What are the two broad categories for official information and materials?
Classified
Unclassified
This is information that is owned by, and produced or is subject to the control of the United States government and supported agencies.
Official information
This information is information that must be safe guarded in the interest of national security, and that of our allies.
Classified information
What are the three classification levels that are assigned by who?
Top secret
Secret
Confidential
NSA is who assign the levels of classification
This is the highest NSA classification and is given to any information and material that is expected to cause exceptional “grave” damage to national security if it were to fall in the wrong hands.
Top secret
What information is held to the highest degree of protection?
Top secret
This is the NSA classification given to any information that is expected to cause a serious level of damage to national security if revealed.
Secret
This is the NSA classification given to any information that is expected to cause “damage” or identifiable damage to national security
Confidential
True/false
Unclassified information needs no limited degree of control or protection
False
This is any information that requires minimum safeguarding to prevent widespread distribution to the public.
For official use only
FOUO
What act does for official use only fall under to prevent the release to the public?
Freedom of information act.
True or false
Markings are required for documents containing FOUO.
True
What are the two unclassified FOUO information?
Privacy act
Critical information
What year was the privacy act enacted?
1974
What are some examples of the privacy act govern?
Social security number
Date of birth
Name
How long do you keep privacy act information, and how is it disposed of?
Only as long as necessary and must be destroyed.
What is critical information?
Any unclassified information providing clues in regards to US and friendly forces activities, capabilities, intentions or limitations.
According to AF133-201V1, what is COMSEC?
Refers to measures and controls taken to deny any unauthorized persons information derived from information systems of the United States government related to national security and to ensure the authenticity of such information systems.
What are the components of COMSEC?
TRANSEC
CRYPTOSEC
EMSEC
Physical security
True/false:
TRANSEC techniques are not used to protect or secure transmitted classified or sensitive information.
(If false, make it true)
True
What are authorized TRANSEC Methods?
Changing radio frequencies Cancel or alter communications patterns Implement radio silence Use frequency hopping systems Use directional antennas
This is a component of COMSEC resulting from the application of measures designed to protect transmission from intercepting and exploitation by means other than “cryptanalysis” or complex code-breaking techniques used to reveal encrypted information
Transmission security (TRANSEC)
What is crypto security?(CRYPTOSEC)
Provisions and proper use of technically sound crypto systems.
This security is the part of the COMSEC that results from using all physical measures necessary to safeguard information or material from access by unauthorized persons.
Physical security
This determines protective measures that will deny unauthorized personnel access to classified and in some instance, unclassified information and intelligence that might be derived from the interception and analysis of unintentionally emitted electrical signals from system processing this information.
Emission security (EMSEC)
Cryptography relies on what two basic components?
Algorithm
Crypto-key
What is cryptography?
The transformation of ordinary plain text in to code from(cipher text) and then recovering the plaintext data from its cipher text form
This is authorized use of cryptographic system to return encrypted information to its original, readable form
Decryption
This is the mathematical function or formula used in encryption and decryption
Algorithm
This is known as a key “variable” is the parameter or numerical value used in encryption and decryption
Crypto-key
The act or science of deciphering a code or coded message without a prior knowledge of the key.
Cryptanalysis
Who approves all cryptographic systems and techniques used by or on the behalf of DOD activities to encrypt ______ and certain _______ ________ information.
NSA
Classified
Sensitive information
Who approves all techniques and system used to encrypt unclassified sensitive information?
National institute of standards and technology
NIST
What are two types of approved cryptographic systems?
Secret-key
Public-key
What high encryption/decryption key speed using hi tech crypto system
Symmetric (secret-key)
True/false:
Symmetric (secret-key) encrypt is approved by odd and the NSA to use to encrypt classified information.
True
What are the two types of symmetric keys?
Block cipher
Stream cipher
This encrypts/ decrypts varying lengths of data in a continuous stream instead of fixed chunks at one time
Stream cipher
This operates by encrypting/decrypting one chunk of data at a time
Block ciphers
This was issued to protect sensitive computer data in federal computer system by using block cipher cryptographic algorithm that converts plain text into cipher text using a key that consists of 64 bits.
DES
This was issued as a “band-aid” for block cipher secret-key algorithm shortfalls
Triple data encryption standard(3DES)
This classified symmetric encryption/ decryption block cipher algorithm developed by the US government for voice phones
Skipjack
This was developed in a five year competition to replacement of the unsecured DES,
Advanced Encryption Standard (AES)
True/false:
The problem with the secret-key system is that copies of one key must be distributed to all sides to establish a mirror image, if the keys are distributed through a secured communication channel it will be compromised during transmission.
False- it won’t be compromised
The _______ the key length, the _____ possible keys there will be to search through to break the code, and the information will be ______ secure.
Larger
More
More
This system secure data transmission, approved by the NSA to transmit classified data. to and from various types of terminal equipment, such as desktop computers, teletype and etc.
Data encryption
What are different types of data encryption devices?
TSEC/KG-84, 84A and 84C general purpose encryption device
KIV-7 high speed data encryption device
How does voice encryption work?
Transmission is first scrambled by the encryption device and then carried via modem or similar communication devices securely over leased lines, satellite, microwave or radio signals.
What are different types of voice encryption?
TSEC/KY-57 & KY-58 voice encryption
TSEC/KY-68 digital subscriber voice terminal
Secure terminal equipment
This encryption is also known as trunk encrypts microwave trunks, high speed landlines(fiber optics) circuits and T-1/T-3 satellite channels.
Bulk encryption
What are different types of bulk encryption systems?
TSEC/KG-194 and 194A trunk encryption devices
KIV-19
TACLANE-Micro KG-175D
This encryption system are products that classified data while in transit over internet protocol network.
Network encryption
What is one network encryption device?
KG-250 Network encryptior
This person is usually the wing-level manager for the base COMSEC accounts and all COMSEC programs and material on base.
COMSEC manager
This person is the squadron or flight liaisons for COMSEC management, they are responsible for administering the physical security procedures for their responsible sub-accounts, validating access, and training/certifying all authorized COMSEC users
COMSEC responsible officer
This person uses COMSEC materials and equipment to perform his/her mission and must safeguard these assets at all time. Once the individual May be designated as a COMSEC Authorized user and granted unescorted access to the material within their account.
Authorized user
In order to be granted unrestricted access to areas containing COMSEC material, what three requirements must be verified and valid?
Need-to-know
Proper security clearance
Proper identification
What are the two areas protected by physical security?
Controlled area
Restricted area
This is a restricted area, room, group of rooms, building or installation where sensitive compartmented information may be stored and used, discussed and/or electronically processed.
Sensitive compartmented information facility( SCIF)
A failure to safeguard information or protect materials from unwanted access. This is sometimes known as a _____
Breach
This is a government agency that has worked to establish standards for storage containers used to safeguard materials.
General services administration (GSA)
What GSA file container has a dual- combo capability to ensure two-person integrity and stores top secret material.
Class A vault
Secret material must be stored in this GSA-approved safe with a single combination
Class B vault
True/false:
Confidential material will be stored in a secured room but may not be stored under the same safeguards as top secret or secret COMSEC materials.
False- it can be stored the same as TS and secret.
This form is a record of events such as who opened/closed the container, the time it was opened/closed and who checked the container to ensure it was secured properly
Standard form 702. Security container check list
How often are combinations changed and how long are cipher locks changed?
Combo: annually
Cipher: monthly
When should you immediately change combination locks?
- a person that knows the combination and no longer requires access
- a container as locked is found open
- if the combination is compromised
- any repairs work has been made
This is a list for unescorted access to COMSEC material that has proper authorization to gain access to a secured area
Access list
This is where someone has proper identification and a sufficient need-to-know, but does not have a security clearance that is equal to or greater than the area of information. They wouldn’t be put on the access list. What form would you use?
AF form 1109 visitor register log
This is required when dealing with Top secret information and material
Two person integrity (TPI)
What form would you use for inventory?
AFCOMSEC Form 16
What ALC code whorls use for the following?
- must require continuous accountability from cradle to grave and incl. short title, reg number, and quantity
- must include short title and quantity
- reserved for electronic keys
1- ALC-1
2- ALC-2
3- ALC-6
What form do you use for destruction of information?
Standard form 153 COMSEC Destruction report
When do you destroy COMSEC material?
When it becomes outdated and must be destroyed
This occurs when material is destroyed without proper authority or destroyed before the super session date.
Premature destruction
This occurs when material is destroyed completely by accident.
Inadvertent destruction
True/false:
Destroying superseded COMSEC equipment beyond any possible reconstruction
False
What are the authorized methods for routinely destroying methods of COMSEC aids?
Burning
Shredding
Pulping
What are two methods of emergency destruction which are not suitable for destruction?
Sodium nitrate
Thermite
What type of keying material should be destroyed first during emergency destruction?
All superseded keying material
This determines protective measures that will deny unauthorized personnel access to classified information and intelligence that might be derived from the interception and analysis of unintentionally emitted electrical signals.
EMSEC
This code name referring to investigation and studies of compromising emission
TEMPEST
This is defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, may disclose the information transmitted, received, handled or otherwise processed by any information processing equipment.
Compromising emanations
Red and black equipment shall be separated by at least_____?
3ft.
Red equipment shall be separated by at least ______ within the air craft.
2 inches
Black voice equipment shall be separated from red equipment by at least________.
6 ft.
What agency must approve modifications to CCI?
NSA
What are unauthorized modifications to CCI considered?
Tampering
Who publish the time compliance technical order or the time compliance limited maintenance manual?
NSA
How will ciphering devices be delivered to a military client?
From the production line to a central COMSEC depot via a special courier
