CHAPTER 3

COMMUNICATIONS SECURITY

LEARNING OBJECTIVES

Upon completing this chapter, you should be able to do the following:

Identify the procedures used in handling, inventorying, destroying, and setting up COMSEC equipment.

Identify reports and forms associated with CMS reporting requirements.

Identify the procedures and measures to be used with transmission security.

As a Radioman, you will often deal with sensitive subject matter that requires special security handling. It is for this reason that we have communications security (COMSEC). Within the framework of COMSEC, we have directives and requirements that deal specifically with communications material.

COMSEC involves all the protective measures taken to deny unauthorized persons information derived from the possession and study of telecommunications relating to national security. COMSEC also consists of the measures taken to ensure the authenticity of our communications. COMSEC includes the following:

Cryptosecurity, which results from measures taken to provide technically sound cryptosystems and their proper use;

Physical security, which results from physical measures taken to safeguard COMSEC material and information;

Transmission security, which results from measures designed to protect transmissions from interception and exploitation by means other than cryptoanalysis; and

Emission security, which results from measures taken to deny unauthorized persons information derived from the interception and analysis of emanations from crypto and telecommunications equipments.

In this chapter, we will see how these elements of COMSEC are unique to the duties of a Radioman.

CRYPTOSECURITY

The Navy has instituted a unique distribution system to achieve technically sound cryptosystems. The Navy has also developed strict accountability and control procedures to ensure proper use of cryptosystems.

COMMUNICATIONS SECURITY MATERIAL SYSTEM (CMS)

The CMS is designed to ensure the proper distribution, handling, and control of COMSEC material and to maintain the cryptographic security of communications. Procedures governing the CMS can be found in Communications Security Material System (CMS) Policy and Procedures Manual, CMS 1.

CMS Account

Every command with a CMS account is assigned an account number by the Director, Communications Security Material System (DCMS). A command or activity with a CMS account number receives its COMSEC material directly from national and Navy sources. A CMS account command may also be responsible for COMSEC material transferred to other commands. The command assigns a CMS custodian and alternates the responsibility for all overall management of the CMS account.

CMS Custodian and Alternate Custodians

The CMS custodian is the person designated in writing by the commanding officer to maintain the CMS account for the command. The alternate custodians are also designated in writing by the commanding officer and assist the CMS custodian.

In the custodian's absence, the alternates assume the duties of the custodian. Their duties include receiving, inventorying, destroying, and issuing COMSEC material and equipment to authorized users and local holders. They are also responsible for training all personnel involved in CMS and submitting required COMSEC reports to the proper authority in a timely manner. CMS 1 provides details on the responsibilities of the CMS custodian and alternates.

CMS Local Holder

A CMS local holder is a command or activity that receives its COMSEC material support from a CMS account command. The local holder command has a designated CMS custodian and alternates who are responsible to their commanding officer for the proper handling of COMSEC material and training of personnel involved. For example, if a ship drew all of its COMSEC material from a central account maintained by the squadron commander, the ship would have to be a local holder. Local holders must draw all of their material from only one CMS account and may not be local holders to two or more accounts.

CMS User

A CMS user is an individual who requires COMSEC material to accomplish an assigned duty or who needs COMSEC material for advancement study or training purposes. A CMS user must be properly cleared and authorized by the commanding officer to handle CMS material. As a Radioman, you will most likely become a user of COMSEC material.

CMS Witness

There may be times when you will be assigned as a CMS witness. You will be responsible for assisting a custodian or user in performing routine administrative tasks related to the handling of COMSEC material. As a witness, you must be familiar with applicable CMS procedures and command directives.

CMS Responsibilities

Whether you are a CMS user or a witness, you are responsible for the proper security, control, accountability, and destruction of CMS material in your workspace. Everyone involved with CMS material must comply with the procedures in CMS 1-related administrative and procedural publications. You must also comply with the CMS instructions of the command and higher authority.

CMS Training Requirements

The CMS custodian and alternates are responsible for training all personnel involved with COMSEC material in the proper handling, security, accounting, and destruction of COMSEC material. The CMS custodian may use the Personnel Qualifications Standards (PQS) for CMS as a training tool. All personnel who become involved with CMS should complete the PQS training course.

CMS Storage Requirements

COMSEC material must be stored separately from non-COMSEC material. This helps ensure separate control for COMSEC material and makes emergency destruction of COMSEC material easier. COMSEC material of different security classifications may be stored in the same security container drawer. COMSEC material, however, must be segregated according to classification so that it can be destroyed in a timely manner in an emergency.

Storage requirements for COMSEC keying material are more stringent than for nonkeying material. All COMSEC keying material requiring two-person integrity (TPI) must be stored in such a manner that a single person, including the CMS custodian, cannot obtain access. CMS 1 lists the storage requirements for COMSEC keying material.

Receipt

When COMSEC material is issued to a watch station, the area must be occupied and operated on a 24-hour, 7-day-a-week basis; an 8-hour, 5-day-a-week basis; or any similar basis (for example, combat information center (CIC)). COMSEC material received at a watch station must be signed for on a local custody document.

When you are on duty, the watch supervisor is responsible for all the COMSEC material listed on the watch-to-watch inventory. Additionally, any required page checks will be conducted prior to assuming responsibility for the listed COMSEC material.

Any inventory discrepancies found must be reported immediately to the CMS custodian or an alternate custodian in accordance with CMS 1 and also logged in the RADAY log.

CMS Inventory

Each time a watch section changes, the oncoming watch supervisor and a witness must inventory all COMSEC material held at a watch station. Two-person integrity must be maintained at all times during the inventory. When you inventory COMSEC material, you must do the following:

Account for all keying material and page-check open keying packages;

Visually inventory all COMSEC equipment and account for equipment by quantity; and

Page-check all COMSEC publications.

The inventory sheet must list COMSEC material by short title, edition, and accounting number (if any). Both persons must sign the inventory sheet. CMS 1 outlines the requirements for inventorying COMSEC material.

COMSEC Material Accounting Reports

COMSEC material accounting reports provide an audit trail for all accountable COMSEC material. Reports may be prepared manually or be computer-generated. There are specific requirements for submitting all reports, including where they go and who they go to. These requirements are found in CMS 1.

The following reports are briefly described as to their general use. This list is not all-inclusive.

1. Transfer Report- Used to document and report the transfer of COMSEC material from one CMS account to another or one holder to another.

2. Destruction Report- Used to document or report the physical destruction of COMSEC material. The destruction must be witnessed by two appropriately cleared and authorized persons. The report must be completed immediately after the material is destroyed. Destruction reports are not normally submitted to DCMS unless directed to do so by DCMS.

a. Local destruction- Destruction will be documented and retained locally using a SF 153, or a locally prepared equivalent form (CMS 25). Top Secret and Secret destruction reports must be kept for 2 years. Local destruction records are mandatory for all AL 1 and 2 COMSEC, regardless of classification, and optional for AL 3 and 4 COMSEC material classified Confidential and below.

_3. Receipt Report- Used to document or report receipt of COMSEC material (usually used with a transfer report).

4. Inventory Report- Used to document and report the physical inventory of COMSEC material. There are three types of CMS inventories. Fixed-cycle (FC), Special, and Combined.

a. Fixed-cycle inventory is to ensure that all accounts satisfy the national requirements for a semiannual inventory of keymat and an annual inventory of equipment and publications.

b. Special SF 153 inventory is to satisfy the Navy requirement to conduct and document the mandatory Change of Command and Custodian inventories.

c. Combined SF 153 inventory may sometimes be used for both the requirements for a Fixed-cycle inventory and a Special inventory.

5. CMS 25 ONE-TIME KEYING MATERIAL DESTRUCTION REPORT- This report is a two-sided document used to record destruction of individual, one-time keying material segments of COMSEC material. Side one is numbered 1-31 for daily use; the reverse side explains the digraphs that are printed to the left

^{6. CMS 25B COMSEC KEYING MATERIAL} of the short title on each segment of extractable