AFSSI 7700 PDF
AFSSI , Emission Security Countermeasure Review, 30 January Adopted Forms. AF Form – Recommendation for Change of. Implement measures to protect against compromising emanations according to AFSSI and associated EMSEC specialized publications. The Air Force policy is contained in AFSSI , Emission Security. Portions of these documents are paraphrased or referenced throughout this document.
|Published (Last):||22 November 2018|
|PDF File Size:||18.15 Mb|
|ePub File Size:||4.89 Mb|
|Price:||Free* [*Free Regsitration Required]|
Publications and forms are available on the e-publishing website at for downloading or ordering. There are no releasability restrictions on this publication. Contact the host’s security officials for guidance. It also includes new information on smart card readers, digital senders and cryptographic equipment.
Dual monitor separation requirements have also been clarified. Portions of these documents are paraphrased or referenced throughout this document. Compromising emanations are unintentional signals that, if intercepted afsai analyzed, would disclose the afssi security information transferred, received, handled, or otherwise processed by information-processing equipment.
These emanations or TEMPEST signals are a function of the TEMPEST characteristics of the information processing equipment, the way the equipment is installed, the electromagnetic and physical characteristics of the facility, and the geographical environment where the facility is located.
The IS may be the base perimeter, a fence around the facility, a building, or a room in a building. The means of escape may be spatial radiation, or conduction through phone lines, power lines, a transmitter, etc.
This approach requires radio frequency RF attenuation 77700 be performed to characterize each facility. Subsequent interpretation of the attenuation 77000 according to prescribed criteria allows the partitioning of the facility by zone designations.
Once a facility has been “zoned,” the zone assignments may be used in conjunction with TEMPEST test data to assure existing equipment and systems are appropriately located and future equipment and systems are designed and built to appropriate TEMPEST requirements.
This concept has proven to be extremely effective. Not only have increased flexibility and substantial savings been realized, but most importantly, field testing has shown that facilities using the zoning concept have become increasingly more “TEMPEST Secure. Conducted emanations must be considered separately Good Engineering and Installation Practices. Good engineering and installation practices are those which provide neat, clean, and orderly installations; protect cabling from inadvertent physical damage; provide a degree of cable accountability; and enhance the electronic security of AFISRA activities.
These practices reduce electromagnetic interference, improve operational capability, facilitate ease of operation and maintenance and improve the overall appearance of installed systems Separation Distances in National Policy. Information on the DIA accreditation process can be found at: Other San Antonio area facilities may also fall under this program as units are relocated.
What Air Force Systems Security Instruction (AFSSI) directs – ProProfs
Program reviews will be scheduled and conducted throughout the calendar year. TEMPEST officers must be appointed at all organizational levels necessary to exercise span of control related to size and geographic dispersion.
Submit afssu when changes are required. The library can be maintained electronically. These local program reviews are performed throughout the year instead of in September Maintains records of inspections that identify TEMPEST discrepancies and corrective actions in unit files until all discrepancies are corrected. All AFISRA personnel who prepare or process requirements documents, operations plans, policies, directives, self-help installation projects, and any other document that proposes processing classified information electronically will ensure TEMPEST is considered.
This afsi also applies to engineering proposals that result in operating, procuring, maintaining, or installing AFISRA equipment and systems, which process national security information.
An experienced, technically qualified government employee who has met established certification requirements according to National Security Telecommunications and Information Systems Security Committee approved criteria and has been appointed by a United States Government afesi or agency to fulfill CTTA responsibilities. The single principal designated by the Senior Official of the Intelligence Community to serve as the responsible official for all aspects of security program management with respect to the protection of intelligence sources and methods.
All national security information classified under the provisions of an executive order, for which special community systems of compartments e. Unintentional signal that, if intercepted and analyzed, would disclose the information transferred, received, handled, or otherwise processed by any telecommunications or afsssi information systems equipment. A technical evaluation of a facility that identifies the inspectable space, the required countermeasures, and the most cost effective way to apply required countermeasures.
Unintended signals or noise appearing external to equipment. The protection resulting from all measures taken to deny unauthorized persons information of value that might be derived from communications systems and cryptographic equipment intercepts and the interception and analysis of compromising emanations from cryptographic equipment, information systems, assi telecommunications systems.
A measure of both the existence and the compromising nature of an emanation. Hazards exist if, and only if, compromising emanations are detectable beyond the inspectable space. The organized collection, processing, transmission, and dissemination of information, in accordance with defined procedures, whether agssi or manual. In information warfare, this includes the entire infrastructure, organization, and components that collect, process, store, transmit, display, disseminate, and act on information.
The three dimensional space surrounding equipment that processes classified national security or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify or remove a potential TEMPEST exploitation exists and is exercised. Consists of a tag identifying the signal on the cable. Consists of a color band or similar identifier on a cable to identify the level of classification of the information on the cable. Information that has been determined, pursuant to Executive OrderClassified National Security Information, April 17,or any predecessor order to require protection against unauthorized disclosure, and is so designated.
Separation of electrical and electronic circuits, components, equipment, and systems that handle classified plain text RED information in electrical signal form from those, which handle unclassified or encrypted BLACK information in the same form. A short name referring to the investigation, study, and control of compromising emanations from telecommunications and automated information processing systems.
COMPLIANCE WITH THIS PUBLICATION IS MANDATORY
The installation criteria apply to all AFISRA activities and components including telecommunications centers, sfssi support these activities.
At AFISRA activities where the unit is a tenant to another organization, enforce these guidelines to the fullest extent the host base allows. Be aware that criteria can be different between collateral and SCI areas. This guidance is afssj to promulgate, clarify, and augment national and United States Air Force installation guidance.
Accordingly, operations floors and computer centers were a maze of special plumbing, which became an installer’s nightmare. In theory, all of the system wiring from the receiver outputs, through all afsxi, recording and printing devices would be RED and all antenna cables would be BLACK. Periodic TEMPEST testing of entire field stations over the years has confirmed this theory and no compromising emanations have been found beyond the operations building.
COMPLIANCE WITH THIS PUBLICATION IS MANDATORY – PDF
A With 7070 change in the world’s threat situation and the proliferation of commercial-off-the-shelf personal computers in the office environment and in AFISRA’s large mission areas, previous guidance was no longer practical. TEMPEST requirements are now based on criteria such as threat, amount of inspectable space, equipment type, physical control, etc. Although the term “good engineering and installation practices” is nebulous, it is the.
For clarity, consider good engineering and installation practices as those which provide neat, clean, and orderly installations; protect cabling from inadvertent physical damage; provide wire line accountability; and enhance the electronic security of AFISRA activities.
These practices reduce electromagnetic interference, improve operational capability, facilitate ease of operation and maintenance and improve the overall appearance of installed systems.
A In addition to TEMPEST standards, there may be other installation standards to consider such as the National Electrical Code, local construction standards, and in particular NSA installation standards, which afzsi be found at Failure to follow these standards can result in significant delays, additional costs, and possible denial of services.
Signal Distribution and Installation. If a metallic cable does not have at least one overall nonferrous shield, install the signal lines in conduit or duct. A Fiber Optic Cable. Fiber optic cable does not have an electromagnetic field that would cause a TEMPEST problem and does not require shielding or separation. A Afsei Signal Cables. Cables equipped with foil-type shields that generally provide adequate shielding for analog signals.
A Digital Signal Cables. Cables carrying digital data signals require a foil or braided shield that provides a minimum coverage of90 percent. Connect the shields to the RF-tight EMI electromagnetic interference connectors on each end so that degree continuity between the cable shield and the connector is achieved.
A Do not use cable shields as intentional current carrying conductors or as signal returns. A Remove all abandoned and unused cables and conduit unless specifically programmed for use at a later date. Identification and Marking Requirements. Afsai The primary purpose of marking cables is to prevent accidental cross connections that could lead to a security incident.
Different color cables or connectors may also be used for marking.
Other color schemes may be used as long as they are documented, standardized and well understood by the organization. A To standardize marking, control placement of signal lines and maintain an accountability of the signal lines between systems. Mark and label all signal lines at both ends unless both ends can easily be seen i.
A The above policy applies to lines that run between different racks, hubs, switches, patch panels, etc. Lines contained within the racks do not require marking. A Mark all cables entering or leaving systems or racks containing equipment of multiple classifications regardless of where these systems or racks are installed. A Mark the duct or conduit approximately every 25 feet and upon entering and exiting a wall or ceiling. Alternative methods of marking the conduit, such as paint, are acceptable if they clearly identify the highest classification level contained.
Before implementing alternate schemes, consider the difficulty of changing the marking if the classification level changes and specific installation standards for some systems which may include marking requirements.
A Equipment classification is determined by the level of information processed and the equipment is typically marked with Standard Form series labels. A Typically, office and administrative workspaces have equipment and systems telephone, fax, computer, etc that are classified at various levels.
Mark cables and ducts in the office and administrative areas. The requirement to prevent inadvertent cross patching can be met in one of several ways.
A Use different styles of connectors or cabling to distinguish between classification levels. Physical separation by a distance, which would eliminate the possibility of cross patching.
Different software protocol for each level of classified information that will not allow interface with other levels. A SCI patch panels. A SCI patch panels must be uniquely wired, using different style jacks or plugs or sufficiently separated from other patch panels to prevent inadvertent cross connects.
A Since TEMPEST requirements are based on the location, inspectable space, type of equipment, physical control, etcetera; each unit or facility may have different installation criteria.
Keep this letter or message on file. However, sufficient precautions must be taken to ensure that no inadvertent cross connections between these systems occur. A Many separation requirements use the term wirelines exiting the inspectable space to identify a subset of cabling that requires separation. For clarity, all cabling should be. A Signal line filters may be required on signal lines exiting the inspectable space on a case-by-case basis. Optical isolators are the preferred method of signal isolation.
Fortuitous conductors, which service or transit the secure area such as water lines, sewer lines, steam pipes, and any other metallic structures, are considered a means of escape for classified information.
These typically consist of non-conductive breaks or grounding criteria. A Ideally, install video equipment in break rooms and other areas where classified information is not discussed or electronically processed.