225 of 234

First Highlight
Graphics, exponents, and equations will not display within the text file. A link to the PDF version of this section will be in this spot in the future.
                                CHAPTER VIII

                  TELECOMMUNICATIONS SECURITY REQUIREMENTS

1.  BASELINE REQUIREMENTS.  Each communication link which supports a
    Classified AIS with a Protection Index of zero, one, or two shall be
    protected commensurate with the classification level and classification
    category for which the classified AIS is accredited.  Communication
    links supporting classified AISs with a Protection Index of three or
    greater shall be protected according to the highest classification level
    and most restrictive classification category of information carried by
    that link.  Unless a Classified AIS is approved for multilevel
    processing, all physical and logical connections will be protected at
    the highest classification level and most restrictive classification
    category of the information that the AIS is accredited to process.
    Protection must be provided by National Security Agency-approved
    encryption devices, Protected Distribution Systems, products from the
    Evaluated Products List, or other accepted physical protections, in
    accordance with DOE Orders.

2.  TRANSMISSIONS SECURITY.  Protected Distribution Systems or National
    Security Agency approved cryptographic devices shall be used to protect
    classified information on communication lines that pass outside the
    Security Area of a classified AIS or classified AIS Facility.  The
    specific security area of a classified AIS Facility and the
    security-related devices to be used shall be described in the Classified
    AIS Security Plan.

    a.   Communications Security.  When National Security Agency approved
         cryptographic devices are used in connection with a Classified AIS,
         the classified AIS security certification documentation shall
         contain assurance that the installation of the encryption devices
         and facility are in accordance with DOE 5300.3D,
         TELECOMMUNICATIONS: COMMUNICATIONS SECURITY.

    b.   Protected Distribution Systems.  When a Protected Distribution
         System is used in connection with a classified AIS, the classified
         AIS security certification documentation shall contain assurance
         that the Protected Distribution System meets the requirements of
         DOE 5300.4D, TELECOMMUNICATIONS: PROTECTED DISTRIBUTION SYSTEMS.

    c.   Use of STU-III as an Encryption Device.  The use of a STU-III
         instrument to transmit and receive classified information as a
         designed-in, integrated part of a classified AIS application
         constitutes the establishment of a network.  In this case, all
         requirements for the accreditation of a network are applicable.

3.  EMISSION SECURITY.  Measures shall be implemented to control
    compromising emanations from telecommunications equipment and classified
    AISs in accordance with DOE 5300.2D, TELECOMMUNICATIONS:  EMISSION
    SECURITY (TEMPEST).  These measures shall comply with Site TEMPEST Plan
    requirements.  The accreditation process shall confirm that TEMPEST
    requirements are being met.
Top of Document