21 November 1998
For comprehensive public TEMPEST information: http://www.eskimo.com/~joelm/tempest.html
| BY ORDER OF THE SECRETARY OF THE AIR FORCE |
AIR FORCE SYSTEMS SECURITY MEMORANDUM 7011 1 MAY 1998
|
|
Communications and Information EMISSION SECURITY COUNTERMEASURES REVIEWS |
||
COMPLIANCE WITH THIS PUBLICATION IS MANDATORY
NOTICE: This publication is available digitally on the AF IP WWW at: http://www.afca.scott.af.mil/ip/. If you lack access, contact your publications distribution office for assistance.
| OPR: HQ AFCS/GCIS (Dwight Bohl) Supercedes AFSSM 7011, 1 July 1996. |
Certified by: HQ AFCIC/SYNI (Neil Knowles) |
According to Air Force Instruction (AFI)
33-203, Emission Security, this Air Force systems security
memorandum (AFSSM) provides guidance for making the emission security (EMSEC)
countermeasures reviews for the control of compromising emanations, NONSTOP,
and HIJACK. Use this AFSSM in conjunction with
Air Force Systems Security Instruction
(AFSSI) 7010 (S), Emission Security Assessments (U). Use of
extracts is encouraged. Direct questions and comments on the contents of
this memorandum through appropriate command channels to Headquarters Air
Force Communications Agency (HQ AFCA/GCI), 203 West Losey Street, Room 2040,
Scott AFB IL 62225-5234. Refer recommended changes and conflicts between
this and other publications, using AF Form 847, Recommendation for
Change of Publication, to HQ AFCA/GCIS, 203 West Losey Street, Room
2040, Scott AFB IL 62225-5234. The Glossary of References and Supporting
Information is at Attachment 1. The * symbol indicates new or changed information
[Asterisks (*) omitted; and unexplained bullets (·) omitted].
SUMMARY OF REVISIONS
This document was substantially revised and must be completely
reviewed. This revision aligns the AFSSM with AFI 33-203 and AFSSI
7010 (S) and brings the process of defining the inspectable space from AFSSI
7010 (S) to this document. It deletes the TEMPEST Profile Data List as a
source of equipment TEMPEST profile information and establishes the TEMPEST
Zone Assignment for Information Processing Equipment (TZAIPE) as the prime
source. It removes the separate directions for completing the countermeasures
reviews from each countermeasures review chapter and places a common set
of directions in an added chapter. It changes the validation process and
includes guidance for EMSEC certification. Chapter 8 is rewritten to provide
the reader a better description of the vulnerability associated with a
countermeasure, what the countermeasure is, what the countermeasure does,
what conditions negate the need for the countermeasure, guidance on how to
apply the countermeasure when required, and alternatives. It adds new attachments
containing generic profile information for equipment and common requirements
for administrative communications countermeasures. It adds special guidance
to the HIJACK procedures when a Secure Telephone Unit III (STU-III) is used
to secure equipment such as facsimiles and computers, and addresses the unique
requirements for the cryptographic system KIV-7. It removes countermeasure
application requirements from Chapter 8 and puts that guidance in Attachments
3 through 11. It deletes the separate attachment on administrative telephones
and intercoms and puts that guidance in the countermeasures review Attachments
3 through 11, and in Chapter 8. It deletes the attachment on secure voice
systems since this guidance is no longer needed.
Chapter 1 Introduction
1.1. General
1.2. Emission Security Countermeasures Reviews
1.3. Completing the Countermeasures Reviews
1.4. Maintaining Emission Security
1.5. Emission Security Testing
1.6. Emission Security Countermeasures 6
Chapter 2 The Control of Compromising Emanations Countermeasures Review
2.1. Introduction
2.2. Systematic Approach
2.3. Application Requirement
2.4. Identify the Inspectable Space
2.5. Identify Equipment TEMPEST Characteristics
2.6. Selecting Countermeasures
2.7. Estimating Cost
2.8. Analyzing the Results
2.9. Documenting the Results
2.10. Completing the Control of Compromising Emanations Countermeasures Review
Chapter 3 The NONSTOP Countermeasures Review
3.1. Introduction
3.2. Installation Requirement
3.3. Transmitting Equipment
3.4. Receiving Equipment
3.5. Special Items
3.6. Estimating Cost
3.7. Analyzing the Results
3.8. Documenting the Results
3.9. Completing the NONSTOP Countermeasures Review
Chapter 4 The HIJACK Countermeasures Review
4.1. Introduction
4.2. Installation Requirement
4.3. Processing Classified National Security Information
4.4. Secure Telephone Unit-III
4.5. Cryptographic System KIV-7
4.6. Changing From Unclassified to Classified Processing
4.7. Analyzing the Results
4.8. Documenting the Results
4.9. Completing the HIJACK Countermeasures Review
Chapter 5 Completing the Countermeasures Reviews
5.1. Introduction
5.2. Classification Marking
5.3. Authentication Documentation
5.4. Tracking and Address Information
5.5. Validating the Countermeasures Reviews
5.6. Inform the User
5.7. Date
5.8. Apply the Countermeasures
5.9. Emission Security Inspection
5.10. Waivers
5.11. Emission Security Certification 215.12. File Copy
Chapter 6 Emission Security Maintenance
6.1. Maintaining Equipment and Countermeasures
6.2. Maintenance Requirements
6.3. Ensuring the Integrity of TEMPEST-Certified Equipment
6.4. When Not to Maintain the TEMPEST Integrity
6.5. Transportation of Equipment for Maintenance
6.6. Repair Facilities
6.7. Emission Security Documentation-of-Maintenance Requirements
6.8. Disposing of TEMPEST-Certified Equipment
Chapter 7 Emission Security Testing
7.1. Purpose of Testing
7.2. Kinds of Emission Security Tests
7.3. When to Test
7.4. Requesting a Test
7.5. Emission Security Test Results 26
Chapter 8 Emission Security Countermeasures
8.1. Introduction
8.2. Fundamentals of Compromising Emanations
8.3. Requirement-Contain Compromising Emanations
8.4. Containing Radiated Compromising Emanations
8.5. Containing Conducted Compromising Emanations
8.6. RED and BLACK Concept
8.7. RED and BLACK Equipment
8.8. Countermeasure-RED Equipment and BLACK Equipment Separation
8.9. Countermeasure-RED Equipment and BLACK Signal Wire Line Separation
8.10. Countermeasure-RED Equipment and BLACK Power Line Separation
8.11. Countermeasure-RED Equipment and BLACK Signal Ground Wire Separation
8.12. Countermeasure-RED Equipment and Fortuitous Conductor Separation
8.13. Requirement-Low-Level Signaling
8.14. Signal Lines
8.15. RED and BLACK Signal Wire Lines
8.16. Countermeasure-RED Signal Wire Line and BLACK Equipment Separation
8.17. Countermeasure-RED Signal Wire Line and BLACK Signal Wire Line Separation
8.18. Countermeasure-RED Signal Wire Line and BLACK Power Line Separation
8.19. Countermeasure-RED Signal Wire Line and BLACK Signal Ground Wire Separation
8.20. Countermeasure-RED Signal Wire Line and Fortuitous Conductor Separation
8.21. Shielded Signal Wire Lines
8.22. Fiber Optic Signal Lines
8.23. Countermeasure-Shielded RED Signal Wire Line
8.24. Countermeasure-Shielded BLACK Signal Wire Line
8.25. Countermeasure-BLACK Signal Wire Line Isolation
8.26. RED and BLACK Power
8.27. Countermeasure-RED Power
8.28. Countermeasure-Filtered RED Power
8.29. Countermeasure-RED Power Line and BLACK Equipment Separation
8.30. Countermeasure-RED Power Line and BLACK Signal Wire Line Separation
8.31. Countermeasure-RED Power Line and BLACK Power Line Separation
8.32. Countermeasure-RED Power Line and BLACK Signal Ground Wire Separation
8.33. Countermeasure-RED Power Line and Fortuitous Conductor Separation
8.34. Introduction to Grounds
8.35. RED and BLACK Signal Grounds
8.36. Countermeasure-RED Signal Ground Wire and BLACK Equipment Separation
8.37. Countermeasure-RED Signal Ground Wire and BLACK Signal Wire Line Separation
8.38. Countermeasure-RED Signal Ground Wire and BLACK Power Line Separation
8.39. Countermeasure-RED Signal Ground Wire and BLACK Signal Ground Wire Separation
8.40. Countermeasure-RED Signal Ground Wire and Fortuitous Conductor Separation
8.41. Countermeasure-BLACK Signal Ground Wire and BLACK Equipment Separation
8.42. Countermeasure-BLACK Signal Ground Wire and BLACK Signal Wire Line Separation
8.43. Countermeasure-BLACK Signal Ground Wire and BLACK Power Line Separation
8.44. Countermeasure-BLACK Signal Ground Wire and Fortuitous Conductor Separation
8.45. Ground Checks
8.46. Fortuitous Conductors
8.47. Countermeasure-Fortuitous Conductor Isolation
8.48. Distribution Facilities
8.49. Countermeasure-Distribution Facility Installation
8.50. Countermeasure-TEMPEST-Certified Equipment
8.51. Countermeasure-Shielding
8.52. Countermeasure-Telephone Systems
8.53. Countermeasure-Intercom and Public Address Systems
8.54. Countermeasure-Local Area Networks
8.55. Countermeasure-Comfort Music Systems
8.56. Countermeasure-Cable Television Systems
8.57. Countermeasure - Television-Video Cassette Recorder Systems
8.58. Secure Telephone Unit-III
8.59. Timing and Control Lines Installation Guidance
8.60. Utility Control Cables
8.61. Operating and Maintenance Practices
8.62. Control of RED Equipment
Tables
2.1. Countermeasures Requirements.
3.1. Separation Requirements for Transmitters.
3.2. Separation Requirements for Signal and Control Wire Lines.
3.3. Separation Requirements for Receivers.
A2.1. Generic Zone Assignments.
Figures
A13.1. Unclassified Sample, Completed EMSEC Countermeasures Reviews Documentation.
A13.2. Sample Base Map of Area.
A13.3. Sample Map of Office.
A16.1. Attenuation Characteristics of Analog Signal Wire Line Filters.
A16.2. Filter Ranges.
1. Glossary of Terms and Supporting Information
2. Generic Zone Assignments
3. Facility Zone A, Equipment Zone A
4. Facility Zone B, Equipment Zone A
5. Facility Zone C, Equipment Zone A
6. Facility Zone A, Equipment Zone B
7. Facility Zone B, Equipment Zone B
8. Facility Zone C, Equipment Zone B
9. Facility Zone A, Equipment Zone C
10. Facility Zone B, Equipment Zone C
11. Facility Zone C, Equipment Zone C
12. Applying Administrative Communications Countermeasures
13. Documenting the Countermeasures Reviews
14. Emission Security Testing
15. Shielded Cables
16. Filters and Isolators
17. Transportable Systems in a Tactical Environment
18. Aircraft
19. Maintenance of Shielded Enclosures
INTRODUCTION
1.1. General. The objective of EMSEC is to identify requirements from the broader view of information protection (IP) and provide the appropriate protection at the least possible cost. Key to this is a partnership between the IP office and the user. The IP office assesses the need for EMSEC; determines the required countermeasures; advises commanders of vulnerabilities, threats, and risks; and recommends a practical and feasible course of action. The Air Force approach to EMSEC provides a balanced approach not only to the control of compromising emanations, NONSTOP, and HIJACK, but to communications security (COMSEC); computer security (COMPUSEC); and security awareness, training, and education as well. The national managers used risk management principles to develop the minimum requirements identified in this memorandum. Since the risk has been accepted at the national level, no further risk can be accepted.
1.2. Emission Security Countermeasures Reviews. Like the EMSEC assessments, there are three EMSEC countermeasures reviews: the control of compromising emanations, NONSTOP, and HIJACK. Each review is completed separate from the others and without regard to the outcome of the others.
1.2.1. Control of Compromising Emanations. Follow the guidance in Chapter 2 for the control of compromising emanations countermeasures review.1.2.2. NONSTOP. Follow the guidance in Chapter 3 for the NONSTOP countermeasures review.
1.2.3. HIJACK. Follow the guidance in Chapter 4 for the HIJACK countermeasures review.
1.3. Completing the Countermeasures Reviews. After selecting and documenting the needed countermeasures, complete the countermeasures review. Classification marking, authentication, tracking, validation, informing the user, inspection, certification, and filing procedures are in Chapter 5.
1.4. Maintaining Emission Security. The user must properly maintain the EMSEC countermeasures and equipment used to process classified national security information. Follow the guidance in Chapter 6.
1.5. Emission Security Testing. Sometimes EMSEC testing is needed to meet EMSEC requirements. Follow the guidance in Chapter 7 to request EMSEC testing.
1.6. Emission Security Countermeasures. The numerous countermeasures used in EMSEC are discussed in Chapter 8. For each countermeasure there is a discussion of the problem requiring a countermeasure, what the countermeasure is, what the countermeasure does, what conditions negate the need for the countermeasure, and how to apply the countermeasure when required.
THE CONTROL OF COMPROMISING EMANATIONS COUNTERMEASURES REVIEW
2.1. Introduction. When the need to control compromising emanations is indicated by the control of compromising emanations assessment, make a control of compromising emanations countermeasures review to determine the required countermeasures. The possibility of the intercept of compromising emanations is a function of many variables. Chief among these are the:
2.1.1. Amount of inspectable space surrounding the systems processing classified national security information.2.1.2. Radiation characteristics of the systems processing classified national security information.
2.1.3. Radio frequency attenuation offered by the facility containing the systems processing classified national security information.
2.1.4. Fortuitous conductors near the systems processing classified national security information.
2.2. Systematic Approach. The Air Force uses a systematic approach to determine the required countermeasures and the degree to which they are applied. Consider the following:
2.2.1. Location. The geographic location where the information is processed, the proximity to establishments of countries on the national security threat list, and other countries that could pose a technical threat to the information.2.2.2. Volume of Information Processed. The percentage or volume of processed information at the UNCLASSIFIED, SENSITIVE, CONFIDENTIAL, SECRET, and TOP SECRET level. Although exact figures will not normally be available, establish a best estimate for each classification level.
2.2.3. Sensitivity of Information Processed. The sensitivity of the processed information (for example, Department of Energy - Restricted Data; Director of Central Intelligence - Sensitive Compartmented Information; Joint Staff - Single Integrated Operations Plan. This is useful in determining the likelihood that an adversary may target the facility.
2.2.4. Perishability of Information Processed. The processed information has either long-term value (for example, strategic) or short-term value (for example, tactical). Long-term information requires a more conservative approach to selecting countermeasures than short-term information.
2.2.5. Physical Control. The physical and access control for the facility and area containing the system under review. This includes guards (number, hours of posting, patrols, etc.), badging, control of access to the facility, alarms, procedures to monitor or control uncleared or unauthorized personnel including custodial and janitorial personnel, vending personnel, and telephone and power maintainers and installers. Determine the level of authority that exists for the inspection or removal of personnel who could potentially exploit compromising emanations. Examine the posting of warning signs and the implementation of procedures in effect to exercise control over parking and other areas adjacent to or in close proximity to the facility containing the system under review.
2.2.6. TEMPEST Profile of Equipment. The generic or actual TEMPEST profile information for each equipment or system used to process classified national security information in the facility. Consider existing on-site EMSEC test results for the facility.
2.3. Application Requirement. Apply countermeasures according
to the instructions in this chapter. The control of compromising emanations
countermeasure requirements are separate from other EMSEC requirements. Apply
them even when there are no other EMSEC requirements.
2.4. Identify the Inspectable Space. When it is required to control compromising emanations, contain them within the inspectable space. In the planning stages for large projects, the user contacts the IP office as soon as possible. The IP office contacts resource protection personnel within the security police office and others responsible for constructing or modifying a building. Even for projects as small as the acquisition of a personal computer, the user consults with the IP office early to identify physical security requirements. Adopt measures to meet the security requirements that are effective, practical, and compatible with local policies and provisions.
2.4.1. The IP Office. The IP office identifies the inspectable space using the guidance in paragraph 2.4.3 and indicates it on a map. Attach the map to the Air Force Communications Security (AFCOMSEC) Form 7001, Emission Security Assessments/Emission Security Countermeasures Reviews, documenting the control of compromising emanations countermeasures review.2.4.2. The Certified TEMPEST Technical Authority (CTTA). The CTTA reviews the map and validates the identified inspectable space as complying with national guidance. This determines the inspectable space. The Defense Intelligence Agency (DIA/DAC-2A) determines inspectable space for DIA accredited sensitive compartmented information facilities.
2.4.3. Identifying the Inspectable Space. The inspectable space is not intended to prevent an adversary from making a technical attack but is intended to identify the area where the chance of discovery is too risky thereby deterring an adversary. Therefore, the inspectable space takes advantage of existing physical security.
2.4.3.1. Inspectable space is defined as "the three-dimensional space surrounding systems that process classified or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify or remove a potential TEMPEST exploitation exists." This definition is explained as follows:2.4.3.1.1. Three-Dimensional Space. This term means up and down as well as around.2.4.3.1.2. Not Practical. What is considered not practical? Put yourself in the place of a spy manager. You have this person with a high level of technical knowledge, trained in testing and analysis, and 3 to 5 years of experience. You equip this person with some equipment (not specially built but it is expensive in total cost; several receivers, demodulators, oscilloscope, video monitor, a couple of recorders, and accessories). So, how much risk are you going to take with this person? It is extremely unlikely that you will direct this person to set up a TEMPEST exploitation operation on a military installation. If the information is vital and this is the only way to get the information, you might, but it's very risky because the person will have to get very close since they will apply many countermeasures. So, as the IP office, keep this in mind when identifying inspectable space.
2.4.3.1.3. Legal Authority to Identify or Remove a Potential TEMPEST Exploitation. The U.S. Government certainly has that authority on every base in the United States, but, what about bases under foreign control? On some bases under foreign control, the U.S. Government does have the authority to identify or remove, in concert with the host nation's security people. That counts. What about a base in a country where the U.S. Government has all that but the host country has areas where U.S. personnel are not authorized to visit, either not at all or not without prior notice. The key here is access. If prior notice of less than an hour is required, then the U.S. Government has access. If prior notice of more than one hour is required, then the U.S. Government does not have access and that area is not considered as inspectable space.
2.4.3.2. Take advantage of circumstances that keep adversaries away or increase either the physical distance or the zone rating. Six inches of reinforced concrete provides a nominal 20 decibels of attenuation. When the inspectable is defined in distance, a wall, floor, or ceiling of reinforced concrete six inches thick will add one zone level to the inspectable space in that direction, e.g. when the inspectable space is one meter but less than 20 meters (zone A) the inspectable space becomes zone B or when the inspectable space is 20 meters but less than 100 meters (zone B) the inspectable space becomes zone C, etc. This is because the zones are 16 decibels apart.
2.4.3.3. Indicate all offices and areas on the base or installation where non-U.S. Government persons work alone (for example, a contractor [unless the contractor is processing classified national security information and doing the same job formerly performed by cleared U.S. Government personnel]). Identify all non-U.S. Government offices and areas on the base or installation.
2.4.3.4. Indicate all offices and areas on the base or installation where foreign nationals work alone. Identify the nationality and purpose of all foreign national offices and areas on the base or installation. Identify if the foreign national office has the right to refuse U.S. personnel entry for more than an hour.
2.4.4. Identify the Inspectable Space Boundary. Base the decision on how willing an adversary is to risk an asset and U.S. Government access to areas considered as inspectable space.
2.4.5. Multiple Use. Once the inspectable space is identified, it can be used for all other countermeasures reviews of systems within that inspectable space.
2.4.6. When Changes Occur. Reaccomplish all control of compromising emanations countermeasures reviews when the inspectable space shrinks or expands.
· 2.5. Identify Equipment TEMPEST Characteristics. The methods for identifying the equipment TEMPEST characteristics are listed in preferred sequence. Ask your major command (MAJCOM) IP office for assistance if you do not have the information you need.
2.5.1. Equipment TEMPEST Zone Rating. Use the TZAIPE to find the equipment TEMPEST zone ratings. Obtain this from the MAJCOM IP office.2.5.2. TEMPEST Level Rating. Use the level assignment (I, II, or III) for the system based on EMSEC test results. The Equipment Radiation TEMPEST Zone (ERTZ) may be used if known.
2.5.3. Generic Zone Assignment. HQ AFCA/GCIS developed the generic zone assignment and is an average of like equipment. Use attachment 2 for the zone assignment for the kind of equipment used.
2.5.4. Other Guidance. If none of the above information is known, use the category "All Other RED Equipment."
2.6. Selecting Countermeasures. Use Table 2.1 to identify the attachment (3 through 11) containing the basic selection of countermeasures. To do this, find the column across the top of Table 2.1 that includes the facility zone rating or the minimum amount of inspectable space identified in paragraph 2.4. Then find the row along the left side of Table 2.1 that includes the worst case equipment TEMPEST characteristics identified in paragraph 2.5. Follow the column down and the row in until they intersect.
Table 2.1. Countermeasures Requirements. Facility Zone or Inspectable Space (IS) Facility Zone A or IS less than 20m Facility Zone B or IS more than 20m, less than Facility Zone C or IS more than 100m Equipment 100m Zone A, or ERTZ = 1m, or meets NSTISSAM TEMPEST/1-92 (C), Level I Go to Attachment 3 Go to Attachment 4 Go to Attachment 5 Zone B, or ERTZ = 1m to 20m, or meets NSTISSAM TEMPEST/1-92 (C), Level II Go to Attachment 6 (See Note) Go to Attachment 7 Go to Attachment 8 Zone C, or ERTZ = 20m to 100m, or meets NSTISSAM TEMPEST/1-92 (C),Level III, or All Other RED Equipment Go to Attachment 9 (See Note) Go to Attachment 10 (See Note) Go to Attachment 11 NOTE: This installation may create serious TEMPEST hazards. Contact your CTTA to evaluate the actual TEMPEST zone test results for the equipment and the facility to determine if you can use the equipment in the facility. |
2.6.1. Apply those countermeasures identified as required unless there is a reason not to. Look for a reason not to apply a countermeasure. The bottom line is: apply it if it's needed, don't apply it if it isn't. Explain why each deselected required countermeasure was not selected. A waiver is not needed for any deselected required countermeasure since the requirement for protection has been met.2.6.2. Consider other listed countermeasures within the attachment using the environment and the TEMPEST characteristics of the equipment. Do not select one unless there is a reason to apply it. Base the selection of any additional countermeasures on the situation (sensitivity, perishability, threat level, inspectable space, equipment TEMPEST profile, construction, and layout). Explain why each selected non-required countermeasure was selected.
2.6.3. To aid the EMSEC person making a countermeasures review, a brief discussion of each countermeasure is contained in Chapter 8. The discussion identifies the basic compromising emanation problem the countermeasure is designed to control and contains an explanation of how the countermeasure works. When there are options, optional ways to apply a countermeasure are identified.
2.7. Estimating Cost. Estimate the cost of each selected countermeasure and enter that cost after the countermeasure on the AFCOMSEC Form 7001.
2.8. Analyzing the Results. Analyze the results and determine if they are acceptable (that is, reasonable, practical, and cost effective). If the results are not acceptable, request assistance from your MAJCOM IP office. If the results are acceptable, continue.
2.9. Documenting the Results. The IP office documents the results identifying the required countermeasures on AFCOMSEC Form 7001, Part II, following the instructions in Attachment 13.
2.10. Completing the Control of Compromising Emanations Countermeasures Review. If the NONSTOP or HIJACK assessment indicated the need for either a NONSTOP or HIJACK countermeasures review, make the NONSTOP or HIJACK countermeasures review before completing the countermeasures reviews according to Chapter 5.
THE NONSTOP COUNTERMEASURES REVIEW
3.1. Introduction. When the need for NONSTOP countermeasures is indicated by the NONSTOP assessment, the NONSTOP countermeasures review determines the required countermeasures. Selection is a function of many variables. Chief among these are the:
3.1.1. Separation distance between RED equipment and radio equipment.3.1.2. Radiation characteristics of the systems processing classified national security information.
3.1.3. Radio frequency attenuation offered by the facility containing the systems processing classified national security information.
3.2. Installation Requirement. Install equipment that processes classified national security information according to the instructions in this chapter. The NONSTOP installation requirements are separate from other EMSEC requirements. Meet them even when there are no other EMSEC requirements.
3.3. Transmitting Equipment.
3.3.1. Equipment Separation Requirements. Separation guidance for fixed transmitters is based on the TEMPEST characteristics of the RED equipment. Separate RED equipment from transmitters according to Table 3.1.3.3.2. Power Requirements. Do not power RED equipment from the same electrical circuit as radio frequency transmitters. Install a separate power circuit for either the RED equipment or the radio frequency transmitter. The separate power circuit is established at the circuit breaker panel. It is permissible to power both from the same electrical circuit if either the RED equipment or the radio frequency transmitter is equipped with power line filters.
Equipment Radiation TEMPEST Zone SEPARATION DISTANCE HZone A, or less than 3 meters 3 meters HZone B, or 3 meters to 20 meters 5 meters HZone C, or 20 meters to 100 meters 10 meters HZone D, or over 100 meters 20 meters |
3.3.3. Signal and Control Lines Separation Requirements. These are BLACK signal lines. If they are wire lines:3.3.3.1. Separate, by the distance specified in Table 3.2, signal and control wire lines for transmitters from RED equipment, or shield them.3.3.3.2. Separate signal and control wire lines for transmitters from RED signal wire lines, RED power lines, and RED signal ground wires as specified in the applicable control of compromising emanations attachment (3 through 11).
3.3.3.3. There are no separation requirements for fiber optic signal and control lines.
3.3.4. Shielding Alternative. An alternative to separating transmitters and RED equipment is shielding; either the RED equipment or the transmitter. If the transmitter is shielded, a part of the shielding must include the antenna lead. Use shielded coaxial cable and circumferentially bond the cable shield to the shielded enclosure.
Table 3.2. Separation Requirements for Signal and Control Wire Lines. Equipment Radiation TEMPEST Zone SEPARATION DISTANCE Zone A, or less than 3 meters 1 meter Zone B, or 3 meters to 20 meters 2 meters Zone C, or 20 meters to 100 meters 3 meters
Zone D, or over 100 meters 5 meters |
3.4. Receiving Equipment.
3.4.1. Equipment Separation Requirements. Separation guidance for fixed receivers is based on the TEMPEST characteristics of the RED equipment. Separate RED equipment from receivers according to Table 3.3.3.4.2. Power Requirements. Do not power RED equipment from the same electrical circuit as radio frequency receivers. Install a separate power circuit for either the RED equipment or the radio frequency receiver. The separate power circuit is established at the circuit breaker panel. It is permissible to power both from the same electrical circuit if either the RED equipment or the radio frequency receiver is equipped with power line filters.
3.4.3. Signal and Control Lines Separation Requirements. These are BLACK signal lines. If they are wire lines:
3.4.3.1. Separate, by at least 1 meter, signal and control wire lines for receivers from RED equipment, or shield them.3.4.3.2. Separate, as specified in the applicable control of compromising emanations attachment (3 through 11), signal and control wire lines for receivers from RED signal wire lines, RED power lines, and RED signal ground wires.
3.4.3.3. There are no separation requirements for fiber optic signal and control lines.
3.4.4. Shielding Alternative. An alternative to separation is shielding; either the RED equipment or the receiver. If the receiver is shielded, a part of the shielding must include the antenna lead. Use shielded coaxial cable and circumferentially bond the cable shield to the shield around the receiver.
Table 3.3. Separation Requirements for Receivers. Equipment Radiation TEMPEST Zone SEPARATION DISTANCE HZone A, or less than 3 meters 1 meter HZone B, or 3 meters to 20 meters 2 meters HZone C, or 20 meters to 100 meters 5 meters
HZone D, or over 100 meters 5 meters |
3.5. Special Items. People may innocently introduce other
radio devices, such as pagers, hand-held portable transceiver radios, cellular
telephones, cordless telephones, and cordless microphones into the area
processing classified national security information with disastrous results.
Also, alarm systems may use radio transmitters to alert remotely located
security or fire-fighting teams.
3.5.1. Hand-Held Radios. Hand-held radio transceivers used with intrabase radios (sometimes abbreviated IBR) and land mobile radios (sometimes abbreviated LMR) deserve special consideration because of their unique operational applications. A person may carry these devices into an area where classified national security information is processed. If the person carrying such a device works in the facility, either turn off the device and use the telephone or separate it 2 meters from classified processors; no transmissions are allowed. If the person carrying the device is a short-term visitor, it is not necessary to turn off the radio because the visitor usually moves about in the facility. Infrequent transmissions are allowed, but only for short durations.3.5.2. Beepers and Pagers. Beepers and pagers deserve special consideration because of their unique operational applications. A person may carry these devices into an area where classified national security information is processed. If the person carrying such a device works in the facility, either turn off the device and use the telephone or keep the device 2 meters from classified processors. If the person carrying the device is a short-term visitor, it is not necessary to turn off the device because the visitor usually moves about in the facility. If the device has a transmit capability, follow the instructions for hand-held radios.
3.5.3. Alarm Systems. The mode of operation of alarm systems radio frequency transmitters will determine their treatment. Any such transmitter with a continuous transmit mode or a high duty cycle (transmits most of the time) must meet the same separation requirements as all other fixed transmitters. If they do not meet these requirements, exclude them from operating in the classified national security information processing area. Low duty cycle (transmits short bursts infrequently) systems are not considered hazards and require no special treatment.
3.5.4. Cellular Telephones. When a cellular telephone is used as an operational necessity, separate it 5 meters from RED equipment. When the cellular telephone is a personal asset, its use is prohibited. Disable the unit from receiving calls or separate it 10 meters from RED processors.
3.5.5. Cordless Telephones. When a radio frequency cordless telephone is used as an operational necessity, separate it 5 meters from RED equipment. When the cordless telephone is a personal asset, its use is prohibited. Disable the personal cordless telephone from receiving calls or separate it 10 meters from RED processors. There are no separation requirements for infrared cordless telephones.
3.5.6. Cordless Microphones.
3.5.6.1. Radio Frequency Cordless Microphones. When a radio frequency cordless microphone, encrypted or unencrypted, is used for briefing either classified national security information or unclassified information, separate it 10 meters from RED equipment. Using unencrypted radio frequency cordless microphones for classified briefings is prohibited.3.5.6.2. Infrared Cordless Microphones. Using an infrared cordless microphone for briefing classified national security information requires a closed room: keep the doors closed and cover the windows with drapes.
3.5.7. Cordless Keyboards. When a radio frequency cordless keyboard is used, separate it 10 meters from RED equipment. Radio frequency cordless keyboards cannot be used to process classified national security information unless encrypted.
3.5.8. Wireless Local Area Networks. When a radio frequency wireless local area network is used, separate the transmitter and receiver units 10 meters from RED equipment.
3.6. Estimating Cost. Estimate the cost of each selected countermeasure and enter that cost after the countermeasure on the AFCOMSEC Form 7001.
3.7. Analyzing the Results. Analyze the results and determine if they are acceptable (that is, reasonable, practical, and cost effective). If the results are not acceptable, request assistance from your MAJCOM IP office. If the results are acceptable, continue.
3.8. Documenting the Results. Document the results that identify the required countermeasures on AFCOMSEC Form 7001, Part II, following the instructions in Attachment 13.
3.9. Completing the NONSTOP Countermeasures Review. If the HIJACK assessment indicated the need for a HIJACK countermeasures review, make the HIJACK countermeasures review before completing the countermeasures reviews according to Chapter 5.
THE HIJACK COUNTERMEASURES REVIEW
4.1. Introduction. When the need for HIJACK countermeasures is indicated by the HIJACK assessment, the HIJACK countermeasures review determines the required countermeasures. The possibility of the escape of classified national security information is a function of many variables. Chief among these are the:
4.1.1. Separation distance between RED equipment and cryptographic equipment.4.1.2. Radiation characteristics of the systems processing classified national security information.
4.1.3. Type of information processed.
4.2. Installation Requirement. Install cryptographic equipment according to the instructions in this chapter. The HIJACK installation requirements are separate from other EMSEC requirements. Meet them even when there are no other EMSEC requirements.
4.3. Processing Classified National Security Information. STU-III and KIV-7 are excluded from this guidance. In a facility where all the equipment on the RED side of the cryptographic equipment is considered RED, the installation of the cryptographic equipment must follow the installation standards in the technical publications related to the cryptographic equipment. If not specified:
4.3.1. Connect the cryptographic equipment to BLACK power. Shield the BLACK power distribution facility when not costly.4.3.2. Shield both the RED and BLACK signal wire lines. Connect the shields to the appropriate RED and BLACK signal grounds. Cryptographic equipment are designed for use with shielded cables. The shields from these cables are grounded through the connector backshell to the appropriate ground in the equipment.
4.3.3. RED and BLACK signal grounds are required except for:
4.3.3.1. Facilities where less than five percent of the total volume of information processed is classified national security information.4.3.3.2. Installations having less than five RED equipment or encompassing less than 300 square meters.
4.3.4. Separate cryptographic equipment from:
4.3.4.1. RED equipment and BLACK equipment by 1 meter. Separate cryptographic equipment from TEMPEST-certified equipment by 5 centimeters.4.3.4.2. Power lines by 5 centimeters.
4.3.4.3. RED and BLACK signal wire lines by 5 centimeters.
4.3.5. Separate, by 5 centimeters, the RED and BLACK signal cables connected to the cryptographic equipment.
4.3.6. Separate, by 1 meter, RED and BLACK patch panels and connection facilities (for example, distribution frames).
4.4. Secure Telephone Unit-III. Do the following when connecting ancillary items such as computers and facsimiles to the secure digital data port:
4.4.1. Separate the STU-III 1 meter from the RED equipment.4.4.2. Use the manufacturer's shielded cable to connect the STU-III to the RED equipment. If the manufacturer's shielded cable is not available, use a generic shielded cable.
4.5. Cryptographic System KIV-7. Do the following when using a KIV-7 to secure a computer:
4.5.1. Use the KIV-7 manufacturer's supplied cables. There are two sets: one for installing the KIV-7 in the computer and a different set when installing the KIV-7 external to the computer.4.5.2. Use the manufacturer's supplied rack when installing the KIV-7 external to the computer.
4.5.3. Separate modems 1 meter from the KIV-7 and the RED computer.
4.5.4. There are no separation requirements between the KIV-7 and the RED computer.
4.6. Changing From Unclassified to Classified Processing. If the facility has equipment on the RED side of the cryptographic equipment that does not process classified national security information now but may process classified national security information in the future, follow these special installation procedures for this unique channel. There are two conditions that may exist:
4.6.1. Condition One. If the facility is all BLACK, then treat the potentially RED equipment on the RED side of the cryptographic equipment as RED equipment.4.6.1.1. Isolate the potentially RED equipment in the same way that RED equipment is isolated. That is, no unprotected connections outside the future secure area.4.6.1.2. Separate the potentially RED equipment from other BLACK equipment as if it were RED equipment.
4.6.1.3. Follow the installation guidance in paragraph 4.5.
4.6.2. Condition Two. If the facility presently contains some RED equipment, and the user cannot properly isolate the potentially RED equipment on the RED side of the cryptographic equipment to meet RED equipment standards (for instance, it is connected to outside BLACK sources), then separate it from the RED equipment as well as other BLACK equipment. Follow the guidance in paragraph 4.5, modified as follows:
4.6.2.1. Provide a separate (third) RED distribution facility, RED patch panel, and RED connection facilities (for example, distribution frames).4.6.2.2. Shield the RED and BLACK wires associated with this channel.
4.6.2.3. Provide a separate (third) RED signal ground as required.
4.6.2.4. Connect the RED cable shields, RED signal ground on the cryptographic equipment, and the potential RED equipment associated with this channel to the third RED signal ground.
4.7. Analyzing the Results. Analyze the results and determine if they are acceptable (that is, reasonable, practical, and cost effective). If the results are not acceptable, request assistance from your MAJCOM IP office. If the results are acceptable, continue.
4.8. Documenting the Results. Document the results that identify the required countermeasures on AFCOMSEC Form 7001, Part II, following the instructions in Attachment 13.
4.9. Completing the HIJACK Countermeasures Review. Complete the countermeasures reviews according to Chapter 5.
COMPLETING THE COUNTERMEASURES REVIEWS
5.1. Introduction. Completing the EMSEC countermeasures reviews for the control of compromising emanations, NONSTOP, and HIJACK requires: authenticating and validating the control of compromising emanations, NONSTOP, and HIJACK countermeasures reviews; applying the countermeasures; inspecting the system; and certifying EMSEC requirements have been met. All this is documented on AFCOMSEC Form 7001. If the countermeasures reviews are made by a person other than the one who made the EMSEC assessments, use a new AFCOMSEC Form 7001 for the countermeasures reviews. Enter the same tracking number for this AFCOMSEC Form 7001 for the countermeasures reviews as was used on the AFCOMSEC Form 7001 documenting the EMSEC assessments. Use the same tracking number when the countermeasures reviews are documented on an AFCOMSEC Form 7001 different from the assessments.
5.2. Classification Marking. Re-mark the completed AFCOMSEC Form 7001 with the highest classification of information contained on the form if higher than CONFIDENTIAL. As a minimum, cross out or mark through the "When Filled In" part of the classification marking at the top and bottom, front and back, of the form. Enter the date in the upper right-hand box that is 10 years from the date of the EMSEC countermeasures reviews in block 6c, AFCOMSEC Form 7001 (see paragraph 5.7).
5.3. Authentication Documentation. Type or print the name of the IP person, organization, and office symbol making the EMSEC assessments in block 6a of AFCOMSEC Form 7001. The IP person signs the form in this block. Signing by the IP person establishes EMSEC requirements the user must adhere to according to AFI 33-203. When a CTTA makes the EMSEC countermeasures reviews, use "CTTA" as the organization and office symbol. The CTTA signs the form in this block.
5.4. Tracking and Address Information. To avoid unnecessary costs associated with mailing classified documents, CTTA validation will be made by separate, unclassified correspondence; the preferred medium is electronic mail (e-mail). The IP office completing the AFCOMSEC Form 7001 completes block 7 of the form. Enter the "Tracking Number." This number has four parts: MAJCOM, base, year, 3-digit number (e.g., AFCA-Scott-97-001). The 3-digit number is unique for each countermeasures review. Enter the IP office's E-mail, message, or mailing address.
5.5. Validating the Countermeasures Reviews. A CTTA must validate all countermeasures reviews. Forward all countermeasures reviews to HQ AFCA/GCIS.
5.5.1. Sensitive Compartmented Information, Special Access Required, and Special Access Programs. Validate all countermeasures reviews for these categories of information before applying countermeasures; this is a must.5.5.2. Shielding or TEMPEST-Certified Equipment. Validate all countermeasures reviews that identify using shielding or TEMPEST-certified equipment before implementing any shielding or acquiring TEMPEST-certified equipment; this is a must.
5.5.2.1. Justify all requirements for facility shielding, shielded enclosures, equipment encapsulation, or TEMPEST-certified equipment. Base all decisions to use shielding or TEMPEST-certified equipment on the results of either a cost analysis or feasibility study.5.5.2.1.1. The cost analysis must clearly show that using shielding (facility, enclosure, or encapsulation) or TEMPEST-certified equipment is less expensive than applying all required countermeasures identified by the countermeasures review.5.5.2.1.2. The feasibility study must show that the available inspectable space cannot contain the compromising emanations, the user cannot extend the inspectable space, and there is no other equipment available with an acceptable TEMPEST profile that meets operational or mission requirements.
5.5.2.1.3. Both the cost analysis and the feasibility study must show the chosen option is the less expensive.
5.5.2.2. The IP office sends the countermeasures review, with the justification, to the MAJCOM IP office.
5.5.2.3. If the MAJCOM IP office disagrees with the countermeasures review, return it to the IP office for revision.
5.5.2.4. If the MAJCOM IP office agrees with the countermeasures review, indicate concurrence and send it to HQ AFCA/GCIS.
5.5.2.5. If the CTTA disagrees with the countermeasures review, return it through the MAJCOM IP office to the IP office for revision.
5.5.2.6. If the CTTA agrees with the countermeasures review, validate it, make a copy of the AFCOMSEC Form 7001, file the copy and supporting documentation, and return the original AFCOMSEC Form 7001 through the MAJCOM IP office to the IP office.
5.5.3. All Other Countermeasures Reviews. Validation prior to the application of countermeasures is not required unless the total cost of countermeasures exceeds $1,000.00. If countermeasure costs will exceed $1,000.00, validate all countermeasures reviews before implementing any countermeasures, this is a must.
5.5.3.1. The IP office sends a copy of the countermeasures review to HQ AFCA/GCIS through or to the MAJCOM IP office if the MAJCOM IP office requires it.5.5.3.2. If the CTTA disagrees with the countermeasures review, return it to the IP office for revision through or to the MAJCOM IP office if the MAJCOM IP office requires it.
5.5.3.3. If the CTTA agrees with the countermeasures review, validate it and inform the IP office. The CTTA files the countermeasures review and supporting documentation.
5.6. Inform the User. The IP office types or prints the name of the user, organization, office symbol, and telephone number in block 6b of AFCOMSEC Form 7001. Explain to the user the required countermeasures. The user signs the form in this block. Signing by the user is acknowledgment that the user has been informed of EMSEC requirements and understands what is required. Provide the user the results by either extracting the information or giving the user a copy of the countermeasures review.
5.7. Date. Type or print the date of the EMSEC countermeasures review in block 6c, AFCOMSEC Form 7001.
5.8. Apply the Countermeasures. The user applies the required countermeasures and notifies the IP office.
5.9. Emission Security Inspection. The IP office must make an EMSEC inspection prior to certification. The countermeasures review is the basis for the EMSEC inspection. The inspection is to make sure all required control of compromising emanations, NONSTOP, and HIJACK countermeasures are effectively implemented or applied. The user must correct all deficiencies discovered by an EMSEC inspection or request a temporary or permanent waiver. When all deficiencies have been corrected or the waiver completed, the user requests a reinspection. The user must maintain the countermeasures.
5.10. Waivers. Attach any waivers to the countermeasures reviews.
5.11. Emission Security Certification. After the EMSEC inspection determines all required EMSEC countermeasures are effectively implemented or applied, the system can be EMSEC certified. Type or print the name of the IP person, organization, and office symbol making the EMSEC inspection in block 9a of AFCOMSEC Form 7001. The IP person signs the form in block 9b. Enter the date in block 9c. Give the user a copy of the completed AFCOMSEC Form 7001. This copy is used to satisfy the EMSEC certification requirement of the system certification and accreditation process. To avoid classifying the certification and accreditation package, the IP office may issue a letter to the user stating EMSEC certification is met. If this is done, refer to the tracking number in the letter.
5.12. File Copy. Both the IP office and the user will maintain a copy of the EMSEC assessments and countermeasures reviews on file until the system no longer processes classified national security information. Provide the user a copy of the completed form to use for certification and accreditation. Check with the user annually and verify the information in blocks 1, 2, and 3 is still valid. When you make and document a new EMSEC countermeasures review, destroy the previous one.
EMISSION SECURITY MAINTENANCE
6.1. Maintaining Equipment and Countermeasures. Properly maintaining equipment and EMSEC countermeasures is essential.
6.2. Maintenance Requirements. Air Force users:
6.2.1. Ensure equipment used to process classified national security information is afforded adequate physical protection during maintenance.6.2.2. Ensure equipment is maintained properly by appropriately cleared and qualified maintainers.
6.2.3. Control the disposition of TEMPEST-certified equipment (see paragraph 6.8) to prevent technology transfer.
6.2.4. Do not maintain the TEMPEST integrity of TEMPEST-certified equipment when there is no need.
6.3. Ensuring the Integrity of TEMPEST-Certified Equipment. When TEMPEST-certified equipment listed on the Preferred Products List (PPL), Endorsed TEMPEST Products List (ETPL), or designed and tested to meet National Security Telecommunications and Information Systems Security Advisory Memorandum (NSTISSAM) TEMPEST/1-92, (C) Compromising Emanations Laboratory Test Requirements, Electromagnetics (U), Level I standards is justified, maintain the TEMPEST integrity. When maintenance is performed on such equipment, no unauthorized component substitutions, modifications, or alterations are allowed. Maintain the configuration of such equipment to the as-certified condition. When TEMPEST-certified equipment is justified, the following applies:
6.3.1. Procurement Requirements. In the specifications portion of a contract for TEMPEST-certified equipment include the following items for delivery: a hardware maintenance manual, a maintenance instruction course, and a guarantee of the critical spare parts used in the design and manufacture of the equipment to meet NSTISSAM TEMPEST/1-92, (C) Level I limits. These items are separate line items on the purchase request submitted to the contracting office. Design these requirements to give the Air Force the most flexibility to achieve the most cost-effective support of the equipment (e.g., the choice of using the equipment manufacturer, an independent contractor, Air Force, Government Services Administration [GSA], etc., to provide qualified maintainers).6.3.1.1. Hardware Maintenance Manual. Require the contractor to deliver a hardware maintenance manual for the product. The manual must contain instructions and maintenance aids necessary to support the maintenance of each critical compromising emanation suppression feature of the product. Examples of maintenance aids are troubleshooting charts, schematic diagrams, wiring diagrams, and illustrations. Classify this manual as necessary according to Air Force Manual (AFMAN) 33-272, (S) Classifying Communications Security, TEMPEST, and C4 Systems Security Research and Development Information (U).6.3.1.2. Maintenance Course. Require the contractor to deliver a course such that each trainee knows the unique restrictions or precautions necessary to maintain the TEMPEST integrity of the product and are provided access to and are instructed in the use of the maintenance manual. The acquiring agency determines the place, time, and method for instruction.
6.3.1.3. Critical Spare Parts. Require the contractor to guarantee the production and supply of critical spare parts for the life of the equipment. Where source suppression techniques are used, it is essential that the contractor guarantee the availability and integrity of those critical spare parts where the substitution of similar parts may negate the TEMPEST integrity of the product.
6.3.2. Technician Qualifications. To maintain TEMPEST-certified equipment, maintainers must meet certain requirements.
6.3.2.1. Clearance. Must have a U.S. SECRET or equivalent clearance to maintain TEMPEST-certified equipment. In instances where TOP SECRET or Special Category (SPECAT) information is processed, consider a higher clearance. If access to classified national security information is required, must receive a favorable National Agency Check (NAC) (see AFI 31-501, Personnel Security Program Management).6.3.2.2. Knowledge. Know the specific suppression countermeasures incorporated into the design and manufacture of the particular piece of TEMPEST-certified equipment. Since this knowledge will come from instruction on maintaining the equipment, document when the instruction is received.
6.3.3. Technician Authorization.
6.3.3.1. U.S. military and civil service maintainers are authorized by the base communications and information systems officer (CSO), chief of maintenance, or chief of mission systems flight, to maintain TEMPEST-certified equipment when they meet the requirements identified in paragraph 6.3.2.6.3.3.2. Contractor maintainers are authorized by the contracting officer to maintain TEMPEST-certified equipment when they meet the requirements identified in paragraph 6.3.2.
6.4. When Not to Maintain the TEMPEST Integrity. There are situations where the use of TEMPEST-certified equipment is no longer needed to meet control of compromising emanations requirements. This occurs because the TEMPEST-certified equipment was obtained to satisfy control of compromising emanations requirements based on older, more stringent requirements or a new control of compromising emanations assessment or countermeasures review determines less control of compromising emanations is required.
6.4.1. When a user determines that maintaining the TEMPEST integrity of TEMPEST-certified equipment is no longer required, the user can achieve significant cost savings. Maintaining the critical features designed into the TEMPEST-certified equipment is not required. Certain, usually expensive, replaceable parts, such as the drive mechanism for removable hard drives, are not required. Qualified maintainers are not required.6.4.2. If the use of TEMPEST-certified equipment is no longer justified, take one of two options:
6.4.2.1. Option 1. If possible, use the TEMPEST-certified equipment to satisfy other justified requirements for TEMPEST-certified equipment. In most cases, this procedure is limited to exchanging or transferring equipment to users on the same installation.6.4.2.2. Option 2. Stop maintaining the TEMPEST integrity of the equipment.
6.4.3. Decertify the equipment as TEMPEST-certified once the equipment is repaired by either replacing a critical part with a non-TEMPEST part or when a maintainer not authorized to maintain TEMPEST-certified equipment performs maintenance. The CSO authorizes the decertification of TEMPEST-certified equipment on a case-by-case basis.
6.4.4. When the equipment is decertified, the equipment and the equipment records must clearly indicate that this equipment is no longer TEMPEST-certified as of that date. NOTE: One method for marking the equipment is to attach a label near the automatic data processing equipment (ADPE) identification label and an entry in the equipment record that says: EQUIPMENT NO LONGER TEMPEST-CERTIFIED. DATE: ______, followed by the name of the decertifying official, signature, organization, and office symbol.
6.5. Transportation of Equipment for Maintenance. Removal of equipment which processes classified national security information from its operating location to a repair facility requires safeguarding during transportation. The following directions apply to all classified national security information processing equipment (TEMPEST-certified and non-TEMPEST-certified) and is intended to minimize the opportunity to make modifications to enhance or create compromising emanations or to "bug" the equipment.
6.5.1. Purge the equipment of all stored classified national security information, whenever possible, before removing the equipment from its operating location. See AFSSI 5020, Remanence Security (to become AFMAN 33-224). If the user cannot purge the equipment, treat the equipment as a classified item during transportation and repair.6.5.2. When transporting by vehicle:
6.5.2.1. The driver must have an appropriate security clearance.6.5.2.2. Lock the vehicle when left unattended.
6.5.3. Maintain a record of the day and time of the removal of the item from its operating location, its arrival at the repair facility, when the item is picked up from the repair facility, and when it is returned to its operating location. Keep the record for one year.
6.6. Repair Facilities. Repair facilities are accredited to the highest level of classified national security information stored within them.
6.7. Emission Security Documentation-of-Maintenance Requirements. Maintain a log that identifies the equipment, the serial number of the equipment, the day and time of arrival at the repair facility, when repair was started, the person making the repair, when the repair was completed, and when the equipment was released from the repair facility. Keep the log for one year.
6.8. Disposing of TEMPEST-Certified Equipment.
6.8.1. Protect the suppression technology used in TEMPEST-certified equipment and formerly TEMPEST-certified equipment from general distribution to prevent technology transfer by controlling its disposition.6.8.2. Ensure disposition or resale is consistent with established export control and technology transfer requirements. Since these requirements are subject to change, direct questions to your MAJCOM IP office or HQ AFCA/GCIS.
EMISSION SECURITY TESTING
7.1. Purpose of Testing. The purpose of EMSEC testing is to:
7.1.1. Discover EMSEC Hazards. To process classified national security information safely, eliminate EMSEC hazards. Testing determines the extent and nature of compromising emanations.7.1.2. Identify Equipment Vulnerabilities. Identifying the specific vulnerabilities of an equipment allows for an informed selection of the best method of protection such as equipment modifications, installation changes, additional countermeasures, changes in operating procedures, or increasing physical security.
7.1.3. Determine Safe Limits for Facilities. Knowing the safe limits of a facility permits the EMSEC manager to select only the countermeasures needed.
7.2. Kinds of Emission Security Tests. There are four kinds of tests:
7.2.1. Facility Tests. Facility tests are conducted to determine if compromising emanations are detectable beyond the inspectable space for a facility. These tests determine the profile of a facility and the results are valid so long as no changes are made in the physical arrangements of the facility or the equipment in the facility.7.2.2. Zone Tests. Zone tests are conducted in two parts. One part tests a facility to determine the amount of free space attenuation (zone) offered by the facility. The other part tests the equipment in a laboratory environment to determine the range (zone) of compromising emanations from the equipment.
7.2.3. Aircraft Tests. Aircraft are tested primarily for NONSTOP and HIJACK.
7.2.4. Laboratory Tests. Laboratory (shielded enclosure) tests determine the exact nature of all compromising emanations produced by an equipment. Results of laboratory tests are generally applied to all applications of the equipment without regard to the specific facility.
7.3. When to Test.
7.3.1. Request a test when one of the following conditions exist:7.3.1.1. A technical intercept action against the facility is probable.7.3.1.2. When classified national security information is processed on aircraft. All specialized aircraft configurations are tested. Other aircraft are tested randomly when requested by HQ USAF or a MAJCOM.
7.3.2. Consider requesting a test when one of the following conditions exists where EMSEC is required:
7.3.2.1. A significant difference between the equipment's published TEMPEST zone or TEMPEST profile and the facility zone or inspectable space.7.3.2.2. If the installation is new.
7.3.2.3. The equipment does not meet the established EMSEC installation requirements for the facility because of space limitations, environmental, or operational use (such as mobile vans and aircraft). This condition applies only when processing TOP SECRET information in the United States, it's trust territories, and possessions, and when SECRET or higher information is processed outside the United States.
7.3.2.4. Sufficient TEMPEST profile data on the equipment is not available and TOP SECRET information is processed in a facility within the United States, it's trust territories, and possession, or SECRET or higher information is processed outside the United States.
7.3.2.5. When using the zoning method to contain compromising emanations within the inspectable space. NOTE: Classify the condition listed in paragraph 7.3.1.1 SECRET when used as justification. Classify the conditions listed in paragraphs 7.3.2.1 or 7.3.2.3 CONFIDENTIAL when used as justification for a test request.
7.4. Requesting a Test. The wing IP office and the user consult on the need for a test. If a test is needed, the wing IP office prepares the request (see Attachment 14 for needed information for the different types of EMSEC tests), the user provides the wing IP office the needed information, and the wing IP office forwards the request through the MAJCOM IP office or SPECAT EMSEC manager to HQ AFCA/GCIS.
7.5. Emission Security Test Results. The results of an EMSEC test take precedence over all other guidance. Correct hazards or complete a temporary or permanent waiver (see AFI 33-203) before processing classified national security information.
EMISSION SECURITY COUNTERMEASURES
8.1. Introduction. The various EMSEC countermeasures used to prevent or reduce the opportunity for an adversary to detect compromising emanations and gain intelligence information are discussed in this chapter. The countermeasures for NONSTOP and HIJACK are also included since they are essentially the same. Here, for each countermeasure, an attempt is made to explain what the vulnerability is, what the countermeasure is for that vulnerability, what the countermeasure does, the reasons or conditions that would negate the need for the countermeasure, some instructions on how to apply the countermeasure, and alternatives to the countermeasure.
8.2. Fundamentals of Compromising Emanations. Selecting and applying countermeasures is determined by the EMSEC countermeasures review and the selection will vary depending on the amount of inspectable space, the EMSEC characteristics of the equipment used to process classified national security information, separation distances, and the level of physical security. One of the more difficult things to do in EMSEC is to select countermeasures. For the control of compromising emanations, Attachments 3 through 11 contain listings of countermeasures to consider, dependent on the environment where classified national security information is processed. In the case of required countermeasures, the person making the countermeasures review is asked to look for a reason not to apply a required countermeasure. In the case of countermeasures to consider applying, the person making the countermeasures review is asked to determine when a non-required countermeasure is needed and the reason why it is needed. Therefore, in order to make these decisions, the person making the control of compromising emanations countermeasures review needs to know something about electronics, electromagnetic (radio) waves, antennas, and how compromising emanations are generated.
8.2.1. Circuit Theory. An understanding of where compromising emanations come from involves a simple understanding of basic circuit theory. In basic circuit theory, there is a source, a path, and a load. Basic circuit theory can be seen in simple terms as a battery (source), a pair of wires (path), and a light bulb (load). When properly connected together, current flows from the battery, through one wire to the light bulb, through the light bulb (which does what we want, gives off light), and returns to the battery by the second wire. If we disconnect the battery, break one of the wires, or remove the light bulb, current ceases to flow and there is no "signal." This basic function of current flow in a circuit is used in all electronic equipment.8.2.2. Integrated Circuits. Nearly all electronic equipment today uses what is known as integrated circuits. The basic component of the integrated circuit is an amplifier. It consists of a junction and various resistances to make the junction do what is desired. There is a source of energy applied across the junction. The amplifier is turned on and off by an input signal. The output, since this is an amplifier, is a larger version of the input signal. Adjustments are made to the circuit design to change its amplification to make it do different things.
8.2.3. Circuit Energy. Every circuit uses more energy than is needed to process the intended signal.
8.2.3.1. One reason a circuit uses more energy is when current flows through a circuit, the electrons making up the current flow meet "resistance;" they run into things like protons, neutrons, etc. This is not the source of compromising emanations but does affect their generation. Overcoming this "resistance" takes some extra energy some of which is given off as heat. Most of the rest is thrown out of the circuit and is known as noise; random pieces of energy of different magnitudes, duration, and frequency.8.2.3.2. Another reason a circuit uses more energy has the most effect on generating compromising emanations. The main source of compromising emanations is a result of nature. If you look closely at the natural world around you, you will not find straight lines. Nature does not support straight lines; it likes rounded things and it likes curves. Sound is curves; scientifically called sine waves. Sunlight is curves; more sine waves but a lot higher in frequency than sound. These sine waves can be represented easily by mathematical formulas.
8.2.3.3. However, humans, in their infinite wisdom, attempt to defy nature and make computers that use square waves; known as digital signals. These do not occur in nature. They cannot be represented by a mathematical formula. When the digital signal goes from one level to another, there is a discontinuity. Mathematically, the digital signal could be presented by one formula like x = 0 for one level and another formula like x = 5 for the other. However, there is no one formula that represents both levels and the jump between levels; hence the discontinuity. Sometimes, mathematically, square waves are represented by some fundamental sine wave formula plus all the odd harmonics to infinity. This makes the formula rather hard to use since it would take forever to make a calculation. Practically speaking, engineers and mathematicians use only a few of the first harmonics to design their stuff.
8.2.3.4. So, when a digital computer is made to change state, that is, go from one level to another, it takes more energy to do that to overcome the resistance and the discontinuity. That extra energy does not go into the intended signal itself but it has to go somewhere. Some of it is given off as heat. Some of it is given off in random bursts; noise. Most of it gets thrown out of the circuit; more noise. This noise is different; it is a little more organized. Since it only occurs when there is a transition between levels, it can be related to the intended signal. When related, it is called a compromising emanation. When this energy is thrown out of the circuit, it is radiated into the air just like a radio signal.
8.2.3.5. There are a number of things that affect the magnitude of the compromising emanations radiated into the air. One of the two prime things is the difference in the two levels. The greater the difference, the more energy it takes to make the jump, the bigger the emanation. The other prime thing is the time it takes to get from one level to the other. The shorter the time, the more energy it takes to get there, the bigger the compromising emanation. Because of these two main factors, compromising emanations are two, ten, a hundred, sometimes a thousand times greater than the intended signal. Additionally, there are a number of other things that affect not only the magnitude but even if they will occur; these are impurities in the circuit, temperature, humidity, etc.
8.2.4. Circuit Wiring. This is another source of compromising emanations but appears in a different form than those caused by the basic circuit. In a wire, when a current is caused to flow through it, a magnetic field is generated around the wire. This property is used in generators to change motion energy (for instance, falling water) into electricity and is used in motors to change electricity into motion. This property is not a problem as long as the current stays steady; the magnetic field builds up and remains constant. When the current is made to vary, then the magnetic field changes as the current changes When the wire is the right length, it acts like an antenna and radiates an electromagnetic field.. Since the magnetic field is varying as the intended signal is varying, it is easy to relate the two and this becomes a compromising emanation. The compromising emanations radiated from a wire are not as strong as the compromising emanations radiated from the circuit so they won't go as far but they are more constant; that is, they are always there and at the same relative strength.
8.3. Requirement - Contain Compromising Emanations. When it is required to control compromising emanations, contain them within the inspectable space. Compromising emanations are classed as either radiated or conducted based on the escape medium.
8.4. Containing Radiated Compromising Emanations. There are a number of ways available to contain radiated compromising emanations within the inspectable space. Base the decision on which method to use on cost and practicality.
8.4.1. Zoning. This method requires two different tests; the facility and the equipment. Once the facility and the equipment are zoned, then match zone ratings. Zone testing will: quantify the facility's attenuation characteristics and assign a zone rating; and measure the magnitude of the compromising emanations from the equipment and assign a zone rating. The cost to zone a facility is based on the temporary duty costs for a team of three; travel time plus 1 to 1-1/2 days per building. The cost to zone test equipment is mostly in the cost of shipping the equipment to the test laboratory. It takes 1 to 2 days to zone test a personal computer.8.4.2. Profile Matching. Match the emission profile of the equipment to the inspectable space. This is the most direct way to meet the requirement to contain compromising emanations within the inspectable space. Unfortunately, an EMSEC test is required to establish a profile, the equipment radiation TEMPEST zone (sometimes abbreviated ERTZ). This can be costly and is not timely. Contain the equipment radiation TEMPEST zone within the inspectable space by either expanding the inspectable space or selecting equipment with smaller equipment radiation TEMPEST zones.
8.4.3. Facility Testing. Testing the facility is one of the best ways to ensure compromising emanations are contained within the inspectable space. However, this method is costly. The costs depend on the number of items of equipment to be tested which affects the length of stay of the test team. HQ AFCA/GCIS determines if a request for a facility test will be tasked to the EMSEC test team.
8.4.4. TEMPEST-Certified Equipment. Using TEMPEST-certified equipment is a very good way to ensure compromising emanations are contained within the inspectable space. The cost of TEMPEST-certified equipment is usually 2 to 5 times the cost of off-the-shelf, non-TEMPEST-certified equipment. Because this method is very expensive, its use must be justified according to paragraph 5.5.2 and validated by a CTTA. TEMPEST-certified equipment is applied mainly in hostile environments where it is known compromising emanations are exploited by an adversary. Sometimes it's necessary to employ TEMPEST-certified equipment in other environments considered less hostile but where U.S. Government control is extremely limited.
8.4.5. Shielding. Shielding the equipment, room, or facility is an excellent way to contain compromising emanations within the inspectable space. Because this method is very expensive, its use must be justified according to paragraph 5.5.2, and validated by a CTTA. Consider shielding in hostile environments where it is known compromising emanations are exploited. Also, consider using shielding in other, less hostile environments where U.S. Government control is extremely limited. Shielding is applied directly to equipment (encapsulation), rooms (shielded enclosure), or facilities (global). There are two standards for shielding effectiveness: (1) The Air Force standard for shielding effectiveness (attenuation) for shielded enclosures and global shielding is 50 decibels (sometimes abbreviated dB) (plus an initial 10-decibel allowance for life-time degradation). Do not install cryptographic equipment in a shielded enclosure. Do not install radio equipment in a shielded enclosure. (2) The standard for equipment is NSTISSAM TEMPEST/1-92 (C), Level I.
8.5. Containing Conducted Compromising Emanations. Evaluating all conductive paths for the escape of compromising emanations is a difficult task because there are so many. The evaluator knows to look for the obvious paths like telephone lines and other signal lines. Additional, less obvious paths are the power lines (and the electrical metallic tubing they run in), extension cords, signal ground wires, alarm signal lines, fire suppression piping, air conditioning and heating ducts, water pipes, building metallic members, and so on. Treat each as specified in the applicable countermeasures review attachment, depending on a number of factors like the threat level, sensitivity of the information, location of the facility on the base relative to the boundary of the inspectable space, etc.
8.6. RED and BLACK Concept. The RED and BLACK concept, by definition, establishes areas for the placement of equipment processing classified national security information (RED) which are separate and unique from the areas for equipment processing unclassified national security information (BLACK). The concept has two parts:
8.6.1. Physical Separation. All equipment, wire lines, components, and systems that process classified national security information are considered RED. All equipment, wire lines, components, and systems that process encrypted classified national security information or unclassified information are considered BLACK. The RED and BLACK concept is to establish minimum guidance for physical separation to decrease the probability that electromagnetic emissions from RED devices will couple to BLACK systems.8.6.2. Electrical Separation. Electrical separation ensures that every signal conductor from a RED device is routed to another RED device, or is encrypted before connection to a BLACK device. Electrical separation addresses signal distribution, power distribution, and grounding. Switches and other devices used to interface between RED and BLACK circuits and equipment should exhibit the following port-to-port isolation characteristics:
8.6.2.1. 100 decibels over the baseband audio frequency range between 0.3 and 15 kilohertz (sometimes abbreviated kHz).8.6.2.2. 80 decibels over the baseband video frequency range of 0 to 5 megahertz (sometimes abbreviated MHz).
8.6.2.3. 60 decibels over the frequency range from 1 times the basic data rate to 10 times the basic data rate of the digital signals processed.
8.7. RED and BLACK Equipment. RED equipment processes clear-text, classified, national security information. BLACK equipment processes encrypted or unclassified information. Designating equipment as RED or BLACK further ensures the physical and electrical separation requirement. Every RED equipment is connected only to another RED equipment or the output is encrypted prior to connection to a BLACK equipment. Equipment are machines which process information in electronic, electrical, or electromechanical form. As information is processed, current flows in wires and traces in the equipment, electronic circuits change state, switches open and close, solenoids are energized and de-energized, images are created on screens with electron streams, and many other similar actions occur. When these actions take place, emanations, as discussed in paragraph 8.2, are generated. Normally, these emanations are seen as noise and are a nuisance that is tolerated or reduced to a tolerable level. These emanations pass through the atmosphere just like radio and television broadcast signals and someone can detect and analyze them to reveal the information being processed. If classified national security information is processed, then these are compromising emanations.
8.8. Countermeasure - RED Equipment and BLACK Equipment Separation.
8.8.1. What The Problem Is. Compromising emanations are produced in RED equipment as a result of state changes in electronic circuits and current flow in traces and wires. The wires, traces, frame, and cover of BLACK equipment can act as receiving antennas and pick up compromising emanations from nearby RED equipment. The problem is if compromising emanations are picked up by BLACK equipment, they can escape on BLACK signal wire lines connected to the BLACK equipment and on the BLACK power cord connected to the BLACK equipment.8.8.2. What The Countermeasure Is. The countermeasure is to separate RED equipment from BLACK equipment.
8.8.3. What The Countermeasure Does. Separation decreases the probability of BLACK equipment picking up compromising emanations from RED equipment and escaping the inspectable space on BLACK signal wire lines connected to BLACK equipment and BLACK power lines.
8.8.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines and BLACK power lines, are controlled. Normally, this countermeasure is not needed if:
8.8.4.1. The line distance of BLACK signal wire lines connected to BLACK equipment from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or the BLACK signal lines are fiber optic, and,8.8.4.2. BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.8.5. How To Apply The Countermeasure. Simply stated, move the RED equipment away from the BLACK equipment by the distance specified in the applicable countermeasures review attachment. Traditionally, under ideal conditions, areas were established in a facility for the placement of RED equipment separate and unique from areas with BLACK equipment. When this was done, two areas were created: a RED equipment area (sometimes abbreviated REA) and a BLACK equipment area (sometimes abbreviated BEA). A RED equipment area is the space within a controlled access area where RED information processing equipment and associated power, signal, control, ground, and signal distribution facilities are installed. A BLACK equipment area is an area in a controlled access area where equipment processing non-classified national security information or encrypted classified national security information and associated power, signal, control, ground, and distribution facilities are installed. However, today, most classified national security information is processed in an office environment. Often, this environment does not lend itself to establishing RED equipment areas and BLACK equipment areas easily. However, achieving and maintaining the separation of RED and BLACK equipment may be required. If an EMSEC test determines that a hazard exists, a countermeasure to consider is to increase the physical separation distance. A further problem is offices are rearranged from time to time that can lead to a natural laxness where the separation requirements are forgotten.
8.8.6. Alternatives. The alternatives to fully separating RED equipment from BLACK equipment, as required in the applicable countermeasures review attachment, are:
8.8.6.1. Use a BLACK signal wire line isolation countermeasure. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), or,8.8.6.2. Specially orienting RED equipment to BLACK equipment. This alternative requires orienting the RED equipment so the internal wiring and traces are not parallel to the BLACK equipment internal wiring and traces. Most internal wiring and circuit boards (and by extension, the traces) may act as antennas. These wires and traces usually run parallel to the edges of the equipment. First determine the orientation of the longest runs; up-and-down, side-to-side, or front-to-back, on both the RED equipment and the BLACK equipment. If the traces are not in the same plane (one is up-and-down, the other is side-to-side), then, the separation distance is reduced by 50 percent (minimum 15 centimeters). If the traces are parallel, then, orient the RED equipment at a 45-degree angle to BLACK equipment. The separation distance is reduced by 50 percent (minimum 15 centimeters) with such orientation, or,
8.8.6.3. Use TEMPEST-certified equipment. This reduces the separation distance to 5 centimeters, or,
8.8.6.4. Shield the equipment to reduce compromising emanations by using the encapsulation technique. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters). If there are several items of RED equipment that need separation from several items of BLACK equipment, an alternative to consider is using a shielded enclosure.
8.9. Countermeasure - RED Equipment and BLACK Signal Wire Line Separation.
8.9.1. What The Problem Is. Compromising emanations are produced in RED equipment as a result of state changes in electronic circuits and current flow in traces and wires. The problem is BLACK signal wire lines can act as receiving antennas and pick up compromising emanations from nearby RED equipment.8.9.2. What The Countermeasure Is. The countermeasure is to separate RED equipment from BLACK signal wire lines.
8.9.3. What The Countermeasure Does. Separation decreases the probability of BLACK signal wire lines picking up compromising emanations from RED equipment and escaping the inspectable space on the BLACK signal wire lines.
8.9.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines, are controlled. Normally, this countermeasure is not needed if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
8.9.5. How To Apply The Countermeasure. Simply stated, move the RED equipment away from the BLACK signal wire lines by the distance specified in the applicable countermeasures review attachment.
8.9.6. Alternatives. The alternatives to fully separating RED equipment from BLACK signal wire lines, as required in the applicable countermeasures review attachment, are:
8.9.6.1. Use a BLACK signal wire line isolation countermeasure. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), or,8.9.6.2. Shield the BLACK signal wire lines. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters), or,
8.9.6.3. Use TEMPEST-certified equipment. This reduces the separation distance to 5 centimeters, or,
8.9.6.4. Shield the equipment to reduce compromising emanations by using the encapsulation technique. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters). If there are several RED equipment that need separation from several BLACK equipment, a shielded enclosure will meet the separation requirement.
8.10. Countermeasure - RED Equipment and BLACK Power Line Separation.
8.10.1. What The Problem Is. Compromising emanations are produced in RED equipment as a result of state changes in electronic circuits and current flow in traces and wires. The problem is BLACK power lines can act as receiving antennas and pick up compromising emanations from nearby RED equipment.8.10.2. What The Countermeasure Is. The countermeasure is to separate RED equipment from BLACK power lines.
8.10.3. What The Countermeasure Does. Separation decreases the probability of BLACK power lines picking up compromising emanations from RED equipment and escaping the inspectable space on the BLACK power lines.
8.10.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK power lines, are controlled. Normally, this countermeasure is not needed if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.10.5. How To Apply The Countermeasure. Simply stated, move the RED equipment away from the BLACK power lines by the distance specified in the applicable countermeasures review attachment.
8.10.6. Alternatives. The alternatives to fully separating RED equipment from BLACK power lines, as required in the applicable countermeasures review attachment, are:
8.10.6.1. Shield the BLACK power lines. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters), or,8.10.6.2. Use TEMPEST-certified equipment. This reduces the separation distance to 5 centimeters, or,
8.10.6.3. Shield the equipment to reduce compromising emanations by using the encapsulation technique. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters). If there are several RED equipment that need separation from several BLACK equipment, a shielded enclosure will meet the separation requirement, or,
8.10.6.4. Filter the BLACK power lines. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters).
8.11. Countermeasure - RED Equipment and BLACK Signal Ground Wire Separation.
8.11.1. What The Problem Is. Compromising emanations are produced in RED equipment as a result of state changes in electronic circuits and current flow in traces and wires. BLACK signal ground wires can act as receiving antennas and pick up compromising emanations from nearby RED equipment. The problem is if BLACK signal ground wires pick up compromising emanations, they can escape in three ways: (1) Conducting them to the shields on BLACK signal lines where they can be conducted to BLACK equipment and escape the inspectable space on the BLACK signal wire lines and BLACK power lines. (2) Conducting them to the shields on BLACK signal lines where they can be impressed on the BLACK signal wire lines and escape the inspectable space on the BLACK signal wire lines. (3) Conducting them back through the filters on BLACK signal wire lines where they can be impressed on the BLACK signal wire lines and escape the inspectable space on the BLACK signal wire lines.8.11.2. What The Countermeasure Is. The countermeasure is to separate RED equipment from BLACK signal ground wires.
8.11.3. What The Countermeasure Does. Separation decreases the probability of BLACK signal ground wires picking up compromising emanations from RED equipment and escaping the inspectable space on BLACK signal wire lines and BLACK power lines.
8.11.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines and BLACK power lines, are controlled. Normally, this countermeasure is not needed if:
8.11.4.1. The line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or the BLACK signal lines are fiber optic, and,8.11.4.2. The BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.11.5. How To Apply The Countermeasure. Simply stated, move the RED equipment away from the BLACK signal ground wires by the distance specified in the applicable countermeasures review attachment.
8.11.6. Alternatives. The alternatives to fully separating RED equipment from BLACK signal ground wires, as required in the applicable countermeasures review attachment, are:
8.11.6.1. Use a BLACK signal wire line isolation countermeasure, and,8.11.6.2. Filter the BLACK power lines, or,
8.11.6.3. Use TEMPEST-certified equipment. This reduces the separation distance to 5 centimeters, or,
8.11.6.4. Shield the equipment to reduce compromising emanations by using the encapsulation technique. If there are several RED equipment that need separation from several BLACK equipment, a shielded enclosure will meet the separation requirement.
8.12. Countermeasure - RED Equipment and Fortuitous Conductor Separation.
8.12.1. What The Problem Is. Compromising emanations are produced in RED equipment as a result of state changes in electronic circuits and current flow in traces and wires. Fortuitous conductors can act as receiving antennas and pick up compromising emanations from nearby RED equipment. The problem is fortuitous conductors can leave the inspectable space allowing compromising emanations to escape control. An additional problem is, since fortuitous conductors can run parallel to BLACK signal wire lines and BLACK power lines, compromising emanations can get coupled to them and escape if the BLACK signal wire lines or BLACK power lines leave the inspectable space.8.12.2. What The Countermeasure Is. The countermeasure is to separate RED equipment from fortuitous conductors.
8.12.3. What The Countermeasure Does. Separation decreases the probability of fortuitous conductors picking up compromising emanations from RED equipment and escaping the inspectable space on the fortuitous conductors, BLACK signal wire lines, or BLACK power lines.
8.12.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, fortuitous conductors, BLACK signal wire lines, and BLACK power lines, are controlled. Normally, this countermeasure is not needed if:
8.12.4.1. Fortuitous conductors are contained within the inspectable space, and,8.12.4.2. The line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or the BLACK signal lines are fiber optic, and,
8.12.4.3. The BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.8.12.5. How To Apply The Countermeasure. Simply stated, move the RED equipment away from the fortuitous conductors by the distance specified in the applicable countermeasures review attachment.
8.12.6. Alternatives. The alternatives to fully separating RED equipment from fortuitous conductors, as required in the applicable countermeasures review attachment, are:
8.12.6.1. Install non-conductive breaks in all fortuitous conductors at the boundary of the inspectable space, and,8.12.6.2. Separate the BLACK signal wire lines from BLACK power lines by the distance specified in the applicable countermeasures review attachment, or,
8.12.6.3. Shield the BLACK signal wire lines and BLACK power lines. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters), or,
8.12.6.4. Use TEMPEST-certified equipment. This reduces the separation distance to 5 centimeters, or,
8.12.6.5. Shield the equipment to reduce compromising emanations by encapsulation. If there are several RED equipment that need separation from several BLACK equipment, a shielded enclosure will meet the separation requirement.
8.13. Requirement - Low-Level Signaling.
8.13.1. What The Problem Is. Compromising emanations are produced in RED equipment as a result of state changes in electronic circuits, current flow in traces and wires, switches opening and closing, energizing and de-energizing solenoids, creating images on screens with electron streams, and many other similar actions. The problem is the stronger the emanations, the more hazards there are.8.13.2. What The Requirement Is. The requirement is to use low level signaling within and between equipment.
8.13.3. What The Requirement Does. This requirement reduces the strength of compromising emanations. The separation requirements established in this memorandum are based on low-level signaling.
8.13.4. When The Requirement Is Not Needed. This countermeasure is not needed when there is over 10,000 meters of inspectable space, all wires are shielded, and RED equipment is separated from BLACK equipment ten times the required distance. CTTA assistance is a must in this situation.
8.13.5. How To Apply The Requirement. A low-level signal is a current-driven signal, plus or minus 2 volts at 70 microamperes, or a voltage-driven signal, plus or minus 6 volts.
8.13.6. Alternative. This requirement is not needed when the equipment is installed in a shielded enclosure or when there is over 10,000 meters of inspectable space, all wires are shielded, and RED equipment is separated from BLACK equipment ten times the required distance.
8.14. Signal Lines. There are two kinds of signal lines, wire and fiber optic. Signal wire lines are metallic wires that carry an electrical signal from one equipment to another. Fiber optic lines that carry signals also are called signal lines but not signal wire lines. Signal wire lines are also known as cables or conductors. Signal wire lines vary according to equipment design. A mix of single wires, twisted pair, coaxial, and ribbon is typically found. Twisted pair cable is predominant between large systems and within facilities. Signal wire lines, which carry current, generate an electromagnetic field around the wire that produces an electromagnetic wave; in other words, the signal wire line acts as a transmitting antenna. The magnitude of this field is directly related to the magnitude of the signal and varies as the signal varies. Additionally, in the case of digital signals, the transitions from mark-to-space and space-to-mark (or one-to-zero and zero-to-one or high-to-low and low-to-high) can produce radiated electromagnetic spikes much larger than the original magnitude of the signal-state change. If processing classified national security information, then these are compromising emanations and may require EMSEC countermeasures.
8.15. RED and BLACK Signal Wire Lines. RED signal wire lines carry clear-text, classified, national security information. BLACK signal wire lines carry unclassified information or encrypted classified national security information. Designating signal lines as RED or BLACK further ensures the physical and electrical separation requirement. Every signal conductor from a RED device is routed only to another RED device or is encrypted prior to connecting to a BLACK device.
8.16. Countermeasure - RED Signal Wire Line and BLACK Equipment Separation.
8.16.1. What The Problem Is. Compromising emanations are produced around RED signal wire lines as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, the RED signal wire line acts as a transmitting antenna. The wires, traces, frame, and covers of BLACK equipment can act as receiving antennas and pick up the compromising emanations. The problem is if compromising emanations are picked up by BLACK equipment, they can escape on BLACK signal wire lines connected to the BLACK equipment and on the BLACK power cord connected to the BLACK equipment.8.16.2. What The Countermeasure Is. The countermeasure is to separate RED signal wire lines from BLACK equipment.
8.16.3. What The Countermeasure Does. Separation decreases the probability of BLACK equipment picking up compromising emanations from RED signal wire lines and escaping the inspectable space on BLACK signal wire lines or BLACK power lines connected to the BLACK equipment.
8.16.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines and BLACK power lines, are controlled. Normally, this countermeasure is not needed if:
8.16.4.1. The line distance of the BLACK signal wire line from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or the BLACK signal lines are fiber optic, and,8.16.4.2. The BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.16.5. How To Apply The Countermeasure. Simply stated, move the RED signal wire lines away from the BLACK equipment by the distance specified in the applicable countermeasures review attachment. Traditionally, under ideal conditions, areas were established in a facility for the placement of RED equipment separate and unique from areas with BLACK equipment. When this was done, two areas were created: a RED equipment area (sometimes abbreviated REA) and a BLACK equipment area (sometimes abbreviated BEA). A RED equipment area is the space within a controlled access area where RED information processing equipment and associated power, signal, control, ground, and signal distribution facilities are installed. A BLACK equipment area is an area in a controlled access area where equipment processing non-classified national security information or encrypted classified national security information and associated power, signal, control, ground, and distribution facilities are installed. However, today, most classified national security information is processed in an office environment. Often, this environment does not lend itself to establishing RED equipment areas and BLACK equipment areas easily. However, achieving and maintaining the separation is required. If data from an EMSEC test determines that a hazard exists, a countermeasure to consider is to increase the physical separation distance. A further problem is offices are rearranged from time to time that can lead to a natural laxness where the separation requirements are forgotten.
8.16.6. Alternatives. The alternatives to fully separating RED signal wire lines from BLACK equipment, as required in the applicable countermeasures review attachment, are:
8.16.6.1. Use a BLACK signal wire line isolation countermeasure. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), or,8.16.6.2. Shield the RED signal wire lines to reduce compromising emanations. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters).
8.17. Countermeasure - RED Signal Wire Line and BLACK Signal Wire Line Separation.
8.17.1. What The Problem Is. Compromising emanations are produced around RED signal wire lines as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, the RED signal wire line acts as a transmitting antenna. The problem is BLACK signal wire lines can act as receiving antennas and pick up the compromising emanations.8.17.2. What The Countermeasure Is. The countermeasure is to separate RED signal wire lines from BLACK signal wire lines.
8.17.3. What The Countermeasure Does. Separation decreases the probability of BLACK signal wire lines picking up compromising emanations from RED signal wire lines and escaping the inspectable space on BLACK signal wire lines. Separation also reinforces the requirement. Every signal conductor from a RED device is routed only to another RED device or is encrypted prior to connecting to a BLACK device.
8.17.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines, are controlled. Normally, this countermeasure is not needed if the line distance of the BLACK signal wire line from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
8.17.5. How To Apply The Countermeasure. Simply stated, move the RED signal wire lines away from the BLACK signal wire lines by the distance specified in the applicable countermeasures review attachment.
8.17.6. Alternatives. The alternatives to fully separating RED signal wire lines from BLACK signal wire lines, as required in the applicable countermeasures review attachment, are:
8.17.6.1. Use a BLACK signal wire line isolation countermeasure. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), or,8.17.6.2. Shield the RED signal wire lines to reduce compromising emanations. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), or,
8.17.6.3. Shield the BLACK signal wire lines to prevent them from picking up compromising emanations. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), or,
8.17.6.4. Shield both the RED and BLACK signal wire lines This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters).
8.18. Countermeasure - RED Signal Wire Line and BLACK Power Line Separation.
8.18.1. What The Problem Is. Compromising emanations are produced around RED signal wire lines as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, the RED signal wire line acts as a transmitting antenna. The problem is BLACK power lines can act as receiving antennas and pick up the compromising emanations.8.18.2. What The Countermeasure Is. The countermeasure is to separate RED signal wire lines from BLACK power lines.
8.18.3. What The Countermeasure Does. Separation decreases the probability of BLACK power lines picking up compromising emanations from RED signal wire lines and escaping the inspectable space on BLACK power lines and, to a lesser degree, BLACK signal wire lines connected to BLACK equipment.
8.18.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK power lines and BLACK signal wire lines, are controlled. Normally, this countermeasure is not needed if:
8.18.4.1. BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential, and,8.18.4.2. The line distance of the BLACK signal wire line from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or the BLACK signal lines are fiber optic.
8.18.5. How To Apply The Countermeasure. Simply stated, move the RED signal wire lines away from the BLACK power by the distance specified in the applicable countermeasures review attachment.
8.18.6. Alternatives. The alternatives to fully separating RED signal wire lines from BLACK power lines, as required in the applicable countermeasures review attachment, are:
8.18.6.1. Filter BLACK power lines. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), or,8.18.6.2. Shielding the RED signal wire lines to reduce compromising emanations. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), or,
8.18.6.3. Shielding the BLACK power lines to prevent them from picking up compromising emanations. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), or,
8.18.6.4. Shielding both the RED signal wire lines and BLACK power lines. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters), and,
8.18.6.5. Use a BLACK signal wire line isolation countermeasure.
8.19. Countermeasure - RED Signal Wire Line and BLACK Signal Ground Wire Separation.
8.19.1. What The Problem Is. Compromising emanations are produced around RED signal wire lines as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, the RED signal wire line acts as a transmitting antenna. BLACK signal ground wires can act as receiving antennas and pick up the compromising emanations. The problem is if BLACK signal ground wires pick up compromising emanations, they can escape in three ways: (1) Conducting them to the shields on BLACK signal lines where they can be conducted to BLACK equipment and escape the inspectable space on the BLACK signal wire lines and BLACK power lines. (2) Conducting them to the shields on BLACK signal lines where they can be impressed on the BLACK signal wire lines and escape the inspectable space on the BLACK signal wire lines. (3) Conducting them back through the filters on BLACK signal wire lines where they can be impressed on the BLACK signal wire lines and escape the inspectable space on the BLACK signal wire lines.8.19.2. What The Countermeasure Is. The countermeasure is to separate RED signal wire lines from BLACK signal ground wires.
8.19.3. What The Countermeasure Does. Separation decreases the probability of BLACK signal ground wires picking up compromising emanations from RED signal wire lines and escaping the inspectable space on BLACK signal wire lines and, to a lesser degree, BLACK power lines.
8.19.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines and BLACK power lines, are controlled. Normally, this countermeasure is not needed if:
8.19.4.1. The line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or the BLACK signal lines are fiber optic, and,8.19.4.2. The BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.19.5. How To Apply The Countermeasure. Simply stated, move the RED signal wire lines away from the BLACK signal ground wires by the distance specified in the applicable countermeasures review attachment.
8.19.6. Alternatives. The alternatives to fully separating RED signal wire lines from BLACK signal ground wires, as required in the applicable countermeasures review attachment, are:
8.19.6.1. Use a BLACK signal wire line isolation countermeasure, and,8.19.6.2. Filter the BLACK power lines, or,
8.19.6.3. Shield the RED signal wire lines. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), or,
8.19.6.4. Do all of the above. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters).
8.20. Countermeasure - RED Signal Wire Line and Fortuitous Conductor Separation.
8.20.1. What The Problem Is. Compromising emanations are produced around RED signal wire lines as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, the RED signal wire line acts as a transmitting antenna. Fortuitous conductors can act as receiving antennas and pick up the compromising emanations. The problem is fortuitous conductors can leave the inspectable space allowing compromising emanations to escape control. An additional problem is, since fortuitous conductors can run parallel to BLACK signal wire lines and BLACK power lines, compromising emanations can get coupled to them and leave the inspectable space if the BLACK signal wire lines or BLACK power lines leave the inspectable space.8.20.2. What The Countermeasure Is. The countermeasure is to separate RED signal wire lines from fortuitous conductors.
8.20.3. What The Countermeasure Does. Separation decreases the probability of fortuitous conductors picking up compromising emanations from RED signal wire lines and escaping the inspectable space on the fortuitous conductors, BLACK signal wire lines, or BLACK power lines.
8.20.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, fortuitous conductors, BLACK signal wire lines, and BLACK power lines, are controlled. Normally, this countermeasure is not needed if:
8.20.4.1. Fortuitous conductors are contained within the inspectable space, and,8.20.4.2. The line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or the BLACK signal lines are fiber optic, and,
8.20.4.3. The BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.20.5. How To Apply The Countermeasure. Simply stated, move the RED signal wire lines away from the fortuitous conductors by the distance specified in the applicable countermeasures review attachment.
8.20.6. Alternatives. The alternatives to fully separating RED signal wire lines from fortuitous conductors, as required in the applicable countermeasures review attachment, are:
8.20.6.1. Install non-conductive breaks in all fortuitous conductors at the boundary of the inspectable space, and,8.20.6.2. Shield the RED signal wire lines. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters), or,
8.20.6.3. Separate the BLACK signal wire lines from BLACK power lines by the distance specified in the applicable countermeasures review attachment, or,
8.20.6.4. Shield the BLACK signal wire lines and BLACK power lines. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters).
8.21. Shielded Signal Wire Lines. Shielding signal wire lines precludes an easy escape of compromising emanations. To be effective, do not use the shield as a signal return path; especially for coaxial cables. In effect, a shielded coaxial cable is a triaxial cable. In addition, use ferrous shielding (iron pipe) for high-level signals, or where indicated by an EMSEC test. Make sure the shields for a cable or set of wire lines are a continuous low resistance run by proper termination of all joints and splices. Do not connect the shields of cables to equipment cases, thereby making the cable shield common to the alternating current protective ground. Terminate nonferrous cable shields to the signal ground system at both ends, whenever possible.
8.22. Fiber Optic Signal Lines. An alternative to shielding signal wire lines is to use fiber optic signal lines. A fiber optic system consists of a sending unit, an optical fiber, and a receiving unit. The sending unit converts an electrical signal to an optical signal (light). The optical signal is then injected into the optical fiber. The optical fiber carries the optical signal to the receiving unit. The receiving unit converts the optical signal back to an electrical signal.
8.22.1. Although fiber optic systems are expensive and somewhat delicate, they have several EMSEC advantages (as well as data capacity) over conventional metallic cables.8.22.1.1. Optical fibers are nonmetallic, therefore, they do not radiate or pick up electromagnetic energy and since the transmission medium is light, they are not easily affected by electromagnetic fields. This property effectively eliminates crosstalk.8.22.1.2. Optical fibers are non-conducting so fiber optic systems are not subject to ground loops or shorting problems nor are they prone to pick up stray emanations.
8.22.1.3. Fiber optic systems are not subject to the transmission of common-mode signals.
8.22.1.4. Transmission security is improved, since intrusion without detection is more difficult for fiber optic systems than metallic cables. Physical tapping is necessary to sample data, resulting in physical evidence of tampering. Also, if properly designed, equipped, and installed, using the detectable reduction in signal level as an alarm sensor is permitted.
8.22.2. Installation standards for fiber optic systems are not the same as those for conventional metallic cables. The installation standards are:
8.22.2.1. Route a RED fiber optic cable that traverses a BLACK area in such a way as to allow for easy detection of intrusion.8.22.2.2. When transmitting RED and BLACK information through individual fibers bundled together or in a multifiber cable, provide an opaque separation between the RED fibers and the BLACK fibers and separate the sending equipment from the receiving equipment as specified in the applicable countermeasures review attachment.
8.22.2.3. When individual RED and BLACK fiber optic signal lines are run in the same distribution facility, cover each fiber with opaque cladding and separate the sending equipment from the receiving equipment as specified in the applicable countermeasures review attachment.
8.22.2.4. Do not use RED fiber optic cables with metal strength members or conductive cladding to traverse BLACK areas and vice versa. This same requirement applies to armored fiber optic cables. Any such metal component in the cable is a fortuitous conductor. If a fiber optic cable with metallic strength members, conductive cladding, or armor must be used, ground the metallic strength members, conductive cladding, or armor at both ends of the fiber optic cable.
8.22.2.5. Mark the RED fiber as any other RED conductor according to paragraph on marking distribution facilities.
8.22.2.6. Running RED fiber optic signal lines with BLACK metallic cables or BLACK fiber optic signal lines with RED metallic cables is permitted.
8.22.2.7. The sending and receiving units must meet the same EMSEC countermeasure requirements as any other RED processor in the area.
8.23. Countermeasure - Shielded RED Signal Wire Line.
8.23.1. What The Problem Is. Compromising emanations are produced around RED signal wire lines as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, the RED signal wire line acts as a transmitting antenna. The problem is these compromising emanations can be picked up by BLACK equipment, BLACK signal wire lines, BLACK power lines, and fortuitous conductors.8.23.2. What The Countermeasure Is. The countermeasure is to shield the RED signal wire lines to contain compromising emanations.
8.23.3. What The Countermeasure Does. Shielding RED signal wire lines tends to contain compromising emanations within the RED signal wire lines; that is, they do not radiate. This prevents their escape on BLACK signal wire lines, BLACK power lines, and fortuitous conductors.
8.23.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines, BLACK power lines, and fortuitous conductors, are controlled. Normally, this countermeasure is not needed if:
8.23.4.1. All separation distances for BLACK equipment, BLACK signal wire lines, BLACK power lines, and fortuitous conductors are met, or,8.23.4.2. Where the separation distance from BLACK equipment is not met and the line distance of the BLACK signal wire lines connected to BLACK equipment from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or the BLACK signal lines are fiber optic, and,
8.23.4.3. Where the separation distance from BLACK signal wire lines is not met and the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or the BLACK signal lines are fiber optic, and,
8.23.4.4. BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential, and,
8.23.4.5. Either RED signal wire lines or BLACK signal wire lines and BLACK power lines are separated from fortuitous conductors by the distance specified in the applicable countermeasures review attachment.
8.23.5. How To Apply The Countermeasure. Requirements for shielded cables are in Attachment 14. Ground the shielding at both ends of the shielded wire line. Grounding at only one end reduces the shielding effectiveness by approximately 75 percent.
8.23.6. Alternatives. The alternatives to shielding RED signal wire lines are to:
8.23.6.1. Separate RED signal wire lines from BLACK equipment, BLACK signal wire lines, BLACK power lines, and fortuitous conductors by the distance specified in the applicable countermeasures review attachment, or,8.23.6.2. Shield the BLACK equipment, and,
8.23.6.3. Shield the BLACK signal wire lines, or use a BLACK signal wire line isolation countermeasure, and,
8.23.6.4. Shield BLACK power lines, and,
8.23.6.5. Install non-conductive breaks in all fortuitous conductors at the boundary of the inspectable space.
8.24. Countermeasure - Shielded BLACK Signal Wire Line.
8.24.1. What The Problem Is. There are many sources of compromising emanations. Compromising emanations are produced in and radiated from RED equipment as a result of state changes in electronic circuits and current flow in traces and wires. Compromising emanations are produced around RED signal wire lines as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, RED signal wire lines act as transmitting antennas. RED power lines can radiate compromising emanations as either changes to the amplitude of the input power or changes in the relationship of the voltage and current. RED power lines can also radiate conducted compromising emanations traveling on the power lines. The problem is, BLACK signal wire lines can act as receiving antennas and pick up the compromising emanations.8.24.2. What The Countermeasure Is. The countermeasure is to shield BLACK signal wire lines.
8.24.3. What The Countermeasure Does. Shielding BLACK signal wire lines tends to prevent compromising emanations from being picked up (acting as a receiving antenna) by BLACK signal wire lines and escaping the inspectable space on BLACK signal wire lines.
8.24.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines, is controlled. Normally, this countermeasure is not needed if:
8.24.4.1. All separation distances for RED equipment, RED signal wire lines, RED power lines, and fortuitous conductors are met, or,8.24.4.2. Where the separation distance from RED equipment, RED power lines, or fortuitous conductors is not met and the line distance of the BLACK signal wire lines connected to BLACK equipment from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or the BLACK signal lines are fiber optic, and,
8.24.4.3. Where the separation distance from RED signal wire lines is not met and the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or the BLACK signal lines are fiber optic.
8.24.5. How To Apply The Countermeasure. Requirements for shielded cables are in Attachment 14. Ground the shielding at both ends of the shielded wire line. Grounding at only one end reduces the shielding effectiveness by approximately 75 percent.
8.24.6. Alternatives. The alternatives to shielding BLACK signal wire lines are to:
8.24.6.1. Separate BLACK signal wire lines from RED equipment, RED signal wire lines, RED power lines, and fortuitous conductors by the distance specified in the applicable countermeasures review attachment, or,8.24.6.2. Use a BLACK signal wire line isolation countermeasure, or,
8.24.6.3. Shield the RED equipment, RED signal wire lines, and RED power lines and separate BLACK signal wire lines from fortuitous conductors by the distance specified in the applicable countermeasures review attachment.
8.25. Countermeasure - BLACK Signal Wire Line Isolation.
8.25.1. What The Problem Is. There are many sources of compromising emanations. Compromising emanations are produced in and radiated from RED equipment as a result of state changes in electronic circuits and current flow in traces and wires. Compromising emanations are produced around RED signal wire lines as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, the RED signal wire line acts as a transmitting antenna. RED power lines can radiate compromising emanations as either changes to the amplitude of the input power or changes in the relationship of the voltage and current. RED power lines can also radiate conducted compromising emanations traveling on the power line. The problem is BLACK signal wire lines can act as receiving antennas and pick up the compromising emanations.8.25.2. What The Countermeasure Is. The countermeasure is to isolate BLACK signal wire lines using bandpass filters, photo-isolators, fiber optic cables, or cryptographic equipment.
8.25.3. What The Countermeasure Does. Isolating BLACK signal wire lines tends to prevent compromising emanations picked up by BLACK signal wire lines from leaving the inspectable space on BLACK signal wire lines.
8.25.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines, are controlled. Normally, this countermeasure is not needed if:
8.25.4.1. All separation distances for RED equipment, RED signal wire lines, RED power lines, and fortuitous conductors are met, or,8.25.4.2. Where the separation distance from RED equipment, RED power lines, and fortuitous conductors is not met and the line distance of the BLACK signal wire lines connected to BLACK equipment from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or the BLACK signal lines are fiber optic, and,
8.25.4.3. Where the separation distance from RED signal wire lines is not met and the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or the BLACK signal lines are fiber optic.
8.25.5. How To Apply The Countermeasure.
8.25.5.1. Bandpass Filters. Bandpass filters pass frequencies within a design passband and block those outside the passband. The cutoff is not instantaneous and usually requires a decade or more to reach maximum filtering. In other words, if a 100-decibel (sometimes abbreviated dB) filter is designed to pass voice frequency signals (0 to 4000 hertz), filtering starts at 4000 hertz but does not reach 100 decibels of filtering until 40,000 hertz. Install bandpass filters on BLACK signal wire lines to block all signals outside a specified frequency range. Where modems or other analog signal generators contain bandpass filters as part of the design, do not apply additional filtering. A detailed discussion of filter parameters is contained in Attachment 15.8.25.5.2. Photon-Coupled Isolators. Photon-coupled isolators use lightwave technologies to couple signals between two points. These isolators are ideal for EMSEC applications since there is no conductive path exploitable as a probe. Signals are passed from the input portion to the output portion using lightguides. When the lightguide is installed in a waveguide beyond cutoff, the isolator is ideal for use in shielded installations where conducting penetrations are kept to a minimum. While photon-coupled isolators are usually a must for digital signals, they are also acceptable for analog signals. A detailed discussion of photon-coupled isolators is contained in Attachment 15.
8.25.5.3. Fiber Optics. In most cases, a fiber optic system will meet the isolation requirement. The transmitters and receivers of the fiber optic system provide some filtering to optimize the system and reduce errors caused by noise. Also, the level of the compromising emanations is usually small enough so that conversion from electrical signal to light is less likely to occur. Further degradation of compromising emanations is provided at the receiving end when the conversion from light back to an electrical signal occurs. It is most probable that the intensity of the compromising emanations is not enough to break the decision threshold. Isolate or ground any metallic strength members in the fiber optic bundle at both ends.
8.25.5.4. Cryptographic Equipment. Cryptographic equipment are excellent filtering devices provided they are installed according to the installation standards in the technical publications related to the cryptographic equipment or, lacking such guidance, follow the guidance contained in Chapter 4. However, it is possible to negate the effectiveness of the filtering provided by cryptographic equipment if modems used on the encrypted circuits are not installed carefully. A generous allowance for minimum separation distance of the modems from the cryptographic equipment and all RED equipment is an absolute must. Also, the signal wire lines from the modem to the outside world may require shielding.
8.25.6. Alternatives. The alternatives to BLACK signal wire line isolation are to:
8.25.6.1. Separate BLACK signal wire lines from RED equipment, RED signal wire lines, RED power lines, and fortuitous conductors by the distance specified in the applicable countermeasures review attachment, or,8.25.6.2. Shield the BLACK signal lines, or,
8.25.6.3. Shield the RED equipment, RED signal wire lines, and RED power lines and separate BLACK signal wire lines from fortuitous conductors by the distance specified in the applicable countermeasures review attachment.
8.26. RED and BLACK Power.
8.26.1. When an item of equipment processes information, it can create noise that may appear on the equipment power cord. If the equipment is processing classified national security information and these noise signals reveal the processed information, then these noise signals are compromising emanations. The power lines the power cord is plugged in to may conduct the compromising emanations outside the inspectable space.8.26.2. Power lines with compromising emanations on them may conduct the compromising emanations to other equipment connected to the same power lines. If any of these items of equipment have signal wire lines that leave the inspectable space, the compromising emanations can find their way to these signal wire lines and escape the inspectable space.
8.26.3. Power lines which carry current generate an electromagnetic field around the wire that produces an electromagnetic wave; in other words, the signal wire line acts as a transmitting antenna. This is more so for compromising emanations on a power line than the normal alternating current due to the wave length. Compromising emanations are usually much, much higher in frequency and, thus, more readily propagate from power lines than the alternating current. The magnitude of this field is directly related to the magnitude of the signal and varies as the signal varies. Additionally, in the case of digital signals, the transitions from mark-to-space and space-to-mark (or one-to-zero and zero-to-one or high-to-low and low-to-high) can produce radiated electromagnetic spikes much larger than the original magnitude of the signal-state change. The electromagnetic field can radiate into free space and couple onto other conducting mediums. The wires, traces, frame, and cover of electronic equipment, other signal wires, power lines, and fortuitous conductors can act as a receiving antennas picking up the compromising emanations.
8.26.4. The electromagnetic field surrounding a wire which carries a current can impress current in another, parallel, wire through an effect called mutual inductance. In other words, the first wire acts as a transmitting antenna and the second wire acts as a receiving antenna. Other power lines, signal cables, ground wires and fortuitous conductors can act as receiving antennas picking up the compromising emanations.
8.26.5. The first step in controlling these effects is to separate power into RED and BLACK power. The separate power provided to equipment and systems that process classified national security information that are not TEMPEST-certified is called RED power. BLACK power is provided for TEMPEST-certified equipment, cryptographic equipment, equipment not processing classified national security information, and supporting services. TEMPEST-certified and cryptographic equipment have adequate internal power filtering to permit the use of BLACK power.
8.27. Countermeasure - RED Power.
8.27.1. What The Problem Is. When equipment processes information, it can create noise that may appear on the equipment's power cord. In the case of RED equipment, this noise may be compromising emanations. The problem is power lines may conduct the compromising emanations to BLACK equipment with signal lines that exit the inspectable space if the BLACK equipment is connected to the same power circuit. Also, compromising emanations may be conducted on power lines that exit the inspectable space.8.27.2. What The Countermeasure Is. The countermeasure is to install a separate power circuit for the RED equipment.
8.27.3. What The Countermeasure Does. RED power provides a separate alternating current power circuit for RED equipment. This separate power circuit isolates the power for RED equipment from the power for BLACK equipment minimizing the probability of conducting compromising emanations to BLACK equipment. RED power also establishes a separate power circuit so filters may be added to prevent compromising emanations escaping the inspectable space on power lines when determined a hazard by an EMSEC test.
8.27.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines, are controlled. Normally, this countermeasure is not needed if:
8.27.4.1. The line distance of the BLACK signal wire lines connected to BLACK equipment from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or the BLACK signal lines are fiber optic, or,8.27.4.2. A BLACK signal wire line isolation countermeasure is used.
8.27.5. How To Apply The Countermeasure. Install a separate power circuit from the circuit breaker box to the items of RED equipment. Connect RED equipment to this power circuit. Do not connect TEMPEST-certified equipment to this RED power circuit. Do not connect cryptographic equipment to this RED power circuit unless the technical manuals for the cryptographic equipment require it. Do not connect any BLACK equipment with signal lines that exit the inspectable space to this RED power circuit.
8.27.6. Alternatives.
8.27.6.1. Use a BLACK signal wire line isolation countermeasure, or,8.27.6.2. Use TEMPEST-certified equipment, or,
8.27.6.3. Use a shielded enclosure.
8.28. Countermeasure - Filtered RED Power.
8.28.1. What The Problem Is. When equipment processes information, it can create noise that may appear on the equipment's power cord. In the case of RED equipment, this noise may be compromising emanations. The problem is compromising emanations can escape the inspectable space on power lines that exit the inspectable space.8.28.2. What The Countermeasure Is. The countermeasure is to filter the RED power.
8.28.3. What The Countermeasure Does. Filtering RED power prevents compromising emanations escaping on power lines that exit the inspectable space.
8.28.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK power lines, are controlled. Normally, this countermeasure is not needed if the power lines feeding the RED power circuit are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.28.5. How To Apply The Countermeasure. Base the decision to require this countermeasure on the results of an EMSEC test that shows compromising emanations escaping the inspectable space on power lines. There are a number of ways to "filter" RED power. Choose one of the following based on practicality and cost considerations.
8.28.5.1. Power Line Filters.8.28.5.1.1. The passive inductive-capacitive (sometimes abbreviated LC) filter is one method to remove compromising emanations from conductors of all types. Such filters are in general use to prevent radio frequencies from interfering with equipment operation. When filtering power lines, two schools of thought exist: that which advocates bulk filtering for the entire facility, and that which advocates individually filtering each equipment of concern. The individual equipment method is the preferred technique as this assures that the filter design parameters will match the equipment.8.28.5.1.2. Some equipment, manufactured under the auspices of the Federal Communications Commission Regulation, Part 15, Subpart J, may contain filters. While these filters will attenuate signals coupled to the power lines, the degree of suppression most probably will not meet EMSEC requirements. In such cases, replacing the manufacturer's installed filter with one that meets the requirement may prove satisfactory. If that is not possible, other precautionary measures are required. A designer may consider the use of bulk filtering or rack filtering in such instances. Exercise caution in such cases, as additional filtering often creates two additional problems. The first is harmonic distortion that lowers the filter cutoff frequency that could lower the bandpass limit. The second is interaction between the parameters of the two filters that results in a significant, but varying, overall reduction of filtering action.
8.28.5.1.3. Install filters, electrically, between the circuit breaker box and the RED equipment. Install the filters, physically, beyond the equipment radiation TEMPEST zone of the RED equipment or shield the incoming side of the filters to a point beyond the equipment radiation TEMPEST zone of the RED equipment.
8.28.5.1.4. Attachment 16 contains additional information on power line filters. Vendors catalogs typically provide detailed information for available filters. If the appropriate filter is not readily available, have one designed and manufactured to meet needs. Provide the following information to the filter manufacturer: equipment nomenclature, operating line voltage, operating line frequency, source impedance, load impedance, load current, desired bandpass frequency (or operating line frequency), and acceptable insertion loss.
8.28.5.2. Isolation Transformers. Use isolation transformers to break ground loops to reduce common-mode and differential-mode noise. An isolation transformer equipped with triple Faraday shields is very effective in blocking compromising emanations in both the power mains and the branch feeds. It is possible to use a transformer with a 1:1 ratio or step-down. Install it as close to the load equipment as possible, preferably in the same room, but outside the equipment radiation TEMPEST zone of the RED equipment. If the transformer is located within the equipment radiation TEMPEST zone of the RED equipment, shield the incoming power lines to the transformer. Also, if the transformer is installed according to the National Electric Code, Article 250-5(d), it becomes a separately derived system, and as such, establishes a new fault protection subsystem. Do not tie it to the green wire ground serving the power main side as this defeats the intent of the National Electric Code for protection. It also negates the EMSEC isolation desired in using this type of transformer to break ground loops. Further, sometimes isolation transformers are designed with the ground and neutral conductors in common with the primary and secondary windings. This also nullifies the EMSEC ground isolation benefit of this type of transformer.
8.28.5.3. Uninterruptible Power Supplies. Many installations using computers or process-control equipment employ an uninterruptible power supply and voltage regulation as a method of providing glitch-free power. Certain aspects of uninterruptible power supplies aid in containing conducted emissions.
8.28.5.3.1. Rotating Uninterruptible Power Supplies. The rotating uninterruptible power supply is the most used uninterruptible power supply in existence. Whether constructed as a motor-generator or a no-break generator using an inertia flywheel, its basic principles of operation provide a degree of isolation between power mains and loads. The typical structure is an alternating current synchronous motor driving a generator. Such systems offer high immunity of the load from line disturbance. However, some configurations do not provide isolation for conducted emissions. This is particularly true if the alternating current motor is mounted on a common shaft with the generator or in a common housing. If the motor and generator shafts and housings are electrically isolated, this path of escape of compromising emanations is eliminated. Systems employing direct current (sometimes abbreviated DC) motors offer isolation regardless of the configuration. In such systems, conducted emissions are suppressed in the direct current power supply driving the motor and in the battery system.8.28.5.3.2. Solid-State Uninterruptible Power Supplies. In theory, the solid-state uninterruptible power supply should offer high isolation of conducted emissions by the nature of its operation.
8.28.5.3.2.1. Solid-state uninterruptible power supplies take the incoming alternating current through a direct current converter or rectifier. The filtering section of the rectifier should greatly attenuate conducted emissions. The direct current voltage supplies an inverter section that synthesizes a sinewave. This sinewave is further filtered. Thus, the probability of a conducted compromising emanation feeding back to the power mains is greatly reduced. Further, a solid-state uninterruptible power supply may contain a battery bank floated across the direct current voltage. Such an arrangement provides excellent filtering for TEMPEST requirements.8.28.5.3.2.2. There are a number of small solid-state uninterruptible power supplies designed for individual items of equipment. Most of these small solid-state uninterruptible power supplies do not attenuate compromising emanations, significantly; a few even amplify compromising emanations. These may be used for individual items of RED equipment provided they have been tested and shown to attenuate compromising emanations.
8.28.6. Alternatives. The alternatives to filtered RED power are:
8.28.6.1. Use TEMPEST-certified equipment.8.28.6.2. Use a shielded enclosure.
8.29. Countermeasure - RED Power Line and BLACK Equipment Separation.
8.29.1. What The Problem Is. When RED equipment processes information, it can create compromising emanations that may appear on the equipment's power cord and be conducted to the RED power lines. These compromising emanations can generate a magnetic field around the RED power lines that produce an electromagnetic wave; in other words, the RED power lines act as transmitting antennas. The wires, traces, frame, and covers of BLACK equipment can act as receiving antennas and pick up the compromising emanations. The problem is if compromising emanations are picked up by BLACK equipment, they can escape on BLACK signal wire lines connected to the BLACK equipment and on the BLACK power cord connected to the BLACK equipment.8.29.2. What The Countermeasure Is. The countermeasure is to separate RED power lines from BLACK equipment.
8.29.3. What The Countermeasure Does. Separation decreases the probability of BLACK equipment picking up compromising emanations from RED power lines and escaping the inspectable space on BLACK signal wire lines and BLACK power lines.
8.29.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines and BLACK power lines, are controlled. Normally, this countermeasure is not needed if:
8.29.4.1. The line distance of BLACK signal wire lines connected to BLACK equipment from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or the BLACK signal lines are fiber optic, and,8.29.4.2. BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.29.5. How To Apply The Countermeasure. Simply stated, move the RED power lines away from the BLACK equipment by the distance specified in the applicable countermeasures review attachment. Traditionally, under ideal conditions, areas were established in a facility for the placement of RED equipment separate and unique from areas with BLACK equipment. When this was done, two areas were created: a RED equipment area (sometimes abbreviated REA) and a BLACK equipment area (sometimes abbreviated BEA). A RED equipment area is the space within a controlled access area where RED information processing equipment and associated power, signal, control, ground, and signal distribution facilities are installed. A BLACK equipment area is an area in a controlled access area where equipment processing non-classified national security information or encrypted classified national security information and associated power, signal, control, ground, and distribution facilities are installed. However, today, most classified national security information is processed in an office environment. Often, this environment does not lend itself to establishing RED equipment areas and BLACK equipment areas easily. However, achieving and maintaining the separation of RED power lines and BLACK equipment may be required. If an EMSEC test determines that a hazard exists, a countermeasure to consider is to increase the physical separation distance. A further problem is offices are rearranged from time to time that can lead to a natural laxness where the separation requirements are forgotten.
8.29.6. Alternatives. The alternatives to fully separating RED power lines from BLACK equipment, as required in the applicable countermeasures review attachment, are:
8.29.6.1. Use a BLACK signal wire line isolation countermeasure. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), or,8.29.6.2. Shield the RED power lines. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), or,
8.29.6.3. Use equipment where the strength of the compromising emanations have been reduced. This normally means TEMPEST-certified equipment. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters), or,
8.29.6.4. Shield the equipment to reduce compromising emanations by using the encapsulation technique. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters). If there are several items of RED equipment that need separation from several items of BLACK equipment, an alternative to consider is using a shielded enclosure.
8.30. Countermeasure - RED Power Line and BLACK Signal Wire Line Separation.
8.30.1. What The Problem Is. When RED equipment processes information, it can create compromising emanations that may appear on the equipment's power cord and be conducted to the RED power lines. These compromising emanations can generate a magnetic field around the RED power lines that produce an electromagnetic wave; in other words, the RED power lines act as transmitting antennas. The problem is BLACK signal wire lines can act as receiving antennas and pick up compromising emanations from nearby RED equipment.8.30.2. What The Countermeasure Is. The countermeasure is to separate RED power lines from BLACK signal wire lines.
8.30.3. What The Countermeasure Does. Separation decreases the probability of BLACK signal wire lines picking up compromising emanations from RED power lines and escaping the inspectable space on the BLACK signal wire lines.
8.30.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines, are controlled. Normally, this countermeasure is not needed if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
8.30.5. How To Apply The Countermeasure. Simply stated, move the RED power lines away from the BLACK signal wire lines by the distance specified in the applicable countermeasures review attachment.
8.30.6. Alternatives. The alternatives to fully separating RED power lines from BLACK signal wire lines, as required in the applicable countermeasures review attachment, are:
8.30.6.1. Use a BLACK signal wire line isolation countermeasure. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), or,8.30.6.2. Shield the BLACK signal wire lines. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters), or,
8.30.6.3. Use equipment where the strength of the compromising emanations has been reduced. This normally means TEMPEST-certified equipment. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters), or,
8.30.6.4. Shield the equipment to reduce compromising emanations by using the encapsulation technique. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters). If there are several RED equipment that need separation from several BLACK equipment, a shielded enclosure will meet the separation requirement.
8.31. Countermeasure - RED Power Line and BLACK Power Line Separation.
8.31.1. What The Problem Is. When RED equipment processes information, it can create compromising emanations that may appear on the equipment's power cord and be conducted to the RED power lines. These compromising emanations can generate a magnetic field around the RED power lines that produce an electromagnetic wave; in other words, the RED power lines act as transmitting antennas. The problem is BLACK power lines can act as receiving antennas and pick up compromising emanations from nearby RED equipment.8.31.2. What The Countermeasure Is. The countermeasure is to separate RED power lines from BLACK power lines.
8.31.3. What The Countermeasure Does. Separation decreases the probability of BLACK power lines picking up compromising emanations from RED power lines and escaping the inspectable space on the BLACK power lines.
8.31.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK power lines, are controlled. Normally, this countermeasure is not needed if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.31.5. How To Apply The Countermeasure. Simply stated, move the RED power lines away from the BLACK power lines by the distance specified in the applicable countermeasures review attachment.
8.31.6. Alternatives. The alternatives to fully separating RED power lines from BLACK power lines, as required in the applicable countermeasures review attachment, are:
8.31.6.1. Shield the BLACK power lines. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters), or,8.31.6.2. Use equipment where the strength of the compromising emanations has been reduced. This normally means TEMPEST-certified equipment. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters), or,
8.31.6.3. Shield the equipment to reduce compromising emanations by using the encapsulation technique. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters). If there are several RED equipment that need separation from several BLACK equipment, a shielded enclosure will meet the separation requirement, or,
8.31.6.4. Filter the BLACK power lines. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters).
8.32. Countermeasure - RED Power Line and BLACK Signal Ground Wire Separation.
8.32.1. What The Problem Is. When RED equipment processes information, it can create compromising emanations that may appear on the equipment's power cord and be conducted to the RED power lines. These compromising emanations can generate a magnetic field around the RED power lines that produce an electromagnetic wave; in other words, the RED power lines act as transmitting antennas. BLACK signal ground wires can act as receiving antennas and pick up compromising emanations from nearby RED equipment. The problem is if BLACK signal ground wires pick up compromising emanations, they can escape in three ways: (1) Conducting them to the shields on BLACK signal lines where they can be conducted to BLACK equipment and escape the inspectable space on the BLACK signal wire lines and BLACK power lines. (2) Conducting them to the shields on BLACK signal lines where they can be impressed on the BLACK signal wire lines and escape the inspectable space on the BLACK signal wire lines. (3) Conducting them back through the filters on BLACK signal wire lines where they can be impressed on the BLACK signal wire lines and escape the inspectable space on the BLACK signal wire lines.8.32.2. What The Countermeasure Is. The countermeasure is to separate RED power lines from BLACK signal ground wires.
8.32.3. What The Countermeasure Does. Separation decreases the probability of BLACK signal ground wires picking up compromising emanations from RED power lines and escaping the inspectable space on BLACK signal wire lines and BLACK power lines.
8.32.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines and BLACK power lines, are controlled. Normally, this countermeasure is not needed if:
8.32.4.1. The line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or the BLACK signal lines are fiber optic, and,8.32.4.2. The BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.32.5. How To Apply The Countermeasure. Simply stated, move the RED power lines away from the BLACK signal ground wires by the distance specified in the applicable countermeasures review attachment.
8.32.6. Alternatives. The alternatives to fully separating RED power lines from BLACK signal ground wires, as required in the applicable countermeasures review attachment, are:
8.32.6.1. Use a BLACK signal wire line isolation countermeasure, and,8.32.6.2. Filter the BLACK power lines, or,
8.32.6.3. Use equipment where the strength of the compromising emanations has been reduced. This normally means TEMPEST-certified equipment. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters), or,
8.32.6.4. Shield the equipment to reduce compromising emanations by using the encapsulation technique. If there are several RED equipment that need separation from several BLACK equipment, a shielded enclosure will meet the separation requirement.
8.33. Countermeasure - RED Power Line and Fortuitous Conductor Separation.
8.33.1. What The Problem Is. When RED equipment processes information, it can create compromising emanations that may appear on the equipment's power cord and be conducted to the RED power lines. These compromising emanations can generate a magnetic field around the RED power lines that produce an electromagnetic wave; in other words, the RED power lines act as transmitting antennas. Fortuitous conductors can act as receiving antennas and pick up compromising emanations from nearby RED equipment. The problem is fortuitous conductors can leave the inspectable space allowing compromising emanations to escape control. An additional problem is, since fortuitous conductors can run parallel to BLACK signal wire lines and BLACK power lines, compromising emanations can get coupled to them and escape if the BLACK signal wire lines or BLACK power lines leave the inspectable space.8.33.2. What The Countermeasure Is. The countermeasure is to separate RED power lines from fortuitous conductors.
8.33.3. What The Countermeasure Does. Separation decreases the probability of fortuitous conductors picking up compromising emanations from RED power lines and escaping the inspectable space on the fortuitous conductors, BLACK signal wire lines, or BLACK power lines.
8.33.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, fortuitous conductors, BLACK signal wire lines, and BLACK power lines, are controlled. Normally, this countermeasure is not needed if:
8.33.4.1. Fortuitous conductors are contained within the inspectable space, and,8.33.4.2. The line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or the BLACK signal lines are fiber optic, and,
8.33.4.3. The BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.33.5. How To Apply The Countermeasure. Simply stated, move the RED power lines away from the fortuitous conductors by the distance specified in the applicable countermeasures review attachment.
8.33.6. Alternatives. The alternatives to fully separating RED power lines from fortuitous conductors, as required in the applicable countermeasures review attachment, are:
8.33.6.1. Install non-conductive breaks in all fortuitous conductors at the boundary of the inspectable space, and,8.33.6.2. Separate the BLACK signal wire lines from BLACK power lines by the distance specified in the applicable countermeasures review attachment, or,
8.33.6.3. Shield the BLACK signal wire lines and BLACK power lines. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters), or,
8.33.6.4. Use equipment where the strength of the compromising emanations is reduced. This normally means TEMPEST-certified equipment. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters), or,
8.33.6.5. Shield the equipment to reduce compromising emanations by encapsulation. If there are several RED equipment that need separation from several BLACK equipment, a shielded enclosure will meet the separation requirement.
8.34. Introduction to Grounds. The grounding scheme in a facility is composed of two parts: the life-saving ground system associated with the power and physical structure, and the signal ground or zero-reference system. Each has a separate and distinct function. A signal ground is used to establish a zero-reference for electrical and electronic equipment.
8.34.1. Grounding Systems. Older facilities not upgraded typically use single-point grounding methods that were adequate for the time. However, the single-point grounding system cannot adequately support office automation and automated information processing systems. Newer facilities use equipotential grounding techniques that overcome the limitations of the older systems. The equipotential system greatly simplifies the designers' job since a ground connection is always nearby.8.34.2. Equipotential Plane. In any electrical or electronic circuit, it is essential to provide a low-impedance path for signals and currents to return from the load back to the source. "Noise" in a signal wire line is often attributed to the noise signal and current finding a lower impedance return than the intended path. Where filters are employed in circuit design, unwanted signals are removed from the lines and shunted to another conductor. It is the shunting that on occasion presents problems. In the past, where single-point grounding systems were employed, single conductors were run from each item of equipment and tied to earth, which supposedly acted as a sump for such unwanted signals. This situation may result in multiple problems.
8.34.2.1. The earth is not a sump for noise currents. Any signal shunted to the ground system might circulate through multiple branches of the ground system in an effort to return to the source. Due to uncontrolled lengths, impedance mismatches, and signal reflection, such signals could radiate from the conductors or contaminate unprotected conductors leaving the inspectable space.8.34.2.2. A single-point ground system is ineffective at higher frequencies and higher frequency signals might well seek other lower impedance paths to return to the source.
8.34.2.3. The primary cause of impedance of number 10-American Wire Gauge (AWG) wire at 1 megahertz (sometimes abbreviated MHz) is skin effect. The current is concentrated on the outer surface of the wire by the magnetic flux density at the center of the conductor. As the frequency increases, the depth of penetration reduces, increasing the radio frequency resistance to the signal. An increase in conductor size does not significantly reduce the radio frequency resistance. For example, replacing a 10-AWG copper wire with 8-AWG copper wire changes the alternating current resistance at 1 megahertz from 0.032 ohms per meter to 0.025 ohms per meter.
8.34.2.4. Bond all equipment signal ground terminals to the grid with leads as short as possible, but should not exceed 1/20 of the wavelength of the highest frequency of interest.
8.34.3. Single-Point Ground. There are cases where a single-point ground is the only viable solution for a signal grounding scheme. From the EMSEC viewpoint, a single-point ground may satisfy the grounding requirement at facilities where: (1) No station ground exists, (2) A station ground exists, but is not accessible; and, (3) It is not cost effective nor practical to construct an equipotential grounding system.
8.34.4. Life-Saving Ground. Electrical power in the United States is equipped with a fault-protection subsystem, commonly known as the green wire ground, the ground, or the grounding conductor.
8.34.4.1. The purpose of the life-saving ground is to provide an uninterrupted current path back to the first service disconnect or transformer for fault currents that may occur in equipment, thus reducing the risk of death or injury from electrical shock. The specific details for implementing this subsystem are defined in the National Electric Code, Article 250. The grounding conductor also provides a path to earth for electrical overstress induced into equipment by lightning. The National Electric Code permits the use of metallic conduits and wireways as a fault-return path. This practice, by its very nature, creates EMSEC problems.8.34.4.2. Where the sections of wireway or pipe are joined, a high-frequency impedance or discontinuity of bond exists, causing signal reflection. When reflection occurs, a high probability exists for free-space radiation. Further, where wireway or conduit is used as a fault return, there is no control of the current path since every contact with another metallic object creates either another current path or another discontinuity of bond.
8.34.4.3. Where the fault-protection system is installed with contiguous green copper wire, the above problems are eliminated. Take care to avoid sharing green wires between equipment. Dedicate all green wires to their current-carrying distributions.
8.34.4.4. Some equipment designers attempt to use the green wire system as a signal reference system. This is not acceptable for two reasons. First, the code does not intend for this conductor to carry current, except in fault situations. Second, there is no control over the paths a signal might take between two pieces of equipment. This results in uncontrolled differences of potential between such equipment, which can result in a degraded or non-operational condition. The potentially large loop areas formed may behave as loop antennas, resulting in compromising emanations being radiated beyond the inspectable space.
8.34.5. Isolated Ground. Although not specifically intended for EMSEC, use of an isolated ground power distribution scheme may enhance power line isolation concepts. This type of distribution scheme consists of isolated ground outlets, an isolated power distribution panel, and an isolated grounding conductor.
8.34.5.1. The isolated ground outlet is designed with no electrical bond between the grounding terminal and the frame of the outlet. This prevents automatic coupling of the ground to the conduit, which would effectively destroy the isolated ground concept. Connect the grounding conductor between the grounding terminal on the outlet and the grounding bus in the power distribution panel.8.34.5.2. Isolate the grounding and neutral bus bars from the distribution panel, conduit, and each other at this point. Connect the grounding conductor from the ground bus to the grounding point of the facility main power switchgear. It is at this point that it becomes common to the neutral conductor and other grounding conductors used throughout the facility.
8.34.5.3. Connect only operational equipment to the power panel. Connect lights, air handling systems, utility devices, and housekeeping equipment to a separate panel since they may produce unwanted noise into the system. Use of an isolated ground power distribution scheme will effectively isolate equipment which processes classified national security information connected to this power distribution system from other electrical devices in the facility not connected to this power distribution system, but is not intended to replace other required power line isolation devices.
8.35. RED and BLACK Signal Grounds. In facilities which process classified national security information, the signal ground, or zero-reference system, is sometimes subdivided into three sub-systems: RED signal ground, BLACK signal ground, and unclassified signal ground. The RED and BLACK signal ground sub-systems carry classified national security information as compromising emanations. The unclassified signal ground sub-system does not carry classified national security information.
8.35.1. RED Signal Ground. The RED signal ground is for non-TEMPEST-certified RED equipment, RED cable shields, and RED power line filters. Because the RED signal ground carries compromising emanations, protect it to the same degree as RED signal wire lines. Connect it to the earth electrode subsystem within the inspectable space. If a RED signal ground exists in the facility, use it. If a signal reference ground is needed for proper operation of the equipment but the facility does not need to control compromising emanations, a RED signal ground is not needed; use an unclassified signal ground. In these cases, connect the RED signal ground on cryptographic equipment, cable shields, and RED equipment to the unclassified signal ground. Use a separate wire as short as possible to connect to the signal reference ground. Do not use the green wire safety ground.8.35.2. BLACK Signal Ground. The BLACK signal ground is for BLACK signal wire line filters and BLACK cable shields. The following four conditions are required because the BLACK signal ground carries compromising emanations: (1) Protect it to the same degree as RED signal ground, (2) Connect the BLACK signal ground to the earth electrode subsystem within the inspectable space, (3) Do not ground BLACK equipment to BLACK signal ground, and, (4) Do not run the BLACK signal ground with BLACK signal wire lines, BLACK power lines, or any RED lines. If a BLACK signal ground is established in the facility, use it. If a signal reference ground is needed for proper operation of the equipment but the facility does not need to control compromising emanations, a BLACK signal ground is not needed; use an unclassified signal ground. Connect the BLACK signal ground on cryptographic equipment, cable shields, and filters to this signal reference ground. Use a separate wire as short as possible to connect to the signal reference ground. Do not use the green wire safety ground.
8.35.3. Unclassified Signal Ground. This is the same signal reference ground found in any facility that does not process classified national security information but needs such a ground for proper operation of the equipment.
8.35.4. Basic RED and BLACK Signal Grounds Requirements. Where RED, or BLACK, or both, signal grounds are required, meet the following grounding criteria:
8.35.4.1. All installations having more than 5 items of RED equipment, 5 items of cryptographic equipment, or encompassing more than 300 square meters of area, use an equipotential grounding system if it exists. Otherwise, use an existing single-point ground system until the facility undergoes a major renovation or more than 5 items of RED equipment or cryptographic equipment are installed. At that time, install an equipotential plane.8.35.4.2. Installations involving 5 or less items of RED equipment, 5 or less items of cryptographic equipment, and less than 300 square meters of area, may use a single-point grounding system instead of an equipotential plane, provided the following criteria are satisfied:
8.35.4.2.1. Projected growth is not more than 5 items of RED equipment, 5 items of cryptographic equipment, or not more than 300 square meters of area.8.35.4.2.2. Use single-ought American Wire Gauge (usually written 1/0 AWG and sometimes pronounced one-oh) insulated cable for RED and BLACK signal ground distribution systems.
8.35.4.2.3. Protect the RED and BLACK signal ground wires (for example, encased in electrical metallic tubing [sometimes abbreviated emt]).
8.35.4.2.4. Do not use green wire safety ground as a RED or BLACK signal ground.
8.35.4.2.5. Separate RED grounding systems from BLACK grounding systems by the distance specified for RED and BLACK signal wire lines in the applicable countermeasures review attachment.
8.35.4.2.6. Make all runs to RED or BLACK equipment in electrical metallic tubing. As required, use no more than 2 meters of flex conduit to connect to the RED or BLACK signal ground system. Keep the lengths of all ground conductors as short as possible to reduce the impedance to the earth electrode subsystem.
8.35.4.2.7. Ground cryptographic equipment following the guidance in the technical publications related to the cryptographic equipment or, lacking such guidance, following the guidance in Chapter 4.
8.36. Countermeasure - RED Signal Ground Wire and BLACK Equipment Separation.
8.36.1. What The Problem Is. Compromising emanations are produced around RED signal ground wires as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, RED signal ground wires act as transmitting antennas. The wires, traces, frame, and covers of BLACK equipment can act as receiving antennas and pick up the compromising emanations. The problem is if compromising emanations are picked up by BLACK equipment, they can escape on BLACK signal wire lines connected to the BLACK equipment and on the BLACK power cord connected to the BLACK equipment.8.36.2. What The Countermeasure Is. The countermeasure is to separate RED signal ground wires from BLACK equipment.
8.36.3. What The Countermeasure Does. Separation decreases the probability of BLACK equipment picking up compromising emanations from RED signal ground wires and escaping the inspectable space on BLACK signal wire lines or BLACK power lines connected to the BLACK equipment.
8.36.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines and BLACK power lines, are controlled. Normally, this countermeasure is not needed if:
8.36.4.1. The line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or the BLACK signal lines are fiber optic, and,8.36.4.2. The BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.36.5. How To Apply The Countermeasure. Simply stated, move the RED signal ground wires away from the BLACK equipment by the distance specified in the applicable countermeasures review attachment. Traditionally, under ideal conditions, areas were established in a facility for the placement of RED equipment separate and unique from areas with BLACK equipment. When this was done, two areas were created: a RED equipment area (sometimes abbreviated REA) and a BLACK equipment area (sometimes abbreviated BEA). A RED equipment area is the space within a controlled access area where RED information processing equipment and associated power, signal, control, ground, and signal distribution facilities are installed. A BLACK equipment area is an area in a controlled access area where equipment processing non-classified national security information or encrypted classified national security information and associated power, signal, control, ground, and distribution facilities are installed. However, today, most classified national security information is processed in an office environment. Often, this environment does not lend itself to establishing RED equipment areas and BLACK equipment areas easily. However, achieving and maintaining the separation is required. If data from an EMSEC test determines that a hazard exists, a countermeasure to consider is to increase the physical separation distance. A further problem is offices are rearranged from time to time that can lead to a natural laxness where the separation requirements are forgotten.
8.36.6. Alternatives. The alternatives to fully separating RED signal ground wires from BLACK equipment, as required in the applicable countermeasures review attachment, are:
8.36.6.1. Use a BLACK signal wire line isolation countermeasure. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), and,8.36.6.2. Filter the BLACK power. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters).
8.37. Countermeasure - RED Signal Ground Wire and BLACK Signal Wire Line Separation.
8.37.1. What The Problem Is. Compromising emanations are produced around RED signal ground wires as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, RED signal ground wires act as transmitting antennas. The problem is BLACK signal wire lines can act as receiving antennas and pick up the compromising emanations.8.37.2. What The Countermeasure Is. The countermeasure is to separate RED signal ground wires from BLACK signal wire lines.
8.37.3. What The Countermeasure Does. Separation decreases the probability of BLACK signal wire lines picking up compromising emanations from RED signal ground wires and escaping the inspectable space on BLACK signal wire lines.
8.37.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines, are controlled. Normally, this countermeasure is not needed if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
8.37.5. How To Apply The Countermeasure. Simply stated, move the RED signal ground wires away from the BLACK signal wire lines by the distance specified in the applicable countermeasures review attachment.
8.37.6. Alternatives. The alternatives to fully separating RED signal ground wires from BLACK signal wire lines, as required in the applicable countermeasures review attachment, are:
8.37.6.1. Use a BLACK signal wire line isolation countermeasure. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), or,8.37.6.2. Shield the BLACK signal wire lines to prevent them from picking up compromising emanations. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters).
8.38. Countermeasure - RED Signal Ground Wire and BLACK Power Line Separation.
8.38.1. What The Problem Is. Compromising emanations are produced around RED signal ground wires as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, RED signal ground wires act as transmitting antennas. The problem is BLACK power lines can act as receiving antennas and pick up the compromising emanations.8.38.2. What The Countermeasure Is. The countermeasure is to separate RED signal ground wires from BLACK power lines.
8.38.3. What The Countermeasure Does. Separation decreases the probability of BLACK power lines picking up compromising emanations from RED signal ground wires and escaping the inspectable space on BLACK power lines and, to a lesser degree, BLACK signal wire lines connected to BLACK equipment.
8.38.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK power lines and BLACK signal wire lines, are controlled. Normally, this countermeasure is not needed if:
8.38.4.1. BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential, and,8.38.4.2. The line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or the BLACK signal lines are fiber optic.
8.38.5. How To Apply The Countermeasure. Simply stated, move the RED signal ground wires away from the BLACK power by the distance specified in the applicable countermeasures review attachment.
8.38.6. Alternatives. The alternatives to fully separating RED signal ground wires from BLACK power lines, as required in the applicable countermeasures review attachment, are:
8.38.6.1. Filter BLACK power lines. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), and,8.38.6.2. Use a BLACK signal wire line isolation countermeasure.
8.39. Countermeasure - RED Signal Ground Wire and BLACK Signal Ground Wire Separation.
8.39.1. What The Problem Is. Compromising emanations are produced around RED signal ground wires as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, RED signal ground wires act as transmitting antennas. BLACK signal ground wires can act as receiving antennas and pick up the compromising emanations. The problem is if BLACK signal ground wires pick up compromising emanations, they can escape in three ways: (1) Conducting them to the shields on BLACK signal lines where they can be conducted to BLACK equipment and escape the inspectable space on the BLACK signal wire lines and BLACK power lines. (2) Conducting them to the shields on BLACK signal lines where they can be impressed on the BLACK signal wire lines and escape the inspectable space on the BLACK signal wire lines. (3) Conducting them back through the filters on BLACK signal wire lines where they can be impressed on the BLACK signal wire lines and escape the inspectable space on the BLACK signal wire lines.8.39.2. What The Countermeasure Is. The countermeasure is to separate RED signal ground wires from BLACK signal ground wires.
8.39.3. What The Countermeasure Does. Separation decreases the probability of BLACK signal ground wires picking up compromising emanations from RED signal ground wires and escaping the inspectable space on BLACK signal wire lines and, to a lesser degree, BLACK power lines.
8.39.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines and BLACK power lines, are controlled. Normally, this countermeasure is not needed if:
8.39.4.1. The line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or the BLACK signal lines are fiber optic, and,8.39.4.2. The BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.39.5. How To Apply The Countermeasure. Simply stated, move the RED signal ground wires away from the BLACK signal ground wires by the distance specified in the applicable countermeasures review attachment.
8.39.6. Alternatives. The alternatives to fully separating RED signal ground wires from BLACK signal ground wires, as required in the applicable countermeasures review attachment, are:
8.39.6.1. Use a BLACK signal wire line isolation countermeasure, and,8.39.6.2. Filter the BLACK power lines.
8.40. Countermeasure - RED Signal Ground Wire and Fortuitous Conductor Separation.
8.40.1. What The Problem Is. Compromising emanations are produced around RED signal ground wires as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, the RED signal ground wire acts as a transmitting antenna. Fortuitous conductors can act as receiving antennas and pick up the compromising emanations. The problem is fortuitous conductors can leave the inspectable space allowing compromising emanations to escape control. An additional problem is, since fortuitous conductors can run parallel to BLACK signal wire lines and BLACK power lines, compromising emanations can get coupled to them and leave the inspectable space if the BLACK signal wire lines or BLACK power lines leave the inspectable space.8.40.2. What The Countermeasure Is. The countermeasure is to separate RED signal ground wires from fortuitous conductors.
8.40.3. What The Countermeasure Does. Separation decreases the probability of fortuitous conductors picking up compromising emanations from RED signal ground wires and escaping the inspectable space on the fortuitous conductors, BLACK signal wire lines, or BLACK power lines.
8.40.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, fortuitous conductors, BLACK signal wire lines, and BLACK power lines, are controlled. Normally, this countermeasure is not needed if:
8.40.4.1. Fortuitous conductors are contained within the inspectable space, and,8.40.4.2. The line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or the BLACK signal lines are fiber optic, and,
8.40.4.3. The BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.40.5. How To Apply The Countermeasure. Simply stated, move the RED signal ground wires away from the fortuitous conductors by the distance specified in the applicable countermeasures review attachment.
8.40.6. Alternatives. The alternatives to fully separating RED signal ground wires from fortuitous conductors, as required in the applicable countermeasures review attachment, are:
8.40.6.1. Install non-conductive breaks in all fortuitous conductors at the boundary of the inspectable space, and,8.40.6.2. Separate the BLACK signal wire lines from BLACK power lines by the distance specified in the applicable countermeasures review attachment, or,
8.40.6.3. Shield the BLACK signal wire lines and BLACK power lines. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters).
8.41. Countermeasure - BLACK Signal Ground Wire and BLACK Equipment Separation.
8.41.1. What The Problem Is. Compromising emanations are produced around BLACK signal ground wires as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, BLACK signal ground wires act as transmitting antennas. The wires, traces, frame, and covers of BLACK equipment can act as receiving antennas and pick up the compromising emanations. The problem is if compromising emanations are picked up by BLACK equipment, they can escape on BLACK signal wire lines connected to the BLACK equipment and on the BLACK power cord connected to the BLACK equipment.8.41.2. What The Countermeasure Is. The countermeasure is to separate BLACK signal ground wires from BLACK equipment.
8.41.3. What The Countermeasure Does. Separation decreases the probability of BLACK equipment picking up compromising emanations from BLACK signal ground wires and escaping the inspectable space on BLACK signal wire lines or BLACK power lines connected to the BLACK equipment.
8.41.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines and BLACK power lines, are controlled. Normally, this countermeasure is not needed if:
8.41.4.1. The line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or the BLACK signal lines are fiber optic, and,8.41.4.2. The BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.41.5. How To Apply The Countermeasure. Simply stated, move the BLACK signal ground wires away from the BLACK equipment by the distance specified in the applicable countermeasures review attachment. Traditionally, under ideal conditions, areas were established in a facility for the placement of RED equipment separate and unique from areas with BLACK equipment. However, today, most classified national security information is processed in an office environment but achieving and maintaining the separation is still required. If data from an EMSEC test determines that a hazard exists, a countermeasure to consider is to increase the physical separation distance. A further problem is offices are rearranged from time to time that can lead to a natural laxness where the separation requirements are forgotten.
8.41.6. Alternatives. The alternatives to fully separating BLACK signal ground wires from BLACK equipment, as required in the applicable countermeasures review attachment, are:
8.41.6.1. Use a BLACK signal wire line isolation countermeasure. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), and,8.41.6.2. Filter the BLACK power. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters).
8.42. Countermeasure - BLACK Signal Ground Wire and BLACK Signal Wire Line Separation.
8.42.1. What The Problem Is. Compromising emanations are produced around BLACK signal ground wires as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, BLACK signal ground wires act as transmitting antennas. The problem is BLACK signal wire lines can act as receiving antennas and pick up the compromising emanations.8.42.2. What The Countermeasure Is. The countermeasure is to separate BLACK signal ground wires from BLACK signal wire lines.
8.42.3. What The Countermeasure Does. Separation decreases the probability of BLACK signal wire lines picking up compromising emanations from BLACK signal ground wires and escaping the inspectable space on BLACK signal wire lines.
8.42.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines, are controlled. Normally, this countermeasure is not needed if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
8.42.5. How To Apply The Countermeasure. Simply stated, move the BLACK signal ground wires away from the BLACK signal wire lines by the distance specified in the applicable countermeasures review attachment.
8.42.6. Alternatives. The alternatives to fully separating BLACK signal ground wires from BLACK signal wire lines, as required in the applicable countermeasures review attachment, are:
8.42.6.1. Use a BLACK signal wire line isolation countermeasure. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), or,8.42.6.2. Shield the BLACK signal wire lines to prevent them from picking up compromising emanations. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters).
8.43. Countermeasure - BLACK Signal Ground Wire and BLACK Power Line Separation.
8.43.1. What The Problem Is. Compromising emanations are produced around BLACK signal ground wires as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, BLACK signal ground wires act as transmitting antennas. The problem is BLACK power lines can act as receiving antennas and pick up the compromising emanations.8.43.2. What The Countermeasure Is. The countermeasure is to separate BLACK signal ground wires from BLACK power lines.
8.43.3. What The Countermeasure Does. Separation decreases the probability of BLACK power lines picking up compromising emanations from BLACK signal ground wires and escaping the inspectable space on BLACK power lines and, to a lesser degree, BLACK signal wire lines connected to BLACK equipment.
8.43.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK power lines and BLACK signal wire lines, are controlled. Normally, this countermeasure is not needed if:
8.43.4.1. BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential, and,8.43.4.2. The line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or the BLACK signal lines are fiber optic.
8.43.5. How To Apply The Countermeasure. Simply stated, move the BLACK signal ground wires away from the BLACK power by the distance specified in the applicable countermeasures review attachment.
8.43.6. Alternatives. The alternatives to fully separating BLACK signal ground wires from BLACK power lines, as required in the applicable countermeasures review attachment, are:
8.43.6.1. Filter BLACK power lines. This reduces the separation distance to 15 percent of the required distance (minimum 15 centimeters), and,8.43.6.2. Use a BLACK signal wire line isolation countermeasure.
8.44. Countermeasure - BLACK Signal Ground Wire and Fortuitous Conductor Separation.
8.44.1. What The Problem Is. Compromising emanations are produced around BLACK signal ground wires as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, the BLACK signal ground wire acts as a transmitting antenna. Fortuitous conductors can act as receiving antennas and pick up the compromising emanations. The problem is fortuitous conductors can leave the inspectable space allowing compromising emanations to escape control. An additional problem is, since fortuitous conductors can run parallel to BLACK signal wire lines and BLACK power lines, compromising emanations can get coupled to them and leave the inspectable space if the BLACK signal wire lines or BLACK power lines leave the inspectable space.8.44.2. What The Countermeasure Is. The countermeasure is to separate BLACK signal ground wires from fortuitous conductors.
8.44.3. What The Countermeasure Does. Separation decreases the probability of fortuitous conductors picking up compromising emanations from BLACK signal ground wires and escaping the inspectable space on the fortuitous conductors, BLACK signal wire lines, or BLACK power lines.
8.44.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, fortuitous conductors, BLACK signal wire lines, and BLACK power lines, are controlled. Normally, this countermeasure is not needed if:
8.44.4.1. Fortuitous conductors are contained within the inspectable space, and,8.44.4.2. The line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or the BLACK signal lines are fiber optic, and,
8.44.4.3. The BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.44.5. How To Apply The Countermeasure. Simply stated, move the BLACK signal ground wires away from the fortuitous conductors by the distance specified in the applicable countermeasures review attachment.
8.44.6. Alternatives. The alternatives to fully separating BLACK signal ground wires from fortuitous conductors, as required in the applicable countermeasures review attachment, are:
8.44.6.1. Install non-conductive breaks in all fortuitous conductors at the boundary of the inspectable space, and,8.44.6.2. Separate the BLACK signal wire lines from BLACK power lines by the distance specified in the applicable countermeasures review attachment, or,
8.44.6.3. Shield the BLACK signal wire lines and BLACK power lines. This reduces the separation distance to 5 percent of the required distance (minimum 5 centimeters).
8.45. Ground Checks. The base civil engineer makes ground checks, in support of EMSEC, as specified in AFI 32-1065, Grounding Systems. When installing a new communications system, make ground resistivity checks every 3 months for one year and then rechecks every 21 months. The resistance to ground is less than 10 ohms.
8.46. Fortuitous Conductors. Fortuitous conductors are metallic objects that normally do not have a direct mission function. Fortuitous conductors are such things as heating and air conditioning ducts, water and gas pipes, and fire alarm and suppression systems. Fortuitous conductors can be divided into three general types.
8.46.1. Alarm Systems. Many facilities employ alarm systems to detect and alert personnel of life-threatening or security-threatening situations. These systems use metallic conductors to connect passive or active sensors to an enunciator panel. It is permitted to request a EMSEC field test of the alarm system to determine its susceptibility to radiated emanations, and identify the appropriate corrective measures to apply.8.46.2. Building Utilities. Building utilities pose problems in facilities since most are constructed of metallic materials and thus are susceptible to picking up radiated emanations.
8.46.2.1. Utilities include heating, ventilating, and air conditioning systems, and water and gas pipes.8.46.2.2. The Occupational Safety and Health Act and local building codes require bonding together into one electrically contiguous system, using guidance in the National Electric Code, all parts of any structure that might become energized, whether intended to do so or not. Therefore, all plumbing and duct work is electrically bonded to the structural members and further bonded to the life-saving ground system and to the equipotential plane. In this manner, multiple and direct low-impedance paths will exist to return energy to the source.
8.46.3. Facility Construction. Many facilities use metallic studs in the construction of interior walls. In most cases, these are not a problem. However, if the studs are electrically connected (metallic connection) to other walls of similar construction and transit the perimeter of the inspectable space, then compromising emanations could escape by these fortuitous conductors.
8.47. Countermeasure - Fortuitous Conductor Isolation.
8.47.1. What The Problem Is. Compromising emanations are produced in RED equipment as a result of state changes in electronic circuits and current flow in traces and wires. Also, compromising emanations are produced around RED signal wire lines as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, the RED signal wire line acts as a transmitting antenna. Further, when equipment processes information, it can create noise that may appear on the equipment's power cord; these may be compromising emanations in the case of RED equipment Fortuitous conductors can act as receiving antennas and pick up compromising emanations from nearby RED equipment, RED signal lines, and RED power lines. The problem is compromising emanations may be conducted on fortuitous conductors that exit the inspectable space.8.47.2. What The Countermeasure Is. The countermeasure is to isolate a fortuitous conductor that exits the inspectable space.
8.47.3. What The Countermeasure Does. Isolating the fortuitous conductor contains compromising emanations within the inspectable space by breaking the conducting path.
8.47.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, fortuitous conductors, BLACK signal wire lines, and BLACK power lines are controlled. Normally, this countermeasure is not needed if:
8.47.4.1. Fortuitous conductors do not exit the inspectable space, and,8.47.4.2. The line distance of the BLACK signal wire lines connected to BLACK equipment from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or the BLACK signal lines are fiber optic, and,
8.47.4.3. BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.47.5. How To Apply The Countermeasure. The basic treatment to isolate fortuitous conductors is to break the electrical (metallic) connection. Use it at the boundary or perimeter of the inspectable space. If the non-conductive break is placed within the equipment radiation TEMPEST zone of RED equipment, there is a chance to re-contaminate the fortuitous conductor. There are situations where the emanation on the fortuitous conductor is a radio frequency (radio frequency) signal. When a fortuitous conductor is a hollow metallic conduit or pipe, the conduit or pipe can act like a waveguide. This means that when the conduit or pipe stops, the end acts like a feed-horn antenna and propagates the radio frequency signal into free space in the direction of the conduit is pointed. This energy will cross the non-conductive break and re-contaminate the fortuitous conductor. If this situation is probable, then offset the continuation of the conduit or pipe such that the two ends are not in line with each other.
8.47.6. Alternatives. The alternatives to isolating fortuitous conductors are:
8.47.6.1. Increase the separation distance for RED equipment and fortuitous conductors, or,8.47.6.2. Use RED equipment where the strength of the compromising emanations has been reduced. This normally means TEMPEST-certified equipment, or,
8.47.6.3. Shield the RED equipment to reduce compromising emanations by using the encapsulation technique. If there are several items of RED equipment that need separation from several items of BLACK equipment, an alternative to consider is using a shielded enclosure, and,
8.47.6.4. Shield the BLACK signal wire lines, or,
8.47.6.5. Use a BLACK signal wire line isolation countermeasure, and,
8.47.6.6. Shield the BLACK power lines, or,
8.47.6.7. Filter the BLACK power lines.
8.48. Distribution Facilities. In a facility that processes classified national security information, signal wire lines, power lines, and signal ground wires are divided into two groups, RED and BLACK. Those signal wire lines that carry classified national security information, power circuits used exclusively by RED processors, and signal grounds for RED equipment and the shields of RED signal wire lines are labeled RED. Those that do not handle classified national security information are labeled BLACK. Basically, distribution facilities are a form of plumbing. They consist of pipe in the form of electrical metallic tubing, iron pipe, or metallic ducting (a square pipe).
8.48.1. A distribution facility provides a convenient method for separating and controlling the routing of signal, power, and ground cables. Such routing ensures that RED and BLACK cables are properly separated and not mixed by controlling access to the route.8.48.2. Properly installed, a distribution facility may shield the cables thereby, either reducing free-space radiation of compromising emanations from RED cables or preventing BLACK cables from picking up radiated compromising emanations.
8.48.3. In a facility where all cables are in distribution facilities, there will be at least five distribution facilities; RED signal, BLACK signal, RED power, BLACK power, and BLACK signal ground. RED signal ground may be run with RED signal wire lines.
8.49. Countermeasure - Distribution Facility Installation.
8.49.1. What The Problem Is. In some facilities, there is a plethora of cables, wires, signal lines, power lines, signal grounds, and fortuitous conductors. All the RED metallic conductors emanate compromising emanations. The problem is BLACK signal wire lines, BLACK power lines, BLACK signal grounds, and fortuitous conductors can pick up these compromising emanations and carry them beyond the inspectable space if not properly separated.8.49.2. What The Countermeasure Is. The countermeasure is to install some or all RED signal lines, RED power lines, BLACK signal wire lines, BLACK power lines, and BLACK signal grounds in distribution facilities.
8.49.3. What The Countermeasure Does. Installing some or all RED signal lines, RED power lines, BLACK signal wire lines, BLACK power lines, and BLACK signal grounds in distribution facilities achieves the proper separation and can shield, if the distribution facilities are properly constructed, RED signal lines, RED power lines, BLACK signal wire lines, BLACK power lines, and BLACK signal grounds.
8.49.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines, BLACK power lines, BLACK signal ground, and fortuitous conductors, are controlled. Normally, this countermeasure is not needed if:
8.49.4.1. All RED signal wire lines, RED power lines, and RED signal ground wires are shielded, or,8.49.4.2. Fortuitous conductors are contained within the inspectable space, or,
8.49.4.3. All fortuitous conductors are separated from RED signal wire lines, RED power lines, and RED signal ground by the distance specified in the applicable countermeasure review attachment, or,
8.49.4.4. All fortuitous conductors are isolated with a non-conductive break at the boundary of the inspectable, and,
8.49.4.5. All BLACK signal wire lines are separated from RED signal wire lines, RED power lines, and RED signal ground by the distance specified in the applicable countermeasure review attachment, or,
8.49.4.6. All BLACK signal wire lines are shielded, or,
8.49.4.7. A BLACK signal wire line isolation countermeasure is used, or,
8.49.4.8. The line distance of BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or the BLACK signal lines are fiber optic, and,
8.49.4.9. All BLACK power lines are separated from RED signal wire lines, RED power lines, and RED signal ground by the distance specified in the applicable countermeasure review attachment, or,
8.49.4.10. All BLACK power lines are shielded, or,
8.49.4.11. All BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential, or,
8.49.4.12. All BLACK power lines are filtered, and,
8.49.4.13. All BLACK signal ground wires are separated from RED signal wire lines, RED power lines, RED signal ground, BLACK signal wire lines, and BLACK power lines by the distance specified in the applicable countermeasure review attachment, or,
8.49.4.14. All BLACK signal ground wires are insulated and run in electrical metallic tubing grounded at the earth electrode subsystem.
8.49.5. How To Apply The Countermeasure.
8.49.5.1. Design Objectives. The signal distribution design accomplishes three primary objectives: (1) Provides an orderly scheme to route cables among and between equipment. (2) Provides accountability for all cables. (3) Prevents RED cables from becoming mixed with or inadvertently connected to any BLACK cables.8.49.5.2. General Installation Guidelines. Contain RED distribution facilities within the controlled access area. If the distribution facility is meant to provide shielding, then the disconnect plug used with flexible ferrous conduit must be a shielded type or ensures the shield of the circuit cabling (shielded cable) is carried on a pin through the plug. When the shield is carried on a pin, the connector should provide complete electrical isolation between the cable shield and plug case. Maintain the electrical isolation between the cable shield and connector case during field assembly.
8.49.5.3. Separation Requirements. Separate RED and BLACK distribution facilities according to the applicable countermeasures review attachment. Use caution when installing a metallic RED distribution facility. The main problem occurs when suspending the distribution facility from the facility structure. Any metallic connection between the distribution facility and the facility structure provides a path for compromising emanations on the distribution facility to escape the inspectable space via fortuitous conductors of the facility structure. Disregard this concern if the facility is constructed using the latest guidance for bonding the structure, pipes, ducts, etc., to form many paths to ground, or the building is constructed as an equipotential ground plane.
8.49.5.4. Marking Distribution Facilities. The requirement to mark distribution facilities in controlled access areas is a communications security requirement. This requirement helps meet the requirement to control classified national security information.
8.49.5.4.1. Mark all RED distribution facilities except conduit carrying a RED signal ground feeder external to the building within the inspectable space. Use a 1-inch wide strip of red tape or red paint at intervals of approximately 1-1/2 meters.8.49.5.4.2. Where BLACK components are very few compared to the number of RED components, it is permitted to mark BLACK components instead of RED components. Mark all BLACK distribution facilities except conduit carrying a BLACK signal ground feeder external to the building within the inspectable space. Use a 1-inch wide strip of black tape or black paint at intervals of approximately 1-1/2 meters. On black colored components, use another color, such as white, to accentuate the black tape or paint.
8.49.5.5. Viewing RED Distribution Facilities. Expose to view, never hide, RED distribution facilities and wire lines (signal, power, and ground) except when passing through walls, floors, or ceilings to other spaces within the inspectable space. Make each opening through which distribution facilities and wire lines pass large and accessible enough to permit easy access and inspection. If hiding distribution facilities and wire lines is unavoidable, then the competent engineering authority must specifically require it, and the cognizant security authority must approve it. It may be necessary to provide appropriate alarm and penetration protection for hidden wire lines and distribution facilities. Technically qualified user personnel must inspect hidden distribution facilities and wire lines at initial installation, during subsequent changes, and daily for TOP SECRET, weekly for SECRET, and monthly for CONFIDENTIAL at irregular intervals.
8.49.5.6. Interconnect Facilities. Some facilities require an interconnect medium to connect the terminal equipment to the encryption device, the encryption device to the modem, and the modem to the line or carrier equipment. This interconnect medium is usually a technical control or patch-and-test facility. The technical control or patch-and-test facility consists of patching and distribution equipment.
8.49.5.6.1. Patching Equipment. The most common form of patching equipment is a series of jack fields wired in the normal-through configuration, which permits connecting equipment through all elements to the line or carrier equipment. Patch cords allow the use of spare equipment or cable pairs for the purpose of performing routine maintenance or to prevent downtime due to equipment or wiring malfunctions. When mounting jack fields on a plate for installation in a rack, they are called patch panels. Some coaxial patch panels may have all of the outer conductors (typically, the shields) tied together. That makes them common with the panel and, therefore, common to the green-wire ground. Isolate all feed-through shields from the chassis.8.49.5.6.1.1. When using patching equipment in a facility that processes both RED and BLACK information, use separate RED and BLACK jack fields. Install the RED and BLACK jack fields in separate racks or cabinets. Separate the RED jack fields from the BLACK jack fields by a distance that would eliminate the possibility of connecting a standard patch cord between RED and BLACK patches. If this distance is not achievable, then make each patch panel unique by using different styled jacks and plugs for the RED and BLACK jack fields. Separate the cabinets or racks from RED and BLACK equipment according to the applicable countermeasures review attachment.8.49.5.6.1.2. Contain technical control and patch-and-test facilities within a controlled access area. This does not mean they are always in the RED equipment area.
8.49.5.6.2. Distribution Equipment (Wire Closets). Wire closets typically are equipment cabinets or rooms that are designed so cables can be hardwire interconnected between equipment. Equip wire closets with connector blocks to provide interconnectivity of terminal equipment, encryption devices, technical control or patch-and-test facility, and line or line-conditioning equipment. Designate distribution equipment with separate RED and BLACK connector blocks to prevent cross connecting the RED and BLACK wire lines. Separate according to the applicable countermeasures review attachment.
8.49.5.7. Power Distribution Facilities. The power requirements of any facility are divided into two groups; power for the mission equipment and power for the supporting services. Supporting services include such things as lighting, heating, ventilation, and air conditioning. In a facility processing plain-text classified national security information, the mission power can be further divided into RED power and BLACK power, in separate distribution facilities.
8.49.5.7.1. General Installation Requirements. All the power distribution schemes must conform to the life-safety provisions of the Occupational, Safety, and Health Act, the National Electric Code, and local building codes.8.49.5.7.2. Equipment Isolation. Design RED power distribution such that it is difficult to connect BLACK equipment or utility equipment to it. By providing a separate service feeder for the sensitive equipment and controlling its distribution, the opportunity for an adversary to gain access to those lines is reduced. With respect to alternating current power, it is possible to recover plain-text information through power line conduction.
8.49.5.8. RED Signal Ground Distribution Facility. A separate distribution facility for a RED signal ground is not required. It is permitted to run it in the RED signal distribution facility. It is not a good engineering practice to run the RED signal ground wire in the RED power distribution facility.
8.49.5.9. BLACK Signal Ground Distribution Facility. Run the BLACK signal ground wire in its own distribution facility. There are two reasons for this.
8.49.5.9.1. Filters are used to strip conducted compromising emanations from BLACK signal wire lines and shields are used on BLACK signal wire lines to collect radiated compromising emanations and conduct them to ground on the BLACK signal ground wire. To run the BLACK signal ground wire in the BLACK signal distribution facility could contaminate the BLACK signal wire lines, especially if some of the BLACK signal wire lines are unshielded.8.49.5.9.2. Do not run the BLACK signal ground wire, although contaminated with compromising emanations, with the RED signal ground wire or RED signal wire lines. To do so runs the risk of contaminating BLACK equipment with compromising emanations. There are a number of ways this may happen. One is because some potential difference may exist between RED and BLACK equipment. Another is a lower impedance path may exist in such a manner that compromising emanations picked up by the BLACK signal ground wire from the RED signal ground wire or RED signal wire lines are conducted to the BLACK equipment.
8.49.5.10. Construction. Base the selection of ferrous or nonferrous hardware on EMSEC considerations. Minimum standards for metallic hardware are:
8.49.5.10.1. Conduit. Use nonferrous conduit, that is, electrical metallic tubing, as specified in the latest version of the National Electric Code, except with the addition of a noncorrosive conductive coating. Use ferrous conduit for nonlow-level operating wire lines. Ferrous conduit is rigid, threaded thickwall ferrous pipe or ferrous rigid-sheet steel ducting to form a single tube.8.49.5.10.2. Conduit Fittings. Use threaded or the compression type fittings for either ferrous or nonferrous metallic conduit.
8.49.5.10.3. Sealing Requirements. Threaded and compression type fittings, when properly installed, do not require sealing by welding or conductive epoxy unless the distribution facility is to meet a shielding requirement. The national stock number for conductive epoxy is 8040-00-944-7292.
8.49.5.10.4. Painted or Unpainted Metal Duct. Fabricate unpainted enclosed metal duct such that assembly techniques insure good electrical joints and continuous metal-to-metal contact. It is permitted to apply paint after the installation is complete. Prepainted duct is acceptable when duct is chosen as an installation method and not used to meet a shielding requirement. Do not use prepunched knockouts when using the duct to meet a shielding requirement.
8.49.5.10.5. Boxes. Enclose in metallic boxes all terminal boxes, junction boxes, and other similar containers that terminate or interface with the distribution facility and, where economically feasible, made of ferrous material. Do not use prepunched knockouts when using the distribution facility to meet a shielding requirement.
8.49.5.10.6. Radio Frequency Gasketing. Radio frequency gasketing must be used on covers (duct and boxes) if using the distribution facility to meet a shielding requirement, otherwise, it is elective.
8.49.5.10.7. Flexible Ferrous Conduit. Keep the use of flexible ferrous conduit to a minimum. Use is permitted to allow movement of equipment requiring frequent maintenance. Flexible conduit also enables the installer to carry wiring to connections that are impractical to accomplish with rigid or electrical metallic tubing conduit. Use flexible conduit only at the end of a cable run. Keep the length of flexible ferrous conduit runs as short as possible and do not exceed 2 meters for each run. Interface flexible ferrous conduit to the distribution facility with a junction box. Equip the junction box with a quick disconnect termination to enable rapid removal of the equipment from the distribution facility.
8.49.5.10.8. Spare Conductors. Cabling within the RED and BLACK distribution systems, especially the signal distribution systems, will normally contain spare conductors for future expansion, fault isolation, or equipment wiring changes. Terminate spare conductors at one end to the signal ground bus in the appropriate distribution frames serving the particular cable or wire line; that is, ground spare RED conductors to the RED signal ground wire and spare BLACK conductors to BLACK signal ground wire. Ground them within the inspectable space.
8.49.5.10.9. Unused Conductors. Remove cable and wires no longer used or needed as a result of renovation or installation of new cabling. Unused cables can become fortuitous conductors picking up compromising emanations from a cable, wire, or free space radiation in one area and carrying them to another area. If it is not possible to remove unused conductors, then tie them (bundled) together, and ground them within the inspectable space.
8.49.5.10.10. Accountability of Wires and Cables. Account completely for all wires and cables within, or passing through a secure area. Clearly mark, label, or tag, according to purpose, all wires and cables. Remove all unused wiring. Ground spare wiring in cables within the inspectable space and clearly mark as such.
8.49.6. Alternatives. The alternatives to using distribution facilities are:
8.49.6.1. Shield all RED signal wire lines, RED power lines, and RED signal ground wires, or,8.49.6.2. Contain all fortuitous conductors within the inspectable space, or,
8.49.6.3. Separate all fortuitous conductors from RED signal wire lines, RED power lines, and RED signal ground wire by the distance specified in the applicable countermeasure review attachment, or,
8.49.6.4. Isolate all fortuitous conductors with a non-conductive break at the boundary of the inspectable, and,
8.49.6.5. Separate all BLACK signal wire lines from RED signal wire lines, RED power lines, and RED signal ground wire by the distance specified in the applicable countermeasure review attachment, or,
8.49.6.6. Shield all BLACK signal wire lines, or,
8.49.6.7. Use a BLACK signal wire line isolation countermeasure, and,
8.49.6.8. Separate all BLACK power lines from RED signal wire lines, RED power lines, and RED signal ground wire by the distance specified in the applicable countermeasure review attachment, or,
8.49.6.9. Shield all BLACK power lines, or,
8.49.6.10. Filter all BLACK power lines, and,
8.49.6.11. Separate all BLACK signal ground wires from RED signal wire lines, RED power lines, RED signal ground wires, BLACK signal wire lines, and BLACK power lines by the distance specified in the applicable countermeasure review attachment, or,
8.49.6.12. Insulate and run all BLACK signal ground wires in electrical metallic tubing grounded at the earth electrode subsystem.
8.50. Countermeasure - TEMPEST-Certified Equipment.
8.50.1. What The Problem Is. Compromising emanations are produced in RED equipment as a result of state changes in electronic circuits and current flow in traces and wires. The wires, traces, frame, and cover of BLACK equipment, BLACK signal wire lines, BLACK power lines, BLACK signal ground wires, and fortuitous conductors can act as receiving antennas and pick up compromising emanations from nearby RED equipment. The problem is compromising emanations can escape the inspectable space if BLACK signal wire lines, BLACK power lines, and fortuitous conductors exit the inspectable space.8.50.2. What The Countermeasure Is. The countermeasure is to use TEMPEST-certified equipment.
8.50.3. What The Countermeasure Does. TEMPEST-certified equipment is equipment designed and constructed to reduce compromising emanations; tested, according to the current edition of NSTISSAM TEMPEST/1-92 (C); and meets the Level I limits. Using low-level signaling, filtering, internal shielding, and other design practices, TEMPEST-certified equipment is virtually free of conducted and radiated compromising emanations.
8.50.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if all the required countermeasures can be applied and they provide the required protection. Do not apply this countermeasure if the cost of TEMPEST-certified equipment exceeds the cost of applying the countermeasures required by the applicable countermeasures review attachment. A hidden cost is the cost of maintaining TEMPEST-certified equipment; approximately ten times the cost of a non-TEMPEST-certified version. Certified TEMPEST Technical Authority validation is required before TEMPEST-certified equipment can be purchased.
8.50.5. How To Apply The Countermeasure. Simply stated, install the equipment as you would any other RED equipment. Do not connect to RED power. Apply RED equipment separation and RED signal line countermeasures according to the applicable countermeasures review attachment. Any modification or change to the as-manufactured condition of TEMPEST-certified equipment voids the TEMPEST certification. If the TEMPEST-certified equipment is modified or altered, it is no longer TEMPEST-certified. Re-testing by a certified test agency is required to re-certify it; a very costly procedure.
8.50.6. Alternatives. The alternatives to using TEMPEST-certified equipment are to apply all the required countermeasures identified in the applicable countermeasures review attachment.
8.51. Countermeasure - Shielding. In certain instances, systems processing classified national security information are so large and complex that applying all required EMSEC countermeasures is impossible or exorbitantly expensive. In hostile environments where it is known that compromising emanations are exploited, applying all required countermeasures may not provide sufficient protection. In other, less hostile environments where United States control is extremely limited, applying all required EMSEC countermeasures may be too costly or may not provide sufficient protection.
8.51.1. What The Problem Is. Compromising emanations are produced in RED equipment as a result of state changes in electronic circuits and current flow in traces and wires. The wires, traces, frame, and cover of BLACK equipment, BLACK signal wire lines, BLACK power lines, BLACK signal ground wires, and fortuitous conductors can act as receiving antennas and pick up compromising emanations from nearby RED equipment. The problem is compromising emanations can escape the inspectable space if BLACK signal wire lines, BLACK power lines, and fortuitous conductors exit the inspectable space.8.51.2. What The Countermeasure Is. The countermeasure is to shield the entire facility, or a room, or the RED equipment.
8.51.3. What The Countermeasure Does. Shielding the RED equipment will contain the compromising emanations within the shielded enclosure and prevent contaminating BLACK equipment, BLACK signal wire lines, BLACK power lines, BLACK signal ground wires, and fortuitous conductors.
8.51.4. When The Countermeasure Is Not Needed.. This countermeasure is not needed if all the required countermeasures can be applied and provide the required protection. Do not apply this countermeasure if the cost of shielding exceeds the cost of applying the countermeasures required by the applicable countermeasures review attachment. A life-time cost is the cost of maintaining a shielded enclosure. Certified TEMPEST Technical Authority validation is required before shielded RED equipment can be applied.
8.51.5. How To Apply The Countermeasure.
8.51.5.1. Shielding is applied directly to equipment (encapsulation), within a room (shielded enclosure), or to a complete or large portion of a facility (global). There are two standards for shielding effectiveness.8.51.5.1.1. For equipment encapsulation, the standard is NSTISSAM TEMPEST/1-92 (C), Level I. Encapsulating equipment to meet this standard in effect makes it TEMPEST-certified.8.51.5.1.2. The Air Force standard for shielding effectiveness (attenuation) for both shielded enclosures and global shielding is 50 decibels (sometimes abbreviated dB) (plus a 10-decibel allowance for life-time degradation). Justify a decision to provide more attenuation on equipment with compromising emanations levels so strong that 50 decibels of attenuation will not reduce compromising emanations to a level where the inspectable space can contain them.
8.51.5.2. A shielded enclosure (room or facility) is a six-sided metallic box. Isolate it both physically and electrically within the area under positive United States control. Within the United States and in low and medium threat areas, provide a minimum of 1 meter of controlled access area around a shielded enclosure. In high threat areas, the controlled access area must be a minimum of 3 meters.
8.51.5.3. Construct the shielded enclosure (room or facility) meeting the requirements of NSTISSAM TEMPEST/1-95, Shielded Enclosures.
8.51.5.4. Test the shielding effectiveness of the shielded enclosure (room or facility) according to NSTISSAM TEMPEST/1-95.
8.51.5.5. Have a CTTA review and accept the shielding effectiveness test results of a shielded enclosure (room or facility).
8.51.5.6. Reverify the shielding effectiveness of a shielded enclosure (room or facility) every 3 years following the guidance in paragraphs 8.51.5.4 and 8.51.5.5. Equipment encapsulation does not require reverification.
8.51.5.7. Inspect global shields and shielded enclosures annually for rust, cracks, holes, screw and bolt tightness, integrity of welds, door operation, tarnish on door flanges, etc. Report deficiencies to maintenance personnel. Serious deficiencies may require recertification.
8.51.5.8. Perform maintenance as required. In some circumstances, using routines for periodic maintenance to insure the shielded enclosure does not degrade to unacceptable levels is required.
8.51.5.9. Treat power, signal, and utility penetrations through the shield to block and remove conducted compromising emanations.
8.51.5.10. Within the shielded enclosure, run all RED signal wire lines and power lines in electrical metallic tubing.
8.51.5.11. Do not install cryptographic equipment in the shielded enclosure.
8.51.5.12. Do not install radio equipment in the shielded enclosure.
8.51.6. Alternatives. The alternatives to shielding RED equipment are to apply all the required countermeasures identified in the applicable countermeasures review attachment.
8.52. Countermeasure - Telephone Systems. Telephones are an acoustic threat and are under the purview of the Air Force Office of Special Investigations. Telephone security requirements are addressed in AFI 33-220, On-Hook Telephone Security, and AFMAN 33-274, On-Hook Telephone Security Guidelines.
8.52.1. What The Problem Is. Compromising emanations are produced in RED equipment as a result of state changes in electronic circuits and current flow in traces and wires. When RED equipment is placed on a metal desk, bench, shelf, or cabinet, these become fortuitous conductors. They can conduct compromising emanations to a telephone instrument sitting on the same metal desk, bench, shelf, or cabinet. The telephone instrument can couple the compromising emanations to the telephone line. The problem is compromising emanations can escape control if the telephone lines exit the inspectable space.8.52.2. What The Countermeasure Is. The countermeasure is to not place the telephone instrument on the same metal desk, bench, shelf, or cabinet as the RED equipment.
8.52.3. What The Countermeasure Does. The countermeasure prevents coupling compromising emanations from RED equipment to a BLACK signal wire line via a telephone instrument and a fortuitous conductor.
8.52.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines, are controlled. Normally, this countermeasure is not needed if the line distance of BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
8.52.5. How To Apply The Countermeasure. Do not place the telephone instrument on the same metal desk, bench, shelf, or cabinet as the RED equipment.
8.52.6. Alternative. The alternative to not placing the telephone instrument on the same metal desk, bench, shelf, or cabinet as the RED equipment is to use a BLACK signal wire line isolation countermeasure.
8.53. Countermeasure - Intercom and Public Address Systems.
8.53.1. What The Problem Is. There are several sources of compromising emanations. Compromising emanations are produced in RED equipment as a result of state changes in electronic circuits and current flow in traces and wires. Compromising emanations are produced around RED signal wire lines as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, the RED signal wire line acts as a transmitting antenna. When equipment processes information, it can create noise that may appear on the equipment's power cord; in the case of RED equipment, these may be compromising emanations. The speakers and the wire lines of intercom and public address systems can act as receiving antennas and pick up compromising emanations from nearby RED equipment, RED signal lines, and RED power lines, and feed them back into the amplifier rebroadcasting them through the system and conducting them on the BLACK power cord. The problem is compromising emanations can escape control if the speaker lines or the power lines leave the inspectable space.8.53.2. What The Countermeasure Is. The countermeasure is to contain the intercom or public address system within the inspectable space or, when not completely contained within the inspectable space, apply additional countermeasures.
8.53.3. What The Countermeasure Does. Containing the intercom or public address system within the inspectable space prevents the escape of compromising emanations.
8.53.4. When The Countermeasure Is Not Needed. This countermeasure is not needed if the means of escape, that is, BLACK signal wire lines, are controlled. Normally, this countermeasure is not needed if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
8.53.5. How To Apply The Countermeasure.
8.53.5.1. Most wireless systems use simple antennas and low power transmitters; therefore, their operating range is limited. However, an adversary can use a high-gain antenna and pick up the signals at a much greater distance; on the order of one thousand times greater. Therefore, because the signal goes beyond the inspectable space, a wireless intercom or public address system is prohibited.8.53.5.2. When it is necessary to extend the intercom or public address system beyond the inspectable space, use BLACK signal wire line isolation countermeasures on the lines leaving the inspectable space.
8.53.5.3. The amplifiers of an intercom or public address system can pick up compromising emanations. To preclude this, separate the amplifiers from RED equipment or enclose the amplifiers in metal containers.
8.53.6. Alternatives. There are no alternatives.
8.54. Countermeasure - Local Area Networks.
8.54.1. What The Problem Is. There are several sources of compromising emanations. Compromising emanations are produced in RED equipment as a result of state changes in electronic circuits and current flow in traces and wires. Compromising emanations are produced around RED signal wire lines as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, the RED signal wire line acts as a transmitting antenna. When equipment processes information, it can create noise that may appear on the equipment's power cord; in the case of RED equipment, these may be compromising emanations.8.54.1.1. The BLACK equipment and BLACK signal wire lines of unclassified local area networks can act as receiving antennas and pick up compromising emanations from nearby RED equipment, RED signal lines, and RED power lines. The problem is compromising emanations may be conducted on the BLACK signal wire lines of the unclassified local area network and escape the inspectable space.8.54.1.2. The RED equipment and RED signal wire lines of classified local area networks can radiate compromising emanations that can be picked up by nearby BLACK equipment, BLACK signal wire lines, BLACK power lines, BLACK signal ground wires, and fortuitous conductors. The problem is compromising emanations may be conducted on the BLACK signal wire lines and BLACK power lines and escape the inspectable space.
8.54.2. What The Countermeasure Is. The countermeasure is to use selected RED and BLACK (equipment, signal wire lines, power lines, signal ground wires, and fortuitous conductors) separation countermeasures or their alternatives that are identified in the appropriate countermeasures review attachment.
8.54.3. What The Countermeasure Does. Applying selected RED and BLACK separation countermeasures, or their alternatives, prevents the escape of compromising emanations.
8.54.4. When The Countermeasure Is Not Needed. These countermeasures are not needed if the means of escape, that is, BLACK signal wire lines and BLACK power lines, are controlled. Normally, these countermeasures are not needed if:
8.54.4.1. The line distance of BLACK signal wire lines connected to BLACK equipment from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or the BLACK signal lines are fiber optic, and,8.54.4.2. BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.54.5. How To Apply The Countermeasure.
8.54.5.1. Unclassified Local Area Networks. These networks are used to transfer unclassified information. Treat these networks as BLACK equipment and BLACK signal wire lines. Follow the requirements in the appropriate attachment for the countermeasures review.8.54.5.2. Classified Local Area Networks. These networks are used to transfer classified national security information. Treat these networks as RED equipment and RED signal wire lines.
8.54.5.2.1. If the classified local area network is wholly contained within a controlled access area, treat the equipment and signal lines as RED equipment and RED signal wire lines. Follow the guidance in the appropriate attachment for the countermeasures review.8.54.5.2.2. If the classified local area network is not wholly contained within a controlled access area, the cabling between controlled access areas must be secured. Secure the cabling by: (1) Encryption devices, (2) An approved intrusion detection optical carrier system, (3) Using a courier, or, (4) A protected distribution system. AFSSI 3030, Protected Distribution Systems, contains guidance for constructing protected distribution systems.
8.54.6. Alternatives. The alternatives are those listed for the countermeasures used.
8.55. Countermeasure - Comfort Music Systems.
8.55.1. What The Problem Is. There are several sources of compromising emanations. Compromising emanations are produced in RED equipment as a result of state changes in electronic circuits and current flow in traces and wires. Compromising emanations are produced around RED signal wire lines as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, the RED signal wire line acts as a transmitting antenna. When equipment processes information, it can create noise that may appear on the equipment's power cord; in the case of RED equipment, these may be compromising emanations. The speakers and wire lines of comfort music systems can act as receiving antennas and pick up compromising emanations from nearby RED equipment, RED signal lines, and RED power lines. One of the problems is, compromising emanations can escape control if the wire lines exit the inspectable space. Another problem is, the compromising emanations can be fed back to the amplifier and conducted beyond the inspectable space on the amplifier's power cord.8.55.2. What The Countermeasure Is. The countermeasure is to use selected RED and BLACK (equipment, signal wire lines, power lines, signal ground wires, and fortuitous conductors) separation countermeasures or their alternatives that are identified in the appropriate countermeasures review attachment.
8.55.3. What The Countermeasure Does. Applying selected RED and BLACK separation countermeasures, or their alternatives, prevents the escape of compromising emanations.
8.55.4. When The Countermeasure Is Not Needed. These countermeasures are not needed if the means of escape, that is, speaker wire lines and BLACK power lines, are controlled. Normally, these countermeasures are not needed if:
8.55.4.1. The music system is contained within the inspectable space, and,8.55.4.2. BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
8.55.5. How To Apply The Countermeasure. There are two types of comfort music systems, those that use a radio receiver and those that do not. Follow the requirements in the appropriate attachment for the countermeasures review.
8.55.6. Alternatives. The alternatives are those listed for the countermeasures used.
8.56. Countermeasure - Cable Television Systems.
8.56.1. What The Problem Is. There are several sources of compromising emanations. Compromising emanations are produced in RED equipment as a result of state changes in electronic circuits and current flow in traces and wires. Compromising emanations are produced around RED signal wire lines as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, the RED signal wire line acts as a transmitting antenna. When equipment processes information, it can create noise that may appear on the equipment's power cord; in the case of RED equipment, these may be compromising emanations. Cable television poses two problems; the cable is a direct line to the outside world, and the television receiver itself.8.56.2. What The Countermeasure Is. The countermeasure is to use selected RED and BLACK (equipment, signal wire lines, power lines, signal ground wires, and fortuitous conductors) separation countermeasures or their alternatives that are identified in the appropriate countermeasures review attachment and a special BLACK signal wire line isolation countermeasure.
8.56.3. What The Countermeasure Does. Applying selected RED and BLACK separation countermeasures, or their alternatives, and a special BLACK signal wire line isolation countermeasure prevents the escape of compromising emanations.
8.56.4. When The Countermeasure Is Not Needed. These countermeasures are not needed if the means of escape, that is, the television signal cable, are controlled. Normally, these countermeasures are not needed if the cable television system is contained within the inspectable space.
8.56.5. How To Apply The Countermeasure. It is best not to use these systems; however, where deemed necessary, take precautions to lessen the risk of the system becoming an escape medium for compromising emanations. Apply the RED and BLACK separation countermeasures and apply the special signal wire line isolation countermeasure identified in the appropriate countermeasure review attachment.
8.56.6. Alternatives. The alternatives are those listed for the countermeasures used.
8.57. Countermeasure - Television-Video Cassette Recorder Systems.
8.57.1. What The Problem Is. There are several sources of compromising emanations. Compromising emanations are produced in RED equipment as a result of state changes in electronic circuits and current flow in traces and wires. Compromising emanations are produced around RED signal wire lines as a result of current flow in the wire generating a magnetic field that produces an electromagnetic wave; in other words, the RED signal wire line acts as a transmitting antenna. When equipment processes information, it can create noise that may appear on the equipment's power cord; in the case of RED equipment, these may be compromising emanations. Television-video cassette recorder systems pose a unique problem; the video cassette recorder can record compromising emanations during play-back through the bias head.8.57.2. What The Countermeasure Is. The countermeasure is to separate the television-video cassette recorder system as identified in the appropriate countermeasures review attachment and implement security procedures for the cassette tapes.
8.57.3. What The Countermeasure Does. Separating the television-video cassette recorder system from RED equipment, signal wire lines, and power lines prevents compromising emanations from being recorded. Applying security procedures for the cassette tapes prevents the escape of compromising emanations.
8.57.4. When The Countermeasure Is Not Needed. These countermeasures are not needed if the means of escape, that is, recording compromising emanations on the cassette tape, are controlled. Forbidding the removal of cassette tapes or degaussing them prevents the escape of compromising emanations.
8.57.5. How To Apply The Countermeasure. It is best not to use these systems near RED equipment, signal wire lines, and power lines; however, where deemed necessary, take precautions to lessen the risk of the system becoming an escape medium for compromising emanations. Apply the countermeasures identified in the appropriate countermeasure review attachment.
8.57.6. Alternatives. Forbid the removal of video cassette tapes unless they are degaussed.
8.58. Secure Telephone Unit-III. Generally, a STU-III is considered a BLACK telephone and treated as such. However, when a facsimile machine, personal computer, or other device that will process classified national security information, is connected to the secure digital data port, then include the STU-III in the EMSEC assessment of the whole system. Follow the guidance of Chapter 4.
8.59. Timing and Control Lines Installation Guidance. Wire lines which carry timing or control signals and which interface directly between BLACK equipment in the BLACK equipment area and RED equipment in the RED equipment area, without using a cryptographic equipment as an interface, do not require the use of a filter or isolator unless TEMPEST tests reveal the presence of compromising emanations beyond the inspectable space.
8.59.1. Install the filter or isolation device, if used, close to the RED equipment in the RED equipment area.8.59.2. Use separate line driver circuits to connect the outputs from a common isolator for timing and control signals to the RED side of cryptographic-equipment and RED equipment to reduce the chances of compromising emanations appearing on these lines.
8.59.3. Ground filters and isolators to the nearest appropriate RED or BLACK signal grounds.
8.60. Utility Control Cables. Install utility control cables associated with fire detection, fire alarm, air conditioning, and similar control and warning systems within the inspectable space in separate distribution facilities. The cables must have one overall shield if they are located within approximately 1 meter of the RED processor. Ground the shield to BLACK signal ground wire. Filtering utility control cables is not required if the entire run of lines is within the inspectable space, they are enclosed in metallic distribution facilities, and the control and detection equipment cannot serve as transducers. Isolate these lines if EMSEC tests show that compromising emanations are recoverable beyond the inspectable space.
8.61. Operating and Maintenance Practices.
8.61.1. Operating Procedures. Although conscientious application of certain operating procedures can help to reduce the compromising emanations hazard, it does not provide a safe substitute for good physical security and the appropriate countermeasures identified for the facility, system, or equipment.8.61.1.1. Operate equipment with doors closed and covers in place to reduce the distance compromising emanations may travel.8.61.1.2. Operate multiple processors simultaneously whenever possible to increase the ambient noise level and mask some of the emanations possibly carrying classified national security information. This is an aid but not a solution.
8.61.1.3. Process infrequently processed classified national security information when activity and the ambient noise level is highest. This is normally during daytime working hours.
8.61.2. Maintenance Practices. Proper and timely maintenance practices are essential to an emanation-control program. Voids in this area may negate other countermeasures due to the degeneration of equipment components or actual malfunctions. Consult Chapter 6 for maintenance guidance.
8.62. Control of RED Equipment. In the best of all worlds, RED equipment is kept under continuous control during shipping, storage, installation, operation, and maintenance; in other words, cradle-to-grave. Such control would make it very difficult for hostile intelligence agents to make unauthorized modifications (for example, transmitting devices) which may go undetected. This is especially true for TEMPEST-certified equipment that are intended to process classified national security information. National, DoD, and Air Force managers understand that this control is highly desirable but acknowledge that it is too costly and not currently feasible. However, apply some controls, where feasible and cost effective. At this time, the decision is left to the user and IP office to find a workable method to provide a degree of control that is felt adequate and affordable for the situation. In fact, there are some situations, particularly in locations outside the United States, its trust territories, and possessions, where control of the equipment during maintenance is an operational security requirement. Chapter 6 contains transportation and handling controls for equipment that processes classified national security information.
DONALD W. SOLANO, Lt Col, USAF
Chief, Information Protection Branch
Air Force Communications and Information Center
GLOSSARY OF TERMS AND SUPPORTING INFORMATION
References
AFI 31-501, Personnel Security Program Management
AFI 32-1065, Grounding Systems
AFI 33-203, Emission Security
AFI 33-220, On-Hook Telephone Security
AFMAN 33-272 (S), Classifying Communications Security, TEMPEST, and C4 Systems Security Research and Development Information (U)
AFMAN 33-274, On-Hook Telephone Security Guidelines
AFSSI 3030, Protected Distribution Systems
AFSSI 7010 (S), Emission Security Assessments (U)
Executive Order 12958, Classified National Security Information, May 17, 1995
Federal Communications Commission Regulation, Part 15, Subpart J
National Electric Code, Article 250-5(d)
NSTISSAM TEMPEST/1-92 (C), Compromising Emanations Laboratory Test Requirements, Electromagnetics (U)
NSTISSAM TEMPEST/1-95, Shielded Enclosures
Acronyms and Abbreviations
AFCOMSEC Air Force Communications Security
AFI Air Force Instruction
AFMAN Air Force Manual
AFSSI Air Force Systems Security Instruction
AFSSM Air Force Systems Security Memorandum
AWG American Wire Gauge
COMPUSEC Computer Security
COMSEC Communications Security
CSO Communications and Information Systems Officer
CTTA Certified TEMPEST Technical Authority
dB decibel
EMSEC Emission Security
IBR Intrabase Radio
IP Information Protection
kb Kilobit or Kilobyte
LAN Local Area Network
LMR Land Mobile Radio
MAJCOM Major Command
MHz Megahertz
NSI National Security Information
NSTISSAM National Security Telecommunications and Information Systems Security Advisory Memorandum
REA RED Equipment Area.
SCI Sensitive Compartmented Information
SPECAT Special Category
STU-III Secure Telephone Unit III
TZAIPE TEMPEST Zone Assignment for Information Processing Equipment
VCR Video Cassette Recorder
Terms
BLACK--Designation applied to telecommunications and automated information systems, and to associated areas, circuits, components, equipment, and wire lines in which only unclassified signals are processed.
BLACK Line--Any line in which only unclassified or enciphered signals are carried.
BLACK Signal--Any signal (for example, enciphered signal or control signal) that would not divulge national security information if recovered and analyzed.
Certified TEMPEST Technical Authority (CTTA)--An experienced, technically qualified government employee who has met established certification requirements according to National Security Telecommunications and Information Systems Security Committee-approved criteria and is appointed by a United States Government department or agency to fulfill CTTA responsibilities.
Compromising Emanation--Unintentional signal that, if intercepted and analyzed, would disclose the information transferred, received, handled, or otherwise processed by any information-processing equipment.
Controlled Access Area (CAA)--The area under direct physical control where persons without a need to know are denied access to classified national security information and systems containing classified national security information.
Countermeasures--1. That form of military science that, by the employment of devices and/or techniques, has as its objective the impairment of the operational effectiveness of enemy activity. 2. Any action, device, procedure, technique, or other means that reduces the vulnerability of an automated information system.
Countermeasures Review--A technical evaluation of a facility to identify the inspectable space, the required countermeasures, and the most cost-effective way to apply required countermeasures.
Emanation--Unintended signals or noise appearing external to an equipment.
Emission Security (EMSEC)--The protection resulting from all measures taken to deny unauthorized persons information of value that is derived from intercept and analysis of compromising emanations from crypto-equipment, automated information systems, and telecommunications systems.
Emission Security (EMSEC) Assessment--An evaluation of a facility to determine the need for EMSEC.
Emission Security (EMSEC) Countermeasures Review--A review of a facility to determine needed countermeasures.
Equipment Radiation TEMPEST Zone--A zone established as a result of determined or known equipment radiation TEMPEST characteristics. The zone includes all space within which a successful hostile intercept of compromising emanations is considered possible.
Facility--1. A real-property entity consisting of one or more of the following: a building, a structure, a utility system, pavement, and underlying land. 2. A physically definable area that contains classified national security information-processing equipment.
Fortuitous Conductor--Any conductor that may provide an unintended path for compromising emanations. Fortuitous conductors include cables, wires, pipes, conduits, ducts, and structural metal work in the vicinity of RED equipment.
Hazard--A measure of both the existence and the compromising nature of an emanation. Hazards exist if and only if compromising emanations are detectable beyond the inspectable space.
HIJACK--The definition of HIJACK is classified (see AFSSI 7010).
Inspectable Space--The three-dimensional space surrounding equipment that processes classified or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify or remove a potential TEMPEST exploitation exists.
Line Conduction--Unintentional signals or noise induced or conducted on a telecommunications or automated information system signal, power, control, indicator, or other external interface line.
National Security Information (NSI)--Information determined, pursuant to Executive Order 12958, Classified National Security Information, May 17, 1995, or any predecessor order, to require protection against unauthorized disclosure, and is so designated.
NONSTOP--The definition of NONSTOP is classified (see AFSSI 7010).
Radiated Signal--Electromagnetic or acoustic emissions of undesired signal data that are propagated through space.
Radiation--Signals emanating from an equipment that appear as either electromagnetic fields or as spatial longitudinal waves. These include induction field, magnetic field, electric field, and acoustic waves.
RED--Designation applied to telecommunications and automated information systems, plus associated areas, circuits, components, equipment, and wire lines that require protection during electrical transmission when classified plain text signals are being processed.
RED and BLACK Concept--Separation of electrical and electronic circuits, components, equipment, and systems that handle classified plain text (RED) information in electrical signal form from those which handle unclassified (BLACK) information in the same form.
RED Line--Any line in which classified or unencyphered signals are carried.
RED Signal--Telecommunication or automated information system signal that would divulge classified national security information if recovered and analyzed. RED signals are plain text, key, subkey, initial fill, control, or traffic flow related information.
Special Category Information (SPECAT)--The definition of SPECAT is classified (see AFSSI 7010).
TEMPEST--Short name referring to the investigation, study, and control of compromising emanations from telecommunications and automated information systems equipment.
TEMPEST-Certified Equipment--Systems or equipment that were certified within the requirements of the effective edition of NSTISSAM TEMPEST/1-92 (C), Level I.
TEMPEST Profile--An indication of the nature and amplitude of radiated or conducted signals containing compromising emanations escaping from the equipment.
GENERIC ZONE ASSIGMENTS
A2.1. This Generic Zone Assignments (GZA) table is a conversion
of the generic guidance developed and included in the TEMPEST Profile Data
List (TPDL).
Table A2.1. Generic Zone Assignments.
EQUIPMENT ZONE EQUIPMENT ZONE EQUIPMENT ZONE
Audio B Disk Drive B Tablet B
Intercom B Facsimile B Tape Drive B
System B Fiber Optics A Teletype B
Transcriber B Keyboard B Television B
Calculator B LAN B Test Equipment B
Card Punch B Monitor B Receiver B
Communications B Color B Transmission B
Adapter B Large Screen C Converter B
Controller B Monochrome B Modem B
Demodulator B Mouse A Multiplexer B
Handset B Network B Repeater C
Interface B Optical Reader B Typewriter B
Synchronizer B Paper Punch A Electronic B
Computer Card B Paper Reader B Magnetic B
Computer C Phototypesetter B Memory B
CPU B Printer B Van B
Laptop D Band B Verifier B
Main B Dot Matrix B Video B
Micro C Ink Jet B Amplifier D
Mini B Laser B Camera B
Server A Line B Disk Player B
Terminal C Letter Quality B Player B
Work Station B Page B Processor C
Word Processing System C Plotter B Projector C
COMSEC A Thermal C Recorder B
Auxiliary B Slide Maker D Scanner C
Mixer B Switch B
Secure Device A AB Switch B
Secure Phone A Digital A
Copier B Switchboard B
Digitizer B Video B
FACILITY ZONE A, EQUIPMENT ZONE A
A3.1. Introduction. This attachment addresses the following conditions:
A3.1.1. Facilities: Assigned Zone A, or less than 20 meters of inspectable space.A3.1.2. Equipment: Assigned Zone A, or the equipment radiation TEMPEST zone is equal to 1 meter or less, or meets NSTISSAM TEMPEST/1-92 (C), Level I, standards.
A3.2. Countermeasure Application.
A3.2.1. Apply each required countermeasure unless the threat at which the countermeasure is aimed does not exist. Explain why each required countermeasure not selected was not selected. A waiver is not needed for any deselected required countermeasure since the requirement for protection has been met.A3.2.2. Do not apply a consider countermeasure unless the threat at which the countermeasure is aimed does exist. Explain why a not-required (consider) countermeasure was selected.
A3.2.3. A description of each countermeasure and its purpose is in Chapter 8.
A3.2.4. For existing facilities, when countermeasures involving BLACK equipment, BLACK signal wire lines, BLACK power lines, and fortuitous conductors cannot be met, the user may request an EMSEC test to determine if the countermeasures are needed.
A3.3. RED Equipment and BLACK Equipment Separation. This countermeasure is required if BLACK equipment has signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A3.3.1. Separate, by 0.5 meters, RED equipment from BLACK equipment.A3.3.2. The separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A3.3.3. Do not place the RED equipment on the same metal desk, bench, shelf, or cabinet as BLACK equipment.
A3.3.4. If the user cannot achieve the required separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A3.4. RED Equipment and BLACK Signal Wire Line Separation. This countermeasure is required for BLACK signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A3.4.1. Separate, by 0.5 meters, RED equipment from BLACK signal wire lines.A3.4.2. The separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A3.4.3. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A3.5. RED Equipment and BLACK Power Line Separation. This countermeasure is required unless the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A3.5.1. Separate, by 0.5 meters, RED equipment from BLACK power lines.A3.5.2. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A3.6. RED Equipment and Fortuitous Conductor Separation. This countermeasure is required for fortuitous conductors that exit the inspectable space.
A3.6.1. Separate, by 0.5 meters, RED equipment from fortuitous conductors.A3.6.2. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A3.7. RED Signal Wire Line and BLACK Signal Wire Line Separation. This countermeasure is required if BLACK signal wire lines exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A3.7.1. Separate, by 5 centimeters, RED signal wire lines from BLACK signal wire lines.A3.7.2. When RED and BLACK signal wire lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A3.7.3. Do not place RED and BLACK signal wire lines in a common distribution facility. It is permitted to use a common distribution facility for RED and BLACK fiber optic signal lines provided:
A3.7.3.1. Either the BLACK or the RED fiber optic signal lines in a RED distribution facility must have an opaque sheath. BLACK fiber optic signal lines should not have metallic stiffeners or sheaths. If they do, treat the stiffeners or sheaths as fortuitous conductors and ground both ends of the stiffeners or sheaths if the BLACK fiber optic signal lines leave the inspectable space.A3.7.3.2. Separate RED fiber optic signal lines in BLACK distribution facilities from the distribution facility before the distribution facility exits the inspectable space.
A3.7.3.3. Using multifiber bundle for both RED and BLACK signals is not recommended. If used, an opaque partition between the RED and BLACK fibers is required. Maintain total accountability of all fibers to preclude compromise through misconnection.
A3.8. RED Signal Wire Line and BLACK Power Line Separation. This countermeasure is required unless the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A3.8.1. Separate, by 5 centimeters, RED signal wire lines from BLACK power lines.A3.8.2. When RED signal wire lines and BLACK power lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A3.9. Shielded RED Signal Wire Lines. This countermeasure is required.
A3.9.1. For TEMPEST-Certified Equipment. RED equipment meeting the requirements of NSTISSAM TEMPEST/1-92 (C), Level I, must use optical or shielded wire cables if specified as part of the manufacturer's installation specification or if specified for compliance with TEMPEST certification.A3.9.2. For Non-TEMPEST-Certified Equipment. Shield and insulate RED signal wire lines according to Attachment 15 that contains specifications for shielded cables. If the application of this countermeasure is based on a concern for fortuitous conductors, restrict it to the possibility the fortuitous conductors are "electrically in common" with both the RED and BLACK signal wire lines. "Electrically in common" means those fortuitous conductors that run within 15 centimeters and parallel to a RED signal wire line for at least 2 meters and then run within 15 centimeters and parallel to a BLACK signal wire line for at least 2 meters.
A3.10. Administrative Communications Countermeasures. These countermeasures are required.
A3.10.1. Telephone Systems. Do not place the telephone instrument on the same metal desk, bench, shelf, or cabinet as the RED equipment.A3.10.2. Local Area Networks.
A3.10.2.1. Separate RED equipment from local area network equipment and signal wire lines as required for RED equipment and BLACK equipment and signal wire lines in this attachment.A3.10.2.2. Separate RED signal wire lines from local area network signal wire lines as required for RED signal wire lines and BLACK signal wire lines in this attachment.
A3.10.3. Comfort Music Systems. Use paragraph A12.3. Separate, by 2 meters, the tape player from RED equipment.
A3.10.4. Cable Television Systems. Use paragraph A12.4.
A3.10.4.1. Separate, by 2 meters, the television set from RED equipment.A3.10.4.2. Separate, by 1 meter, video cables from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
A3.10.4.3. Separate, by 2 meters, active splitters or amplifiers from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires. NOTE: When making the countermeasures review, be more inclined to select the following "consider" countermeasures if the inspectable space is less than 8 meters.
A3.10.5. Television-Video Cassette Recorder Systems. Use paragraph A12.5.
A3.10.5.1. Separate, by 2 meters, the television-video cassette recorder system from RED equipment.A3.10.5.2. Separate, by 1 meter, video cables from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
A3.10.5.3. Separate, by 1 meter, the BLACK power cord from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
NOTE: When making the countermeasures review, be more inclined to select the "consider" countermeasures in paragraphs A3.11 and A3.12 if the inspectable space is less than 8 meters.
A3.11. RED Signal Wire Line and Fortuitous Conductor Separation. Consider applying this countermeasure if fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED signal wire lines from fortuitous conductors.
A3.12. RED Signal Wire Line and BLACK Equipment Separation. Consider applying this countermeasure if BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 0.5 meters, RED signal wire lines from BLACK equipment.
FACILITY ZONE B, EQUIPMENT ZONE A
A4.1. Introduction. This attachment addresses the following conditions:
A4.1.1. Facilities: Assigned Zone B, or more than 20 meters but less than 100 meters of inspectable space.A4.1.2. Equipment: Assigned Zone A, or the equipment radiation TEMPEST zone equal to 1 meter or less; or meets NSTISSAM TEMPEST/1-92 (C), Level I, standards.
A4.2. Countermeasure Application.
A4.2.1. Apply each required countermeasure unless the threat at which the countermeasure is aimed does not exist. Explain why each required countermeasure not selected was not selected. A waiver is not needed for any deselected required countermeasure since the requirement for protection has been met.A4.2.2. Do not apply a consider countermeasure unless the threat at which the countermeasure is aimed does exist. Explain why a not-required (consider) countermeasure was selected.
A4.2.3. A description of each countermeasure and its purpose is in Chapter 8.
A4.2.4. For existing facilities, when countermeasures involving BLACK equipment, BLACK signal wire lines, BLACK power lines, and fortuitous conductors cannot be met, the user may request an EMSEC test to determine if countermeasures are needed.
A4.3. RED Equipment and BLACK Equipment Separation. This countermeasure is required if BLACK signal wire lines connected to the BLACK equipment exit the inspectable space.
A4.3.1. Do not place the RED equipment on the same metal desk, bench, shelf, or cabinet as BLACK equipment.
A4.4. RED Equipment and BLACK Signal Wire Line Separation. This countermeasure is required for BLACK signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A4.4.1. Separate, by 0.5 meters, RED equipment from BLACK signal wire lines.A4.4.2. The separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A4.4.3. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A4.5. RED Equipment and BLACK Power Line Separation. This countermeasure is required unless the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A4.5.1. Separate, by 0.5 meters, RED equipment from BLACK power lines.A4.5.2. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A4.6. RED Signal Wire Line and BLACK Signal Wire Line Separation. This countermeasure is required if BLACK signal wire lines exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A4.6.1. Separate, by 5 centimeters, RED signal wire lines from BLACK signal wire lines.A4.6.2. When RED and BLACK signal wire lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A4.6.3. Do not place RED and BLACK signal wire lines in a common distribution facility. It is permitted to use a common distribution facility for RED and BLACK fiber optic signal lines provided:
A4.6.3.1. Either the BLACK or the RED fiber optic signal lines in a RED distribution facility must have an opaque sheath. BLACK fiber optic signal lines should not have metallic stiffeners or sheaths. If they do, treat the stiffeners or sheaths as fortuitous conductors and ground both ends of the stiffeners or sheaths if the BLACK fiber optic signal lines leave the inspectable space.A4.6.3.2. Separate RED fiber optic signal lines in BLACK distribution facilities from the distribution facility before the distribution facility exits the inspectable space.
A4.6.3.3. Using multifiber bundle for both RED and BLACK signals is not recommended. If used, an opaque partition between the RED and BLACK fibers is required. Maintain total accountability of all fibers to preclude compromise through misconnection.
A4.7. RED Signal Wire Line and BLACK Power Line Separation. This countermeasure is required unless the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A4.7.1. Separate, by 5 centimeters, RED signal wire lines from BLACK power lines.A4.7.2. When RED signal wire lines and BLACK power lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A4.8. Shielded RED Signal Wire Lines. This countermeasure is required for RED equipment meeting the requirements of NSTISSAM TEMPEST/1-92 (C), Level I, which must use optical or shielded wire cables if specified as part of the manufacturer's installation specification or if specified for compliance with TEMPEST certification.
A4.9. Administrative Communications Countermeasures. These countermeasures are required.
A4.9.1. Telephone Systems. Do not place the telephone instrument on the same metal desk, bench, shelf, or cabinet as the RED equipment.A4.9.2. Local Area Networks.
A4.9.2.1. Separate RED equipment from local area network equipment and signal wire lines as required for RED equipment and BLACK equipment and signal wire lines in this attachment.A4.9.2.2. Separate RED signal wire lines from local area network signal wire lines as required for RED signal wire lines and BLACK signal wire lines in this attachment.
A4.9.3. Comfort Music Systems. Separate, by 2 meters, the tape player from RED equipment or audio tapes brought in and played may not leave the facility or degauss the tapes before removal. There are no separation or control requirements for compact disk players. The decision to allow tapes into the facility is made by the security manager for the facility.
A4.9.4. Television-Video Cassette Recorder Systems. Separate, by 2 meters, the television-video cassette recorder system from RED equipment or video tapes brought in and played may not leave the facility or degauss the tapes before removal. The decision to allow tapes into the facility is made by the security manager for the facility.
A4.10. RED Equipment and BLACK Equipment Separation. Consider applying this countermeasure if BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic.
A4.10.1. If selected, separate, by 0.5 meters, RED equipment from BLACK equipment.A4.10.2. If selected, the separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A4.10.3. If selected, and if the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A4.11. RED Signal Wire Line and Fortuitous Conductor Separation. Consider applying this countermeasure if fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED signal wire lines from fortuitous conductors.
A4.12. RED Signal Wire Line and BLACK Equipment Separation. Consider applying this countermeasure if BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 0.5 meters, RED signal wire lines from BLACK equipment.
FACILITY ZONE C, EQUIPMENT ZONE A
A5.1. Introduction. This attachment addresses the following conditions:
A5.1.1. Facilities: Assigned Zone C, or more than 100 meters of inspectable space.A5.1.2. Equipment: Assigned Zone A, or the equipment radiation TEMPEST zone equal to 1 meter or less; or meets NSTISSAM TEMPEST/1-92 (C), Level I, standards.
A5.2. Countermeasure Application.
A5.2.1. Apply each required countermeasure unless the threat at which the countermeasure is aimed does not exist. Explain why each required countermeasure not selected was not selected. A waiver is not needed for any deselected required countermeasure since the requirement for protection has been met.A5.2.2. Do not apply each consider countermeasure unless the threat at which the countermeasure is aimed does exist. Explain why a not-required (consider) countermeasure was selected.
A5.2.3. A description of each countermeasure and its purpose is in Chapter 8.
A5.2.4. For existing facilities, when countermeasures involving BLACK equipment, BLACK signal wire lines, BLACK power lines, and fortuitous conductors cannot be met, the user may request an EMSEC test to determine if countermeasures are needed.
A5.3. RED Equipment and BLACK Equipment Separation. This countermeasure is required if BLACK equipment has signal wire lines that exit the inspectable space.
A5.3.1. Do not place the RED equipment on the same metal desk, bench, shelf, or cabinet as BLACK equipment.
A5.4. RED Equipment and BLACK Signal Wire Line Separation. This countermeasure is required for BLACK signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A5.4.1. Separate, by 0.5 meters, RED equipment from BLACK signal wire lines.A5.4.2. The separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A5.4.3. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A5.5. RED Signal Wire Line and BLACK Signal Wire Line Separation. This countermeasure is required if BLACK signal wire lines exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A5.5.1. Separate, by 5 centimeters, RED signal wire lines from BLACK signal wire lines.A5.5.2. When RED and BLACK signal wire lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A5.5.3. Do not place RED and BLACK signal wire lines in a common distribution facility. It is permitted to use a common distribution facility for RED and BLACK fiber optic signal lines provided:
A5.5.3.1. Either the BLACK or the RED fiber optic signal lines in a RED distribution facility must have an opaque sheath. BLACK fiber optic signal lines should not have metallic stiffeners or sheaths. If they do, treat the stiffeners or sheaths as fortuitous conductors and ground both ends of the stiffeners or sheaths if the BLACK fiber optic signal lines leave the inspectable space.A5.5.3.2. Separate RED fiber optic signal lines in BLACK distribution facilities from the distribution facility before the distribution facility exits the inspectable space.
A5.5.3.3. Using multifiber bundle for both RED and BLACK signals is not recommended. If used, an opaque partition between the RED and BLACK fibers is required. Maintain total accountability of all fibers to preclude compromise through misconnection.
A5.6. Shielded RED Signal Wire Lines. This countermeasure is required for RED equipment meeting the requirements of NSTISSAM TEMPEST/1-92 (C), Level I, which must use optical or shielded wire cables if specified as part of the manufacturer's installation specification or if specified for compliance with TEMPEST certification.
A5.7. Administrative Communications Countermeasures. These countermeasures are required:
A5.7.1. Telephone Systems. Do not place the telephone instrument on the same metal desk, bench, shelf, or cabinet as the RED equipment.A5.7.2. Local Area Networks.
A5.7.2.1. Separate RED equipment from local area network equipment and signal wire lines as required for RED equipment and BLACK equipment and signal wire lines in this attachment.A5.7.2.2. Separate RED signal wire lines from local area network signal wire lines as required for RED signal wire lines and BLACK signal wire lines in this attachment.
A5.7.3. Comfort Music Systems. Separate, by 2 meters, the tape player from RED equipment or audio tapes brought in and played may not leave the facility or degauss the tapes before removal. There are no separation or control requirements for compact disk players. The decision to allow tapes into the facility is made by the security manager for the facility.
A5.7.4. Television-Video Cassette Recorder Systems. Separate, by 2 meters, the television-video cassette recorder system from RED equipment or video tapes brought in and played may not leave the facility or degauss the tapes before removal. The decision to allow tapes into the facility is made by the security manager for the facility.
A5.8. RED Equipment and BLACK Equipment Separation. Consider applying this countermeasure if BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic.
A5.8.1. If selected, separate, by 0.5 meters, RED equipment from BLACK equipment.A5.8.2. If selected, the separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A5.8.3. If selected, and if the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A5.9. RED Signal Wire Line and BLACK Equipment Separation. Consider applying this countermeasure if BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 0.5 meters, RED signal wire lines from BLACK equipment.
FACILITY ZONE A, EQUIPMENT ZONE B
A6.1. Introduction. This attachment addresses the following conditions:
A6.1.1. Facilities: Assigned Zone A, or less than 20 meters of inspectable space.A6.1.2. Equipment: Assigned Zone B,; or the equipment radiation TEMPEST zone of more than 1 meter but less than 20 meters; or meets NSTISSAM TEMPEST/1-92 (C), Level II, standards.
NOTE: This installation may cause TEMPEST hazards. If the facility is TEMPEST-zoned and using TEMPEST-zoned equipment, contact the CTTA to evaluate the actual TEMPEST zone test results for the equipment and the facility to determine if using the equipment in the facility is possible.
A6.2. Countermeasure Application.
A6.2.1. Apply each required countermeasure unless the threat at which the countermeasure is aimed does not exist. Explain why each required countermeasure not selected was not selected. A waiver is not needed for any deselected required countermeasure since the requirement for protection has been met.A6.2.2. Do not apply each consider countermeasure unless the threat at which the countermeasure is aimed does exist. Explain why a not-required (consider) countermeasure was selected.
A6.2.3. A description of each countermeasure and its purpose is in Chapter 8.
A6.2.4. For existing facilities, when countermeasures involving BLACK equipment, BLACK signal wire lines, BLACK power lines, and fortuitous conductors cannot be met, the user may request an EMSEC test to determine if countermeasures are needed.
A6.3. RED Equipment and BLACK Equipment Separation. This countermeasure is required if BLACK equipment has signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A6.3.1. Separate, by 1 meter, RED equipment from BLACK equipment.A6.3.2. The separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A6.3.3. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A6.3.4. Do not place the RED equipment on the same metal desk, bench, shelf, or cabinet as BLACK equipment.
A6.4. RED Equipment and BLACK Signal Wire Line Separation. This countermeasure is required for BLACK signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A6.4.1. Separate, by 1 meter, RED equipment from BLACK signal wire lines.A6.4.2. The separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A6.4.3. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A6.5. RED Equipment and BLACK Power Line Separation. This countermeasure is required unless the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A6.5.1. Separate, by 1 meter, RED equipment from BLACK power lines.A6.5.2. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A6.6. RED Equipment and Fortuitous Conductor Separation. This countermeasure is required for fortuitous conductors that exit the inspectable space.
A6.6.1. Separate, by 1 meter, RED equipment from fortuitous conductors.A6.6.2. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure and isolate fortuitous conductors.
A6.7. RED Signal Wire Line and BLACK Signal Wire Line Separation. This countermeasure is required if BLACK signal wire lines exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A6.7.1. Separate, by 5 centimeters, RED signal wire lines from BLACK signal wire lines.A6.7.2. When RED and BLACK signal wire lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A6.7.3. Do not place RED and BLACK signal wire lines in a common distribution facility. It is permitted to use a common distribution facility for RED and BLACK fiber optic signal lines provided:
A6.7.3.1. Either the BLACK or the RED fiber optic signal lines in a RED distribution facility must have an opaque sheath. BLACK fiber optic signal lines should not have metallic stiffeners or sheaths. If they do, treat the stiffeners or sheaths as fortuitous conductors and ground both ends of the stiffeners or sheaths if the BLACK fiber optic signal lines leave the controlled access area.A6.7.3.2. Separate RED fiber optic signal lines in BLACK distribution facilities from the distribution facility before the distribution facility exits the inspectable space.
A6.7.3.3. Using multifiber bundle for both RED and BLACK signals is not recommended. If used, an opaque partition between the RED and BLACK fibers is required. Maintain total accountability of all fibers to preclude compromise through misconnection.
A6.8. RED Signal Wire Line and BLACK Power Line Separation. This countermeasure is required unless the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A6.8.1. Separate, by 5 centimeters, RED signal wire lines from BLACK power lines.A6.8.2. When RED signal wire lines and BLACK power lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A6.9. Shielded RED Signal Wire Lines. This countermeasure is required.
A6.9.1. For TEMPEST-Certified Equipment. RED equipment meeting the requirements of NSTISSAM TEMPEST/1-92 (C), Level I, must use optical or shielded wire cables if specified as part of the manufacturer's installation specification or if specified for compliance with TEMPEST certification.A6.9.2. For Non-TEMPEST-Certified Equipment. Shield and insulate RED signal wire lines according to Attachment 15 that contains specifications for shielded cables. If the application of this countermeasure is based on a concern for fortuitous conductors, restrict it to the possibility the fortuitous conductors are "electrically in common" with both the RED and BLACK signal wire lines. "Electrically in common" means those fortuitous conductors that run within 15 centimeters and parallel to a RED signal wire line for at least 2 meters and then run within 15 centimeters and parallel to a BLACK signal wire line for at least 2 meters.
A6.10. RED Power. This countermeasure is required if the facility contains BLACK equipment with signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic.
A6.10.1. Do not power TEMPEST-certified, cryptographic (unless required in technical manuals), or BLACK equipment from a RED power circuit.
A6.11. Filtered RED Power. This countermeasure is required unless the power lines feeding the RED power circuit are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A6.11.1. Do not power TEMPEST-certified, cryptographic (unless required in technical manuals), or BLACK equipment from a filtered RED power circuit.
A6.12. Administrative Communications Countermeasures. These countermeasures are required:
A6.12.1. Telephone Systems. Do not place the telephone instrument on the same metal desk, bench, shelf, or cabinet as the RED equipment.A6.12.2. Intercom and Public Address Systems. Use paragraph A12.2.
A6.12.3. Local Area Networks.
A6.12.3.1. Separate RED equipment from local area network equipment and signal wire lines as required for RED equipment and BLACK equipment and signal wire lines in this attachment.A6.12.3.2. Separate RED signal wire lines from local area network signal wire lines as required for RED signal wire lines and BLACK signal wire lines in this attachment.
A6.12.4. Comfort Music Systems. Use paragraph A12.3. Separate, by 5 meters, the tape player from RED equipment.
A6.12.5. Cable Television Systems. Use paragraph A12.4.
A6.12.5.1. Separate, by 2 meters, the television set from RED equipment.A6.12.5.2. Separate, by 2 meters, video cables from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
A6.12.5.3. Separate, by 2 meters, active splitters or amplifiers from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
A6.12.6. Television-Video Cassette Recorder Systems. Use paragraph A12.5.
A6.12.6.1. Separate, by 5 meters, the television-video cassette recorder system from RED equipment.A6.12.6.2. Separate, by 2 meters, video cables from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
A6.12.6.3. Separate, by 2 meters, the BLACK power cord from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
NOTE: When making the countermeasures review, be more inclined to select the "consider" countermeasures in paragraphs A6.13 through A6.33 if the inspectable space is less than 8 meters.
A6.13. RED Equipment and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if BLACK signal ground is selected. If selected, separate, by 1 meter, RED equipment from BLACK signal ground wires. The separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A6.14. RED Signal Wire Line and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if BLACK signal ground is selected. If selected, separate, by 5 centimeters, RED signal wire lines from BLACK signal ground wires.
A6.15. RED Signal Wire Line and Fortuitous Conductor Separation. Consider applying this countermeasure if fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED signal wire lines from fortuitous conductors.
A6.16. RED Signal Wire Line and BLACK Equipment Separation. Consider applying this countermeasure if BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 1 meter, RED signal wire lines from BLACK equipment.
A6.17. Shielded BLACK Signal Wire Lines. Consider applying this countermeasure when BLACK signal wire lines are not separated by the required distance from RED equipment, RED signal wire lines, RED power lines, or fortuitous conductors. Attachment 15 contains specifications for shielded cables.
A6.17.1. If selected, and if the application of this countermeasure is based on a concern for fortuitous conductors, restrict it to the possibility the fortuitous conductor is "electrically in common" with both the RED and BLACK signal wire lines. By "electrically in common," we mean, those fortuitous conductors that run within 15 centimeters and parallel to a RED signal wire line for at least 2 meters and then run within 15 centimeters and parallel to a BLACK signal wire line for at least 2 meters.A6.17.2. This countermeasure is not needed if there is at least 1 meter separation between a parallel RED signal wire line and a BLACK signal wire line or a common fortuitous conductor run.
A6.18. RED Power Line and BLACK Equipment Separation. Consider applying this countermeasure if RED power is selected and BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 1 meter, RED power lines from BLACK equipment.
A6.19. RED Power Line and BLACK Signal Wire Line Separation. Consider applying this countermeasure if RED power is selected and BLACK signal wire lines exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 1 meter, RED power lines from BLACK signal wire lines.
A6.20. RED Power Line and BLACK Power Line Separation. Consider applying this countermeasure if RED power is selected. Do not select this countermeasure if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 1 meter, RED power lines from BLACK power lines.
A6.21. RED Power Line and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if RED power and BLACK signal ground are selected. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 1 meter, RED power lines from BLACK signal ground wires.
A6.22. RED Power Line and Fortuitous Conductor Separation. Consider applying this countermeasure if RED power is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED power lines from fortuitous conductors.
A6.23. RED Signal Ground. Consider applying this countermeasure if RED equipment needs a signal ground, RED power filters are installed, cryptographic equipment is installed in facility, or RED signal wire lines are shielded.
A6.23.1. Do not select this countermeasure if less than 5 RED equipment are installed.A6.23.2. Do not select this countermeasure if RED equipment is not installed within a 300 square meter area.
A6.23.3. Do not select this countermeasure if the facility is completely contained within the inspectable space.
A6.24. BLACK Signal Ground. Consider applying this countermeasure if BLACK signal wire line filters or cryptographic equipment is installed in the facility or BLACK signal wire lines are shielded.
A6.24.1. Do not select this countermeasure if less than 5 RED equipment are installed.A6.24.2. Do not select this countermeasure if RED equipment is not installed within a 300 square meter area.
A6.24.3. Do not select this countermeasure if the facility is completely contained within the inspectable space.
A6.24.4. Do not use BLACK signal ground as the signal ground for BLACK equipment; BLACK signal ground carries compromising emanations.
A6.25. RED Signal Ground Wire and BLACK Equipment Separation. Consider applying this countermeasure if a RED signal ground is selected and BLACK equipment has signal wire lines which exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 1 meter, RED signal ground wires from BLACK equipment.
A6.26. RED Signal Ground Wire and BLACK Signal Wire Line Separation. Consider applying this countermeasure if a RED signal ground is selected and BLACK signal wire lines exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 1 meter, RED signal ground wires from BLACK signal wire lines.
A6.27. RED Signal Ground Wire and BLACK Power Line Separation. Consider applying this countermeasure if a RED signal ground is selected. Do not select this countermeasures if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 1 meter, RED signal ground wires from BLACK power lines.
A6.28. RED Signal Ground Wire and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if RED and BLACK signal grounds are selected. If selected, separate, by 1 meter, RED signal ground wires from BLACK signal ground wires.
A6.29. RED Signal Ground Wire and Fortuitous Conductor Separation. Consider applying this countermeasure if RED signal ground is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 1 meter, RED signal ground wires from fortuitous conductor.
A6.30. BLACK Signal Ground Wire and BLACK Equipment Separation. Consider applying this countermeasure if BLACK signal ground is selected. If selected, separate, by 1 meter, BLACK signal ground wires from BLACK equipment.
A6.31. BLACK Signal Ground Wire and BLACK Signal Wire Line Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 5 centimeters, BLACK signal ground wires from BLACK signal wire lines.
A6.32. BLACK Signal Ground Wire and BLACK Power Line Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, BLACK signal ground wires from BLACK power lines.
A6.33. BLACK Signal Ground Wire and Fortuitous Conductor Separation. Consider applying this countermeasure if BLACK signal ground is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 1 meter, BLACK signal ground wires from fortuitous conductors.
FACILITY ZONE B, EQUIPMENT ZONE B
A7.1. Introduction. This attachment addresses the following conditions:
A7.1.1. Facilities: Assigned Zone B, or more than 20 meters but less than 100 meters of inspectable space.A7.1.2. Equipment: Assigned Zone B, or the equipment radiation TEMPEST zone equal to 1 to 20 meters, or meets NSTISSAM TEMPEST/1-92 (C), Level II, standards.
A7.2. Countermeasure Application.
A7.2.1. Apply each required countermeasure unless the threat at which the countermeasure is aimed does not exist. Explain why each required countermeasure not selected was not selected. A waiver is not needed for any deselected required countermeasure since the requirement for protection has been met.A7.2.2. Do not apply each consider countermeasure unless the threat at which the countermeasure is aimed does exist. Explain why a not-required (consider) countermeasure was selected.
A7.2.3. A description of each countermeasure and its purpose is in Chapter 8.
A7.2.4. For existing facilities, when countermeasures involving BLACK equipment, BLACK signal wire lines, BLACK power lines, and fortuitous conductors cannot be met, the user may request an EMSEC test to determine if countermeasures are needed.
A7.3. RED Equipment and BLACK Equipment Separation. This countermeasure is required if BLACK equipment has signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A7.3.1. Separate, by 0.5 meters, RED equipment from BLACK equipment.A7.3.2. The separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A7.3.3. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A7.3.4. Do not place the RED equipment on the same metal desk, bench, shelf, or cabinet as BLACK equipment.
A7.4. RED Equipment and BLACK Signal Wire Line Separation. This countermeasure is required for BLACK signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A7.4.1. Separate, by 0.5 meters, RED equipment from BLACK signal wire lines.A7.4.2. The separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A7.4.3. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A7.5. RED Equipment and BLACK Power Line Separation. This countermeasure is required unless the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A7.5.1. Separate, by 0.5 meters, RED equipment from BLACK power lines.A7.5.2. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A7.6. RED Signal Wire Line and BLACK Signal Wire Line Separation. This countermeasure is required if BLACK signal wire lines exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A7.6.1. Separate, by 5 centimeters, RED signal wire lines from BLACK signal wire lines.A7.6.2. When RED and BLACK signal wire lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A7.6.3. Do not place RED and BLACK signal wire lines in a common distribution facility. It is permitted to use a common distribution facility for RED and BLACK fiber optic signal lines provided:
A7.6.3.1. Either the BLACK or the RED fiber optic signal lines in a RED distribution facility must have an opaque sheath. BLACK fiber optic signal lines should not have metallic stiffeners or sheaths. If they do, treat the stiffeners or sheaths as fortuitous conductors and ground both ends of the stiffeners or sheaths if the BLACK fiber optic signal lines leave the inspectable space.A7.6.3.2. Separate RED fiber optic signal lines in BLACK distribution facilities from the distribution facility before the distribution facility exits the inspectable space.
A7.6.3.3. Using multifiber bundle for both RED and BLACK signals is not recommended. If used, an opaque partition between the RED and BLACK fibers is required. Maintain total accountability of all fibers to preclude compromise through misconnection.
A7.7. RED Signal Wire Line and BLACK Power Line Separation. This countermeasure is required unless the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A7.7.1. Separate, by 5 centimeters, RED signal wire lines from BLACK power lines.A7.7.2. When RED signal wire lines and BLACK power lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A7.8. Shielded RED Signal Wire Lines. This countermeasure is required for RED equipment meeting the requirements of NSTISSAM TEMPEST/1-92 (C), Level I, which must use optical or shielded wire cables if specified as part of the manufacturer's installation specification or if specified for compliance with TEMPEST certification.
A7.9. RED Power. This countermeasure is required if the facility contains BLACK equipment with signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic.
A7.9.1. Do not power TEMPEST-certified, cryptographic (unless required in technical manuals), or BLACK equipment from a RED power circuit.
A7.10. Administrative Communications Countermeasures. These countermeasures are required.
A7.10.1. Telephone Systems. Do not place the telephone instrument on the same metal desk, bench, shelf, or cabinet as the RED equipment.A7.10.2. Local Area Networks.
A7.10.2.1. Separate RED equipment from local area network equipment and signal wire lines as required for RED equipment and BLACK equipment and signal wire lines in this attachment.A7.10.2.2. Separate RED signal wire lines from local area network signal wire lines as required for RED signal wire lines and BLACK signal wire lines in this attachment.
A7.10.3. Comfort Music Systems. Separate, by 5 meters, the tape player from RED equipment or audio tapes brought in and played may not leave the facility or degauss the tapes before removal. There are no separation or control requirements for compact disk players. The decision to allow tapes into the facility is made by the security manager for the facility.
A7.10.4. Television-Video Cassette Recorder Systems. Separate, by 5 meters, the television-video cassette recorder system from RED equipment or video tapes brought in and played may not leave the facility or degauss the tapes before removal. The decision to allow tapes into the facility is made by the security manager for the facility.
A7.11. RED Equipment and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if BLACK signal wire lines are shielded or filtered. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 0.5 meters, RED equipment from BLACK signal ground wires. If selected, the separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A7.12. RED Signal Wire Line and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if BLACK signal wire lines are shielded or filtered. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 5 centimeters, RED signal wire lines from BLACK signal ground wires.
A7.13. RED Signal Wire Line and Fortuitous Conductor Separation. Consider applying this countermeasure if fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED signal wire lines from fortuitous conductors.
A7.14. RED Signal Wire Line and BLACK Equipment Separation. Consider applying this countermeasure if BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 0.5 meters, RED signal wire lines from BLACK equipment.
A7.15. Shielded BLACK Signal Wire Lines. Consider applying this countermeasure when BLACK signal wire lines are not separated by the required distance from RED equipment, RED signal wire lines, RED power lines, or fortuitous conductors. Attachment 15 contains specifications for shielded cables.
A7.15.1. If selected, and if the application of this countermeasure is based on a concern for fortuitous conductors, restrict it to the possibility the fortuitous conductor is "electrically in common" with both the RED and BLACK signal wire lines. By "electrically in common," we mean, those fortuitous conductors that run within 15 centimeters and parallel to a RED signal wire line for at least 2 meters and then run within 15 centimeters and parallel to a BLACK signal wire line for at least 2 meters.A7.15.2. This countermeasure is not needed if there is at least 1 meter separation between a parallel RED signal wire line and a BLACK signal wire line or a common fortuitous conductor run.
A7.16. Filtered RED Power. Consider applying this countermeasure if RED power is required. Do not select this countermeasure if the power lines feeding the RED power circuit are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A7.16.1. If selected, do not power TEMPEST-certified, cryptographic (unless required in technical manuals), or BLACK equipment from a filtered RED power circuit.
A7.17. RED Power Line and BLACK Equipment Separation. Consider applying this countermeasure if RED power is selected and BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 0.5 meters, RED power lines from BLACK equipment.
A7.18. RED Power Line and BLACK Signal Wire Line Separation. Consider applying this countermeasure if RED power is selected and BLACK signal wire lines exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 5 centimeters, RED power lines from BLACK signal wire lines.
A7.19. RED Power Line and BLACK Power Line Separation. Consider applying this countermeasure if RED power is selected. Do not select this countermeasure if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, RED power lines from BLACK power lines.
A7.20. RED Power Line and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if RED power and BLACK signal ground are selected. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 5 centimeters, RED power lines from BLACK signal ground wires.
A7.21. RED Power Line and Fortuitous Conductor Separation. Consider applying this countermeasure if RED power is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED power lines from fortuitous conductors.
A7.22. RED Signal Ground. Consider applying this countermeasure if RED equipment needs a signal ground, RED power filters are installed, cryptographic equipment is installed in the facility, or RED signal wire lines are shielded.
A7.22.1. Do not select this countermeasure if less than 5 RED equipment are installed.A7.22.2. Do not select this countermeasure if RED equipment is not installed within a 300 square meter area.
A7.22.3. Do not select this countermeasure if the facility is completely contained within the inspectable space.
A7.23. BLACK Signal Ground. Consider applying this countermeasure if BLACK signal wire line filters or cryptographic equipment is installed in the facility or BLACK signal wire lines are shielded.
A7.23.1. Do not select this countermeasure if less than 5 RED equipment are installed.A7.23.2. Do not select this countermeasure if RED equipment is not installed within a 300 square meter area.
A7.23.3. Do not select this countermeasure if the facility is completely contained within the inspectable space.
A7.23.4. Do not use BLACK signal ground as the signal ground for BLACK equipment; BLACK signal ground carries compromising emanations.
A7.24. RED Signal Ground Wire and BLACK Equipment Separation. Consider applying this countermeasure if a RED signal ground is selected and BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 0.5 meters, RED signal ground wires from BLACK equipment.
A7.25. RED Signal Ground Wire and BLACK Signal Wire Line Separation. Consider applying this countermeasure if a RED signal ground is selected and BLACK signal wire lines exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 5 centimeters, RED signal ground wires from BLACK signal wire lines.
A7.26. RED Signal Ground Wire and BLACK Power Line Separation. Consider applying this countermeasure if a RED signal ground is selected. Do not select this countermeasure if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, RED signal ground wires from BLACK power lines.
A7.27. RED Signal Ground Wire and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if RED and BLACK signal ground are selected. If selected, separate, by 5 centimeters, RED signal ground wires from BLACK signal ground wires.
A7.28. RED Signal Ground Wire and Fortuitous Conductor Separation. Consider applying this countermeasure if a RED signal ground is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED signal ground wires from fortuitous conductors.
A7.29. BLACK Signal Ground Wire and BLACK Equipment Separation. Consider applying this countermeasure if BLACK signal ground is selected. If selected, separate, by 0.5 meters, BLACK signal ground wires from BLACK equipment.
A7.30. BLACK Signal Ground Wire and BLACK Signal Wire Line Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 5 centimeters, BLACK signal ground wires from BLACK signal wire lines.
A7.31. BLACK Signal Ground Wire and BLACK Power Line Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, BLACK signal ground wires from BLACK power lines.
A7.32. BLACK Signal Ground Wire and Fortuitous Conductor Separation. Consider applying this countermeasure if BLACK signal ground is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, BLACK signal ground wires from fortuitous conductors.
A7.33. Administrative Communications Countermeasures. Consider applying these countermeasures.
A7.33.1.. Intercom and Public Address Systems. If selected, use paragraph A12.2.A7.33.2. Comfort Music Systems. If selected, use paragraph A12.3.
A7.33.3. Cable Television Systems. If selected, use paragraph A12.4. When selected:
A7.33.3.1. Separate, by 2 meters, the television set from RED equipment.A7.33.3.2. Separate, by 1 meter, video cables from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
A7.33.3.3. Separate, by 2 meters, active splitters or amplifiers from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
A7.33.4. Television-Video Cassette Recorder Systems. If selected, use paragraph A12.5. When selected:
A7.33.4.1. Separate, by 5 meters, video cables from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.A7.33.4.2. Separate, by 5 meters, the BLACK power cord from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
FACILITY ZONE C, EQUIPMENT ZONE B
A8.1. Introduction. This attachment addresses the following conditions:
A8.1.1. Facilities: Assigned Zone C, or more than 100 meters of inspectable space.A8.1.2. Equipment: Assigned Zone B, or the equipment radiation TEMPEST zone equal to 1 to 20 meters, or meets NSTISSAM TEMPEST/1-92 (C), Level II, standards.
A8.2. Countermeasure Application.
A8.2.1. Apply each required countermeasure unless the threat at which the countermeasure is aimed does not exist. Explain why each required countermeasure not selected was not selected. A waiver is not needed for any deselected required countermeasure since the requirement for protection has been met.A8.2.2. Do not apply each consider countermeasure unless the threat at which the countermeasure is aimed does exist. Explain why a not-required (consider) countermeasure was selected.
A8.2.3. A description of each countermeasure and its purpose is in Chapter 8.
A8.2.4. For existing facilities, when countermeasures involving BLACK equipment, BLACK signal wire lines, BLACK power lines, and fortuitous conductors cannot be met, the user may request an EMSEC test to determine if countermeasures are needed.
A8.3. RED Equipment and BLACK Equipment Separation. This countermeasure is required if BLACK signal wire lines connected to the BLACK equipment exit the inspectable space.
A8.3.1. Do not place the RED equipment on the same metal desk, bench, shelf, or cabinet as BLACK equipment.
A8.4. RED Equipment and BLACK Signal Wire Line Separation. This countermeasure is required if BLACK signal wire lines exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A8.4.1. Separate, by 0.5 meters, RED equipment from BLACK signal wire lines.
A8.4.2. The separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.A8.4.3. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A8.5. RED Equipment and BLACK Power Line Separation. This countermeasure is required unless the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A8.5.1. Separate, by 0.5 meters, RED equipment from BLACK power lines.A8.5.2. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A8.6. Shielded RED Signal Wire Lines. This countermeasure is required for RED equipment meeting the requirements of NSTISSAM TEMPEST/1-92 (C), Level I, which must use optical or shielded wire cables if specified as part of the manufacturer's installation specification or if specified for compliance with TEMPEST certification.
A8.7. RED Power. This countermeasure is required if the facility contains BLACK equipment with signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic.
A8.7.1. Do not power TEMPEST-certified, cryptographic (unless required in technical manuals), or BLACK equipment from a RED power circuit.
A8.8. Administrative Communications Countermeasures. These countermeasures are required.
A8.8.1. Telephone Systems. Do not place the telephone instrument on the same metal desk, bench, shelf, or cabinet as the RED equipment.A8.8.2. Comfort Music Systems. Separate, by 5 meters, the tape player from the RED equipment or audio tapes brought in and played may not leave the facility or degauss the tapes before removal. There are no separation or control requirements for compact disk players. The decision to allow tapes into the facility is made by the security manager for the facility.
A8.8.3. Television-Video Cassette Recorder Systems. Separate, by 5 meters, the television-video cassette recorder system from RED equipment or video tapes brought in and played may not leave the facility or degauss the tapes before removal. The decision to allow tapes into the facility is made by the security manager for the facility.
A8.9. RED Equipment and BLACK Equipment Separation. Consider applying this countermeasure if BLACK signal wire lines connected to the BLACK equipment exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic.
A8.9.1. If selected, separate, by 0.5 meters, RED equipment from BLACK equipment.A8.9.2. If selected, the separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A8.9.3. If selected, and if the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A8.10. RED Signal Wire Line and BLACK Signal Wire Line Separation. Consider applying this countermeasure if BLACK signal wire lines exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A8.10.1. If selected, separate, by 5 centimeters, RED signal wire lines from BLACK signal wire lines.A8.10.2. If selected, when RED and BLACK signal wire lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A8.10.3. If selected, do not place RED and BLACK signal wire lines in a common distribution facility. It is permitted to use a common distribution facility for RED and BLACK fiber optic signal lines provided:
A8.10.3.1. Either the BLACK or the RED fiber optic signal lines in a RED distribution facility must have an opaque sheath. BLACK fiber optic signal lines should not have metallic stiffeners or sheaths. If they do, treat the stiffeners or sheaths as fortuitous conductors and ground both ends of the stiffeners or sheaths if the BLACK fiber optic signal lines leave the inspectable space.A8.10.3.2. Separate RED fiber optic signal lines in BLACK distribution facilities from the distribution facility before the distribution facility exits the controlled access area.
A8.10.3.3. Using multifiber bundle for both RED and BLACK signals is not recommended. If selected, an opaque partition between the RED and BLACK fibers is required. Maintain total accountability of all fibers to preclude compromise through misconnection.
A8.11. RED Signal Wire Line and BLACK Power Line Separation. Consider applying this countermeasure. This countermeasure is not needed if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, RED signal wire lines from BLACK power lines. If selected, when RED signal wire lines and BLACK power lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A8.12. RED Signal Wire Line and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 5 centimeters, RED signal wire lines from BLACK signal ground wires.
A8.13. RED Signal Wire Line and Fortuitous Conductor Separation. Consider applying this countermeasure if fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED signal wire lines from fortuitous conductors.
A8.14. RED Signal Wire Line and BLACK Equipment Separation. Consider applying this countermeasure if BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 0.5 meters, RED signal wire lines from BLACK equipment.
A8.15. Filtered RED Power. Consider applying this countermeasure if RED power is required. Do not select this countermeasure if the power lines feeding the RED power circuit are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A8.15.1. If selected, do not power TEMPEST-certified, cryptographic (unless required in technical manuals), or BLACK equipment from a filtered RED power circuit.
A8.16. RED Power Line and BLACK Equipment Separation. Consider applying this countermeasure if RED power is selected and BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 0.5 meters, RED power lines from BLACK equipment.
A8.17. RED Power Line and BLACK Signal Wire Line Separation. Consider applying this countermeasure if RED power is selected and BLACK signal wire lines exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 5 centimeters, RED power lines from BLACK signal wire lines.
A8.18. RED Power Line and BLACK Power Line Separation. Consider applying this countermeasure if RED power is selected. This countermeasure is not needed if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, RED power lines from BLACK power lines.
A8.19. RED Power Line and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if RED power and BLACK signal ground are selected. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 5 centimeters, RED power lines from BLACK signal ground wires.
A8.20. RED Power Line and Fortuitous Conductor Separation. Consider applying this countermeasure if RED power is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED power lines from fortuitous conductors.
A8.21. RED Signal Ground. Consider applying this countermeasure if RED equipment needs a signal ground, RED power filters are installed, cryptographic equipment is installed in facility, or RED signal wire lines are shielded.
A8.21.1. Do not select this countermeasure if less than 5 RED equipment are installed.A8.21.2. Do not select this countermeasure if RED equipment is not installed within a 300 square meter area.
A8.21.3. Do not select this countermeasure if the facility is completely contained within the inspectable space.
A8.22. BLACK Signal Ground. Consider applying this countermeasure if BLACK signal wire line filters or cryptographic equipment is installed in the facility or BLACK signal wire lines are shielded.
A8.22.1. Do not select this countermeasure if less than 5 RED equipment are installed.A8.22.2. Do not select this countermeasure if RED equipment is not installed within a 300 square meter area.
A8.22.3. Do not select this countermeasure if the facility is completely contained within the inspectable space.
A8.22.4. Do not use BLACK signal ground as the signal ground for BLACK equipment; BLACK signal ground carries compromising emanations.
A8.23. RED Signal Ground Wire and BLACK Equipment Separation. Consider applying this countermeasure if a RED signal ground is selected and BLACK equipment has signal wire lines which exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 0.5 meters, RED signal ground wires from BLACK equipment.
A8.24. RED Signal Ground Wire and BLACK Signal Wire Line Separation. Consider applying this countermeasure if a RED signal ground is selected and BLACK signal wire lines exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 5 centimeters, RED signal ground wires from BLACK signal wire lines.
A8.25. RED Signal Ground Wire and BLACK Power Line Separation. Consider applying this countermeasure if a RED signal ground is selected. Do not select this countermeasure if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, RED signal ground wires from BLACK power lines.
A8.26. RED Signal Ground Wire and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if RED and BLACK signal grounds are selected. If selected, separate, by 5 centimeters, RED signal ground wires from BLACK signal ground wires.
A8.27. RED Signal Ground Wire and Fortuitous Conductor Separation. Consider applying this countermeasure if a RED signal ground is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED signal ground wires from fortuitous conductors.
A8.28. BLACK Signal Ground Wire and BLACK Equipment Separation. Consider applying this countermeasure if BLACK signal ground is selected. If selected, separate, by 5 centimeters, BLACK signal ground wires from BLACK equipment.
A8.29. BLACK Signal Ground Wire and BLACK Signal Wire Line Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 5 centimeters, BLACK signal ground wires from BLACK signal wire lines.
A8.30. BLACK Signal Ground Wire and BLACK Power Line Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, BLACK signal ground wires from BLACK power lines.
A8.31. BLACK Signal Ground Wire and Fortuitous Conductor Separation. Consider applying this countermeasure if BLACK signal ground is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 15 centimeters, BLACK signal ground wires from fortuitous conductors.
FACILITY ZONE A, EQUIPMENT ZONE C
A9.1. Introduction. This attachment addresses the following conditions:
A9.1.1. Facilities: Assigned Zone A, or less than 20 meters of inspectable space.A9.1.2. Equipment: Assigned Zone C, or the equipment radiation TEMPEST zone more than 20 meters but less than 100 meters, or meets NSTISSAM TEMPEST/1-92 (C), Level III, standards, or all other RED equipment.
NOTE: This installation may cause serious TEMPEST hazards. If the facility is TEMPEST-zoned and using TEMPEST-zoned equipment, contact the CTTA to evaluate the actual TEMPEST zone test results for the equipment and the facility to determine if using the equipment in the facility is possible.
A9.2. Countermeasure Application.
A9.2.1. Apply each required countermeasure unless the threat at which the countermeasure is aimed does not exist. Explain why each required countermeasure not selected was not selected. A waiver is not needed for any deselected required countermeasure since the requirement for protection has been met.A9.2.2. Do not apply each consider countermeasure unless the threat at which the countermeasure is aimed does exist. Explain why a not-required (consider) countermeasure was selected.
A9.2.3. A description of each countermeasure and its purpose is in Chapter 8.
A9.2.4. For existing facilities, when countermeasures involving BLACK equipment, BLACK signal wire lines, BLACK power lines, and fortuitous conductors cannot be met, the user may request an EMSEC test to determine if countermeasures are needed.
A9.3. RED Equipment and BLACK Equipment Separation. This countermeasure is required if BLACK equipment has signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A9.3.1. Separate, by 1 meter, RED equipment from BLACK equipment.A9.3.2. The separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A9.3.3. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A9.3.4. Do not place the RED equipment on the same metal desk, bench, shelf, or cabinet as BLACK equipment.
A9.4. RED Equipment and BLACK Signal Wire Line Separation. This countermeasure is required for BLACK signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A9.4.1. Separate, by 1 meter, RED equipment from BLACK signal wire lines.A9.4.2. The separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A9.4.3. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A9.5. RED Equipment and BLACK Power Line Separation. This countermeasure is required unless the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A9.5.1. Separate, by 1 meter, RED equipment from BLACK power lines.A9.5.2. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A9.6. RED Equipment and Fortuitous Conductor Separation. This countermeasure is required for fortuitous conductors that exit the inspectable space.
A9.6.1. Separate, by 1 meter, RED equipment from fortuitous conductors.A9.6.2. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A9.7. RED Signal Wire Line and BLACK Signal Wire Line Separation. This countermeasure is required if BLACK signal wire lines exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A9.7.1. Separate, by 5 centimeters, RED signal wire lines from BLACK signal wire lines.A9.7.2. When RED and BLACK signal wire lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A9.7.3. Do not place RED and BLACK signal wire lines in a common distribution facility. It is permitted to use a common distribution facility for RED and BLACK fiber optic signal lines provided:
A9.7.3.1. Either the BLACK or the RED fiber optic signal lines in a RED distribution facility must have an opaque sheath. BLACK fiber optic signal lines should not have metallic stiffeners or sheaths. If they do, treat the stiffeners or sheaths as fortuitous conductors and ground both ends of the stiffeners or sheaths if the BLACK fiber optic signal lines leave the inspectable space.A9.7.3.2. Separate RED fiber optic signal lines in BLACK distribution facilities from the distribution facility before the distribution facility exits the controlled access area.
A9.7.3.3. Using multifiber bundle for both RED and BLACK signals is not recommended. If used, an opaque partition between the RED and BLACK fibers is required. Maintain total accountability of all fibers to preclude compromise through misconnection.
A9.8. RED Signal Wire Line and BLACK Power Line Separation. This countermeasure is required unless the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A9.8.1. Separate, by 5 centimeters, RED signal wire lines from BLACK power lines.A9.8.2. When RED signal wire lines and BLACK power lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A9.9. Shielded RED Signal Wire Lines. This countermeasure is required.
A9.9.1. For TEMPEST-Certified Equipment. RED equipment meeting the requirements of NSTISSAM TEMPEST/1-92 (C), Level I, must use optical or shielded wire cables if specified as part of the manufacturer's installation specification or if specified for compliance with TEMPEST certification.A9.9.2. For Non-TEMPEST-Certified Equipment. Shield and insulate RED signal wire lines according to Attachment 15 that contains specifications for shielded cables. If the application of this countermeasure is based on a concern for fortuitous conductors, restrict it to the possibility the fortuitous conductors are "electrically in common" with both the RED and BLACK signal wire lines. "Electrically in common" means those fortuitous conductors that run within 15 centimeters and parallel to a RED signal wire line for at least 2 meters and then run within 15 centimeters and parallel to a BLACK signal wire line for at least 2 meters.
A9.10. RED Power. This countermeasure is required if the facility contains BLACK equipment with signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic.
A9.10.1. Do not power TEMPEST-certified, cryptographic (unless required in technical manuals), or BLACK equipment from a RED power circuit.
A9.11. Filtered RED Power. This countermeasure is required unless the power lines feeding the RED power circuit are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A9.11.1. Do not power TEMPEST-certified, cryptographic (unless required in technical manuals), or BLACK equipment from a filtered RED power circuit.
A9.12. Administrative Communications Countermeasures. These countermeasures are required.
A9.12.1. Telephone Systems. Do not place the telephone instrument on the same metal desk, bench, shelf, or cabinet as the RED equipment.A9.12.2. Intercom and Public Address Systems. Use paragraph A12.2.
A9.12.3. Local Area Networks.
A9.12.3.1. Separate RED equipment from local area network equipment and signal wire lines as required for RED equipment and BLACK equipment and signal wire lines in this attachment.A9.12.3.2. Separate RED signal wire lines from local area network signal wire lines as required for RED signal wire lines and BLACK signal wire lines in this attachment.
A9.12.4. Comfort Music Systems. Use paragraph A12.3. Separate, by 10 meters, the tape player from Zone C RED equipment, (20 meters from Zone D RED equipment).
A9.12.5. Cable Television Systems. Use paragraph A12.4.
A9.12.5.1. Separate, by 3 meters, the television set from RED equipment.A9.12.5.2. Separate, by 2 meters, video cables from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
A9.12.5.3. Separate, by 2 meters, active splitters or amplifiers from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
A9.12.6. Television-Video Cassette Recorder Systems. Use paragraph A12.5.
A9.12.6.1. Separate, by 10 meters, the television-video cassette recorder system from Zone C RED equipment (20 meters from Zone D RED equipment).A9.12.6.2. Separate, by 5 meters, video cables from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
A9.12.6.3. Separate, by 5 meters, the BLACK power cord from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
NOTE: When making the countermeasures review, be more conscientious in requiring the "consider" countermeasures in paragraphs A9.13 through A9.33 if the inspectable space is less than 8 meters.
A9.13. RED Signal Ground. Consider applying this countermeasure if RED equipment needs a signal ground, RED power filters or cryptographic equipment are installed in the facility, or RED signal wire lines are shielded.
A9.13.1. Do not select this countermeasure if less than 5 RED equipment are installed.A9.13.2. Do not select this countermeasure if RED equipment is not installed within a 300 square meter area.
A9.13.3. Do not select this countermeasure if the facility is completely contained within the inspectable space.
A9.14. BLACK Signal Ground. Consider applying this countermeasure if BLACK signal wire line filters or cryptographic equipment are installed in the facility or BLACK signal wire lines are shielded.
A9.14.1. Do not select this countermeasure if less than 5 RED equipment are installed.A9.14.2. Do not select this countermeasure if RED equipment is not installed within a 300 square meter area.
A9.14.3. Do not select this countermeasure if the facility is completely contained within the inspectable space.
A9.14.4. Do not use BLACK signal ground as the signal ground for BLACK equipment; BLACK signal ground carries compromising emanations.
A9.15. RED Equipment and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 1 meter, RED equipment from BLACK signal ground wires. If selected, the separation distance is reduced if a BLACK signal wire line isolation countermeasure is used.
A9.16. RED Signal Wire Line and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 5 centimeters, RED signal wire lines from BLACK signal ground wires.
A9.17. RED Signal Wire Line and Fortuitous Conductor Separation. Consider applying this countermeasure if fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED signal wire lines from fortuitous conductors.
A9.18. RED Signal Wire Line and BLACK Equipment Separation. Consider applying this countermeasure if BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 1 meter, RED signal wire lines from BLACK equipment.
A9.19. Shielded BLACK Signal Wire Lines. Consider applying this countermeasure when BLACK signal wire lines are not separated by the required distance from RED equipment, RED signal wire lines, RED power lines, or fortuitous conductors. Attachment 15 contains specifications for shielded cables.
A9.19.1. If the application of this countermeasure is based on a concern for fortuitous conductors, restrict it to the possibility the fortuitous conductor is "electrically in common" with both the RED and BLACK signal wire lines. By "electrically in common," we mean, those fortuitous conductors that run within 15 centimeters and parallel to a RED signal wire line for at least 2 meters and then run within 15 centimeters and parallel to a BLACK signal wire line for at least 2 meters.A9.19.2. This countermeasure is not needed if there is at least 1 meter separation between a parallel RED signal wire line and a BLACK signal wire line or a common fortuitous conductor run.
A9.20. RED Power Line and BLACK Equipment Separation. Consider applying this countermeasure if RED power is selected and BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 1 meter, RED power lines from BLACK equipment.
A9.21. RED Power Line and BLACK Signal Wire Line Separation. Consider applying this countermeasure if RED power is selected and BLACK signal wire lines exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 5 centimeters, RED power lines from BLACK signal wire lines.
A9.22. RED Power Line and BLACK Power Line Separation. Consider applying this countermeasure if RED power is selected. Do not select this countermeasure if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, RED power lines from BLACK power lines.
A9.23. RED Power Line and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if RED power and BLACK signal grounds are selected. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 5 centimeters, RED power lines from BLACK signal ground wires.
A9.24. RED Power Line and Fortuitous Conductor Separation. Consider applying this countermeasure if RED power is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED power lines from fortuitous conductors.
A9.25. RED Signal Ground Wire and BLACK Equipment Separation. Consider applying this countermeasure if a RED signal ground is selected. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 1 meter, RED signal ground wires from BLACK equipment.
A9.26. RED Signal Ground Wire and BLACK Signal Wire Line Separation. Consider applying this countermeasure if a RED signal ground is selected and BLACK signal wire lines exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 5 centimeters, RED signal ground wires from BLACK signal wire lines.
A9.27. RED Signal Ground Wire and BLACK Power Line Separation. Consider applying this countermeasure if a RED signal ground is selected. Do not select this countermeasure if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, RED signal ground wires from BLACK power lines.
A9.28. RED Signal Ground Wire and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if RED and BLACK signal grounds are selected. If selected, separate, by 5 centimeters, RED signal ground wires from BLACK signal ground wires.
A9.29. RED Signal Ground Wire and Fortuitous Conductor Separation. Consider applying this countermeasure if a RED signal ground is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED signal ground wires from fortuitous conductors.
A9.30. BLACK Signal Ground Wire and BLACK Equipment Separation. Consider applying this countermeasure if BLACK signal ground is selected. If selected, separate, by 1 meter, BLACK signal ground wires from BLACK equipment.
A9.31. BLACK Signal Ground Wire and BLACK Signal Wire Line Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 5 centimeters, BLACK signal ground wires from BLACK signal wire lines.
A9.32. BLACK Signal Ground Wire and BLACK Power Line Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, BLACK signal ground wires from BLACK power lines.
A9.33. BLACK Signal Ground Wire and Fortuitous Conductor Separation. Consider applying this countermeasure if BLACK signal ground is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, BLACK signal ground wires from fortuitous conductors.
FACILITY ZONE B, EQUIPMENT ZONE C
A10.1. Introduction. This attachment addresses the following conditions:
A10.1.1. Facilities: Assigned Zone B, or more than 20 meters but less than 100 meters of inspectable space.A10.1.2. Equipment: Assigned Zone C, or the equipment radiation TEMPEST zone more than 20 meters but less than 100 meters; or meets NSTISSAM TEMPEST/1-92 (C), Level III, standards, or all other RED equipment.
NOTE: This installation may cause TEMPEST hazards. If the facility is TEMPEST-zoned and using TEMPEST-zoned equipment, contact the CTTA to evaluate the actual TEMPEST zone test results for the equipment and the facility to determine if using the equipment in the facility is possible.
A10.2. Countermeasure Application.
A10.2.1. Apply each required countermeasure unless the threat at which the countermeasure is aimed does not exist. Explain why each required countermeasure not selected was not selected. A waiver is not needed for any deselected required countermeasure since the requirement for protection has been met.A10.2.2. Do not apply each consider countermeasure unless the threat at which the countermeasure is aimed does exist. Explain why a not-required (consider) countermeasure was selected.
A10.2.3. A description of each countermeasure and its purpose is in Chapter 8.
A10.2.4. For existing facilities, when countermeasures involving BLACK equipment, BLACK signal wire lines, BLACK power lines, and fortuitous conductors cannot be met, the user may request an EMSEC test to determine if countermeasures are needed.
A10.3. RED Equipment and BLACK Equipment Separation. This countermeasure is required if BLACK equipment has signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A10.3.1. Separate, by 1 meter, RED equipment from BLACK equipment.A10.3.2. The separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A10.3.3. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A10.3.4. Do not place the RED equipment on the same metal desk, bench, shelf, or cabinet as BLACK equipment.
A10.4. RED Equipment and BLACK Signal Wire Line Separation. This countermeasure is required for BLACK signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A10.4.1. Separate, by 1 meter, RED equipment from BLACK signal wire lines.A10.4.2. The separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A10.4.3. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A10.5. RED Equipment and BLACK Power Line Separation. This countermeasure is required unless the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A10.5.1. Separate, by 1 meter, RED equipment from BLACK power lines.A10.5.2. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A10.6. RED Equipment and Fortuitous Conductor Separation. This countermeasure is required for fortuitous conductors that exit the inspectable space.
A10.6.1. Separate, by 1 meter, RED equipment from fortuitous conductors.A10.6.2. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A10.7. RED Signal Wire Line and BLACK Signal Wire Line Separation. This countermeasure is required if BLACK signal wire lines exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A10.7.1. Separate, by 5 centimeters, RED signal wire lines from BLACK signal wire lines.A10.7.2. When RED and BLACK signal wire lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A10.7.3. Do not place RED and BLACK signal wire lines in a common distribution facility. It is permitted to use a common distribution facility for RED and BLACK fiber optic signal lines provided:
A10.7.3.1. Either the BLACK or the RED fiber optic signal lines in a RED distribution facility must have an opaque sheath. BLACK fiber optic signal lines should not have metallic stiffeners or sheaths. If they do, treat the stiffeners or sheaths as fortuitous conductors and ground both ends of the stiffeners or sheaths if the BLACK fiber optic signal lines leave the inspectable space.A10.7.3.2. Separate RED fiber optic signal lines in BLACK distribution facilities from the distribution facility before the distribution facility exits the controlled access area.
A10.7.3.3. Using multifiber bundle for both RED and BLACK signals is not recommended. If used, an opaque partition between the RED and BLACK fibers is required. Maintain total accountability of all fibers to preclude compromise through misconnection.
A10.8. RED Signal Wire Line and BLACK Power Line Separation. This countermeasure is required unless the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A10.8.1. Separate, by 5 centimeters, RED signal wire lines from BLACK power lines.A10.8.2. When RED signal wire lines and BLACK power lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A10.9. Shielded RED Signal Wire Lines. This countermeasure is required for RED equipment meeting the requirements of NSTISSAM TEMPEST/1-92 (C), Level I, which must use optical or shielded wire cables if specified as part of the manufacturer's installation specification or if specified for compliance with TEMPEST certification.
A10.10. RED Power. This countermeasure is required if the facility contains BLACK equipment with signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic.
A10.10.1. Do not power TEMPEST-certified, cryptographic (unless required in technical manuals), or BLACK equipment from a RED power circuit.
A10.11. Filtered RED Power. This countermeasure is required unless the power lines feeding the RED power circuit are contained within the inspectable space up to a point where the average load exceeds 100,000 volt- amperes and at least 10,000 volts potential.
A10.11.1. Do not power TEMPEST-certified, cryptographic (unless required in technical manuals), or BLACK equipment from a filtered RED power circuit.
A10.12. Administrative Communications Countermeasures. These countermeasures are required.
A10.12.1. Telephone Systems. Do not place the telephone instrument on the same metal desk, bench, shelf, or cabinet as the RED equipment.A10.12.2. Comfort Music Systems. Separate, by 10 meters, the tape player from Zone C RED equipment (20 meters from Zone D RED equipment) or audio tapes brought in and played may not leave the facility or degauss the tapes before removal. There are no separation or control requirements for compact disk players. The decision to allow tapes into the facility is made by the security manager for the facility.
A10.12.3. Television-Video Cassette Recorder Systems. Separate, by 10 meters, the television-video cassette recorder system from Zone C RED equipment (20 meters from Zone D RED equipment), or video tapes brought in and played may not leave the facility or degauss the tapes before removal. The decision to allow tapes into the facility is made by the security manager for the facility.
A10.13. RED Equipment and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 1 meter, RED equipment from BLACK signal ground wires. If selected, the separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A10.14. RED Signal Wire Line and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 5 centimeters, RED signal wire lines from BLACK signal ground wires.
A10.15. RED Signal Wire Line and Fortuitous Conductor Separation. Consider applying this countermeasure if fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED signal wire lines from fortuitous conductors.
A10.16. RED Signal Wire Line and BLACK Equipment Separation. Consider applying this countermeasure if BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 1 meter, RED signal wire lines from BLACK equipment.
A10.17. Shielded BLACK Signal Wire Lines. Consider applying this countermeasure when BLACK signal wire lines are not separated by the required distance from RED equipment, RED signal wire lines, RED power lines, or fortuitous conductors. Attachment 15 contains specifications for shielded cables.
A10.17.1. If selected, and if the application of this countermeasure is based on a concern for fortuitous conductors, restrict it to the possibility the fortuitous conductor is "electrically in common" with both the RED and BLACK signal wire lines. By "electrically in common," we mean, those fortuitous conductors that run within 15 centimeters and parallel to a RED signal wire line for at least 2 meters and then run within 15 centimeters and parallel to a BLACK signal wire line for at least 2 meters.A10.17.2. This countermeasure is not needed if there is at least 1 meter separation between a parallel RED signal wire line and a BLACK signal wire line or a common fortuitous conductor run.
A10.18. RED Power Line and BLACK Equipment Separation. Consider applying this countermeasure if RED power is selected and BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 1 meter, RED power lines from BLACK equipment.
A10.19. RED Power Line and BLACK Signal Wire Line Separation. Consider applying this countermeasure if RED power is selected and BLACK signal wire lines exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 5 centimeters, RED power lines from BLACK signal wire lines.
A10.20. RED Power Line and BLACK Power Line Separation. Consider applying this countermeasure if RED power is selected. Do not select this countermeasure if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, RED power lines from BLACK power lines.
10.21. RED Power Line and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if RED power and BLACK signal ground are selected. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 5 centimeters, RED power lines from BLACK signal ground wires.
A10.22. RED Power Line and Fortuitous Conductor Separation. Consider applying this countermeasure if RED power is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED power lines from fortuitous conductors.
A10.23. RED Signal Ground. Consider applying this countermeasure if RED equipment needs a signal ground, RED power filters or cryptographic equipment are installed in facility, or RED signal wire lines are shielded.
A10.23.1. Do not select this countermeasure if less than 5 RED equipment are installed.A10.23.2. Do not select this countermeasure if RED equipment is not installed within a 300 square meter area.
A10.23.3. Do not select this countermeasure if the facility is completely contained within the inspectable space.
A10.24. BLACK Signal Ground. Consider applying this countermeasure if BLACK signal wire line filters or cryptographic equipment are installed in the facility or BLACK signal wire lines are shielded.
A10.24.1. Do not select this countermeasure if less than 5 RED equipment are installed.A10.24.2. Do not select this countermeasure if RED equipment is not installed within a 300 square meter area.
A10.24.3. Do not select this countermeasure if the facility is completely contained within the inspectable space.
A10.24.4. Do not use BLACK signal ground as the signal ground for BLACK equipment; BLACK signal ground carries compromising emanations.
A10.25. RED Signal Ground Wire and BLACK Equipment Separation. Consider applying this countermeasure if a RED signal ground is selected. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 1 meter, RED signal ground wires from BLACK equipment.
A10.26. RED Signal Ground Wire and BLACK Signal Wire Line Separation. Consider applying this countermeasure if a RED signal ground is selected and BLACK signal wire lines exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 5 centimeters, RED signal ground wires from BLACK signal wire lines.
A10.27. RED Signal Ground Wire and BLACK Power Line Separation. Consider applying this countermeasure if a RED signal ground is selected. Do not select this countermeasure if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, RED signal wire lines from BLACK power lines.
A10.28. RED Signal Ground Wire and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if RED and BLACK signal grounds are selected. If selected, separate, by 5 centimeters, RED signal ground wires from BLACK signal ground wires.
A10.29. RED Signal Ground Wire and Fortuitous Conductor Separation. Consider applying this countermeasure if a RED signal ground is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED signal ground wires from fortuitous conductor.
A10.30. BLACK Signal Ground Wire and BLACK Equipment Separation. Consider applying this countermeasure if BLACK signal ground is selected. If selected, separate, by 1 meter, BLACK signal ground wires from BLACK equipment.
A10.31. BLACK Signal Ground Wire and BLACK Signal Wire Line Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 5 centimeters, BLACK signal ground wires from BLACK signal wire lines.
A10.32. BLACK Signal Ground Wire and BLACK Power Line Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, BLACK signal ground wires from BLACK power lines.
A10.33. BLACK Signal Ground Wire and Fortuitous Conductor Separation. Consider applying this countermeasure if BLACK signal ground is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, BLACK signal ground wires from fortuitous conductors.
A10.34. Administrative Communications Countermeasures. Consider applying these countermeasures.
A10.34.1. Intercom and Public Address Systems. If selected, use paragraph A12.2.A10.34.2. Comfort Music Systems. If selected, use paragraph A12.3.
A10.34.3. Cable Television Systems. If selected, use paragraph A12.4.
A10.34.3.1. Separate, by 2 meters, the television set from RED equipment.A10.34.3.2. Separate, by 2 meters, video cables from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
A10.34.3.3. Separate, by 2 meters, active splitters or amplifiers from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
A10.34.4. Television-Video Cassette Recorder Systems. If selected, use paragraph A12.5.
FACILITY ZONE C, EQUIPMENT ZONE C
A11.1. Introduction. This attachment addresses the following conditions:
A11.1.1. Facilities: Assigned Zone C, or more than 100 meters of inspectable space.A11.1.2. Equipment: Assigned Zone C, or the equipment radiation TEMPEST zone more than 20 meters but less than 100 meters, or meets NSTISSAM TEMPEST/1-92 (C), Level III, standards, or all other RED equipment.
A11.2. Countermeasure Application.
A11.2.1. Apply each required countermeasure unless the threat at which the countermeasure is aimed does not exist. Explain why each required countermeasure not selected was not selected. A waiver is not needed for any deselected required countermeasure since the requirement for protection has been met.A11.2.2. Do not apply each consider countermeasure unless the threat at which the countermeasure is aimed does exist. Explain why a not-required (consider) countermeasure was selected.
A11.2.3. A description of each countermeasure and its purpose is in Chapter 8.
A11.2.4. For existing facilities, when countermeasures involving BLACK equipment, BLACK signal wire lines, BLACK power lines, and fortuitous conductors cannot be met, the user may request an EMSEC test to determine if countermeasures are needed.
A11.3. RED Equipment and BLACK Equipment Separation. This countermeasure is required if BLACK equipment has signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A11.3.1. Separate, by 0.5 meters, RED equipment from BLACK equipment.A11.3.2. The separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A11.3.3. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A11.3.4. Do not place the RED equipment on the same metal desk, bench, shelf, or cabinet as BLACK equipment.
A11.4. RED Equipment and BLACK Signal Wire Line Separation. This countermeasure is required for BLACK signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A11.4.1. Separate, by 0.5 meters, RED equipment from BLACK signal wire lines.A11.4.2. The separation distance is reduced to 15 centimeters if a BLACK signal wire line isolation countermeasure is used.
A11.4.3. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A11.5. RED Equipment and BLACK Power Line Separation. This countermeasure is required unless the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A11.5.1. Separate, by 0.5 meters, RED equipment from BLACK power lines.A11.5.2. If the user cannot achieve this separation, use a BLACK signal wire line isolation countermeasure, filter BLACK power lines, and isolate fortuitous conductors.
A11.6. RED Signal Wire Line and BLACK Signal Wire Line Separation. This countermeasure is required if BLACK signal wire lines exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic.
A11.6.1. Separate, by 5 centimeters, RED signal wire lines from BLACK signal wire lines.A11.6.2. When RED and BLACK signal wire lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A11.6.3. Do not place RED and BLACK signal wire lines in a common distribution facility. It is permitted to use a common distribution facility for RED and BLACK fiber optic signal lines provided:
A11.6.3.1. Either the BLACK or the RED fiber optic signal lines in a RED distribution facility must have an opaque sheath. BLACK fiber optic signal lines should not have metallic stiffeners or sheaths. If they do, treat the stiffeners or sheaths as fortuitous conductors and ground both ends of the stiffeners or sheaths if the BLACK fiber optic signal lines leave the inspectable space.A11.6.3.2. Separate RED fiber optic signal lines in BLACK distribution facilities from the distribution facility before the distribution facility exits the controlled access area.
A11.6.3.3. Using multifiber bundle for both RED and BLACK signals is not recommended. If used, an opaque partition between the RED and BLACK fibers is required. Maintain total accountability of all fibers to preclude compromise through misconnection.
A11.7. RED Signal Wire Line and BLACK Power Line Separation. This countermeasure is required unless the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A11.7.1. Separate, by 5 centimeters, RED signal wire lines from BLACK power lines.A11.7.2. When RED signal wire lines and BLACK power lines are run parallel for 30 meters or more, increase the separation to 15 centimeters.
A11.8. Shielded RED Signal Wire Lines. This countermeasure is required for RED equipment meeting the requirements of NSTISSAM TEMPEST/1-92 (C), Level I, which must use optical or shielded wire cables if specified as part of the manufacturer's installation specification or if specified for compliance with TEMPEST certification.
A11.9. RED Power. This countermeasure is required if the facility contains BLACK equipment with signal wire lines that exit the inspectable space unless the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic.
A11.9.1. Do not power TEMPEST-certified, cryptographic (unless required in technical manuals), or BLACK equipment from a RED power circuit.
A11.10. Administrative Communications Countermeasures. These countermeasures are required.
A11.10.1. Telephone Systems. Do not place the telephone instrument on the same metal desk, bench, shelf, or cabinet as the RED equipment.A11.10.2. Comfort Music Systems. Separate, by 10 meters, the tape player from Zone C RED equipment (20 meters from Zone D RED equipment) or audio tapes brought in and played may not leave the facility or degauss the tapes before removal. There are no separation or control requirements for compact disk players. The decision to allow tapes into the facility is made by the security manager for the facility.
A11.10.3. Television-Video Cassette Recorder Systems. Separate, by 10 meters, the television-video cassette recorder system from Zone C RED equipment (20 meters from Zone D RED equipment), or video tapes brought in and played may not leave the facility or degauss the tapes before removal. The decision to allow tapes into the facility is made by the security manager for the facility.
A11.11. RED Equipment and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 0.5 meters, RED equipment from BLACK signal ground wires. If selected, the separation distance is reduced if a BLACK signal wire line isolation countermeasure is used.
A11.12. RED Signal Wire Line and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 5 centimeters, RED signal wire lines from BLACK signal ground wires.
A11.13. RED Signal Wire Line and Fortuitous Conductor Separation. Consider applying this countermeasure if fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED signal wire lines from fortuitous conductors.
A11.14. RED Signal Wire Line and BLACK Equipment Separation. Consider applying this countermeasure if BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 0.5 meters, RED signal wire lines from BLACK equipment.
A11.15. Shielded BLACK Signal Wire Lines. Consider applying this countermeasure when BLACK signal wire lines are not separated by the required distance from RED equipment, RED signal wire lines, RED power lines, or fortuitous conductors. Attachment 15 contains specifications for shielded cables.
A11.15.1. If selected, and if the application of this countermeasure is based on a concern for fortuitous conductors, restrict it to the possibility the fortuitous conductor is" electrically in common" with both the RED and BLACK signal wire lines. By "electrically in common," we mean, those fortuitous conductors that run within 15 centimeters and parallel to a RED signal wire line for at least 2 meters and then run within 15 centimeters and parallel to a BLACK signal wire line for at least 2 meters.A11.15.2. This countermeasure is not needed if there is at least 1 meter separation between a parallel RED signal wire line and a BLACK signal wire line or a common fortuitous conductor run.
A11.16. Filtered RED Power. Consider applying this countermeasure if RED power is required. Do not select this countermeasure if the power lines feeding the RED power circuit are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential.
A11.16.1. If selected, do not power TEMPEST-certified, cryptographic (unless required in technical manuals), or BLACK equipment from a filtered RED power circuit.
A11.17. RED Power Line and BLACK Equipment Separation. Consider applying this countermeasure if RED power is selected and BLACK equipment has signal wire lines that exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 0.5 meters, RED power lines from BLACK equipment.
A11.18. RED Power Line and BLACK Signal Wire Line Separation. Consider applying this countermeasure if RED power is selected and BLACK signal wire lines exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 5 centimeters, RED power lines from BLACK signal wire lines.
A11.19. RED Power Line and BLACK Power Line Separation. Consider applying this countermeasure if RED power is selected. Do not select this countermeasure if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, RED power lines from BLACK power lines.
A11.20. RED Power Line and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if RED power and BLACK signal ground are selected. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 5 centimeters, RED power lines from BLACK signal ground wires.
A11.21. RED Power Line and Fortuitous Conductor Separation. Consider applying this countermeasure if RED power is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED power lines from fortuitous conductors.
A11.22. RED Signal Ground. Consider applying this countermeasure if RED equipment needs a signal ground, RED power filters or cryptographic equipment are installed in the facility, or RED signal wire lines are shielded.
A11.22.1. Do not select this countermeasure if less than 5 RED equipment are installed.A11.22.2. Do not select this countermeasure if RED equipment is not installed within a 300 square meter area.
A11.22.3. Do not select this countermeasure if the facility is completely contained within the inspectable space.
A11.23. BLACK Signal Ground. Consider applying this countermeasure if BLACK signal wire line filters or cryptographic equipment are installed in the facility or BLACK signal wire lines are shielded.
A11.23.1. Do not select this countermeasure if less than 5 RED equipment are installed.A11.23.2. Do not select this countermeasure if RED equipment is not installed within a 300 square meter area.
A11.23.3. Do not select this countermeasure if the facility is completely contained within the inspectable space.
A11.23.4. Do not use BLACK signal ground as the signal ground for BLACK equipment; BLACK signal ground carries compromising emanations.
A11.24. RED Signal Ground Wire and BLACK Equipment Separation. Consider applying this countermeasure if a RED signal ground is selected. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 1,000 meters or if the BLACK signal lines are fiber optic. Do not select this countermeasure if the facility is completely contained within the inspectable space. If selected, separate, by 0.5 meters, RED signal ground wires from BLACK equipment.
A11.25. RED Signal Ground Wire and BLACK Signal Wire Line Separation. Consider applying this countermeasure if a RED signal ground is selected and BLACK signal wire lines exit the inspectable space. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 5 centimeters, RED signal ground wires from BLACK signal wire lines.
A11.26. RED Signal Ground Wire and BLACK Power Line Separation. Consider applying this countermeasure if a RED signal ground is selected. Do not select this countermeasure if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, RED signal ground wires from BLACK power lines.
A11.27. RED Signal Ground Wire and BLACK Signal Ground Wire Separation. Consider applying this countermeasure if RED and BLACK signal grounds are selected. If selected, separate, by 5 centimeters, RED signal ground wires from BLACK signal ground wires.
A11.28. RED Signal Ground Wire and Fortuitous Conductor Separation. Consider applying this countermeasure if a RED signal ground is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, RED signal ground wires from fortuitous conductors.
A11.29. BLACK Signal Ground Wire and BLACK Equipment Separation. Consider applying this countermeasure if BLACK signal ground is selected. If selected, separate, by 0.5 meters, BLACK signal ground wires from BLACK equipment.
A11.30. BLACK Signal Ground Wire and BLACK Signal Wire Line Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the line distance of the BLACK signal wire lines from the building containing the RED equipment to the boundary of the inspectable space is greater than 2,000 meters or if the BLACK signal lines are fiber optic. If selected, separate, by 5 centimeters, BLACK signal ground wires from BLACK signal wire lines.
A11.31. BLACK Signal Ground Wire and BLACK Power Line Separation. Consider applying this countermeasure if BLACK signal ground is selected. Do not select this countermeasure if the BLACK power lines are contained within the inspectable space up to a point where the average load exceeds 100,000 volt-amperes and at least 10,000 volts potential. If selected, separate, by 5 centimeters, BLACK signal ground wires from BLACK power lines.
A11.32. BLACK Signal Ground Wire and Fortuitous Conductor Separation. Consider applying this countermeasure if BLACK signal ground is selected and fortuitous conductors exit the inspectable space. If selected, separate, by 5 centimeters, BLACK signal ground wires from fortuitous conductors.
A11.33. Administrative Communications Countermeasures. Consider applying these countermeasures.
A11.33.1. Intercom and Public Address Systems. If selected, use paragraph A12.2.A11.33.2. Comfort Music Systems. If selected, use paragraph A12.3.
A11.33.3. Cable Television Systems. If selected, use paragraph A12.4.
A11.33.3.1. Separate, by 2 meters, the television set from RED equipment.A11.33.3.2. Separate, by 1 meter, video cables from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
A11.33.3.3. Separate, by 1 meter, active splitters or amplifiers from RED equipment, RED signal wire lines, RED power lines, and RED signal ground wires.
A11.33.4. Television-Video Cassette Recorder Systems. If selected, use paragraph A12.5.
APPLYING ADMINISTRATIVE COMMUNICATIONS COUNTERMEASURES
A12.1. Introduction. This attachment provides commonly required administrative communications countermeasures. Due to the amount of information and the number of times they are required, they were placed in this attachment to conserve paper. Do not apply these countermeasures unless the EMSEC countermeasures review using one of the Attachments 3 through 11 directs you into this attachment.
A12.2. Intercom and Public Address Systems.
A12.2.1. Required Application. Do the following when application of this countermeasure is required.A12.2.1.1. A wireless intercom system (radio frequency transmitter) is prohibited in all cases.A12.2.1.2. Contain the system totally within the inspectable space.
A12.2.1.3. Install the public address amplifier in a metal cabinet to contain any free-space radiation it might generate.
A12.2.1.4. Separate wire lines according the separation requirements in the appropriate countermeasures review attachment.
A12.2.2. Selected for Application. Do the following when this countermeasure has been considered and selected for application.
A12.2.2.1. A wireless intercom system (radio frequency transmitter) is prohibited in all cases.A12.2.2.2. Contain the system totally within the inspectable space.
A12.2.2.3. Separate wire lines according the separation requirements in the applicable countermeasures review attachment.
A12.3. Comfort Music Systems. There are two types of comfort music systems; those that use a radio receiver and those that do not. Take the following precautions to reduce the risk of the system becoming an escape medium for compromising emanations. Systems that do not use a radio receiver include systems like compact disk or play-only tape players.
A12.3.1. Required Application. Do the following when application of this countermeasure is required.A12.3.1.1. Contain the entire music system, including speakers and associated cables, within the inspectable space. The user may need two music systems at some locations, one for within the inspectable space and one for outside the inspectable space.A12.3.1.2. Use shielded audio cable, as described in Attachment 15, between the receiver and speakers. Separate according to the requirements established for shielded wire lines in the applicable countermeasures review attachment.
A12.3.1.3. Use "open type" speakers (that is, ceiling mount or open box) for easy inspection.
A12.3.1.4. Operate the system (play music) whenever classified national security information is processed. This prevents the speakers from becoming microphones.
A12.3.1.5. Separate the BLACK power line (power cord) from RED equipment, RED signal wire lines, and RED power (if required) according to the separation requirements in the applicable countermeasures review attachment.
A12.3.1.6. Separate the tape player from RED equipment by the distance specified in the applicable countermeasures review attachment or audio tapes brought in and played may not leave the facility or degauss the tapes before removal. There are no separation or control requirements for compact disk (sometimes abbreviated CD) players. The decision to allow tapes into the facility is made by the security manager for the facility.
A12.3.1.7. For systems using a radio receiver, separate, by 1 meter, the receiver from RED equipment. When this separation requirement is not met, install the receiver inside a metal cabinet, such as wall locker or storage cabinet, to reduce the possibility of radiated compromising emanations coupling onto the receiver. Keep the doors shut.
A12.3.2. Selected For Application. Do the following when this countermeasure has been considered and selected for application.
A12.3.2.1. Contain the entire music system, including speakers and associated cables, within the inspectable space. The user may need two music systems at some locations, one for within the inspectable space and one for outside the inspectable space.A12.3.2.2. Separate wire lines according to the requirements established in the applicable countermeasures review attachment.
A12.3.2.3. Separate the tape player from RED equipment by the distance specified in the applicable countermeasures review attachment or audio tapes brought in and played may not leave the facility or degauss the tapes before removal. There are no separation or control requirements for compact disk players. The decision to allow tapes into the facility is made by the security manager for the facility.
A12.3.2.4. For systems using a radio receiver, separate, by 1 meter, the receiver from RED equipment. When this separation requirement is not met, install the receiver inside a metal cabinet, such as wall locker or storage cabinet, to reduce the possibility of radiated compromising emanations coupling onto the receiver. Keep the doors shut.
A12.4. Cable Television Systems.
A12.4.1. Required Application. Do the following when application of this countermeasure is required.A12.4.1.1. Separate the television set from RED equipment according to the requirements established in the applicable countermeasures review attachment.A12.4.1.2. Install the entire video cable distribution system in electrical metallic tubing conduit. Do not expose more than 0.5 meters of the video cable behind the television receiver or at the distribution splitter or amplifier. An alternative is to use shielded video cable meeting the requirements in Attachment 15. Connect the shield to BLACK signal ground, where available.
A12.4.1.3. Separate video cables by the distance specified in the applicable countermeasures review attachment.
A12.4.1.4. Separate the BLACK power line (power cord) from RED equipment, RED signal wire lines, and RED power (if required) according to the separation requirements in the applicable countermeasures review attachment.
A12.4.1.5. Isolate the video cable. This is best done at the boundary of the inspectable space to preclude the video cable from becoming recontaminated with compromising emanations. This is not always practical but isolation must be done beyond the equipment radiation TEMPSET zone or the cable must be shielded or installed in electrical metallic tubing conduit. There are three generally acceptable methods for isolating the cable.
A12.4.1.5.1. Method One. Use a photon-coupled (optical) isolator, as described in Attachment 16, to break the electrical connection for conducted emanations and to filter out any emanations that may have modulated the television receiver.A12.4.1.5.2. Method Two. Use a combination of attenuation and amplification to reduce both conducted and modulated emanations. Use a combination of the front-to-back ratio of the amplifier and additional attenuation (for example, using an amplifier with a 70-decibel (sometimes abbreviated dB) front-to-back ratio and a 30-decibel attenuator will provide the required 100 decibels of isolation). Set the gain of the amplifier for optimal operation, usually unity gain (enough to overcome the decrease in signal level caused by the attenuator). The minimum acceptable attenuation is 100 decibels. Do not use an amplifier that can amplify signals in both directions.
A12.4.1.5.3. Method Three. For a single television receiver, a video cassette recorder (VCR) can provide the video service and will also act as a "one way" filter. If a control box is used, collocate it with the VCR. Disconnect the incoming video cable before using the VCR for processing classified national security information.
A12.4.1.6. If using an active cable splitter or amplifier to distribute the video signal within the facility, separate the splitter or amplifier by the distance specified in the applicable countermeasures review attachment from RED equipment. If this separation requirement is not met, install the splitter or amplifier inside a metal container or cabinet, such as wall locker or storage cabinet, to reduce the possibility of radiated compromising emanations coupling onto the splitter or amplifier. Shield the incoming lines to a distance of at least one-third the equipment radiation TEMPEST zone of the RED equipment.
A12.4.2. Selected for Application. Do the following when this countermeasure has been considered and selected for application.
A12.4.2.1. Separate the television set from RED equipment according to the requirements established in the applicable countermeasures review attachment.A12.4.2.2. Separate video cables by the distance specified in the applicable countermeasures review attachment.
A12.4.2.3. Separate the BLACK power line (power cord) from RED equipment, RED signal wire lines, and RED power (if required) according to the separation requirements in the applicable countermeasures review attachment.
A12.4.2.4. If using an active cable splitter or amplifier to distribute the video signal within the facility, separate the splitter or amplifier by the distance specified in the applicable countermeasures review attachment from RED equipment.
A12.5. Television-Video Cassette Recorder Systems.
A12.5.1. Required Application. Do the following when application of this countermeasure is required.A12.5.1.1. Contain the television-video cassette recorder system, including speakers and associated cables, within the inspectable space. The user may need two television-video cassette recorder systems at some locations, one for within the inspectable space and one for outside the inspectable space.A12.5.1.2. Separate the television-video cassette recorder system from RED equipment by the distance specified in the applicable countermeasures review attachment or video tapes brought in and played may not leave the facility or degauss the tapes before removal. The decision to allow tapes into the facility is made by the security manager for the facility.
A12.5.1.3. Separate video cables (BLACK signal wire lines) by the distance specified in the applicable countermeasures review attachment.
A12.5.1.4. Separate the BLACK power line (power cord) from RED equipment, RED signal wire lines, and RED power (if required) according to the separation requirements in the applicable countermeasures review attachment.
A12.5.2. Selected For Application. Do the following when this countermeasure has been considered and selected for application.
A12.5.2.1. Contain the television-video cassette recorder system, including speakers and associated cables, within the inspectable space. The user may need two television-video cassette recorder systems at some locations, one for within the inspectable space and one for outside the inspectable space.A12.5.2.2. Separate video cables (BLACK signal wire lines) by the distance specified in the applicable countermeasures review attachment.
A12.5.2.3. Separate the BLACK power line (power cord) from RED equipment, RED signal wire lines, and RED power (if required) according to the separation requirements in the applicable countermeasures review attachment.
DOCUMENTING THE COUNTERMEASURES REVIEWS
A13.1. Introduction. These instructions provide the details for documenting the required countermeasures identified by the control of compromising emanations, NONSTOP, and HIJACK countermeasures reviews. Make the following entries on AFCOMSEC Form 7001, Part II, Emission Security Countermeasures Reviews.
A13.2. Documenting the Control of Compromising Emanations Countermeasures Review. Use AFCOMSEC Form 7001, block 5, block 10 (continuation), and continue on plain paper, if needed, to identify the required countermeasures (see Figure A13.1).
A13.2.1. Enter the heading "(U) Control of Compromising Emanations Countermeasures." Under that heading:A13.2.2. List the main criterion used to define the inspectable space.
A13.2.3. List what equipment was used to determine the worst case equipment profile, the source of the profile information, and the profile.
A13.2.4. Enter "(U) Facility Zone X, Equipment Zone X countermeasures were used." (Replace X with the appropriate zone rating.)
A13.2.5. List each required control of compromising emanations countermeasure as a statement of the requirement (e.g., "(U) Separate RED equipment 1 meter from BLACK equipment."). List in the same order as they appear in the attachment regardless of whether each is needed or not.
A13.2.6. If a required countermeasure is determined as not needed, simply list the countermeasure (e.g., "(U) RED Equipment and BLACK Equipment Separation."), followed by "Not needed." Follow this with the reason why it is not needed (e.g., "BLACK signal lines are longer than 2,000 meters before they exit the inspectable space.").
A13.2.7. After all required countermeasures are listed, list all non-required (consider) countermeasures selected as needed. List them in the same order as they appear in the attachment. Do not list those not selected, skip them. List them in the same manner as a required countermeasure (e.g., "(U) "Provide RED power."). Follow this with the reason it is needed (e.g., "The U.S. Government does not control the power in the building.").
A13.2.8. For military installations (see Figures A13.2 and A13.3):
A13.2.8.1. Make, title, and attach a copy of a map showing the inspectable space. Include the scale. Reduce map to 8-1/2 by 11 inches. Indicate the location of the building with the RED equipment for this countermeasures review on the map.A13.2.8.2. Make, title, and attach a drawing showing the floor layout of the RED equipment. The drawing may be free-hand. Include the scale. Reduce the drawing to 8-1/2 by 11 inches.
A13.2.9. For non-military installations:
A13.2.9.1. Make, title, and attach a copy of the drawing showing the building where the RED equipment is located and surrounding buildings to a distance of 200 meters. Identify significant occupants, organizations, and activities in the buildings within 200 meters. If the building is not wholly occupied by the U.S. Government, identify and indicate the location of non-U.S. Government entities. The drawing may be free-hand. Include the scale. Reduce the drawing to 8-1/2 by 11 inches.A13.2.9.2. Make, title, and attach a copy of the map showing the inspectable space. Reduce map to 8-1/2 by 11 inches.
A13.2.9.3. Make, title, and attach a drawing showing the floor layout of the RED equipment. The drawing may be free-hand. Include the scale. Reduce the drawing to 8-1/2 by 11 inches.
A13.2.10. If the control of compromising emanations is not applicable or no control of compromising emanations countermeasures are required, enter "Not Applicable" or "Not Required" after the heading identified in paragraph A13.2.1.
A13.3. Documenting the NONSTOP Countermeasures Review. Use AFCOMSEC Form 7001, block 5, block 10 (continuation), and continue on plain paper, if needed, to identify the required countermeasures (see Figure A13.1).
A13.3.1. Enter the heading "(U) NONSTOP Countermeasures." Under that heading:A13.3.2. List the type of radio(s) of concern.
A13.3.3. List what equipment was used to determine the worst case equipment profile, the source of the profile information, and the profile.
A13.3.4. List each required NONSTOP countermeasure as a statement of the requirement (e.g., "Separate the radio 20 meters from all RED processors.").
A13.3.5. If a required countermeasure is determined as not needed, then list the countermeasure (e.g., "(U) Separate Power for RED Equipment or Radio Equipment.") followed by "Not needed." Follow this with the reason why it is not needed (e.g., "The power to the room with RED equipment is on an uninterrupted power supply, the radios are not.").
A13.3.6. After all required countermeasures are listed, list all non-required (consider) countermeasures selected as needed. (Usually, these countermeasures are determined by a CTTA.) List them in the same manner as a required countermeasure (e.g., "(U) Install a RED signal ground and connect the signal ground for all RED processors to it."). Follow this with the reason it is needed (e.g., "The configuration of the RED equipment and radios makes using the existing facility signal ground a hazard."). Do not list those not selected.
A13.3.7. Make, title, and attach a drawing showing the layout of transmitters, receivers, and RED equipment. The drawing may be free-hand. Include the scale. Reduce the drawing to 8-1/2 by 11 inches (see Figure A13.3).
A13.3.8. If NONSTOP is not applicable or NONSTOP countermeasures are not required, enter "Not Applicable" or "Not Required" after the heading identified in paragraph A13.3.
A13.4. Documenting the HIJACK Countermeasures Review. Use AFCOMSEC Form 7001, block 5, block 10 (continuation), and continue on plain paper, if needed, to identify the required countermeasures (see Figure A13.1).
A13.4.1. Enter the heading, "(U) HIJACK Countermeasures." Under that heading:A13.4.2. List the processing procedures, classified, unclassified-to-classified, or unclassified.
A13.4.3. List the cryptographic equipment used to determine required countermeasures.
A13.4.4. List each required HIJACK countermeasure as a statement of the requirement (e.g., "Shield RED and BLACK signal lines.").
A13.4.5. If a required countermeasure is determined not needed, then list the countermeasure (e.g., "(U) Cryptographic Equipment and RED Equipment Separation.") followed by "Not needed." Follow this with the reason why it is not needed (e.g., "Separation from RED and BLACK equipment by 1 meter not needed for KIV-7.").
A13.4.6. After all required countermeasures are listed, list all non-required (consider) countermeasure selected as needed. (Usually, these countermeasures are determined by a CTTA.) List them in the same manner as a required countermeasure (e.g., "(U) Separate RED equipment 3 meters from cryptographic equipment."). Follow this with the reason it is needed (e.g., "The RED equipment has emanations measured in watts."). Do not list those not selected.
A13.4.7. Make, title, and attach a drawing showing the layout of cryptographic equipment, RED equipment (if any), and BLACK equipment (if any). The drawing may be free-hand. Include the scale. Reduce the drawing to 8-1/2 by 11 inches.
A13.4.8. If HIJACK is not applicable or HIJACK countermeasures are not required, enter "Not Applicable" or "Not Required" after the heading identified in paragraph A13.4.
Figure A13.1. Unclassified Sample, Completed EMSEC Countermeasures Reviews Documentation.
CONFIDENTIAL WHEN FILLED IN
PART I. (U) EMISSION SECURITY ASSESSMENTS Classified by: DIRNSA (National Manager NTAISS) Declassify: Ten years from Date of Classification
1. (U) Equipment, System, or Facility:
2. (U) Location:
3. (U) Emission Security Assessments Summary.
a. (U) Classification Level: b. (U) Volume: % c. (U) Geographic Location:
(U) UNCLASSIFIED (U) UNCLASSIFIED (U) CONUS
(U) CONFIDENTIAL (U) CONFIDENTIAL (C) OCONUS, Low Threat
(U) SECRET (U) SECRET (C) OCONUS, Medium Threat
(U) TOP SECRET (U) TOP SECRET (C) OCONUS, High Threat
4. (U) Emission Security Assessments Results.
a. (U) Control of Compromising Emanations: b. (U) NONSTOP: c. (U) HIJACK:
(C) No Control of Compromising Emanations Required. (C) No NONSTOP Countermeasures Required. (U) No HIJACK Countermeasures Required.
(C) Control of Compromising Emanations Required. (C) NONSTOP Countermeasures Required. (U) HIJACK Countermeasures Required.
PART II (U) EMISSION SECURITY COUNTERMEASURES REVIEWS
5. (U) Requirements: (U) NONSTOP Precautions. (U) Do not use hand-held radios within 10 meters of classified processors until contacting the IP office. This does not apply to short term visitors, only to assigned workers. (U) Do not use beepers or pagers within 10 meters of classified processors until contacting the IP office. This does not apply to short term visitors, only to assigned workers. (C) Control of Compromising Emanations Countermeasures. (U) The inspectable space is defined as the base perimeter, minimum 100 meters. (U) Using the Zenith Z-Station 510, from the generic zone assignment for Computers, Micro; the equipment is zone C. (U) Facility Zone C, Equipment Zone C countermeasures were used. (Attachcment A11) (U) Do not place RED equipment on the same metal desk, bench, shelf, or cabinet as BLACK equipment. Cost: $0.00. (Paragraph A11.3) (U) Separate RED equipment from BLACK signal wire lines by 1 meter. Cost: $0.00. (Paragraph A11.4) (Continued in block 10) EXAMPLE
6. (U) Authentication and Acknowledgement.
Typed or Printed Name, Organization, Phone Number, and Signature. a. (U) IP Office: b. (U) User: c. (U) Date:
7. (U) Tracking and Address Information.
Tracking Number: E-mail Address: Message Address: Mailing Address:
8. (U) CTTA Validation Received. E-Mail. Message. Letter. Date/Time/Group or Date:
9. (U) Emission Security Certification.
Typed or Printed Name, Organization, Phone Number , and Signature. a. (U) IP Office: b. (U) Signature: c. (U) Date:
AFCOMSEC FORM 7001, FEB 98 (EF-V1) CONFIDENTIAL WHEN FILLED IN
Figure A13.1. Continued. (Reverse)
CONFIDENTIAL WHEN FILLED IN
10. (U) Continuation (Continued from block 5) (U) RED Equipment and BLACK Power Line Separation. Not needed. Power lines contained within inspectable space to point where the load exceeds 100 KVA. (Paragraph A11.5) (U) RED Signal Wire Line and BLACK Signal Wire Line Separation. Not needed. Cable length exceeds 2 km. (Paragraph A11.6) (U) RED Signal Wire Line and BLACK Power Line Separation. Not needed. Power lines contained within inspectable space to point where the load exceeds 100 KVA. (Paragraph A11.7) (U) Shielded RED Signal Wire Line. Not needed. No TEMPEST-certified equipment used. (Paragraph A11.8) (U) RED Power. Not needed. The length of BLACK signal wire lines exceeds 1 km. (Paragraph A11.9) (U) Do not place the telephone instrument on the same metal desk, bench, shelf, or cabinet as the RED equipment. Cost: $0.00. (Paragraph A11.10.1) (U) Audio and video tapes brought in a played within 10 meters of RED equipment may not leave the facility unless they are deguassed or do not play audio or video tapes while operating RED equipment. Consult facility security manager for decision. Cost: $0.00. (Paragraphs A11.10.2 and A11.10.3) (C) NONSTOP Countermeasures. (U) Land mobile radio base station. (U) Using the Zenith Z-Station 510, from the generic zone assignment for computers, micro; the equipment is Zone C. (U) Separate radio base station 10 meters from all RED equipment. (Paragraph 3.3.1) (U) Do not power RED equipment and the base station from the same AC power circuit. (Paragraph 3.3.2) (U) Signal and Control Lines Separation. Not needed. Base station is self contained with no remoted lines. (Paragraph 3.3.3) (U) HIJACK Countermeasures. (U) Processing classified information. (U) KIV-7. (U) Use the manufacturer's supplied cables. (Paragraph 4.5.1) (U) Separate modems 1 meter from RED equipment. (Paragraph 4.5.3) (U) Separate RED equipment from cryptographic equipment. Not needed. KIV-7 designed for installation in computer. (Paragraph 4.5.4) EXAMPLE
AFCOMSEC FORM 7001, FEB 98 (EF-V1) CONFIDENTIAL WHEN FILLED IN
Figure A13.2. Sample Base Map of Area.
[Not in original]
Figure A13.3. Sample Map of Office
[Not in original]
EMISSION SECURITY TESTING
A14.1. Emission Security Test Request Format. Use the standard memorandum format. The subject is "Request for EMSEC Test." The memorandum has several attachments. The most important attachment is a copy of the EMSEC countermeasures review (except for aircraft test requests). Unless otherwise indicated, provide the following information in all requests:
A14.1.1. Reason for Test. Paragraph 7.3 lists the reasons for requesting an EMSEC test. This paragraph of the request should: identify one or more of those basic reasons, include additional information supporting the selection of the reason for testing as justification for the request, and include a short mission statement.A14.1.2. Need Date. Identify the desired or specified date for the test. If a date is specified, provide justification.
A14.1.3. Processing Procedures. Include a simple statement as to whether processing classified national security information is on a random or scheduled basis.
A14.1.4. Points of Contact. Identify the individual to contact for more information or coordination in processing this request and conducting the test. Also identify the wing IP office point of contact. For both, include rank, name, organization, office symbol, and telephone numbers (DSN, commercial with area code, and STU III).
A14.1.5. Security Clearance. What security clearance level and special accesses are required for unescorted access? This information allows the test team to acquire the necessary clearances to reduce escort requirements. To whom are security clearances sent? What briefing arrangements are required when test team members are briefed for special accesses?
A14.2. Facility Test Request. In addition to the information in paragraphs A14.1.1 through A14.1.5, provide the information identified below. Omission of this information will delay your request. This information is used to determine the need and scope of the test.
A14.2.1. Facility Identification. Identify the building and extent of testing (e.g., "Building 5, Command Operations Center, Rooms 201, 202, and 203.").A14.2.2. List of RED Equipment. Provide a list of RED equipment requiring testing. If all the equipment listed on the EMSEC countermeasures review needs testing, then state "See EMSEC countermeasures review equipment list." If not all equipment on the EMSEC countermeasures review needs testing, then list the equipment here. Attach the list if it is too long for the main body of the letter. In either case, identify each item of RED equipment requiring testing by nomenclature, manufacturer and model number.
A14.2.3. The EMSEC Countermeasures Reviews. A copy of the EMSEC countermeasures review is required. Make sure all levels of classified are identified and the volume of each level. Make sure the boundaries of the inspectable space are indicated.
A14.2.4. Physical Control Data. Describe access control measures established. Refer to and use, if desired, the same drawings used in the EMSEC countermeasures review.
A14.2.5. Site Conditions. Describe the type of installation.
A14.2.5.1. Identify whether the system is fixed, mobile, or fixed-mobile (e.g., a van used in a semi-permanent location). Identify type, model, and series of van used.A14.2.5.2. Describe the location in terms of whether the installation is a contractor facility, a civilian facility, open military installation, closed military installation, allied military installation, etc.
A14.2.6. Installation Data. Identify who installed the equipment or system and when. Were all the required countermeasures installed? Identify all deviations and waivers. Include, as attachments, drawings (preferably single sheet 8-1/2 inch by 11 inch) as follows:
A14.2.6.1. The Room or Rooms. Include dimensions.A14.2.6.1.1. Show the location of both RED and BLACK equipment positions.A14.2.6.1.2. Show the location of all telephones within the room or rooms.
A14.2.6.1.3. Show, as closely as possible, the route telephone lines follow within the room or rooms.
A14.2.6.1.4. Show the location of any telephone or signal wire line filters within the room or rooms.
A14.2.6.1.5. Show the location of all fixed transmitters within the room or rooms.
A14.2.6.1.6. Show the location of any power transformers within the room or rooms.
A14.2.6.1.7. Show the location of any power filters within the room or rooms.
A14.2.6.1.8. Show, as closely as possible, the route power lines follow within the room or rooms.
A14.2.6.2. The Building. Include dimensions.
A14.2.6.2.1. Show the location of the room or rooms within the building.A14.2.6.2.2. Show the floors above and below if the building is a multi-story building. Indicate the location of the room or rooms.
A14.2.6.2.3. Identify occupants of the building who are not related to the users of the equipment within the room or rooms. For example, contractors, foreign nationals, other Air Force units, organizations from other agencies, or military departments.
A14.2.6.2.4. Show the location of all telephones along shared walls with the room or rooms.
A14.2.6.2.5. Show, as closely as possible, the route telephone lines follow along shared walls with the room or rooms.
A14.2.6.2.6. Show, as closely as possible, the route telephone lines follow in rooms directly below the room or rooms if the telephone lines are within 2 meters of the ceiling.
A14.2.6.2.7. Show, as closely as possible, the route telephone lines follow in rooms directly above the room or rooms if the telephone lines are within 2 meters of the floor.
A14.2.6.2.8. Show the location of any telephone or signal wire line filters within the building.
A14.2.6.2.9. Show the location of all fixed transmitters within the building.
A14.2.6.2.10. Show the location of any power transformers within the building.
A14.2.6.2.11. Show the location of any power filters within the building.
A14.2.6.2.12. Show, as closely as possible, the route power lines follow along shared walls with the room or rooms.
A14.2.6.3. The Installation. Include dimensions.
A14.2.6.3.1. Show the location of building on the installation.A14.2.6.3.2. Identify occupants of other buildings located within 100 meters of the room or rooms.
A14.2.6.3.3. Show the location of all fixed transmitters within the buildings within 100 meters of the room or rooms.
A14.2.6.3.4. Show the location of any power transformers supplying power to the building.
A14.2.6.3.5. Show the location of any power filters for the power supplied to the building if not located within the building.
A14.2.6.3.6. Show, as closely as possible, the route power lines follow that supply power to the building up to 100 meters from the building.
A14.2.7. Data Format. Describe in this paragraph whether the data is all numerical, an alpha-numeric mix, or alpha-numeric literal text.
A14.3. Equipment Laboratory Test Request. In addition to the information in paragraphs A14.1.1 through A14.1.4, provide the information identified below. Omission of this information will delay your request. This information is used to determine the need for the test. Also, it is assumed the equipment was not installed.
A14.3.1. Equipment Identification. Identify the equipment for testing by nomenclature, manufacturer, and model number.A14.3.2. The EMSEC Countermeasures Reviews. A copy of the EMSEC countermeasures reviews is required. Make sure all levels of classified are identified and the volume of each level.
A14.3.3. Data Format. Describe in this paragraph whether the data is all numerical, an alpha-numeric mix, or alpha-numeric literal text.
A14.4. Facility Zone Test Request. In addition to the information in paragraphs A14.1.1 through A14.1.5, provide the information identified below. Omission of this information will delay your request. The information is used to determine the need and scope of the test.
A14.4.1. Facility Identification. Identify the building and extent of testing. For instance, Building 5, Command Operations Center, Rooms 201, 202, and 203.A14.4.2. The EMSEC Countermeasures Reviews. A copy of the EMSEC countermeasures reviews is required. Make sure the boundaries of the inspectable space are indicated.
A14.4.3. Physical Control Data. Describe access control measures established. Refer to and use, if desired, the same drawings used in the EMSEC countermeasures review.
A14.4.4. Site Conditions. Describe the facility.
A14.4.4.1. Describe the construction of the facility; all brick with no windows, cinder block with large windows, wood frame with wall board and panel siding, single story, multi-story with basement, etc. The preferred way to provide this information is by drawings showing dimensions, construction materials and methods, windows with type and size, doorways and doors, etc.A14.4.4.2. Is the facility located on: a contractor's site, a civilian location, an open military installation, a closed military installation, an allied military installation, etc.?
A14.4.5. Processing Areas. Identify where classified national security information is processed within the facility. Include, as attachments, drawings as follows:
A14.4.5.1. The building showing the rooms where classified national security information is processed. Show dimensions.A14.4.5.2. The building showing the area for zoning, if different from paragraph A14.4.5.1. Show dimensions.
A14.4.5.3. Identify adjacent occupants. Give significant distances between adjacent occupants and where classified national security information is processed.
A14.4.5.4. Show the floors above and below if the building is multi-storied. Identify occupants. Give significant distances.
A14.4.5.5. The portion of the installation showing the building. Identify occupants of buildings and structures within 100 meters.
A14.4.5.6. Show all fixed transmitting and receiving equipment.
A14.5. Equipment Zone Test Request. In addition to the information in paragraphs A14.1.1 through A14.1.4, provide the information identified in paragraphs A14.3.1 through A14.3.3. Omission of this information will delay your request. The information is used to determine the need for the test.
A14.6. Aircraft Test Request. In addition to the information in paragraphs A14.1.1 through A14.1.5, provide the information identified below. Omission of this information will delay your request. The information is used to determine the need for the test.
A14.6.1. Aircraft Identification. Identify the aircraft for testing by type, model, and series.A14.6.2. Equipment Identification. Identify the equipment for testing by nomenclature, manufacturer and model number.
A14.6.3. Transmitter and Receiver Identification. Identify all active and passive transmitters and receivers installed on the aircraft.
A14.6.4. Physical Control Data. If the equipment is operated while the aircraft is on the ground, describe access control measures established.
A14.6.5. Data Format. Describe in this paragraph whether the data is all numerical, an alpha-numeric mix, or alpha-numeric literal text.
SHIELDED CABLES
A15.1. Introduction. This attachment describes jacketed multiconductor twisted-pair cable consisting of an insulated, shielded, pair; or a bundle of twisted pairs contained in a single shield. It provides general guidance for usage and application when considering the overall engineering installation process for a particular system or facility.
A15.2. Physical Cable Characteristics.
A15.2.1. A cable may contain any number of individually twisted pairs.A15.2.2. A cable may contain conductors of any size.
A15.2.3. The cable is shielded. There are two ways to shield the cable:
A15.2.3.1. Tinned Copper Braid. The cable has an overall shielding of 85 to 90 percent tinned copper-braid coverage. A drain wire is not required in braided-copper shielded cable.A15.2.3.2. Foil Wrapped. The foil wraps the cable in an overlapping spiral. The overlaps must be z-locked. The cable must include a bare drain wire that has a lay such that it will make electrical contact with the shield throughout its length.
A15.3. Electrical Cable Characteristics.
A15.3.1. Do not use the shield as a signal return path.A15.3.2. Shielding must meet the following requirements:
A15.3.2.1. 100 decibels (sometimes abbreviated dB) from 300 to 15,000 hertz.A15.3.2.2. 80 decibels over the baseband video range up to 5 megahertz (sometimes abbreviated MHz).
A15.3.2.3. 60 decibels over the frequency range from one time to ten times the basic data rate of the digital signal.
A15.3.3. Crosstalk is permitted on adjacent pairs within a bundle.
A15.3.4. Achieve effective shielding for a cable by terminating the cable shield.
A15.3.4.1. Terminate the shield at both ends.A15.3.4.2. Do not use long pigtail and long ground-wire shield terminations. They drastically reduce shielding effectiveness and, in certain frequency ranges (dependent on pigtail length), can completely nullify the inherent shielding capability of a cable.
A15.3.4.3. If a pigtail is the only method of shield termination used in a particular situation, make the pigtails as short as feasible (one-half centimeter or less), and bond it to a low-impedance radio frequency ground such as a ground plate, chassis, or wide ground bus. A long slender ground wire is not an effective radio frequency ground and may instead become an antenna.
FILTERS AND ISOLATORS
A16.1. Introduction. This attachment describes the application, characteristics, and specifications of passive low-pass signal wire line filters, active low-pass signal wire line filters, photon-coupled (optical) signal wire line isolators, and power line filters.
A16.2. Passive Low-Pass Signal Wire Line Filters. These filters are relatively inexpensive and, generally, perform their intended function well. The intent of these filters is to attenuate by a specified amount all frequencies above a specified frequency.
A16.2.1. Filter Design Guidance. For the most effective performance, design signal wire line filters specifically for the particular application. However, using an existing design that approximates the desired characteristics is more economical to employ. Generally speaking, there are two types of signals that require filtering; analog signals such as voice or the tone output of modems, and digital signals that are in the form of square waves. Filter behavior and performance for each of these two types of signals are considerably different.A16.2.2. Analog Signal Wire Line Filters. Normally, analog signal wire line filters are designed to match a balanced 600-ohm signal pair (two 300-ohm filters). Curve A on Figure A16.1 illustrates the attenuation characteristics of a typical filter that is adequate for most voice-grade Western Electric 201 A/B modems, or equivalent. Filters designed to give attenuation characteristics of curve A are expected to introduce moderate phase and amplitude perturbation in the 1500 to 3300 hertz portion of the passband, even when used in an impedance-matched system. If there is an impedance mismatch to the filter, these perturbations will increase in proportion to the extent of the mismatch.
A16.2.3. Modems. Modems that operate at bit rates up to 9600 bits per second (bps) require specially compensated wire line facilities, and thus can tolerate a minimum of phase and amplitude distortion introduced by signal wire line filters. For applications of this type, filters designed to curve A on Figure A16.1 are not suitable. The alternatives are to design an expensive, multi-element, compensated filter with cutoff starting as indicated in curve A; or employ a simple filter designed with attenuation characteristics of curve B, which will introduce minimal phase and amplitude problems in the frequency band of the modem; 0-3300 hertz.
A16.2.4. Passive Low-Pass Inductive-Capacitive Filters. Using passive low-pass inductive-capacitive (sometimes abbreviated LC) filters to remove undesired frequency components from digital square-wave signals generates stringent design problems because of the tendency of inductive-capacitive filters to "ring" when the input signal is a square-wave. The best square-wave performance is obtained from an inductive-capacitive filter when it is both driven and terminated with its characteristic impedance; however, there is some ringing apparent and there is a 6-decibel (sometimes abbreviated dB) attenuation of the signaling voltage (e.g., plus or minus 6 volts to the filter driver will give plus or minus 3 volts out to the line). Since this degree of signal attenuation is not acceptable, generally, in a digital system, alternate approaches are available that provide minimum desired signal attenuation, with only a moderate increase in ringing.
A16.2.5. Digital Signal Wire Line Filters. Because of the harmonic content of digital signals, passive low-pass inductive-capacitive filters have limited application for digital signals. Other filter solutions such as active filters or photon-coupled isolators are effective.
A16.3. Active Low-Pass Signal Wire Line Filters. These filters perform the same function as passive filters, only better. The intent of these filters is to attenuate by a specified amount all frequencies above a specified frequency. This class of filter is subdivided into three categories: isolators, saturated amplifiers, and linear amplifiers. Active filters are defined as frequency-selective devices that employ electronic impedance, current, and voltage modifying elements, requiring the application of power for the utilization of their filtering properties. As opposed to passive filters, active filters are essentially one-way devices that use impedance mismatch as the primary basis for filtering action. Note also that the phase delay, passband, and stop-band characteristics of active filters vary widely from those of standard passive filters. On the whole, active filters are more readily adapted to digital applications; however, it is possible to design active filters to process analog signals with a minimum of distortion. Active filter types and uses are as follows:
A16.3.1. Isolators. The common characteristic of isolators is that they can provide direct current (sometimes abbreviated DC) and ground system isolation between input and output circuits, thus reducing the possibility of signal conducting ground loops. Isolators also offer design possibilities for nonlow-level signals in and low-level signals out, or vice versa; polar-to-neutral-to-polar conversion; and independent direct current levels for input and output circuits. To obtain these characteristics, separate power sources are necessary for input and output circuits. Isolators are divided into the following functional types: magnetic-, acoustic-, and photon-coupled isolators.A16.3.2. Magnetic-Coupled Isolators. The simplest form of a magnetic-coupled isolator is a conventional electromechanical relay. Such a device provides direct current isolation, but is limited to low baud rates and, unless it is a very special shielded design, only meager higher frequency attenuation is obtainable. Another form of magnetic-coupled isolator is the transformer-coupled type that employs a modulated oscillator in the input side that operates at a frequency that is at least ten times the highest baud rate, while the output side is equipped with either a suitable phase, frequency shift, or amplitude detector. Effective passive filtering of the input and output signal wire lines is essential to prevent the modulated high frequency signal from coupling out of the isolator onto the input and output lines. Standard relays were employed as isolators in teletype systems for many years; however, their principal capability is direct current isolation and level changing. Transformer-coupled isolators are not highly successful as digital devices; however, as analog devices, transformer coupling is used extensively to provide direct current isolation between equipment and balanced input and output lines.
A16.3.3. Acoustic-Coupled Isolators. Acoustic-coupled isolators are somewhat similar to transformer-coupled magnetic isolators, in that both employ a modulated oscillator and suitable detecting devices. In the acoustical device, the oscillator drives a transducer, which in turn excites a receive transducer through some non-conducting medium. The problems encountered with this type of isolator are similar to those of the magnetic-coupled type. In general, there is very little application of this type device.
A16.3.4. Photon-Coupled Isolators. Photon-coupled (optical) isolators are available in many different configurations. These range from integrated circuit components (containing both a light source and detector and provide only direct current and very low frequency isolation) to isolators which employ optical coupling through a waveguide (capable of providing more than 120 decibels (sometimes abbreviated dB) of both common-mode and transverse-mode isolation from direct current through 10 Gigahertz [sometimes abbreviated GHz]). Photon-coupled isolators are available for both digital and analog signal applications and can accept digital signaling speeds of several million bps and analog bandwidths of several megahertz (sometimes abbreviated MHz). Guidance for different types of photon-coupled optical signal-line isolators is in paragraph A16.4.
A16.3.5. Saturated Amplifiers. This type of active filter is a combination of saturated input and output amplifiers coupled together by means of a single resistive-capacitive (sometimes abbreviated RC) network. If an active feedthrough capacitor between the input and the output compartments and an independent power supply is used and designed into the enclosure, attenuation of transverse-mode unwanted signals of at least 100 decibels is possible. Using saturated amplifiers by themselves is not desirable because they do not provide common-mode isolation. Using an optical path in lieu of a conducted or capacitive penetration of the RED-to-BLACK shield adds minimum complexity and enhances security. See paragraph A16.4 for a discussion of photon-coupled isolators for use with an optical path.
A16.3.6. Active Linear Filters. Active linear filters are normally made up of linear amplifiers that incorporate frequency selective resistive-capacitive networks either as negative feedback elements or in-line filter elements, high-pass or band-injection types. In general, if a passive filter is designed well, it will provide a greater degree of attenuation of unwanted signals. This filter would cost more but the small size and versatile characteristics may justify the added cost. Also, active filters are currently being produced in chip-modular form that offer a greater variety of filtering characteristics.
A16.4. Photon-Coupled Isolators. When these are used as filters, they are very effective. Although more expensive than passive or active filters, sometimes the electrical isolation they offer is needed. Photon-coupled isolators can provide more than 120 decibels (sometimes abbreviated dB) of isolation in the 0-to-10 Gigahertz (sometimes abbreviated GHz) frequency range for lines passing through any equipment or equipment area interface requiring protection. This effectively prevents a conductive or capacitive path for compromising emanations from the RED equipment area to the BLACK equipment area and the uncontrolled access area. Note that a signal-line filter cannot perform the function of an isolator, because a conductive path is always present within the passband of the filter. Where more stringent isolation requirements exist, do not use standard signal-line filters because ground current loops are generated due to the low impedance to ground that the filter inherently has at frequencies above its cutoff frequency. These ground currents present the possibility of passing compromising emanations beyond the RED equipment area. Analog photon-coupled signal-line isolators provide attenuation of the unwanted signals equal to digital isolation in the "backward" direction. In the forward direction, they provide common-mode isolation equal to digital isolators, but do not provide transverse-mode isolation within the bandwidth of the signal being transmitted. The analog photon-coupled signal-line isolator is equal to the best active or passive filters. A photon-coupled signal-line isolator allows shielding the input and output modules by a ground plane connected only by a non-conductive optical path through a waveguide-beyond-cutoff penetration. A ground plane is a shielded room wall, a conduit box, the equipment housing, or other container. This arrangement assures a high level of signal isolation at all speeds.
A16.4.1. Common-Mode Signal Isolation. Common-mode signal isolation is defined as the degree of signal attenuation in decibels between the shorted input and the shorted output of the isolation device when the signal source is between the shorted input of the isolation device and ground reference. Connect the measuring equipment between the shorted output and the same ground reference. This definition applies to both forward and backward (output-to-input) isolation.A16.4.2. Advantages of Photon-Coupled Isolators. The advantages of using photon-coupled isolators are: (1) Eliminates the electrically conductive path of undesired signals between the input and output modules; (2) Attenuates the common-mode signals by use of waveguides operating below cut-off as attenuators; and (3) Eliminates undesired transverse-mode signals by filtering, pulse reshaping, or pulse regeneration. Mount the isolators inside a RFI cabinet or on the wall of a shielded room. Penetrate the shield in the form of a waveguide tube through which the optic path passes. Choose the dimensions of the waveguide tube to prevent passing radio frequency energy below 10 Gigahertz.
A16.4.3. Waveguide Attenuation Calculations. A waveguide of proper dimensions acts as an attenuator. Calculate the attenuation of a length of waveguide below its cutoff frequency using the following formula for circular waveguides: Attenuation (decibels) = 32 X L/D where L is the length of the waveguide and D is the inside diameter. For rectangular waveguides, the number 32 becomes 27.3 and D becomes the dimension of the rectangular cross section. Thus, a waveguide using a 6-to-1 ratio of length-to-diameter will have an attenuation of 192 decibels. The waveguide becomes an attenuator when the diameter becomes small in relation to a half-wavelength of the electromagnetic energy. A waveguide with a 1/4-inch inside diameter starts to cut off at approximately 4 Gigahertz and is 90 percent cut off at 10 Gigahertz.
A16.4.4. Power Required. Power photon-coupled signal isolators with two appropriate direct current (sometimes abbreviated DC) power supplies; one for the BLACK-side module, and one for the RED-side module. The mounting configuration is dependent on the number of lines isolated, the types of isolators chosen, and the condition of the area or system needing treatment. Various housing and penetration hardware configurations are available. Some isolators operate by power derived from line-loop current.
A16.4.5. Optical Isolator Specifications. Optical isolators are now available for audio, video, wideband, radio frequency, T-carrier, analog, and digital applications. Identify your input signal, speed, bandwidth, output signal, isolation, and distortion requirements.
A16.4.6. EMSEC Considerations. Because optical isolators usually handle BLACK signals, EMSEC is not normally a problem within the isolators. However, in some applications, isolators are used with RED signals; indicate that fact. Certain isolators are designed for RED applications, and their circuits are designed to prevent the generation of signals that will cause EMSEC problems.
A16.5. Power Line Filters. These filters are identical in electrical characteristics to low-pass filters but manufactured more robustly to handle the power. They are intended to attenuate by a specified amount all frequencies above a specified frequency.
A16.5.1. Introduction. This section covers the general characteristics of power line filters which are commonly used for either equipment or bulk filtering. The information below is general guidance for usage and applications when considering the overall engineering installation applications for a particular system or facility.A16.5.2. Limiting Characteristics. Do not consider power line filters as an assured method of adequately suppressing compromising emanations because of the reasons discussed below. The custom design of power line filters for each equipment where the need exists is preferred. It is easier to attain the required insertion loss with equipment filters because saturating inductors is a lesser problem due to lower current and because impedance mismatch is minimized due to known characteristics.
A16.5.3. As-Installed Performance. The as-installed stop-band attenuation of power line filters is often much less than manufacturers' specifications or attenuation measured in a test jig. Several factors influence the as-installed performance. These include the:
A16.5.3.1. Radio frequency impedance of the grounding system.A16.5.3.2. Presence of RED signal contamination on the grounding system.
A16.5.3.3. Isolation provided by the filter mounting scheme and external wiring.
A16.5.3.4. Influence of the filter design with respect to inducing RED signal currents on the grounding system. (A filter with an inductive input usually will induce much less signal current into the ground system than a filter with a capacitive input.)
Figure A16.1. Attenuation Characteristics of Analog Signal Wire Line
Filters.
[Not in original]
[End]
Conversion to HTML by Cryptome.