Air Force
Intelligence and Security Doctrine

Communications

CONTROLLING AUTHORITIES FOR COMSEC KEYING MATERIAL

____________________________________________________________________________________________________

This instruction outlines responsibilities of personnel who control (controlling authorities) communications security (COMSEC) keying material. It describes the roles of the Headquarters Air Force Command, Control, Communications, and Computers Agency (HQ AFC4A), San Antonio Air Logistics Center (SA-ALC), Director, Cryptologic Management (SA-ALC/LTMKK) and the National Security Agency (NSA) in controlling COMSEC keying material. It also implements National Telecommunications and Information System Security Instruction (NTISSI) No. 4006, Controlling Authorities for COMSEC Material. It takes precedence over all other Air Force publications affecting COMSEC controlling authorities. Send recommended changes to HQ AFC4A, C4 Systems Security Division (AFC4A/SYS), Scott AFB IL 62225-5234. Refer conflicts between this and other instructions to HQ AFC4A, Policy and Procedures Branch (HQ AFC4A/XPXP), on AF Form 847, Recommendation for Change of Publication, with an information copy to Headquarters United States Air Force , Plans and Policy Division (HQ USAF/SCXX), 1030 Air Force Pentagon, Washington DC 20330-5190. Provide HQ USAF/SCXX and HQ AFC4A/SYS copies of printed supplements to this instruction.

SUMMARY OF REVISIONS

This issuance aligns the instruction with Air Force Policy Directive (AFPD) 33-2, Command, Control, Communications, and Computer (C4) Systems Security, and realigns responsibilities from Air Force Cryptologic Support Center (AFCSC)/SROC to HQ AFC4A/SYS. It names SA-ALC/LTMKK as the office responsible for specifying initial cryptonet activation and key implementation dates, unless otherwise directed by the controlling authority. It changes the terminology from keying material "reviews" to keying material "revalidations".

1. Introduction. This instruction assigns responsibilities to controlling authorities for keying material. It describes functions and lists options for reacting to emergency or crisis situations and tells how to evaluate COMSEC incidents. A glossary of references, abbreviations, acronyms, and terms is at attachment 1.

2. Applicability and Scope. This instruction applies to all Air Force personnel assigned or acting as, controlling authorities to oversee and manage operational use and control of COMSEC keying material, Communications-Electronics Operation Instructions (CEOI), Joint Communications-Electronics Operation Instructions (JCEOI), and Signal Operation Instructions (SOI). Although by definition CEOIs, JCEOIs, and SOIs are not keying material, they are included in this instruction to define the responsibilities of controlling authorities for these items. Manage positive control material according to Joint Pub 1-04(S), Policy and Procedures Governing JCS Positive Control Material and Devices (U).

3. Objectives:
3.1. Make sure of proper authorization, control, and management of COMSEC keying material.
3.2. Set up an orderly structure by assigning responsibilities for evaluating COMSEC incident reports.

4. Controlling Authority Appointment. The major command (MAJCOM) or agency that sets up the new cryptonet names a controlling authority to oversee and manage the operational use and control of keying material. Normally, the next higher

level to cryptonet members performs the controlling authority roles, even if the controlling authorities are not organizationally senior to cyyptonet members. All cryptonet members, including cryptonet members from other services or agencies, must follow directions given by the controlling authority. Do not assign the COMSEC account as the controlling authority for keying material. SA-ALC/LTMKK specifies the initial cryptonet activation and key implementation date, unless otherwise directed by controlling authorities. NOTE: MAJCOM COMSEC offices will not be assigned as controlling authorities.
4.1.1. For electronically generated key, the organization directing key generation does the controlling authority functions, unless those functions are specifically assigned to another organization.
4.2. The Joint Staff, the chiefs of the military services, the commanders of the unified and specified commands, the heads of departments and agencies, and MAJCOMs may direct changes in controlling authority appointments under their control. Whoever directs these changes notifies all cryptonet members, appropriate distribution authorities, and Director, National Security Agency (DIRNSA)/Y13), of all controlling authority appointments and changes.
4.3. Set up a controlling authority for each CEOI, JCEOI, or SOI system. The controlling authority for MAJCOM CEOIs, JCEOIs, and SOIs is the MAJCOM commander or their appointed representative.

5. Cryptonet Management. Procedures for cryptonet management are in attachment 2. Controlling authorities are allowed direct communications with cryptonet members. Controlling authorities must keep accurate records of the cryptonet in order to assess the impact of, and recover from, a compromise. This includes:

• Cryptonet member identities and the amount of
  

keying material they hold.

• Logistics support and resupply requirements for
  

the cryptonet.

• Cryptoperiod extensions allowed.
• Cryptonet activation and key implementation
  

dates.

• Operational requirements for the cryptonet.
• Key change (HJ) time.
• Spare group assignments for codes and
  

authenticators.

• Any extracts or local copying of keying material
  

allowed.

• Notices of compromised or replaced COMSEC
  

material, including disposition instructions,

when applicable.

• Instructions for making encrypted-traffic
  

reviews because of declared compromises of

COMSEC material.

• Notices of non routine supersession and changes
  

of effective date.

• COMSEC publication amendments that require
  

immediate implementation.

• Other procedural and operational changes when
  

immediate action is necessary.

• Act as USAF COMSEC Incident Management
  

Office.

• Evaluate all reported physical COMSEC
  

incidents involving multiple Air Force

controlling authorities.

• Coordinate actions to establish contingency
  

keying material with the SA-ALC.

• Recommend changes in manual cryptosystems
  

content and format to HQ AFC4A/SYS.

• Perform cryptonet management as outlined in
  

attachment 2.

• Report COMSEC incidents according to AFI 33-
  

212.

• Evaluate COMSEC incidents according to the
  

guidelines in AFI 33-212.

• Announce implementation of the system and
  

inform NSA/Y13 of the supersession and

projected usage.

• Update requirements to NSA/V27 in a timely
  

manner.

• Recommend changes in content, format, or
  

classification to NSA/V27.

• Allow the extension of the effective period to
  

suit operational conditions. These extensions are

not reportable to NSA.

• Evaluate incidents according to AFI 31-401,
  

Managing the Information Security Program.

Incidents involving CEOIs, JCEOIs, and SOIs

are not reportable to NSA.

• Direct emergency supersession and notify
  

NSA/V27/Y13 for resupply action.

4 Attachments
1. Glossary of References, Abbreviations, Acronyms, and Terms
2. Procedures For Cryptonet Management
3. Role of the National Security Agency
4. Guidelines For Extending Cryptoperiods

AFPD 33-2, Command, Control, Communications and Computer (C4) Systems Security
AFI 33-212, Reporting COMSEC Incidents.
AFI 33-216, Management of Manual Cryptosystems.
AFI 31-401, Managing the Information Security Program.
AFKAG-1, Communications Security (COMSEC) Operations
AFKAG-2, Air Force COMSEC Accounting Manual
JP 1-04(S), Policy and Procedures Governing JCS Positive Control Material and Devices (U)

Abbreviations and Acronyms

Abbreviations and
Acronyms Definition
AFI Air Force Instruction
AIG Address Indicator Group
CEOI Communications-Electronic Operating Instruction
COMSEC Communications Security
CSS Coded Switch System
DIRNSA Director, National Security Agency
DSN Defense Switched Network
HJ Key change
HQ AFC4A Headquarters,Air Force Command, Control, Communications, and Computer Agency
HQ USAF Headquarters, United States Air Force
JCEOI Joint Communications-Electronics Operating Instruction
JCS Joint Chiefs of Staff
JS Joint Staff
KEK Key encryption key
MAJCOM Major Command
NCCD Nuclear Certified Computer Data
NSA National Security Agency
NTISSI National Telecommunications Information System Security Instruction
PAL Permissive and Devices Action Link
PES Positive Enable System
SA-ALC San Antonio Air Logistic Center
SAS Sealed Authenticator Systems
SOI Signal Operating Instruction
STU-III Secure Telephone Unit III

Terms

COMSEC Incident--Any occurrence that has the potential to jeopardize the security of COMSEC material or the secure electrical transmission of national security information.

COMSEC Incident Monitoring Activity--The office within a department or agency that maintains a record of COMSEC Activity incidents caused by elements of that department or agency and makes sure all actions required of those elements are completed. (HQ AFC4A/SYSC for the Air Force.)

Cryptonet--Stations that hold a specific key for use. NOTE: Activities holding a key for other than use, such as cryptologic depots, are not cryptonet members for that key. Controlling authorities are actual members of the cryptonets they control.

Cryptonet member--An individual station, among a group of stations, holding a specific key for use. Controlling authorities are defacto cryptonet members.

JCS Positive Control Material--A generic term referring to Sealed Authenticator Systems (SAS), Permissive and Devices Action Link (PAL), Coded Switch System (CSS), Positive Enable System (PES), and Nuclear Certified Computer Data (NCCD).

• Knowing the identity of all cryptonet members and the problems users may experience with the keying
  

material.

• Knowing the distribution authorities that support the holders of the material and the fastest ways of
  

issuing supersession and other emergency information to all holders of the keying material.

• Making sure cryptonet members are trained to recognize COMSEC incidents and immediately report
  

them to the COMSEC manager.

A2.3. Resupply. Controlling authorities coordinate with distribution authorities to make sure of timely re supply of keying material. Controlling authorities must:
A2.3.1. Promptly check the status of follow-on material when COMSEC accounts have only a 2-month supply of keying material--except annually superseded material.
A2.3.2. Direct users to implement the longest authorized Cryptoperiod extension for each remaining key setting if COMSEC accounts cannot be assured of resupply before their remaining key is expended (paragraph A2.4).
A2.3.3. If the extension is not enough or the resupply date is not determined, controlling authorities must report, by IMMEDIATE precedence message, to SA-ALC/LTMKK, INFO: DIRNSA/X82/Y13. This allows responsible agencies to make contingency arrangements. The message must include:

• The keying material short title.
• Number of cryptonet members.
• Description of the type of operations (for example, full-time, or part-time, fixed or mobile
  

communications center).

• Explanation of the necessity for the cryptoperiod extension.

A2.4. Extensions. Controlling authorities for manual cryptosystems can extend the cryptoperiod by 72 hours. Controlling authorities for automanual and machine cryptosystems can extend the cryptoperiod by 1 week. That is, controlling authorities can add either 72 hours or 1 week, as applicable, to the regular cryptoperiod, unless the specific cryptosystem doctrine prohibits cryptoperiod extensions or authorizes a longer extension. Controlling authorities are not required to report these extensions to SA-ALC or NSA. Cryptonet members can extend cryptoperiods up to 2 hours to complete a transmission or conversation in process at HJ time. Controlling authority approval is not required and net members are not required to report these extensions. See attachment 4, Guidelines For Extending Cryptoperiods. Controlling authorities can approve indefinite cryptoperiod extensions for CEOI/JCEOI/SOI.

A2.5. Activating a Cryptonet. SA-ALC specifies initial cryptonet activation and key implementation date unless otherwise directed by the controlling authority. The controlling authority will designate contingency editions (paragraph A2.14), and informs members, SA-ALC/LTMKK and NSA/Y13.
NOTE: NSA establishes supersession rates based on security, operational need, production and re supply constraints. Except in emergencies, controlling authorities cannot change supersession rates.

A2.6. Operational Requirement. Controlling authorities must know the operational requirements supported by the cryptonet and the proper use of the key. Controlling authorities must keep familiar with the operation and capabilities of the associated equipment.

A2.7. HJ Time. Controlling authorities specify HJ time for the cryptonet, except where specified in the material. Keep the time selected for HJ consistent throughout the cryptonet. Additionally, the time chosen must have the least operational impact.

A2.8. Cryptonet Configuration. Controlling authorities notify all cryptonet members, SA-ALC/LTMKK, and NSA/Y13 of any changes in cryptonet configuration or keying material status. If manual cryptosystems are concerned, controlling authorities must also notify NSA/V27.

A2.9. Spare Group Assignment. Controlling authorities make temporary spare group assignments of operations codes, as necessary, and report permanent spare group assignments to HQ AFC4A/SYS, who makes sure they are included in future production copies.

A2.10. Key Distribution. Controlling authorities prescribe electronic generation and distribution of keys (except key encryption keys (KEK)). They alsoprescribe physical transfer of keys in a common fill device, or local reproduction of keys, when established channels cannot supply the material in time to meet urgent operational requirements. Controlling authorities make sure reproduced material is kept to the minimum essential amount and is properly classified, controlled, and destroyed as applicable. Controlling authorities obtain register numbers from SA-ALC/LTMKK for copies of Accounting Legend Code-1 reproduced by Air Force COMSEC accounts. Controlling authorities who routinely allow reproduction of the same material should increase the copy count of that material.

A2.11. Extracts. Controlling authorities approve the number of extracts of keying material issued to a user at any one time, except where specified in the material.

NOTE: Approving the issuance of extracts from protectively packaged keying material defeats the purpose of the protective packaging and increases the vulnerability of the key contained inside. Issue protectively packaged keying material as entire editions, except where operational necessity prevents such issue.

A2.12. Defective Keying Material. Controlling authorities report defective keying material (AFI 33-212) by message to DIRNSA/Y264/Y132, with an information copy to SA-ALC/LTMKK. Describe what is wrong with the material, if known, or reason for submitting the report. Furnish all available information to aid NSA in analyzing the problem. Keep defective material and all associated packaging materials until disposition instructions are received. Return recalled keying material by the Defense Courier Service, Department of State Courier System, or by cleared department, agency, or contract courier. Transfer reports must state reason for return. Refer to the recall message and include any other remarks requested in the recall message.

A2.13. Keying Material Revalidations. Controlling authorities begin and carry out annual revalidation of keying material, used with machine cryptosystems, to confirm cryptonet structure, quantities and adequacy of the key to meet operational requirements, and continuing requirement for the key. Deactivate the cryptonet if no longer needed. During the revalidation, identify cryptosystems of low peacetime use that are candidates for placement into contingency status (paragraph A2.14). Revalidate keying material for manual cryptosystems according to AFI 33-216. Send a summary of each revalidation to SA-ALC/LTMKK.

A2.14. Designating Contingency Keying Material. You may designate keying material for contingency use when large amounts of unused keying material, provided for regular consumption, are scheduled for destruction. Hold contingency keying material for a specific, yet irregular, requirement. Activate the material when needed for the specific requirement, and destroy after use. Substantial savings in production, distribution, accounting, and destruction are realized when contingency materials are used instead of regularly superseded effective key. Controlling authorities recommend keying material for contingency designation to SA-ALC/LTMKK and NSA/Y13.

A2.15. Tactical and High Risk Situations.

A.2.15.1. Tactical Situations. Issue keying material in ample quantities to support mission requirements. You may issue it in either hard copy or electronic form depending on the risk, as determined by the local commander. Use any multiple key storage capacity of the equipment. If equipment does not have multiple fill capacity, or has insufficient capacity, issue common fill or approved key transfer devices. If hard copy keying material is issued, issue extracts when only a few settings are required; otherwise issue the entire edition. Base your decision of whether to issue extracts or entire editions on a risk assessment and careful consideration of the logistic problems associated with emergency resupply due to compromise.

A2.15.2. High Risk Situations. Issue key in electronic form.

A2.16. Reproduction of Manual Cryptomaterial. You may locally copy manual cryptosystems (that is, codes and authenticators) as necessary to meet operational needs. Controlling authority approval is not required, but you may only issue copied material to users validated by the controlling authority. Obtain register numbers of ALC 1 material from SA-ALC/LTMKK, and pick up and account for the reproduced material according to AFKAG-2, Air Force COMSEC Accounting Manual.

• Takes or recommends appropriate action when COMSEC material has been subjected to compromise and lets appropriate authorities know of such actions.
• Assists controlling authorities in their annual cryptonet review, when requested.
• Advises controlling authorities of the logistic impact of compromise, supersession, or other controlling authority decisions, in coordination with the appropriate distribution authorities.

A4.1.1. Size of the Cryptonet. The key used on a large cryptonet is usually more vulnerable to compromise than the key used on a small cryptonet because it is available at more locations and more people have access to it. Also, large nets generally carry higher volumes of traffic than small nets. The compromise of a key used to secure a large net could make more intelligence available to an adversary. (For this reason, controlling authorities must keep their cryptonets as small as operationally feasible.)

A4.1.2. Location and Operating Environment of Net Members. Net members located in the United States, its territories, and its protectorates are normally at less risk than those in other locations. Net members located in high risk environments (that is, areas outside the United States where there is a small or no United States or allied military presence or where the political climate is unstable) have an increased risk of physical compromise. Mobile and tactical users have a greater opportunity for loss (particularly undetected loss) of material than do fixed plant net members. In addition, loss on the battlefield could pose an immediate threat not only to United States communications but also to United States lives.

A4.1.3. Sensitivity and Perishability of Traffic. The controlling authority should consider the classification of the protected information, and whether the information is of long or short term intelligence value. Compromise of a key used to secure upper level strategic communications would have a more devastating effect on United States security than would compromise of a key used to secure highly perishable or lower level tactical communications.

A4.1.4. Emergency Supersession Plan. The controlling authority must have a plan for replacing compromised key. They must know approximately how quickly they can replace the key if the plan is realistic in a worst case scenario. The controlling authority should test their plan, because it is extremely difficult to accomplish an unscheduled rekey in a large net without creating additional problems and confusion. The controlling authority must know the logistic channels that support the cryptonet as well as the electronic key transfer or distribution capabilities of the associated equipment.

A4.1.5. Operation Impact of an Extended Cryptoperiod. The controlling authority must make an assessment as to whether extending the cryptoperiod is for operational necessity or for operator convenience. If we do not follow standard procedures during wartime, the value of our peacetime training is questionable. Also, feedback from personnel involved in recent military operations has revealed that operators were confused by changes in operational procedures during the stress of a wartime environment.

A4.2. If cryptoperiod extensions are necessary to maintain critical communications during battle (actual or field training), the following guidelines apply:
Begin all preplanned cryptoperiods with a new key setting.
Extend cryptoperiods by net and not by short title, whenever possible.
Rekey all affected nets as soon as there is a break in activity.