| 2.3.12-10-1 Ensure a Memorandum of Agreement (MOA) is established between the program office and the National Security Agency (NSA) |
Phase A |
Phase B |
Phase D3 |
|
Ensure the MOA delineates National Security Agency services needed, what funding is required, and which organization is responsible for which IA and Cybersecurity activities on the overall program.
|
NA
|
NA
|
AIR FORCE MANUAL 33-283, 3 Sep 2014, Communications and Information COMMUNICATIONS SECURITY (COMSEC) OPERATIONS; CNSSP 12 National IA Policy for Space Systems Used To Support National Security Missions; Department of Defense Directive Number 8581.1, June 21, 2005, Cybersecurity Policy for Space Systems Used by the Department of Defense
|
| 2.3.12-10-2 Ensure the identification of all cryptographic functions needed for information flows (data in transit) and storage (data at rest), based on the system requirements, mission, and cybersecurity policy |
Phase A |
Phase B |
Phase C |
Phase D1 |
Phase D3 |
|
Ensure all areas that need encryption support for transmission and data at rest are identified early in the program. This includes local area network as well as wide area network transmission. Storage and protection of classified data on System Administration, Networking and Security (SANS) devices must be accommodated.
|
NA
|
NA
|
AIR FORCE MANUAL 33-283, 3 Sep 2014, Communications and Information COMMUNICATIONS SECURITY (COMSEC) OPERATIONS; CNSSP 12 National IA Policy for Space Systems Used To Support National Security Missions; Department of Defense Directive Number 8581.1, June 21, 2005, Cybersecurity Policy for Space Systems Used by the Department of Defense
|
| 2.3.12-10-3 Ensure the identification of the cryptographic product types and algorithm selection necessary to meet cryptographic functional and system performance needs |
Phase A |
Phase B |
|
Ensure the identification of all encryption and transmission security (TRANSEC) requirements early in the program. Ensure that the correct technology products are selected as this gear gets more efficient, has more capabilities, and is more cost effective over time. Coordinate with NSA and Service Cryptologic Organization(s) (Service Cryptologic Organization(s)) to identify potential GOTS cryptographic solutions and products to be developed by the program.
|
NA
|
NA
|
AIR FORCE MANUAL 33-283, 3 Sep 2014, Communications and Information COMMUNICATIONS SECURITY (COMSEC) OPERATIONS; CNSSP 12 National IA Policy for Space Systems Used To Support National Security Missions; Department of Defense Directive Number 8581.1, June 21, 2005, Cybersecurity Policy for Space Systems Used by the Department of Defense
|
| 2.3.12-10-4 Ensure coordination with Service Cryptologic Organization(s) (Service Cryptologic Organization(s)) to verify that it, Service Cryptologic Organization(s), has planned funding to support program needs for any government-off-the-shelf (GOTS) crypto units and that the required number of these units can be delivered by the program's need date |
Phase A |
Phase B |
Phase C |
Phase D3 |
|
Ensure the required number of units can be delivered by the program's need date. Depending on contractual relationships and how schedules are generated, the program office may or may not want to integrate contractor deliverables to NSA as program/segment contract deliverables.
|
NA
|
NA
|
AIR FORCE MANUAL 33-283, 3 Sep 2014, Communications and Information COMMUNICATIONS SECURITY (COMSEC) OPERATIONS; CNSSP 12 National IA Policy for Space Systems Used To Support National Security Missions; Department of Defense Directive Number 8581.1, June 21, 2005, Cybersecurity Policy for Space Systems Used by the Department of Defense
|
| 2.3.12-10-5 Ensure a User Partnership Agreement (UPA) is established with National Security Agency for each program-developed product to undergo National Security Agency Certification |
Phase A |
Phase B |
Phase D3 |
|
Ensure NSA, in cooperation with the customer's Program Manager, establishes the security requirements and specifications, performs an evaluation to ensure compliance with the requirements, and authorizes the use of the product for its intended application. The User Partnership Program (UPP) is designed to assist U.S. Government departments and agencies to develop effective IA solutions for unique user requirements. Under the UPP, the customer (user) organization is responsible for contracting and funding the development of the product.
|
NA
|
NA
|
AIR FORCE MANUAL 33-283, 3 Sep 2014, Communications and Information COMMUNICATIONS SECURITY (COMSEC) OPERATIONS; CNSSP 12 National IA Policy for Space Systems Used To Support National Security Missions; Department of Defense Directive Number 8581.1, June 21, 2005, Cybersecurity Policy for Space Systems Used by the Department of Defense
|
| 2.3.12-10-6 Ensure the establishment and mutual understanding of crypto certification requirements in the Technical Security Requirements Document (TSRD) among the developing contractors for each program-developed Type-1 or Type-2 product to undergo National Security Agency certification |
Phase A |
Phase B |
Phase C |
|
Ensure the vendor building the product and the contractor integrating it thoroughly understand the requirements and have adequate plans to implement, since NSA will be determining if the crypto product meets the requirements. Ensure bidirectional traceability of crypto certification requirements is established and approved by customers' Program Manager. Ensure crypto certification requirements are known and documented, to include schedule and resource requirements and program implications, down to the level of the vendor building individual product and contractor responsible for integrating it.
|
NA
|
NA
|
AIR FORCE MANUAL 33-283, 3 Sep 2014, Communications and Information COMMUNICATIONS SECURITY (COMSEC) OPERATIONS; CNSSP 12 National IA Policy for Space Systems Used To Support National Security Missions; Department of Defense Directive Number 8581.1, June 21, 2005, Cybersecurity Policy for Space Systems Used by the Department of Defense
|
| 2.3.12-10-7 Ensure adequate schedule and manpower for the contractor development and program office and NSA approval of documentation in support of NSA certification for program-developed Type-1 and Type-2 products |
Phase A |
Phase B |
|
Ensure program office and NSA approval of documentation in support of NSA certification for program-developed Type-1 and Type-2 products. Since NSA will be determining if the crypto product meets the requirements, it is very important to ensure that the vendor building the product and the contractor integrating it thoroughly understand the requirements and have adequate plans to implement.
|
NA
|
NA
|
AIR FORCE MANUAL 33-283, 3 Sep 2014, Communications and Information COMMUNICATIONS SECURITY (COMSEC) OPERATIONS; CNSSP 12 National IA Policy for Space Systems Used To Support National Security Missions; Department of Defense Directive Number 8581.1, June 21, 2005, Cybersecurity Policy for Space Systems Used by the Department of Defense
|
| 2.3.12-10-8 Ensure the progress of National Security Agency certifications through product milestones and NSA technical review boards, resolving disagreements and documentation inadequacies that may cause delays in certification schedule |
Phase B |
Phase C |
Phase D1 |
|
Ensure the vendor building the product and the contractor integrating it thoroughly understand the requirements and have adequate plans to implement, since National Security Agency will be determining if the crypto product meets the requirements. Ensure bidirectional traceability of crypto certification requirements is established and approved by customers' Program Manager. Ensure crypto certification requirements are known and documented, to include schedule and resource requirements and program implications, down to the level of the vendor building individual product and contractor responsible for integrating it.
|
NA
|
NA
|
AIR FORCE MANUAL 33-283, 3 Sep 2014, Communications and Information COMMUNICATIONS SECURITY (COMSEC) OPERATIONS; CNSSP 12 National IA Policy for Space Systems Used To Support National Security Missions; Department of Defense Directive Number 8581.1, June 21, 2005, Cybersecurity Policy for Space Systems Used by the Department of Defense
|
| 2.3.12-10-9 Ensure compliance with Cybersecurity policy regarding National Institute of Standards and Technology (NIST)-approved Type-3 cryptographic devices by monitoring the selection of commercial-off-the-shelf (COTS) cryptographic modules and Free & Open Source Software (FOSS) modules used to protect unclassified sensitive information |
Phase B |
Phase C |
|
Ensure the Type-3 products that protect Sensitive But Unclassified information are properly implemented with approved modules. Review the selection of commercial-off-the-shelf (COTS) or Free and Open Source Software (FOSS) cryptographic modules used to protect unclassified sensitive information.
|
NA
|
NA
|
AIR FORCE MANUAL 33-283, 3 Sep 2014, Communications and Information COMMUNICATIONS SECURITY (COMSEC) OPERATIONS; CNSSP 12 National IA Policy for Space Systems Used To Support National Security Missions; Department of Defense Directive Number 8581.1, June 21, 2005, Cybersecurity Policy for Space Systems Used by the Department of Defense
|
| 2.3.12-10-10 Ensure NSA-certified products used throughout acquisition and operations are protected as required by policy and the device's certification package |
Phase B |
Phase C |
Phase D1 |
|
Ensure adequate crypto product protection procedures are identified.
|
NA
|
NA
|
AIR FORCE MANUAL 33-283, 3 Sep 2014, Communications and Information COMMUNICATIONS SECURITY (COMSEC) OPERATIONS; CNSSP 12 National IA Policy for Space Systems Used To Support National Security Missions; Department of Defense Directive Number 8581.1, June 21, 2005, Cybersecurity Policy for Space Systems Used by the Department of Defense
|
| 2.3.12-10-11 Ensure the crypto implementation and installation for the device is compliant with NSA doctrine |
Phase A |
Phase B |
Phase C |
Phase D1 |
Phase D2 |
|
Ensure the crypto implementation and installation is compliant with NSA doctrine for the device. Ensure that the contractor has knowledge of red/black power, grounding, and interface separation requirements. Ensure that this is assessed at the design stage to make sure the developer is thinking about cable routing requirements which can impact equipment rack layout and hardware (conduit, ducting, shielded cable, etc.). Then assess the installation compliance with security policy/requirements and that the systems have been approved by the cognizant Emanations/Emissions Security (EMSEC) Manager.
|
NA
|
NA
|
AIR FORCE MANUAL 33-283, 3 Sep 2014, Communications and Information COMMUNICATIONS SECURITY (COMSEC) OPERATIONS; CNSSP 12 National IA Policy for Space Systems Used To Support National Security Missions; Department of Defense Directive Number 8581.1, June 21, 2005, Cybersecurity Policy for Space Systems Used by the Department of Defense
|