Advanced search Help
Searching for terms: EXACT: "United States. National Security Agency" in: publisher
Clear all search criteria
Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).
-
Maintenance and Disposition of TEMPEST Equipment
"All electronic and electromechanical information processing equipment can produce unintentional data-related or intelligence-bearing emanations which, if intercepted and analyzed, disclose the information transmitted, received, handled, or otherwise processed. It is the policy of the U.S. Government that federal departments and agencies and their designated agents apply TEMPEST countermeasures in proportion to the threat of exploitation. In order to ensure the continuous application of TEMPEST countermeasures, maintenance and disposition procedures should be implemented for TEMPEST equipment. This advisory memorandum provides guidelines for the maintenance and disposition of TEMPEST equipment. Such equipment may contain specialized suppression circuitry that must be maintained by knowledgeable persons to ensure proper TEMPEST performance throughout its life cycle. Also, the suppression technology used in such equipment must be protected from general distribution and, therefore, disposition of TEMPEST equipment should be controlled to prevent technology transfer. This document will be made available to U.S. Government personnel who are responsible for maintenance and disposition of TEMPEST equipment. [...] For the purpose of this document, the following definition applies: TEMPEST equipment is defined as equipment listed on the Endorsed TEMPEST Products List (ETPL), the Preferred Products List (PPL), the NATO Recommended Products List (NRPL), and equipment that complies with either Level I or II of NSTISSAM TEMPEST/1-92 as certified by a department or agency."
United States. National Security Agency
2000-12
-
Advisory Memorandum for Information Assurance (IA) - Security through Product Diversity
"This memorandum advises U.S. Government departments and agencies to emphasize a multi-layered and multi-vendor approach to security when architecting information systems. National Policy Governing the Acquisition of Information Assurance (IA) and IA-Enabled Information Technology Products (NSTISSP No. 11) limits the selection of IA products to those that have been evaluated or validated by criteria specified in the policy. NSTISSP No. 11 does not provide guidance on how to compose compliant products into secure systems. Further, satisfying NSTISSP No. 11 criteria does not necessarily imply that a product is free of vulnerabilities. For instance, products evaluated against basic National Information Assurance (NIAP) protection profiles, levels 4 and below, do not include robust vulnerability testing as part of their validation. In most cases, certification of these products simply implies that the product functions as advertised."
United States. National Security Agency
2004-07
-
NTSWG Guidelines for Computerized Telephone Systems (CTS) Supplemental
"The Telephone Security Group Standards were initially written back in the early 1980's to prescribe the measures necessary to protect audio discussion against eavesdropping and component manipulation, which permitted eavesdropping of classified discussion. The TSG no longer exists; rather, it has been re-organized and re-chartered as the National Telecommunications Security Working Group (NTSWG). As such, the NTSWG is responsible for security countermeasures for all telecommunications systems and components used within a classified [information] processing area. […]This standard establishes requirements for planning, installing, maintaining, and managing a computerized telephone system (CTS). The requirements established in this standard are necessary in order to achieve on-hook audio security for 'small' computerized telephone switches located in sensitive discussion areas. For a CTS conforming to this standard, all protected on-hook telephones will be completely isolated from all transmission media and wires that are physically unprotected. This standard requires that the isolation for connected telephones be achieved in the CTS itself."
United States. National Security Agency
2001-03
-
TSG Guidelines for Computerized Telephone Systems
"This standard was prepared by the Telephone Security Group (TSG). The charter members of the TSG are: Department of the Air Force, Department of the Army. Central Intelligence Agency. Defense Intelligence Agency Department of Energy, Federal Bureau of Investigation, Department of the Navy. National Security Agency, US Secret Service, and Department of State. The TSG is the primary technical and policy resource in the US Intelligence Community for all aspects of the TSCM (technical surveillance countermeasures) program involving telephone systems. The TSG standards contain guidance for providing on-hook security to telephone systems in areas where sensitive government information is discussed. Implementation of TSG standards neither prevents the application of more stringent requirements nor satisfies the requirements of other security programs such as TEMPEST. COMSEC, or OPSEC. This standard establishes requirements for planning, installing, maintaining, and managing a computerized telephone system (CTS). The requirements established in this standard are necessary in order to achieve on-hook audio security for computerized telephones located in sensitive discussion areas. For a CTS conforming to this standard, all protected on-hook telephones will be completely isolated from all transmission media and wires that are physically unprotected. This standard requires that the isolation for most telephones be achieved in the CTS itself."
United States. National Security Agency
1990-03
-
Social Network Analysis of the Iranian Government
"Social networks describe the complex interrelations, both formal and informal, between individuals and groups. Modeling and analysis of social networks has many practical applications across an array of domains. These include government and military applications. An example is considered in detail for the Iranian government decision making process where relevant individuals and groups, their interactions, and their role in the decision making process are explicitly modeled. This analysis illustrates a flow model representation of social networks. Flow modeling is a robust and powerful tool for social network analysis. This methodology is a result of a three-year research effort sponsored by the National Security Agency and National Air Intelligence Center." - Abstract
United States. National Security Agency
Renfro, Robert, 1920-; Deckro, Richard F.
2001-06-12
-
New Enterprise Team: (NETeam) Recommendations: The Director's Work Plan for Change
This document is a self assessment of the NSA and how it can make itself a more effective intelligence agency. In the light of the aggressive timeline of this study and the complexity of the issues examined, this report is not an exhaustive examination of all issues facing NSA today and in the future. The recommendation of the NSA focus instead on actions that they believe must be taken as a matter of urgency for the very survival of the institution. The recommendations center on six core issues: decision-making; leadership; strategic alignment; customer, partner, stakeholder relationships; resource management; and the workforce.
United States. National Security Agency
1999-10-01
-
National Security Agency Central Security Service: Security Configuration Guides
"NSA initiatives in enhancing software security cover both proprietary and open source software, and we have successfully used both proprietary and open source models in our research activities. NSA's work to enhance the security of software is motivated by one simple consideration: use our resources as efficiently as possible to give NSA's customers the best possible security options in the most widely employed products. The objective of the NSA research program is to develop technologic advances that can be shared with the software development community through a variety of transfer mechanisms. NSA does not favor or promote any specific software product or business model. Rather, NSA is promoting enhanced security."
United States. National Security Agency
-
NSA/CSS Declassification Plan for Executive Order I2958, as Amended- Information Memorandum
"Executive Order (E.0.f 12958, as amended, 'Classified National Security Information,' commits agencies to institutionalism automatic declassification within their organizations and to complete appropriate reviews of the backlog of classified permanent records that are more than 25 years old by the end of 2006, and each year thereafter. The goal is to make more information available to the public while protecting information that must remain classified in the interest of national security. This plan addresses the actions the National Security Agency Central Security Service (NSAJCSS) will take to identify and declassify information as prescribed in the E.O. in concert with guidance provided by the Office of the Secretary of Defense and the Information Security Oversight Office of the National Archives and Records Administration (NARA)."
United States. National Security Agency
2006-01-05
-
Guide to Understanding Object Reuse in Trusted Systems
"This document is written to help vendors and evaluators understand the object reuse requirement. It also provides guidance to vendors on how to design and incorporate effective object reuse mechanisms into their systems. Some examples for accomplishing object reuse are provided in this document, but they are not the only way to meet the requirement. Nor are the recommendations supplementary requirements to the TCSEC [Trusted Computer System Evaluation Criteria]. The only measure of TCSEC compliance is the TCSEC itself."
United States. National Security Agency
Anderson, James P.; Vaughn, Rayford
1992-07-01
-
Redacting with Confidence: How to Safely Publish Sanitized Reports Converted from Word to PDF
"There are a number of pitfalls for the person attempting to sanitize a Word document for release. This paper describes the issue, and gives a step-by-step description of how to do it with confidence that inappropriate material will not be released. Both the Microsoft Word document format (MS Word) and Adobe Portable Document (PDF) are complex, sophisticated computer data formats. They can contain many kinds of information such as text, graphics, tables, images, meta-data, and more all mixed together. The complexity makes them potential vehicles for exposing information unintentionally, especially when downgrading or sanitizing classified materials. Although the focus is on MS Word, the general guidance applies to other word processors and office tools, such as WordPerfect, PowerPoint, Excel, Star Office, etc. This document does not address all the issues that can arise when distributing or downgrading original document formats such as MS Word or MS PowerPoint. Using original source formats, such as MS Word, for downgrading can entail exceptional risks; the lengthy and complicated procedures for mitigating such risks are outside the scope of this note."
United States. National Security Agency
2005-12-13
-
NSA Director of Civil Liberties and Privacy Office Report: NSA's Civil Liberties and Privacy Protections for Targeted SIGINT Activities Under Executive Order 12333
In the context of this report, SIGINT stands for Signals Intelligence. "This report, from the NSA [National Security Agency] Civil Liberties and Privacy Office, addresses the general civil liberties and privacy protections employed by the NSA and more specifically documents additional procedures for targeted Signals Intelligence activities under Executive Order (E.O.) 12333. The Fair Information Practice Principles (FIPPs), which are widely accepted framework of defining principles used by federal agencies to evaluate how systems, processes, or programs affect individual privacy, were used as the basis for assessment. The report finds that NSA has multiple activities that provide civil liberties and privacy protections for six of the eight FIPPs ('Purpose Specification', 'Data Minimization', 'Use Limitation', 'Data Quality and Integrity', 'Security', and 'Accountability and Auditing'). These protections are underpinned by NSA's management activities, documented compliance program, and investments in people, training, tools, and technology. […] The report provides an overview of the signals intelligence lifecycle (Acquire, Analyze, Retain and Disseminate), and describes existing civil liberties and privacy protections that are built into each step. Agency-wide policies, directives, procedures training, and education activities also help protect the civil liberties and privacy of ordinary individuals. All employees also have responsibilities for protecting and upholding laws and policies."
United States. National Security Agency
Richards, Rebecca J.
2014-10-07
-
Transparency Report: THE USA FREEDOM Act Business Records FISA Implementation
"The National Security Agency's Civil Liberties and Privacy Office (CLPO) conducted a civil liberties and privacy impact assessment examining how the National Security Agency (NSA) is implementing the changes effected by the USA FREEDOM Act to the telephone metadata program that the Agency had conducted pursuant to the 'Business Records' provision in Section 215 of the USA PATRIOT Act. The latter section amended the Foreign Intelligence Surveillance Act (FISA) and authorized NSA to collect and analyze certain telephone metadata. The USA FREEDOM Act, which was enacted in June 2015 and became effective on November 29, 2015, made significant changes to NSA's authority in this regard. This report summarizes CLPO's assessment and its underlying analysis of how this new authority is being implemented."
United States. National Security Agency
2016-01-15
-
History of Traffic Analysis: World War I - Vietnam
"A key purpose of this brochure is to improve the public's and intelligence professionals' understanding of T/A [Traffic Analysis] as an intelligence discipline. Further, it is intended that this will be a living document, to be amplified and expanded as the necessary research is completed, especially in light of new real-world examples of traffic analysis at work. In its present form, the report also can be used for historical reference and could even serve as a basis for developing museum displays."
United States. National Security Agency
Borrmann, Donald A.; Kvetkas, William T.; Brown, Charles V. . . .
2013
-
Security-enhanced Linux (SELinux)
This presentation goes over the need for a secure OS. There is an increasing risk to valuable information because of the wide variety of space security solutions. The inadequacy of mainstream operating systems revolves around discretionary access controls that can't do the job. The key missing feature is a Mandatory Access Control that has control over all subjects and objects in a system.
United States. National Security Agency
Loscocco, Peter A.
2002-08
-
Review and Prospects of the United States Directed-Energy Weapons Technology Development in 1994
Directed-energy weapons are new-generation weapons developed on the basis of the new concept of replacing conventional bullets with high-energy- density beams. Technically, directed-energy weapons can be divided into three branches, namely: (1) laser weapons, which can destroy or destabilize targets by using electromagnetic radiation energy beams with a wavelength of less than 1 millimeter; (2) radio-frequency weapons, which can destroy or destabilize targets with radiated electromagnetic energy within the radio spectrum range (the wavelength is more than 1 millimeter and radio frequency less than 300 gigahertz); (3) particle beam weapons, which are capable of destroying or destabilizing targets with neutral high-energy atomic particle beams (usually hydrogen, deuterium and tritium) or charged high-energy atomic or subatomic particle beams.
United States. National Security Agency
Yaping, Zhang
1996-06-18
-
Analysis of Protection of Electronic Information in the Gulf War
In the Gulf War in early 1991, the most lethal and most expensive weapons were not the guided missiles, fighter craft, tanks, or warships, but the electronic information system deployed by the multinational troops in the Gulf area led by the United States. This information system was large-scale, advanced in technology, strict in organization, and high in operational efficiency, providing the overall, precise, timely, and continuous information about Iraqi troops to the multinational troops in its various command structure levels. Thus, the demand for prescribing combat plans and command execution was ensured, to have key functions in winning the war. The Gulf War was a concentrated manifestation of the modern informationized battleground. In the view of the U. S. forces, the Gulf War signaled the conclusion of a combat era and marked the coming of the C3I era. Therefore, analysis on the electronic information protection system in this war is very important and significant to cope with combat in the future high-tech conditions.
United States. National Security Agency
Taiying, Lin
1996-05
-
Advisory Memorandum for the Use of the Federal Information Processing Standards (FIPS) 140-1 Validated CryptoGraphic Modules in Protecting Unclassified National Security Systems
"This Advisory memorandum provides guidance to U.S. Government departments and agencies regarding the application of Federal Information Processing Standard (FIPS) 140-1 to the validation of cryptographic modules which may be used to protect unclassified information within computer and telecommunications systems that are not national security systems. As noted, responsibility for establishing security standards for national security systems remains the responsibility of the Director of the National Security Agency. Issuance of the document represents another step in a continuing effort to keep departments and agencies apprised of significant information systems security or information assurance developments which may impact on the operations and activities of their respective organizations. Consistent with the existing working partnership, the National Security Agency (NSA) has coordinated this document with the National Institute of Standards and Technology (NIST)."
United States. National Security Agency
2000-02-08
-
On-Hook Telephone Audio Security Performance Specification
"This standard specifies the minimum required performance for a telephone that can be located in a sensitive discussion area without supplementary on-hook audio security measures. The technical performance requirements expressed in this standard are included as a part of the type-acceptance criteria lofts Standards 3 and 4."
United States. National Security Agency
1990-03
-
Insider Threat to U.S. Government Information Systems
This unclassified document was published by the National Security Agency in 1999. "Today's Information Systems (IS) provide enormous leverage and access to vast amounts of sensitive, unclassified, and classified mission critical data. The potential for abuse is obvious. […] This NSTISSAM focuses on the insider and the potential damage that such an individual could cause when targeting today's IS. It points out the various weaknesses (vulnerabilities) in today's IS an insider might exploit and highlights approaches to solving these problems. In taking corrective action, it is necessary to consider technical and procedural steps in deterring the insider. Finally, we propose, in priority order, recommendations that mitigate the threat posed by the insider. Our approach is not to provide an exhaustive list, but rather offer recommendations that could have the greatest immediate return against this serious threat."
United States. National Security Agency
1999-07
-
Instruction for National Security Systems Public Key Infrastructure X.509 Certificate Policy under CNSS Policy No.25
"The Committee on National Security Systems Instruction (CNSSI) No. 1300, "Instruction for National Security Systems (NSS) Public Key Infrastructure (PKI) X.509 Certificate Policy, Under CNSS Policy No. 25," provides a secure, interoperable electronic environment that closes the gap between the classified Federal PKI, managed by the Federal PKI Policy Authority, and the highly classified Intelligence Community PKI, managed by the Office of the Director for National Intelligence (ODNI)."
United States. National Security Agency
2009-10
-
National Instruction on Classified Information Spillage
"This instruction establishes the minimum actions required when responding to an information spillage of classified national security information onto an unclassified Information System (IS), or higher-level classified information onto a lower level classified IS or onto a system not accredited to that category (i.e. restrictive label) of information, to include non-government systems. This instruction applies to the spillage of classified national security information on any IS, be it government, commercial, or private. In the case of private or commercial systems where there is no contractual requirement with the government, department/agency heads will ensure that an inquiry/investigation is conducted in accordance with references 3 b and c. In such cases, the actions established by this instruction will be implemented to the extent practical."
United States. National Security Agency
2008-02
-
Introduction to Telephone Security
"The National Telecommunications Security (NTS) Working Group (WG), formerly known as the Telecommunications Security Group (TSG), is the primary technical and policy resource in the U.S. Intelligence Community (IC) for all aspects of the Technical Surveillance Countermeasures (TSCM) Program involving telephone systems located in areas where sensitive government information is discussed. TSG Standards will be replaced by and issued as Committee on National Security Systems Instructions (CNSSIs). Implementation of CNSS instructions/TSG standards neither prevents the application of more stringent requirements nor satisfies the requirements of other security programs such as TEMPEST, COMSEC, or OPSEC. TSG Standard 1 is an introduction to telephone security that provides general information linked to the existing TSG standards and re-issued as CNSS instructions."
United States. National Security Agency
1990-03
-
Advisory Memorandum on the Retirement of Data Encryption Standard (DES) Based Cryptography to Protect National Security Systems
"This Advisory Memorandum applies to all Executive departments and agencies and to all U.S. Government contractors who own, procure, use, operate, or maintain national security systems as defined in CNSS Instruction No. 4009, 'National Information Assurance Glossary,' dated May 2003. All cryptographic algorithms have fixed operational life-cycles. Advances in technology can shorten the expected life-cycle of a cryptographic algorithm. The security of national security systems is partially predicated on the periodic assessment and replacement of aging cryptographic algorithms. As a result of such assessments, the National Security Agency will no longer evaluate or approve any DES-based security implementation for the protection of national security systems and/or related information."
United States. National Security Agency
2005-03
-
Advisory Memorandum on Office Automation Security Guideline
"This National Telecommunication and Information Systems Security Advisory Memorandum (NTISSAM) is intended to provide guidance to users, security officers, procurement officers, and others who are responsible for the security of office automation systems. This guidance is intended for use by all activities of the executive branch of the United States Government who process classified or sensitive, but unclassified information in office automation systems. Other sources of guidance, including directives, manuals, and regulations issued by various departments and agencies of the United States Government are cited as references in the document."
United States. National Security Agency
1987-01-16
-
Role of Firewalls and Guards in Enclave Boundary Protection
"Ensuring system availability, data integrity and privacy, user authentication and transaction non-repudiation for communications and computer systems that comprise the National Information Infrastructure creates a host of Information Assurance (IA) challenges. One of the foremost of these challenges is the need to connect enterprise systems to external systems while protecting against the threat of external penetration with an adversarial goal of obtaining, manipulating or destroying critical information. The purpose of this Advisory Memorandum is to look at two available tools which are a part of the solution to this challenge."
United States. National Security Agency
1998-12
-
Advisory Memorandom on Release of Communications Security Equipment, Material or Information to Foreign Enterprises
"National Telecommunications and Information Systems Security Advisory and Information Memorandum COMSEC/l-85, 'Release of Communications Security Equipment, Material, or Information to Foreign Enterprises , announces criteria to be considered in determining the advisability of releasing COMSEC equipment, material, or information to private enterprises which are foreign owned, controlled, or influenced. The subject of release of COMSEC information to foreign governments and international organizations is addressed separately in NCSC-6, 'National Policy Governing the Disclosure or Release of Communications Security Information to Foreign Governments and International Organizations,' dated 16 January 1981."
United States. National Security Agency
1989-10-29
-
Advisory Memorandom on the Transition from the Trusted Computer System Evaluation Criteria to the International Common Criteria for Information Technology Security Evaluation
"This Advisory Memorandum provides guidance to U.S. Government Departments and Agencies regarding the transition from the Trusted Computer System Evaluation Criteria (TCSEC) (better known as the "Orange Book") to the International Common Criteria for Information Technology Security Evaluation Version 2.0 (hereinafter referred to as the "Common Criteria"). It is intended to introduce departments and agencies to the new criteria and provide an opportunity for them to evaluate its applicability to their Information Assurance (IA) operations environments and requirements."
United States. National Security Agency
1999-03-11
-
Advisory Memorandum for the Strategy for Using the National Information Assurance Partnership (NIAP) for the Evaluation of Commercial Off-the-Shelf (COTS) Security Enabled Information Technology Products
This unclassified document was published by National Security Agency in 2000. "This Advisory Memorandum provides guidance to U.S. Government departments and agencies regarding the strategy behind the National Information Assurance Partnership (NIAP) for the evaluation of commercial off-the-shelf (COTS) security enabled information technology products and, from a practical standpoint, details its implementation. It also serves to document the respective roles of the National Security Agency (NSA), the National Institute of Standards and Technology (NIST) and the accredited laboratories in the overall COTS evaluation and validation process."
United States. National Security Agency
2000-02-08
-
National Information Assurance Certification and Accreditation Process (NIACAP)
"This National Security Telecommunications and Information System Security Instruction (NSTISSI) defines the National Information Assurance Certification and Accreditation Process (NIACAP). The NIACAP establishes a standard national process, set of activities, general tasks, and a management structure to certify and accredit systems that will maintain the information assurance (IA) and security posture of a system or site. This document provides an overview of the NIACAP process, roles of the people involved, and the documentation produced during the process. More detailed procedures will be included in a NIACAP implementation manual."
United States. National Security Agency
2000-04
-
TSG Equipment Spreadsheet
"The Telephone Security Group (TSG) Equipment spreadsheet provides the user, government/industry/vendor, the ability to review, locate, and search for 'Currently Manufactured Devices' and ' Devices Still in Use But No Longer Manufactured' that are TSG-approved for use in sensitive/classified facilities."
United States. National Security Agency
2005-07