Cryptographic equipment information/guidance manual

Access our document index here. Please do not share sensitive information with us. Contact Us. The FIPS standard introduces some significant changes in the management over the previous standard. The use of the ISO documents require several procedural changes in the management and execution of the validation process from the existing FIPS process currently in effect.

The figure below demonstrates the flow of the requirements for the FIPS process. In the case of a hardware token e. Talon Cryptographic Token in which all encryption is performed on the token, the card is embedded only while in operation and removed by the user when not in operation. Historically, cryptography referred almost exclusively to encryption, which is the process of converting plaintext information into ciphertext.

Decryption is the reverse process which converts the unintelligible ciphertext back to plaintext. A cryptographic algorithm is that mathematical process which performs the encryption and the reversing decryption operations. The operation of a cryptographic algorithm is controlled both by the algorithm itself and in each instance by a key variable s , and sometimes an initialization vector.

Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key. Asymmetric cryptography also known as public key cryptography uses two different but mathematically related key, i.

Cryptographic algorithms are used in many more applications than just encryption and decryption e. Suite A and Suite B refer to two sets of cryptographic algorithms, containing both symmetric and asymmetric algorithms, which are approved by CSE for the protection of classified and protected information.

Suite A cryptography contains classified algorithms that are not for release or use outside of the 5-Eyes community i. Suite A algorithms are most appropriate for use in communities to provide security services for classified information that has a long intelligence life e. Suite B cryptography contains unclassified cryptographic algorithms that are CSE-approved for classified and protected use in the GC. Suite B cryptography is most suitable in applications involving information with a short intelligence life in environments where there is a higher risk of equipment loss or compromise e.

In addition to encryption and decryption, some key can also be used for digital signatures. Encryption provides for confidentiality of information and the digital signature provides for authentication, non-repudiation and integrity of the data. CSE no longer produces physical key; however, it may still distribute physical key that has been provided to the GC from another country and that CSE has approved for use. Electronic key may be generated locally utilizing CSE-approved key generation equipment e.

Physical and electronic key must be employed only under the specific conditions detailed in the operational doctrine pertinent to the cryptographic system or equipment in use. Emission Security EMSEC is the discipline of reducing electromagnetic interference between Information Technology IT and telecommunications equipment, as well as reducing unintentional electromagnetically radiated signals, that, when intercepted, divulge classified or protected information.

Transmission Security TRANSEC is that component of communications security that results from the application of measures designed to protect transmissions from interception and exploitation by means other than cryptanalysis. Monitoring encrypted or encoded communications can provide considerable information from the characteristics and circumstances of transmissions, particularly over a period of observation.

The interception and analysis of improperly protected transmissions provide an attractive and profitable form of intelligence and provides opportunities for exploitation. As stated in Article A. The security of ACM is dependent upon adequate controls from inception of the material through eventual destruction. Control and handling must be at the classification level of the material and as detailed in ITSDA, unless otherwise specified.

The danger of loss or compromise of ACM is increased substantially during distribution. When planning storage facilities, consideration must be given to the efficient handling of the ACM to be stored, as well as ease of disposal in an emergency situation.

ACM must not be destroyed without specific authorization from COMSEC Client Services unless the risk of compromise in a hazardous situation or an emergency is greater than the security in place to prevent the compromise. These Standing Offers can be found by using the Standing Offer index. It is important to note that once DS is authorized, the USG is no longer responsible for the transport and condition of the material being purchased. Any problems that arise with respect to the purchase must be resolved by means of negotiations between Canada PWGSC and the manufacturer.

The following sections describe in detail the GC departmental purchasing process of cryptographic equipment from the U. The requirement may be to replace existing inventory or it may be to purchase a new requirement. In addition to any department-specific approvals that may be required, two forms must be completed and submitted to CSEC. This shipment will arrive at the Canadian border and must be cleared by the customs agent of the purchasing GC department. The department must identify which customs broker represents their account, typically in the early stages of the purchasing process, to prevent clearance delays.

Advising your broker and the NDA of incoming shipments will help minimize delays. This number is used at CSEC for internal tracking of the purchase. This article is only applicable to DS. If this does not apply, refer to Article 4. PWGSC is responsible to negotiate the terms and conditions of the contract as well as the price of the material. Back to Top. Group Security Testing, Validation and Measurement. Created October 11, , Updated January 04, FIPS Management Manual.

Implementation Guidance. SP SP A. SP B. SP C.