aragon reg

8/7/2019 aragon reg

http://slidepdf.com/reader/full/aragon-reg 1/111

FOR OFFICIAL USE ONLY

Army Regulation 38040

Security

Policy forSafeguardingand ControllingCommunicationsSecurity(COMSEC)Material

Distribution Restriction Statement.This publication contains technical oroperational information that is for official U.S.Government use only. Distribution is limited

to U.S. Government for release of thispublication under the Freedom of InformationAct will be referred to the CommandingGeneral, United States Army Intelligence andSecurity command, ATTN: IACSFFI, FortGeorge G. Meade, MD 207555995. Requestsfrom outside of the U.S. Government forrelease of this publication under the ForeignMilitary Sales program must be made toDeputy Chief of Staff for Intelligence(DAMICHS), 1000 Army Pentagon,Washington, DC 203101000.

Destruction Notice.Destroy by any method that will preventdisclosure of contents or reconstruction ofthe document.

HeadquartersDepartment of the ArmyWashington, DC30 June 2000


8/7/2019 aragon reg



SUMMARY of CHANGE

AR 38040Policy for Safeguarding and Controlling Communications Security (COMSEC)Material

This Revision-

o _ _ o _ _ FOR OFFICIAL USE ONLY

8/7/2019 aragon reg



HeadquartersDepartment of the ArmyWashington, DC

30 June 2000

*Army Regulation 38040Effective 31 July 2000

Security

Policy for Safeguarding and Controlling Communications Security (COMSEC)Material

H i s t o r y . T h i s r e g u l a t i o n u p d a t e s t h epreviously published regulation to bring itin line with current laws and national andD e p a r t m e n t o f D e f e n s e p o l i c y . B e c a u s et h e p u b l i c a t i o n h a s b e e n e x t e n s i v e l yr e v i s e d , t h e c h a n g e d p o r t i o n s h a v e n o tbeen highlighted.

S u m m a r y . T h i s r e g u l a t i o n p r e s c r i b e sA r m y p o l i c y f o r t h e s a f e g u a r d i n g a n dc o n t r o l l i n g o f c o m m u n i c a t i o n s s e c u r i t ymaterial. This regulation also implementsDepartment of Defense Directive 5200.5.

Applicability. This regulation applies tot h e A c t i v e A r m y , t h e A r m y N a t i o n a lGuard of the U.S., the U.S. Army Reserve,and non-Army elements with Armycommunications security accounts. Duringmobilization or national emergency, the

proponent may modify chapters and policiescontained in this regulation.

Proponent and exception authority.

The proponent of this regulation is theD e p u t y C h i e f o f S t a f f f o r I n t e l l i g e n c e .The Deputy Chief of Staff for Intelligencehas the authority to approve exceptions tot h i s r e g u l a t i o n t h a t a r e c o n s i s t e n t w i t hcontrolling law and regulation. The DeputyChief of Staff for Intelligence maydelegate this approval authority in writingto a division chief within the proponentagency in the grade of colonel or the civilianequivalent.

Record-keeping requirements.

This regulation requires the creation of records

8/7/2019 aragon reg


8/7/2019 aragon reg


203101000.

Destruction Notice.Destroy by any method that will prevent disclosure of contents or reconstructionof the document.

*This publication supercedes AR 38040, 1 September 1994.

AR 38040 30 June 2000


8/7/2019 aragon reg


8/7/2019 aragon reg



8/7/2019 aragon reg



ContentsContinued

Chapter 5

Management of Cryptosystems, page 16General 51, page 16Emergency requirements for CMCS key support 52, page 16Stockage levels for key 53, page 16Requests to establish cryptonets (requests for key) 54, page 16Issue of key 55, page 17Use of a classified key 56, page 17So-called used key 57, page 17

Chapter 6Audits, Inspections, and Assessments, page 17General 61, page 17

Command COMSEC inspections62, page 17CSLA COMSEC audit/inspections 63, page 18

Annual COMSEC assessment 64, page 19Protective technology inspections 65, page 19

Chapter 7Surveillance, page 20General 71, page 20Compromises and insecurities 72, page 20Reportable COMSEC incidents 73, page 20Types of reports 74, page 21Classification of COMSEC incident reports 75, page 21Regulations governing reporting 76, page 21

Report precedence and timeliness 77, page 22Counterintelligence assessments 78, page 22Evaluations 79, page 22Damage assessment 710, page 23Investigations 711, page 24

Chapter 8Department of the Army Cryptographic Access Program, page 24General 81, page 24Program applicability 82, page 24Conditions for granting access 83, page 24Procedures 84, page 25Other organizations or agencies 85, page 25

Appendixes

A. References, page 26

B. Classification Guidelines for COMSEC Information, page 28

C. Records Management, page 33

D. Physical Security Standards, page 37

E. Risk Management Values, page 38

F. Cryptographic Access Briefing, page 39

8/7/2019 aragon reg


G. Management Control Evaluation Checklist, page 43

AR 38040 30 June 2000


8/7/2019 aragon reg



ContentsContinued

Table List

Table C1: File categories, action codes, and descriptions, page 34Table E1: Risk management value, page 38

Figure List

Figure C1: Simplified label preparation, page 34Figure F1: Authroizaiton for access to classified cryptographic information, page41Figure F2: Simplified label preparation, page 42Figure F3: Simplified label preparation, page 42

Glossary

AR 38040 30 June 2000


8/7/2019 aragon reg



Chapter 1Introduction

11. Purpose

This regulation prescribes policy for safeguarding and controlling communications security (COMSEC) material. Theprocedures to implement supply control, item accounting, and transaction reporting are contained in Department of theArmy (DA) Pamphlet (Pam) 253802, Technical Bulletin (TB) 38041, AR 7102, AR 7103, AR7355, andsupporting DA pamphlets in the 710 series. This regulation

a. Establishes security policy for safeguarding and controlling COMSEC materialwithin the DA.

b. Supplements the standards for COMSEC established by the Department of Defense(DOD).c. Prescribes the security standards of the COMSEC Material Control System (CMCS).d. Implements selected National COMSEC Instructions (NACSI) and National Security Telecommunications andInformation Systems Security Instructions (NSTISSI).e. Where there is a conflict between this and other publications concerning safeguarding and controlling COMSECmaterial, this regulation will take precedence. Security requirements for specific cryptosystems (published in TB38040) are exceptions to this criterion.(1) Positive Controlled Material (formerly known as Two-Person Control material)

is obtained and accounted forunder Chairman, Joint Chiefs of Staff Instruction (CJCSI) 3260.01. However, COMSEC incidents involving thismaterial will be reported to the Army COMSEC Incident Monitoring Activity. The major Army command (MACOM)of the element making the report should be an information addressee on these reports.(2) Unresolvable conflicts or situations not addressed in this regulation will be referred through command channelsto HQDA (DAMICHS).f. This regulation may be provided to contractors to manage Army contractor COMSEC accounts and when requiredto support the bid and proposal process.12. References

Those publications required to understand and comply with this regulation, otherrelated publications, and referencedforms are listed in appendix A.

13. Explanation of abbreviations and terms

Abbreviations and special terms used in this regulation are explained in the glossary. For definitions of terms otherthan those given in the glossary, see Joint Pub 102 and AR 31025.

14. Responsibilities

The ultimate responsibility for safeguarding COMSEC material rests with the indi

8/7/2019 aragon reg


vidual in possession of the material.Within Army organizations this responsibility rests with the commander or comparable civilian director. The principalH e a d q u a r t e r s , D e p a r t m e n t o f t h e A r m y ( H Q D A ) , of f i c i a l s a n d M A C O M c o m m a n d e r s h a v e t h e f o l l o w in gresponsibilities:

a. Deputy Chief of Staff for Intelligence. The Deputy Chief of Staff for Intelligence (DCSINT) will (1) Prescribe policy and approve procedures for safeguarding and controlling COMSEC material.(2) Approve release of Army COMSEC material or foreign COMSEC material in custody of the Army to nonmilitaryagencies, the general public, foreign nationals, or foreign governments.(3) Serve as the principal Army representative to National and DOD committees responsible for COMSEC policy.(4) Serve as principal Army Staff point of contact for the Office of the Secretary of Defense (OSD), Joint Chiefs of

Staff (JCS), National Security Agency (NSA), and other military departments andDOD agencies on broad COMSECpolicy matters.(5) Manage the Department of the Army Cryptographic Access Program (DACAP).(6) Accept the cryptographic access granted by other DOD components.b. Director of Information Systems for Command, Control, Communications, and Computers. The Director ofInformation Systems for Command, Control, Communications, and Computers (DISC4)will (1) Develop and promulgate procedural guidance for security of specific cryptographic systems.(2) Provide guidance to Army elements regarding application of specific techniques and procedures for safeguarding

COMSEC systems.(3) Approve requests to take photographs of classified COMSEC equipment.c. Deputy Chief of Staff for Logistics. The Deputy Chief of Staff for Logistics(DCSLOG) will maintain visibilityover controlled cryptographic item (CCI) end items from procurement through demilitarization and disposal.d. Commanding General, U.S. Army Intelligence and Security Command. The Commanding General, U.S. ArmyIntelligence and Security Command (CG, INSCOM), will AR 38040 30 June 2000


8/7/2019 aragon reg



(1) Assist commanders in making initial determination of whether formal assessment for foreign intelligenceservices involvement in COMSEC incidents is required.

(2) Plan, program, and budget resources to conduct counterintelligence screeningpolygraph (CSP) examinationsunder the provisions of DOD 5210.48R in support of the DACAP.(3) Coordinate with MACOMs, major subordinate commands (MSCs), and field operating agencies (FOAs), asappropriate, to obtain names of randomly selected individuals to be polygraphedunder the DACAP.(4) Upon request, provide local commanders technical assistance in evaluating security-related issues and conductingrisk assessments.e. Commanding General, U.S. Army Materiel Command. The Commanding General, U.S.Army Materiel Command

(AMC), will (1) Through the U.S. Army Communications-Electronics Commands Communications Secu

rity Logistics Activity(CSLA)- (a) Operate and manage the Armys COMSEC Material Control System (CMCS) to includethe Army COMSECCentral Office of Record (ACCOR).(b) Develop and promulgate approved COMSEC accounting procedures.(c) Maintain a comprehensive program that ensures that the Armys COMSEC accountsare audited and inspected,including protective technology inspections.(d) Cause controlling authorities to review and validate their requirements forthe cryptosystems and authentication

systems under their control (Cryptosystems Evaluation Report, RCS CSGID131) annually.(e) Approve requirements for key, except the security data network system (SDNS)and secure telephone unit(STUIII) key (see DA Pam 2516).(f) Approve Army COMSEC facilities under the provisions of paragraph 42.(g) Provide technical assistance to Army COMSEC activities and non-Army elementsmaintaining Army COMSECaccounts.(h) Administer a COMSEC Auditor/Inspector Certification program.(i) Serve as the Army COMSEC Incident Monitoring Activity (see chap 7).(2) Through the USAMC Logistics Support Activity (LOGSA) (a) Manage the Department of the Army Central Registry for Controlled Cryptographic Items (CCI).(b) Operate and maintain the CCI Serialization Program (CCISP).(c) Administer the assignment of Management Control Numbers (MCN) for commercialCOMSEC products approvedfor local purchase by NSA and CSLA.f. Commanding General, U.S. Army Training and Doctrine Command. The Commanding General, U.S. ArmyTraining and Doctrine Command (TRADOC), will (1) Develop and implement the Standardized COMSEC Custodian Course (SCCC).(2) Provide a complete copy of the SCCC, to include updates, to all MACOMs who conduct this training underauthority from TRADOC and who comply with standards established by the Signal Ce

nter.(3) Develop and implement training for the Army Key Management System /Local COMSEC Management Software

8/7/2019 aragon reg


(AKMS/LCMS).(4) Authorize the release of all COMSEC training material to the Reserve Officers Training Corps (ROTC).g. Commanders of MACOMs. Commanders of MACOMs will (1) Establish and maintain an aggressive command COMSEC inspection program in accordance with this regulation.(2) Appoint the command COMSEC inspector and determine the frequency at which co

mmand inspections areperformed (see para 62).(3) Determine the appropriate level(s) below MACOM at which command COMSEC inspectors are required.(4) Approve the transportation of key via U.S. flag carrier or foreign commercial aircraft outside the continentalU.S., except during unit deployments when prior approval is not required (see para 217).(5) Grant waivers to the grade restrictions for COMSEC custodians (see para 22a). (6) Implement the DACAP within their commands. The program may be managed at MACOM level or decentralized

down to the major subordinate command level. (Chief, National Guard Bureau may delegate this authority to theState and Territory Adjutants General).(7) Monitor the DACAP program to ensure the appropriate number of individuals are randomly selected forpolygraph examinations.(8) Designate a DACAP point of contact (either at MACOM or MSC level) for the INSCOM supporting polygraphelement.(9) Provide to INSCOM, in Oct of each year, a written report that identifies thetotal number of MACOM personnelenrolled in DACAP; a listing of the number of DACAP personnel by installation; and, the identity of the installation

DACAP point of contact.h. Other commanders. Commanders at appropriate levels will AR 38040 30 June 2000


8/7/2019 aragon reg



(1) Upon determination of the need for a COMSEC account, appoint a COMSEC custodian and at least onealternate for each COMSEC account under their jurisdiction (see TB 38041). In acc

ounts that also contain materialcontrolled under CJCSI 3260.01, a custodian and at least four alternates shouldbe appointed.(2) Ensure that personnel appointed as COMSEC custodian attends a TRADOC approved Standardized COMSECCustodian Course (SCCC) prior to appointment.(3) For AKMS COMSEC accounts, ensure that at least two personnel are formally trained on the Local COMSECManagement Software (LCMS).(4) Ensure that each COMSEC account under their jurisdiction receives a commandCOMSEC inspection under theprovisions of chapter 6.

(5) When directed, establish and maintain an aggressive command COMSEC inspection program. Organizations thathave no knowledgeable COMSEC personnel, except the COMSEC custodians and alternates, should make arrangementsto use a qualified person from another organization within the same geographicalarea.(6) Ensure that property book officers and users receive a command inspection ofCCI records to ensure compliancewith DA Pam 253802, AR 7102, and AR 7103 at intervals not to exceed 24 months.(7) Implement the provisions of the DACAP within their command.(8) Identify those personnel who require cryptographic access and ensure they receive the cryptographic accessbriefing and sign section I of a cryptographic access certification and terminat

ion memorandum.(9) Ensure that individuals who have been selected for the counterintelligence scope polygraph under DACAP areavailable at the time and place of the examination.(10) Deny cryptographic access to or withdraw cryptographic access from, those individuals who fail to comply withany of the specific criteria identified in chapter 8.(11) Ensure that designated managers perform Management Control Reviews following the guidance in AR 112.(12) Require the use of electronic keying and rekeying whenever possible.(13) Approve the establishment of sub-accounts subordinate to the primary account in the unit. Upon implementationof AKMS, sub-accounts will not be authorized.(14) Conduct mandatory risk assessments of all COMSEC facilities, storage areas,and other COMSEC operationalareas per AR 19051 and DA Pam 19051.i. Individual users. Individual users directly influence the effectiveness of protection available through cryptographictechniques and cryptographic systems. Individual users will be responsible for (1) The physical protection and accountability of all COMSEC material in their possession or control.(2) Reporting to the proper authority any occurrence, circumstance, or act thatcould jeopardize the security/integrityof COMSEC material.(3) Complying with instructions provided by the COMSEC custodian for safeguardin

g and controlling COMSECmaterial.(4) Complying with instructions provided by the property book officer (PBO) for

8/7/2019 aragon reg


safeguarding and controlling CCIequipment.j. Controlling authority. The controlling authority is the individual directly responsible to the commander for theestablishment and operation of the cryptonet (for example, network manager). Thecontrolling authority is responsiblefor the following (see TB 38041 for detailed procedures):

(1) Identifying and/or validating cryptonet requirements.(2) Establishing the Cryptonet.(3) Evaluating COMSEC incidents and insecurities.(4) Initiating recovery and reconstitution actions.(5) Authorizing key replacement and resupply.(6) Directing classification changes for key.(7) Establishing cryptoperiods and approving extensions.(8) Specifying implementation and supersession dates for key.(9) Specifying key change times.(10) Determining unused key status.(11) Approving the issuance of extracts of key (for example, segments from a canister) and the local reproduction of

physical key.(12) Performing Cryptonet evaluations at least annually.(13) During contingency operations, temporarily delegate operational net controlof appropriate systems to aregional command or net control center in the forward contingency area.k. COMSEC custodian. For the Active Army, the Army National Guard (ARNG), the U.S. Army Reserve (USAR),and the ROTC, the COMSEC custodian is the appointed person responsible to the commander for (1) Custody and accountability of CMCS accountable COMSEC material.AR 38040 30 June 2000


8/7/2019 aragon reg



(2) Supervision and oversight of all sub-accounts and hand-receipt holders (HRH)to ensure compliance withexisting COMSEC material security, accounting, and operational policies/procedur

es.(3) Acquisition, control, and distribution of all classified COMSEC material andcryptographic key in support oforganizational missions.l. Commanders at all levels. Commanders at all levels will ensure that all soldiers and Army employees under theircommand (when performing the duties prescribed in this regulation) create and preserve the records required by thisregulation. The commands records management official provides information and assistance in identifying the record-keeping requirements of this publication or refer to the U.S. Army Records Management and Declassification Agency.

15. Controlled cryptographic items

a. A controlled cryptographic item (CCI) is an unclassified but controlled secure telecommunications or automatedinformation-handling equipment and associated cryptographic assembly, component,or other hardware or firmwareitem that performs a critical COMSEC or COMSEC-ancillary function. The associated engineering drawings, logic,descriptions, theory of operation, computer programs, and related source data remain classified. All COMSEC incidentsinvolving CCI will be reported under the provisions of chapter 7. Chapter 3 governs routine and emergency destructionof CCI.

b. For procedures governing CCI, see DA Pam 2516 and DA Pam 253802.c. Where a CCI contains key that cannot be extracted from the device (for example, KIV7, KG 94/194, and soforth), it will be protected in a manner consistent with the classification of the information it is processing.d. Where a CCI contains key that can be extracted (such as a common fill device,KYK 13) it will be treated asclassified equipment and protected in a manner consistent with the classification of the key.Chapter 2Physical Protection and Accountability of COMSEC Material

21. Need for a COMSEC account

The corner stone for the protection and accountability of COMSEC material is theCOMSEC account.

a. Any organization or activity that requires accountable COMSEC material must obtain such material through aCOMSEC account. If an existing COMSEC account, either in the organization or activity or located in closegeographic proximity thereto, cannot provide the support required, a new COMSECaccount will be established (seec h a p 4 ) . H o w e v e r , C O M S E C a c c o u n t s w i l l b e k e p t to a m i n i m u m , c o n s i s t e n t w i t h o p e r a t i o n a l a n d s e

c u r i t yrequirements.b. When an existing COMSEC account can adequately support the requirement for CO

8/7/2019 aragon reg


MSEC material within anorganization or activity, a new COMSEC account will not be established. The material will be provided to subordinateelements and users via hand receipt.c. In instances where the commander determines that a hand receipt is not a viable way to provide material tosubordinate elements (that is, a large volume of material is required), he or sh

e may establish a COMSEC sub-account.d. The commander of the primary account approves COMSEC sub-accounts and hand receipts. They may beapproved for any type of COMSEC account. Sub-accounts and hand receipts do not require CSLA approval. Thecustodian of the primary account is responsible for the training and oversight of the custodian(s) of all sub-accountsand all hand-receipt holders.e. There will be NO sub-accounts established under Army Key Management Systems (AKMS) accounts.22. COMSEC custodian

The custodian and alternates will be officers or warrant officers. If they are not available, enlisted soldiers orpermanent civilian employees may be appointed. Minimum rank or grade requirements are staff sergeant (pay gradeE6) or General Schedule (GS) 7 (or equivalent pay grade) for custodians and sergeant (pay grade E5) or GS5 (orequivalent pay grade) for alternates. They must meet the access requirements inparagraph 23. Custodians andalternates will be appointed on a DA Form 2012 (COMSEC Account Data) signed by the commander or civilianequivalent. In no case will the COMSEC Custodian or alternate sign as the Approving Authority on the DA Form2012.

a. The MACOM commanders are authorized to grant waivers to the grade restrictionimposed above to appoint asergeant (pay grade E5) or civilian GS5 as a custodian and a specialist or corporal (pay grade E4) or civilian GS4as an alternate custodian in those subordinate commands where appropriate gradepersonnel are not authorized orassigned or where it is not possible to appoint people specified above. Waiver authority may be delegated to the lowestgeneral officer level. The Chief, National Guard Bureau may delegate this authority to the State and TerritoryAdjutants General. The DA Form 2012 will be annotated that a waiver has been granted by the appropriate MACOM.A copy of the waiver will be kept on file with the DA Form 2012 in the COMSEC account.AR 38040 30 June 2000


8/7/2019 aragon reg



b. All COMSEC account custodians must satisfactorily complete the TRADOC approved Standardized COMSECCustodian Course (SCCC) prior to appointment. In addition, AKMS COMSEC Accounts

will have two individuals(custodian and alternate) who have received TRADOC approved training on the LCMS.(1) The MACOM commanders may, on a case-by-case basis, authorize the appointmentof untrained personnel tofill a void created by the unplanned absence of a custodian. This authority maybe delegated to the lowest generalofficer level. Chief, National Guard Bureau may delegate this authority to the State and Territory Adjutants General.However, the custodian must successfully complete the required training within 6months of appointment.(2) Whenever possible, alternate custodians should also attend the TRADOC approv

ed course.(3) Individuals who fail to successfully complete the SCCC will NOT be appointedas a COMSEC custodian.c. Persons selected will have a minimum of 1-year retainability in long-tour areas and 9 months in short-tour areas.d. The duties of the custodian and alternate(s) are found in TB 38041. No individual will be appointed custodianover more than one Army COMSEC account at a time.e. Whenever the custodian will be absent for more than 60 consecutive days, whether scheduled or unscheduled, allCOMSEC material in the custodians account will be transferred to either the alternate custodian (provided the rank orgrade requirements of para 22 are met) or to a newly appointed custodian.

f. The appointment of a new (incoming) COMSEC custodian terminates the appointment of the old (outgoing)custodian. However, the outgoing custodian remains accountable for all COMSEC material charged to the account untilproperly released by the ACCOR. An outgoing custodian is considered properly released from COMSEC accountability(this does not include relief from responsibility for loss or property accountability) when a clearance of formerCOMSEC custodian has been received from the ACCOR.g. When the COMSEC custodian is allowed to depart prior to being released by theACCOR, the commander forwhom the account is maintained assumes personal responsibility for all discrepancies in the account.h. An inventory of accountable COMSEC material will be initiated within 24 hoursafter the unauthorized absenceor sudden permanent departure of the custodian has been detected. The commanderwill assign one properly clearedwitness and the alternate custodian to complete the inventory as soon as possible. The inventory will be conducted inaccordance with TB 38041. A new custodian will then be appointed. If either the alternate custodian or the clearedwitness is subsequently appointed COMSEC custodian, a change of COMSEC custodianinventory is not required.i. To ensure that two-person integrity can be maintained at all times, a custodian and a minimum of three alternates

will be appointed for all COMSEC accounts that are approved for TOP SECRET material.23. Access to COMSEC material

8/7/2019 aragon reg


The sensitivity of classified COMSEC material requires that strict need-to-knowprocedures be followed. No person isentitled access to classified COMSEC material solely on the basis of rank, office, position, or security clearance.

a. Access to classified COMSEC material may be granted to U.S. citizens whose du

ties require access. Securityclearance requirements for persons granted access is determined by the classification level of the material to beaccessed.b. Under the provisions of AR 38067, only U.S. citizens are authorized a securityclearance. Immigrant aliens andlocal national employees of the U.S. Government are not authorized access to classified cryptographic material.Immigrant aliens may have access only to unclassified key marked CRYPTO when their duties require access. Theymay not be (1) Appointed COMSEC custodians or alternates.

(2) Given access to information concerning the development or production of key. (3) Given access to research and development information pertaining to any COMSEC equipment.c. There are no access requirements imposed for external viewing of COMSEC equipment where no opportunityexists for unauthorized access to either the key, the COMSEC equipment, or the input and output of the COMSECsystem.d. Requirements for access to CCI are addressed in DA Pams 2516 and 253802, exceptthat foreign access tokeyed CCI is allowed only when all of the following criteria are met:(1) Such access is in connection with building maintenance, custodial duties, or

other operational responsibilitiesnormally performed by such unescorted personnel in the area prior to installation of the CCI.(2) The CCI is installed within a facility that is a U.S. controlled facility ora combined facility with a permanentU.S. presence, as opposed to a host nation facility.(3) The cognizant security authority has determined that the risk of tampering with the CCI, which could result incompromise of U.S. classified or sensitive unclassified information, is acceptable in light of the local threat, vulnerability,and sensitivity of the data being protected.(4) The system doctrine for the specific CCI does not prohibit such access.(5) The foreign national is a civilian employee of the U.S. Government or assigned to a combined facility.(6) The foreign national has been granted a limited access authorization (LAA) under the provisions of AR 38067for the appropriate classification of information.AR 38040 30 June 2000


8/7/2019 aragon reg



(7) The CCI remains U.S. property and a U.S. citizen is held responsible for it. (8) The presence of such installed CCI is verified at least monthly, although no

reporting is required.(9) The communications to be protected are determined to be essential to supportU.S. or combined operations.(10) U.S. users communicating with such terminals are made aware of the foreignnational status of the CCI users.(11) Keying of the CCI with classified U.S. key must be done by the U.S. personnel. Authorized foreign nationalsmay do keying of CCI with allied or unclassified U.S. key.24. Control and item accounting

a. The CMCS is a logistics and accounting system for selected COMSEC material, classified hardware, physical

key, and non-Army publications. The major components of the CMCS are the AKMS, ACCOR, COMSEC ManagementOffices (CMO), COMSEC logistics support facilities (CLSF), and the COMSEC account. These componentsimplement control procedures for the transfer, storage, inventory, and disposition of CMCS COMSEC material.Procedures are in TB 38041.b. Dissemination of COMSEC material is as follows:(1) All physical key, classified COMSEC equipment, and COMSEC publications assigned an account legend code(ALC) by NSA will be entered into the CMCS.(2) All CCI and other unclassified COMSEC hardware items will be entered into the standard Army supply system

and logistically managed under AR 7102, AR 72550, and DA Pam 253802.(3) In DOD channels, COMSEC material (other than that specified in (1) above) may be distributed and accountedfor in the same manner as other national security or national security related information. Also, after initial receipt inthe CMCS, classified COMSEC material not requiring central accounting may be distributed and accounted for undereither AR 3805 or TB 38041.25. Item accounting requirements

The following are the minimum item accounting requirements:

a. All key is under accounting controls throughout its life cycle, from receiptuntil final disposition through issue,transfer, or destruction. Accounting procedures are contained in TB 38041.(1) Key designated as centrally accountable will be continuously accounted for from time of receipt or generationthrough final disposition. A physical inventory of this key must be reconciled with the Tier 1/ACCOR every 6 months.(2) Key designated as locally accountable after receipt or generation and key designated not accountable after aspecific time or event, will be accounted for locally until final disposition.b. Classified COMSEC material marked CRYPTO must be physically inventoried at least every 6 months and theinventory reconciled with the Tier 1/ACCOR. Other COMSEC material must be invent

oried at least annually. See TB38041 for other COMSEC material not covered here.c. The Standard Form 153, including automated facsimiles produced by AKMS or Arm

8/7/2019 aragon reg


y COMSEC CommodityLogistics Accounting and Information Management System (ACCLAIMS), is used to perform most COMSEC materialtransactions (see TB 38041).26. Relief from accountability

a. Either the Director, CSLA, or the Controlling Authority will authorize relief

from CMCS accountability, based onan evaluation of a COMSEC incident (see chap 7).b. Relief from CMCS accountability will NOT be construed as relief from propertyaccountability. In all cases ofrelief from CMCS accountability, the custodian will put the following statementin the COMSEC account records: THECIRCUMSTANCES SURROUNDING THE LOSS OF (identified material) HAVE BEEN CONSIDEREDAND ADETERMINATION HAS BEEN MADE THAT A REQUEST FOR RELIEF FROM PROPERTY ACCOUNTABILITY(is/is not) REQUIRED. Relief from accountability will be obtained in accordancewith TB 38041 (for CMCS)

and AR 7355 (for property).27. Classified COMSEC information

Classification principles and procedures, marking, downgrading and declassification actions directed by AR 3805 alsoapply to COMSEC information. The general guidelines for classifying COMSEC information are in appendix B.

28. Use of the designator CRYPTO

The designator CRYPTO is the marking or designator identifying COMSEC key used to secure or authenticatetelecommunications carrying classified or sensitive U.S. Government or U.S. Gove

rnment derived information. Seeparagraph B5 for applying the CRYPTO marking.

29. Release of COMSEC material

Release of COMSEC material (see para 14a(2)):

a. See DA Pam 253802 for release of COMSEC material designated CCI.AR 38040 30 June 2000


8/7/2019 aragon reg



b. For release to DOD contractors, see the COMSEC supplement to DOD 5220.22S.210. Photographing COMSEC material

Photographing classified COMSEC material is prohibited. This prohibition does not apply to the reproduction ofCOMSEC Material (see para 213) or to the photographing of an exterior view of CCIequipment.

211. Magnetic media containing key

Magnetic tapes, discs, and drums on which classified key has been recorded willbe classified under paragraph B11.

212. Hand receipting COMSEC material

a. The COMSEC custodians will hand receipt accountable COMSEC material only to authorized persons who havean operational need.b. Prior to releasing or approving release of COMSEC material, the custodian must verify the recipients clearance,access, and need to know and must provide written instructions to the prospective recipient on how to protect thematerial. In return, the custodian must get a written acknowledgment that the prospective recipient knows and willfulfill all physical protective requirements and employ all security procedures. (1) Accountable COMSEC material will not be hand receipted between COMSEC accounts. Material exchanged

between accounts must be transferred. COMSEC material may, however, be hand receipted to individuals, includingCOMSEC custodians.(2) See TB 38041 for hand receipting procedures.c. COMSEC material will not be sub-hand receipted without written authorizationfrom the COMSEC custodian.This authorization may be added to the SF 153 or covered in a COMSEC standing operating procedures (SOP), if used.(1) Sub-hand receipting will only be done between the hand-receipt holder and asupported user(s).(2) Sub-hand receipt holders will return unused effective or future COMSEC material to the hand-receipt holderunless they have instructions and authority to destroy the material. Supersededmaterial will be handled under theprovisions of TB 38041.(3) Sub-hand-receipt holders will not further sub-hand receipt COMSEC material.An exception to this policy willbe the KOV14 card, which may be sub-hand receipted to the lowest user level.(4) Custodians will ensure that a system is established whereby no hand-receiptholder may depart his or her unitwithout first clearing the hand receipt.d. Periodic inspections will be conducted by the COMSEC custodian for all hand-receipt and sub-hand-receiptholders.213. Reproduction of COMSEC material

a. Reproduction of classified COMSEC documents will be in the form of extracts.Extracts will be made and

8/7/2019 aragon reg


controlled as shown below. Except as provided in subparagraph c below, the proponent for the document must approvethe reproduction of complete documents.b. Extracts of COMSEC information are permitted unless specifically prohibited in a documents promulgatinginstructions. TRADOC training centers and schools, program managers, and CSLAs New Equipment Training Program

have a continuous exception to extract restrictions when extracting COMSEC information to include in lessonplans and examinations. The covers of all lesson materials containing extracts of COMSEC information will cite thisparagraph and regulation as authority for the extract.c. Specific guidance on making extracts of key is contained in either the cryptosystem operating instructions or thekey system handling instructions. Controlling authorities have a continuous exception to extract restrictions and mayissue portions or complete editions of key, to include printed key in canisters.Issuing segments from a canister isdiscouraged however, as it defeats the integrity provided by the canister.

d. Reproduced COMSEC material is not reportable to ACCOR, but is locally accountable until destroyed. COMSECmaterial that has been reproduced will be annotated on account item register cards and marked and controlled asrequired by TB 38041.214. COMSEC equipment modification

Unless an operational waiver is in effect, only COMSEC equipment with all approved mandatory modifications appliedwill be used to secure information systems. Refer to TB 4300016 series for a complete listing of authorized andrequired modifications to COMSEC equipment.

215. Routine destruction of CMCS-accountable COMSEC material

a. The destruction official and the witness must be cleared for the highest classification of material to be destroyed.Both are responsible for a properly prepared destruction report that lists all material destroyed and for ensuring that alldestruction meets the appropriate standards in TB 38041. Both individuals must view the actual destruction.AR 38040 30 June 2000


8/7/2019 aragon reg



b. In high-risk environments, superseded key must always be destroyed immediately. The 72-hour extensionauthorized in paragraph d(1)(d) below does not apply.

c. Key found to be defective or faulty will not be destroyed. The accountable COMSEC custodian will notify theACCOR and the Director, National Security Agency (DIRNSA). The key will be heldin secure storage awaitingdisposition instructions.d. Routine destruction of accountable COMSEC material is a scheduled function. The schedule, method, andprocedures described in TB 38041 will be complied with. Where circumstances prevent strict compliance with the 12hourdestruction standard (such as an incinerator not operational or authorized personnel are not readily available over3-day weekends), commanders are authorized to grant extensions not to exceed 72

hours.(1) Superseded tapes, one-time pads, codes, and authenticators.(a) Custodians of COMSEC accounts supporting a COMSEC Logistics Support Facility(CLSF) or custodians withconsolidated holdings or reserve material for further distribution will destroywhole editions of superseded key within15 days after supersession.(b) Custodians and hand-receipt holders at the user(s) level should destroy portions or complete editions of used keyimmediately after supersession. The period between supersession and destructionwill not exceed 12 hours. Supersededkey need not be removed from secure storage and destroyed simply to comply withthe 12-hour destruction requirement.

This exemption does not apply to those situations where operations are conducted24-hours a day. However,when individual key settings or tape segments are removed from a key list or canister for use, all previous settings thathave been superseded will be destroyed within 12 hours. Where special circumstances prevent compliance, commandersor responsible officials may, on a case-by-case basis, grant an extension of upto 72 hours. All requests forextension will be maintained in accordance with appendix C.(c) Superseded editions of key that have been in storage and have not been issued for use by the account will bedestroyed within 5 days after supersession. For National Guard and Reserve units, destruction of key will be conductedno later than during the first drill period after supersession.(d) Unused key marked CRYPTO that is not enclosed in protective packaging must be superseded and destroyed nolater than 6 years after generation or receipt, unless specific retention authority is granted by NSA.(e) Portions or complete editions of used or superseded key carried aboard special-purpose aircraft (such as airbornecommand posts) may be retained when a secure destruction facility is not immediately available. When a facilitybecomes available, the material must be destroyed without delay.(2) For electronic key, see applicable COMSEC system instructions in the DA Pam25-series, TB 38040, Non-

Cryptographic Operational General Publication (NAG) 16, NAG 53, and NAG 57.(3) Maintenance, classroom training, and sample key, not marked CRYPTO, are notregularly superseded. Destroy

8/7/2019 aragon reg


such key when it becomes physically unserviceable.(4) Amendment residue will be destroyed within 2 days after posting the amendment (see TB 38041).(5) Other COMSEC material, less equipment, will be destroyed no later than the fifteenth day of the monthfollowing supersession.(6) The CSLA commodity manager will direct non-emergency destruction of COMSEC e

quipment and components.e. Protective packaging used with key, such as tape canisters, will be destroyedin conjunction with the destructionof key.216. Storage of COMSEC material

Unless in use by, in the physical possession of, or continuously tended by a properly cleared person or persons, whereits adequate protection is presumed, COMSEC material will be stored per AR 3805 and TB 38041. TOP SECRETkey will be afforded additional protection as stated in paragraph 218 of this regulation.

a. In those instances where exposed segments of current key must be held in storage for the duration of the cryptoperiod, special emphasis must be placed on their security and accountability.b. In mobile and transportable conveyances, the current edition and one future edition of key may be stored in astandard GSA approved field safe or an equivalent container secured by a three-position combination padlock (see AR3805). Mobile and transportable conveyances in which key is stored must have supplemental controls applied that willprevent undetected access to the key or removal of the container in which the key is stored. A guard is required forconveyances or containers that can be surreptitiously removed.

c. Nonapproved containers must be under continuous guard or protected by an alarm system.d. COMSEC equipment and components.(1) When not installed in an operational configuration, unkeyed classified COMSEC equipment must be stored inthe manner prescribed in AR 3805 for material of the same classification.(2) CCI will be protected under the provisions of DA Pams 2516 and 253802.(3) The commander must approve the storage of keyed COMSEC equipment. When equipment is stored in a keyedcondition, storage requirements for the key must be satisfied.(4) When installed in an operational configuration in either fixed, mobile, or atransportable facility, unkeyedAR 38040 30 June 2000


8/7/2019 aragon reg



classified COMSEC equipment may be left unattended, provided the commander has conducted a risk analysis anddetermined that the risk of unauthorized access is acceptable. (See AR 19051.)

(5) Future key, non-operational and spare COMSEC equipment, and COMSEC publications will not be stored inunattended mobile or transportable facilities.e. Units/elements conducting real-world mission essential operations (non-training and non-exercise) may downloadand store the current edition and up to a maximum of 90 days of future keying material into a data transfer device (forexample, AN/CYZ10). Loading future key into a common fill device (for example, KYK13, KYX15) is notauthorized. Extension to the 90 days must be requested through command channelsto HQDA (DAMICHS).

f. COMSEC publications (such as the cryptographic operational general publication (KAG), cryptographic operationalmaintenance manual (KAM), and cryptographic operational operating manual (KAO))and cryptoancillaries(including equipment and software), key not marked CRYPTO, and other cryptographic material not governed by thisparagraph will be protected commensurate with its classification.g. All COMSEC vaults constructed after the date of this regulation must meet thestandards provided for inappendix D. Those storage facilities certified as vaults prior to the date of this regulation will be considered to meet therequirements of this regulation until such time as they are modified in any way.At that time, they will be required to

be brought up to the standards of appendix D, or they will no longer be considered vaults for COMSEC purposes.217. Transportation of COMSEC material

The possibility of compromise is increased during shipment. All persons who handle COMSEC material must becarefully instructed in handling procedures. This includes proper methods of emergency destruction to prevent compromiseduring transportation. The requirements in this paragraph, AR 3805, TB 38041, andDA Pam 253802 applyto all COMSEC material.

a. Key will be transported as follows:(1) For TOP SECRET key, two-person integrity (TPI) will be applied whenever unitcouriers transport TOPSECRET key between COMSEC accounts or hand-receipt holders. Two persons who arecleared for TOP SECRETand authorized to receive the material must sign receipts for this material. Thekey must be double wrapped while intransit in accordance with AR 3805. TPI controls are not required for TOP SECRETkey while it is in the custody ofthe Defense Courier Service (DCS) or the U.S. Diplomatic Courier Service.(2) For SECRET key:(a) Key must be transported by DCS, an officially designated unit courier or U.S. Diplomatic Courier Service.

(b) Key classified SECRET or higher may not be sent by registered mail without the specific prior approval ofHQDA (DAMICHS), except as follows:

8/7/2019 aragon reg


1. Key must be double wrapped while in transit in accordance with AR 38052. The National Guard and the U.S. Army Reserve Command may ship single editionsof key classified no higherthan SECRET via registered mail to sub-accounts and hand-receipt holders that are not serviced by DCS and are so faraway from their parent account that use of a courier is not practical.3. The Director of Communications Security Systems at Tobyhanna Army Depot may a

uthorize the custodian ofCOMSEC account 5B1099 to ship keying material classified no higher than SECRET via registered mail as necessaryto meet short notice requirements when DCS cannot get the material in place by the required date. The number ofeditions will be kept to the minimum required to support the mission until normal DCS deliveries can be made.4. For CONFIDENTIAL and UNCLASSIFIED key, U.S. registered mail may be used to transport key to recipientsserved by U.S. postal facilities. However, the mail must not pass out of the control of the U.S. Postal Service and mustnot pass through a foreign postal system or any foreign inspections.

5. U.S. flag aircraft can be used to carry key within the continental United States (CONUS). However, outsideCONUS the use of U.S. flag aircraft or any foreign-owned, controlled, or chartered carrier to carry key is stronglydiscouraged because of the threat by terrorists and lack of U.S. control. The MACOM commanders may, in cases ofoperational necessity, approve the use of such carriers when limited quantitiesof future key must be carried. Quantitieswill be limited to no more than four editions of quarterly or more frequently superseded material or two editions ofsemi-annually or less frequently superseded material. Sufficient time should beavailable before implementation (atleast 3 days) to supersede the material should it be compromised. The MACOM comm

anders may delegate thisauthority to the lowest general officer level.6. Key will be packaged separately from its associated COMSEC equipment unless the application or design of theequipment is such that the key cannot be physically separated.7. Key in any form must be transmitted electronically whenever possible using approved methods as outlined inNAG 16 or NAG 53. However, when transmitting physical key, the user(s) must ensure the communications systemsused provide end-to-end security that is equal to or higher than the classification of the transmitted key. The key settingmust not appear in the plain text anywhere in the communications path.b. COMSEC equipment will not be shipped in a keyed condition unless the physicalconfiguration of the equipmentAR 38040 30 June 2000


8/7/2019 aragon reg



makes segregation impossible. Electronic fill devices may be transported in a loaded condition by authorized individuals.This restriction does not apply to tactical movements or in emergency situations

where equipment can not bezeroized. COMSEC equipment will be transported as follows:

(1) Shipments of COMSEC equipment classified SECRET will be transported by DCS,U.S. Diplomatic CourierService, officially designated unit courier, or an authorized cleared commercialcarrier using protective security services(PSS) in accordance with DOD 4500.9R (applies only when shipping within the U.S.,its possessions and territories,where the equipment will not leave U.S. control and be subject to foreign intervention, customs, inspections, and soforth).

(2) Shipments classified CONFIDENTIAL may be transported by any means specifiedin paragraph (1) above orby (a) U.S. Registered Mail, provided it does not pass out of U.S. control at any time and does not pass through aforeign postal system or any foreign inspection.(b) U.S. military or military-contractor air service (for example, Air MobilityCommand, LOGAIR, QUICKTRANS)provided that a continuous chain of accountability and custody for the materialis maintained while in transit.(3 ) U n c l a s s i f i e d C O M S E C e q u i p m e n t d e s i g n a t e d CC I w i l l b e t r a n s p o r t e d u n d e r t h e p r o v i s i o n s o f DA P a m

253802.(4) Unclassified COMSEC equipment not designated CCI may be transported by any means approved for thetransport of high value Government property.(5) Domestic commercial passenger trains, airlines, buses, and so forth may be used by couriers at the discretion ofthe appointing commander, provided the provisions of AR 3805 (chap VIII) are followed.(6) Within CONUS, when operational necessity dictates, confidential and secret COMSEC equipment (zeroized)installed in standard military equipment shelters may be transported via uncleared commercial carriers, provided all ofthe provisions of chapter 5 of TB 38041 are met.c. Cryptographic media which embody, describe, or implement a classified cryptographic logic, such as fullmaintenance manuals, cryptographic logic descriptions, drawings or cryptographiclogic, or specifications describing acryptographic logic and cryptographic computer software will be transported by cleared department or unit courier,DCS, or U.S. Diplomatic Courier Service. These media may not be sent through anypostal system.d. Other classified COMSEC material that does not embody, describe, implement, or contain a classified cryptologicmay be transported in the same manner as the material described in subparagraphsb and c above, and if classified

SECRET or CONFIDENTIAL, by a cleared commercial carrier under DOD 4500.9R. Itemsclassified SECRET orCONFIDENTIAL may be sent by U.S. Postal Service registered mail. Standard first-

8/7/2019 aragon reg


class mail service will not be usedfor any classified COMSEC material. The provisions of AR 3805, relative to the use of commercial passenger aircraftalso apply to these shipments.e. When operationally required, COMSEC equipment and COMSEC material may be airdropped, unless prohibitedby a specific equipment publication, provided the material is under the control

of a properly cleared person until thematerial leaves the aircraft, and the commander has determined that there is a high probability of immediate recoveryby authorized persons.f. Vehicles or equipment shelters in which COMSEC equipment is installed may betransported by helicopter usingsling-load techniques. Equipment should not be keyed unless there is an operational requirement for its immediate useupon landing. Associated key will not be sling-loaded, but may be carried insidethe helicopter moving the vehicle orshelter.g. COMSEC material required in support of forward area tactical operations may b

e air transported across hostileterritory.h. Upon receipt, all packages containing classified COMSEC material will be inspected for evidence of penetration.If such evidence is found, a COMSEC incident report will be submitted under theprovisions of chapter 7. Packagesand containers will be opened by the addressee within 2 working days after receipt. The addressee will report anydiscrepancies to the office of record and to the shipper as specified in this regulation, TB 38041, or AR 735112 asappropriate. However, unit packs in original manufacturer or depot sealed packages will not be opened except whenthere are signs of tampering, the material is to be used, or a physical security

check is required. For inventory purposes,use the external packaging label.i. Packaging of classified COMSEC equipment will be done under the provisions ofAR 3805. Packaging ofunkeyed CCI will be in accordance with DA Pam 253802.j. Couriers for COMSEC material must be specifically designated in writing (DD Form 2501, Courier Authorizationis recommended) by an authorized official within the individuals chain of command.(1) It is the responsibility of the COMSEC custodian directing movement of the material to ensure that all couriersare properly cleared, trustworthy, and briefed on their responsibilities for safeguarding the material entrusted to them.Couriers must be provided instructions covering emergency situations including loss or other compromise of thematerial they are carrying.(2) Couriers traveling outside the continental U.S. will have their request forcourier orders forwarded through theunit/activity Security Manager for approval. Couriers must be provided the telephone number of the nearest U.S.AR 38040 30 June 2000


8/7/2019 aragon reg



Embassy or consulate in every country through which they will travel. The identification card and letter of authorizationrequirements contained in Federal Aviation Administration Advisory Circular 1083,

Screening of PersonsCarrying U.S. Classified Material (available from the U.S. Government Printing Office), must be complied with.

218. Control of TOP SECRET key

a. TOP SECRET key is used to protect the most sensitive U.S. national security information. Its loss to an adversarycan subject to compromise all of the information protected by the key. There isa significant body of informationindicating that TOP SECRET key is a high-priority target for exploitation by foreign intelligence services. For this

reason, TOP SECRET key must be afforded special protection. TPI and no-lone zones are used to meet thisrequirement.b. TPI means that TOP SECRET key must always be in the possession of two appropriately cleared persons who areauthorized access to the material. TOP SECRET key still in its protective packaging (for example, canister) does notrequire TPI controls when outside a storage container (for example, safe, vault,and so forth) as long as the custodianor his or her alternate, who has possession of the key is in the DA Cryptographic Access Program (DACAP). However,when key is removed from its protective packaging (for example, a segment is removed from a canister) or when the

key is hand receipted to a user(s) all material will be signed for by two appropriately cleared individuals and will bemaintained under TPI controls. Requests for exception to TPI will be forwarded through channels to the MACOMcommander for consideration on a case-by-case basis.c. TOP SECRET key will always be stored (for example, locked in a safe, vault, and so forth) under TPI rules.d. The combinations for TPI safes should be protectively packaged separately andheld at separate locations. It isunderstood that there will be situations where a single individual, such as thefacility security manager, will haveaccess to protective packages containing both combinations. If the combinationsto TPI containers are not protectivelypackaged, the combinations MUST be stored at separate locations.e. Any violation of TPI/no lone zone control is a reportable COMSEC incident andis reportable in accordance withTB 38041.219. Use of no-lone zones

a. A no-lone zone is an area, room, or space to which no person will have unaccompanied access. A no-lone zonemust always be occupied by two or more appropriately cleared people who can observe each others actionsb. No-lone zones will be established whenever TOP SECRET key can be accessed from COMSEC equipment,

either in physical or electronic form (for example, facilities where electronickey is generated). No-lone zones are notrequired where the COMSEC equipment is installed in a manner to preclude access

8/7/2019 aragon reg


to the equipment for extraction ofkey. However, TPI controls will apply to all initial and rekeying operations using TOP SECRET key. Key distributioncenters (KDC) and key generation centers, CLSFs, or other logistics activities that store, generate, or distribute TOPSECRET key are subject to no-lone zone restrictions. In addition, activities engaged in the design, development,

training or maintenance of COMSEC equipment should consider the application of no-lone zone restrictions.c. No-lone zones will be specifically designated by the commander, and a physical description of the no-lone zonewill be posted within the area, room, or space that contains the no-lone zone.d. Requests for exception to the no-lone zone requirement will be forwarded through channels to the MACOM forconsideration on a case-by-case basis.220. Storage

TOP SECRET key will be stored under TPI controls employing two different approved combination locks or a single

lock meeting Federal Specification FFL2740, with no one person authorized access to both combinations. All

persons with access to either of the combinations will have a TOP SECRET clearance. Storage can be in a lockedstrongbox within a security container, in a security container within a vault, or in a security container with twocombination locks. At least one of the combination locks must be built-in, as ina vault door or in a security containerdrawer. Neither key locks nor cipher locks will be used to meet the requirementfor two combination locks.CAUTION: For facilities in continuous operation (and/or where unaccompanied individuals are on duty), outer vaultdoors do not satisfy the two barrier protection requirements of TPI. Such facili

ties require dual combination protection(for example, a dual combination safe) within the facility to store TOP SECRET key or the establishment of a no-lonezone.

221. Open storage

a. Open storage of classified COMSEC key is prohibited, with the exception of that classified key coded ALC4(for example, OPSCODES, numeral codes, and so forth). This material will be treated as other COMSEC material under paragraph b (below).b. Open storage within a COMSEC facility of other COMSEC material classified nohigher than SECRET may beauthorized by commanders holding the rank of lieutenant colonel or above (or comparable civilian director), basedupon their determination that the risk is acceptable (see chap 8).AR 38040 30 June 2000


8/7/2019 aragon reg



c. A vault is a security container in and of itself. Therefore, material storedin a vault is in a security container,regardless of whether it is on a shelf, in a file cabinet, or in a GSA approved

security container.222. Army Key Management System

a. The AKMS will move the Army from paper-based keying material (physical key),centrally produced anddistributed throughout the world via DCS, to electronic key, generated by the Central Facility or locally, and whennecessary, distributed electronically to the user.b. The AKMS work stations are identified by account numbers. When these workstations are fielded to locationswhere a COMSEC account presently exists, a new AKMS account will be establishedand the old account assets will

be automatically transferred to the AKMS account at a subsequent date as determined by CSLA. When a workstation isfielded to a location that does not currently have an account, one will be established. The commander will ensure thatthe minimum security requirements for a COMSEC account identified in this regulation and in TB 38041 are met.Verification will be provided to CSLA in accordance with procedures in TB 38041.c. There will be NO sub-accounts established under AKMS accounts. All AKMS workstations will be primaryaccounts. Subordination will be accomplished through the use of hand-receipt holders and the issuing of COMSECmaterial.d. The AKMS workstations will be accredited in accordance with AR 38019.

e. While in operation, the AKMS workstation must be under the direct control ofthe COMSEC custodian oralternate and requires the same security protection, as does any other computerprocessing information classified at thesame level.f. When not in operation, the AKMS workstation must be secured as follows:(1) All AKMS associated cryptographic ignition key (CIK) must be removed from the workstation/cryptographicmultipurpose keying permuting equipment (KOK)-22 and stored in the GSA approvedsecurity container that has beendesignated as the COMSEC account.(2) In COMSEC accounts where the COMSEC facility is a secure room or vault, theworkstation may be stored inan operational configuration.(3) In accounts where the COMSEC facility is a GSA approved container, the KOK22must be disconnected fromthe workstation configuration and stored in the GSA approved safe. The hard drive must be removed and stored in aGSA approved safe in accordance with AR 3805.223. Protective technology

NSA provides state-of-the-art tamper-revealing products for information processing equipment and keying material.The level of protection obtainable from these products depends almost entirely upon the inspection and control

programs conducted by users. To ensure the integrity of protective technologies,the COMSEC custodian must ensurethat personnel who routinely handle or use protectively packaged keying material

8/7/2019 aragon reg


or tamper-sealed informationprocessing equipment are trained in the procedures for inspection and disposal of used protective technologies (see TB38041).

Chapter 3Emergency Protection of COMSEC Material

31. Emergency planning

a. All COMSEC accounts located outside continental United States (OCONUS), to include Alaska, Hawaii, PuertoRico, Guam and the Virgin Islands must have an emergency plan. For COMSEC accounts located in CONUS,emergency plans are optional. For COMSEC accounts in organizations that are deployable, the custodian must ensurethat an emergency plan is developed once the account is deployed OCONUS.b. Planners need to consider natural disasters such as fire, flood, tornado, andearthquake, and hostile actions such as

enemy or terrorist attack, mob action, and civil disturbances. For natural disasters, planning will usually be orientedtoward secure storage. Planning for hostile actions and civil disturbances willusually consider actions to effectivelyevacuate or destroy the COMSEC material (see TB 38041). Each plan may vary according to the geographic areainvolved.32. Planning for disasters

These plans must take into account the possibility of natural disasters, (for example, floods, earthquakes, and so forth)and man-made disasters, such as fire and explosions. Effective planning must provide for

a. Fire reporting and initial fire fighting by persons on duty. In most cases, this will be a part of the normal fireemergency plan for the building that houses the account and need not be preparedas a separate document.b. Assignment of on-the-scene responsibility for ensuring access control of allCOMSEC material.AR 38040 30 June 2000


8/7/2019 aragon reg



c. Securing or removing COMSEC material and evacuating the area.d. Access control of material when emergency crews are admitted into the area.e. Assessing and reporting probable exposure of COMSEC material to unauthorized

persons during the emergency.f. Post-emergency inventory of COMSEC material and reporting of any losses or unauthorized exposures (see para36).33. Planning for hostile actions and civil disturbances

These plans must take into account the types of situations that might occur, such as an ordered withdrawal over aspecified period of time, an unstable political environment where destruction must be done discreetly to avoid adversereactions, or situations where being overrun by a hostile force is imminent. Such planning must provide for the

following:

a. Assessing the probability of occurrence of various types of hostile actions and of the threat that these potentialemergencies could pose.b. Availability and adequacy of physical protective measures, such as perimetercontrols and physical defenses forfixed, mobile, or transportable facilities where COMSEC material is being used.c. Security procedures and the assets to effect evacuation of COMSEC material under emergency conditions,including an assessment of the probable risks associated with evacuation. Exceptwhen there will be an urgent need torestore secure communications after relocation, key should be destroyed rather t

han evacuated.d. Destruction facilities and procedures for effecting secure emergency destruction of COMSEC material, includingan adequate supply of destruction devices, electrical power, adequately protected destruction areas, and sufficientpersonnel.e. Precautionary destruction of COMSEC material, particularly maintenance manuals and key, which are notoperationally required to ensure continuity of operations during the emergency.In a deteriorating situation all fullmaintenance manuals should be destroyed. When there is not time under emergencyconditions to completely destroysuch manuals, every reasonable effort must be made to remove and destroy the sensitive pages containing cryptographiclogic.f. Emergency procedures should be planned for establishing external communications. Communications should belimited to the minimum necessary. When there is warning of hostile intent and physical security protection isinadequate to prevent overrun of the facility, secure communications should be discontinued in time to do a completedestruction.34. Preparing the emergency plan

a. The COMSEC custodian should prepare the emergency plan. If the plan calls for

destroying the COMSECmaterial in place, all emergency destruction material, devices, and facilities must be readily available and ready to use.

8/7/2019 aragon reg


If the plan calls for emergency evacuation, a location must be identified and aroute or routes mapped out in advance,transportation arranged for, and so forth. The plan must be realistic and workable and must address all goals. It mustagree with or be a part of the command, installation, or activity Basic Emergency Plan (BEP).b. The following must be included for an effective plan:

(1) Clearly and concisely describe duties. Everyone must understand the plan andbe able to implement and performall actions.(2) Provisions for either secure storage, evacuation, or destruction of all COMSEC material. Planners must considerwhich of these options may be applicable to their facility, either alone or in combination.(3) In those instances where the plan calls for actions that require resources in addition to those within theCOMSEC account, the custodian must ensure that coordination has been performed and written agreements are in placeas necessary (for example, to secure a vehicle, for storage space at an alternat

e location, and so forth).35. Rehearsing the plan

a. The plan should be rehearsed frequently to ensure that everyone, especially newly assigned personnel who mighthave to take part, will be able to carry out their duties. When necessary, the plan should be changed based on thelessons learned during the rehearsal. Rehearsals will be documented (date of rehearsal, what was rehearsed, and whoparticipated) and the documentation made available to inspectors and auditors.b. At CONUS locations where emergency plans have been developed, the plan will be rehearsed at least semiannually.c. In OCONUS locations, the plan will be rehearsed at least quarterly.

d. In high-risk areas, the custodian will review the plan with all account personnel monthly, and conduct a rehearsalat least quarterly.e. Each rehearsal may cover only a portion of the entire plan. However, the custodian will ensure that all aspects ofthe plan have been rehearsed at least once each year.AR 38040 30 June 2000


8/7/2019 aragon reg



36. Actions subsequent to emergencies

a. Whenever emergency plans, including precautionary actions, are implemented, t

he Controlling Authority will beadvised immediately regarding the disposition and status of their key. If any centrally accountable COMSEC materialwas destroyed, a destruction report will be submitted to the ACCOR. If any material was lost or compromised, anincident report must be prepared in accordance with chapter 7. This does not apply to rehearsals or dry runs conducted for the purpose of verifying the executability of emergency plans or for training personnel in their execution.b. When the implementation of emergency plans results in the abandonment of COMSEC material, a timely,reasonable effort should be made to recover the material. The extent of this eff

ort will be based on the likelihood ofsuccess without exposing people to undue danger. Recoverable COMSEC material will be collected and placed underthe control of authorized cleared persons until disposition instructions are received from CSLA.Chapter 4COMSEC Facilities

41. General

The term COMSEC facility is defined in the glossary. Depending upon the functions being performed, a COMSECfacility may consist of one or more GSA approved steel filing cabinets (safes) l

ocated in a room or office (in the caseof multiple safes, they must be collocated within the room or office). Or it mayconsist of a room, a suite of rooms, avault, or an entire building. Security requirements for COMSEC facilities will be established based upon the functionsbeing performed, the classification of the material involved, and the information being handled. A COMSEC facility isNOT required to store, house, or operate CCI equipment, nor is one required to operate AKMS work stations.COMSEC facilities are exempt from the physical security inspections under AR 19013.

42. COMSEC facility approval

a. The CSLA approval of a COMSEC facility is required before a custodian may request COMSEC material. CSLAwill approve COMSEC facilities under the authority of this regulation. Procedures for establishing a COMSEC facilityare contained in TB 38041.b. Approval is based on an evaluation of information given in the COMSEC facility approval request (CFAR). TheCFAR will state the physical protective measures and security procedures in place, to include specific TPI protectionfor TOP SECRET accounts, as well as that an item accounting and transaction reporting system is in force that will

provide continuous accountability for all COMSEC material. The CFAR will also contain a statement that thecommander has evaluated the risks to the facility and found them to be acceptabl

8/7/2019 aragon reg


e.c. Approval for the storage of COMSEC material at sub-accounts will be granted in writing by the commander ofthe primary account. The basis for this approval will be the same as that in paragraph b (above). Sub-accounts do notrequire CSLA approval. The custodian of the primary account is responsible for maintaining a record of all sub-

accounts and hand-receipt holders for which his or her account is responsible. The custodian of the primary account isalso responsible for ensuring those applicable provisions of this regulation andTB 38041 are complied with by allsub-account custodians and hand-receipt holders.43. COMSEC facility approval request

All COMSEC facility approval requests will be in memorandum format, with a completed (minus the account numberthat will be assigned by CSLA) DA Form 2012 attached (see TB 38041), signed by the commander requesting thefacility and submitted through established MACOM command channels to CSLA for ap

proval. All COMSEC facilityapproval requests for contractor accounts will have a DD Form 254 (Contract Security Classification Specifications) inaddition to the DA Form 2012. A separate request will be submitted for each COMSEC facility requiring approval.Once the facility is approved, the ACCOR will establish the COMSEC account and provide the unit an accountnumber.

44. Duration of COMSEC facility approval

a. A COMSEC facility approval remains valid as long as the physical protective measures and security procedures

that were the basis for the approval remain substantially unchanged. When a COMSEC facility approval is invalidated,CSLA will stop shipment of material until the COMSEC facility approval is reinstated. When the Director, CSLA,declares that protection is inadequate, the ACCOR will direct the return of allCMCS accountable material. In thoseinstances where the COMSEC account is contained completely in an approved GSA security container, a new approvalis not required when relocating the container within the same building if the physical security standards do not change.However, a new DA Form 2012 showing the new location must be sent to the ACCOR.b. When a COMSEC account has shown no activity for 12 months, the ACCOR will advise the unit commander,through the MACOM, that the COMSEC account is subject to being closed because ofinactivity. The unit commanderAR 38040 30 June 2000


8/7/2019 aragon reg



will be given 60 days to justify a continuing requirement for the account. If none is provided, the ACCOR will providedisposition instructions for the CMCS accountable material and close the account

.

45. Safeguarding COMSEC facilities

This paragraph prescribes the physical protective measures and security procedures for COMSEC facilities.

a. The COMSEC facilities will be located in areas that provide positive controlover access. When possible, theyshould be away from areas such as parking lots, ground-floor exterior walls, multiple corridors and driveways,buildings or office space in which it is difficult or impossible to effect acces

s control, or high-risk environments.b. The COMSEC facilities established in permanent structures will be provided the required protection equivalent tothe level of the classification of the COMSEC material held in that facility. The physical security standards available inappendix D of this regulation and TB 38041 will be used as guidance to establishspecific construction criteria fornew facilities designed to house COMSEC accounts that are large enough to require a vault.c. When a COMSEC facility consists of a safe or series of safes, it (they) mustbe located in an area that providessufficient additional protection to prevent undetected, unauthorized removal ofthe safes. This may be accomplished as

simply as by placing the safe(s) in a room with a key lock in the door and controlling access to the keys.d. Access to a COMSEC facility will be granted based on a persons duties, need-to-know requirement, and securityclearance. A verified access list will be maintained in each COMSEC facility. Personnel not on the access list will beescorted by a responsible person whose name appears on the access list at all times while they are in the facility. Allpersons who require an escort must sign the DA Form 1999R (Restricted Area Visitors Register) prior to entering thefacility.e. When the facility is one or more GSA approved security containers the DA Form1999R is not required.Because anyone requiring access to the security container must either possess the combination or be accompanied bysomeone who does have the combination, the custodian may use part 1 of the Standard Form 700 (Security ContainerInformation) (which identifies those personnel to be notified in case the container is found open or unattended) as theaccess list as long as the names on part 1 are the same as those on part 2 (which lists those persons having knowledgeof the container combination). If part 1 of the SF 700 is used as the access roster, it will not be posted on the outside ofthe container, but will be located on the inside of the drawer containing the lock.

f. Guards who have access to classified COMSEC material must meet the access requirements of paragraph 23.Area-control guards who cannot gain access to COMSEC material do not need to mee

8/7/2019 aragon reg


t the requirements for access.Guards who are not U.S. citizens will only be used where it is not possible forthem to gain undetected access.g. Lock combinations to COMSEC facilities, including cipher locks used to control access, will be changed:(1) When placed in use.(2) Whenever an individual knowing the combination no longer requires access.

(3) When the combination has been subjected to possible compromise.(4) When the lock is taken out of service.(5) When any repair work has been performed on the lock.(6) At least annually.h. The following personally owned equipment may be introduced into a COMSEC facility with the approval of thecustodian:(1) Electronic calculators, spell checkers, wrist watches, and data diaries. Ifequipped with data ports, the custodianwill ensure that procedures are established to prevent unauthorized connection to automated information systems.(2) Receive only pagers and beepers.

(3) Audio and video equipment with only a playback feature (no recording capability) or with the record featuredisabled or removed.(4) Radios (receive only).i. The following personally owned electronic equipment items are prohibited in COMSEC facilities:(1) Photographic, video, and audio recording equipment.(2) Personally owned computers and associated media.j. The following U.S. Government owned or leased equipment may be introduced into a COMSEC facility only forthe conduct of official duties and with the approval of the custodian.(1) Two-way transmitting equipment.(2) Recording equipment (audio, video, optical, and so forth).

(3) Test, measurement, and diagnostic equipment.46. Army COMSEC supplement to DOD industrial security regulations and manuals

a. This paragraph implements, within DA, national policy concerning the releaseof COMSEC material to U.S.commercial contractors and the establishment and administration of Army COMSEC accounts at contractor facilities. Acopy of this regulation may be given to contractors as necessary to respond to arequest for proposal or to meet therequirements of a DD Form 254.AR 38040 30 June 2000


8/7/2019 aragon reg



b. Applicable provisions are contained in DOD 5220.22R, DOD 5220.22M, and DOD 5220.22S.c. In view of the objectives of DOD 5220.22R, to ensure its uniform and effective

application throughout industry,the content of this section is limited to the minimum supplementation consistentwith Army operations. In addition tothe policy and procedures contained in the documents listed above, the instructions in paragraph d below apply.d. Contractor installed, maintained, and operated security communications are handled as follows:(1) Maintenance personnel assigned to maintain COMSEC equipment in fulfillment of a DA contract will becertified as meeting the formal training requirements of AR 2512. DD Form 1435 (COMSEC Maintenance Trainingand Experience Record) will be maintained on all maintenance personnel and valid

ated annually.(2) The COMSEC equipment in operational use must have all NSA mandated modifications applied.e. Access to classified COMSEC information may be given to U.S. citizens who have been issued a final securityclearance by the U.S. Government and have the need-to-know. Contractor-granted confidential clearances are not validfor access to classified COMSEC information. In addition to the above, the U.S.Army must formally authorizecontractor employees access to classified COMSEC information or a key as annotated in the DD Form 254 contract.The same applies to those who install, maintain or operate COMSEC equipment forthe Army. A statement that

contractor personnel are subject to the DACAP should be included in the DD Form254 Remarks section. Theprovisions of chapter 2 also apply.Chapter 5Management of Cryptosystems

51. General

A COMSEC objective of the Army is total encryption of all electrically transmitted information and data and use ofelectronic generation and distribution of key. Until total encryption can be achieved, COMSEC planning will include

a. Optimum use of available telecommunications systems employing on-line COMSECequipment for protecting allelectrically transmitted information.b. Use of manual and auto-manual COMSEC systems in those situations where on-line COMSEC equipment isunavailable or not suited for the mission.c. Although not a COMSEC system, the use of protected distribution systems (PDS)should be considered in thosesituations where on-line COMSEC equipment and manual or auto-manual systems arenot available or are unsuited forthe mission.52. Emergency requirements for CMCS key support

The CLSF will satisfy emergency requirements for key distributed through the CMCS from reserve stock. Controlling

8/7/2019 aragon reg


authorities will request emergency re-supply from their CLSF. The CLSF will notify CSLA of the re-supply. NSA willbe an information addressee.

53. Stockage levels for key

a. Normally, no more than four editions of a physical key distributed through th

e CMCS will be held in usersaccounts. Re-supply actions and unforeseen changes in usage may necessitate exceeding this level. However, a supplyof six editions (to include the current effective edition) will not be exceededwithout prior approval from HQDA(DAMICHS).b. Six editions of an irregularly superseded physical key distributed through the CMCS may be held even though theusage rate for such material is less than one edition per month. When the usagerate is more than one edition permonth, the controlling authority will establish stockage levels for a 6-month period.

54. Requests to establish cryptonets (requests for key)

a. All requests to establish cryptonets using CMCS distributed key, except SDNSand STUIII, will be validated bythe next higher headquarters or MACOM before being sent to CSLA to be filled (see TB 38041). See DA Pam 2516for ordering STUIII key.b. The CSLA can provide assistance in determining key requirements, the most suitable cryptosystem, and the bestpossible cryptonetting scheme.c. As the Army transitions to electronic key generation and distribution throughthe AKMS, establishing cryptonetsthat use a physical key will become the exception and, as such, will require spe

cific justification. This transition willoccur as follows:(1) As units within existing cryptonets begin to transition to AKMS, they will receive compatible key (the short titlewill be issued in both physical and electronic form) allowing them to maintain continuity until all elements of thecryptonet are AKMS-capable.AR 38040 30 June 2000


8/7/2019 aragon reg



(2) On the annual Cryptonet Evaluation Report, the CONAUTH will be required to justify any continued use ofphysical key.

(3) Once a complete cryptonet is AKMS-capable, the CSLA will discontinue directing the shipment of the physicalkey, unless the CONAUTH can justify a continued need.(4) Any new cryptonets established after the implementation of an AKMS workstation will automatically be issuedelectronic key unless they have requested and received an exception to policy for physical key.(5) Director, CSLA, will be the approving authority for all requests for physical key.55. Issue of key

a. The controlling authority will establish the amount of key that may be issued

to users. Only that amountnecessary to satisfy the immediate operational requirement, consistent with local re-supply capabilities, should beissued.b. Issue to users may be in whole editions, an extract of an edition, or a key tape segment. The issue of segmentsfrom a key canister is discouraged as it defeats the tamper protection providedby the canister.c. Editions or extracts (segments) of editions to be carried on special purposeaircraft (such as airborne commandposts) will be limited to the amount needed for the mission.56. Use of a classified key

In cases of operational necessity, key may be used to encrypt information classified one level higher than theclassification of the key. For example, confidential key may be used to encryptsecret information. Operationalnecessity will not be construed to apply to situations of a continuing nature. In emergency situations, key that providesthe greatest security protection available should be used to protect classifiedinformation, regardless of its classification.Key that is not classified will not be used to pass classified information. Classified key will not be downgraded ordeclassified without specific written authorization from the CONAUTH.

57. So-called used key

Key tape segments that have been removed from their canisters and used to load an electronic fill device are referred toas used key. This does NOT mean that the key is superseded. It remains operational(or in some cases, future) keyuntil it reaches the end of its crypto period. Unless the system security doctrine for the key states otherwise, thesesegments should be destroyed immediately after a successful load has been attained. The duplicate segments may bemaintained (for example, for use in cold start situations), at the discretion of the user or the CONAUTH, untilscheduled supersession of the key occurs.

Chapter 6Audits, Inspections, and Assessments

8/7/2019 aragon reg


61. General

Command COMSEC inspections and CSLA COMSEC audits/inspections will be conductedas outlined in this chapter.In addition, frequent inspections or checks of the account by assigned personnelare strongly recommended.

62. Command COMSEC inspections

The command COMSEC inspection is the backbone of the Armys efforts to ensure thatCOMSEC material is properlyprotected. The inspector must ensure that COMSEC material is being used, stored,distributed, destroyed, andaccounted for under this regulation and TB 38041. In situations where great distances separate various elements of aMACOM, making command inspection visits impractical, the MACOM should obtain assistance from qualifiedCOMSEC inspectors within the geographical areas.

a. Frequency of command inspections (see app E). The frequency of command inspections will be determined bythe MACOM based on sound risk-management principles. The following factors willbe used in determining whichaccounts to inspect.(1) The results of the last command inspection and CSLA COMSEC audit/inspection.Accounts achieving unsatisfactoryresults will be more likely to be inspected sooner.(2) The type and amount of material (especially paper-based key) held in the account and the sensitivity of programssupported by the account. The larger the account, the more sensitive the programs supported, the more likely the

account is to be inspected.(3) The threat in the geographic location of the account. Those accounts in higher threat areas should be inspectedmore frequently.(4) The number and type of COMSEC incidents occurring since the last inpection and the actions taken to correctAR 38040 30 June 2000


8/7/2019 aragon reg



the problems. The larger the number of incidents or the more serious the incidents are (for example, an evaluation ofcompromise versus no compromise), the more likely the account is to be inspected

.

(5) The training and experience level of the COMSEC custodian.b. Selection of a command inspector. Inspectors play a significant role in the Armys efforts to protect its COMSECkey and, thus, the information it encrypts/protects. Command inspectors must beselected based on their experience andknowledge of COMSEC policy and procedures. The command inspector must be familiar with COMSEC procedurescontained in this regulation and TB 38041. The command inspector will be a graduate of the TRADOC approvedStandardized COMSEC Custodian Course and have prior experience, either as a COMS

EC inspector or as a custodian.Command inspectors must meet the unwaived grade requirements for COMSEC custodians and be appointed in writing(see para 14g).c. Records of inspections. The inspection checklist in TB 38041 should be used asa guide for commandinspections. The results of the command inspection will be recorded on a memorandum. The results of the commandCOMSEC inspection will be maintained on file according to AR 254002 until the results of the next commandinspection are received. A copy will be provided to the unit commander and the MACOM Information SystemsSecurity Program Manager (ISSPM).

d. Discrepancies. Discrepancies discovered during command inspections must be reconciled within 30 days afterreceipt of the inspection report. A reply by endorsement will be forwarded to the command inspector, with a copyfurnished to the MACOM ISSPM.63. CSLA COMSEC audit/inspections

The formal CSLA COMSEC audit/inspection is the Army-wide vehicle to certify andvalidate central accountabilityand proper safeguarding and control of COMSEC material. The CSLA will conduct audit/inspections of ArmyCOMSEC accounts (to include sub-accounts and hand receipts as necessary) under the provisions of this paragraph.COMSEC accounts that hold both CMCS accountable COMSEC material and material governed by CJCSI 3260.01 aresubject to CSLA audits of the Army CMCS accountable material. Auditors will comply with CJCSI 3260.01 and obtainapproval from controlling authorities and the commander of the account prior tovisiting the account.

a. Conduct of CSLA audit/inspections. The CSLA audit/inspections will be conducted on an aperiodic, event-drivenbasis. Frequency of audit/inspections will be based on sound risk management principles as discussed below, exceptthat all accounts that hold COMSEC key classified TOP SECRET (this does NOT incl

ude unclassified STU-III seedkey capable of accessing a TOP SECRET circuit) will be audited at least once every 48 months. Accounts will not be

8/7/2019 aragon reg


audited/inspected more frequently than every 12 months, unless directed by the Office of the Deputy Chief of Staff forIntelligence (ODCSINT) (DAMI-CHS) or requested by the MACOM of that account.(1) Factors to be used in determining how frequently to audit/inspect an accountinclude, but are not limited to (a) The results of prior CSLA COMSEC audit/inspections.(b) The type and amount of material held in the account and the frequency of use

.(c) The threat in the geographic location of the account.(d) The number and type of COMSEC incidents occurring since the last audit and actions taken to correct them.(e) The training and experience level of the command inspector and the COMSEC custodian.(f) Recommendation of the MACOM.(2) Detailed procedures, criteria, and reporting instructions are in TB 38041. Audit/inspections will include, at aminimum, a total physical inventory of all COMSEC material charged to the account (to include sub-accounts and handreceipted material) and an examination of the following:

(a) Physical security measures in effect.(b) COMSEC material management.(c) Unit COMSEC operating procedures, security training, and level of general COMSEC awareness.(d) Equipment maintenance management, to include verification of required modifications.(e) Record of the last command COMSEC inspection and CSLA audit/inspection.(f) Check of accounting records.b. Notification of audit/inspection. CSLA COMSEC audit/inspections will be announced approximately 45 days inadvance. However, in unusual situations, CSLA may perform an unannounced audit/inspection. The decision to do thiswill be coordinated with the affected MACOM in advance. In this case, the Direct

or, CSLA, will provide the auditedunit with a memorandum (hand carried) identifying the auditor/inspector(s) and the reason the audit/inspection isunannounced.c. Actions prior to audit/inspection. Upon notification of a CSLA COMSEC audit/inspection, the commander of theunit whose account is to be audit/inspected will ensure the primary and/or alternate custodians are available during thescheduled audit/inspection. The CSLA will be notified by the commander within 5working days from initial receipt ofthe notification if neither the custodian nor alternate will be available. No more than 30 days prior to an audit,custodians will provide a semiannual inventory report (SAIR) to their sub-accounts and validate all hand receipts.d. CSLA auditor/inspectors. Qualified personnel who have been certified by the Director, CSLA, as COMSECAR 38040 30 June 2000


8/7/2019 aragon reg



auditor/inspectors will perform CSLA COMSEC audit/inspections. Certification ofboth military and civilian personnelis authorized. The CSLA COMSEC auditor/inspectors must meet the unwaived grade r

equirements for COMSECcustodians (see para 22).

e. Audit/inspection results.(1) Reports of CSLA COMSEC audit/inspections will be forwarded to the command within 45 days of the audit/inspection. Accounts will be rated as either satisfactory, marginal, or unsatisfactory, based on the auditor/inspectorsevaluation of all factors involved. Generally, the ratings will be based on thefollowing:(a) A satisfactory rating indicates the auditor/inspector found both the security and accountability of the COMSEC

material to be acceptable, even though minor discrepancies may exist.(b) A marginal rating indicates the auditor/inspector found numerous deficiencies, usually of an administrativenature, that do not directly impair the accountability or security of the material (for example, the requirement controlsymbol (RCS) left off the SF 153 (COMSEC Material Report); files being maintained beyond their cutoff dates; and soforth). However, they do reflect a failure on the part of the custodian to pay sufficient attention to detail, and theyindicate a potential for more serious problems in the future.(c) A rating of unsatisfactory indicates the auditor/inspector found serious problems such as the possible loss ofaccountability of COMSEC material or several deficiencies that directly impair a

ccountability or security of thematerial in the account (for example, unreported COMSEC incident involving lossof accountability; custodian fails tosubmit necessary accounting records to the ACCOR; unauthorized lock being used to secure classified COMSECmaterial; and so forth).(2) All discrepancies must be reconciled within 30 days of receipt of the reportand a reply by endorsementforwarded to CSLA, with an information copy to the MACOM ISSPM. For Reserve andNational Guard units,discrepancies will be resolved within 90 days after receipt of the report. The results of the COMSEC audit/inspectionwill be maintained on file according to AR 254002 until the results of the next audit/inspection are received.64. Annual COMSEC assessment

The CSLA will prepare an annual assessment of the sate of COMSEC operations within the Army. This report will bederived from the results of CSLA audit/inspections, COMSEC Incident Monitoring activities, and any special COMSECassessments performed during the year.

a. The assessment will include the following:(1) Total number of COMSEC accounts in the Army.(2) Number of accounts audited during the year (CONUS and OCONUS) and why they w

ere selected.(3) Number of accounts that received an UNSATISFACTORY rating and a discussion of the most prevalent reasons

8/7/2019 aragon reg


for the rating.(4) Number of accounts that received a MARGINAL rating and a discussion of the most prevalent reasons for therating.(5) Discussion of the most common findings in the audits.(6) Comparison with the previous 2 years to identify any trends.(7) Total number of COMSEC incidents reported during the year (CONUS and OCONUS)

.(8) Number of incidents that resulted in a finding of COMPROMISE or COMPROMISE CANNOT BE RULEDOUT.(9) Discussion of the most common causes of the incidents.(10) Comparison with the previous 2 years to identify any trends.(11) Recommendations to correct the problems noted.(12) Other information as appropriate.b. This assessment, covering the calendar year, will be available not later than1 April. The report will be addressedto the Deputy Chief of Staff for Intelligence (DAMI-CHS), with copies furnishedto each MACOM ISSPM.

65. Protective technology inspections

To ensure the integrity of protective technologies, the following inspections will be performed.

a. The custodian will inspect all protectively packaged material upon receipt, during each semi-annual inventory,and prior to opening or removal of the protective technology when required for use or maintenance.b. The USACSLA will inspect protected TOP SECRET material at COMSEC account locations on a random basissuch that 100 percent of the accounts will be inspected every 4 years. These inspections may include the use of

classified and other special inspection techniques made available by NSA.c. The USACSLA auditors will inspect protectively packaged material during audit/inspections.AR 38040 30 June 2000


8/7/2019 aragon reg



Chapter 7Surveillance

71. General

a. The most damaging COMSEC insecurity is the one that cannot be neutralized because the incident that caused itwas not reported. All persons who are responsible for protecting COMSEC materialmust be able to recognize anyincident that has the potential to develop into COMSEC insecurity and report itto cognizant authorities.b. Surveillance, in this context of COMSEC, is a methodology that allows for thecontinuous appraisal of securitystandards for COMSEC material used in the Army, and the identification, reporting, evaluation, and investigation of

any deviation from or circumvention of these standards.c. The goal of surveillance is (1) To reduce or eliminate conditions that cause or contribute to COMSEC incidents.(2) To minimize or negate the adverse effect of COMSEC insecurities.d. Incidents involving signal operating instructions (SOI) material are not COMSEC incidents under this regulation.If classified, they will be reported under the provisions of AR 3805 as a loss ofclassified information.e. Incidents or insecurities that are unique to a specific cryptosystem are contained in either the NAGs, KAOs,KAMs, limited maintenance manuals, or technical bulletins or in specific DA pamphlets.

72. Compromises and insecurities

a. A COMSEC insecurity is any investigated or evaluated incident that has been determined as jeopardizing thesecurity integrity of COMSEC material or the secure transmission of U.S. Government information. Any COMSECinsecurity that results in the known or presumed unauthorized access to COMSEC material is judged a compromise.b. There are three types of COMSEC incidents, any of that may be determined to be an insecurity:(1) Physical incidents. Any occurrence (for example, loss, theft, loss of control, capture, recovery by salvage,tampering, or unauthorized viewing, access or photography) that has the potential to result in the degradation of thesecurity integrity of COMSEC material.(2) Cryptographic incident. An equipment malfunction or operator or custodian error that adversely affects thecrypto-security of a machine, auto-manual, or manual cryptosystem.(3) Personnel incident. The capture, unauthorized absence, defection, attemptedrecruitment or control by a foreignintelligence service (FIS) entity of a person having knowledge of or access to COMSEC information or material.73. Reportable COMSEC incidents

Note: AR 38112 requires the local U.S. Army counterintelligence supporting unit t

o be notified of all reportableCOMSEC incidents. The following incidents will be reported to NSA, CSLA, the MACOM ISSPM, and the appropriate

8/7/2019 aragon reg


Controlling Authority (see TB 38041 for reporting procedures). CSLA, as the ArmysCOMSEC IncidentMonitoring Activity, will evaluate each to determine whether or not it is an insecurity. Production errors and reports ofdefective keying material are not considered COMSEC incidents. These are reported to NSA for resolution.

a. Incidents involving physical security.(1) Loss of accountability or control of COMSEC material. Any loss of COMSEC material because of technicalsurveillance, combat loss, or capture, theft, and so forth. COMSEC material thathad previously been reported asproperly destroyed when, in fact, the material was found not to have been destroyed. COMSEC material left unsecuredor unattended where unauthorized persons could have had access to it.(2) Unauthorized access to COMSEC material. Unauthorized copying, reproduction,or photographing of COMSECmaterial. Unexplained removal of key from its protective packaging. Unauthorizeddisclosure of COMSEC material.

Attempts by unauthorized persons to gain access to COMSEC material.(3) Receipt of COMSEC material through unauthorized shipping channels. Materialthat shows evidence of possibletampering. Material shipped via regular mail that should have been shipped via registered mail. Unexplained lack ofprotective technology on equipment. Damage to inner wrappings on packages.(4) Improper destruction of COMSEC material. Destruction without a witness or with an improperly clearedwitness. Destruction by other than authorized means. One signature on a destruction certificate. Material not completelydestroyed and left unattended.(5) Unauthorized maintenance of COMSEC equipment. Maintenance by unauthorized persons. Tampering with or

unauthorized modification of COMSEC equipment.(6) Deliberate falsification of COMSEC records or reports.(7) Loss of two-person integrity or no-lone zone for TOP SECRET keying material,except where a waiver has beengranted.(8) Any other occurrence that may jeopardize the physical security of COMSEC material or the information itprotects.b. Incidents involving cryptographic security.AR 38040 30 June 2000


8/7/2019 aragon reg



(1) Use of COMSEC keying material that is compromised, superseded, defective, orpreviously used (and notauthorized for reuse) or incorrect application of keying material; such as

(a) Use of keying material that was produced without the authorization of NSA (for example, homemade maintenanceor digital encryption standard (DES) key, homemade codes).(b) Use, without the authorization of NSA, of any keying material for other thanits intended purpose (for example,use of test key for operational purposes or use of a key on more than one type of equipment). This does not include theuse of operational key for training purposes when authorized by the controllingauthority.(c) Unauthorized extension of a crypto period.(2) Use of COMSEC equipment having defective cryptologic circuitry or use of anunapproved operating procedure,

such as (a) Plain text transmission resulting from COMSEC equipment failure or malfuncti

on.(b) Any transmission during a failure or after an uncorrected failure that may cause improper operation of COMSECequipment.(c) Operational use of COMSEC equipment without completion of a required alarm-check test or after failure of arequired alarm-check.(3) Use of any COMSEC equipment or device that has not been approved by NSA.(4) Discussions via non-secure telecommunications of details of a COMSEC equipment failure or malfunction.(5) Any other occurrence that may jeopardize the crypto security of a COMSEC sys

tem.c. Incidents involving personnel security.(1) Known or suspected absence without leave, defection, espionage, treason, orsabotage by a person having accessto or a detailed knowledge of COMSEC information.(2) Any other occurrence that may jeopardize the security of COMSEC material orthe information it protects.d. Administrative incidents. The following administrative incidents will be reported only to the Controlling Authorityand considered to be actions that jeopardize the integrity of COMSEC material:(1) Premature or out-of-sequence use of keying material without the approval ofthe controlling authority, as long asthe material was not reused.(2) Inadvertent destruction of keying material or destruction without authorization of the controlling authority, aslong as the destruction was properly performed and documented.(3) Removing keying material from its protective packing prior to issue for useor removing the protectivepackaging without authorization, as long as the removal was documented and therewas no reason to suspect espionage.(4) Destruction of COMSEC material not performed within required time limits, provided continuous accountabilityand control prevented unauthorized access. Note: Unauthorized access or any retention of CRYPTO key 30 days ormore past its supersession date will be reported as a physical COMSEC incident p

er a above.74. Types of reports

8/7/2019 aragon reg


a. Initial report. This report will be submitted for each reportable COMSEC incident. When all the facts regardingthe incident are included in an initial report, that also contains all the information required by paragraph c below,subsequent reporting is not required. In this case, the initial report will alsobecome the final report and will so state.b. Amplifying report. This report will be submitted when there is new informatio

n regarding an incident for whichan initial report has been submitted or every 30 days until a final report is submitted. It may also serve as a final report(see para c below).c. Final report. This report is always required (although it may be incorporatedinto the initial or amplifying reportwhen appropriate) and must always contain a summary of the results of all inquiries and investigations. This report willinclude the corrective measures taken or planned to minimize the possibility ofa recurrence.d. Abbreviated reports. During ground combat operations, abbreviated reports maybe submitted to report incidents

involving physical security of key. This type of report will give sufficient details to enable the controlling authority toassess whether a compromise resulted. At a minimum, this type of report must answer the questions who, what, when,where, and how. Where the Controlling Authority orders an unscheduled supersession of key as a result of the incident,a subsequent complete report will be submitted, under this paragraph, as soon aspossible.75. Classification of COMSEC incident reports

The COMSEC incident reports will be classified according to content. Appendix Bcontains classification guidance.Unclassified reports will be marked FOR OFFICIAL USE ONLY and exempted from auto

matic disclosure under theprovisions of AR 2555, Exemption Category 7.

76. Regulations governing reporting

a. The COMSEC incident reports constitute official command correspondence. Theywill be submitted by or for thecommander. Use direct channels to ensure the report is received within the required time frame. At a minimum, thesereports will contain that information required by TB 38041. Incident reports thatinvolve Joint Staff positive controlAR 38040 30 June 2000


8/7/2019 aragon reg



material and devices must be addressed in accordance with requirements of CJCSI3260.01. Reporting commands areresponsible for notifying their chain of command that a COMSEC incident has occu

rred.

b. The discovery of possible clandestine intercept devices or the loss of COMSECinformation through compromisingemanations (TEMPEST) will be reported under AR 38114 (S).c. Suspected deliberate security compromises or possible involvement of foreignintelligence services or foreignnational personnel will be reported under AR 38112.77. Report precedence and timeliness

a. Message precedence for action addressees and report submission times are indicated below. A lower precedence

may be given to information addressees. Reports not submitted within the prescribed time frames will contain anexplanation for the delay.b. Initial reports for the following will be submitted within 24 hours of discovery of the incident, at IMMEDIATEprecedence for ACTION addressees and ROUTINE precedence for INFORMATION addressees.(1) Currently effective key or key scheduled to become effective within 15 days. (2) Possible defection, espionage, clandestine exploitation, tampering, or sabotage or unauthorized copying, reproduction,or photographing.(3) Recently (within 30 days) superseded key.

c. Initial reports for the following will be submitted within 48 hours of discovery of the incident and at PRIORITYprecedence:(1) Future key scheduled to become effective in more than 15 days.(2) Superseded (over 30 days ago), reserve, or contingency key.d. Initial reports of any COMSEC incident not covered in paragraphs b and c, above, will be reported within 72hours of discovery of the incident, normally at ROUTINE precedence. However, ifthe incident has significant potentialimpact, originators should assign higher precedence.e. Amplifying and final reports will normally be assigned ROUTINE precedence. However, they may be assigned ahigher precedence if they contain significant new information that will impact on the evaluation of the incident.f. Initial and amplifying reports may be transmitted during MINIMIZE, but finalreports should not.78. Counterintelligence assessments

a. The human intelligence (HUMINT) threat to COMSEC has been documented as a continuous threat. In order tocombat this threat, each reportable COMSEC incident will be reviewed to determine whether or not an assessment offoreign intelligence service involvement is required. The supporting counterintelligence (CI) unit will be notified of theincident. They will assist in making an initial determination as to whether or n

ot a formal CI assessment is required.Refer to appendix B for classification guidance when reporting to the CI unit.b. Suspicion or clear evidence of an incident listed below suggests foreign inte

8/7/2019 aragon reg


lligence service involvement and mustbe reported as such:(1) Attempts by unauthorized persons to obtain COMSEC information through questioning, elicitation, trickery,bribery, threats, coercion, either through direct or indirect personal contacts. (2) Attempts by unauthorized persons to obtain COMSEC information through photog

raphs, observation, documentcollection, or by other means.(3) Unexplained or unjustifiable loss of COMSEC material, except that caused bycombat or a natural disaster.(4) Incidents or situations that appear to be deliberate circumvention of COMSECaccounting and control procedures,including falsification of destruction reports.(5) Known or suspected acts or plots to damage or destroy COMSEC material by sabotage.(6) Tampering with or unauthorized modification of COMSEC equipment or key.c. Results of an informal inquiry conducted by the commander of the reporting unit will be included in either the

initial, amplifying, or final COMSEC incident report.79. Evaluations

a. COMSEC incidents are evaluated on the basis of information contained in the COMSEC incident reports andconsiderations of the security characteristics of the cryptosystem involved. Evaluations are made to determine the effectof the occurrence on the cryptosystem involved. When a cryptosystem has been declared compromised, it will not beused for further encryption unless it is operationally essential to encrypt messages before the supersession date, andanother suitable system is not available. Evaluations are performed at differentlevels for different types of incidents.

(See TB 38041.)b. Evaluation of a COMSEC incident will result in one of the following determinations:(1) Compromise. This evaluation will be used when material is irretrievably lostor available information clearlyproves that the material was made available to an unauthorized person. This willalways be declared an insecurity.(2) Compromise cannot be ruled out. This evaluation will be used when availableinformation indicates that theAR 38040 30 June 2000


8/7/2019 aragon reg



material could have been made available to an unauthorized person, but there isno clear evidence that it was. This maybe declared an insecurity.

(3) No compromise. This evaluation will be used when information clearly indicates the material was not madeavailable to unauthorized persons. This will not be declared an insecurityc. Evaluation of COMSEC incidents will be as follows:(1) NSA will evaluate (a) All cryptographic and personnel COMSEC incident reports.(b) All physical COMSEC incident reports involving keying material where the controlling authority cannot beidentified.(c) All reported COMSEC incidents concerning tampering, sabotage, evidence of covert penetration of packages,

evidence of unauthorized or unexplained modification to COMSEC equipment, security containers, or vaults whereCOMSEC material is stored and other COMSEC material promulgated by NSA (for example, documents algorithms,logic).(d) Coordinate evaluation of COMSEC incidents having significant logistic impact.(e) All reports of physical incidents involving maintenance key, cryptosystems operating and maintenance instructionsand general COMSEC publications produced by NSA.(f) Incidents involving multiple controlling authorities or more than one department or agency.(g) All physical incidents involving a key being processed through or stored in

COMSEC logistics channels that hasnot reached the custodian or custodians of user accounts.(2) The Army COMSEC Incident Monitoring Activity will monitor and review all COMSEC incident reportsinvolving Army organizations and will (a) Evaluate all physical incidents involving multiple controlling authorities of the same department or agency.(b) Evaluate physical incidents involving a single controlling authority of thesame department or agency when thatcontrolling authority caused the incident.(c) Have final adjudication authority to determine when a reported COMSEC incident has resulted in a COMSECinsecurity.(d) Immediately report the following COMSEC incidents to the Deputy Chief of Staff for Intelligence, ATTN:DAMICHS:1. Loss or theft of mission/Intertheater COMSEC Package (ICP) key.2. Falsification of records that results in a compromise of key.3. Any incident that may impact mission critical command, control, and communications (C3) operations.(e) Direct additional reporting as warranted.(3) The Controlling Authority will (a) Evaluate physical COMSEC incidents involving keying material they control, except as specified in paragraphsabove. Controlling authorities for communications-electronics operating instruct

ions (CEOI)/joint CEOI (JCEOI)/signaloperating instructions (SOI) material will evaluate incidents as specified in AR3805.

8/7/2019 aragon reg


(b) Inform CSLA and NSA of all evaluations.(c) Initiate recovery actions in accordance with TB 38041 when they believe material has been compromised. Note:Controlling Authority responsibilities regarding COMSEC incidents are limited toinitiating precautionary supersessionor other recovery actions as warranted and rendering an evaluation as part of the administrative closure. Related items

such as recommending disciplinary action are outside of the controlling authoritys purview.710. Damage assessment

a. The Controlling Authority will promptly notify all net members when net key is compromised or involved in anincident where compromise cannot be ruled out. In turn, net members will promptly notify all supported commandersthat their net key has been compromised or subject to possible compromise and that all their communications occurringsince that time have been or may have been affected.b. When a supported commander is notified of a compromise involving key, that co

mmander will determine if andto what degree the compromise effects operations. In making this damage assessment, the commander must considerthe type, sensitivity, and classification of information transmitted and the vulnerability of the transmission. Wheneverthe circumstances dictate, the commander will, as part of the assessment, directa review of all messages encryptedwith the compromised key and take appropriate actions. An overall review of theeffects of the compromise should bemade at each major headquarters and the Controlling Authority should be notifiedof all conclusions. Informationinvolved in a compromise will not be automatically downgraded or declassified because of the compromise. The

classified information contained therein should be reevaluated and downgraded ordeclassified, as appropriate, underAR 3805, paragraph 2210.c. The NSA will evaluate all COMSEC incidents involving SDNS and STUIII key. Reports will be addressed toDIRNSA and to CSLA.AR 38040 30 June 2000


8/7/2019 aragon reg



711. Investigations

In certain situations, commanders may determine that an investigation of a COMSE

C incident is warranted under theprovisions of AR 156. This is the commanders prerogative. When an AR 156 investigation is conducted theconvening authority for the investigation will make one copy (or a summary) of the report available upon request toCSLA for use in evaluating the COMSEC incident, as well as to the appropriate MACOM headquarters.

Chapter 8Department of the Army Cryptographic Access Program

81. General

The Department of the Army cryptographic access program (DACAP) governs the granting of access to classifiedcryptographic information that is owned, is produced by or for, or is under thecontrol of the Department of the Army.

82. Program applicability

a. This program applies to all U.S. Army military personnel and civilian employees, including those assigned to theReserve components and the National Guard Bureau, and agents of the department of the Army, who have access toclassified cryptographic information as described below. The term agents, as use

d herein, refers to contractors,consultants, and other persons affiliated with the Department of the Army.b. The program also pertains to persons assigned the following duties that require continuing access to cryptographicinformation classified TOP SECRET. The fact that an individual has a TOP SECRETclearance or that the COMSECaccount is approved for TOP SECRET material is not sufficient to meet the requirement for continuing access. Actual TOP SECRET cryptographic information must be present in the account.(1) Communications security (COMSEC) custodians, alternates, and hand-receipt holders.(2) Producers or developers of cryptographic key or logic.(3) Personnel who certify or recertify cryptographic key generating equipment.(4) Personnel who perform administrative and supply functions at locations wherecryptographic keys are generatedor stored (only those personnel actually having access to such materials).(5) Personnel whose duties require keying of cryptographic equipment.(6) Personnel who prepare, authenticate, or decode nuclear control orders (actual or exercise).c. The program also pertains to cryptographic maintenance, engineering, or installation technicians who meet the fullmaintenance qualifications of AR 2512 and have access to full maintenance manualsthat contain cryptologic,regardless of their classification.d. However, this program does not apply to individuals whose duties are to opera

te (not to key or maintain) systemsusing cryptographic equipment nor does it apply to persons who use a KOV14, FORTEZZA Plus Card, a KSD64A

8/7/2019 aragon reg


cryptographic ignition key to access the secure features of the SDNS or STUIII device. Further, this policy does notapply to COMSEC inspectors, investigators, or CSLA auditors unless they also fitinto one of the categories inparagraph b above.e. All Federal agencies requiring access to classified cryptographic informationare required to have a Cryptographic

Access Program. In situations where the Army provides COMSEC support to anotherDOD element or a non-DODgovernmental agency, the Army COMSEC custodian providing the material will request a statement from the supportedagency verifying that they are in compliance with the cryptographic access requirements of National Telecommunicationsand Information Systems Security Policy (NTISSP) No. 3, National Policy for Granting Access to U.S.Classified Cryptographic Information. If the custodian is unable to obtain thisverification, he or she will immediatelynotify the Deputy Chief of Staff for Intelligence (DAMICHS), with an informationcopy to CSLA (SELCLLROM)

and request guidance.83. Conditions for granting access

It is Army policy that a person may be granted access to classified cryptographic information, as specified in paragraph82 above, only if that person

a. Is a U.S. citizen.b. Is a member of the U.S. Army, a civilian employee of the Department of the Army (DA), or a DOD clearedcontractor or employee of such contractor or is employed as a DA representative(including consultants of the DA).c. Requires access (as defined in para 22d) to perform official duties for or on

behalf of, the Department of theArmy.d. Possesses a security clearance appropriate to the level of the classified cryptographic information to be accessed.e. Receives a security briefing detailing the sensitive nature of crypto material and the individuals responsibility forprotecting the crypto material (see app F).AR 38040 30 June 2000


8/7/2019 aragon reg



f. Acknowledges the granting of access by signing section I of the cryptographicaccess certification and terminationmemorandum (app F).

g. Agrees to report all foreign travel and contacts in accordance with AR 38067.h. Acknowledges the possibility of being subject to a counterintelligence scopepolygraph examination administeredin accordance with the provisions of DOD 5210.48R. No adverse action will be taken against any individual basedsolely on the results of a CSP.84. Procedures

a. Granting cryptographic access.(1) The COMSEC custodian is responsible for advising the commander on who shouldbe granted cryptographicaccess. The custodian is also responsible for notifying the unit Security Manage

r when any individual no longerrequires access.(2) The unit commander is responsible for identifying those personnel requiringcryptographic access (see para 82above).(3) The unit security manager will be the unit DACAP point of contact (POC) andsubmit initial and update reportsto the MACOM DACAP POC any time a person is added or deleted to the program.(4) The unit security manager will administer the cryptographic access briefingand prepare the CryptographicAccess Certification and Termination memorandum (see app F). The security manager will also be responsible forpreparing the termination of access portion when an individuals access is termina

ted for any reason.(5) The Cryptographic Access Certification and Termination memorandum will be retained locally for 2 yearsfollowing termination of access. The memorandum will be maintained in accordancewith appendix C.(6) Any individual who refuses to sign section I of the Cryptographic Access Certification and Terminationmemorandum will be denied access to all classified cryptographic information.b. Withdrawing cryptographic access. Cryptographic access will be withdrawn whenever an individual is no longerqualified for access to classified cryptographic material. Examples include reassignment to a position not requiringaccess, termination of employment, suspension of access, or revocation of clearance. Whenever cryptographic access iswithdrawn, the individual will be debriefed and will sign the termination of access portion of the memorandum. Thesecurity manager will complete the termination of access portion of the Cryptographic Access Certification andTermination memorandum.(1) If the cryptographic access is withdrawn as a result of the suspension of anindividuals access to classifiedinformation, the memorandum will be held in a suspense file until the case has been adjudicated.(a) If, after adjudication by the central clearance facility (CCF), the commander decides to grant access again, the

security manager will brief the individual, complete a new memorandum, and handle it according to paragraph a(4)above.

8/7/2019 aragon reg


(b) If after adjudication by CCF, the commander decides not to grant access again, the memorandum, with thetermination of access portion completed, will be maintained according to paragraph a(4) above.(2) If the individuals access is withdrawn for administrative reasons or revoked,the termination of access portion ofthe memorandum will be completed and the memorandum maintained according to para

graph a(4) above.(3) Any individual who signs section I of the cryptographic access certificationand termination memorandum andthen later refuses to submit to the CSP exam, will have his or her access suspended and will become the subject of acounterintelligence (CI) investigation. In the case of civilian personnel, whensuch suspension will result in removal ofthe individual from his or her position or involuntary reassignment to other duties, the withdrawal should becoordinated with the servicing installation labor counselor before any action istaken.c. Polygraph notification. The INSCOM polygraph element will notify the MACOM, M

SC, or FOA POC of thelocation, times, and number of personnel they are prepared to examine.d. Polygraph selection. The MACOM, MSC, or FOA POC will ensure that the appropriate number of personnel arerandomly selected and notified. A list of the names of the individuals selectedwill be provided to the supportingINSCOM polygraph element.e. Individuals available for examination. Unit commanders will ensure that the selected individuals are available forthe examination.f. Individuals not available for examination. The INSCOM polygraph element willadvise the MACOM, MSC, orFOA POC of any personnel who did not show up for the exam.

85. Other organizations or agencies

In instances where Army COMSEC key classified TOP SECRET is being hand receiptedto personnel from otherServices or DOD organizations, those personnel must be in that Service or organizations cryptographic accessprogram. If it is not considered feasible for them to be enrolled in the programor if that Service or organization doesnot have a cryptographic access program, notify HQDA (DAMICHS). The same appliesto situations where therecipient of the key belongs to a non-DOD organization or activity.

AR 38040 30 June 2000


8/7/2019 aragon reg



Appendix AReferences

Section IRequired Publications

The following publications are required for the user to understand this publication. These publications DO NOT haveto be on-hand in the COMSEC account.

AR 2555

The Department of the Army Freedom of Information Act Program. (Cited in para 75,B8.)

AR 19051

Security of Unclassified Army Property (Sensitive and Nonsensitive). (Cited in para 14)

AR 31025

Dictionary of United States Army Terms. (Cited in paras 13, B4.)

AR 3805

Department of the Army Information Security Program (Cited in paras 24, 27, 216, 217, 222, 79, 710.)

AR 38019

Information Systems Security. (Cited in paras 14, B11.)

AR 38067

The Department of the Army Personnel Security Program. (Cited in paras 23, 83.)

AR 7102

Inventory Management Supply Policy Below the Wholesale Level. (Cited in paras 11,14, 24.)

AR 7103

Asset and Transaction Reporting System. (Cited in paras 11, 14.)

DA PAM 19051

Risk Analysis for Army Property. (Cited in para 14)

DOD 4500.9R, Part II

Defense Transportation Regulation (Cargo Movement). (Cited in paras 217b(1) and 21

7d.)

FAA Advisory Circular 1083

8/7/2019 aragon reg


Screening of Persons Carrying U.S. Classified Material. Obtain from the U.S. Government Printing Office. (Cited inpara 217j(2).)

Joint Publication 102

Department of Defense Dictionary of Military and Associated Terms. (Cited in para 13, B4.)

Section IIRelated Publications

A related publication is a source of additional information. The user does not have to read a related publication tounderstand this regulation.

AR 156

Procedures for Investigating Officers and Boards of Officers.

AR 2512

Communications Security Equipment Maintenance and Maintenance Training

AR 254002

The Modern Army Recordkeeping System (MARKS).

AR 38040 30 June 2000


8/7/2019 aragon reg



AR 19011

Physical Security of Arms, Ammunition and Explosives.

AR 38010

Technology Transfer, Disclosure of Information and Contacts with Foreign Representatives.

AR 38112

Subversion and Espionage Directed Against the U.S. Army (SAEDA).

AR 38114(S)

Technical Surveillance Countermeasures (TCI) (U).

AR 38120

The Army Counterintelligence Program.

AR 7355

Policies and Procedures for Property Accountability.

AR 735112/DLAR 414055/SECNAVINST 4355.18/AFR 40054

Reporting of Item and Packaging Discrepancies.

AR 7501

Army Material Maintenance Policy and Retail Maintenance Operations.

ARKAG 1 (S)

Status of COMSEC Aids Material (U).

DA Pam 253802 (FOUO)

Security Standards for Controlled Cryptographic Items.

DA Pam 2516

Security Procedures for the Secure Telephone Unit, Third Generation (STU III)

DA PAM 2535 (C)

Military Publications Index of Communications Security (COMSEC) (U).

DCID 1/21

Physical Security Standards for Sensitive Compartmented Information Facilities (SCIF)

DOD 5220.22M

8/7/2019 aragon reg


National Industrial Security Program Operating Manual.

DOD 5210.48R

Polygraph Program

DOD 5220.22R

Industrial Security Regulation.

DOD 5220.22S

COMSEC Supplement to Industrial Security Manual for Safeguarding Classified Information.

DODD 5205.8

Access to Classified Cryptographic Information.

TB 38041 (FOUO)

Procedures for Safeguarding, Accounting and Supply Control of COMSEC Material.

RCS CSGID131

Cryptosystems Evaluation Report

AR 38040 30 June 2000


8/7/2019 aragon reg



Section IIIPrescribed Forms

This section contains no entries

Section IVReferenced Forms

DA Form 112R

Management Control Evaluation Certification Statement

DA Form 1999R

Restricted Area Visitors Register

DA Form 2012

COMSEC Account Data

DD Form 254

Contract Security Classification Specification

DD Form 1435

COMSEC Maintenance Training and Experience Record

SF 153

COMSEC Material Report

SF 700

Security Container Information

Appendix BClassification Guidelines for COMSEC Information

B1. Purpose

This appendix provides classification guidance for COMSEC information.

B2. Applicability and implementation

The information contained in this appendix is applicable to all persons who classify, mark, or handle COMSECinformation. The information contained in this appendix will be given appropriate dissemination on a need-to-knowbasis. In instances where more stringent classification guidance exists (for example, in system-specific securityguidance), that guidance will be used. All classification guidance for contractors is to be provided by DD Form 254.

Queries concerning COMSEC-related topics or subjects should be directed to HQDA(DAMICH).

8/7/2019 aragon reg


B3. Duration

Unless a particular item of COMSEC information will become declassified at a particular time or following a specificevent, the guidance prescribed herein has indefinite duration. Information classified according to this appendix will bemarked-DERIVED FROM: NTISSI NO. 4002, CLASSIFICATION GUIDE FOR COMSEC INFORMATIO

N (S):DATED 5 JUNE 1986. DECLASSIFY ON: X1 In those instances where documents are prepared from multiplesources, the declassification date or event that provides the longest period ofclassification will be used.

B4. Definitions

The definitions contained in AR 31025 and Joint Pub 102 apply to this appendix, with the exception of the termsCRYPTO and COMSEC crypto-algorithm, which are defined as follows:

a. CRYPTO. A marking or designator identifying all COMSEC key used to protect orauthenticate telecommunicationscarrying classified national security information and sensitive, unclassified U.S. Government or U.S. Government-derived information, the loss of which could adversely affect national securityinterests.b. CRYTPO-algorithm. A well-defined procedure or sequence of rules or steps, ora series of mathematical equationsused to describe cryptographic processes such as encryption/decryption, key generation, authentication, signatures, andso forth.AR 38040 30 June 2000


8/7/2019 aragon reg



B5. CRYPTO-marked information

The following guidance is provided with respect to the marking CRYPTO:

a. Documents, correspondence, messages, memoranda, publications, reports, and specifications will not be markedCRYPTO unless they contain cryptographic key.b. In documents that require the CRYPTO caveat, the caveat will appear at the bottom of each page, immediatelyfollowing the classification. Marking CRYPTO will always be capitalized.B6. Foreign release

COMSEC information in any form is not releasable to foreign nationals unless specifically authorized. Requests forrelease will be forwarded through command channels to HQDA (DAMICHS). When a dete

rmination has been madethat there is a risk of unauthorized foreign access to specific classified COMSEC material or when a specific priordetermination has been made that the material will not be released, it will be marked NOT RELEASABLE TOFOREIGN NATIONALS or NOFORN. Regardless of the presence or absence of the NOFORN marking, noCOMSEC material or information may be released to a foreign nation, foreign national, or an international organizationwithout the express permission of HQDA (DAMICHS).

B7. COMSEC equipment and related documentation

The classification of all COMSEC equipment used to protect or authenticate classified national security information,other sensitive but unclassified U.S. Government or U.S. Government-derived information, or transmission securityprocesses is determined by NSA. Guidance for the classification and marking of such equipment and the documentationassociated with their development, production, maintenance, and use are set forth below.

a. Documentation pertaining to cryptographic logic. In development contracts, documentation pertaining to cryptographiclogic, including crypto-algorithms and any associated software coding, will normally be classified SECRETand declassified upon the determination of the originating agency.b. Production of unclassified COMSEC equipment. Production of unclassified COMSEC equipment is normallydone in uncleared contractor facilities. However, in production contracts, documentation pertaining to the cryptographiclogic of such equipment will be classified at least CONFIDENTIAL and will be declassified only upon the originatingagencys determination.c. Production of classified COMSEC equipment. Production of classified COMSEC equipment must be done incleared facilities. In production contracts, documents pertaining to the cryptographic logic of such equipment will be

classified at least at the level of the associated equipment and will be declassified only upon the originating agencysdetermination.

8/7/2019 aragon reg


d. Full maintenance manuals. COMSEC software and other technical documentation that provide detailed schematicsor descriptions of the cryptographic circuits of specific cryptosystems will beclassified at least CONFIDENTIALand will be declassified only upon the originating agencys determination.e. Items impossible to physically mark. Because of the size or configuration, itmay be impossible to physically mark

certain COMSEC items with the required classification authority and declassification notice. In such cases, thesenotices will be included on the associated documentation or package.B8. Application of the marking FOR OFFICIAL USE ONLY

The marking FOR OFFICIAL USE ONLY (FOUO) is to be used only for information that may be withheld from thepublic for one or more reasons cited in AR 2555. The marking FOUO will be applied to unclassified COMSECinformation (according to AR 2555) when the preparing organization determines that such information qualifies forthe FOUO marking under the Freedom of Information Act (FOIA). The acronym FOUO i

s to be used for individualparagraphs when required and for electronic communications. The marking FOUO should be considered for thefollowing types of unclassified information:

a. Narrative technical information on the characteristics of COMSEC equipment.b. Indications of new COMSEC developments.c. Any COMSEC planning, programming, and budgeting information.d. Specifications and purchase descriptions pertaining to COMSEC equipment or the support of unique COMSECrequirements.e. Publications on ancillary equipment developed exclusively for use with COMSECequipment.

f. Handling instructions and doctrinal information relating to COMSEC material.g. Manual cryptosystems produced exclusively for sample and unclassified training purposes.h. Unclassified COMSEC material reports (SF 153).B9. Compilation of unclassified COMSEC information that may warrant classification

When unclassified COMSEC information is assembled for publication, good judgement must be exercised by thepreparing organization in deciding whether such information in the aggregate needs classification before publication.

AR 38040 30 June 2000


8/7/2019 aragon reg



The classification authority should carefully weigh the value of COMSEC information to hostile intelligence organizationsand consider whether access to the information would assist these organizations

in deploying their collection andanalytical resources in exploitation efforts, especially when the information contains details about new systemsemploying COMSEC equipment. Following are examples of compilations of unclassified information that may requirea minimum classification of CONFIDENTIAL.

a. Detailed planning and implementation information on COMSEC equipment to be deployed. Additionally, planningor operational information that could be used by foreign intelligence activitiesfor targeting.b. Information on crypto systems, equipment, components in development or to be

fielded together, with amplifyingdetails such as how, when, where, and why the equipment is to be deployed and used.c. Complete parts list for COMSEC equipment.d. A complete or substantially complete listing of unclassified short and long titles of equipment in the departmentor agency COMSEC inventory and their supporting documents.e. Compilations of narrative technical information describing the characteristics and functions of classified COMSECequipment.f. Total COMSEC program and budget information for individual departments and agencies.B10. Key classification

Normally, key will be assigned a classification equal to the highest classification of the information to be encrypted.

B11. COMSEC classifications

a. General.(1) Operational, exercise, and training key being used where information is transmitted using telecommunications.Classify based on content of information protected. They are marked CRYPTO.(2) Training key being used in a classroom or other situations where informationis not transmitted. Classify basedon content of the information protected. Usually the key is marked to resemble operational key with the note FORTRAINING ONLY. (3) Test key for on-line testing of equipment. Classify based on net circuitry or intended level of information andequipment parameters protected. It is marked CRYPTO.(4) Maintenance key for off-line or in-shop use. Classify based on intended level of information and equipmentparameters being protected.(5) Sample key for demonstration use. Classify based on content. Normally it ismarked to resemble operational key.(6) Cryptographic ignition key. UNCLASSIFIED.b. Crypto equipment characteristics.

(1) Information that reveals that an equipment encrypts or decrypts or conformsto Military Standard (MILSTD)188 or the fact that equipment has anti-jam or low probability-of-intercept (LPI

8/7/2019 aragon reg


) capability is UNCLASSIFIED.(2) The fact that a COMSEC equipment item has an anti-depth or anti-spoof capability is CONFIDENTIAL.(3) Identification of a particular COMSEC equipment item with a particular system is unclassified FOUO.(4) Interface control documents or specifications that include descriptive amplifying information regarding COMSEC

functions, rules or motion, internal activities, and security techniques are classified at the level of the equipmentcryptologic.(5) Information indicating that a specific COMSEC equipment item employs a covernamed cryptographic logic isUNCLASSIFIED.(6) Information concerning COMSEC equipment if it reveals or can be associated with any of the following types ofinformation about an equipment item:(a) Specific cryptologic details and parameters information is SECRET.(b) Specific anti-tamper and anti-tapping design details and parameters information is SECRET NOFORN.

(c) Reasons for certain design features information is SECRET NOFORN. It may bear higher classification than thedetails of the design.(7) Information concerning test equipment (for example, factory, field, or depottest equipment) reflecting any of theinformation covered in paragraph (6) above is classified SECRET.(8) Magnetic media (for example, core memory disks, drums, tapes) that have heldkey designated CRYPTO mustretain the highest classification of any information previously recorded on them. They cannot be declassified.(9) Magnetic media that have never held key designated CRYPTO may be declassified using the procedures in AR38019.

(10) Classify information as SECRET, including photo masters, drawings, etched boards, and diagnostic testroutines of classified COMSEC equipment and components, such as printed circuitboards, modules, and so forth, if theinformation reveals the same as may be obtained from an examination of the complete component.(11) The fact that a randomizer is used in a specific COMSEC equipment or cryptoalgorithm is unclassified FOUO.(12) The randomizer itself and documentation that reveals the complete design are CONFIDENTIAL.AR 38040 30 June 2000


8/7/2019 aragon reg


8/7/2019 aragon reg


MSEC hardware following reentryinto the earths atmosphere is SECRET NOFORN.(4) Details or amplification of the cryptographic capabilities, characteristics,or limitations of a weapon system areCONFIDENTIAL NOFORN.(5) Information revealing the extent of support furnished by NSA for a specificspace system is SECRET NOFORN

at a minimum and, depending upon the program involved, may be TOP SECRET.(6) Information revealing the extent of support furnished by NSA for a specificweapons system is SECRET unlessspecifically downgraded.(7) Information or evaluation revealing the vulnerability of a weapons systems COMSEC subsystem and associatedstorage media is TOP SECRET NOFORN.(8) Launch evaluations of weapons systems and COMSEC sub-systems that reveal weaknesses or threats that maybe applicable to other weapons systems are TOP SECRET NOFORN.(9) Evaluations that reveal the vulnerability of a space COMSEC system to cryptanalysis are TOP SECRET

NOFORN.f. Abandonment and recovery of COMSEC material.(1) The location of a recovery area when release of the location is essential tosave or protect human life isunclassified FOUO. The location is releasable to any person or nation by any communications means that will expeditethe search and rescue efforts. The fact that COMSEC material may be recoverableshould not be mentioned in thecommunication.(2) The fact that key or keyed COMSEC equipment of a particular site or elementmay have been compromised isCONFIDENTIAL. It may be transmitted in the clear if essential to emergency supersession actions to minimize

damage from compromise and if no secure communications means is available.(3) The location of recovery or abandonment area when key or keyed COMSEC equipment is involved is classifiedat the same level as the key involved, when preservation of life is not an issue.AR 38040 30 June 2000


8/7/2019 aragon reg



(4) The location of recovery or abandonment area for classified COMSEC equipmentor logic is SECRET when thepreservation of life is not an issue.

(5) The location of recovery or abandonment area of unkeyed CCI and CONFIDENTIALCOMSEC aids isCONFIDENTIAL, when preservation of life is not an issue.g. Security fault analysis, cryptanalysis, crypto key extraction, and tamperingor bugging.(1) The classification of the terms security fault analysis, cryptanalysis, failure modes and logic effects, keyextraction analysis, and tampering or bugging analysis, as well as their definitions, is UNCLASSIFIED.(2) The statement that equipment may contain security fault deficiencies withoutmentioning specific deficiencies oreffects is CONFIDENTIAL.

(3) Statements and details about specific unremedied weaknesses of COMSEC equipment or functions within asystem, including specific vulnerabilities to cryptanalysis, TEMPEST, exploitation, tampering, key extraction, securityfault analysis, and so forth are TOP SECRET NOFORN.(4) A statement about the types of security fault deficiencies and their effectsis SECRET NOFORN.(5) The statement, without giving details, that a particular equipment has a cryptanalytic weakness is SECRETNOFORN.(6) The statement, without giving details, that the security life of a particular equipment (including CCI) extends tothe year (xxxx) is SECRET NOFORN.

(7) A statement about the types of key extraction and/or tampering or bugging attacks is SECRET NOFORN.(8) The statement that a specific equipment contains no security fault deficiencies or that a specific equipment is notvulnerable to key extraction or tampering and bugging attacks is UNCLASSIFIED.(9) The statement, without details, that a specific equipment contains securityfault deficiencies or that a specificequipment is vulnerable to key extraction or tampering and bugging attacks is SECRET NOFORN.(10) The description of types of attacks related to key extraction or tamperingand bugging without mentioningspecific equipment (in its pre-production phases of development) contains security fault deficiencies is SECRETNOFORN.(11) The statement, giving details, that a specific equipment (in its pre-production phases of development) containssecurity fault deficiencies is SECRET NOFORN.(12) The statement giving details that a specific equipment contains security fault deficiencies, information revealingspecific components or circuits within a specific equipment designed to protectagainst security fault deficiencies, orsecurity fault analysis type information that reveals specific information aboutcryptanalytic attacks on equipment isTOP SECRET NOFORN.h. COMSEC records and reports.

(1) Production records or forms for classified key when these indicate the material by short title, copies per edition,quantity produced, and so forth but not the effective date are UNCLASSIFIED. Com

8/7/2019 aragon reg


pilations of these records or formsare also UNCLASSIFIED.(2) Lists of COMSEC material that are not crypto holdings (inventories) are UNCLASSIFIED.(3) Inventory reports of COMSEC material that list only unclassified material, and all negative inventory reports areUNCLASSIFIED.

(4) Individual accounting reports (for example, transfer, possession, destruction) and individual accounting reportsinvolving DOD contractors are normally UNCLASSIFIED, unless the reports containclassified addresses or classifiedinformation in the remarks block. Reports relating to material controlled by CJCSI 3260.01 will be classifiedCONFIDENTIAL. If the effective material is designated the classification will beSECRET.(5) Administrative or managerial reports containing information relative to total inventory of a specified classifiedCOMSEC equipment held by a department or agency is normally CONFIDENTIAL. Depending on the holdings, it

may be SECRET or unclassified FOUO.(6) COMSEC audit reports and command COMSEC inspection reports that show no discrepancies with the cryptoholdings or that describe poor procedures or conditions that cannot be used to breach facility security are unclassifiedFOUO.(7) Reports that contain information that could be used to mount a physical, cryptographic, TEMPEST, communicationsintelligence (COMINT) or HUMINT attack against a facility or its personnel is classified a minimum ofCONFIDENTIAL.(8) COMSEC incident reports, audit reports, and other accounting reports will beclassified according to content.

Unclassified reports will be marked FOUO.Appendix CRecords Management

AR 38040 30 June 2000


8/7/2019 aragon reg


8/7/2019 aragon reg


ategories.b. File maintenance. Files are maintained until they are no longer needed, at which time they are either transferredto the records management facility or destroyed. The servicing records management facility receives the transferredrecords and applies the appropriate disposition.C3. Electronic records

a. Electronic record-keeping is a continuing challenge in the Department of Defense and the Federal sector. Untilproper electronic record-keeping standards are adopted, official records may continue to be printed out on paper ormicroforms whenever possible. Departmental policy and procedures have not kept pace with the proliferation ofcomputers, electronic mail, networking, and the Internet. Some of the problems and risks presented by electronicrecords are divers data formats, rapid technological obsolescence, and long-termmedia integrity.b. Electronic files are maintained until they are no longer needed, at which tim

e they are either transferred to therecords management facility or destroyed. The servicing records management facility receives the transferred recordsand applies the appropriate disposition.c. The absence of effective guidance and procedures to implement electronic record-keeping places an addedresponsibility on both decisionmakers and action officers to preserve their important electronic records. For thepurpose of record-keeping, important records are defined as those long-term andpermanent records that are ultimatelytransferred from the office of record to a records management facility.C4. Disposition action codes (user level)

The Army records management system contains numerous disposition instructions. To streamline the process, only twoinstructions (K and T) will be applied at the user level. File folders should bemarked with one of these instructions.

a. K: Keep in current files area until no longer needed for conducting businessbut not longer than 6 years and thendestroy. This instruction will normally apply to the majority of records.b. T: Keep until no longer needed for conducting business but not longer than 6years, and then transfer to a recordsmanagement facility. This instruction will apply to the long-term and permanentrecords described in paragraph C1bof this appendix.AR 38040 30 June 2000


8/7/2019 aragon reg



C5. File arrangement

File folders and subfolders may be arranged alphabetically by subject or program

or by any other method thatfacilitates their use. The following example illustrates simplified label preparation.

Figure C1. Simplified label preparation

C6. General file categories

The following list contains the general file categories concerning the policiesand mandated operating tasks, responsibilities,and procedures for COMSEC and SIGSEC operations functions of the Army. They docu

ment actions performedin accordance with the Armys COMSEC and SIGSEC programs. Custodians will only create those files thatare necessary for their account. Empty files will NOT be created simply becausethe file category is shown here.

Table C1File categories, action codes, and descriptions

FILE CATEGORY: SF 701 ACTIVITY SECURITY CHECKLISTACTION: K

DESCRIPTION: Office security, such as documents ensuring security and any coveri

ng the security classification system.

FILE CATEGORY: SIGNAL SECURITY APPROVALSACTION: K

DESCRIPTION: These files accumulate in the requesting and approving offices. Requests for approval to establish, alter, expand, orrelocate a facility, exceptions to provisions of regulations, and approval of protected distribution systems. Included are questionnaires,reports of approval, and related information. Event: issue or receipt of relatedsuperseding approval or after closing of account or facility.

FILE CATEGORY:SIGSEC MANAGEMENT FILESACTION: T

AR 38040 30 June 2000


8/7/2019 aragon reg



Table C1File categories, action codes, and descriptionsContinued

DESCRIPTION:Information that is not of a routine nature or specifically coveredelsewhere in this record series. These files include managementinformation on signal security (SIGSEC) such as long-range planning, programming, and budgeting of resources; developmentof policy and procedures; and operational functions of the organization.

FILE CATEGORY:COMSEC SUPPLY CORRESPONDENCEACTION: K

DESCRIPTION:Information on the routine supply of communication security (COMSEC)material, such as requests for status of shipmentof COMSEC aids, reduction and increase in copy count, cancellation and dispositi

on of COMSEC aids.

FILE CATEGORY: ITEM REGISTERSACTION: K

DESCRIPTION: Cards kept to account for all COMSEC material and to show its receipt, movement, and final disposition. Event: all itemson each card have been disposed of as evidenced by destruction or transfer reports.

FILE CATEGORY:RESTRICTED AREA VISITOR REGISTERSACTION: K

DESCRIPTION: Registers used for recording pertinent information on persons entering the crypto facility. Sheets of a register involved ina security report or an investigation will become an integral part of the reportor investigation. These sheets will have the same dispositionas the report or investigation. These records are protected by the Privacy Act;the system notice number is A038019SAIS.

FILE CATEGORY:SIGNAL SECURITY INVESTIGATION REPORTS (FELONIES)ACTION: T

DESCRIPTION: These records accumulate at CSLA. Reports of investigation of a sufficiently serious nature to be classified as feloniesconcerning the loss or subjection to compromise of COMSEC information, transmission, physical material, and other signal security violations.

FILE CATEGORY: SIGNAL SECURITY INVESTIGATION REPORTS (OTHER)ACTION: K

DESCRIPTION: These records accumulate at CSLA and other offices. Reports of investigation concerning the loss or subjection to compromiseof COMSEC information, transmission, physical material, and other signal security violations.

FILE CATEGORY:ENCRYPTED MESSAGE TEXT

ACTION: K

DESCRIPTION: Cipher copies of incoming and outgoing messages and message tapes.

8/7/2019 aragon reg


Event: a minimum retention of 5 days andbefore a maximum retention of 60 days, except messages involved in an investigation will be kept until the investigation is completed

FILE CATEGORY:ALLOCATIONS (ALLOCATION CARDS)ACTION: K

DESCRIPTION:Information showing allocation of COMSEC material held for distribution. Event: final distribution of all material to whichthe form relates.

FILE CATEGORY: ALLOCATIONS (ADP PRINTOUTS)ACTION: K

DESCRIPTION:Information showing allocation of COMSEC material held for distribution. Event: verification of allocation record.

FILE CATEGORY:HOLDER RECORDSACTION: K

DESCRIPTION: COMSEC material accounts record that serves as a unit record showing all items of COMSEC material held by eachorganization. Event: receipt of superseding signed destruction or transfer report.

FILE CATEGORY:COMSEC MATERIAL DISTRIBUTION REPORTSACTION: K

DESCRIPTION:Information submitted to Army COMSEC Central Office of Record to report allocation, assets, and holder information forspecified items of COMSEC material (equipment and associated material).

FILE CATEGORY:SYSTEM STATUS FILES (INFORMATION ON COMSEC MATERIAL OTHER THAN AIDS)ACTION: K

DESCRIPTION:Information kept by the COMSEC National Inventory Control Point (NICP) on the procurement and issuance of each itemof COMSEC material that includes data such as production status, stocks, demanddata, quantity issued, and effective date of material.Event: obsolescence of the related system.

FILE CATEGORY:SYSTEM STATUS FILES (INFORMATION RELATED TO COMSEC AIDS)ACTION: K

AR 38040 30 June 2000


8/7/2019 aragon reg




DESCRIPTION:Information kept by the COMSEC National Inventory Control Point (NICP) on the procurement and issuance of each itemof COMSEC material that includes data such as production status, stocks, demanddata, quantity issued, and effective date of material.Event: material involved is superseded or removed from the system or after 2 years, whichever is first.

FILE CATEGORY:TRANSACTIONSACTION: K

DESCRIPTION:Automated records, reports and other media produced by wholesale managers, reflecting COMSEC accounting transactions.

This includes receipt, issue, transfer, destruction, or adjustments (plus or minus) of COMSEC material.

FILE CATEGORY: CRYPTONET MANAGEMENT FILESACTION: K

DESCRIPTION:Information relating to the establishment, operation, and overall management of a cryptonet. Included are lists of holdersof keying material, routine and emergency key distribution plans, changes to cryptonet and key, cryptonet evaluation reports, and otherinformation required to manage a cryptonet. Event: superseded, obsolete, or cryptonet is terminated.

FILE CATEGORY:DAILY INVENTORIESACTION: K

DESCRIPTION:Reports of daily inventories verifying the continued protection andcontrol of COMSEC material and made once eachworkday or between shifts. Event: receipt of the certificate of verification forthe last inventory reported to the office of record.

FILE CATEGORY:ACCOUNTING REPORTSACTION: K

DESCRIPTION: This information accumulates in ACCOR offices. Information showingCOMSEC accounting and distribution transactionsand relief from accountability of COMSEC material. Included are reports of transfer, possession, inventory, and destruction; documentvouchers; certificates of verification; custodian appointments; signature cards(DA Form 2012); letters, messages, and other correspondenceon routine COMSEC accounting and distribution; and hand receipts. The material contained in this file is generated primarily at theCOMSEC account and user level. Information in this file is protected by the Privacy Act, systems notice number: A0001DAMI.

FILE CATEGORY:ACCOUNTING REPORTS (CUSTODIAN APPOINTMENTS AND SIGNATURE CARDS)ACTION: K

DESCRIPTION: This information accumulates in other offices. Information showingCOMSEC accounting and distribution transactionsand relief from accountability of COMSEC material. Included are reports of trans

8/7/2019 aragon reg


fer, possession, inventory, and destruction; documentvouchers; certificates of verification; custodian appointments; signature cards(DA Form 2012); letters, messages, and other correspondenceon routine COMSEC accounting and distribution; and hand receipts. The material contained in this file is generated primarily at theCOMSEC account and user level. Information in this file is protected by the Privacy Act, systems notice number: A0001DAMI. Event: supersession

or obsolescence.

FILE CATEGORY:ACCOUNTING REPORTS (OTHER ACCOUNTING REPORT FILES)ACTION: K

DESCRIPTION: This information accumulates in other offices. Information showingCOMSEC accounting and distribution transactionsand relief from accountability of COMSEC material. Included are reports of transfer, possession, inventory, and destruction; documentvouchers; certificates of verification; custodian appointments; signature cards(DA Form 2012); letters, messages, and other correspondenceon routine COMSEC accounting and distribution; and hand receipts. The material c

ontained in this file is generated primarily at theCOMSEC account and user level. Information in this file is protected by the Privacy Act, systems notice number: A0001DAMI. Event: lasttransaction date, or following official clearance of the account resulting froma USACCSLA audit.

FILE CATEGORY: ACCOUNTING REPORTS (INDIVIDUAL HAND RECEIPTS)ACTION: K

DESCRIPTION: This information accumulates in ACCOR offices. Information showingCOMSEC accounting and distribution transactionsand relief from accountability of COMSEC material. Included are reports of transfer, possession, inventory, and destruction; document

vouchers; certificates of verification; custodian appointments; signature cards(DA Form 2012); letters, messages, and other correspondenceon routine COMSEC accounting and distribution; and hand receipts. The material contained in this file is generated primarily at theCOMSEC account and user level. Information in this file is protected by the Privacy Act, systems notice number: A0001DAMI. Event:turn-in of accountable material or upon supersession.

FILE CATEGORY:SIGNAL SECURITY INSPECTIONSACTION: K

DESCRIPTION: These records accumulate in the inspecting and inspected offices. Inspection reports and related correspondence, suchas crypto facility inspection, control of compromising emanations (TEMPEST) tests and inspections, periodic command inspections, andCOMSEC account audits. Event: after issue or receipt of related superseding inspection report or after closing of account or facility.

FILE CATEGORY:SIGNAL SECURITY REPORTSACTION: K

AR 38040 30 June 2000


8/7/2019 aragon reg




DESCRIPTION:Reports (including messages and related correspondence) regarding electronic security, crypto security and transmissionsecurity analysis, violations, and summary reports; reports of physical, cryptographic, and personnel insecurities and compromisenotifications not specifically covered in other parts of the 380 series; and related information. Note: Reports that are the subject of a formalinvestigation will be filed with the investigation reporting files.

Appendix DPhysical Security Standards

D1. General

This appendix provides the general construction standards and special controls unique to fixed COMSEC facilitiesother than GSA approved security containers. Work areas not considered COMSEC facilities that contain COMSECequipment (for example, STUIII, KG84s, data transfer devices, and so forth) must be protected in a manner thataffords protection at least equal to what is normally provided to other high value/sensitive material, and ensures thataccess and accounting integrity is maintained.

D2. Vaults

Vaults used as storage facilities for COMSEC keying material must be constructedin accordance with the followingstandards:

a. Reinforced concrete construction. Walls, floors and ceilings will be a minimum thickness of 8 inches ofreinforced concrete. The concrete mixture will have a comprehensive strength rating of at least 2,500 psi. Reinforcingwill be accomplished with steel reinforcing rods, a minimum of 5/8 inch in diameter, positioned centralized in theconcrete pour and spaced horizontally and vertically 6 inches on center; rods will be tied or welded at the intersections.The reinforcing is to be anchored into the ceiling and floor to a minimum depthof one-half the thickness of theadjoining member.b. Steel-lined construction. Where unique structural circumstances do not permitconstruction of a concrete vault,construction will be of steel alloy-type of 1/4 inch thickness, having characteristics of high yield and tensile strength.The metal plates are to be continuously welded to load-bearing steel members ofa thickness equal to that of the plates.If the load-bearing steel members are being placed in a continuous floor and ceiling of reinforced concrete, they mustbe firmly affixed to a depth of one-half the thickness of the floor and ceiling.If the floor and/or ceiling construction is

less than 6 inches of reinforced concrete, a steel liner is to be constructed the same as the walls to form the floor andceiling of the vault. Seams where the steel plates meet horizontally and vertica

8/7/2019 aragon reg


lly are to be continuously weldedtogether.c. Vault door. All vaults will be equipped with a GSA-approved Class 5 or Class8 vault door. Within the U.S., aClass 6 vault door is acceptable. Normally within the U.S. a vault will have only one door that serves as both entranceand exit from the facility in order to reduce costs.

D3. Secure rooms

All secure rooms used for COMSEC facilities must be constructed of material thatwill deter and detect covertpenetration. Facilities must be constructed so that classified information cannot be overheard through walls, doors,windows, ceilings, air vents, and ducts when secure areas border on unsecure areas. The following requirements are notapplicable to continuously attended bulk encryption facilities. Alternate construction standards may be approved whensupplemental security systems (for example, intrusion alarms, armed guards, video cameras, and so forth) are used.

Requests for approval of alternate construction standards will be forwarded through command channels to HQDA(DAMICHS), with a copy furnished to USACSLA (SELCLKPAU).

a. Walls, floors, and ceilings. Outer walls, floors, and ceilings of the building must be permanently constructed andattached to each other. All construction must be done in such a manner as to provide visual evidence of unauthorizedpenetration. All openings will provide sufficient sound attenuation to precludeinadvertent disclosure of conversations.Appendix E to DCID 1/21 will be referred to as the national standard for acoustical control and sound maskingtechniques.

b. Main entrance door. Only one door should be used for regular entrance to thefacility. The door must be strongenough to resist forceful entry. In order of preference, examples of acceptabledoors are GSA-approved vault doors;standard 13/4 inch, internally reinforced, hollow metal industrial doors; and metal-clad or solid hardwood doors at least13/4-inch thick. The door frame must be securely attached to the facility and fitted with a heavy-duty/high-securitystrike plate and hinges installed with screws long enough to resist removal by prying. The door must be installed toAR 38040 30 June 2000


8/7/2019 aragon reg


8/7/2019 aragon reg


The following risk values (table E1) will be used in determining which accounts to audit or inspect in a given period.The higher the composite number assigned to an account, the more likely that account is to be inspected or audited.

Table E1Risk management value

Description ValueTYPE OF ACCOUNTAKMS 0Non-AKMS, ACCLAIMS 5Non AKMS, Non-ACCLAIMS 10LOCATIONCONUS 0Germany 10Korea 15South West Asia 15South America 10SIZE OF ACCOUNT (Line items)

10 or Fewer 01150 5

AR 38040 30 June 2000


8/7/2019 aragon reg



Table E1Risk management valueContinued

51100 10

101 or more 15

TIME SINCE LAST AUDIT

Less than 2 years 0

24 years 5

More than 4 years 15

TIME SINCE LAST COMMAND INSPECTION

Less than 2 years 0

24 years 5

More than 4 years 10

None on File 15

RESULTS OF LAST COMMAND INSPECTION/CSLA AUDIT

Satisfactory 0

Unsatisfactory 15

NUMBER OF COMSEC INCIDENTS WITH A FINDING OF COMPROMISE OR COMPROMISE CANNOT BERULED OUT

None 0

One 5

Two or more 15

CHANGE OF CUSTODIAN SINCE LAST AUDIT

None 0

One 5

Two 10

Three or more 15

Appendix FCryptographic Access Briefing

F1. Indoctrination briefing

The following briefing must be used verbatim to indoctrinate individuals for cry

8/7/2019 aragon reg


ptographic access.

a. You have been selected to perform duties that will require access to classified cryptographic information. It isessential that you be made aware of certain facts relevant to the protection ofthis information before access is granted.You must know the reason why special safeguards are required to protect classifi

ed cryptographic information. Youmust understand the directives that require these safeguards and the penalties you will incur for the unauthorizeddisclosure, unauthorized retention, or negligent handling of classified cryptographic information. Failure to properlysafeguard this information could cause serious or exceptionally grave damage orirreparable injury to the nationalsecurity of the United States or could be used to advantage by a foreign nation. b. Classified cryptographic information is especially sensitive because it is used to protect other classified information.Any particular piece of cryptographic key and any specific cryptographic techniq

ue may be used to protect a largequantity of classified information during transmission. If the integrity of a cryptographic system is breached at anypoint, all information protected by the system may be compromised. The safeguards placed on classified cryptographicinformation are a necessary component of U.S. Government programs to ensure thatour Nations vital secrets are notcompromised.c. Because access to classified cryptographic information is granted on a strictneed-to-know basis, you will begiven access to only that cryptographic information necessary in the performanceof your duties. You are required tobecome familiar with AR 38040 as well as those publications referenced therein.

d. Especially important to the protection of classified cryptographic information is the timely reporting of anyknown or suspected compromise of this information. If a cryptographic system iscompromised, but the compromise isAR 38040 30 June 2000


8/7/2019 aragon reg



not reported, the continued use of the system can result in the loss of all information protected by it. If the compromiseis reported, steps can be taken to lessen an adversarys advantage gained through

the compromise of the information.

e. As a condition of access to classified cryptographic information, you must acknowledge that you may be subjectto a counterintelligence scope polygraph examination. This examination will be administered in accordance with DOD5210.48R and applicable law. The relevant questions in this polygraph examinationwill only encompass questionsconcerning espionage and sabotage or questions relating to unauthorized disclosure of classified information orunreported foreign contacts. If you do not, at this time, wish to sign such an acknowledgment as a part of executing a

cryptographic access certification and termination memorandum, this briefing will be terminated at this point, and thebriefing administrator will so annotate the memorandum. Such refusal will not because for adverse action but willresult in your being denied access to classified cryptographic information.f. You should know that intelligence services of some foreign governments prizethe acquisition of classifiedcryptographic information. You must understand that any personal or financial relationship with a foreign governmentsrepresentative could make you vulnerable to attempts at coercion to divulge classified cryptographic information. Youshould be alert to recognize those attempts so that you may successfully counterthem. The best personal policy is to

avoid discussions that reveal your knowledge of or access to, classified cryptographic information and thus avoidhighlighting yourself to those who would seek the information you possess. Any attempt, either through friendship orcoercion, to solicit your knowledge regarding classified cryptographic information must be reported immediately to(insert the name and phone number of the supporting counterintelligence unit).g. In view of the risks noted above, if unofficial foreign travel becomes necessary, it is essential that you notify(insert appropriate security office) and receive the appropriate travel briefing.h. Finally, you must know that should you willfully or negligently disclose to any unauthorized persons any of theclassified cryptographic information to which you will have access, you may be subject to administrative and civilsanctions, including adverse personnel actions, as well as criminal sanctions under the Uniform Code of MilitaryJustice (UCMJ) and/or the criminal laws of the United States, as appropriate.F2. Crytographic access certification and termination memorandum

Section I of this memorandum must be executed before an individual may be granted access to U.S. classifiedcryptographic information. Section II will be executed when the individual no longer requires such access. Untilcryptographic access is terminated and Section II is completed, the cryptographi

c access granting official will maintainthe certificate in a legal file system that will permit expeditious retrieval. Further retention of the certificate will be as

8/7/2019 aragon reg


specified in appendix C.

AR 38040 30 June 2000


8/7/2019 aragon reg



Figure F1. Authroizaiton for access to classified cryptographic information

AR 38040 30 June 2000


8/7/2019 aragon reg



Figure F2. Simplified label preparation

Figure F3. Simplified label preparation

AR 38040 30 June 2000


8/7/2019 aragon reg



Appendix GManagement Control Evaluation Checklist

G1. Function

The function covered by this checklist is safeguarding and controlling communications security (COMSEC) material.

G2. Purpose

The purpose of this checklist is to assist commanders of units with COMSEC accounts in evaluating their keymanagement controls. It is not intended to cover all controls.

G3. Instructions

Answers must be based on the actual testing of key management controls such as document analysis, direct observation,interviewing, sampling, and simulation. Answers that indicate deficiencies mustbe explained and corrective actionindicated in supporting documentation. These management controls must be evaluated at least once every 5 years.Certification that this evaluation has been conducted must be accomplished on DAForm 112R (Management ControlEvaluation Certification Statement). A copy of DA Form 112R is located at the backof this regulation.

G4. Test questions

a. Are key management controls identified in the governing Army Regulation? (HQDA functional proponent only)b. Is a custodian appointed for each unit having a COMSEC account as required byAR 38040?c. Is the COMSEC custodian a graduate of the Standardized COMSEC Custodian Course?d. Are required publications, as shown in appendix A, AR 38040, available to COMSEC personnel? They do NOThave to be maintained in the COMSEC Account.e. Is COMSEC material being accounted for in compliance with procedures in AR 38040 and TB 38041?f. Is two-person integrity (TPI) utilized for TOP SECRET key operations in accordance with AR 38040?g. Are exceptions to TPI approved by the MACOM commander?h. Do the COMSEC custodians other duties permit sufficient time to adequately discharge COMSEC custodialduties?i. Is the Controlling Authority performing those functions required by AR 38040 and TB 38041?j. Is the COMSEC custodian complying with Army COMSEC incident reporting procedures?k. Does the unit have COMSEC basic emergency plans that address procedures to beused during natural disastersand hostile actions?

l. Are emergency plans rehearsed and the rehearsals documented, as required by AR 38040?m. Are unit COMSEC emergency plans compatible with higher Command, Installation,

8/7/2019 aragon reg


or activity plans?n. Is there a COMSEC facility approval (CFA) on file in the parent account for each sub-account as required by AR38040?o. Have discrepancies noted in the most recent COMSEC audit/inspection or Command COMSEC Inspection beencorrected.

p. Are records created and managed in accordance with appendix C.G5. Supersession

This checklist replaces the Internal Control Review Checklist (AR 38040) previously published in AR 38040, 1September 1994.

G6. Comments

Help make this a better tool for evaluating management controls. Submit commentsto Deputy Chief of Staff forIntelligence, ATTN: DAMICHS, 1000 Army Pentagon, Washington, DC 203101000.

AR 38040 30 June 2000


8/7/2019 aragon reg


8/7/2019 aragon reg


CEOI

Communications-electronics operating instruction

CFA

COMSEC facility approval

CFAR

COMSEC facility approval request

CI

counterintelligence

CIK

cryptographic ignition key

CJCSI

Chairman, Joint Chiefs of Staff instruction

AR 38040 30 June 2000


8/7/2019 aragon reg



CLSF

COMSEC Logistics Support Facility

CMCS

COMSEC Material Control System

CMO

COMSEC Management Offices

COMINT

communications intelligence

CONAUTH

control authority

CONUS

continental United States

CRYPTO

cryptographic

CSA

COMSEC Servicing Account

CSLA

CECOM COMSEC Logistics Activity

CSP

counterintelligence screening polygraph

CSS

Constant Surveillance Service

DA

Department of the Army

DA Pam

Department of the Army pamphlet

DACAP

Department of the Army Cryptographic Access Program

8/7/2019 aragon reg


DCS

Defense Courier Service

DCSINT

Deputy Chief of Staff for Intelligence

DES

digital encryption standard

DIRNSA

Director, National Security Agency

DOD

Department of Defense

DODD

Department of Defense directive

AR 38040 30 June 2000


8/7/2019 aragon reg


8/7/2019 aragon reg


cryptographic operational general publication

KAM

cryptographic operational maintenance manual

KAO

cryptographic operational operating manual

KDC

key distribution center

KEK

key encryption key

KGC

key generation center

AR 38040 30 June 2000


8/7/2019 aragon reg



KOK

cryptographic multipurpose keying permuting equipment

LAA

local area authorization

LCMS

Local COMSEC Management Software

LOGSA

USAMC Logistics Support Activity

LPI

low probability-of-intercept

MACOM

major Army command

MCN

management control number

MILSTD

military standard

MSC

major subordinate command

NACSI

national COMSEC instructions

NAG

non-cryptographic operational general publication

NICP

National Inventory Control Point

NSA

National Security Agency

NSTISSI

National Security Telecommunications and Information Systems Security instructions

8/7/2019 aragon reg


NTISSP

national telecommunications and information systems security policy

OCONUS

outside continental United States

ODCSINT

Office of the Deputy Chief of Staff for Intelligence

OSD

Office of the Secretary of Defense

OTAR

over-the-air-rekeying

PBO

property book officer

AR 38040 30 June 2000


8/7/2019 aragon reg



PDS

protected distribution systems

POC

point of contact

PSS

protective security services

RCS

requirement control symbol

RESDAT

restricted data

ROTC

Reserve Officers Training Corps

SAIR

semiannual inventory report

SCCC

Standardized COMSEC Custodian Course

SDNS

Secure Data Network System

SOI

signal operating instructions

TB

technical bulletin

TPI

two-person integrity

TRADOC

U.S. Army Training and Doctrine CommandTSCM

technical surveillance countermeasures

UCMJ

8/7/2019 aragon reg


Uniform Code of Military Justice

USACSLA

U.S. Army Communications-Electronics Command, Communications Security LogisticsActivity

USAMC

U.S. Army Materiel CommandUSAR

U.S. Army ReserveSection IITerms

Administrative incident

Administrative incidents are infractions of established COMSEC policies and proc

edures that are not as serious asthose cited as reportable COMSEC incidents in this regulation, but are considered actions that jeopardize the integrity

AR 38040 30 June 2000


8/7/2019 aragon reg



of COMSEC material. Administrative incidents are insecure practices dangerous tosecurity, and violations of proceduresthat require corrective action to ensure the violation does not recur.

Compatible key

Keying material, of a specific short title, that can be obtained in both physical form (to be used in the traditionalsystem) and electronic form (to be used with the AKMS) to enable the hard-copy key holders to communicate with theelectronic key holders.

COMSEC account

Administrative entity, identified by an account number, used to maintain account

ability, custody and control ofCOMSEC material. Army COMSEC accounts are established when the ACCOR, after receiving notification ofCOMSEC facility approval from CSLA, issues a COMSEC account number.

COMSEC compromise

Occurs when the COMSEC material is irretrievably lost or when available information clearly proves that the materialwas made available to an unauthorized person.

COMSEC equipment

Equipment designated to provide security to telecommunications by converting information to a form unintelligible toan unauthorized interceptor and, subsequently, by reconverting such informationto its original form for authorizedrecipients; also, equipment designed specifically to aid in or be an essential element of, the conversion process. Note:COMSEC equipment includes crypto equipment, crypto-ancillary equipment, crypto production equipment, and authenticationequipment. Much of todays COMSEC equipment is designated CCI.

COMSEC facility

A COMSEC facility is a space employed primarily for the purpose of generating, storing, repairing, or using COMSECmaterial.

COMSEC incident

Occurrence that potentially jeopardizes the security of COMSEC material or the secure electrical transmission ofnational security information.

COMSEC insecurity

COMSEC incident that has been investigated, evaluated, and determined to jeopard

ize the security of COMSECmaterial or the secure transmission of information.

8/7/2019 aragon reg


COMSEC material

Item designated to secure or authenticate telecommunications. Note: COMSEC material includes, but is not limited to,key, equipment, devices, documents, firmware or software that embodies or describes cryptographic logic and otheritems that perform COMSEC functions.

COMSEC sub-account

A COMSEC account that is subordinate to and established by the commander of, a parent account. A COMSEC sub-account receives its account number from the custodian of the primary account, rather than from the ACCOR. Sub-accounts report to their primary account. They DO NOT report to the ACCOR.

Cryptosystem

Associated COMSEC items interacting to provide a single means of encryption or d

ecryption.

Electronically generated key

Key produced only in non-physical form. Note: Electronically generated key stored magnetically (for example, on afloppy disc) is not considered hard copy key.

Embedded cryptography

Cryptography that is engineered into an equipment or system the basic function of which is not cryptographic.

Key

Information (USUALLY a sequence of random or pseudo random binary digits) used initially to set up and periodicallychange the operations performed in a crypto equipment for the purpose of encrypting or decrypting electronic signals,

AR 38040 30 June 2000


8/7/2019 aragon reg



for determining electronic counter-countermeasures patterns (for example, frequency hopping or spread spectrum) orfor producing other key.

Need-to-know

Access to or knowledge or possession of, specific information required to carryout official duties.

Open storage

Storage of classified information within an approved COMSEC facility (for example, a secure room) but not locked ina GSA approved security container, during periods of time when the facility is unoccupied by authorized personnel.

Physical key

Also known as hard-copy key. Keying material such as printed key lists; punchedor printed key tapes; or programmable,read only memories. Note: Electronically generated key stored magnetically (forexample, on a floppy disc) isnot considered physical key.

Premature exposure of key

The removal of key from its protective packaging prior to the effective date ofthe key. Note: Key that has been

removed from its protective packaging in order to be loaded into a data transferdevice (DTD) is NOT considered to beprematurely exposed.

Primary account

Also known as a Parent account. A COMSEC account is a primary account if it received its approval from CSLA andits account number was issued by the ACCOR. Primary accounts report directly tothe ACCOR.

Protected Distribution System (PDS)

W i r e - l i n e o r f i b e r o p t i c t e l e c o m m u n i c a t i o n s sy s t e m t h a t i n c l u d e s t e r m i n a l s a n d a d e q u a t e a c ou s t i c , e l e c t r i c a l ,electromagnetic, and physical safeguards to permit its USE for the unencrypted transmission of classified information.

Sensitive compartmented information facility (SCIF)

An area, room, group of rooms, or installation that has been accredited by authority of the references for storage,discussion and/or processing of sensitive compartmented information.

Superseded key

A key that has been replaced with a different edition or segment. The scheduled

8/7/2019 aragon reg


supersession of key is based on itscrypto period. The unscheduled supersession of key is directed by the CONAUTH. So-called used key (for example,key tape segments that have been loaded into a data transfer device) is NOT superseded simply because it has beenloaded into an electronic fill device. It remains current operational (or in some cases, future) until it reaches the end of

its crypto period.

User representative

Person authorized by an organization to order COMSEC keying material and to interface with the keying system toprovide information to key USERS, ensuring that the correct type of key is ordered.

Zeroize

To remove or eliminate the key from a crypto-equipment or fill device.

Section IIISpecial Abbreviations and Terms

This publication uses the following terms not contained in AR 31050. These include use for safeguarding andcontrolling COMSEC material.

Cryptographic key

Cryptographic key is referred to as key. The CRYPTO designation will be assumedunless otherwise stated.

Cryptographic equipment

Cryptographic equipment is referred to as COMSEC equipment. This includes CCI.

Classified cryptographic information

Classified cryptographic information, as used in the DA Cryptographic Access program, is specified as1. Key andauthenticators that are classified TOP SECRET and are designated CRYPTO. 2. Cryptographic media that embody,describe, or implement a classified cryptographic logic to include, but not be limited to, full maintenance manuals,

AR 38040 30 June 2000


8/7/2019 aragon reg



cryptographic descriptions, drawings of cryptographic logic, specifications describing a cryptographic logic, andcryptographic computer software.

Access

Access means the capability and opportunity to obtain detailed knowledge throughuncontrolled physical possession.External viewing of or being in the controlled proximity to classified cryptographic information does not constituteaccess.

Counterintelligence scope polygraph (CSP)

Counterintelligence scope polygraph (CSP) is a non-lifestyle polygraph examinati

on. Its purpose is to deter and detectespionage and sabotage. It is limited to counterintelligence (CI) areas of interest and includes questions pertaining to

1. Involvement in espionage against the United States. 2. Involvement in sabotage against the United States. 3.Unauthorized foreign contacts. 4. Unauthorized disclosure of classified information.AR 38040 30 June 2000


8/7/2019 aragon reg



PIN 004087000

8/7/2019 aragon reg


USAPD

ELECTRONIC PUBLISHING SYSTEMOneCol FORMATTER WIN32 Version 212

PIN: 004087000DATE: 02-22-05TIME: 10:02:28PAGES SET: 55

DATA FILE: C:\wincomp\r380-40.filDOCUMENT: AR 38040SECURITY: FOR OFFICIAL USE ONLY

DOC STATUS: REVISION

8/7/2019 aragon reg


Date post:	08-Apr-2018
Category:	Documents
Upload:	rivasgabe
View:	235 times
Download:	0 times