*USAREUR Regulation 380-40

Security

Safeguarding and Controlling Communications Security Material

2 May 1996

*This regulation supersedes USAREUR Regulation 380-40, 24 November 1992.

This version includes change 1, 29 May 1996 and change 2, 27 Feb 1997.

For the Commander in Chief:

DAVID L. BENTON III
Major General, GS
Chief of Staff

Official:

Seal

ROBERT L. NABORS
Brigadier General, GS
Deputy Chief of Staff,
Information Management

Summary. This regulation establishes policy and prescribes procedures for safeguarding, controlling, and disposing of communications security material in USAREUR.

Applicability. This regulation applies to organizations supported by USAREUR that handle COMSEC material.

Supplementation. Commanders will not supplement this regulation without Commander in Chief, USAREUR (AEAGB-CI-S), approval.

Forms. This change prescribes three new forms: AE Form 380-40A-R (Accountability Register for DD Form 2501 (Courier Authorization)), AE Form 380-40B-R (COMSEC Custodian STU-III-Key Accountability Record), and AE Form 380-40C-R (Key Management Worksheet). These forms may be reproduced locally on 81/2- by 11-inch paper through the servicing forms management office.

Suggested Improvements. The proponent of this regulation is the Office of the Deputy Chief of Staff, Intelligence, HQ USAREUR/7A (AEAGB-CI-S, 370-8179/6564). Users may send suggestions to improve this regulation on DA Form 2028 (Recommended Changes to Publications and Blank Forms) to the Commander in Chief, USAREUR, ATTN: AEAGB-CI-S, Unit 29351, APO AE 09014.

Distribution. Distribute according to DA Form 12-88-E, block 0800, command level A.

CONTENTS

1. Purpose
2. References
3. Terms and Abbreviations
4. Responsibilities
5. Resolving Conflicts
6. Controlling Top Secret Crytokey
7. Transporting COMSEC Key
8. Emergency Plan Coordination and Approval
9. Command COMSEC Inspections
10. COMSEC-Incident Reporting
11. STU-III Installation in Private Residences
12. Foreign Access
13. Cryptographic Access Program
14. AE 380-40 Series

Appendixes
A. References
B. Security Telephone Unit, Third Generation, Program Guidance

Glossary

1. PURPOSE
This regulation establishes policy and assigns responsibilities for safeguarding and controlling communications security (COMSEC) material in USAREUR. This regulation will be used with AR 380-19, AR 380-40, DA Pamphlet 25-16, DA Pamphlet 25-380-2, and Technical Bulletin (TB) 380-41.

2. REFERENCES
Appendix A lists references.

3. TERMS AND ABBREVIATIONS
AR 380-19, AR 380-40, and publications listed in appendix A explain terms used in this regulation. The glossary defines abbreviations used in this regulation.

4. RESPONSIBILITIES

a. The Deputy Chief of Staff, Intelligence (DCSINT), USAREUR, is the proponent of this regulation and will--


(1) Prescribe policy and approve procedures for--


(a) Safeguarding and controlling COMSEC material in USAREUR.

(b) Conducting command COMSEC-facility inspections.


(2) Be the USAREUR proponent for INTEL 34 (Standardized COMSEC Custodian Course) and the final authority for--


(a) Validating annual training needs (USAREUR Reg 351-2).

(b) Approving requests to attend the INTEL 34 course if established quotas are filled.

(c) Approving requests to waive course prerequisites.


(3) Approve requests to appoint custodians and alternates who do not meet the rank or grade requirement.

(4) Approve requests to install secure telephone units, third generation (STU-IIIs), in private residences in coordination with the Deputy Chief of Staff, Operations (DCSOPS), USAREUR, and the Deputy Chief of Staff, Information Management (DCSIM), USAREUR.

(5) Manage the USAREUR Department of the Army Cryptographic Access Program (DACAP) by--


(a) Maintaining the DACAP database.

(b) Randomly selecting lists of personnel to receive the counterintelligence scope polygraph examination and providing these lists to supporting U.S. Army Intelligence and Security Command (INSCOM) polygraph detachments.

(c) Monitoring the DACAP program and ensuring unit DACAP points of contact (POCs) provide monthly reports of eligible personnel (RCS: AEAGB-380-40) (Department of the Army Cryptographic Access Program).


(6) Prepare and issue COMSEC-incident trends.

(7) Appoint a command COMSEC inspector.

(8) Conduct command COMSEC inspections of USAREUR commands.

(9) Approve the transportation of COMSEC keying material by U.S.-flag carrier or foreign commercial aircraft.

(10) Approve requests for exceptions to two-person integrity (TPI) in specific cases when compelling operational requirements warrant approval.

(11) Approve requests for exceptions to DA policy on controlled cryptographic items (CCIs).


b. The DCSOPS will--


(1) Validate requests to install STU-IIIs in private residences (this reg, app B), in coordination with the DCSINT and the DCSIM.

(2) Set priorities for distributing COMSEC equipment and CCIs.


c. The Deputy Chief of Staff, Logistics (DCSLOG), USAREUR, will--


(1) Perform Commander in Chief, USAREUR, responsibilities under the Controlled Cryptographic Items Serialization Program (CCISP) (AR 710-3).

(2) Act as the lead organization for resolving COMSEC incidents involving CCIs at USAREUR depots and other logistics facilities.

(3) Ensure property book officers and other logistics personnel who handle CCIs are aware of security controls and serial-number accounting requirements (AR 710-2).


d. The DCSIM will--


(1) Develop and publish COMSEC procedures for enforcing information systems security policy.

(2) Help develop USAREUR COMSEC policy.

(3) Develop and publish procedures for command inspections of USAREUR COMSEC facilities.

(4) Review COMSEC-incident reports (this reg, para 10) for effects on operations and provide guidance on recovery actions. Revise or develop procedures to improve security and prevent incidents.

(5) Coordinate with the DCSINT before issuing guidance from DOD, HQDA, and national organizations responsible for COMSEC.

(6) Distribute HQDA instructions on the disposal of CCIs, in coordination with the DCSLOG.

(7) Be the proponent for fielding tactical cryptographic systems and ensure that users order and receive cryptographic key required to establish secure communications.

(8) Be the designated USAREUR command authority POC for crytopignition keys (CIKs).

(9) Be the designated national distribution authority (NDA) for U.S. users of NATO COMSEC material.

(10) Be the validation authority for new manual cryptosystems.

(11) Validate requests to install STU-IIIs in private residences (this reg, app B), in coordination with the DCSINT and the DCSOPS.

(12) Provide USAREUR technical assistance in developing key-management guidance for user-operated equipment.

(13) Provide technical assistance to USAREUR on over-the-air-rekeying (OTAR) operations and techniques.

(14) Publish the Theater Communications Security Logistics Support Center, Europe (TCLSC-E), external standing operating procedure (SOP) and the Theater Communications Security Management Office-Europe (TCMO-E) external SOP and update them at least once a year. These SOPs prescribe procedures for providing COMSEC maintenance and other customer-service.

(15) Advise USAREUR controlling authorities on COMSEC supply-support procedures.

(16) Develop COMSEC logistics and maintenance-support plans to support mobilizations, contingencies, and emergency operations conducted within the USEUCOM and USAREUR areas of operations.

(17) Represent USAREUR at COMSEC logistics, maintenance, management, or supply support conferences, meetings, seminars, and working groups, as directed.


e. The Commander, 11th Signal Detachment, TCLSC-E, will--


(1) Provide specialized repair service for the theater, off-site general support (GS) maintenance, and limited (regional) direct support (DS) maintenance support for B56 source-of-supply items in USAREUR.

(2) Manage the U.S. Army TCMO-E as the theater COMSEC logistics support facility for storage and distribution of cryptographic key and classified COMSEC material control system (CMCS) hardware.

(3) Provide Theater GS/DS COMSEC Logistics (Supply) support to USAREUR, other military departments, U.S. Government agencies, NATO, and other allies. This requires providing--


(a) Centralized management and stock-control of operational, reserve, and contingency crypto-systems and CMCS-controlled hardware.

(b) COMSEC-supply support for cryptonets required for USAREUR operations.

(c) NDA logistics management and supply-support for NATO cryptographic systems required by U.S. Forces in support of NATO. Coordinate and perform national transfers among USAREUR, Allied Command Europe (ACE) COMSEC, and other allied NDAs.

(d) A centralized source of locally generated key for over-the-air-key distribution (OTAD) based on procedures in noncryptographic operational general publication (NAG-16C) operations.

(e) Management and distribution procedures to support routine and contingency operations.

(f) A centralized storage and distribution point for positive-controlled material in support of USEUCOM and USAREUR.


f. Commanders supported by a U.S. Army COMSEC account will exercise responsibilities in AR 380-40, paragraph 1-4h, and--


(1) Maintain a current record of personnel who require access to Top Secret cryptographic key and--


(a) Report this information through the DACAP POC to the Commander in Chief, USAREUR, ATTN: AEAGB-CI-S, Unit 29351, APO AE 09014 (RCS: AEAGB-380-40) (Department of the Army Cryptographic Access Program).

(b) Send an updated report once a month to the Commander in Chief, USAREUR, ATTN: AEAGB-CI-S, Unit 29351, APO AE 09014 (RCS: AEAGB-380-40) (Department of the Army Cryptographic Access Program).


(2) Ensure that unused quotas for the INTEL 34 course are returned through channels.

(3) Send operational-necessity requests to send COMSEC material by courier aboard a commercial carrier to CINCUSAREUR HEIDELBERG GE//AEAGB-CI-S// or to the Commander in Chief, USAREUR, ATTN: AEAGB-CI-S, Unit 29351, APO AE 09014, for approval.


g. The Commander, 21st TAACOM, will track USAREUR CCI property (AR 710-3, chap 4).

5. RESOLVING CONFLICTS

a. Commanders should refer to DA and USAREUR policy for guidance on specific COMSEC issues or practices.

b. In cases of conflict between this regulation and other regulations, the procedures that provide a higher degree of security or control will be used until the conflict is resolved.

c. Commanders will send requests to resolve conflicts through command channels to the Commander in Chief, USAREUR, ATTN: AEAGB-CI-S, Unit 29351, APO AE 09014.

6. CONTROLLING TOP SECRET CRYPTOKEY
Top Secret cryptokey will be controlled and protected according to AR 380-40, with the following exceptions:

a. Top Secret cryptokey, when not stored according to AR 380-5, AR 380-40, and this regulation, will be handled according to TPI rules (in the possession of two persons cleared for access to the material). Key locks may be used in operational areas to store operational cryptokey, provided that the facility is a "no-lone" zone. If this method of storage is used, a "RED" and "BLUE" team concept will be developed (USAREUR Pam 380-40).

b. SF 702 (Security Container Check Sheet) will be used on each container. If the container is used to store TPI material, the words "RED" and BLUE" will be printed at the top of the form to show which side of the form each team initials for its particular control function.

c. Conduct an inventory before locking a container or before going off shift in a 24-hour operation. The inventory will include checking expiration dates of key and recording the results on an adjusted DA Form 2653-R (COMSEC Account-Daily Shift Inventory). Two signatures are required (this applies to all accounts except Communications Security Material Direct Support Activities (TB 380-41)). If applicable, positive-control material will be inventoried according to Chairman of the Joint Chiefs of Staff Instruction (CJCSI) 3260.01.

d. Personnel with access to Top Secret cryptokey will be enrolled in the DACAP.

7. TRANSPORTING COMSEC KEY

a. Emergency requests for exceptions to use commercial aircraft to transport COMSEC key will be sent to the Commander in Chief, USAREUR, ATTN: AEAGB-CI-S, Unit 29351, APO AE 09014, by the quickest means available. The following information will be provided with the request:


(1) COMSEC-key short title, quantity, accounting legend codes, controlling authority (CONAUTH), and crypto equipment to be keyed. The request will be classified no lower than Secret.

(2) Confirmation of CONAUTH notification.

(3) A statement that all other options to meet keying requirements were examined and determined unsuitable (OTAR, local COMSEC accounts, local key generator-83 (KG-83)).

(4) Confirmation that two couriers with Top Secret access will accompany Top Secret key.

(5) Confirmation of compliance with the requirements of b below.


b. Commanders will designate unit personnel as official couriers for classified COMSEC material as follows:


(1) Commanders will use DD Form 2501 (Courier Authorization Card) to appoint official unit couriers to transport classified COMSEC material outside U.S. military garrisons and field operating sites within the same country according to AR 380-5, chapter 8, and S2.


c. One-drawer and two-drawer containers approved by the General Services Administration (GSA) may be used to store classified COMSEC key in the field and in transporting vehicles if under continuous surveillance. These containers must be securely fastened to the structure (AR 380-5) in fixed facilities (other than an approved class-A vault or vault-type room guarded or protected by alarms during nonoperating hours).

d. Open storage of COMSEC key is prohibited.

e. Security containers that have been altered will not be used to store classified COMSEC information and classified collateral material (AR 380-5). Security containers altered for TPI may be used to store classified COMSEC. Additional security containers will not be altered.

8. EMERGENCY PLAN COORDINATION AND APPROVAL

a. The COMSEC custodian will prepare the emergency plan according to AR 190-13, TB 380-41, USAREUR Regulation 190-13, and this regulation. The custodian will incorporate the emergency plan in the installation physical security plan. Commanders will approve plans after coordination with appropriate staff agencies. The custodian will list organizations that must be notified during an emergency.

b. An official that is at least a field grade officer or GS-12 will decide if armed guards are needed during an emergency. Guards must be trained (AR 190-14).

9. COMMAND COMSEC INSPECTIONS
Each COMSEC account and subaccount will receive a command COMSEC inspection (AR 380-40). A command COMSEC inspector will be appointed at appropriate echelons to conduct these inspections. The inspector will send a report for each inspection to the Commander in Chief, USAREUR, ATTN: AEAGB-CI-S, Unit 29351, APO AE 09014.

10. COMSEC-INCIDENT REPORTING

a. COMSEC-incident reports will be made by electronic message and sent to the 66TH MI GP AUGSBURG GE//IAPG-SAS// as an information addressee.

b. Message addressees for USAREUR COMSEC incidents reports (AR 380-40, para 7-3a) are as follows:


(1) Physical Incidents.


(a) Key at the user level:

ACTION ADDRESSEES:
CONAUTH
DIR USACCSLA FT HUACHUCA AZ//SELCL-KP-IN//
INFO:
HIGHER HQ AS DIRECTED BY UNIT SOP
DIRNSA FT MEADE MD//V51A//
DIR USACCSLA FT HUACHUCA AZ//SELCL-KP-OR/SELCL-KP-KEY//
(USAREUR COMMAND)
CINCUSAREUR HEIDELBERG GE//AEAGB-CI-S/AEAIM-CO-SI//
CDR 66TH MI GP AUGSBURG GE//IAPGE-OPU//
NCEUR VAIHINGEN GE//F29//
USATCMOEUR 11TH SIG DET WORMS GE//ASQE-CLC-CMO/5BE001//
CUSALAOEUR SECKENHEIM GE//AMXLA-E-CCM//

(b) Key in distribution channels:

ACTION ADDRESSEES:
DIRNSA FT MEADE MD//V51A//
DIR USACCSLA FT HUACHUCA AZ//SELCL-KP-IN//
INFO:
HIGHER HQ AS DIRECTED BY UNIT SOP
CONAUTH
DIR USACCSLA FT HUACHUCA AZ//SELCL-KP- OR/SELCL-KP-KEY
(USAREUR COMMAND)
CINCUSAREUR HEIDELBERG GE//AEAGB-CI-S/AEAIM-CO-SI//
CDR 66TH MI GP AUGSBURG GE//IAPG-SAS//
NCEUR VAIHINGEN GE//F29//
USATCMOEUR 11TH SIG DET WORMS GE//ASQE-CLC-CMO/5BE001//
CUSALAOEUR SECKENHEIM GE//AMXLA-E-CCM//

(c) Key incidents at the CONAUTH level:

ACTION ADDRESSEE:
DIR USACCSLA FT HUACHUCA AZ//SELCL-KP-IN//
INFO:
HIGHER HQ AS DIRECTED BY UNIT SOP
DIRNSA FT MEADE MD//V51A//
DIR USACCSLA FT HUACHUCA AZ//SELCL-KP-OR/SELCL-KP-KEY//
(USAREUR COMMAND)
CINCUSAREUR HEIDELBERG GE//AEAGB-CI-S/AEAIM-CO-SI//
CDR 66TH MI GP AUGSBURG GE//IAPG-SAS//
NCEUR VAIHINGEN GE//F29//
USATCMOEUR 11TH SIG DET WORMS GE//ASQE-CLC-CMO/5BE001//
CUSALAOEUR SECKENHEIM GE//AMXLA-E-CCM//

(d) Equipment and documents:

ACTION ADDRESSEES:
DIRNSA FT MEADE MD//V51A//
DIR USACCSLA FT HUACHUCA AZ//SELCL-KP-IN//
INFO:
HIGHER HQ AS DIRECTED BY UNIT SOP
CONAUTH
DIR USACCSLA FT HUACHUCA AZ//SELCL-KP- OR/SELCL-KP-KEY//
(USAREUR COMMAND)
CINCUSAREUR HEIDELBERG GE//AEAGB-CI-S/AEAIM-CO-SI/AEAGD-SM-S//
CDR 66TH MI GP AUGSBURG GE//IAPG-SAS//
NCEUR VAIHINGEN GE//F29//
USATCMOEUR 11TH SIG DET WORMS GE//ASQE-CLC-CMO/5BE001//
CUSALAOEUR SECKENHEIM GE//AMXLA-E-CCM//

(2) Cryptographic Incidents.

ACTION ADDRESSEES:
DIRNSA FT MEADE MD//V51A//
DIR USACCSLA FT HUACHUCA AZ//SELCL-KP-IN//
INFO:
HIGHER HQ AS DIRECTED BY UNIT SOP
CINCUSAREUR HEIDELBERG GE//AEAGB-CI-S/AEAIM-CO-SI//
CDR 66TH MI GP AUGSBURG GE//IAPG-SAS//
(USAREUR COMMAND)
NCEUR VAIHINGEN GE//F29//
USATCMOEUR 11TH SIG DET WORMS GE//ASQE-CLC-CMO/5BE001//
CUSALAOEUR SECKENHEIM GE//AMXLA-E-CCM//

(3) Personnel Incidents.

ACTION ADDRESSEES:
DIRNSA FT MEADE MD//V51A//
DIR USACCSLA FT HUACHUCA AZ//SELCL-KP-IN//
INFO:
HIGHER HQ AS DIRECTED BY UNIT SOP
CINCUSAREUR HEIDELBERG GE//AEAGB-CI-S/AEAIM-CO-SI//
CDR 66TH MI GP AUGSBURG GE//IAPG-SAS//
(USAREUR COMMAND)
NCEUR VAIHINGEN GE//F29//
USATCMOEUR 11TH SIG DET WORMS GE//ASQE-CLC-CMO/5BE001//
CUSALAOEUR SECKENHEIM GE//AMXLA-E-CCM//

c. Message addressees for USAREUR COMSEC incidents reports (AR 380-40, para 7-3b) are as follows:


(1) Incomplete or unauthorized destruction:

ACTION ADDRESSEE:
DIRNSA FT MEADE MD//V51A//
INFO:
HIGHER HQ AS DIRECTED BY UNIT SOP
CINCUSAREUR HEIDELBERG GE//AEAGB-CI-S/AEAIM-CO-SI//
CDR 66TH MI GP AUGSBURG GE//IAPG-SAS//
(USAREUR COMMAND)
DIR USACCSLA FT HUACHUCA AZ//SELCL-KP-OR/SELCL-KP-KEY//
NCEUR VAIHINGEN GE//F29//
USATCMOEUR 11TH SIG DET WORMS GE//ASQE-CLC-CMO/5BE001//
CUSALAOEUR SECKENHEIM GE//AMXLA-E-CCM//

(2) Unauthorized retention of COMSEC material past its supersession, use of unauthorized or locally produced key, unauthorized extension of a cryptoperiod, or use of compromised, superseded, defective, or previously used key:

ACTION ADDRESSEES:
DIRNSA FT MEADE MD//V51A//
CONAUTH
INFO:
HIGHER HQ AS DIRECTED BY UNIT SOP
CINCUSAREUR HEIDELBERG GE//AEAGB-CI-S/AEAIM-CO-SI//
CDR 66TH MI GP AUGSBURG GE//IAPG-SAS//
(USAREUR COMMAND)
DIR USACCSLA FT HUACHUCA AZ//SELCL-KP-OR/SELCL-KP-KEY//
NCEUR VAIHINGEN GE//F29//
USATCMOEUR 11TH SIG DET WORMS GE//ASQE-CLC-CMO/5BE001//
CUSALAOEUR SECKENHEIM GE//AMXLA-E-CCM//

(3) Premature exposure of COMSEC key:

ACTION ADDRESSEES:
DIRNSA FT MEADE MD//V51A//
CONAUTH
INFO:
HIGHER HQ AS DIRECTED BY UNIT SOP
CINCUSAREUR HEIDELBERG GE//AEAGB-CI-S/AEAIM-CO-SI//
CDR 66TH MI GP AUGSBURG GE//IAPG-SAS//
(USAREUR COMMAND)
DIR USACCSLA FT HUACHUCA AZ//SELCL-KP-OR/SELCL-KP-KEY//
NCEUR VAIHINGEN GE//F29//
USATCMOEUR 11TH SIG DET WORMS GE//CLC-CMO/5BE001
CUSALAOEUR SECKENHEIM GE//AMXLA-E-CCM//

d. USAREUR units will report CCI incidents (formerly CCI-access discrepancies) as follows:


(1) Reference:


(a) Memorandum, HQDA, DAMI-POC, 24 April 1996, subject: Reporting and Evaluating CCI Incidents (NOTAL).

(b) Coordination memorandum between HQ USACCSLA, SELCL-CK2, and HQDA, SAIS-C4C, 2 May 1996, subject: COMSEC Policy Update - Reporting CCI Incidents.


(2) The United States Army Communications Electronics Command COMSEC Logistics Activity (USACCSLA) COMSEC Incident Monitoring Activity will track COMSEC incidents involving controlled cryptographic items (CCIs), whether keyed or unkeyed. (The requirement in DA Pamphlet 25-380-2 to report certain CCI incidents to the United States Army Information System Command has been rescinded.)

(3) CCI users will report CCI incidents to their security manager, accountable officer, or property book officer.

(4) On receiving a report of a CCI incident, the security manager, accountable officer, or property book officer will--


(a) Prepare a CCI-incident report as prescribed in USAREUR Pamphlet 380-40.

(b) Send the report to the addressees below, if the incident concerns unkeyed CCI. (COMSEC custodians will become involved only if the incident involves keyed CCI.)

ACTION ADDRESSEES:
DIRUSACCSLA FT HUACHUCA AZ//SELCL-KP-IN//
CONAUTH (IF KEY IS INVOLVED)
INFO:
DIRNSA FT MEADE MD//V51A//
DIRUSACCSLA FT HUACHUCA AZ//SELCL-EP-C (CCISP)//
HIGHER HQ AS DIRECTED BY UNIT SOP
CINCUSAREUR HEIDELBERG GE//AEAGB-CI-S/AEAIM-CO-SI/AEAGD-SM-S//
(USAREUR COMMAND)
CDR 66TH MI GP//IAPG-SAS//
NCEUR VAIHINGEN GE//F29//
USATCMOEUR 11TH SIG DET WORMS GE//ASQE-CLC-CMO/5BE001//
CUSALAOEUR SECKENHEIM GE//AMXLA-E-CCM//

e. COMSEC incidents involving positive-controlled material will be reported according to CJCSI-3260.01 to USCINCEUR, VAIHINGEN, GE//ECJ36(PMCT)// as an action addressee.

11. STU-III INSTALLATION IN PRIVATE RESIDENCES
Requests for STU-III installation in a private residence will be made according to this regulation, appendix B. Requesters must be high-level officials who require frequent secure-telephone-voice communication after normal duty hours. Officials not listed in USAREUR Regulation 25-22, appendix E, must submit requests through command channels to the Commander in Chief, USAREUR, ATTN: AEAGB-CI-S, Unit 29351, APO AE 09014, using the format in this regulation, figure B-1. The STU-III may be installed in residences of designated essential personnel for the duration of their service in that capacity in support of operations or contingencies. If the request is approved, the following standards and conditions must be met:

a. Audio and physical security precautions must prevent unauthorized access to the STU-III and the CIK and to prevent interception of information. The following applies:


(1) STU-IIIs in private residences will not be used as standard telephones.

(2) Precautions must meet DA security standards (DA Pam 25-16 and AR 380-5, paras 5-200b thru d, on protecting information (physical and electronic), including oral communications).

(3) Requests for certification of residences for classified discussions (AR 381-14) will be made according to USAREUR Regulation 380-85, appendix B.

(4) Certification for a STU-III in a private residence will be renewed annually. Security managers will notify the Commander in Chief, USAREUR, ATTN: AEAGB-CI-S, Unit 29351, APO AE 09014, for recertification 30 days before renewal date.


b. Security managers will notify the Commander in Chief, USAREUR, ATTN: AEAGB-CI-S, Unit 29351, APO AE 09014, when STU-IIIs are no longer needed and provide disposition instructions for turning in the STU-III and CIK.

c. STU-IIIs are for voice communication only. Information discussed on STU-IIIs will be no higher than Secret or its non-U.S. equivalent.

d. The requester and the security manager will keep a copy of the approval.

e. The STU-III will be marked "U.S. GOVERNMENT PROPERTY." A locally prepared, self-adhesive label may be used for this purpose. The label must be attached to the STU-III.

f. The STU-III user must have the appropriate security clearance and be certified by the local commander as having responsibilities involving national security.

g. The STU-III user will attach an adjusted DD Form 2056 (Telephone Monitoring Notification Decal) to the STU-III and black-out or cut off the part of the label that states "DO NOT DISCUSS CLASSIFIED INFORMA-TION."

h. The CIK will be removed from the STU-III after each use.

i. The CIK will be controlled by the user or left in the custody of an authorized person. DA security standards for STU-IIIs define "authorized persons" and prescribe STU-III controls.

j. Users will be familiar with and maintain copies of DA security procedures.

12. FOREIGN ACCESS

a. Foreign national employees will not be granted access to keyed CCI based solely on duties. Foreign nationals employed by the U.S. Government who are involved in and directly support U.S. Government operations may be granted access to CCI keyed with an unclassified U.S. key. The foreign-national employee may sign a hand-receipt for the U.S. unclassified key. The foreign national employee is not authorized to sign a hand-receipt for any CCI equipment. AR 380-40 and this regulation prescribe procedures. Foreign national employees must have an appropriate host nation security check (USAREUR Reg 604-1) and meet the prerequisites of AR 380-40.

b. Foreign national employees required to maintain telecommunications and automated information systems are not authorized to sign a hand-receipt for CCI equipment. Property book officers must be U.S. citizens.

c. The security manager of the supported organization will provide the supporting COMSEC-account custodian a list of foreign national employees authorized to sign a hand-receipt for unclassified COMSEC key. The list verifies that a security check was conducted and will be maintained by the servicing civilian personnel operations center. Foreign national employees must meet the conditions of DA Pamphlet 25-16, paragraphs 3 and 4, to be authorized access to a STU-III.

d. Requests for accreditation for secure subscriber terminals (AR 380-19, chap 4) will state that foreign national employees will operate the terminal.

e. Keys for terminals with approved foreign access must be ordered to include a foreign-access indicator (such as US/FORN, US/UK). If the terminal is not keyed accordingly, unescorted access by a foreign national is not authorized.

13. CRYPTOGRAPHIC ACCESS PROGRAM

a. The DACAP POC will maintain a database of enrolled personnel and send an updated list to the Commander in Chief, USAREUR, ATTN: AEAGB-CI-S, Unit 29351, APO AE 09014, by the 20th day of each month. (Negative reports are required.) 5th Signal Command units will send their monthly reports to the Commander, 5th Signal Command, ATTN: ASQE-IS-S, CMR 421, APO AE 09056.

b. The following information is required to add personnel to the access program: name, rank, social security number, duty position, date expected to return from overseas, unit address, command, barracks or kaserne (as applicable) city, country, and POC telephone number.

c. The following information is required to delete personnel from the access program: name, rank, unit, date debriefed, confirmation that termination statement was signed, and the reason for leaving the program (for example, permanent change of station, change of duty position, expiration term of service, security clearance revoked, access denied).

14. AE 380-40 Series

a. AE Form 380-40A-R (Accountability Register for DD Form 2501 (Courier Authorization)). Instructions for filling in the form are--

Page ___ of ___ pages. The first blank is the sequential number of this page. The second blank is the total number of pages of the form.

Issuing authority. The command issuing the DD Form 2501.

Month and year. The month and year the form is being used.

Card number. The card number on the DD Form 2501.

Issued to. The name of the courier.

Issue date. The day, month, and year the DD Form 2501 is issued.

Expiration date. The day, month, and year the DD Form 2501 expires.

Courier's signature. The signature of the courier.

Security manager's signature. The signature of the security manager or a designated representative, which verifies the information on that line.

b. AE Form 380-40B-R (COMSEC Custodian STU-III-Key Accountability Record). AE Form 380-40B-R is used to control the distribution of secure telephone unit-third generation (STU-III) keys. Instructions for filling in the form are-

Date. The day, month, and year the form is first used.

Point of contact. The name of the person and the office to contact for information about the key.

Telephone number. The telephone number of the point of contact.

Location:

Building number. The building number where the STU-III key will be used.

Room number. The room number where the STU-III key will be used.

Installation. The installation where the STU-III key will be used.

COMSEC account. The COMSEC account number of the unit issuing the key.

COMSEC custodian or alternate. The name of the COMSEC custodian or designated alternate who will issue the key to the user.

STU-III

Serial number. The serial number of the STU-III in which the key will be used.

Telephone number. The telephone number of the STU-III in which the key will be used.

Key classification. The security classification of the key (for example, Secret, Top Secret).

Key edition. The edition of the key in effect.

Master key serial number. The serial number of the master key.

CIK serial number. The serial number of the cryptoignition key (CIK).

Name and rank/grade. The typed or printed name and rank or grade of the person who receives the key.

Organization. The organization of the person who receives the key.

Signature. The signature of the person who receives the key.

c. AE Form 380-40C-R (Key Management Worksheet). AE Form 380-40C-R is used as an audit trail to ensure accountability of electronic key. Instructions for filling in the form are--

CONAUTH. The cryptonet control station (CNCS) (for example, V Corps).

Date. The day, month, and year the form is first used.

Key ID. The key identification (ID) is the key-tag information (for example, COOL) (USAREUR Pam 380-40, app E, table E-1).

Key type. The type of key in use. Two entries will be required for each net using electronic rekeying procedures (for example, TEK, KEK).

COMSEC equipment. The equipment in which the key will be used (for example, MSE, KY-57, KY-99).

Classification. The classification of the key to be used.

Date generated. The day, month, and year the key was generated.

Effective period. The beginning and ending dates the key will be effective.

To/DTG. The date time group (DTG) the key is signed to the user.

From/DTG. The DTG the key is returned or zeroized.

Signature. The signature of the user.

NOTE: When filled in, this form is classified Confidential and will be protected according to AR 380-5. The form will be maintained for 90 days after all electronic keys entered on this form have been superseded.

Appendix A