11 October 1997
Source:
http://www.hqmc.usmc.mil/direct/AKAPDIEI.txt
For related documents see: http://www.hqmc.usmc.mil/direct/dir2000.htm
MCO 2231.1
C4-CCT-635
11 Aug 1989
MARINE CORPS ORDER 2231.1
From: Commandant of the Marine Corps
To: Distribution List
Subj: OVER-THE-AIR REKEYING (OTAR) POLICY AND PROCEDURES
Ref: (a) National Security Agency, NAG-16B/TSEC of October 88;
Field Production and Distribution of Electronic Key
In Support of Short-Notice Operations
Encl: (1) Automatic Digital Network (AUTODIN) OTAR Procedures
(2) KG-84A/C Point-to-Point OTAR Procedures
1. Purpose. To provide general OTAR policy and implementation
procedures.
2. Information
a. The reference was prepared by the National Security Agency
(NSA) and coordinated by the Joint Staff and services. It is
approved for combined, joint or service use. NAG-16B has been
disseminated to all Marine Corps Communications Security (COMSEC)
accounts. Additional copies can be obtained from COMSEC Material
Issuing Offices (CMIO) located at Norfolk and San Diego. OTAR
procedures contained in the reference are suitable for (but not
limited to) KY-57/58/67.
b. The enclosures provide specific procedural guidance for
implementation of OTAR. They have been developed by the Joint
Chiefs of Staff, in coordination with NSA and the services, and are
approved for use. Enclosure (1) is provided primarily for
information purposes.
3. Policy
a. Fixed plant systems, such as AUTODIN, which have
cryptographically secured transmission paths, are authorized to use
OTAR as a matter of course. Fleet Marine Force (FMF) application
of OTAR on point-to-point circuits will be at the direction of the
senior station, and for joint or service-unique nets, at the
direction of the net control station.
FOR OFFICIAL USE ONLY
Designation is canceled upon
removal of enclosures.
MCO 2231.1
11 Aug 1989
b. Under no circumstances will a Key Encryption Key (KEK)--
a key that is used in the encryption/decryption of other keys for
transmission or storage--be distributed using OTAR procedures.
4. Action. Commanders will implement, as appropriate, the
procedures contained in enclosure (2) and NAG-16B for OTAR.
5. Reserve Applicability. This Order is applicable to the Marine
Corps Reserve.
G. L. MCKAY
Director
Command, Control, Communications
and Computer (C4) Division
DISTRIBUTION: A
Copy to: 8145001/JCS (J6)/CNO (OP-941J)/COMSPAWARSYSCOM
(PMW-151)/COMNAVSECGRU (T-30) (1)
2
MCO 2231.1
11 Aug 1989
KEYING STANDARD
FOR
AUTOMATIC DIGITAL NETWORK (AUTODIN)
KG-84A/C CIRCUITS
1. Objectives
a. Reduce exposure of traffic encryption key (TEK) through
local generation and by minimizing outstation operator
participation in the keying process.
b. Standardize keying techniques used throughout AUTODIN and
implement over-the air rekeying (OTAR) on full-time circuits as
soon as possible.
c. Reduce the quantity of canisters of key material.
d. Make key resupply an annual event that is not critically
dependent on courier schedules.
2. Scope. This standard presents three keying options for KG-
84A/C secured circuits and criteria for applying them. It also
states criteria for procuring and safeguarding COMSEC key.
3. Authorized Keying Options
a. Daily changing tape TEK.
b. Quarterly changing tape key encryption key (KEK) used to
change the TEK each day by OTAR.
c. Quarterly changing tape KEK which is used to change the
TEK each week by OTAR.
4. Circuit Categories
a. Part-time circuits which terminate in spaces not meeting
service criteria for unattended operation of keyed KG-84A/C's will
use option 3a above.
ENCLOSURE (1)
1
FOR OFFICIAL USE ONLY
MCO 2231.1
11 Aug 1989
b. Part-time circuits which terminate in spaces meeting
service criteria for unattended operation of keyed KG 84A/C's will
use option 3b above.
c. Full-time circuits will use option 3c above.
5. Key tape formats
a. Daily changing "TEK" tape will be superseded bimonthly and
be in the "VA" format (62 unique segments per canister and daily
cryptoperiod).
b. Quarterly changing "KEK" tape will be superseded annually
and will be in the "GF" format (16 unique segments per canister and
quarterly cryptoperiod), in the "AF" format (31 unique segments per
canister and quarterly cryptoperiod), or in the "VF" format (62
unique segments per canister and quarterly cryptoperiod). "AF" and
"VF" formats will be used when more than one circuit connects an
automatic switching center (ASC) with one of its outstations or
when usage rates prevent meeting objective 1d above.
c. Weekly/daily-changinq "TEK" tape will be superseded
"Irregularly" and be in the "VH" format (62 unique segments per
canister and flexible cryptoperiod).
6. Key Provisioning. ASC's are responsible for generatinq TEK's
electronically and for ordering key tape for all circuits for which
they are the Circuit Control Office. Detailed instructions follow:
a. It is not the intent of OTAR conversion to burden the tape
production/distribution system. For that reason, existing tape
short titles being used as TEK's will be redesignated as KEK's by
the controlling authority and expended prior to resupply with the
revised formats listed in paragraph 5, above.
(1) Where more than two editions are already stored at an
outstation, a new edition will be activated and the next edition
will be held as the follow-on. Remaining editions will be
destroyed. Resupply using editions in the pipeline will occur
until the pipeline is depleted.
ENCLOSURE (1)
2
FOR OFFICIAL USE ONLY
MCO 2231.1
11 Aug 1989
(2) The ASC copy of destroyed editions will be used as a
temporary source of TEKs until either the "VH" format tape arrives
or the local key generator at the ASC is activated.
(3) Onsite storage of KEK short titles will be limited to
current and first follow-on editions. The current edition will be
superseded as soon as possible once the annual supply of KEK
arrives.
b. If the number of segments in any edition of tape is
insufficient to cover the effective period, activation of the
follow-on edition is to be implemented ahead of schedule. A number
of pipeline editions adequate to handle expected usage rates are
to be called out. The ASC should consider changing the format of
short titles to include more unique segments so annual resupply can
be reestablished.
c. A separate short title of two copy TEK is required for each
circuit that does not implement OTAR.
d. A single, separate short title of two-copy KEK is required
for each circuit or group of parallel circuits that implements OTAR
between the ASC, an outstation, or another ASC. The chosen format
shall be adequate to permit annual resupply with a minimum of 6-
months' backup in the canister.
e. A separate short title of one copy TEK is required at each
ASC with adequate editions on hand to sustain OTAR for up to 120
days in case local key generation capability fails. Pipeline flow
to sustain operations indefinitely will be started in the event
such occurs and stopped when contingency stockage is restored. An
alternative source of TEK's is described in paragraph 8 below.
f. Resupply of "VA" format TEK will normally occur three times
per year (minimum of two editions per transaction).
ENCLOSURE (1)
3
FOR OFFICIAL USE ONLY
MCO 2231.1
11 Aug 1989
g. Resupply of "GF", "AF", and "VF" format KEK will normally
occur annually.
h. Resupply of "VH" format TEK is at the controlling
authority's request but can be scheduled if expenditure rates are
known.
7. Implementation. The services are responsible for providing
three KYX 15A/DTD's to each of their ASC's not having them. The
services will provide local key generator(s) to each of their ASC's
as soon as possible. (The Marine Corps does not currently have a
requirement to provide.) Equipment will be loaned between services
or from NSA to expedite availability of at least one
local key generator at each ASC. Conversion to OTAR will not be
delayed due to lack of local key generators at an ASC.
a. Phase I - COMSEC Material Acquisition
(1) ASC's will install and arrange for certification of
local key generators made available to them.
(2) ASC's will categorize existing and planned KG-84A/C
secured point to point circuits in accordance with paragraph 4.
ASC's will direct redesignation of full-time circuit TEK's as KEK's
and convert them to the appropriate format through normal channels,
specifying the change required at the next production run. ASC's
will order new short titles as required. On-call circuits will be
placed in one of the categories identified in paragraph 4 each time
they are activated according to plan.
b. Phase II - Preparation. ASCs will take the following
actions:
(1) Simultaneously convert appropriate circuits to option
3a.
(2) Immediately identify to appropriate service support
activities training shortfalls that might jeopardize conversion to
OTAR, with information copies to Defense Communications Agency
(DCA) Code B652, Joint Staff/J6K, NSA/S042, and NSA/V31.
ENCLOSURE (1)
4
FOR OFFICIAL USE ONLY
MCO 2231.1
11 Aug 1989
(3) Acquire three KYX-15A/DTD's and a source of TEK's.
(4) Prepare preformatted taskers to direct conversion on
a circuit-by-circuit basis using messages provided to each ASC by
DCA as models.
c. Phase III - Activation. Each ASC will take the following
actions on receipt of their KYX-15A/DTD's:
(1) Activate new KG 84A/C circuits with the appropriate
keying option per paragraph 3, above.
(2) Convert existing KG-84A/C circuits to OTAR on a local
schedule.
(3) Operational circuits with an active TEK will use a
"Warm Start" procedure. Assuming a new edition is to be used for
OTAR, the outstation loads segment one into the "U" register of the
KG-84A/C and takes no further action. The ASC also loads segment
one into its "U" register, selects a locally generated or tape TEK
in the KYX-15A/DTD, and initiates OTAR. When the KG-84A/C's do not
resync, the ASC will know that the OTAR was successful and will
load the TEK into the "X" register and confirm the KG-84A/Cs
resync. If they still fail to resync, then "Cold Start" procedures
will be followed.
(4) Newly activated circuits without an active TEK or
circuits that experience loss of crypto loads due to failed OTAR,
zeroization, or equipment changeout will use a "Cold Start"
procedure. Assuming a new edition is being used, task the
outstation to load segment one into the "X" register and do so at
the ASC. Establish crypto synchronization. Task the outstation
to load segment two into the "U" register and do so at the ASC.
Then OTAR an ASC TEK to the outstation to confirm good KEK loads.
Continue doing so on a weekly basis for one quarter when "Warm
Start" procedures will be used to change out the KEK.
8. Over-the-Air Key Distribution. ASC's will train outstations
having KYX-15/DTD's to perform Manual Rekey/Receive Variable
(MK/RV) operations to permit emergency transfer of keys in support
of short-notice or contingency operations. ASC's will train with
each other to perform MK/RV operations to permit emergency transfer
ENCLOSURE (1)
5
FOR OFFICIAL USE ONLY
MCO 2231.1
11 Aug 1989
of keys in support of short notice or contingency operations and
as a source of TEK's should one ASC have a local key generator
failure and not wish to use its emergency stock of tape TEK's. In
the latter scenario, one ASC would act as a key generation facility
for the other and MK/RV TEK's to rekey the receiving ASC's
outstations for the day.
9. Security
a. Segments of key tape must not be withdrawn from their
canisters until they are required for use.
b. Key in electronic form may be held temporarily in fill
devices (KYX-15, KYK-13, DTD) when required for use, but they may
not be stored in such devices.
c. TOP SECRET key in tape and electronic format must be
handled in strict compliance with two person integrity procedures
(TPI), except that TPI is not required for keyed KG-84A/C's.
d. Key tape segments must be destroyed and fill devices
zeroized immediately after secure communications have been
established and a successful OTAR accomplished.
e. Outstations using daily-changing key tapes must zeroize KG-
84A/C's as a part of circuit shutdown procedures.
ENCLOSURE (1)
6
FOR OFFICIAL USE ONLY
MCO 2231.1
11 Aug 1989
KEYING STANDARD
FOR
KG-84A/C POINT-TO POINT CIRCUITS
1. Objectives
a. Reduce exposure of traffic encryption key (TEK) through
local generation and by minimizing outstation operator
participation in the keying process.
b. Standardize keying techniques used on KG-84A/C secured
point-to-point circuits and implement over-the-air rekeying (OTAR)
as soon as possible.
c. Reduce the quantity of key canisters used.
d. Make key resupply an annual event that is not critically
dependent on courier schedules.
2. Scope. This standard presents four keying options for KG-
84A/C secured point-to-point circuits and criteria for applying
them. It also states criteria for procuring and safeguarding
COMSEC key and for handling and safeguarding key generators.
3. Authorized Keying Options
a. Daily changing tape TEK.
b. Quarterly changing tape key encryption key (KEK) used to
change the TEK each day by OTAR.
c. Quarterly changing tape KEK which is used to change the TEK
each week by OTAR.
d. Monthly changing tape TEK with daily updates.
4. Circuit Categories
a. Category l circuits are part time circuits which terminate
in spaces not meeting service criteria for unattended operation of
keyed KG-84A/C's.
ENCLOSURE (2)
1
FOR OFFICIAL USE ONLY
MCO 2231.1
11 Aug 1989
b. Category 2 circuits are part-time circuits which terminate
in spaces meeting service criteria for unattended operation of
keyed KG-84A/C's.
c. Category 3 circuits are full-time circuits.
5. Applicability
a. Locations that terminate 20 or more Category 2 and/or 3
circuits will generate TEK locally and pass the TEK to their
outstations via OTAR.
b. Locations terminating 5 to 19 Category 2 and/or 3 circuits
will convert TEK from tape and pass the TEK to their outstations
via OTAR.
c. Use of OTAR at locations having less than 5 Category 2
and/or 3 circuits is optional.
d. Any location with ready access to a local key generator
should use it in lieu of the single-copy short title as a source
of TEK's for OTAR.
e. Category 2 circuits converted to OTAR will use keying
option 3b above.
f. Category 3 circuits converted to OTAR will use keying
option 3c above.
g. Circuits not converted to OTAR will use keying options 3a
or 3d above.
6. Key Tape Formats
a. Daily changing TEK tape will be superseded bimonthly and
be in the "VA" format (62 unique segments per canister and daily
cryptoperiod).
ENCLOSURE (2)
2
FOR OFFICIAL USE ONLY
MCO 2231.1
11 Aug 1989
b. Quarterly changing KEK tape will be superseded annually and
will be in the "GF" format (16 unique segments per canister and
quarterly cryptoperiod), in the "AF" format (31 unique segments per
canister and quarterly cryptoperiod), or in the "VF" format (62
unique segments per canister and quarterly cryptoperiod). "AF" and
"VF" formats will be used when more than one circuit connects a
communications node with one of its outstations or when usage rates
dictate using more segments per canister to meet the annual
resupply criteria expressed in paragraph 1d above.
c. Single copy tape used as a source of weekly and/or daily-
changing TEKs for OTAR will be superseded as it is expended and be
in the "VH" format (62 unique segments per canister and flexible
cryptoperiod).
d. Monthly-changing TEK tape will be superseded annually and
will be in the "GC" format (16 unique segments per canister and
monthly cryptoperiod).
e. Since on-call, contingency, and "swing" circuits are
categorized each time they are brought into service, the short
titles supporting these circuits will be treated as generic keys;
i.e., they will be designated on a segment basis as TEK or KEK,
annual supersession, "VH" (62 unique segments per canister and
flexible cryptoperiod; i.e., daily if they are manually keyed TEK,
weekly if they are TEK distributed via OTAR, monthly if they are
manually keyed TEK and updating is used, and quarterly if they are
manually keyed KEK).
7. Key Provisioning. Circuit Control Offices (CCO) should serve
as controlling authorities for key tape used on KG-84A/C secured
circuits they terminate. They are also responsible for generating
TEK's electronically when that procedure is followed and for
ordering key tape for all circuits for which they are the CCO.
Detailed instructions follow:
a. When an existing KG-84A/C circuit implements OTAR, the
controlling authority is authorized to redesignate fielded editions
of its tape TEK as OTAR KEK and expend them before implementing
revised format key.
ENCLOSURE (2)
3
FOR OFFICIAL USE ONLY
MCO 2231.1
11 Aug 1989
(1) Where more than two editions are already stored at the
affected outstation, a new edition will be activated as the circuit
KEK and the next edition will be held as the follow-on. The CCO
will then direct the outstation to destroy any remaining editions
held. Resupply using editions in the pipeline will occur until the
pipeline is depleted.
(2) The CCO is authorized to use the copy of pre-OTAR TEK
editions which the outstations have destroyed as a temporary source
of TEK's until either the single copy "VH" format tape arrives or
the local key generator at the CCO is activated.
(3) Onsite storage of KEK short titles will be limited to
current and first follow-on editions.
b. If the number of segments in any edition of tape is
insufficient to cover the effective period, activation of the
follow-on edition is to be implemented ahead of schedule, but the
CA must be notified that this has occurred. A number of pipeline
editions adequate to handle expected usage rates are to be called
out. The CCO should consider changing the format of short titles
to include more unique segments so annual resupply can be
reestablished (see paragraph 6b above).
c. A separate short title of two copy tape TEK is required for
each circuit that does not implement OTAR.
d. A separate short title of two-copy KEK is required for each
circuit or group of parallel circuits; i.e., circuits which
terminate on the same locations, that implements OTAR. The chosen
format must be adequate to permit annual single canister resupply
with a minimum of 6-months' backup remaining in the active edition
at the time of resupply.
e. A separate short title of one-copy generic; i.e., not
dedicated to any particular circuit or use, key is required at each
CCO with adequate editions on hand to sustain OTAR for up to 120
days in case local key generation capability fails. Pipeline flow
to sustain operations indefinitely will be started in the event
such occurs and stopped when contingency stockage is restored. An
alternative source of TEK's is described in paragraph 9, below.
ENCLOSURE (2)
4
FOR OFFICIAL USE ONLY
MCO 2231.1
11 Aug 1989
f. In situations where the same personnel manually rekey both
ends of a circuit, the CCO may use locally generated or single copy
generic key vice tape KEK for OTAR KEK replacement, provided the
electronic KEK is conveyed physically to the affected
outstation(s).
g. Resupply of "VA" format TEK will normally occur three times
per year (minimum of two editions per transaction).
h. Resupply of "GC", "GF", "AF", and "VF" format KEK will
normally occur annually.
i. Resupply of "VH" format TEK is at the controlling
authority's request but can be scheduled if expenditure rates are
known.
8. Implementation. The services are responsible for providing at
least three KYX-15A/DTD's to each of their applicable CCO's and for
providing at least one local key generator to each of their
applicable CCO's as soon as possible. Conversion to OTAR will not
be delayed due to lack of local key generators at a CCO.
Implementation phases follow:
a. Phase I COMSEC Material Acquisition
(1) CCO's will order and arrange for certification of local
key generators made available to them.
(2) CCO's will order single copy KG-84A/C operational OTAR
TEK key tape in the "VH" format, in sufficient quantities to
provide an initial source of OTAR TEK, pending availability of
electronic key generators.
(3) CCO's will categorize existing and planned KG-84A/C
secured point-to point circuits in accordance with paragraph 4.
(4) When OTAR is implemented on a Category 2 or 3 circuit,
the CCO will redesignate the circuit's TEK as the OTAR KEK and
request a format change or a new short title, as appropriate. The
decision to change an existing short title's format or request a
new short title will be based on the present supersession rate of
the TEK. Present yearly supersession key can retain the present
short
ENCLOSURE (2)
5
FOR OFFICIAL USE ONLY
MCO 2231.1
11 Aug 1989
title and the format can be changed to reflect the quarterly crypto
period and desired quantity of segments in each edition. CCO's
will order new short titles in the appropriate format to convert
monthly or bimonthly supersession key. CCO's will order new short
titles as required to accommodate new KG-84A/C circuits.
(5) The CCO will categorize on-call circuits each time they
are activated. The CCO will designate segments from the circuits
short title as TEK or KEK as required. See paragraph 8c(4) for
"cold start" segment allocation procedures.
b. Phase II Preparation. CCO's will take the following
actions:
(1) Convert appropriate circuits to option 3a or 3d.
(2) Immediately identify to COMNAVSECGRU training
shortfalls that might jeopardize conversion to OTAR, with
information copies to the CMC (CCT).
(3) Notify affected outstations of schedules and
procedures for converting existing circuits to OTAR.
(4) Notify DCMS of the activation date for each new KG-
84A/C KEK short title.
c. Phase III - Activation. When required KYX-15A/DTD's become
available, each CCO will take the following actions:
(1) Activate new KG-84A/C circuits with the appropriate
keying option per paragraph 3, above.
(2) Convert existing KG-84A/C circuits to OTAR on a local
schedule as follows:
(a) Notify the outstation of your intent to take over
routine rekeying of the circuit, task it to strap KG-84A/C's for
"U" key updating, and pass the details of how the OTAR will be
accomplished.
(b) When outstations acknowledge they are ready to
convert, set a conversion date and task them to load keys for a
"Warm Start", if possible, or a "Cold Start", if not (see
paragraphs 8c(3) and (4) below).
ENCLOSURE (2)
6
FOR OFFICIAL USE ONLY
MCO 2231.1
11 Aug 1989
(3) Operational circuits with an active TEK will use a
"Warm Start" procedure. Assuming a new edition is to be used for
OTAR, the outstation loads segment one into the "U" register of the
KG-84A/C and takes no further action. The CCO also loads segment
one into its "U" register, selects a locally generated or tape TEK
in the KYX-15A, and initiates OTAR, using the Manual Rekey (MK)
procedures. When the KG-84A/C's do not resynchronize, the CCO will
know that the OTAR was successful and will load the TEK into the
"X" register and confirm the KG-84A/C's resynchronize. If they
still fail to resynchronize, then "Cold Start" procedures will be
followed.
(4) Newly activated circuits without an active TEK or
circuits that experience loss of crypto loads due to failed OTAR,
zeroization, or equipment changeout will use a "Cold Start"
procedure. Assuming a new edition is being used, task the
outstation to load segment one into the "X" register and do so at
the CCO. Establish crypto synchronization. Task the outstation
to load segment two into the "U" register and do so at the CCO.
Then OTAR a TEK to the outstation to confirm good KEK loads. First
time OTAR circuits should be sent a second TEK. If the second OTAR
is successful, then the CCO can be sure that the receiving KG-
84A/C had been strapped for "U" key updating. It is better to
confirm this when the circuit is being converted than at the end
of the first week when the next TEK is being sent out.
9. Over-the-Air Key Distribution. CCO's will train outstations
having KYX-15A/DTD's to perform Manual Rekey/Receive Variable
(MK/RV) operations to permit emergency transfer of keys in support
of short notice or contingency operations. CCO's in networks will
train with each other to: (a) perform MK/RV's to permit emergency
transfer of keys in support of short-notice or contingency
operations; and, (b) to serve as a source of TEK's should one CCO
have a local key generator failure and not wish or be able to use
its emergency stock of tape TEK's. In the latter scenario, one CCO
would act as a key generation facility and transfer TEK's to the
receiving CCO so that it can rekey its outstations via OTAR.
ENCLOSURE (2)
7
FOR OFFICIAL USE ONLY
MCO 2231.1
11 Aug 1989
10. Safeguarding Key
a. Segments of key tape must not be withdrawn from their
canisters until they are required for use.
b. Key in electronic form may be held temporarily in fill
devices (KYX-15, KYK-13, DTD) when required for use, but they may
not be stored in such devices.
c. TOP SECRET key in tape and electronic format must be
handled in strict compliance with two person integrity (TPI)
procedures, except that TPI is not required for keyed KG-84A/C's.
d. Key tape segments must be destroyed and fill devices
zeroized immediately after secure communications have been
established and a successful OTAR accomplished.
e. Outstations using daily-changing key tapes must zeroize KG-
84A/C's as a part of circuit shutdown procedures.
11. Safeguarding Key Generators
a. Uncertified key generators (e.g., KG-83, KGX-93, KOK-13)
are CONFIDENTIAL and may be shipped by any means specified in
paragraph 11b below or by U.S. Registered Mail (provided it does
not pass through a foreign postal system or foreign inspection),
or by U.S. military or military contract air service; e.g., MAC,
CGAIR, QUICKTRANS, provided Constant Surveillance Service (CSS)
procedures are followed. Shipment by commercial carriers under CSS
is also authorized within the Continental United States (CONUS).
b. Certified key generators are classified at the level of
the most highly classified information passed on the circuits for
which they generate key and must be marked "CRYPTO." They must be
transported through the Defense Courier Service or U.S. Diplomatic
Courier Service, by authorized and appropriately cleared service
couriers, or by appropriately cleared commercial carriers, under
Protective Security Service.
ENCLOSURE (2)
8
FOR OFFICIAL USE ONLY
MCO 2231.1
11 Aug 1989
c. Shipments of certified key generators must be conducted
under TPI procedures. Inner wrappings of certified key generator
packages are to be marked with classification, the "CRYPTO" caveat,
and the statement "TWO PERSON INTEGRITY." (If such packages are
shipped via the Defense Courier or Diplomatic Courier Services, TPI
becomes effective when the outer package wrapper is removed. If
service or commercial couriers are used, two appropriately cleared
couriers must accompany each such shipment.) Upon receipt,
certified key generators must either be stored under TPI or
installed in locations which are manned by appropriately cleared
persons on a "no lone zone" basis.
d. Policy for certifying key generators is summarized:
(1) Certification must be accomplished by qualified
crypto-maintenance personnel, in accordance with DON prescribed
procedures.
(2) Recertification is required at random intervals not
to exceed 1 year. Recertification is also required if security
control is lost and whenever the container is opened for
maintenance or other reasons.
(3) Certified key generators must be conspicuously labeled
to show the classification and "CRYPTO" status, date of
certification, and the name, rank/grade, and command of the
certifying technician. Such labels may be prepared locally and are
to be applied so as to provide evidence of equipment case opening.
(4) Procedures for certifying KG-83 and KGX-93 equipments
are stated in KAM 408, Maintenance Manual for TSEC/KG 83, and SAM-
7g, Maintenance Manual for TSEC/KT83.
e. Certified key generators must either be stored under TPI
or installed in a location that is manned by appropriately cleared
persons on a "no lone zone" basis.
ENCLOSURE (2)
9
FOR OFFICIAL USE ONLY