234 of 234

Graphics, exponents, and equations will not display within the text file. A link to the PDF version of this section will be in this spot in the future.
                                 CHAPTER XIV

            SECURITY REQUIREMENTS FOR AISs USED AS ALARM SYSTEMS

1.  OVERVIEW.  Alarm systems that process classified information shall be
    protected and accredited to process classified information under the
    requirements of DOE 5639.6A and this Manual.  The differences from the
    requirements for classified AISs are detailed below.

2.  COMMUNICATIONS SECURITY.  The communication lines that connect the AIS
    to its sensors and leave the Limited Area shall be protected at a level
    commensurate with the sensitivity of the information being transmitted.

    a.   Transmitting Classified Information.  If the alarm information
         being transmitted is classified, the information shall either be
         encrypted using an National Security Agency approved encryption
         device or the transmission lines shall be protected using a
         Protected Distribution System as described in DOE 5300.4D.

    b.   Transmitting Unclassified Information.  If the alarm information
         being transmitted is unclassified, the transmission lines do not
         need protection beyond that which is required by DOE 5632.2A,
         PHYSICAL PROTECTION OF SPECIAL NUCLEAR MATERIAL AND VITAL
         EQUIPMENT.

    c.   Other Communication Lines.  The communication lines that provide
         remote terminal or operator access or that interconnect with other
         alarm systems shall be protected at the accreditation level of the
         alarm system as described by DOE 5639.6A and this Manual.

3.  CERTIFICATION TESTING.  Certification testing of the alarm system shall
    include the determination that the alarm system cannot be captured or
    brought under remote control through its sensor ports.  If it is
    determined that the alarm AIS can be captured or controlled by attacking
    the alarm AIS through its sensor ports, then the sensor wirelines shall
    be protected by one of the following methods.

    a.   Encryption.  The sensor wirelines shall be encrypted with an
         NSA-approved encryption device.

    b.   Protected Distribution System.  The sensor wirelines shall be
         protected using a Protected Distribution System as described in DOE
         5300.4D.

    c.   Change of Functionality.  The functionality of the sensor port
         shall be changed so the classified AIS cannot be captured or
         brought under control through the sensor port.