PROCEDURE Cryptographic Security. Number: G 0806 Date Published: 6 July 2010

Transcription

1 1.0 About this procedure This procedure explains the specific requirements that staff handling cryptographic material must follow. Cryptographic material is the medium by which we will configure any computer system requiring encryption. Cryptographic material is generally handled by staff within Information Security, IT Department and Special Branch. Essex Police is accountable for all cryptographic items held within the force. To be able to bear that responsibility all involved members of staff have to be provided with guidance and instructions regarding this accountability. The force has identified a Force Crypto Custodian (FCC) together with a number of deputies, details of these individuals can be found on the Information Security website which is located within the Review and Compliance section of the Corporate Development website. The FCC will be able to provide encrypted devices without the need to compromise the integrity of an individual department or operation. This document contains procedures on: Handling and administration of cryptographic or crypto classified items; COMSEC (Communication Security Incidents/Compromises) Reporting; Audit and Inspection. 2.0 Risk Assessments/Health and Safety Considerations There are no specific risk assessments associated with this procedure. 3.0 Procedure The following roles have been appointed to deal specifically with cryptographic material and provide an overview of all cryptographic related roles and responsibilities - for full clarification refer to HMG IS4 Parts Information Security Officer (ISO) ISO responsibilities are: Compliance with Her Majesty s Government (HMG) security standards and procedures on behalf of the force; The production of force security procedures; Formal liaison with other HMG security authorities and other police forces; Page 1 of 9

2 Incident management, incident investigation and liaison with CINRAS (COMSEC Incident Reporting Alert Service); Force security education, training and awareness; Security advice; Accountability to Communications Electronic Security Group (CESG) for the appropriate management of all key material held within Essex Police. 3.2 Force Crypto Custodian (FCC) In addition to those above, the main responsibilities are: Ensuring compliance with HMG and force policies and procedures; Management and accounting in respect of all cryptographic material and items (this includes reception and distribution of this material to the relevant business areas); Emergency action in accordance with procedures; Audit and inspection of all key material; Acts as a Crypto Accreditor in accordance with the accreditation procedure. 3.3 Deputy Force Crypto Custodian (DFCC) Every department handling cryptographic items will have a Deputy Force Crypto Custodian (DFCC) appointed by the FCC for each location where cryptographic material is stored. The following departments within Essex Police that require a DFCC are Special Branch, IT Department and Airwave Support. The main responsibilities are: Ensuring compliance with HMG and force policies and procedures; Management and accounting of all cryptographic material and items under their control (this includes the reception and distribution of this material to the relevant business areas); Emergency action in accordance with procedures; Incident reporting to the ISO and where appropriate investigation and recovery; Annual authorisation checking; Cougar radios; Page 2 of 9

3 Airwave system radios; Management and accounting in respect of all cryptographic material and items under their control (this includes reception and distribution of this material to the relevant business areas); Periodic and unscheduled security inspections; Providing advice and assistance; Incident investigation and recovery assistance. 3.4 Vetting All cryptographic material will have a protective marking classification assigned at the point of manufacture. Any person allocating any material or equipment must ensure that the person to whom the material or equipment has been issued have been vetted in accordance with the following: Protective Marking of Key Material RESTRICTED CONFIDENTIAL SECRET TOP SECRET Vetting and Clearance Requirements Basic Check and Force Management Vetting Basic Check and Force Management Vetting Security Check and Force Management Vetting Developed Vetting All vetting levels should be checked with the Corporate Vetting Department. The allocation of all equipment will be monitored by the FCC who may require an enhanced level of vetting to certain circumstances. Page 3 of 9

4 The following table identifies the required vetting and clearance level for the roles detailed above. Role Information Security Officer (ISO) Force Crypto Custodian (FCC) Deputy Force Crypto Custodian (DFCC) Vetting and Clearance Requirements Security Check and Force Management Vetting Security Check and Force Management Vetting Security Check and Force Management Vetting All staff with responsibilities concerning cryptographic assets will be in receipt of training as directed by ISO/FCC and where appropriate attend the CESG Crypto Custodian Training Course. 3.5 Crypto Authorisation All employees of Essex Police (including contractors) using or working with equipment marked as CRYPTO, need to be authorised by the Crypto Custodian in advance. To gain authorisation the employee or contractor must complete Appendix B and should be given a formal briefing by the DFCC who manages the particular Crypto item or the FCC as detailed in Appendix A. Appendix B, must be signed by both, the user of the cryptographic item and the Custodian. Details of all authorisations will be kept by the FCC and will remain in place for 12 months. This briefing is to make staff aware of the special threat that exists to the information protected by the cryptographic items in their care. Failure to provide proper protection could result in unauthorised access to information owned by the Essex Police. 3.6 Receipt All items of cryptographic material will only be received by the FCC or a DFCC. In the event receipt is accepted by a DFCC the item will be handed personally to the FCC. Page 4 of 9

5 Upon receipt a careful examination will occur of the outer wrapping of the consignment. If there is any evidence of tampering with either the wrappings or the contents, or suspicion of incorrect handling, this should be reported immediately as a security incident. The consignment must be immediately preserved pending investigation. Only authorised personnel (FCC or DFCC) may open the inner wrapping. All seals and tamper evident packing should be intact when the cryptographic items are received. If seals are removed deliberately for authorised reasons, a note to this effect should be entered on the supply/transfer document. When the recipient is satisfied that the packaging has not been disturbed, the contents may be unpacked and physically checked against the supply/transfer document - Appendix C. A logbook form Appendix D should be completed and the items stored or distributed. 3.7 Storage It is essential that adequate storage space is available for the storage of cryptographic items and that the security containers, safes and cabinets used for storing cryptographic material meet the relevant security standards. Therefore, advice must be sought from the ISO. Where possible there should be a separate storage space for segregation of current, reserve and superseded stocks of key material and code systems. Physical keys to safes, cabinets and other security containers must be handled securely and be subject to authorised access only. Combinations if used should be changed every 6 months and on staff rotation by the FCC or the DFCC. If the environment housing cryptographic material is not manned on a 24-hour basis, a clear desk policy should be in place and procedures for closedown and start-up security checks must be established and recorded in local instructions. Some types of cryptographic equipment are intended to be mobile or portable. Users of such equipment must consult the ISO for further advice on the handling of such assets. 3.8 Distribution The logbook will provide a complete record of the movements of cryptographic material throughout the whole lifecycle of the items and any movement of cryptographic items should be recorded within this document. Existing procedures in respect of Special Branch will continue. The FCC accounts for movements of cryptographic items outside of Essex Police. Page 5 of 9

6 3.9 Destruction Destruction of cryptographic items must be carried out by authorised personnel. All destruction will be authorised by the FCC and verified by a second cryptographic authorised person. Existing procedures in respect of Special Branch will continue. In case of mobile operations or remote location and in case of an emergency the local manager or holder (who is cryptographic authorised) can carry out an emergency destruction. This can only be done to meet required schedules (of key change over) or to avoid the risk of loss or compromise. Also in these situations a destruction record must be filled out. Appendix E contains a destruction checklist which describes all issues to be considered on destruction (also erasure and re-use), including individual responsibilities. An accurate record of all destruction s must be kept, see Destruction Certificate Appendix F Packing If cryptographic items are to be sent they must be packed in double wrapping. Both inner and outer wrapping must be securely sealed. Wherever possible the outer wrapping should consist of new, unused material. The inner wrapping or container must be clearly marked with: Package reference number (for identification and accounting purposes); Highest protective marking; The words to and from followed by addresses; The phrase PASS UNOPENED TO (Crypto Custodian or a name) in BOLD, CLEAR LETTERS. The outer wrapping may consist of an envelope of official pattern, canvas bag, locked container, packing case or crate. It must not give any indication of protective marking, special handling markings or the nature of the contents. The words CRYPTO or CUSTODIAN must not be used at all on the outer wrapping. The outer wrapping must be marked with: Same reference number as the inner wrapping; The words to and from followed by the addresses; A stamped or written instruction if appropriate e.g. BY HAND OF COURIER NOT BY POST. Page 6 of 9

7 Cryptographic equipment and associated key material should be packed and sent separately unless operational impossible Maintenance Equipment should be correctly maintained to ensure its continued availability and integrity. Only authorised personnel should carry out repairs and servicing. Appropriate controls should be taken when sending equipment outside the Force, especially when the equipment has been used for transmission, processing or storage of protectively marked information or when it contains protectively marked or sensitive modules. Controls in case cryptographic marked items are send to external supplier: The third party is Crypto certified by CESG; The third party is authorised to handle the material (by the Force); Protectively marked files or software must be removed; Make notes of date and time of sending and the recipient (including estimated time of repair and contact details). Visits by maintenance engineers to all exchanges and cryptographic facilities should be authorised in advance. The engineer should be escorted by a CRYPTO authorised member of staff. A record should be kept of each visit consisting of: Name of the individual and organisation; Reason for visit; Nature of the work carried out; Date and time in and out Compromise The occurrence of a security incident could lead to the compromise of a system or information. For an explanation of the levels of compromise and the appropriate handling of each level of compromise click here. The levels are put in place to provide some indication of the potential damage and if an immediate notification is necessary. All incidents must be reported to the ISO using the Incident Report Form A480. For the category Compromise Certain an Immediate Notification, form Appendix H will be completed and forwarded to CINRAS immediately after occurrence of the incident. Page 7 of 9

8 Incidents of other compromise categories will be reported to CINRAS by the ISO through an Incident Report Form (A480) Audit and Inspections Information Standards are prescribed in the Security Policy Framework and BS The purpose of the inspection process is to check for compliance against published standards and procedures governing the installation of cryptographic equipment, the management of these cryptographic items and the proper authorisation and clearance levels for staff responsible. The FCC will be responsible for ensure that an audit and inspection process is carried out on at least an annual basis The primary aim of the Auditor/Inspector is determine conformity with the cryptographic standards and to identify any deviations and offer advice and assistance to Custodians. Appendix I is an auditing template to be used as appropriate. The audit report plus template should be submitted to the Head of Information Management and brought to the attention of the Force Information Management Board Further Information about Encryption For further information into the use and control of cryptography, contact the FCC for a copy of HMG Infosec Standard 4: (Communication, Security, and Cryptography). 4. Monitoring and Review The FCC will be responsible for ensuring that the procedure will remain current in line with HMG standards. This procedure will be reviewed by the ISO after one year from the date of publication. 5. Related Procedures This procedure is associated to other procedures appended to the Information Management Policy. 6. Related Policies This procedure forms part of the Information Management Policy. It also provides an integral part of the ACPO Community Security Policy (CSP) and a requirement under the NPIA Accreditation Procedure. Page 8 of 9

9 7. Information Sources Force Information Security Policy HMG Infosec Standard no 4 Parts 1,2,3 Communications Security and Cryptography ACPO/ACPOS (2002) Information Systems Community Security Policy, Version 2.4. CESG (1999) CESG Infosec Memorandum No. 17: Handbook on Cryptographic Security Summary, Issue 1.0. HMG (2008) The Security Policy Framework Force Information Security Policy Airwave System Security Policy and Procedure Page 9 of 9