Section B.3. TEMPEST Standards


B.3. TEMPEST Standards

The National TEMPEST Standard specifies the level of emanation permitted for TEMPEST equipment. Since the original TEMPEST standard was published in the late 1950s, this standard has been revised a number of times. At one point, even accessing the standards on TEMPEST was a tricky business. The TEMPEST documents NACSIM 5100A and NACSI 5004 were classified and accessible only on need-to-know basis.

Basic TEMPEST standards were made available to the public in 1995. The TEMPEST standard, NSTISSAM TEMPEST/1-92 is now publicly available. The U.S. army acknowledges its TEMPEST testing facility, the U.S. Army Information Systems Engineering Command, at Fort Huachuca, Arizona. Information about TEMPEST certified products, which may be needed to service or provision certain government contracts, is readily available at the NSA web site: http://www.nsa.gov/ia/industry/tempest.cfm.

The TEMPEST Endorsement Programs (TEP) today consists of three closely related NSA programs:

  • The Endorsed TEMPEST Products Program

  • The Endorsed TEMPEST Test Services Program

  • The Zoned Equipment Program

In the Endorsed TEMPEST Products Program, NSA provides lists of commercially developed and produced TEMPEST telecommunications equipment, which NSA has endorsed. (Formerly, NSA provided the testing, but that is now handled by certified laboratories.) The equipment lists are used by government entities and their contractors to select products for processing classified information. Separate lists are provided for products that meet different levels of compliance.

In the Zoned Equipment Program, NSA provides a listing of commercial off-the-shelf (COTS) telecommunications equipment that is not designed to meet the National Standard, but has been tested against a portion of that standard and has been assigned a "zone" of B or C. The zoning system calculates a TEMPEST risk, which takes into account such characteristics as geographic location (rural or city), type of facility (public or private), construction of the building (wood, cinder block, brick), and the likelihood of reconnaissance. If a facility's mathematically computed penetration index is below a stated cutoff, certain COTS equipment can be used.




Computer Security Basics
Computer Security Basics
ISBN: 0596006691
EAN: 2147483647
Year: 2004
Pages: 121

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net