R&S SMB100A RF and Microwave Signal Generator Instrument Security Procedures

Similar documents
R&S SMBV100A Vector Signal Generator Instrument Security Procedures

R&S SGS100A SGMA RF Source Instrument Security Procedures

R&S SMW200A Vector Signal Generator Instrument Security Procedures

R&S ZN-Z154 Calibration Unit Instrument Security Procedures

R&S NRP-Z5 USB Sensor Hub Instrument Security Procedures

R&S NRP2 Power Meter Instrument Security Procedures

R&S NRP USB and LAN Power Sensors Instrument Security Procedures

Resolving Security Issues when working with R&S SMU200A, R&S SMATE200A, R&S SMJ100A, R&S AMU200A, or R&S AFQ100A or R&S AFQ100B in Secure Areas

Resolving Security Issues When Working with the R&S FS315 in Secure Areas

R&S FSL Spectrum Analyzer Resolving Security Issues When Working in Secure Areas

Resolving Security Issues When Working with the R&S ESIB in Secure Areas

PSA-Series Spectrum Analyzers

Keysight N5191A/93A UXG X-Series Agile Signal Generator

Model Number(s): DSO5xxxA/DSO/MSO6xxxA. **Declassification of the 5000A/6000A Series Oscilloscope**

Security Features and Volatility Documentation

Security Features and Volatility Documentation

R&S ZN-Z15x Calibration Units User Manual

RSA5100A Series Real-Time Signal Analyzers Declassification and Security Instructions

R&S ZN-Z5x Calibration Units User Manual

4287A Security Features Rev. 1.0

*P *

8560E/EC-Series Spectrum Analyzers. Security Features and Volatility

Tektronix 4000 Series Oscilloscopes Declassification and Security Instructions

Agilent 86100D DCA-X Wide-Bandwidth Oscilloscope Mainframe. Declassification and Security

R&S Power Meter NRP Release Notes Firmware Version

R&S SMA100B Release Notes Firmware Version

Firmware Release ( 32-Bit-WINDOWS version )

ESA-Series Spectrum Analyzers EMC Analyzers NFA Series Noise Figure Analyzers. Security Features

R&S NRP-Z27/-Z37 Power Sensor Module Release Notes Firmware Version 04.18a

R&S SMB100B Release Notes Firmware Version

R&S TSMAx Release Notes Firmware Version

BitLocker White Paper Windows 10

86100 Series Infiniium DCA Oscilloscope

Keysight M9393A PXIe Vector Signal Analyzer

R&S RTC1002 Digital Oscilloscope Release Notes Firmware Version

R&S TSMA Release Notes Firmware Version

Artisan Technology Group is your source for quality new and certified-used/pre-owned equipment

R&S SMW200A Creating Tutorials and Interactive Examples Application Sheet

R&S ESU EMI Test Receiver. Release Notes. Firmware Version V5.74 SP1. Only an ESU with Windows 7 Operating System is supported

PQA500 Picture Quality Analyzer Declassification and Security Instructions

R&S ESR EMI Test Receiver Release Notes Firmware Version V3.36 SP2

R&S RTA4000 Digital Oscilloscope Release Notes Firmware Version

R&S RECAL + Release Notes Software Version 4.01

5SeriesMSO (MSO54, MSO56, MSO58) With Option 5-SEC Enhanced Security Instrument Declassification and Security Instructions

R&S NRP-Z51/-Z52/-Z55/-Z56/- Z57/-Z58 Thermal Power Sensors Release Notes

R&S Spectrum Rider FPH Release Notes Firmware Version V1.40

WFM6120, WFM7020, and WFM7120 Waveform Monitors Declassification and Security Instructions

TG8000 Multiformat Test Signal Generator Declassification and Security Instructions

TG8000 Multiformat Test Signal Generator Declassification and Security Instructions

Manufacturer: National Instruments

It also offers a RAM backed file system that will disappear on loss of power. NOT APPLICABLE. Memory Information and Procedures

R&S Spectrum Rider FPH Release Notes Firmware Version V1.50

R&S ESW Test Receiver Release Notes Firmware Version V1.40 SP1

Sanitization Procedure Waveform storage DRAM 2 GB No Yes Yes Cycle Power Device operation FPGA / Processor Xilinx XC7Z100 (-01/-03) XC7Z035 (-02)

Release Notes. R&S FSC Spectrum Analyzer

Firmware Version Build 170 SP1

Updating your veo instrument to 3.5.5

R&S DigIConf Software Release Notes Firmware Version Build 170 SP1

R&S RTO-K81, R&S RTP-K81 PCIe Compliance Test Test Procedures

ZBG 100 Gateway Recovery Guide Version 02 ZBG pikkerton GmbH ZBG Gateway Recovery Guide.docx Page 1/11

Battery Backup. Sanitization Procedure Waveform Data SDRAM 32 MB (-01/-21) No Yes Yes Cycle Power

Firmware Updates Model 24 / 44 / 42 Cryogenic Temperature Controllers

Keysight M9381A PXIe VSG, M9380A PXIe CW Source, and M9391A PXIe VSA

R&S RTO, R&S RTP R&S ScopeSuite Automation Manual

EMC Measurement Software EMC32

Floppy Disk Control of the I/Q Modulation Generator AMIQ

R&S GNSS Test Automation Release Notes Software Version 1.3.2

R&S SMB100A Release Notes Firmware Version

Recovering a NetComm Wireless M2M router via the recovery console. Technical Support Guide

R&S AVG Pattern Import Release Notes Firmware Version 02.25

R&S GP-U gateprotect Firewall How-to

User Guide CipherUSB

R&S RTO and R&S RTE Oscilloscopes Release Notes Firmware Version

Introduction read-only memory random access memory

Xerox Product Data Overwrite Security Whitepaper

Statement of Volatility WorkCentre 5845/5855/5865/5875/5890

R&S Broadcast Drive Test Release Notes Software Version 03.13

R&S Pulse Sequencer DFS Software Release Notes Software Version 1.7

4-1. This chapter explains HMI settings.

R&S OSP Open Switch and Control Unit Operating Manual

TopSec Mobile Secure voice encryption for smartphones and laptops

Instrument Software Update Instructions. X-Series Multi-touch instruments

Firmware Release V1.83 SP3

LabVIEW driver history for the R&S HMC8012 Driver Documentation

R&S LXI Class C Support V1.21 (XP)

Troubleshooting. Connection Problems

Instrument Software Update Instructions

Xerox WorkCentre Statement of Volatility Version 1.0

Home Control Gateway Troubleshooting

Defense Security Service Office of the Designated Approval Authority Process for Clearing a Blackberry

Intel Entry Storage System SS4000-E

R&S IMS Software Configuration and System Calibration according to IEC / EN (conducted Immunity)

Restoring the Server to Bare Metal

R&S Browser in the Box Release Notes

USB2Wifi Patch Notes

4-1. This chapter explains HMI settings.

Using GIGABYTE Notebook for the First Time

Statement of Volatility Xerox WorkCentre 4250/4260

R&S SGT100A RF Source Base Unit Release Notes FW Version

INSTRUCTIONS TO UPDATE FIRMWARE FOR / / Dranetz New Durham Road, Edison, New Jersey Telephone or

Transcription:

RF and Microwave Signal Generator Instrument Security Procedures (;ÚèY2) 1176.9041.02 03 Instrument Security Procedures

Contents Contents 1 Overview... 2 2 Instrument Models Covered...2 3 Security Terms and Definitions... 3 4 Types of Memory and Information Storage in the R&S SMB...4 5 Instrument Declassification... 7 6 Special Considerations for USB Ports and LAN Services... 8 1 Overview In many cases, it is imperative that the R&S SMB RF and Microwave Signal Generators are used in a secured environment. Generally these highly secured environments do not allow any test equipment to leave the area unless it can be proven that no user information leaves with the test equipment. Security concerns can arise when devices need to leave a secured area e.g. to be calibrated or serviced. This document describes the types of memory and their usage in the R&S SMB. It provides a statement regarding the volatility of all memory types and specifies the steps required to declassify an instrument through memory clearing or sanitization procedures. These sanitization procedures are designed for customers who need to meet the requirements specified by the US Defense Security Service (DSS). 2 Instrument Models Covered Table 2-1: RF and Microwave Signal Generator models Product name Order number R&S SMB100A 1406.6000.02 The RF and Microwave Signal Generator base unit must be ordered together with one of the following frequency options: R&S SMB-B101 R&S SMB-B102 R&S SMB-B103 R&S SMB-B106 2

Security Terms and Definitions R&S SMB-B112 R&S SMB-B112L R&S SMB-B120 R&S SMB-B120L R&S SMB-B131 R&S SMB-B140 R&S SMB-B140L R&S SMB-B140N 3 Security Terms and Definitions Clearing: As defined in Section 8-301a of DoD 5220.22-M, "National Industrial Security Program Operating Manual (NISPOM)", clearing is the process of eradicating the data on media so that the data can no longer be retrieved using the standard interfaces on the instrument. Hence, clearing is typically used when the instrument is to remain in an environment with an acceptable level of protection. Sanitization: As defined in Section 8-301b of DoD 5220.22-M, "National Industrial Security Program Operating Manual (NISPOM)", sanitization is the process of removing or eradicating stored data so that the data cannot be recovered using any known technology. Instrument sanitization is typically required when an instrument is moved from a secure to a non-secure environment, such as when it is returned for service of calibration. The memory sanitization procedures described in this document are designed for customers who need to meet the requirements specified by the US Defense Security Service (DSS). These requirements are specified in the "Clearing and Sanitization Matrix" in Section 14.1.16 of the ISFO Process Manual for the Certification and Accreditation of Classified Systems under the NISPOM. Instrument declassification: A term that refers to procedures that must be undertaken before an instrument can be removed from a secure environment, such as is the case when the instrument is returned for calibration. Declassification procedures include memory sanitization or memory removal, or both. The declassification procedures described in this document are designed to meet the requirements specified in DoD 5220.22-M, "National Industrial Security Program Operating Manual (NISPOM)", Chapter 8. 3

Types of Memory and Information Storage in the R&S SMB Volatile Memory 4 Types of Memory and Information Storage in the R&S SMB The RF and Microwave Signal Generator contains various memory components. The following table provides an overview of the memory components that are part of your instrument. For a detailed description regarding type, size, usage and location, refer to the subsequent sections. Memory type Size Content Volatility User Data Sanitization procedure SDRAM (CPU board) 256 Mbyte Temporary information storage for operating system and instrument firmware Volatile Yes Turn off instrument power EEPROM (RF module, processor module) 4 x 4 kbyte up to 1 Mbyte Module-specific data: Serial number Revision Options Calibration correction data Initial CPU configuration data Non-volatile No None required (no user data) Smart card (processor module) Flash (processor board) 32 kbyte Hardware information: Serial number Product options Operation time Power-on count 256 Mbyte Operating system Instrument firmware Boot code Maintenance and recovery system User data, instrument and password settings Non-volatile No None required (no user data) Non-volatile Yes "Sanitize internal memory" procedure (see "Flash" on page 5) 4.1 Volatile Memory The volatile memory in the instrument does not have battery backup. It loses its contents as soon as power is removed from the instrument. The volatile memory is not a security concern. Removing power from this memory meets the memory sanitization requirements specified in the "Clearing and Sanitization Matrix" in Section 5.2.5.5.5 of the ISFO Process Manual for the Certification and Accreditation of Classified Systems under the NIS- POM. SDRAM The SDRAM on the CPU board has a size of 256 Mbyte and contains temporary information storage for operating system and instrument firmware. The SDRAM loses its memory as soon as power is removed. 4

Types of Memory and Information Storage in the R&S SMB Non-Volatile Memory Sanitization procedure: Turn off instrument power 4.2 Non-Volatile Memory The R&S SMB contains various non-volatile memories. Out of these, only the internal Flash memory contains user data as well as instrument configuration in its Journaling Flash File System (JFFS) area. The Flash memory can be sanitized via "Sanitize internal memory" procedure. All non-volatile memories of the R&S SMB are not a security concern. EEPROM The RF module as well as the processor module of the R&S SMB RF and Microwave Signal Generator are equipped with in total four serial EEPROM devices with a size of 4 kbyte up to 1 Mbyte. The EEPROMs contain module-specific data, calibration correction data and initial processor configuration data. In addition, the current setting of the "Standby" button is saved here in order to restart the instrument properly in case of power loss. The EEPROM does not hold user data nor can the user access the EEPROM storage. Sanitization procedure: None required (no user data) Smart card The processor module of the R&S SMB RF and Microwave Signal Generator is equipped with a smart card with a size of 32 kbyte. It contains information related to the installed hardware, such as the serial number of the module, product options, operating time and power-on cycle count. The smart card does not hold user data nor can the user access the storage. Sanitization procedure: None required (no user data) Flash The single-chip Flash memory, located on the processor board, has a size of 256 Mbyte. The Flash contains boot code, maintenance and recovery system, the operating system and instrument firmware. Furthermore user data, instrument and password settings are stored here. Figure 4-1: Logical sections of the Flash memory The Flash memory is logically divided into three sections: Boot code/os kernel: The 8 Mbyte memory section contains the boot code and the operating system kernel. This area is initialized during production and can be updated in case of firm- 5

Types of Memory and Information Storage in the R&S SMB Non-Volatile Memory ware update. It cannot be accessed by the user and is not modified during instrument operation. Recovery area: The 64 Mbyte memory section contains recovery data which is used to restore the factory instrument configuration if required. This area is initialized during production. It cannot be accessed by the user and is not modified during instrument operation. Journaling Flash File System (JFFS): The remaining memory section is controlled by a Journaling Flash File System (JFFS). This area is shared between operating system files, instrument firmware and user data. Operating system files and instrument firmware are encapsulated in preconfigured, read-only squash FS file systems. Both cannot be modified during instrument operation nor can they be modified in parts. During firmware update, they are replaced in total. In the remaining JFFS area the following information is stored: User data and instrument settings (automatically or manually saved instrument setups) Passwords LAN and USB port enable/disable states Internal adjustment data The R&S SMB provides a sanitizing procedure that ensures that user data is irretrievably removed from the instrument. Sanitization procedure: "Sanitize internal memory" procedure To sanitize the internal Flash memory, press the rotary knob and hold it while switching on the instrument. When the maintenance system appears, execute the "Sanitize internal memory" procedure. After activating the sanitizing procedure, the following steps occur: The file rootfs.squashfs (read-only, encapsulating operating system files) and the file optfs (read-only, encapsulating instrument firmware) are temporarily saved in SDRAM. A full sector erase command as per manufacturer data sheet is applied to each sector of the JFFS area. This explicitly includes sectors which might be declared as defect. Every addressable location of the JFFS area is overwritten by a single character. Again, a full sector erase command as per manufacturer data sheet is applied to each sector of the JFFS area, including defect sectors. The JFFS is recreated and operating system files as well as instrument firmware are restored. Passwords are reset to factory values, USB and Ethernet interfaces are enabled. The "Sanitize internal memory" procedure meets the memory sanitization requirements specified in the "Clearing and Sanitization Matrix" in Section 14.1.16 of the ISFO "Manual for the Certification and Accreditation of Classified Systems under the NISPOM". 6

Instrument Declassification 5 Instrument Declassification Before you can remove the RF and Microwave Signal Generator from a secured area (for example to perform service or calibration), all classified user data needs to be removed. You can declassify the RF and Microwave Signal Generator as follows: 1. Turn off the RF and Microwave Signal Generator. This will sanitize the volatile memory. 2. To sanitize the internal Flash memory, press the rotary knob and hold it while switching on the instrument again. After a few seconds, the screen of the maintenance system appears. Now you have the option to save the instrument configuration including firmware and user data (but without passwords) to a USB mass memory, for example a memory stick. To perform this operation, it is recommended that you use a USB hub and an external keyboard. To save the instrument configuration, proceed as follows: 1. Connect the USB hub and the keyboard to the instrument 2. Connect the USB memory to the hub too. 3. Execute "Backup internal memory to USB" and follow the instructions. To protect user data, this operation requires that you know the security password. 4. Wait until the operation is completed. 5. Remove the USB memory and keep it in the secure area. To sanitize the internal memory, perform the following steps: 1. Execute "Sanitize internal memory". 2. Wait until the operation is completed. Afterwards the power can be removed or the instrument can be rebooted. During the first reboot after sanitizing the internal adjustments are performed. Since permanent adjustment values are located in the instrument s EEPROMs, the validity of the RF and Microwave Signal Generator s calibration is maintained throughout the sanitization. Following these steps removes all user data from the RF and Microwave Signal Generator. The RF and Microwave Signal Generator can now leave the secured area. These declassification procedures meet the needs of customers working in secured areas. After service and re-entering the secured area, you have the option to restore the instrument configuration: 1. Power on the instrument and wait until it is operational. 7

Special Considerations for USB Ports and LAN Services Special Considerations for USB Ports 2. Plug in the memory stick containing the classified user data and instrument configuration and follow the instructions. The procedure is exactly the same as a firmware update. Note that instrument passwords are not restored by this procedure and must be set separately. Validity of instrument calibration after declassification The calibration makes sure that measurements comply to government standards. Rohde & Schwarz recommends that you follow the calibration cycle suggested for your instrument. The EEPROM is the only memory type used to hold permanent adjustment values required to maintain the validity of the R&S SMB's calibration. Therefore, performing the declassification procedure does not affect the validity of the instrument s calibration. 6 Special Considerations for USB Ports and LAN Services There are special considerations for R&S SMB USB ports and LAN services to avoid unauthorized data access in a high-security location. 6.1 Special Considerations for USB Ports USB ports can pose a security risk in high-security locations. Generally, this risk comes from small USB pen drives, also known as memory sticks or key drives. They can be easily concealed and can quickly read/write several Gbyte of data. Disabling USB ports You can disable the USB ports of the R&S SMB in the setup dialog: 1. Select "Setup", "Security", "USB Storage" and then "Disable". 2. Enter the Security Password and confirm with "Accept". When disabled, no USB storage device is accepted by the instrument. Other nonmemory USB devices (such as keyboards and mice) are not affected. The enable/disable state of the USB port is stored on the Flash memory. 8

Special Considerations for USB Ports and LAN Services 6.2 Special Considerations for LAN Ports To protect the instrument against unauthorized data access in your high-security location, you can disable the LAN interface. Disabling LAN ports You can disable the LAN ports of the R&S SMB in the setup dialog: 1. Select "Setup", "Security", "LAN Services" and disable "LAN Interface". 2. Enter the Security Password and confirm with "Accept". When disabled, no LAN connection can be established with the instrument. The enable/disable state of the LAN port is stored on the Flash memory. For more information concerning the security features, refer to the R&S SMB100A Operating Manual. 2016 Rohde & Schwarz GmbH & Co. KG Mühldorfstr. 15, 81671 München, Germany Phone: +49 89 41 29-0 Fax: +49 89 41 29 12 164 Email: info@rohde-schwarz.com Internet: www.rohde-schwarz.com Subject to change Data without tolerance limits is not binding. R&S is a registered trademark of Rohde & Schwarz GmbH & Co. KG. Trade names are trademarks of their owners. Throughout this manual, products from Rohde & Schwarz are indicated without the symbol, e.g. R&S SMB is indicated as R&S SMB. 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback