SORT: 5205.8
DOCI: DODD 5205.8
DATE: 19910220
TITL: DODD 5205.8 Access to Classified Cryptographic Information, February
20, 1991, ASD(C3I)
References: (a) National Telecornmunications and Information Systems
Security Policy (NTISSP) No. 3, "National Policy
for Granting Access to U.S. Classified
Cryptographic Information," Decernber 19, 1988
(b) Executive Order 12333, "United States Intelligence
Activities, " Decernber 4, 1981
(c) National Telecoinmunications and Information Systems
Security Instruction (NTISSI) No. 4001, "Controlled
Cryptographic Items," March 25, 1985
(d) DoD 5200.l-R, "Information Security Program
Regulation," June 1986, authorized by DoD Directive
5200.1, June 7, 1982
(e) through (i), see enclosure 1
A. PURPOSE
This Directive establishes under reference (a) a program to govern the
granting of access to classified cryptographic information that is owned,
produced by or for, or is under the control of the Department of Defense
and is in accordance with reference (b) to protect national security
information.
B. APPLICABILITY AND SCOPE
This Directive:
1. Applies to the Office of the Secretary of Defense (OSD), the
Military Departments, the Chairman of the Joint Chiefs of Staff and the
Joint Staff, the Unified and Specified Commands, the Defense Agencies, and
the DoD Field Activities (hereafter referred to collectively as "the DoD
Components")
2. Applies to all meinbers of the U.S. Armed Forces, civilian
employees of the Department of Defense and employees of agents of the DoD
Components who have access to classified cryptographic information. she
term "agents," as used herein, refers to contractors, consultants, and
other persons affiliated with the Department of Defense.
3. Pertains to persons whose duties require continuing access to
classified cryptographic information. (See section C., below.)
Accordingly, this Directive concerns those persons assigned:
a. As cryptographic material custodians, alternates, or their
equivalents.
b. As producers or developers of cryptographic key or logic.
c. As cryptographic maintenance, engineering, or installation
technicians.
d. To supply points where cryptographic keying materials are
generated or stored, and to those having access to such materials.
e. To secure telecommunications facilities located on the ground, on
board ship, or on communications support aircraft and whose duties require
keying of cryptographic equipment.
f. To prepare, authenticate, or decode nuclear control orders (valid
or exercise).
g. Any responsibility requiring or enabling access to classified
cryptographic media.
4. Is not applicable to individuals whose duties are to operate (not
to key or maintain) systems using cryptographic equipment.
5. Excludes Controlled Cryptographic Items as defined in NTISSI No.
4001 (reference (c)).
C. DEFINITION
Classified Crvptoqraphic Information, with respect to this access
program, is specified as:
1. Cryptographic key and authenticators that are classified pursuant
to DoD 5200.l-R (reference (d)) and are designated as SECRET CRYPTO, or
TOP-SECRET CRYPTO.
2. Classified cryptographic media that embody, describe, or implement
a classified cryptographic logic, to include, but not be limited to, full
maintenance manuals, cryptographic descriptions, drawings of cryptographic
logic, specifications describing a cryptographic logic, and cryptographic
computer software.
D. POLICY
It is DoD policy that a person may be granted access to classified
cryptographic information, as specified in sections B. and C., above, only
if that person:
1. Is a U.S. citizen;
2. Is a civilian employee of the Department of Defense, a member of a
Military Service, a DoD-cleared contractor or employee of such contractor,
or is employed as a DoD representative (including consultants of the
Department of Defense);
3. Requires access to perform official duties for, or on behalf of,
the Department of Defense;
4. Possesses a security clearance and personnel security
investigation appropriate to the level of the classified cryptographic
information to be accessed, in accordance with DoD 5200.2-R (reference
(e));
5. Receives a security briefing appropriate to the cryptographic
information to be accessed;
6. Acknowledges the granting of access by signing a cryptographic
access certificate;
7. Agrees to report foreign travel and any form of contact with
foreign citizens, in accordance with DoD 5200.2-R (reference (e)); and
8. Acknowledges the possibility of being subject to a non-lifestyle,
counterintelligence scope polygraph examination administered in accordance
with DoD Direcbe used to advantage by a foreign nation.
Classified cryptographic information is especially sensitive because
it is used to protect other classified information. Any particular piece
of cryptographic keying material and any specific cryptographic technique
may be used to protect a large.quantity of classified information during
transmission. If the integrity of the cryptographic system is breached at
any point, all information protected by the system may be compromised.
The safeguards placed on classified cryptographic information are a
necessary component of Government programs to ensure that our nation's
vital secrets are not compromised.
Because access to classified cryptographic information is granted on a
strict need-to-know basis, you will be given access to only that
cryptographic information necessary in the performance of your duties.
You are required to become familiar with (insert, as appropriate,
Department or Agency implementing Directives covering the protection of
cryptographic information). Cited Directives are attached in a briefing
book for your review at this time.
Especially important to the protection of classified cryptographic
information is the timely reporting of any known or suspected compromise
of this information. If a cryptographic system is compromised, but the
compromise is not reported, the continued use of the system can result in
the loss of all information protected by it. If the compromise is
reported, steps can be taken to lessen an adversary's advantage gained
through the compromise of the information.
As a condition of access to classified cryptographic information, you
must acknowledge that you may be subject to a non-life-style,
counterintelligence scope polygraph examination. This examination will be
administered in accordance with DoD Directive 5210.48 and applicable law.
The relevant questions in this polygraph examination will only encompass
questions concerning espionage, sabotage, or questions relating to
unauthorized disclosure of classified information or unreported foreign
contacts. If you do not, at this time, wish to sign such an
acknowledgment as a part of executing a cryptographic access
certification, this briefing will be terminated at this point and the
briefing administrator will so annotate the cryptographic access
certificate. Such refusal will not be cause for adverse action but will
result in your being denied access to classified cryptographic
information.
You should know that intelligence services of some foreign governments
prize the acquisition of classified cryptographic information. They will
go to extreme lengths to compromise U.S. citizens and force them to
divulge cryptographic techniques and materials that protect the nation's
secrets around the world. You must understand that any personal or
financial relationship with a foreign government's representative could
make you vulnerable to attempts at coercion to divulge classified
cryptographic information. You should be alert to recognize those
attempts so that you may successfully counter them. The best personal
policy' is to avoid discussions that reveal your knowledge of, or access
to, classified cryptographic information and thus avoid highlighting
yourself to those who would seek the information you possess. Any
attempt, either through friendship or coercion, to solicit your knowledge
regarding classified cryptographic information must be reported
immediately to (insert appropriate security office).
In view of the risks noted above, unofficial travel to certain
communist or other designated countries may require the prior approval of
(insert appropriate security office). It is essential that you contact
(insert appropriate security office) if such unofficial travel becomes
necessary.
Finally, you must know that, should you willfully or negligently
disclose to any unauthorized persons any of the classified cryptographic
information to which you will have access, you may be subject to
administrative and civil sanctions, including adverse personnel actions,
as well as criminal sanctions under the Uniform Code of Military Justice
(UCMJ) and/or the criminal laws of the United States, as appropriate.
(DATA OMITTED)
---------------------------------