2 January 2000: Annex C revised to show additional recovered text. Contributions/corrections welcomed for the TEMPEST country threat list; send to cryptome.org -- anonymous if preferred.
1 January 2001
Source: Hardcopy from the National Security Agency in response to an
appeal of an earlier FOIA
request for TEMPEST-related documents. This is one of three full and five
partial documents received under the appeal. See NSA letter and list of
documents:
nsa-foia-app2.htm
For comprehensive TEMPEST information see: http://www.eskimo.com/~joelm/tempest.html
xxxxxxxx indicates redactions. Red text was recovered by close examination of crayoned redactions through which some text could be seen, enhanced by lightening of the crayon overwrite by xerography to reveal the darker text.
[19 pages.]
CONFIDENTIALNSTISSI No. 7000 29 November 1993 NSTISS NATIONAL SECURITY TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY TEMPEST COUNTERMEASURES FOR FACILITIES SECRET ATTACHED [by hand] CLASSIFIED BY DIRNSA (NATIONAL MANAGER, NSTISS) DECLASSIFY ON: ORIGINATING AGENCY'S DETERMINATION REQUIRED NOT RELEASABLE TO FOREIGN NATIONALSCONFIDENTIAL
CONFIDENTIALNSTISS CHAIRMAN NATIONAL SECURITY TELECOMMUNICATIONS November 29, 1993 AND INFORMATION SYSTEMS SECURITY COMMITTEE FOREWORD 1. (U) National Security Telecommunications and Information System Security Instruction (NSTISSI) No. 7000, "TEMPEST Countermeasures for Facilities," establishes guidelines and procedures that shall be used by departments and agencies to determine the applicable TEMPEST countermeasures for national security systems. This document supersedes National Telecommunications and Information Systems Security Instruction (NTISSI) 7000, TEMPEST Countermeasures and Facilities," dated 17 October 1988. 2. (U) Representatives of the National Security Telecommunications and Information Systems Security Committee may obtain additional copies of this directive from: Executive Secretariat National Security Telecommunications and Information Systems Security Committee National Security Agency Fort George G. Meade, MD 20755-6000 3. (U) U.S. Government contractors should contact their Contract Officer's Representative regarding distribution of this document. 4. (U) This document is not releasable to the Defense Technical Information Center. [Signature] EMMETT PAIGE, JR. NOT RELEASABLE TO FOREIGN NATIONALSCONFIDENTIAL
CONFIDENTIALNSTISSI No. 7000 TEMPEST COUNTERMEASURES FOR FACILITIES SECTION Background . . . . . . . . . . . . . . . . . . . . . . I Purpose and Scope . . . . . . . . . . . . . . . . . . II Definitions . . . . . . . . . . . . . . . . . . . . . III Threat Environments . . . . . . . . . . . . . . . . . IV Requirements . . . . . . . . . . . . . . . . . . . . V Countermeasures . . . . . . . . . . . . . . . . . . . VI SECTION I - BACKGROUND 1. (U) Electronic and electromechanical information- processing equipment can produce unintentional intelligence-bearing emanations, commonly known as TEMPEST. If intercepted and analyzed, these emanations may disclose information transmitted, received, handled, or otherwise processed by the equipment. 2. (C) Axxxxxxxxxxxxxxxx demonstrate xxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx product exploitation xxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxx factors as political risks and the xxxxxxxx intelligence capabilities within the targeted country. SECTION II - PURPOSE AND SCOPE 3. (U) This instruction establishes guidelines and procedures for determining the applicable countermeasures for nationalt security systems. This instruction applies to all federal departments and agencies and their agents, which include, but are not limited to, contractors, consultants, and licensees. NOT RELEASABLE TO FOREIGN NATIONALSCONFIDENTIAL
CONFIDENTIALNSTISSI No. 7000 SECTION III - DEFINITIONS 4. (U) Definitions contained in NCSC-3 (TEMPEST Glossary), and NSTISSI No. 4009 (National INFOSEC Glossary) apply. For the purpose of this instruction the following definitions also apply. a. (U) Certified TEMPEST Technical Authority (CTTA) - An experienced, technically qualified U.S. government employee who has met established certification requirements in accordance with NSTISSC-approved criteria and has been appointed by a U.S Government Department or Agency to fulfill CTTA responsibl-lities. b. (U) Inspectable Space - The three-dimensional space surrounding equipment that process classified and/or sensiltfve information within which TEMPEST exploitation is not considered practical or where legal authority to identify and/or remove a potential TEMPEST exploitation exists. c. (C) Special Category information - For the purposes of this document, consists of information related to xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxx(SCI)xxxxxxxxxxxxxxxxSIOP) SECTION IV THREAT ENVIRONMENTS 5. (C) Outside the United States, the TEMPEST threat varies, xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxx interests xxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx a. (C) A High Threat Environment is one in which the xxxxxxxxxxxxxxxxxxxxxxxxxxxx equipment and the xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx United States that would otherwise be characterized xxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxx NOT RELEASABLE TO FOREIGN NATIONALSCONFIDENTIAL
CONFIDENTIALNSTISSI No. 7000 b. (C) A Medium Threat Environment is one in which the xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx risks if a xxxxxxxxxxx exploitation were discovered. c. (C) A Low Threat Environment is one in which a close xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx risks if a xxxxxxxxxxx exploitation were discovered. 6. (C) Within the United States, its trust territories and possessions, xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx discovery of a technical opexxxxxxxxxxxxxxxx 7. (U) Annex A provides tne National Manager's annual assessment of the TEMPEST threat. SECTION V - REQUIREMENTS 8. (U) This instruction establishes the requirement to review the Tempest posture of certain facILITIES where national security information is processed. A CTTA must conduct or validate all TEMPEST countermeasure reviews required by this instruction. However, the requirement for the CTTA to conduct or validate such review does not necessarily imply the need to implement TEMPEST countermeasures. When the CTTA identifies the need to implement TEMPEST countermeasures at a specific facility, the CTTA will recommend the most cost effective countermeasure which will contain compromising emanations within the inspectable space to the decision authority designated by the department/agency head. 9. (U) Outside the United States: a. (C) Facilities located in a High Threat Environment require the highest security protection levels of TEMPEST countermeasures. Equipment processing information at levels of UNCLASSIFIED through TOP SECRET will be reviewed. b. (C) Facilities located in a Medium Threat Environment that process xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx NOT RELEASABLE TO FOREIGN NATIONALSCONFIDENTIAL
CONFIDENTIALNSTISSI No. 7000 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (1) xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (2) xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx federal department/agency of xxxxxxxxxxxx. TEMPEST countermeasures will not be applied to facilities processing only UNCLASSIFIED. C. (C) Facilities located in a Low Threat Environment that process TOP SECRET information will be reviewed xxxxxxxxxxxx that process SECRET information will be reviewed if: (1) they are located within 200 meters of a xxxxxxxxxxxxxxx a country on the xxxxx NSTL, or (2) they process xxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxx an entity other than a federal department/agency xxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 10. (C) Within the United States, its trust territories and possessions, xxxxxxxxxxxxxxxxxxxxxxx will not xxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxx a. (U) TOP SECRET (Special Category and non-Special Catergory) information is processed, or b. (C) xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxx (1) xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (2) xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxx other than a federal department/agency or its agents. 11. (U) Where a TEMPEST countermeasure review indicates the need to use equipment meeting national standards contained in NSTISSAIM TEMPEST/1-92 every effort shall be made to use equipment listed in the Information Systems Security Products and Services Catalog or the NATO Recommended Products List (NRPL). NOT RELEASABLE TO FOREIGN NATIONALSCONFIDENTIAL
CONFIDENTIALNSTISSI No. 7000 12. (U) A CTTA must meet the following certification requirements: a. Completion of three continuous years of TEMPEST technical experience, including at least one year's experience in evaluating TEMPEST vulnerabilities of operational facilities and making recommendations on TEMPEST countermeasures. b. Completion of mandatory NSTISSC-approved training on the technical threat and the CTTA TE14PEST Countermeasures Application Course. c. Completion of NSTISSC-approved technical training. Technical training requirements may be waived by department or agency heads, in consultation with the National Manager. 13. (U) The CTTA shall determine the Inspectable Space for a facility. 14. (U) The CTTA shall maintain a record of all TEMPEST countermeasure reviews conducted, recommendations provided and estimated cost of implementation. SECTION VI COUNTERMEASURES 15. (C) TEMPEST countermeasures consist of xxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 16. (U) The TEMPEST countermeasure reviews required by this document shall be conducted considering, as a minimum, the factors identified in Annex B. NOT RELEASABLE TO FOREIGN NATIONALSCONFIDENTIAL
CONFIDENTIALANNEX B TEMPEST COUNTERMEASURE REVIEW (U) In conducting TEMPEST countermeasure reviews, the CTTA shall, as a minimum, evaluate the following factors. 1. (C) Location - xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxx systems and the proximity to the establishments xxxxxxx of countries on the National Security Threat List (NSTL) and other countries that could pose a technical threat to the information being processed. 2. (U) Volume of Information Processed - Consider the percentage and volume of information processed at the UNCLASSIFIED, SENSITIVE, CONFIDENTIAL, SECRET and TOP SECRET level. Determine the number of pages, messages, screens, etc. for each of the above classification levels. 3. (U) Sensitivity of Information Processed - Consider the sensitivity of the information being processed by the equipment and facility (e.g., DOE - Restricted Data; DCI - Sensitive Compartmented Information (SCI); Joint Staff - SIOP). This will be useful in determining the likelihood that an adversary may target the facility. 4. (U) Perishability of Information Processed - Consider if the information being processed is of long term value (e.g. strategic) or short term value (e.g. tactical). 5. (U) Physical Control - Consider the physical/access control over the facility and areas containing the system under review. This includes guards (number, hours of posting, patrols, etc.); badging; control over access to facility; alarms; procedures to monitor/control uncleared or unauthcrized personnel including char force, vending personnel, and telephone/power maintainers/installers. Determine the level of authority which exists for the inspection or removal of personnel who could potentially exploit TEMPEST vulnerabilities. Examine the posting of warning signs and the implementation of procedures in effect to exercise control over parking and other areas adjacent to or in close proximity to the facility/system under review. 6. (U) TEMPEST Profile of Equipment - Consider generic or actual TEMPEST profile information for each equipment/system used to process classified information at the facility. Consider existing on-site TEMPEST test results for the facility. NOT RELEASABLE TO FOREIGN NATIONALSCONFIDENTIAL
AS OF: 22 NOVEMBER 1993 DISTRIBUTION: NSA NSC OMB (Intel Branch NSD) OASD (C31/TS) (2) ODASD (CI & SCM) DODSI DA (SAIS-SDC) (15) CNO, (C652C) (3) CMC (CC) (5) COMJSOC (J62) The Joint Staff P6K) (2) The Joint Staff (DIRM/SCD/ISOB) USCINCLANT (J6) (2) USCINCCENT (CCJ6) (4) USCINCEUR (ECJ6-CSS) (2) CINCFOR (FCJ6) (2) USCINCPAC (J6) (2) USCINCSO (SCJ6) (2) USCINCSPACE (J4-J6) (2) USCINCSOC (SOJ6) (2) USSTRATCOM (2) USCINCTRANS (TCJ6) (2) A.FC4A/DSS (3) HO USAF (SCXX) (3) EQ USAF (SCS) (3) HQ AFC4A/DSSC (5) COMUSFJAPAN (J6) (2) C014USFKOREA (J6) (2) Defense Courier Service (2) DIA (DSE-2B) (10) DIR JITC DIS (V0432) (5) DIS (VO060) DLA (DLA-CAASA) (2) DNA (ISIS) CDR JIEO COMDT COGARD (G-TTS-4) (3) COMCOGARDLANTAREA COMCOGARDPACAREA COMCOGARDONE COMCOGARDTWO COMCOGARDFIVE COMCOGARDSEVEN COMCOGARDEIGHT COMCOGARDNINE COMCOGARDELEVEN FOR OFFICIAL USE ONLY
COMCOGARDTHIRTEEN COMCOGARDFOURTEEN COMCOGARDSEVENTEEN COMSPAWARSYSCOM (PMW 151) (3) DCMS (TD) (2) CG MCDEC (DEVCEN C3) (2) Dept. of Agriculture (MSD/FAS) (2) Dept. of Commerce (OIRM/TMD) (2) Dept. of Energy (AD241.1) (2) Dept. of Health & Human Services (IG) (2) Dept. of Interior (PPS-S NS5040 MIB) (2) Dept. of Justice (JMD/SEPS) (2) Dept. of State (DS/CMI/ISS) (5) Dept. of State (SA-341 DTS-PO) Dept. of State (A/IM/SO/TO/SI (2) Dept. of Transportation (OIS M-70) (2) Dept. of Treasury (MST) (10) CIA (OC-CSD) (2) CIA (DIR OIT) (2) CIA (C/PAG/OS) (2) CIA (Chief, TEMPEST Division, (OS) (2) CIA (Chief INFOSEC OIT) CIA (Reference Library) DIR, CCISCMO (2) DIR, CCISCMO (Planning Office) (2) DISA (Code DIPP) (5) DISA (Code TG) DISA (Code TGE) DMA (TSC) DMA (IS) Drug Enforcement Administration (OSTC) (2) FAA (ACO-300) (6) FBI (TSD) (5) FCC (OMD) (2) FEMA (NP-IR) (3) GSA (KVI) (6) NASA (JLS) NASA (OS) (2) NASA (JT) NCS (MGR) (2) NESSEC (1) NRC (8203-MNBB) (3) USDELMC (INFOSEC REP) U.S. Customs Service (65) WHCA FOR OFFICAL USE ONLY
SECRETNSTISS NATIONAL MANAGER NATIONAL SECURITY TELECOMMUNICATIONS 13 March 1995 AND NSTISSC-007-95 INFORMATION SYSTEMS SECURITY COMMITTEE MEMORANDUM FOR DISTRIBUTION SUBJECT: Annex A to NSTISSI No. 7000, "TEMPEST Countermeasures for Facilities," dated 29 November 1993 - INFORMATION MEMORANDUM 1. NSTISSI No. 7000 established guidelines and procedures that shall be used by departments and agencies to determine the applicable TEMPEST countermeasures for national security systems. Enclosed is Annex A to this instruction which provides TEMPEST threat categorizations to be used in determining and applying appropriate TEMPEST countermeasures. 2. A previous version of this annex dated 3 June 1991 and updated on 17 September 1991 should be destroyed. Please append the attached version of Annex A to your copy of NSTISSI No. 7000. [Signature] J. M. McCONNELL Vice Admiral, U.S. Navy Encl: a/s DISTRIBUTION: Attached Declassify Upon Removal of the Enclosure.NOFORNSECRET
Annex A THE TEMPEST THREAT TO FACILITIES SECTION I - PURPOSE 1. (SECRETC) The purpose of this annex is to provide Certified TEMPEST Technical Authorities and others who have a xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxx The mandate for this information is set forth NSTISSP No. 300, "National Policy on Control of Compromising Emanations," dated 29 November 1993, and NSTISS No. 7000, TEMPEST Countermeasures for Facilities," dated 29 November 1993. SECTION II - SCOPE 2. (C) This annex identifies the high, medium, and low TEMPEST threat environments xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxx the TEMPEST threat is low. 3. TEMPEST threat levels were established by considering various factors, to include, but not limited to: - xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx and xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx intelligence services to target the xxxx presence. - xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx neglect xxxxx target xxxxxxxxxxxxxxx considered. - xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx vulnerabilities and exploitation potential. - xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxx not necessarily conclusive. x Annex A to NSTISSI No. 7000 dated 29 November 1993 NOT RELEASABLE TO FOREIGN NATIONALSAnnex A to NSTISSI No. 7000 2 dated 29 November 1993 NOTE RELEASABLE TO FOREIGN NATIONALSSECRET
SECRET4. (C) xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx7 PAGE(S) WITHHELD FOR THE FOLLOWING REASON(S): X (b)(1) of the FOIA _____ subparagraph 1.5(b) of E.O. 12958 X subparagraph 1.5(c) of E.O. 12958 _____ subparagraph 1.5(d) of E.O. 12958 X subparagraph 1.5(g) of E.O. 12958 X (b)(3) of the FOIA _____ 18 U.S.C. § 798 _____ 50 U.S.C. § 403-3(c)(6) X 50 U.S.C. § 402 note (Public Law 86-36) (b)(4) of the FOIA (b)(5) of the FOIA (b)(6) of the FOIA Not reasonably segregable for release Not Responsive to the requestSECRET
STS/SISS-018-95 19 September 1995 MEMORANDUM FOR DISTRIBUTION SUBJECT: Annex C to NSTISSI No. 7000 - ACTION MEMORANDUM 1. During the development of NSTISSI No. 7000, TEMPEST Countermea- sures for Facilities, dated 29 November 1993, the TEMPEST Advisory Group (TAG) agreed that the reference to the FBI's National Security Threat List [see below] (NSTL) should be replaced with a list based specifically on the ability and motivation of a foreign government to conduct a TEMPEST attack against the U.S. Government. The FBI's NSTL was the best source at that time, but was developed without consideration of a country's TEMPEST capabilities. Since the ratification of the national policy, the NSA INFOSEC Threat Office has researched the TEMPEST threat posed by foreign governments and developed a list of countries that have demonstrated hostile intentions toward U.S. interests and are known to exploit compromising emanations. 2. In accordance with the National Manager's responsibilities under NSTISSP No. 300 to publish an annual assessment of the domestic and foreign TEMPEST threat, the TAG has prepared the enclosed annex, enumerating those countries, to be issued to all holders of NSTISSI No. 7000 as a replacement for all references to the FBI's NSTL. Also enclosed are the pen and ink changes required in NSTISSI No. 7000 to implement the new annex. 3. If additional information or assistance is required, the Secretariat point of contact for this action is Pat Griffith, who can be reached at (410) 859-6805. xxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxx Encls. a/s National Security Agency ATTN: V503, Executive Secretariat Ft. George G. Meade, MD 20755-6000 (410) 859-6805 - UFAX: (410) 859-6814 SFAX (410) 859-6805 Declassify Upon Removal of Enclosure Classified By: NSA/CSSM 123-2 Declassify On: OADRCONFIDENTIALNSTISS MANAGER NATIONAL SECURITY EXECUTIVE SECRETARIAT TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY COMMITTEECONFIDENTIAL
To all holders of NSTISSI No. 7000, please make the following changes to your document. Section IV - Threat Environments, paragraph 5., a. fifth line. Cross out the xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx TEMPEST capabilities. Section IV - Threat Environments, paragraph 5., a. sixth line. Cross out xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxx Section V - Requirements, paragraph 9.b., (1) xxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Section V - Requirements, paragraph 9.c., (1) xxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Section V - Requirements, paragraph 10.b., (1) xxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Annex B - paragraph 1., third line. Cross out xxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx NSTISSI No. 7000 Change 1 19 September 1995 Classified By: NSA/CSSM 123- Declassify On: OADRCONFIDENTIALCONFIDENTIAL
[Annex C revised 2 January 2000 to show additional recovered text.]ANNEX C THE TEMPEST THREAT TO FACILITIES (C) This annex provides Certified TEMPEST Technical Authorities and others, who have a responsibility determining TEMPEST capabilities xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx which have the capabilities to use TEMPEST xxxxxx against the U.S. Government. xxxxxxxxxxx Bulgaria [?] Czech Republic [?] Hungary Poland [?] xxxxxxxxxxx Cuba [?] xxxxxxxxxxx France Germany xxxxxxxxxxx Israel xxxxxxxxxxx Japan Netherlands Norway [?] People's Republic of China South Africa Taiwan xxxxxxxxxxx Sxxxxxxxxxx Slovakia [?] xxxxxxxxxxx *Known to have xxxxxxxxx TEMPEST xxxxxxxxxx against U.S. interests. NSTISSI No. 7000 Annex C 19 September 1995 Classified By: NSA/CSSM 12 Declassify On: OADRCONFIDENTIALCONFIDENTIAL
2 PAGE(S) WITHHELD FOR THE FOLLOWING REASON(S): X (b)(1) of the FOIA _____ subparagraph 1.5(b) of E.O. 12958 X subparagraph 1.5(c) of E.O. 12958 _____ subparagraph 1.5(d) of E.O. 12958 X subparagraph 1.5(g) of E.O. 12958 X (b)(3) of the FOIA _____ 18 U.S.C. § 798 _____ 50 U.S.C. § 403-3(c)(6) X 50 U.S.C. § 402 note (Public Law 86-36) (b)(4) of the FOIA (b)(5) of the FOIA (b)(6) of the FOIA Not reasonably segregable for release Not Responsive to the request
SECRET[Blank sheet]SECRET
Transcription and HTML by Cryptome.
For comparison with the TEMPEST country threat list here is the FBI's classified National Security List for 1999-2000:
From a FBI Director Louis Freeh letter to Congress:
FBI National Security List / NTSL Country Threat List 1999/2000
CubaIraq
Iran
Libya
North Korea (People's Democratic Republic of Korea)
People's Republic of China (PRC)
Russian Federation
Sudan
Syria
Taiwan
Vietnam (Socialist Republic of Vietnam)
Federal Republic of Yugoslavia
Republika Srpska (the Serb-controlled region of Bosnia under the Dayton Accords)
Note that US allies and friends are not on the NSTL as they are on the TEMPEST
list. Russia has TEMPEST capabilities though not it is not discernible on
the TEMPEST list.