Category: SSIC 02000 Telecommunications
Updated: 06/24/96
Number: MCO 2231.2
Subj: OPSEC POL COMM EQUIP W/FASCINATOR

DEPARTMENT OF THE NAVY
HEADQUARTERS UNITED STATES MARINE CORPS
WASHINGTON, DC 20380-0001
MCO 2231.2
C4-CCT-635
31 Aug 89

MARINE CORPS ORDER 2231.2

From: Commandant of the Marine Corps
To: Distribution List

Subj: OPERATIONAL SECURITY POLICY FOR COMMUNICATIONS EQUIPMENT
WITH FASCINATOR

Ref: (a) MCO 2201.1
(b) CSP-1 (NOTAL)

Encl: (1) Operational Security Policy for Communications
Equipment with FASCINATOR
(2) NSA Approved Applications for FASCINATOR

1. Purpose. To provide security policy and operational
instructions for the FASCINATOR secure voice module
(SVN) equipment and keying material (enclosures (1) and (2)
germane).

2. Information

a. This Order applies to one product developed under
the auspices of the Commercial COMSEC Endorsement Program (CCEP)
managed by the National Security Agency (NSA). Such
products provide electronic cryptographic coding (encrypting) and
decoding (decrypting) and have been endorsed by NSA for use in
securing classified or sensitive unclassified U.S. Government or
Government-derived information during their transmission. This
endorsement means that the cryptographic subsystems have been
certified as having met NSA security specifications and that the
product has been endorsed for the appropriate level of security.
The endorsement does not extend beyond the security-related
characteristics of the product. NSA does not make, by virtue of
its endorsement, any warranty or representation other than
described above regarding the efficacy or fitness for use of the
product.

b. The FASCINATOR secure voice module is not interoperable
with the Data Encryption standard (DES) or SAVILLE encryption.

3. Procurement Strategy

a. Since FASCINATOR is a commercially developed, off-the-shelf
device, and as such has not been subjected to the normal
developmental testing (DT) and operational testing (OT), nor has it
received formal approval for service use, it will not be a table of
equipment (T/E) item. FASCINATOR will not be designated a
centrally managed item and will not be centrally programmed,


FOR OFFICIAL USE ONLY
Designation is canceled upon
removal of enclosure (1).


budgeted, or procured. Users are authorized to procure FASCINATOR
as a noncentrally managed item, funded entirely from the Operations
and Maintenance, Marine Corps (O&MMC) appropriation. Unless
specifically approved as an exception, all other cryptographic
equipment will-remain designated as centrally managed and be
programmed and budgeted for by the Chief of Naval Operations (CNO)
and the Commander, Space and Naval Warfare Systems Command
(COMSPAWARSYSCOM), respectively, in the Other Procurement, Navy
(OPN) appropriations.

b. Direct availability of the FASCINATOR product in no way
exempts the purchasing agency/command from complying with Federal,
Department of Defense (DoD), Department of the Navy (DON), and
Marine Corps acquisition regulations.

4. Accountability of Devices and Keys

a. As a controlled cryptographic item (CCI), FASCINATOR
requires normal COMSEC Material System (CMS) handling and
accountability.

b. The user/purchaser will be required to provide the vendor
with the CMS account number and proper mailing address for the
supporting CMS custodian to ensure the device is shipped to the CMS
custodian.

c. The user/purchaser, when entering a purchase agreement or
contract with the vendor, will ensure that subject agreement or
contract contains a requirement for the vendor to forward to DCMS
a copy of the SF-153 upon shipment of the device to the purchaser's
CMS account.

d. Upon receipt, CMS custodians will enter the FASCINATOR by
serial number into the running inventory prior to issuance to
users. If the items do not appear on the next CMS 16-I, custodians
will report receipt of hardware to the Director, COMSEC Material
System (DCMS).

e. The production or use of locally produced keying material
for use with the FASCINATOR is strictly prohibited. All keying
material will be requested from DCMS. Allow a minimum of 120 days
after request for delivery of keying material. In cases
where multiple commands procure FASCINATOR devices, and
interoperable keying material is required, the senior command will
automatically be designated as the controlling authority. The
responsibilities of the controlling authority are delineated in
references (a) and (b).

2


5. Maintenance Concept

a. The Department of the Navy will not perform any central
maintenance/repair of the FASCINATOR secure voice module. As a
commercially developed, off-the-shelf COMSEC device, there is no
logistic support in place within DoD. Users will be responsible
for negotiating and funding for appropriate warranties and
maintenance contracts for user procured hardware. All maintenance
actions must be coordinated through the CMS custodian, since
verification of clearance and certification of the repairman as a
COMSEC technician is required before the maintenance-representative
can be permitted access to the hardware. Further, should shipment
to the contractor's facility be required, the CMS custodian will
have to effect the transfer.

b. Disposition instructions for excess equipments or
equipments that become unserviceable and not repairable will be
requested from DCMS.

6. Policy. Local procurement of the FASCINATOR secure voice
module and its approved applications equipment should not be used
as a substitute for proper identification of mission essential
secure communications requirements.

7. Reserve Applicability. This Order is applicable to the Marine
Corps Reserve.



L. MCKAY
Director, Command, Control,
Communications and Computer
(C4) Division

DISTRIBUTION: A

Copy to: 8145001/JCS (J6)/CNO (OP-941J)/COMSPAWARSYSCOM
(PMW-151)/COMNAVSECGRU (T-30) (1)




3


OPERATIONAL SECURITY DOCTRINE FOR
COMMUNICATIONS EQUIPMENT WITH FASCINATOR

SECTION
PURPOSE AND SCOPE I
REFERENCES II
DEFINITIONS III
EXCEPTIONS IV
CLASSIFICATION GUIDANCE V
ACCOUNTABILITY VI
SYSTEM DESCRIPTION VII
KEYING VIII
PHYSICAL SECURITY IX
EMERGENCY PROCEDURES X
MAINTENANCE XI
INCIDENTS XII

SECTION I - PURPOSE AND SCOPE

1. This Order establishes minimum national operational
communications security (COMSEC) requirements for the use and
protection of the Type I FASCINATOR-equipped products and
associated COMSEC material. The provisions of this Order apply to
all departments and agencies of the U.S. Government and their
contractors who handle, distribute, account for, store, and use
these radios, products, and materials.

SECTION II - REFERENCES

2. The reference that applies to U.S. Government contractors
is the U.S. Government Contractors Controlled Cryptographic Item
(CCI) Manual, dated 2 February 1986.

3. The following references apply to U.S. Government
departments and agencies:

a. NACSI No. 4005, Safeguarding and Control of
Communications Security Material, dated 12 October 1979.

b. NTISSI No. 4006, Controlling Authorities for COMSEC
Keying Material, dated 2 May 1989.

c. NCSC-9, National COMSEC Glossary, dated
1 September 1982.

d. NACSI No. 4008, Safeguarding COMSEC Facilities,
dated 4 March 1983.

ENCLOSURE (1)
1
FOR OFFICIAL USE ONLY


e. NTISSI No. 4001, Controlled Cryptographic Items,
dated 25 March 1985.

f. NTISSI No. 4002, Classification Guide for COMSEC
Information, dated 5 June 1986.

g. NTISSI No. 4000 Communications Security Equipment
Maintenance and Training, dated 14 July 1986.

h. NTISSI No. 4003, Reporting COMSEC Insecurities,
dated 3 November 1986.

i. NTISSI No. 4004, Routine Destruction and Emergency
Protection of COMSEC Material, dated 11 March 1987.

4. The following references incorporate the guidance
established within the documents of paragraph 3 above, and are
applicable to the United States Marine Corps:

a. CSP-l, Cryptographic Security Policy and Procedures,
dated 20 February 1985.

b. CMS-4, Communications Security Material System (CMS)
Manual, dated March 1987.

c. CMS-5, Communications Security Material System (CMS).
Cryptographic Equipment Information/Guidance Manual, dated November
1987.

SECTION III - DEFINITIONS

5. Definitions contained in the National COMSEC Glossary
(NCSC-9) apply to this instruction, with the exception that the
term "COMSEC insecurity" is replaced by the term "COMSEC
incident." For the purpose of this Order the following
definitions also apply:

a. Controlled Cryptographic Item (CCI) - A secure
telecommunications or information handling equipment, or
associated cryptographic component, which is unclassified but
controlled. Equipments and components so designated shall bear
the designator controlled cryptographic item or CCI.


ENCLOSURE (1)
2
FOR OFFICIAL USE ONLY


b. Key - Information (usually a sequence of random
binary digits) used initially to set up and to periodically
change the operations performed in a crypto-equipment for the
purpose of encrypting or decrypting electronic signals, for
determining electronic counter countermeasures (ECCM) patterns
(frequency hopping or spread spectrum), or for producing other
keys.

SECTION IV - EXCEPTIONS

6. Commands/units must submit requests to the CMC (CCT) for
exceptions to this doctrine where minimum standards cannot be met.
All requests should be forwarded in writing or record message.

SECTION V - CLASSIFICATION GUIDANCE

7. The FASCINATOR product line provides cryptographic
security for voice transmissions and, when used with
appropriately classified keys, is approved for the transmission
of all classifications and categories of voice. When unkeyed,
the FASCINATOR product line is unclassified CCI and must be
protected in accordance with CMS-4. When the equipment is keyed,
it assumes the classification of the key and must be protected
accordingly. It is unclassified for external viewing.

SECTION VI - ACCOUNTABILITY

8. The Secure Voice Module (SVM). The SVM is ALC-2 and
requires accountability by quantity. When installed, the
communications equipment which. houses the SVM requires
continuous accountability by serial number (ALC-1). It is
recommended that the presence of such equipment be verified at
least monthly. To facilitate serial number accounting of the
FASCINATOR product line, a separate serial numbered stick-on
label will be packaged with each module. The stick-on label
will be imprinted with the following information: CCI,
Motorola model number, serial number assigned by NSA, and
endorsed-for-classified-traffic identifier. Placement
instructions for the label will be provided on the label; once
the label is affixed, it is not removable.

9. KOI-18, KYK-13, And Security Interface Box (SIB). The
KOI-18, general-purpose tape reader;.the KYK-13, electronic
transfer device; and the SIB, the interface box between a
key loader and the FASCINATOR product, are unclassified CCI's,
ALC-2. When filled, the KYK-13 assumes the classification of
the key.

ENCLOSURE (1)
3
FOR OFFICIAL USE ONLY


SECTION VII - SYSTEM DESCRIPTION

10. The FASCINATOR SVM's are 12 Kbs encryption/decryption
devices designed for secure voice applications. The SVM's are
direct plug-in replacements for Motorola's Data Encryption
Standard (DES) modules only. They are available for hand-held
portable, mobile, and fixed equipment.


SECTION VIII - KEYING

11. Key. The key for the FASCINATOR equipment is supplied
as punched tape and is normally packaged in five segments,
three copies of each, in plastic canisters. The marking, safe-
guarding, and control of classified key tapes and all key tapes
marked CRYPTO will be in accordance with CMS-4 and reference (b).

12. Key Insertion. In order to load key into the
FASCINATOR equipment, a SIB must be attached to the key fill
connector via a cable. Key is supplied as punched tape. It
may be pulled through a KOI-18 and into the SIB or it may be
loaded into a KYK-13 and then into the SIB electronically.

13. Crypto Period. The crypto period for the FASCINATOR
equipment is 7 days. Each COMSEC controlling authority
shall establish a standard time and day of the week when the
new segment for each net will be put into use. The controlling
authority may authorize emergency crypto period extensions of an
additional week for mobile communications due to operational or
logistical considerations. Cryptoperiod extensions in excess
of 7 days emergency extensions must be approved on a case-by-case
basis by the CMC (CCT). At a minimum, requests for extension
should include the following information: short title of keying
material, length of crypto period extension, reason for extension
beyond the emergency period, and net size.

14. Cryptonet Size. Cryptonets should be kept as small as
operationally feasible. Generally, small cryptonets narrow the
exposure of individual editions of keying material, limit the
consequences of keying material compromises in terms of
vulnerable communications, and lessen the problems associated
with resupply. In order to maximize security and enforce need-
to-know, it is advisable that key distribution be limited to
users within the same community of interest.

ENCLOSURE (1)
4
FOR OFFICIAL USE ONLY


15. Zeroization. If the FASCINATOR equipment must be left
unattended and it is accessible to unauthorized users, it must
be zeroized in accordance with the operating instructions
(except as noted in Section IX, paragraph 18b(6)).

16. Destruction of Keying Material. Keying material
designated CRYPTO will be destroyed in accordance with CMS-4.
Keying material designated CRYPTO should be destroyed as soon as
possible after supersession, and may not be held for longer than 12
hours following supersession. All tape segments remaining in the
canister should be destroyed as soon as possible following
supersession. Used tape segments should be destroyed as soon as
possible after loading. The last copy of a used tape segment may
be held until the end of the cryptoperiod, but must be
appropriately protected and then destroyed. Since extra copies of
tape segments are provided, the KYK-13 should be zeroized after
successful loading.

17. The FASCINATOR equipment will be used in various
situations, sometimes with only one-person control; under this
circumstance, key tapes may be destroyed without a "witness of
destruction" signature on the user/destruction report. This
one-person destruction does not constitute a security violation
or require an incident report, but should be followed only as
an operational necessity and not as a user convenience. The
user organization will initiate efforts to have destruction
witnessed whenever possible.

SECTION IX - PHYSICAL SECURITY

18. The FASCINATOR equipment will be safeguarded in
accordance with the general provisions of CMS-4. In addition,
control for keyed and unkeyed .FASCINATOR equipment is as follows:

a. Unkeyed

(1) Access to unkeyed FASCINATOR equipment, unkeyed
KYK-13's, and unclassified key tapes may be granted to military and
civilian employees of the U.S. Government and U.S. Government
contractors whose duties require such access. Access may also be
granted to military and civilian employees of foreign governments
or international organizations to which the equipment has been
released. In cases of jointly conducted operations involving
non-U.S. Government personnel (e.g., State and local law
enforcement officers), the sponsoring entity should contact the CMC
(CCTO) for guidance.

ENCLOSURE (1)
5
FOR OFFICIAL USE ONLY


(2) Outside CONUS, FMF commanders or properly
delegated cognizant security authorities (G-2 and G-6) may grant
exceptions, under the conditions listed below, to permit non-U.S.
citizens unescorted access-to CCI's, regardless of the release
status of the CCI. The approval of the CMC must be obtained prior
to allowing such access by non-U.S. citizens of countries hostile
or unfriendly to the U.S. Information concerning these countries
may be obtained from the CMC (C4I2).

(a) Such access is in conjunction with
building maintenance, custodial duties, or other operational
responsibilities normally performed by such persons unescorted
in the area containing the equipment.

(b) The equipment is installed within a
facility which is recognized as a U.S. or combined facility, as
opposed to a host nation facility, even though the primary
staffing is by host nation personnel.

(c) The cognizant security authority has
determined that the risk of tampering with the equipment which
could result in compromise of U.S. information, is acceptable
in light of the local threat and vulnerability and the
sensitivity of the information being protected as indicated by
its classification, special security controls, and intelligence
life.

(3) Unkeyed FASCINATOR equipment will be controlled
and protected in a manner that affords protection at least equal to
that which is normally provided to other highly valued material
(i.e., approved safes, if available, locked file cabinets,
key-locked rooms, desks, containers, etc.).

b. Keyed

(1) Access to keyed FASCINATOR equipment, keyed
KYK-13 common-fill devices, and classified key tapes may be
granted to military and civilian employees of the U.S.
government and U.S. Government contractors whose duties require
such access and who possess appropriate U.S. Government
security clearances. Contractors requiring access to U.S.
classified cryptographic information must comply with
appropriate directives regarding special access controls. In
cases of jointly conducted operations involving non-U.S.
Government personnel (e.g., State and local law enforcement
officers), contact the CMC (POS) for guidance.

ENCLOSURE (1)
6
FOR OFFICIAL USE ONLY


(2) Access to key, keyed equipment, or fill
devices may be granted to military and civilian employees of
foreign governments or international organizations to which
the equipment has been formally approved for foreign release
if their duties require such access and they possess
appropriate security clearances.

(3) In addition to all of the requirements
for unkeyed CCI's (paragraphs 18a(2)(a), (b), and (c)),
the following conditions apply for unescorted access or use
by foreign personnel of keyed CCIs:

(a) The foreign personnel are
civilian employees of the U.S. Government or assigned to a combined
facility.

(b) The foreign personnel hold a
clearance issued by their government at least equal to the level of
the keyed equipment.

(c) The equipment remains U.S. property
and responsibility for the equipment is overseen by a U.S. citizen.

(d) The communications to be protected
are determined to be essential to the support of U.S. or combined
operations.
(e) U.S. users, communicating with such
terminals that are operated by or in the vicinity of foreign
personnel, are made aware of the non-U.S.-citizen status of the CCI
user.

(f) Keying of CCI's with classified U.S.
key must be done by U.S. personnel, but exceptions may be granted
by the CMC (CCT). Keying of CCI's with allied key or unclassified
U.S. key may be done by authorized foreign personnel.

(4) If the equipment is to be installed and
operated in a foreign country at a facility which is either
unmanned or manned entirely by non-U.S. citizens (in addition to
the requirements of paragraphs 18a and b above), special security
measures may be required; e.g., vault areas, locking bars, safes,
alarms, etc. Each such equipment installation must be approved in
advance by the CMC (CCT), on a case-by-case basis.


ENCLOSURE (1)
7
FOR OFFICIAL USE ONLY


NOTE: CCI's should not be moved from an environment, where
the tampering risk presented by non-U.S. citizen
access is acceptable, to a more sensitive environment
where the risk is not acceptable. If such action is
an operational necessity, the cognizant security
authority must approve the move and qualified COMSEC
maintenance personnel must examine all such CCI's for
signs of tampering. Any evidence of tampering shall
be reported as a COMSEC incident, and the CCI removed
from operational use pending notification from
Director, National Security Agency (DIRNSA).

(5) The keyed equipment must be protected in the
personal custody of the user during travel away from controlled
areas and appropriate storage facilities.

(6) If operational necessity should require that
keyed FASCINATOR equipment, mounted in a vehicle, be left
unattended, the vehicle must be locked. If unmounted (e.g.,
hand-held), it must be located in a locked compartment of the
vehicle (e.g., trunk).

c. Transportation. Transportation will be handled in
accordance with CMS-4.

Users should be aware of their surroundings and practice
acoustical security when receiving/sending classified
information to ensure that no unauthorized personnel overhear
the conversation. Users should ensure that the FASCINATOR
equipment is in the secure mode before transmitting classified
information.

SECTION X - EMERGENCY PROCEDURES

19. An organizational contingency plan for the orderly
destruction of the FASCINATOR module and key in the event of
hostile overrun should be established in accordance with CMS 4.
Reasonable efforts should be made to recover the equipment and its
related classified material lost through catastrophe, hostile
action, or mayhem. Human life or personal injury should not,
however, be risked in such recovery efforts.

SECTION Xl - MAINTENANCE

20. CMS-5 contains the training requirements which apply
to all persons who maintain COMSEC equipment, to include the


ENCLOSURE (1)
8
FOR OFFICIAL USE ONLY


FASCINATOR equipment. Authorized maintenance personnel need not be
cleared unless they require access to classified COMSEC
material/information to perform maintenance.

21. All unrepairable FASCINATOR SVMs will be
destroyed in accordance with CMS-5 or as directed by DCMS.

SECTION XII - INCIDENTS

22. CMS-4 contains a general listing of reportable
COMSEC incidents and reporting standards. While suspicious or
unusual occurrences may or may not be compromising, they must be
reported in accordance with CMS-4 for subsequent evaluation. In
addition, the following are reportable incidents:

a. Reportable Physical Incidents:

(1) Loss or unauthorized access to an SVM key
tape or segment thereof, keyed SVM, or a KYK-13 containing key.

(2) Attempted or successful sabotage of, or
tampering with, any of the classified SVM COMSEC materials or the
fill devices.

(3) Attempted or successful unauthorized
loading or extraction of SVM key.

(4) Actual or attempted maintenance of an SVM
by unqualified personnel.

(5) Use of any key tape for other than its
designated purpose unless approved by the CMC (CCT).

b. Reportable Cryptographic Incidents:

(1) User modification of the SVM, SIB, or
test set without approval of DCMS.

(2) Unauthorized extension of an SVM
cryptoperiod.

(3) Transmission in-the-clear of information
concerning the details of an SVM malfunction.

ENCLOSURE (1)
9
FOR OFFICIAL USE ONLY


APPROVED APPLICATIONS FOR THE FASCINATOR SVM


The Motorola FASCINATOR secure voice module is endorsed and
is approved for use with the MCX-100. Model numbers
authorized are:

MBD23EXAIJ00 K MBD23EXA7J00 K
MBT23EXAIJ00 K MBT23EXA7J00 K
MBD24EXAIJ00 K MBD24EXA7J00 K
MBT24EXAIJ00 K MBT24EXA7J00 K
MBD43EXAIJ00 K MDB43EXA7J00 K
MBT43EXAIJ00 K MBT43EXA7J00 K
MBD44EXAIJ00 K MBD44EXA7J00 K
MBT44EXAIJ00 K MBT44EXA7J00 K

Note: MCX-100 is not the SABRE radio.






ENCLOSURE (2)
1