersession: Not pre-determined; results from use and is usually for one-time pads, test keys, maintenance keys, and publications. Items are destroyed after use unless otherwise directed by the CONAUTH.
• Emergency Supersession: Unplanned due to compromise.
• Modern Key Expiration: Expiration of modern/FIREFLY/asymmetric keys determined by creation date (included in key-tag information). Validate the expiration date in KEY-TAG INFORMATION.

COMSEC Materiel Status

• The Status of COMSEC Materiel Report (SCMR) is a SECRET document distributed monthly. Used as a guide, NOT an authority for destroying materiel.
• AMSG-600 provides status information for NATO COMSEC materiel.

NCMS Functions

• NCMS maintains the Central Office of Record (COR) for COMSEC materiel storage, accounting, distribution, and safeguarding for the Navy, Marine Corps, Coast Guard, Military Sealift Command, and joint and allied commands.
• NCMS drafts and publishes COMSEC policy for the Department of the Navy (DON).
• Administers, operates, and technically controls the CMIO for COMSEC equipment distribution and keying materiel.
• Monitors compliance for cryptographic keying materiel protective packaging.
• Coordinates fleet requirements for COMSEC materiel and publications.
• Establishes and disestablishes DON COMSEC accounts.
• Distributes COMSEC materiel to Vault Distribution Logistics System (VDLS).
• Provides disposition instructions for excess, failed, or obsolete COMSEC equipment.
• Serves as senior Command Authority for the DON.
• Logs, tracks, reviews, evaluates COMSEC incidents and Practices Dangerous to Security (PDS).
• Establishes standards for the CMS Assistance and Audit Program.
• Manages the DON COMSEC Training Program.
• Registers and assigns COMSEC IDs to Key Management Entities (KME).
• Orders initialization keys and maintains KME registration.

Key Management Infrastructure Roles

• Personnel Registration Manager (PRM) validates KMI user data.
• Primary Services Node (PRSN) (KMI Storefront) interfaces between client nodes and KMI components.
• Product Source Node (PSN) generates cryptographic keying materiel.
• Product Requester (PR) requests products and services.
• Type 1 Token Security Officer (TSO) validates tokens for KOAMs (Knowledge of Account Management). A KOAM can fulfill TSO duties for another manager's token, but not for their own. All TSOs must complete required training.

Description

This quiz covers the essential policies for handling and safeguarding Two Person Control/Sealed Authentication System (TPC/SAS) materiel as outlined in CJCSI 3260.01. It also discusses the responsibilities of COMSEC Account Managers and the relationship of various policy manuals. Test your knowledge on the correct procedures and guidelines for managing TPC/SAS materiel.