Category: SSIC 02000 Telecommunications
Updated: 06/24/96
Number: MCO 2231.1
Subj: OVER-THE-AIR REKEYING (OTAR) POLICY AND PROCEDURES

DEPARTMENT OF THE NAVY
HEADQUARTERS UNITED STATES MARINE CORPS
WASHINGTON, DC 20380-0001
MCO 2231.1
C4-CCT-635
11 Aug 1989


MARINE CORPS ORDER 2231.1

From: Commandant of the Marine Corps
To: Distribution List

Subj: OVER-THE-AIR REKEYING (OTAR) POLICY AND PROCEDURES

Ref: (a) National Security Agency, NAG-16B/TSEC of October 88;
Field Production and Distribution of Electronic Key
In Support of Short-Notice Operations

Encl: (1) Automatic Digital Network (AUTODIN) OTAR Procedures

(2) KG-84A/C Point-to-Point OTAR Procedures

1. Purpose. To provide general OTAR policy and implementation
procedures.

2. Information

a. The reference was prepared by the National Security Agency
(NSA) and coordinated by the Joint Staff and services. It is
approved for combined, joint or service use. NAG-16B has been
disseminated to all Marine Corps Communications Security (COMSEC)
accounts. Additional copies can be obtained from COMSEC Material
Issuing Offices (CMIO) located at Norfolk and San Diego. OTAR
procedures contained in the reference are suitable for (but not
limited to) KY-57/58/67.

b. The enclosures provide specific procedural guidance for
implementation of OTAR. They have been developed by the Joint
Chiefs of Staff, in coordination with NSA and the services, and
are approved for use. Enclosure (1) is provided primarily for
information purposes.

3. Policy

a. Fixed plant systems, such as AUTODIN, which have
cryptographically secured transmission paths, are authorized to
use OTAR as a matter of course. Fleet Marine Force (FMF)
application of OTAR on point-to-point circuits will be at the
direction of the senior station, and for joint or service-unique
nets, at the direction of the net control station.

FOR OFFICIAL USE ONLY
Designation is canceled upon
removal of enclosures.



b. Under no circumstances will a Key Encryption Key (KEK)--
a key that is used in the encryption/decryption of other keys for
transmission or storage--be distributed using OTAR procedures.

4. Action. Commanders will implement, as appropriate, the
procedures contained in enclosure (2) and NAG-16B for OTAR.

5. Reserve Applicability. This Order is applicable to the
Marine Corps Reserve.



G. L. MCKAY
Director
Command, Control, Communications
and Computer (C4) Division

DISTRIBUTION: A

Copy to: 8145001/JCS (J6)/CNO (OP-941J)/COMSPAWARSYSCOM
(PMW-151)/COMNAVSECGRU (T-30) (1)


2


KEYING STANDARD
FOR
AUTOMATIC DIGITAL NETWORK (AUTODIN)
KG-84A/C CIRCUITS

1. Objectives

a. Reduce exposure of traffic encryption key (TEK) through
local generation and by minimizing outstation operator
participation in the keying process.

b. Standardize keying techniques used throughout AUTODIN
and implement over-the air rekeying (OTAR) on full-time circuits
as soon as possible.

c. Reduce the quantity of canisters of key material.

d. Make key resupply an annual event that is not critically
dependent on courier schedules.

2. Scope. This standard presents three keying options for
KG-84A/C secured circuits and criteria for applying them. It
also states criteria for procuring and safeguarding COMSEC key.

3. Authorized Keying Options

a. Daily changing tape TEK.

b. Quarterly changing tape key encryption key (KEK) used to
change the TEK each day by OTAR.

c. Quarterly changing tape KEK which is used to change the
TEK each week by OTAR.

4. Circuit Categories

a. Part-time circuits which terminate in spaces not meeting
service criteria for unattended operation of keyed KG-84A/C's
will use option 3a above.

ENCLOSURE (1)
1
FOR OFFICIAL USE ONLY


b. Part-time circuits which terminate in spaces meeting
service criteria for unattended operation of keyed KG 84A/C's
will use option 3b above.

c. Full-time circuits will use option 3c above.

5. Key tape formats

a. Daily changing "TEK" tape will be superseded bimonthly
and be in the "VA" format (62 unique segments per canister and
daily cryptoperiod).

b. Quarterly changing "KEK" tape will be superseded annually
and will be in the "GF" format (16 unique segments per canister
and quarterly cryptoperiod), in the "AF" format (31 unique
segments per canister and quarterly cryptoperiod), or in the
"VF" format (62 unique segments per canister and quarterly
cryptoperiod). "AF" and "VF" formats will be used when more
than one circuit connects an automatic switching center (ASC)
with one of its outstations or when usage rates prevent meeting
objective 1d above.

c. Weekly/daily-changinq "TEK" tape will be superseded
"Irregularly" and be in the "VH" format (62 unique segments per
canister and flexible cryptoperiod).

6. Key Provisioning. ASC's are responsible for generating TEK's
electronically and for ordering key tape for all circuits for
which they are the Circuit Control Office. Detailed instructions
follow:

a. It is not the intent of OTAR conversion to burden the
tape production/distribution system. For that reason, existing
tape short titles being used as TEK's will be redesignated as
KEK's by the controlling authority and expended prior to
resupply with the revised formats listed in paragraph 5, above.

(1) Where more than two editions are already stored at an
outstation, a new edition will be activated and the next edition
will be held as the follow-on. Remaining editions will be
destroyed. Resupply using editions in the pipeline will occur
until the pipeline is depleted.



ENCLOSURE (1)
2
FOR OFFICIAL USE ONLY


(2) The ASC copy of destroyed editions will be used as a
temporary source of TEKs until either the "VH" format tape
arrives or the local key generator at the ASC is activated.

(3) Onsite storage of KEK short titles will be limited to
current and first follow-on editions. The current edition will
be superseded as soon as possible once the annual supply of KEK
arrives.

b. If the number of segments in any edition of tape is
insufficient to cover the effective period, activation of the
follow-on edition is to be implemented ahead of schedule. A
number of pipeline editions adequate to handle expected usage
rates are to be called out. The ASC should consider changing
the format of short titles to include more unique segments so
annual resupply can be reestablished.

c. A separate short title of two copy TEK is required for
each circuit that does not implement OTAR.

d. A single, separate short title of two-copy KEK is
required for each circuit or group of parallel circuits that
implements OTAR between the ASC, an outstation, or another ASC.
The chosen format shall be adequate to permit annual resupply
with a minimum of 6-months' backup in the canister.

e. A separate short title of one copy TEK is required at
each ASC with adequate editions on hand to sustain OTAR for up
to 120 days in case local key generation capability fails.
Pipeline flow to sustain operations indefinitely will be started
in the event such occurs and stopped when contingency stockage
is restored. An alternative source of TEK's is described in
paragraph 8 below.

f. Resupply of "VA" format TEK will normally occur three
times per year (minimum of two editions per transaction).




ENCLOSURE (1)
3
FOR OFFICIAL USE ONLY


g. Resupply of "GF", "AF", and "VF" format KEK will normally
occur annually.

h. Resupply of "VH" format TEK is at the controlling
authority's request but can be scheduled if expenditure rates
are known.

7. Implementation. The services are responsible for providing
three KYX 15A/DTD's to each of their ASC's not having them. The
services will provide local key generator(s) to each of their
ASC's as soon as possible. (The Marine Corps does not currently
have a requirement to provide.) Equipment will be loaned between
services or from NSA to expedite availability of at least one
local key generator at each ASC. Conversion to OTAR will not be
delayed due to lack of local key generators at an ASC.

a. Phase I - COMSEC Material Acquisition

(1) ASC's will install and arrange for certification of
local key generators made available to them.

(2) ASC's will categorize existing and planned KG-84A/C
secured point to point circuits in accordance with paragraph 4.
ASC's will direct redesignation of full-time circuit TEK's as
KEK's and convert them to the appropriate format through normal
channels, specifying the change required at the next production
run. ASC's will order new short titles as required. On-call
circuits will be placed in one of the categories identified in
paragraph 4 each time they are activated according to plan.

b. Phase II - Preparation. ASCs will take the following
actions:

(1) Simultaneously convert appropriate circuits to
option 3a.

(2) Immediately identify to appropriate service support
activities training shortfalls that might jeopardize conversion
to OTAR, with information copies to Defense Communications Agency
(DCA) Code B652, Joint Staff/J6K, NSA/S042, and NSA/V31.

ENCLOSURE (1)
4
FOR OFFICIAL USE ONLY


(3) Acquire three KYX-15A/DTD's and a source of TEK's.

(4) Prepare preformatted taskers to direct conversion on
a circuit-by-circuit basis using messages provided to each ASC by
DCA as models.

c. Phase III - Activation. Each ASC will take the following
actions on receipt of their KYX-15A/DTD's:

(1) Activate new KG 84A/C circuits with the appropriate
keying option per paragraph 3, above.

(2) Convert existing KG-84A/C circuits to OTAR on a local
schedule.

(3) Operational circuits with an active TEK will use a
"Warm Start" procedure. Assuming a new edition is to be used for
OTAR, the outstation loads segment one into the "U" register of
the KG-84A/C and takes no further action. The ASC also loads
segment one into its "U" register, selects a locally generated
or tape TEK in the KYX-15A/DTD, and initiates OTAR. When the
KG-84A/C's do not resync, the ASC will know that the OTAR was
successful and will load the TEK into the "X" register and
confirm the KG-84A/Cs resync. If they still fail to resync,
then "Cold Start" procedures will be followed.

(4) Newly activated circuits without an active TEK or
circuits that experience loss of crypto loads due to failed OTAR,
zeroization, or equipment changeout will use a "Cold Start"
procedure. Assuming a new edition is being used, task the
outstation to load segment one into the "X" register and do so
at the ASC. Establish crypto synchronization. Task the
outstation to load segment two into the "U" register and do so
at the ASC. Then OTAR an ASC TEK to the outstation to confirm
good KEK loads. Continue doing so on a weekly basis for one
quarter when "Warm Start" procedures will be used to change out
the KEK.

8. Over-the-Air Key Distribution. ASC's will train outstations
having KYX-15/DTD's to perform Manual Rekey/Receive Variable
(MK/RV) operations to permit emergency transfer of keys in
support of short-notice or contingency operations. ASC's will
train with each other to perform MK/RV operations to permit
emergency transfer of keys in support of short notice or

ENCLOSURE (1)
5
FOR OFFICIAL USE ONLY


or contingency operations and as a source of TEK's should one
ASC have a local key generator failure and not wish to use its
emergency stock of tape TEK's. In the latter scenario, one ASC
would act as a key generation facility for the other and
MK/RV TEK's to rekey the receiving ASC's outstations for the day.

9. Security

a. Segments of key tape must not be withdrawn from their
canisters until they are required for use.

b. Key in electronic form may be held temporarily in fill
devices (KYX-15, KYK-13, DTD) when required for use, but they may
not be stored in such devices.

c. TOP SECRET key in tape and electronic format must be
handled in strict compliance with two person integrity procedures
(TPI), except that TPI is not required for keyed KG-84A/C's.

d. Key tape segments must be destroyed and fill devices
zeroized immediately after secure communications have been
established and a successful OTAR accomplished.

e. Outstations using daily-changing key tapes must zeroize
KG-84A/C's as a part of circuit shutdown procedures.


ENCLOSURE (1)
6
FOR OFFICIAL USE ONLY


KEYING STANDARD
FOR
KG-84A/C POINT-TO POINT CIRCUITS


1. Objectives

a. Reduce exposure of traffic encryption key (TEK) through
local generation and by minimizing outstation operator
participation in the keying process.

b. Standardize keying techniques used on KG-84A/C secured
point-to-point circuits and implement over-the-air rekeying (OTAR)
as soon as possible.

c. Reduce the quantity of key canisters used.

d. Make key resupply an annual event that is not critically
dependent on courier schedules.

2. Scope. This standard presents four keying options for KG-
84A/C secured point-to-point circuits and criteria for applying
them. It also states criteria for procuring and safeguarding
COMSEC key and for handling and safeguarding key generators.

3. Authorized Keying Options

a. Daily changing tape TEK.

b. Quarterly changing tape key encryption key (KEK) used to
change the TEK each day by OTAR.

c. Quarterly changing tape KEK which is used to change the
TEK each week by OTAR.

d. Monthly changing tape TEK with daily updates.

4. Circuit Categories

a. Category l circuits are part time circuits which terminate
in spaces not meeting service criteria for unattended operation of
keyed KG-84A/C's.

ENCLOSURE (2)
1
FOR OFFICIAL USE ONLY


b. Category 2 circuits are part-time circuits which terminate
in spaces meeting service criteria for unattended operation of
keyed KG-84A/C's.

c. Category 3 circuits are full-time circuits.

5. Applicability

a. Locations that terminate 20 or more Category 2 and/or 3
circuits will generate TEK locally and pass the TEK to their
outstations via OTAR.

b. Locations terminating 5 to 19 Category 2 and/or 3 circuits
will convert TEK from tape and pass the TEK to their outstations
via OTAR.

c. Use of OTAR at locations having less than 5 Category 2
and/or 3 circuits is optional.

d. Any location with ready access to a local key generator
should use it in lieu of the single-copy short title as a source
of TEK's for OTAR.

e. Category 2 circuits converted to OTAR will use keying
option 3b above.

f. Category 3 circuits converted to OTAR will use keying
option 3c above.

g. Circuits not converted to OTAR will use keying options 3a
or 3d above.

6. Key Tape Formats

a. Daily changing TEK tape will be superseded bimonthly and
be in the "VA" format (62 unique segments per canister and daily
cryptoperiod).


ENCLOSURE (2)
2
FOR OFFICIAL USE ONLY


b. Quarterly changing KEK tape will be superseded annually
and will be in the "GF" format (16 unique segments per canister
and quarterly cryptoperiod), in the "AF" format (31 unique
segments per canister and quarterly cryptoperiod), or in the
"VF" format (62 unique segments per canister and quarterly
cryptoperiod). "AF" and "VF" formats will be used when more
than one circuit connects a communications node with one of its
outstations or when usage rates dictate using more segments per
canister to meet the annual resupply criteria expressed in
paragraph 1d above.

c. Single copy tape used as a source of weekly and/or daily-
changing TEKs for OTAR will be superseded as it is expended and be
in the "VH" format (62 unique segments per canister and flexible
cryptoperiod).

d. Monthly-changing TEK tape will be superseded annually and
will be in the "GC" format (16 unique segments per canister and
monthly cryptoperiod).

e. Since on-call, contingency, and "swing" circuits are
categorized each time they are brought into service, the short
titles supporting these circuits will be treated as generic keys;
i.e., they will be designated on a segment basis as TEK or KEK,
annual supersession, "VH" (62 unique segments per canister and
flexible cryptoperiod; i.e., daily if they are manually keyed TEK,
weekly if they are TEK distributed via OTAR, monthly if they are
manually keyed TEK and updating is used, and quarterly if they are
manually keyed KEK).

7. Key Provisioning. Circuit Control Offices (CCO) should serve
as controlling authorities for key tape used on KG-84A/C secured
circuits they terminate. They are also responsible for generating
TEK's electronically when that procedure is followed and for
ordering key tape for all circuits for which they are the CCO.
Detailed instructions follow:

a. When an existing KG-84A/C circuit implements OTAR, the
controlling authority is authorized to redesignate fielded
editions of its tape TEK as OTAR KEK and expend them before
implementing revised format key.


ENCLOSURE (2)
3
FOR OFFICIAL USE ONLY


(1) Where more than two editions are already stored at
the affected outstation, a new edition will be activated as the
circuit KEK and the next edition will be held as the follow-on.
The CCO will then direct the outstation to destroy any remaining
editions held. Resupply using editions in the pipeline will
occur until the pipeline is depleted.

(2) The CCO is authorized to use the copy of pre-OTAR TEK
editions which the outstations have destroyed as a temporary
source of TEK's until either the single copy "VH" format tape
arrives or the local key generator at the CCO is activated.

(3) Onsite storage of KEK short titles will be limited to
current and first follow-on editions.

b. If the number of segments in any edition of tape is
insufficient to cover the effective period, activation of the
follow-on edition is to be implemented ahead of schedule, but the
CA must be notified that this has occurred. A number of pipeline
editions adequate to handle expected usage rates are to be called
out. The CCO should consider changing the format of short titles
to include more unique segments so annual resupply can be
reestablished (see paragraph 6b above).

c. A separate short title of two copy tape TEK is required
for each circuit that does not implement OTAR.

d. A separate short title of two-copy KEK is required for
each circuit or group of parallel circuits; i.e., circuits which
terminate on the same locations, that implements OTAR. The chosen
format must be adequate to permit annual single canister resupply
with a minimum of 6-months' backup remaining in the active edition
at the time of resupply.

e. A separate short title of one-copy generic; i.e., not
dedicated to any particular circuit or use, key is required at
each CCO with adequate editions on hand to sustain OTAR for up
to 120 days in case local key generation capability fails.
Pipeline flow to sustain operations indefinitely will be started
in the event such occurs and stopped when contingency stockage
is restored. An alternative source of TEK's is described in
paragraph 9, below.

ENCLOSURE (2)
4
FOR OFFICIAL USE ONLY


f. In situations where the same personnel manually rekey
both ends of a circuit, the CCO may use locally generated or
single copy generic key vice tape KEK for OTAR KEK replacement,
provided the electronic KEK is conveyed physically to the affected
outstation(s).

g. Resupply of "VA" format TEK will normally occur three
times per year (minimum of two editions per transaction).

h. Resupply of "GC", "GF", "AF", and "VF" format KEK will
normally occur annually.

i. Resupply of "VH" format TEK is at the controlling
authority's request but can be scheduled if expenditure rates are
known.

8. Implementation. The services are responsible for providing at
least three KYX-15A/DTD's to each of their applicable CCO's and
for providing at least one local key generator to each of their
applicable CCO's as soon as possible. Conversion to OTAR will not
be delayed due to lack of local key generators at a CCO.
Implementation phases follow:

a. Phase I COMSEC Material Acquisition

(1) CCO's will order and arrange for certification of
local key generators made available to them.

(2) CCO's will order single copy KG-84A/C operational OTAR
TEK key tape in the "VH" format, in sufficient quantities to
provide an initial source of OTAR TEK, pending availability of
electronic key generators.

(3) CCO's will categorize existing and planned KG-84A/C
secured point-to point circuits in accordance with paragraph 4.

(4) When OTAR is implemented on a Category 2 or 3 circuit,
the CCO will redesignate the circuit's TEK as the OTAR KEK and
request a format change or a new short title, as appropriate. The
decision to change an existing short title's format or request a
new short title will be based on the present supersession rate of
the TEK. Present yearly supersession key can retain the present


ENCLOSURE (2)
5
FOR OFFICIAL USE ONLY


short title and the format can be changed to reflect the quarterly
crypto period and desired quantity of segments in each edition.
CCO's will order new short titles in the appropriate format to
convert monthly or bimonthly supersession key. CCO's will order
new short titles as required to accommodate new KG-84A/C circuits.

(5) The CCO will categorize on-call circuits each time
they are activated. The CCO will designate segments from the
circuits short title as TEK or KEK as required. See paragraph
8c(4) for "cold start" segment allocation procedures.

b. Phase II Preparation. CCO's will take the following
actions:

(1) Convert appropriate circuits to option 3a or 3d.

(2) Immediately identify to COMNAVSECGRU training
shortfalls that might jeopardize conversion to OTAR, with
information copies to the CMC (CCT).

(3) Notify affected outstations of schedules and
procedures for converting existing circuits to OTAR.

(4) Notify DCMS of the activation date for each new KG-
84A/C KEK short title.

c. Phase III - Activation. When required KYX-15A/DTD's
become available, each CCO will take the following actions:

(1) Activate new KG-84A/C circuits with the appropriate
keying option per paragraph 3, above.

(2) Convert existing KG-84A/C circuits to OTAR on a local
schedule as follows:

(a) Notify the outstation of your intent to take over
routine rekeying of the circuit, task it to strap KG-84A/C's for
"U" key updating, and pass the details of how the OTAR will be
accomplished.

(b) When outstations acknowledge they are ready to
convert, set a conversion date and task them to load keys for a
"Warm Start", if possible, or a "Cold Start", if not (see
paragraphs 8c(3) and (4) below).

ENCLOSURE (2)
6
FOR OFFICIAL USE ONLY


(3) Operational circuits with an active TEK will use a
"Warm Start" procedure. Assuming a new edition is to be used for
OTAR, the outstation loads segment one into the "U" register of
the KG-84A/C and takes no further action. The CCO also loads
segment one into its "U" register, selects a locally generated or
tape TEK in the KYX-15A, and initiates OTAR, using the Manual
Rekey (MK) procedures. When the KG-84A/C's do not resynchronize,
the CCO will know that the OTAR was successful and will load the
TEK into the "X" register and confirm the KG-84A/C's resynchronize.
If they still fail to resynchronize, then "Cold Start" procedures
will be followed.

(4) Newly activated circuits without an active TEK or
circuits that experience loss of crypto loads due to failed OTAR,
zeroization, or equipment changeout will use a "Cold Start"
procedure. Assuming a new edition is being used, task the
outstation to load segment one into the "X" register and do so at
the CCO. Establish crypto synchronization. Task the outstation
to load segment two into the "U" register and do so at the CCO.
Then OTAR a TEK to the outstation to confirm good KEK loads.
First time OTAR circuits should be sent a second TEK. If the
second OTAR is successful, then the CCO can be sure that the
receiving KG-84A/C had been strapped for "U" key updating. It is
better to confirm this when the circuit is being converted than
at the end of the first week when the next TEK is being sent out.

9. Over-the-Air Key Distribution. CCO's will train outstations
having KYX-15A/DTD's to perform Manual Rekey/Receive Variable
(MK/RV) operations to permit emergency transfer of keys in support
of short notice or contingency operations. CCO's in networks will
train with each other to: (a) perform MK/RV's to permit emergency
transfer of keys in support of short-notice or contingency
operations; and, (b) to serve as a source of TEK's should one CCO
have a local key generator failure and not wish or be able to use
its emergency stock of tape TEK's. In the latter scenario, one
CCO would act as a key generation facility and transfer TEK's to
the receiving CCO so that it can rekey its outstations via OTAR.



ENCLOSURE (2)
7
FOR OFFICIAL USE ONLY


10. Safeguarding Key

a. Segments of key tape must not be withdrawn from their
canisters until they are required for use.

b. Key in electronic form may be held temporarily in fill
devices (KYX-15, KYK-13, DTD) when required for use, but they may
not be stored in such devices.

c. TOP SECRET key in tape and electronic format must be
handled in strict compliance with two person integrity (TPI)
procedures, except that TPI is not required for keyed KG-84A/C's.

d. Key tape segments must be destroyed and fill devices
zeroized immediately after secure communications have been
established and a successful OTAR accomplished.

e. Outstations using daily-changing key tapes must zeroize
KG-84A/C's as a part of circuit shutdown procedures.

11. Safeguarding Key Generators

a. Uncertified key generators (e.g., KG-83, KGX-93, KOK-13)
are CONFIDENTIAL and may be shipped by any means specified in
paragraph 11b below or by U.S. Registered Mail (provided it does
not pass through a foreign postal system or foreign inspection),
or by U.S. military or military contract air service; e.g., MAC,
CGAIR, QUICKTRANS, provided Constant Surveillance Service (CSS)
procedures are followed. Shipment by commercial carriers under
CSS is also authorized within the Continental United States
(CONUS).

b. Certified key generators are classified at the level of
the most highly classified information passed on the circuits for
which they generate key and must be marked "CRYPTO." They must be
transported through the Defense Courier Service or U.S. Diplomatic
Courier Service, by authorized and appropriately cleared service
couriers, or by appropriately cleared commercial carriers, under
Protective Security Service.



ENCLOSURE (2)
8
FOR OFFICIAL USE ONLY


c. Shipments of certified key generators must be conducted
under TPI procedures. Inner wrappings of certified key generator
packages are to be marked with classification, the "CRYPTO" caveat,
and the statement "TWO PERSON INTEGRITY." (If such packages are
shipped via the Defense Courier or Diplomatic Courier Services,
TPI becomes effective when the outer package wrapper is removed.
If service or commercial couriers are used, two appropriately
cleared couriers must accompany each such shipment.) Upon receipt,
certified key generators must either be stored under TPI or
installed in locations which are manned by appropriately cleared
persons on a "no lone zone" basis.

d. Policy for certifying key generators is summarized:

(1) Certification must be accomplished by qualified
crypto-maintenance personnel, in accordance with DON prescribed
procedures.

(2) Recertification is required at random intervals not
to exceed 1 year. Recertification is also required if security
control is lost and whenever the container is opened for
maintenance or other reasons.

(3) Certified key generators must be conspicuously
labeled to show the classification and "CRYPTO" status, date of
certification, and the name, rank/grade, and command of the
certifying technician. Such labels may be prepared locally and
are to be applied so as to provide evidence of equipment case
opening.

(4) Procedures for certifying KG-83 and KGX-93 equipments
are stated in KAM 408, Maintenance Manual for TSEC/KG 83, and
SAM-7g, Maintenance Manual for TSEC/KT83.

e. Certified key generators must either be stored under TPI
or installed in a location that is manned by appropriately cleared
persons on a "no lone zone" basis.


ENCLOSURE (2)
9
FOR OFFICIAL USE ONLY