COMMUNICATIONS SECURITY (COMSEC) ASSESSMENT OPERATIONS (RCS: ESC/DO(M)7601)

AIR INTELLIGENCE AGENCY INSTRUCTION 33-202
31 October 1990
HQ Air Intelligence Agency
Communications

This regulation establishes how to conduct communications security (COMSEC) assessment operations. It applies to Electronic Security Command (ESC) units and ESC-gained Air Force Reserve (AFRES) units with COMSEC assessment missions. It does not apply to Air National Guard units.

Updates and corrects COMSEC assessment operational responsibilities and procedures; individual position responsibilities; unit designations/office symbols in all sections; and reporting requirements and formats.

SUPERSEDES ESCR 56-1, 17 February 1987. HQ ESC/DOOS MSgt Sipes HQ ESC/DO Col J. R. Bedingfield 20 F; X:
HQ ESC/DO -- (3)
/DOO -- (6)
/DOX -- (6)
/ INO -- (1)
/IG -- (1)
/IMOP -- (2)
HQ 6960 ESSG/IMPL -- (1)
HQ SESD/SC -- (1)
HQ AFEWC/SAV -- (1)
/INC -- (1 each)
HQ AFCSC/EPH -- (1)
HQ CESD/DOW -- (2)
HQ EESD/DOW -- (2)
HQ PESD/DOW -- (2)
HQ 690ESW/DO -- (1)
HQ 691ESW/DO -- (2)
HQ 693ESW/DO -- (1)
HQ 694ESW/DO -- (1)
HQ 695ESW/DO -- (1)
HQ 6903ESG/DOCS -- (5)
HQ 6924ESG/DOS -- (5)
HQ 6990ESG/DOS -- (10)
HQ 6981ESG/DOS -- (4)
6985ESS/DOS -- (2)
6906ESS/CC/DOT -- (1 each)/DOS -- (15)
6914ESS/DOS -- (15)/DOT -- (1)
6922ESS/DOS -- (4)
6949ESS/DOS -- (4)
8075ESS/DO -- (5)
/DOT -- (1)
8078ESS/DO -- (5)
/ DOT -- (1)
Det 1, ESCOS/CC -- (1)
Det 2, ESCOS/CC -- (1)
Det 3, 695ESW/DO -- (2) AUL/LSE -- (1)
USAF/SCTX -- (2)
/XOOTE -- (1)
/XOOOE -- (1)
The Pentagon
Washington DC 20330-5000
HQ AFOSI/IVIS -- (1)
Bolling AFB
Washington DC 20332-6001
HQ AFRES/IMME/DOX -- (1 each)
Robins AFB GA 31098-6001
10AF/IMP/DO -- (1 each)
Bergstrom AFB TX 78743-6002
4AF/IMP/DO -- (1 each)
McClellan AFB CA 95652-6002
3480TCHTG/TTRMC -- (20)
Goodfellow AFB TX 76908
HQ SAC/SCOKM -- (1)
Offutt AFB NE 68113
433MAW/CE -- (1
)Kelly AFB TX 78241-5000
442TFW/DOI -- (1) Richards-Gebaur AFB MO
COMSEC ASSESSMENT OPERATIONS Policy:

ESC's COMSEC assessment elements support US Air Force major commands (MAJCOM), separate operating agencies (SOA), and direct reporting units (DRU) according to AFR 56-8, AFR 23-30, and this regulation.

Organizations request assessment services to evaluate their command, control, and communication (C3) systems vulnerabilities and the effectiveness of their COMSEC programs within these systems. Support may be either survey, monitor, or a combination of both, depending upon the stated requirement; the type of C3 deficiencies identified; and the current hostile threat. COMSEC assessment surveys should be stressed over monitor only missions.

Designated ESC assessment field elements will conduct operations as tasked by HQ ESC/DO (DCS Operations) through the appropriate division according to this regulation. These units may also conduct operations as requested by colocated organizations as outlined in AFR 56-8. Notify the appropriate ESC division as soon as possible.

During operations, COMSEC assessment elements are obligated to identify and report existing or potential OPSEC deficiencies to appropriate OPSEC personnel through designated reporting channels according to AFR 55-30.

Dissemination of information on planned COMSEC assessment missions must be limited to a strict need to know basis to ensure that mission effectiveness isn't jeopardized. To achieve this, handle information on planned missions through the supported unit point of contact.

Materials collected or developed during assessment operations will be protected according to DOD 5200.lR/AFR 205-1, AFR 55-50, AFR 12-30, or the applicable security classification guide. Store information according to guidelines for the applicable level of classification or handling instruction to prevent unauthorized access.

Divisions will send field element queries on operational COMSEC assessment matters to HQ ESC/DOO if they are unable to answer them.

Assessment sources participate in allied nation exercises. Occasionally, assessment resources will take part in exercises and operations conducted with an allied nation or coalition of allied nations such as the North Atlantic Treaty Organization (NATO). Whenever an ESC activity performs a monitoring mission within an allied environment or is tasked to augment or participate in a multi-national monitor mission, control of monitor tapes, developed information, or release of transcripts will be according to procedures established by the executive agency for the exercise or operation.

Notice and Consent.

Notice and consent requirements for telephone monitoring are specified in AFR 56-8. ESC assessment field units will not conduct telephone monitor missions at any location unless the provisions in AFR 56-8 have been met. Use of COMSEC assessment resources during exercises will be governed by AFR 56-8 and this regulation. COMSEC assessment operations are not to be construed in any way as intelligence gathering activities.

Responsibilities:

HQ ESC/DOO will:

Ensure that COMSEC assessment services are provided to support national and USAF goals.

Provide COMSEC assessment policy and procedural, operational, and technical guidance to ESC and ESC-gained reserve assessment field elements.

Facilitate annual tasking according to AFR 56-8. Coordinate 8075 ESS (Electronic Security Squadron) and 8078 ESS tasking with HQ AFRES or as stated in current agreements with HQ AFRES.

Provide staff assistance and augmentation to ESC and ESC-gained reserve field elements when requested by the appropriate division.

The Air Force Cryptologic Support Center (AFCSC) is responsible for COMSEC equipment programming (HQ ESC programs for assessment equipment), codes, authentication systems, voice callsigns, COMSEC material distribution, COMSEC education management, and physical security of COMSEC material. Field elements should forward questions on these matters to AFCSC through their chain of command. Always provide an information copy of such correspondence to HQ ESC/DO.

The Air Force Electronic Warfare Center (AFEWC) will:

Oversee and conduct threat and vulnerability assessments of friendly communications systems.

Provide communications-electronics threat and vulnerability data and source lists to COMSEC assessment field elements for use in preparing specific threat briefings and assessments.

Provide threat and vulnerability staff assistance when requested.

The Directorate of Operations (DO) at HQ Continental Electronic Security Division (CESD), HQ European Electronic Security Division (EESD), and HQ Pacific Electronic Security Division (PESD) will each:

Provide operational guidance to COMSEC assessment field units.

Assist subordinate units in managing COMSEC assessment operations.

Monitor adherence to AFR 56-8 guidelines, controls, and constraints for the division.

Manage the scheduling of COMSEC assessment missions for subordinate units.

Serve as the division's focal point for short-notice COMSEC assessment requests.

Supplement this regulation as needed to provide guidance to field units. Forward drafts to HQ ESC/DOOS for approval prior to publication.

COMSEC assessment field elements will:

Conduct COMSEC assessment operations to provide customers with the most professional services and products possible.

Follow established guidance in conducting fixed or portable COMSEC assessment operations in response to consumer needs.

Rapidly advise the appropriate ESC intermediate headquarters when manpower, expertise, or equipment resources aren't available at the unit to meet tasking. AFRES units should notify HQ AFRES/DO, their respective numbered Air Force (NAF)/DO, and the respective parent flying wing DO.

Advise the appropriate intermediate ESC headquarters of any requests for support received directly from a MAJCOM or SOA. AFRES units should notify HQ AFRES/DO, HQ ESC/DOOS, their respective NAF/DO, and the respective parent flying wing DO.

Forward copies of all significant correspondence dealing with operational projects to the appropriate intermediate ESC theater headquarters and consumer office of primary responsibility (OPR). AFRES units should forward copies to HQ AFRES/DO, HQ ESC/DOOS, their respective NAF/DO as appropriate, and respective parent flying wing DO.

Set up folders for all tasked assessment projects and missions; include tasking, mission coordination, pertinent information, and reports.

Develop project and mission checklists to ensure that all required actions are performed on time; include procedures for handling personal privacy information (PPI), operator's preventive maintenance inspections, safety (AFRs 127-2 and 127-12), security, and procedures for releasing names or identifying data (AFR 56-8).

Establish procedures to ensure that the commander or senior official of the organization to be surveyed or monitored is aware of the impending mission, prior to commencing operations. As a general rule, contact with the commander or senior official should be arranged through the mission point of contact. Offer an inbrief and outbrief. Make the briefing fit the circumstances; be sure to abide by any limitations imposed by the requesting organization. If necessary, seek clarification or guidance through the appropriate ESC division.

Notify the ESC unit commander assigned to the installation or area that you will be monitoring that a COMSEC team will be working in the area. Generally, it should be sufficient to state that a COMSEC team will be operating in the area for some unspecified period of time. With knowledge of the COMSEC team's presence, the assigned ESC unit commander can provide liaison support for the mission, if it becomes necessary.

Provide training materials for hands-on training of AFSC 209X0 technical school students. The 3480th Technical Training Wing (TCHTW) will periodically require monitor materials from missions that field units perform. When requested by the 3480 TCHTW, through HQ ESC/DOXT, selected units will forward materials accordingly. These training materials may include tapes; ESC Forms 128, COMSEC Edit Log, (either typed or handwritten); transcripts; and various mission reports . Materials forwarded will not contain any PPI.

Produce communications-electronics threat assessments or briefings as required to support this mission, field elements will:

Identify sources for threat data.

Maintain a current database of threat information.

Request assistance from AFEWC/IN (Director of Intelligence), as required, to accomplish the threat-related mission.

When appropriate, state in the COMSEC report that AFEWC/IN will provide the threat assessment separately.

During COMSEC surveys, identify and obtain threat-related data and send it to AFEWC/IN.

Units will maintain a mission support data base.

Establish procedures for, and maintain, a quality control program. At minimum, the program will include the elements outlined in this regulation.

Establishing a Mission:

HQ ESC/DOOS, or the appropriate ESC intermediate headquarters, will assign mission designators to all requests received for support, whether the support is provided or not. Project or mission designators consist of three-letter abbreviations with one-up numbers followed by the fiscal year in which the mission is tasked. Assign designators as soon as possible after receipt of the request for support.

HQ CESD/DOW will assign designators 01 through 99 for CONUS units and for command-unique projects.

HQ EESD/DOW will assign designators 01 through 99 for Europe.

HQ PESD/DOW will assign designators 01 through 99 for Pacific and Alaskan units.

HQ ESC/DOOS will assign designators 01 through 99 for reserve units.

COMSEC assessment units will assign numbers 100 through 199 for locally generated missions.

Mission designator abbreviations are assigned as follows:

ESC HQ Electronic Security Command CES HQ Continental Electronic Security Division EES HQ European Electronic Security Division PAC HQ Pacific Electronic Security Division EUR 691 ESW (Electronic Security Wing) KEL 694 ESW AME 695 ESW KOR 6903 ESG (Electronic Security Group) HAW 6924 ESG EDF 6981 ESG OKI 6990 ESS OFT 6949 ESS (Electronic Security Squadron) BKS 6906 ESS MEH 6914 ESS PHI 6922 ESS EIL 6985 ESS NEL DET 3 695 ESW RSM 8075 ESS RSS 8078 ESS

If two or more elements are tasked to support a mission within one theater, the appropriate ESC intermediate headquarter's will designate an executive for that mission. Show the intermediate headquarters mission designator on all correspondence and send it to or through the executive element. The correspondence will state the executive's specific responsibilities.

If two or more theaters are involved in a specific tasking, HQ ESC/DOO will designate an executive for that mission. Show the HQ ESC mission designator on all correspondence and send it through the appropriate divisions. The correspondence will state the executive's specific responsibilities.

SURVEY PROCEDURES COMSEC Surveys.

COMSEC surveys are designed to thoroughly examine communications systems and procedures associated with a specific weapon system, operation, or activity, and document their vulnerability to hostile SIGINT exploitation. Through systematic data assimilation and analytical procedures, COMSEC elements document the foreign hostile threat; isolate existing or potential COMSEC deficiencies; and identify procedures to minimize or eliminate COMSEC weaknesses. COMSEC surveys aren't inspections nor are they designed to identify non-COMSEC weaknesses. However, during the survey, items (such as stereotyped patterns or administrative and physical security procedures) routinely surface as possible sources of intelligence losses. While these OPSEC related items aren't included in COMSEC surveys, they are provided, as a professional courtesy to the supported commander's OPSEC officer.

Scheduling Surveys.

HQ ESC divisions are responsible for scheduling COMSEC surveys in response to MAJCOM and SOA requests. Units that receive requests for independent COMSEC surveys will forward these requests to their division for action.

Survey Methods.

A number of actions, questions, and analytical procedures may be considered when conducting a survey. Use NACSIM 4004 to plan and conduct surveys.

Document all C-E systems and circuit paths which support the weapon system, operation, or activity being surveyed.

Document known and assumed foreign threats against the weapon system, operation, or activity being surveyed.

Administer COMSEC awareness tests, tailored to the surveyed activity, to determine the level of COMSEC education and motivation of assigned military and DOD civilians.

Review directives, plans, and written procedures for institutionalized COMSEC weaknesses.

Conduct individual, one-on-one interviewing, designed to identify unwritten procedures which lead to COMSEC weaknesses.

Determine the need for and, as needed, conduct COMSEC monitoring of those telecommunications, which are or may be vulnerable to hostile exploitation.

Comparatively analyze information gained from these six essential steps.

COMSEC MONITOR OPERATIONS The Purpose of COMSEC Monitoring.

The basic purpose of COMSEC monitoring is to provide unique material which is not readily available through other sources, to evaluate the status of U.S. COMSEC. The information collected through COMSEC monitoring is similar to the information potentially available to foreign powers through their own signals intelligence (SIGINT) collection. A COMSEC assessment monitor may be required to support a commander in a direct support role, as part of a MAJCOM or SOA OPSEC survey, COMSEC survey, or in the more traditional role of assisting a commander in identifying COMSEC problems or weaknesses.

Procedures for Conducting COMSEC Monitor Operations:

Gisting Conversations. Use ESC Forms 128 to prepare a gist of voice communications. A verbatim gist is neither required nor expected; however, a gist must be legible and contain enough detail to enable the analyst or mission supervisor to see the significance of individual conversations. The ESC Form 128 and the corresponding tape will contain the same classification markings or handling instructions.

Transcripts. Transcribe those conversations necessary for analysis, reporting, or continuity. Use the format specified in figures 3-1 and 3-2. A copy of the transcript of any conversation used as a basis for a reportable item will be maintained in the appropriate mission folder.

Releasing Transcripts. To release transcripts, field elements will comply with AFR 56-8 and the following procedures.

Sanitized Format. Prepare sanitized transcripts approved for release outside a unit as follows:

Prepare a cover letter to the organization for which the sanitized transcript is intended or include an introductory paragraph if forwarded electrically. Reference all previous correspondence relating to release of the transcript; also, identify the circuit or frequency, dates and times of the conversation, location or locations involved, mission number, and tasking authority. Include an explanatory paragraph on the procedures to be followed to obtain a complete transcript if the situation warrants further action.

Mark transcripts appropriately and forward them according to AFR

205-1 or AFR 12-30. Include the statement: "Access to this transcript is for evaluation purposes only. The number of personnel provided access should be kept to the absolute minimum necessary for a complete evaluation."

Releasing Unsanitized Transcripts. Any organization, after reviewing a sanitized transcript, may request the names of persons and other identifying data by written certification to HQ ESC/DO that a security violation has occurred. HQ ESC/DO will then direct the COMSEC assessment element to forward the transcript according to AFR 56-8 for release approval. Do not provide unsanitized transcripts without written authorization. Prepare unsanitized transcripts for release as follows:

Send the transcript to HQ ESC/DOOS with a cover letter or include an introductory paragraph if the transcript is to be transmitted electrically. Reference all previous correspondence relating to the project or mission number, dates and times of the conversation, locations involved, and the telephone circuit or radio frequency. Include all information necessary for clarity and explain any items which may not be obvious to the reader.

Mark transcripts with the appropriate, overall classification and include the statement, "Access to this transcript is for evaluation purposes only. The number of personnel provided access should be kept to the absolute minimum necessary for a complete evaluation." Forward according to AFR 205-1 or AFR 12-30.

DOD COMSEC Information. Periodically, COMSEC assessment field elements note COMSEC disclosures involving other DOD components. Report this information (using the appropriate type of report) to HQ ESC/DO for action unless obtained as part of a monitor supporting joint operations. For joint operations, report the information as directed by the project's executive agent. Do not include names of conversants or other identifying data except as specified in governing directives. HQ ESC/DO will send COMSEC reports not obtained as part of joint operations to HQ USAF/SCTT for action. Department of Defense components that need exact transcripts will forward requests through HQ USAF/SCTT to HQ ESC. HQ ESC will provide such transcripts only after removing Air Force personnel identifying data.

Classifying Transcripts. Classify all transcripts (sanitized or unsanitized) according to content. As a minimmum, mark transcripts FOR OFFICIAL USE ONLY (according to AFR 12-30). Transmit hardcopy transcripts by First Class Mail (AFR 82-2) unless prohibited by the classification level.

Safeguard Equipment. To safeguard COMSEC assessment monitoring equipment from unauthorized access, keep equipment not in use in controlled storage.

Sample Telephone Transcription Format

//OKI 7-90/09JAN90/29A/TELEPHONE//

//PU ON DUTY 0735L/10JAN90//

//1505L/CONV5/LINE2//

1 HELLO, MAY I HELP YOU?

2 IS CAPT .. IN?

1 NO HE WON'T BE BACK UNTIL TOMORRW. //USE OPERATOR COMMENTS

WHENEVER THERE IS DOUBT ABOUT THE INFORMATION TO BE TRANSMITTED AND

WHENEVER IT WILL AID/OR ADD CLARIFICATION FOR THE ANALYST-COMMENT:

HEAVY NOISE ON LINE, MAY HAVE SAID TONIGHT VICE TOMORROW //

2 THANK YOU.

//1507L/END TEXT/PU OFF DUTY 0737L//

Sample Radio Transcription Format

//KOR 8-90/15DEC89/11C/RADIO//

//OD ON DUTY 1502L/15DEC89//

1205Z/121.5MHZ//

1205Z

1 //CALLSIGNS OF CONVERSANTS WILL BE IDENTIFIED THE FIRST TIME THEY ARE

USED AFTER WHICH A REGULAR NUMERICAL SEQUENCE WILL OCCUR.

CONVERSANT IS BLUE FIN// YOUR POSITION?

2 //CONVERSANT 2 IS SHARK 10// 10 MILES EAST OF TARGET.

1208Z

1 SQUAWK 1174 WHEN OVER TARGET AND PROCEED TO BASE AFTER WEAPON

DELIVERY.

2 ACKNOWLEDGE

//1209Z/END TEXT/OD OFF DUTY 1531L//

FOR OFFICIAL USE ONLY

COMSEC ASSESSMENT REPORTS Producing Reports.

To be most effective, COMSEC assessment reporting must be timely, accurate, and comprehensive. COMSEC assessment reports are the end result of an assessment effort and highly visible at all levels of command within the Air Force. During exercises, COMSEC assessment reporting may be provided to both the commander of the supported forces or the opposing forces (OPFOR) as outlined in AFR 56-8. Ensure that all reports issued are clearly identified as COMSEC assessment reports. Clearly identify each report as a COMSEC assessment product and prominently display an access clause at the beginning of the report. In capital letters state: THE INFORMATION IN THIS REPORT WILL BE USED ONLY FOR OFFICIAL U.S. GOVERNMENT COMSEC PURPOSES. Transcripts of any conversations used as the basis for an item in a report will be prepared and maintained in the mission folder. Elements will use report formats specified in this regulation and establish extensive training and quality control (QC) procedures to ensure a high quality, professional product.

Report Types and Formats:

Equipment and Personnel Status. Transmit the status of COMSEC assessment equipment and personnel in the status of operational readiness training systems (SORTS) report (AFR 55-15 and ESC Supplement 1 contain the instructions).

Monthly Activity Report (MAR). Use the MAR (figure 4-1) to keep HQ ESC and intermediate headquarters informed of:

Operations completed during a particular month.

Projected mission schedules for the following 3 month period.

Manning statistics (assigned versus available for duty).

Mandays for COMSEC and RED FORCE operations. (A manday is a normal duty day; for example, one individual available for a project during a normal duty day. In garrison, any period of 4 hours or more constitutes a duty day. Calculate fractional days (on an 8-hour day) for periods when personnel are available for less than 4 hours.)

Any information or statistics on equipment status that may impact on projected mission support.

The MAR must reach HQ ESC by the 15th of each month. Address the MAR to HQ ESC/DOOSC/DOXRE/DOOER with information copies to intermediate theater divisions, wings, and other theater COMSEC assessment units (if applicable). AFRES units will submit this information in a MAR or a quarterly unit update message.

Classify the MAR according to the classification guidance for the command, control and communications countermeasures (C3CM) program (atch 1 of AFR 55-50). You must classify information which reveals mission locations with monitor dates according to the requesting agency's requirements.

Format the MAR as follows:

Subject: Monthly Activity Report/(month and year) (RCS: ESC/DO(M)7601) (U).

Part One. List those assessment missions completed during the reporting month. Information will include the mission number, brief (one line) mission description, location, inclusive dates, number of personnel utilized and position filled, quantity and type of equipment utilized, and total number of mandays expended from pre-deployment to post-deployment phase. Total COMSEC missions/mandays will be reflected at the end of part one.

Part Two. List all RED FORCE missions completed during the reporting month. Information will include the mission number, brief (one line) mission description, location, and inclusive dates, number of personnel utilized and position filled, quantity and type of equipment utilized, and total number of mandays expended from pre-deployment to post-deployment phase. Total RED FORCE missions/mandays will be reflected at the end of part two.

Part Three. List the combined COMSEC assessment and RED FORCE missions scheduled for the next 3-month period. Include all information available such as location, type of support such as brief (one line) mission description, personnel to be utilized, equipment, etcetera. Highlight those missions that have been identified as missions requiring special handling. If tasking is not accepted or a mission is cancelled, identify the reason for non-acceptance or cancellation.

Part Four. This is the remarks section. Report any problems with personnel status which will affect projected mission support. Also include any information or statistics about equipment failures or breakage that will impact on the projected mission schedule in this section. Manning statistics (assigned versus available for duty).

Part Five. This optional section is for division directed use. Divisions will provide instructions to subordinate units if they elect to use this part of the report.

Unique Information:

Immediately notify the nearest Office of Special Intelligence (OSI) representative when information which may constitute a serious crime, as described in AFR 56-8, is derived from a COMSEC monitor. Determine the notification method before starting any assessment mission. In this instance, and this instance only, provide full identifying data (such as, names and telephone numbers) to the OSI. Immediately following the OSI's notification, send an immediate precedence message (do not include identifying data, such as names and telephone numbers, of the persons involved) to OSD, WASH

DC/GC; HQ USAF, WASH DC/SCTX; SAF, WASH DC/GC; HQ ESC, KELLY

AFB TX/DO/JA; and HQ AFOSI, BOLLING AFB DC/IVO/ IVS. Explain the circumstances in full. AFRES units will include HQ AFRES/DO as an information addressee. The information in these reports will not be included in any COMSEC assessment reports.

Report Intelligence disclosures involving high level, very important person ( VIP) movements, DV Code 3 or higher to HQ AFOSI/IVOS. A DV Code 3 is a general (O-10), civilian equivalent, or higher level position or post (for example, the President is a DV-1). Transmit all reports on disclosures of VIPs by priority message (see figure 4-2 for report format) to AFOSI (message address: HQ AFOSI BOLLING AFB DC//IVOS//). If you receive information concerning an immediate disclosure or threat, notify the nearest AFOSI unit by telephone or secure voice (if available) and follow up with an immediate message. Report other general officer movements and Department of the Air Force (DAF) civilian equivalents according to AFR 208-1 which states:

Developers of foreign travel itineraries for officers serving in the rank of General and DAF civilian equivalents will classify as confidential those itineraries containing an overall schedule of times, dates, and locations. Declassify itineraries upon completion of travel.

Add the following statement as a final paragraph or on the face of all classified travel itineraries: "This document contains security classification markings according to DOD 5200.1R/AFR 205-1, Information Security Program."

Mark and protect as FOR OFFICIAL USE ONLY (FOUO), information necessary to accomplish coordination and to make administrative arrangements in support of the itinerary. These activities include establishing the dates, times, and locations for a distinguished visitor's local ground transportation or billeting, etc. This information when marked as FOUO, may not identify the dignitary or position with the date, time, and location portions of the itinerary.

Report emergency distress signals according to local directives for the unit or installation being supported.

COMSEC Monitor Reports Prepare COMSEC monitor reports (CMR) (figure

4-2) as a brief report used to notify consumers of inadvertent or careless compromises of classified or sensitive information and VIP movements.

Mission supervisors will determine the precedence of these CMRs based upon the presumed urgency and significance of the information being reported.

The requesting authority establishes the distribution (addressees) of the CMR. Resolve reporting criterions, to include report addressees, during pre-mission planning. Keep a copy for the mission folder and QC evaluation. Forward one copy to the appropriate ESC division for quality control and oversight. Do not include HQ USAF, HQ ESC, or other ESC units unless specified by the requestor.

Format:

Begin the report with the access clause (typed in all caps): THE INFORMATION IN THIS REPORT WILL BE USED ONLY FOR OFFICIAL U.S. GOVERNMENT COMSEC PURPOSES.

Title the report: COMSEC Monitor Report (CMR) Number One. Number reports one up, followed by the mission designator.

In paragraph 1, answer the questions who, what, when, where, and how of the probable intelligence loss. Be concise and avoid generalities or assumptions.

In paragraph 2, enter remarks or comments only when necessary to clarify the reported activity or to assist the reader in understanding the information. Provide comments that will help the consumer enhance their COMSEC procedures and posture.

In paragraph 3, identify the source, locations and the time of copy of the reported information (for example, on-base telephone circuit at Bitburg AB, GE; DSN call between Kadena AB, JA, and Osan AB, KO; VHF intra-base radio monitored at Offutt AFB, NE).

Classify according to content. Classify reports identifying a security weakness at least Confidential. A report may be classified Confidential, even though none of the individual items reported are individually classified, based on guidelines in AFR 205-1 (section 2-211) and AFR 55-50 (atch 1, section IV, para 16).

COMSEC Summary Reports. COMSEC Summary Reports (CSRs) recap problem areas or possible intelligence losses noted; CSRs may be issued daily, weekly, or at the end of a project. If issued at the end of a project, the report will be issued to the consumer no later than 30 calendar days after mission completion. If for some reason this cannot be accomplished, an interim message will be sent to the consumer and the divisions stating why and the projected report completion date. All COMSEC assessment missions require a final COMSEC Summary report. If the consumer requests a verbal out brief, a hard copy version of the out brief will be constructed as a permanent record for the mission folder and QC following the prescribed format below.

The requesting authority or supported unit will establish the external distribution (addressees) of the CSR. The supported unit will provide the internal (on-site) distribution for the CSR. Always keep one copy for the mission folder and QC evaluation. Forward a copy of the final CSR to the appropriate ESC division. No other distribution is authorized unless precoordinated with the requesting authority.

Format:

In daily or weekly summaries (figure 4-3), identify the dates and times the report covers; list problem areas or possible intelligence losses by subject matter.

For final summaries (figure 4-4), introduce the report with a listing of tasking, objectives, the period the report covers, and support provided followed by a listing of problem areas or possible intelligence losses noted by subject matter. Provide comments that will help the consumer enhance their COMSEC posture.

In daily or weekly CSRs, that are not final reports, delete paragraph

2 and renumber subsequent paragraphs appropriately.

Type the disclosure statement in all caps.

In paragraph 1, enter tasking authority information.

In paragraph 2, state the objectives.

In paragraph 3, summary of COMSEC monitor reports issued, state any CMRs issued prior to this report.

In paragraph 4, list problem areas or possible intelligence losses noted; be specific, avoid generalities; tell it like it is. Include comments when they assist the reader in understanding an item. Provide comments that will help the consumer enhance their COMSEC procedures and posture. Include source of information; for example, SOURCE: DSN call between Kelly AFB, TX and Offutt AFB, NE. Information will be listed by subject matter. This can be done in synopsis form or bullet statements; use the most effective method for reporting on a specific mission.

In paragraph 5, include the following AFR 205-1 statement: Individual paragraphs may, in themselves, be unclassified, but when collected into a final product the overall classification is a minimum of confidential based on the guidelines in AFR 205-1 (section 2-211) and AFR 55-50 (atch 1, section IV, para 16). This statement will always be included in the last paragraph of all assessment monitor reports. If a specific classification guide is used, besides AFR 55-50 (atch 1), classify by multiple sources and list AFR 55-50 and any other classification guides.

For optional paragraphs or appendices, use attachments or appendices for pertinent information that substantiates or more clearly portrays the information identified in the report. Examples of the attachments include communications profiles, threat or vulnerability assessments, statistical analysis, timelines, maps, and flow charts.

Prepare reports in letter format whenever possible. Include an executive summary, briefly describing problem areas or possible intelligence losses noted, when the report's length makes this desirable and easier to read.

When the team is physically separated from the addressee, daily or weekly summary reports will normally be issued by electrical means at Routine precedence.

Include the significant and specific threat to susceptibility or vulnerability of the monitored communications when appropriate in CSRs. You may send this information separately if it will allow wider distribution of the basic report.

If additional or refined information is developed after issuing the CSR, send it to the same addressees as the original report. State that it's believed to be significant information developed through more in-depth and detailed analysis.

Emergency Distress Signals. To report emergency distress signals, each COMSEC assessment unit will set up procedures for handling this information according to their current ESC Operations Plan 1.

Using Reports Control Symbols (RCS).

RCS: ESC-DO(M)7601 has been assigned to the MAR, which has been designated as the parent report for all other required COMSEC reports. The following reports are exempt from RCSs:

COMSEC Monitor Report.

COMSEC Summary Report.

OPSEC Survey Report.

Personal Privacy Information.

Unique Reports (for example, IG reports).

General correspondence.

Abbreviation and acronym listings.

Project mission checklists.

COMSEC survey monitor operations findings.

Special activities reports.

Exercise reporting.

Premission survey report findings.

Recorded monitor tape information.

Recording operator's comments.

Information involving other DOD components.

Transcription reporting.

Equipment and personnel status reporting.

VIP movement reports.

Emergency distress signals reporting.

Sample Monthly Activity Report (MAR)

FROM: 6906ESS BROOKS AFB TX//DOS//

TO: HQ ESC KELLY AFB TX//DOOSC/DOXRE/DOOER//

INFO: HQ CESD KELLY AFB TX//DOW//

695ESW LANGLEY AFB VA//DO//

C L A S S I F I C A T I O N

SUBJ: MONTHLY ACTIVITY REPORT (MAR)/1-30 MAY 90 (RCS: ESC/DO (M) 7601) (U)

HQ ESC/DOOSC PASS TO ( ), DOXRE PASS TO ( ), DOOER PASS TO ( ); HQ CESD PASS TO ( ); 695 ESW PASS TO ( )

( ) PART ONE: COMSEC ASSESSMENT OPERATIONS (OR COMBINED MONITOR AND DISRUPTION MISSION).

1. ( ) List those assessment missions completed during the reporting month. Information will include the mission number, brief (one line) mission description, location, inclusive dates, number of personnel utilized and position filled, number and type of equipment utilized, and total number of mandays expended from pre-deployment to post-deployment phase.

( ) PART TWO: RED FORCE OPERATIONS

2. ( ) List all RED FORCE missions completed during the reporting month. Information will include the mission number, brief (one line) missiondescription, location, and inclusive dates, number of personnel utilized and position filled, number and type of equipment utilized, and total number of mandays expended from predeployment to post-deployment phase.

( ) PART THREE: PROJECTED SCHEDULE

3. ( ) List the combined COMSEC assessment and RED FORCE missions scheduled for the next 3-month period. Include all information that is available at that time such as location, personnel to be utilized, equipment, etc. Highlight those missions that have been identified as missions requiring special handling. If tasking is not accepted or a mission is cancelled, identify the reason for nonacceptance or cancellation.

( ) PART FOUR: REMARKS

4. ( ) This is a remarks section. Report any problems with personnel status which will effect projected mission support. Any information or statistics about equipment failures or breakage that will impact on the projected mission schedule will also be included in this section. Include manning statistics (assigned versus available for duty).

( ) PART FIVE: DIVISION USE

5. ( ) This optional section is for division-directed use. Divisions will provide instructions to subordinate units if they elect to use this part of the report.

UNCLASSIFIED EXAMPLE ONLY

Sample COMSEC Monitor Report (CMR) FROM: 6906ESS BROOKS AFB TX//DOS//

TO: HQ AFOSI BOLLING AFB DC//IVOS//

U N C L A S

SUBJ: COMSEC MONITOR REPORT (CMR) NUMBER ONE, BRK 7-90 (U)

1. ( ) THE INFORMATION IN THIS REPORT WILL BE USED ONLY FOR OFFICIAL U.S.

GOVERNMENT COMSEC PURPOSES.

2. ( ) GENERAL JOHN JAMES WILL DEPART HOMESTEAD AFB, FL FOR PETERSON AFB,

CO ON 10 SEP 89 VIA MAC TRANSPORT. DEPARTURE INFORMATION FOLLOWS 1300L,

C-5A, ACFT TAIL NUMBER H2275, ARRIVES PETERSON AFB, CO AT 1630L.

3. ( ) IN ACCORDANCE WITH AFR 205-1, ITINERARIES OF DV CODE 3'S OR HIGHER

WILL BE REPORTED. THIS DOCUMENT CONTAINS SECURITY CLASSIFICATION

MARKINGS ACCORDING TO DOD 5200.1R/AFR 205-1, INFORMATION SECURITY

PROGRAM.

4. ( ) IF YOU HAVE ANY QUESTIONS PLEASE CONTACT THE 6906 ESS/DOS, DEPLOYED,

AT 123 BOMB SQUADRON, DSN555-5505, MSGT JONES, OR TSGT SMITH.

Sample COMSEC Summary Report (CSR) (LETTERHEAD PAPER OR MESSAGE)

RTAO: DOS DATE

SUBJECT: COMSEC Summary Report Number Two for, BRK 2-90, Kelly AFB, TX (U)

TO: HQ ESC/DO

THE INFORMATION IN THIS REPORT WILL BE USED ONLY FOR OFFICIAL US GOVERNMENT COMSEC PURPOSES.

1. ( ) 6906 ESS/DOS is conducting a COMSEC Assessment of HQ ESC/DO and supporting offices, Kelly AFB, Texas as tasked by HQ CESD/DOW in support of request by HQ ESC/CC. This report covers the period 0700 - 1600L, 21 July 89.

2. ( ) Summary of COMSEC Monitor Reports Issued. No information meeting immediate reporting criterions was monitored during this time.

3. ( ) Problem Areas or Possible Intelligence Losses:

a. ( ) At 1400L, parties stated that four personnel from the exercise branch would deploy to Offutt AFB, NE to coordinate Exercise GLOBAL SHIELD, a major SAC exercise. Specific dates, locations of the event and participants were discussed. Source: AUTOVON call between Kelly AFB, TX and Offutt AFB, NE.

b. ( ) At 1430L, conversants revealed that HQ ESC/LG is coordinating with Raytheon for the purchase of several highly sensitive radar tracking devices. Specific information included parameters, cost estimates, and uses of the device. Source: Long Distance call from Kelly AFB, TX to Houston, TX). NOTE: If this were an actual report specific details would be spelled out and not synopsized as shown above.

4. ( ) Individual paragraphs may, in themselves, be unclassified, but when collected into a final product the overall classification is a minimum of confidential based on the compilation of information guidelines set forth in AFR 205-1, section 2-211. If you have any questions our POC is SSgt Smith, DSN555-5555.

JOHN JONES, MSgt, USAF

Mission Supervisor

Sample COMSEC Assessment Summary Report (CLASSIFY OR MARK AS APPROPRIATE)

(LETTERHEAD OR MESSAGE)

RTAO: DOS (SrA Faser) DATE

SUBJECT: COMSEC Summary Report, BRK 2-90, Kelly AFB, TX (U)

TO: HQ ESC/DO

(U) THE INFORMATION IN THIS REPORT WILL BE USED ONLY FOR OFFICIAL US GOVERNMENT COMSEC PURPOSES.

1. ( ) Tasking. 6906 ESS/DOS conducted a COMSEC monitor of unsecure telephone communications used by HQ ESC/DO and supporting offices, Kelly AFB, Texas as tasked by HQ CESD/DOW and requested by HQ ESC/CC.

2. ( ) Objectives. The objective of this assessment was to determine the amounts and types of classified or sensitive information available to foreign hostile collection through non-secure communications.

3. ( ) Scope of Operations. While the resources and time dedicated to this effort may not exactly replicate sophisticated hostile intelligence service's (HOIS) capabilities, knowing what resources were placed against these telecommunications should provide perspective. Monitor operations were conducted from (time) to (time) daily from (date) to (date) 1989. Personnel utilized throughout this mission consisted of one mission supervisor, one analyst, and three operators. They used three AN/GTH-3 Telephone Analysis Positions (TAPs) capable of monitoring/ recording two of ten telephone lines at any one time, and one transcribe position.

4. ( ) Statistics. Thirty unsecured telephone circuits were sampled during this period and a total of 1,450 conversations were monitored.

5. ( ) Summary of COMSEC Monitor Reports Issued. At 0730L, 29 Jun the travel itinerary for General Jack I. Gregory, HQ ESC/IN was intercepted. General Gregory's aircraft departed from Kelly AFB, TX enroute to Peterson AFB, CO for a conference with personnel from HQ SPACECOM. (Source: DSN call between Kelly AFB, TX and Peterson AFB, CO).

6. ( ) Problem Areas or Possible Intelligence Losses.

a. ( ) At 1400L, parties stated that four personnel from the exercise branch would deploy to Offutt AFB, NE to coordinate exercise GLOBAL SHIELD, a major SAC exercise. Specific dates, locations of the event and participants were discussed. Source: DSN call between Kelly AFB, TX and Offutt AFB, NE).

b. ( ) From 0800 23 May to 1600L 2 Jun the following information about the purchase of a highly sensitive radar tracking device was discussed. Parameters, cost estimates, use of the devices, users, and specific details of equipment to be used in conjunction with this system were revealed. (Source: Several long distance calls from Kelly AFB, TX to Houston, TX).

NOTE: The above items represent two different examples of how reported items can be written in the final summary, itemized or synopsized.

7. ( ) Threat and Vulnerability. If a threat assessment is available for the consumer include it here.

8. ( ) Individual paragraphs may, in themselves, be unclassified, but when collected into a final product the overall classification is a minimum of confidential based on the compilation of information guidelines set forth in AFR 205-1, Section 2-211. This document further contains classification markings in accordance with DOD 5200.1R (classification for VIP movements). If there are any questions or we can be of further assistance please contact the 6906 ESS/DOS, SSgt Smith or MSgt Device, DSN555-5555.

JOHN G. DEVICE, MSgt, USAF

Mission Supervisor

Classified By: Multiple Sources

AFR 55-50, Atch 1

AFR 205-1

DOD 5200.1R

Declassify On: OADR

QUALITY CONTROL (QC) The Role of Quality Control.

QC is an integral part of accomplishing and managing the mission and is necessary to ensure that all aspects of COMSEC assessment operations are the most professional possible.

Establishing and Managing QC Programs:

HQ ESC will review QC evaluation reports during inspections or staff assistance visits to ensure compliance with appropriate regulations.

Intermediate headquarters will provide staff assistance or guidance as needed within their areas of responsibilities.

COMSEC assessment field elements will establish and conduct an aggressive QC program. Use ESC Form 67, COMSEC Radio/Telephone Quality Control, to QC personnel performing collection and transcription functions and ESC Form 59, C3M COMSEC-Surveillance Quality Control Checklist, for COMSEC reports. Make all QC reports available for review during headquarters or intermediate headquarters staff assistance visits or inspections.

Pre-Release QC of Reports.

This function is completed prior to issuing the report. These reports are highly visible; recipients are often senior decision makers. Any error, no matter how seemingly insignificant, may lessen the entire report's credibility. Therefore, each report must not only be factual but also be free of errors in grammar, spelling, capitalization, organization, format, and typing. Before release, use a prerelease QC stamp as a guide to ensure that products issued during missions meet quality control standards. The stamp, a form of checklist, documents the review and, in the case of electronic message preparation and forwarding, documents release authority. As a minimum, this stamp will contain the following information:

Originator.

Addressee(s).

Subject or serialization.

Classification.

Format.

Criterions.

Content accuracy.

Annex or attachment.

Spelling, grammar, and punctuation.

Signature element.

Classification/Downgrading Instructions.

Review.

Final Review (following corrections).

Compare the report content against the traffic released and ensure a copy of the report containing the pre-release stamp is included in the mission folder.

ANALYST REFERENCE DATA FILES General COMSEC Assessment Reference Information.

This information is essential to effective monitor operations. It not only provides the operator with knowledge needed for a given mission but helps the COMSEC analyst and Mission Supervisor determine the significance and accuracy of monitored information.

Procedures.

To support this program and ensure that the analyst reference data files within their theaters.

ESC divisions will develop procedures to ensure the currency of analyst reference data files within their theaters.

COMSEC assessments units will set up procedures to:

Ensure that all personnel regularly review any new reference material received.

Establish procedures to ensure the currency of their analyst reference data files.

Provide inputs to their division to assist them in ensuring that the theater Analyst Reference Data File is current.

MAGNETIC TAPES Marking Recorded Magnetic Tapes.

Mark recorded magnetic tape FOR OFFICIAL USE ONLY unless a specific higher level of classified information is known to be recorded on the tape. Then mark and safeguard it according to DOD 5200.1-R/AF205-1. Restrict access to recorded surveillance tapes to monitor personnel.

Tape Numbering.

Use "one-up" tape numbers for each monitor location, followed by the alphabetical position designator.

Tape Identification.

Write identification data on ESC Forms 32, Tape Label; put one copy each on tape jacket or container and tape reel; and record the identifying data on the tape itself unless recording is impractical. Include the following:

Tape number, followed by the alphabetical position designator.

Handling instructions (normally marked FOR OFFICIAL USE ONLY).

Mission designator.

Date.

Location of the mission.

Type of communication.

Time on position.

Time off position.

Tape-Time Entries:

For radio, enter the time about every 5 minutes during periods of activity.

For a telephone monitor, enter the "time-up" and "Time-down" at the end of each conversation.

Tape Log.

Keep a record of all recorded tapes on ESC Form 71, COMSEC Radio/ Telephone Tape Log.

Transport of Classified Tapes.

Transport tapes containing classified information by courier or registered US mail.

Local Magnetic Tape-Control Procedures.

Set local procedures to ensure that all nonoperational activity is removed from recorded mission tapes that are kept for over 90 days.

C. DOUGLASS COUTO Lt Col, USAF Director of Information Management