european defence industrial development …...3 general provisions 1. objectives of the edidp 1.1...
TRANSCRIPT
European Defence Industrial Development
Programme
GENERIC PROGRAMME SECURITY INSTRUCTION
Version 1.0 04 July 2019
2
HISTORY OF CHANGES
Version Publication
date Changes
1.0 04.07.2019 Initial version.
3
General provisions
1. Objectives of the EDIDP
1.1 Regulation (EU) 2018/1092 establishing the European Defence Industrial Development
Programme (EDIDP)1 has the following objectives:
(a) to foster the competitiveness, efficiency and innovation capacity of the defence
industry throughout the Union, which contributes to the Union's strategic autonomy, by supporting
actions in their development phase;
(b) to support and leverage cooperation, including across borders, between undertakings,
including SMEs and mid-caps, throughout the Union, and collaboration between Member States,
in the development of defence products or technologies, while strengthening and improving the
agility of defence supply and value chains, and fostering the standardisation of defence systems
and their interoperability.
Such cooperation shall take place in line with defence capability priorities agreed by
Member States within the framework of the Common Foreign and Security Policy and particularly
in the context of the Capability Development Plan.
In that context, regional and international priorities, when they serve the Union's security
and defence interests as determined under the Common Foreign and Security Policy, and taking
into account the need to avoid unnecessary duplication, may also be taken into account, where
appropriate, wherever they do not exclude the possibility of participation of any Member State;
(c) to foster better exploitation of the results of defence research and contribute to
development after the research phase, thereby supporting the competitiveness of the European
defence industry on the internal market and the global marketplace, including by consolidation,
where appropriate.
Considering the specific nature of EDIDP with regard to supporting the development of defence
products, the EDIDP security organisation and procedures will be established in line with the
provisions of Regulation (EU) 2018/1092 concerning the use of the results of the Action financed,
including the export.
2. Security requirements
2.1 Principles
2.1.1 In accordance with Commission Decision (EU) 2019/5132, in the context of the EDIDP,
the originatorship of classified foreground information generated in the performance of a
1 Regulation (EU) 2018/1092 of the European Parliament and of the Council of 18 July 2018 establishing the European Defence Industrial Development Programme aiming at supporting the competitiveness and innovation capacity of the Union's defence industry, OJ L 200, 7.8.2018, p. 30.
4
development action shall be decided upon by the Member States on whose territory the
beneficiaries are established.
2.1.2 For that purpose, those Member States may decide on a specific security framework for
the protection and handling of classified information relating to the action and shall inform the
Commission thereof.
2.1.3 Such a security framework shall be without prejudice to the possibility for the Commission
to have access to necessary information for the implementation of the action.
2.1.4 If no such specific security framework is set up by those Member States, the Commission
shall set up the security framework for the action in accordance with the provisions of
Commission Decision (EU, Euratom) 2015/4443.
2.1.5 The applicable security framework for the action has to be in place at the latest before the
signature of the grant agreement.
2.2 Generic PSI for the EDIDP and specific PSI per Action
2.2.1 When classified information is generated or exchanged in the course of an EDIDP Action,
the generic EDIDP PSI provides for the security organisation and defines the security
requirements that will apply to Beneficiaries of an EDIDP Action and to their subcontractors.
2.2.2 Two models for carrying out the Actions can be considered. The PSI models are:
(a) Model 1 – If no specific security framework for the protection and handling of
classified information is set up by the Participant Member States, the European
Commission sets up the security framework and specifies the security requirements for a
specific EDIDP Action in accordance with Commission Decision (EU, Euratom) 2015/444.
In that event, the European Commission will issue the specific PSI for the EDIDP Action in
accordance with the given ‘Model 1’ template (in Annex 1) and will develop the Security
Classification Guide (SCG) in close coordination with experts from relevant Member
States.
(b) Model 2 – If the Participant Member States decide on their specific security
framework, they themselves issue the specific PSI for the specific EDIDP Action and
develop the SCG. The template for Model 2 (in Annex 2) may be used as standard
guidance.
2.3 Practical application
2.3.1 When classified information is generated or exchanged in the course of an EDIDP Action,
the calls for proposals will include the general security requirements.
2 Commission Decision (EU) 2019/513 of 26 March 2019 on the security framework for the European Defence Industrial Development Programme, OJ L 85, 27.3.2019, p. 43. 3 Commission Decision (EU, Euratom) 2015/444 of 13 March 2015 on the security rules for protecting EU classified information (OJ L 72, 17.3.2015, p. 53).
5
2.3.2 The consortium selected as grant beneficiary shall consult the Participant Member States
to enquire on the applicable relevant security framework and subsequently the PSI that will apply:
(a) when the Action is selected and follows the Model 1 organisation, the Commission will
complete the specific PSI for that Action based on ‘Model 1’ template (in Annex 1);
(b) when the Action is selected and follows the Model 2 organisation, the Participant
Member States will complete the specific PSI for the Action, which will follow as much as possible
the security requirements of Annex 2, and which will be communicated to the Commission prior to
the signing of the grant agreement.
2.3.3 The grant beneficiaries will be made aware of the applicable PSI via the relevant Security
Aspect Letters, which will be an integral part of the grant agreement.
6
ANNEX 1
PROGRAMME SECURITY INSTRUCTION
CONCERNING
(ACTION XX)
of the
European Defence Industrial Development Programme
(SHORT TITLE: EDIDP PSI FOR ACTION XX) issued by
European Commission
In accordance with COMMISSION DECISION (EU, Euratom) 2015/444 of 13 March 2015
Version X.X
Dated
XX XXXX 20XX
EUROPEAN COMMISSION Directorate-General for Internal Market, Industry, Entrepreneurship and SMEs Space Policy, Copernicus and Defence Defence, Aeronautic and Maritime Industries
7
Participants
[PARTICIPANT MEMBER STATES]
EUROPEAN COMMISSION
8
Version history
VERSION REFERENCE DATE COMMENTS
X.X Approved xx xx 20xx
Table of Contents
- Section 1 -.................................................................................................................................................. 11
Introduction ................................................................................................................................................ 11
1.1 Scope and Purpose ............................................................................................................................ 11
–Section 2 – ................................................................................................................................................. 12
Glossary ....................................................................................................................................................... 12
- Section 3 – ................................................................................................................................................. 17
PSI applicability and the security responsibilities of Participants ............................................................... 17
3.1 Applicability ....................................................................................................................................... 17
3.2 Responsibilities .................................................................................................................................. 17
3.2.1 Security Authorities .................................................................................................................... 17
3.2.2 Granting and Contracting Authorities ........................................................................................ 18
3.2.3 Participants’ Beneficiaries or Contractors .................................................................................. 18
-Section 4 – .................................................................................................................................................. 20
Security Instructions .................................................................................................................................... 20
4.1 Handling and Protection of EDIDP related Classified Information.................................................... 20
4.2 Marking of Classified Background Information………………………………………………………………………………….
4.3 Marking of Classified Foreground Information generated by Participants ...................................... 20
4.3.1 Security Classification Markings………………………………………………………………………………………...
4.3.2 Declassification and Downgrading markings…………………………………………………………………..
4.3.3 Releasibility markings…………………………………………………………………………………………………….
4.3.4 Crypto and CCI markings………………………………………………………………………………………………
4.3.5 Additional markings……………………………………………………………………………………………………..
4.4 Security Classification Guide (SCG) ................................................................................................... 23
4.5 Specific procedures for the protection of CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET Classified Information ................................................................................................................ 23
4.5.1 Access ......................................................................................................................................... 23
9
4.5.2 Handling and storage ................................................................................................................. 23
4.5.3 Information Assurance ............................................................................................................... 24
4.5.4 Tempest ...................................................................................................................................... 25
4.6 Specific Procedures for the Protection of RESTREINT UE/EU RESTRICTED Classified Information .. 25
4.6.1 Access ......................................................................................................................................... 25
4.6.2 Handling and Storage ................................................................................................................. 25
4.6.3 Information Assurance ............................................................................................................... 26
4.7 Access to Classified Information at Meetings ................................................................................... 27
4.8 Procedures for exchanging Classified Information ........................................................................... 27
4.8.1 Movement within a single Participant State .............................................................................. 27
4.8.2 Procedures for the exchange of CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET Classified Information between Participant States ............................................................................. 27
4.8.3 Procedures for the exchange of RESTREINT UE/EU RESTRICTED Classified Information .......... 33
4.8.4 Procedures for exchanging Classified Information using Removable Storage Media ............... 33
Section 5 - .................................................................................................................................................... 35
Release of Classified Information
5.1 Release of Classified Information to Third Parties to the Action ...................................................... 35
5.2 Release of Information to Third Parties to the Action at Symposia, Seminars or Conferences ....... 35
- Section 6 – ................................................................................................................................................. 36
International Visits among Participants and Beneficiaries/Contractors ..................................................... 36
6.1 Procedures for International Visits at the level of CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET ......................................................................................................................................... 36
6.2 Procedures for International Visits at the level of RESTREINT UE/EU RESTRICTED .......................... 37
– Section 7 – ................................................................................................................................................ 38
Awarding of grants and Contracting (security aspects) .............................................................................. 38
7.1 Proposal submission/Pre-letting/Tendering phase and awarding of Classified Grants and Contracts within the EDIDP .........................................................................................................................................
7.2 Sub-Contracting to Contractors of Participant States ....................................................................... 38
7.3 Sub-Contracting to Contractors of Third Parties to the Action…………………………………………………….
7.4 List of approved Beneficiaries and Contractors
7.5 Security Plan in the Event of Non-Selection, Termination of Classified Grant or Contract or Classified Grant or Contract Expiry ......................................................................................................................... 40
7.5.1 Participant Held Information ..................................................................................................... 40
7.5.2 Beneficiary or Contractor Held Information .............................................................................. 41
7.6 Procedures Related to Breaches, Compromises or Loss of Classified Information .......................... 42
ANNEX A - SECURITY AUTHORITIES OF PARTICIPANTS OF THE EDIDP ACTION .......................................... 44
10
ANNEX A1 SECURITY AUTHORITIES OF THE PARTICIPANT STATES
ANNEX A2 OTHER SECURITY AUTHORITIES
ANNEX B - TABLE OF EQUIVALENT SECURITY CLASSIFICATION MARKINGS
ANNEX C - MINIMUM REQUIREMENTS FOR PROTECTION OF EUCI IN ELECTRONIC FORM AT RESTREINT UE/EU RESTRICTED LEVEL HANDLED IN THE CONTRACTOR'S (BENEFICIARY'S) COMMUNICATION AND INFORMATION SYSTEMS
ANNEX D - PROCEDURE FOR HAND CARRIAGE OF CLASSIFIED INFORMATION .......................................... 67
ANNEX E - TRANSPORTATION PLAN ............................................................................................................ 85
ANNEX F - REQUEST FOR VISIT .................................................................................................................... 89
ANNEX G - COMSEC INSTRUCTIONS OF THE EDIDP ACTION .......................... Error! Bookmark not defined.
ANNEX H - SECURITY CLASSIFICATION GUIDE OF THE EDIDP ACTION ........... Error! Bookmark not defined.
11
Section 1
Introduction
1.1 Scope and Purpose
1. This Programme Security Instruction (PSI) establishes the security procedures to be applied and the common security procedures and processes to be followed for management of the [NAME OF THE ACTION], established under the European Defence Industrial Development Programme (EDIDP), and assigns the responsibilities for the protection of Classified Information generated or exchanged in connection with the Action.
2. This PSI supplements the relevant security rules of the Participants concerning the protection
of Classified Information (including COMSEC Items). The purpose of this PSI and its Annexes is to reconcile differences in national or international organisation policies so that standard security procedures are used by Participants’ Contractors/Beneficiaries.
3. This PSI provides instructions on: the classification and marking of Action Information;
protective security procedures, including the handling and transfer of Classified Information; visit procedures to be followed when Classified Information is accessed; measures to be taken in the event of a Security Breach or Compromise involving Classified Information; procedures to be followed for releasing Classified Information; and procedures to be followed when awarding a grant, contracting or sub-contracting.
4. The protection of COMSEC Items is addressed in Annex G.
12
Section 2
Glossary
For the purpose of this PSI, the following terminology is used:
ACTION means, in the light of Regulation (EU) 2018/1092 of the European Parliament and
of the Council of 18 July 2018 establishing the European Defence Industrial Development
Programme aiming at supporting the competitiveness and innovation capacity of the
Union's defence industry, the project selected under the Programme which the Consortium
is to carry out.
ACTION CLASSIFIED INFORMATION is any Classified Information provided to, generated
in, or used in the Action regardless of form or type; it includes both Foreground Information
and Background Information.
BACKGROUND INFORMATION means any Classified Information necessary for, or useful
to the implementation of the EDIDP, generated before or outside the framework of the
Action.
BENEFICIARY is an individual or legal entity possessing the legal capacity to receive
funding through a grant in the EDIDP and which has been selected by the Programme to
receive the grant.
CLASSIFIED CONTRACT is a framework contract or contract entered into for the supply of
movable or immovable assets, execution of works or provision of services by a contractor,
the performance of which requires or involves access to, storage or creation of Classified
Information.
CLASSIFIED GRANT is an agreement whereby the European Commission (Commission)
awards a grant as referred to in Part I, Title VIII, of Regulation (EU, Euratom) No
2018/1046, the performance of which requires or involves access to, storage or creation of
Classified Information.
CLASSIFIED INFORMATION means any information or material designated by a security
classification, the unauthorised disclosure or loss of which could cause varying degrees of
prejudice to the interests of one or more of the Participants or of the Union as a whole or
any other State or international organisation with which the Participants have concluded a
security of information agreement. Its classification level, and therefore the level of
protection to be afforded to it by the recipient, is indicated by a classification marking.
13
CLASSIFIED SUB-CONTRACT is a contract entered into by a Beneficiary or Contractor
with another contractor (i.e. the sub-contractor), for the supply of movable or immovable
assets, execution of works or provision of services, the performance of which requires or
involves access to, storage or creation of Classified Information.
COMMISSION SECURITY AUTHORITY is a European Commission authority set up within
the Directorate-General Human Resources and Security with responsibilities assigned to it
by the Commission Decision on the security rules for protecting EU classified information in
the Commission.
COMMUNICATION and INFORMATION SYSTEM (CIS) is any system enabling the
handling of information in electronic form. A CIS shall comprise the entire assets required
for it to operate, including the infrastructure, organisation, personnel and information
resources.
COMPROMISE of Classified Information denotes a situation when - due to a security
breach or adverse activity (such as espionage, acts of terrorism, sabotage or theft) –
Classified Information has lost its confidentiality, integrity or availability, or supporting
services and resources have lost their integrity or availability. This includes loss, disclosure
to unauthorised individuals (e.g. through espionage or to the media) unauthorised
modification, destruction in an unauthorised manner, or denial of service.
COMSEC (Communication Security) means the application of security measures to
telecommunications in any form in order to deny unauthorised persons to access
information of value derived from the possession and study of such telecommunications or
to ensure the confidentiality, availability, authenticity, nonrepudiation and integrity of such
telecommunications. Such measures include crypto, transmission and emission
(TEMPEST) security, as well as procedural, physical, personnel, document and computer
security.
COMSEC INSTRUCTIONS is the document that establishes the security instructions and
assigns the responsibilities for the implementation of security policy concerning COMSEC
Items generated and exchanged under the Action. This document also provides common
security procedures for the marking, handling, storage, destruction and electronic
transmission of COMSEC and CRYPTO Items. The COMSEC Instructions are at Annex G
to this PSI.
COMSEC ITEM means all material, including keys in all forms, such as documents, devices
or equipment, that describe, contain or relate to cryptographic products and is essential to
the encryption, decryption or authentication of telecommunications and any other item that
performs critical COMSEC functions.
14
CONSORTIUM means a collaborative grouping of Undertakings constituted to carry out an
action under this Programme.
CONTRACTING AUTHORITY is the State or bodies governed by the public law which
prepare, award, cancel or modify contracts.
CONTRACTOR is an individual or legal entity possessing the legal capacity to undertake
contracts.
COURIER is an appropriately cleared and authorised government employee from a
Participant state or staff member of a Participant organisation, or a Beneficiary or
Contractor employee who is appropriately approved by the Security Authorities to hand-
carry Classified material to its destination.
DESIGNATED SECURITY AUTHORITY (DSA) is a state authority responsible to the
National Security Authority (NSA) of a participant which is responsible for communicating to
industrial or other entities national policy on all matters of industrial security and for
providing direction and assistance in its implementation. The function of DSA may be
carried out by the NSA or by any other competent authority in that Participant state.
DOCUMENT means any recorded information regardless of its physical form or
characteristics.
EU CLASSIFIED INFORMATION (EUCI) means any information or material designated by
an EU security classification, the unauthorised disclosure of which could cause varying
degrees of prejudice to the interests of the European Union or of one or more of the
Member States.
FACILITY SECURITY CLEARANCE (FSC) means an administrative determination by a NSA, DSA or competent Security Authority that, a facility can afford an adequate level of protection to Classified Information to a specified security classification level.
FACILITY SECURITY OFFICER is a person, having the appropriate security expertise,
designated by the management to be responsible for the proper implementation of security-
related decisions and for the co-ordination of available security resources and measures
within a facility involved in the classified parts of the Action, as well as to be the technical
advisor to management on security matters related to the Action.
FOREGROUND INFORMATION is Classified Information generated in the performance of
the Action.
15
GOVERNMENT-TO-GOVERNMENT CHANNELS are transfers of Classified Information
via diplomatic pouch or through other channels approved by the Security Authorities
involved.
GRANTING AUTHORITY is the Commission department responsible for the Programme.
NATIONAL SECURITY AUTHORITY (NSA) is a Government authority with ultimate
responsibility for the security of Classified Information in that country.
NEED-TO-KNOW is the principle according to which a positive determination is made that
a prospective recipient has a requirement for access to, knowledge of, or possession of
information in order to accomplish a designated and approved function relating to the
Action.
ORIGINATOR means Participants, Third States or International Organisations under whose
authority Classified Information has been created and/or introduced into the EDIDP. (Whilst
Beneficiaries or Contractors can create EU Classified Information for the Action they are
not considered the Originator for the purposes of this PSI. For all Foreground Information
generated within the Action the European Commission is considered the Originator.)
PARTICIPANTS are the European Commission and the EU Member States that are listed
in this PSI, which are responsible for co-ordinating the implementation of this PSI.
PERSONNEL SECURITY CLEARANCE (PSC) means a statement by a competent
authority of a Participant state, which is made following completion of a security
investigation conducted by a competent authority of a Participant state and which certifies
that an individual is cleared to have access to Classified Information up to the level of
CONFIDENTIEL UE/EU CONFIDENTIAL or above until a specific date.
PROGRAMME SECURITY INSTRUCTION (PSI) CONCERNING THE ACTION is a set of
security procedures applied to a specific Action in order to standardise security procedures.
It may be revised throughout the Action.
PSI CUSTODIAN is appointed by the European Commission and is responsible for the
control of this PSI, including annexes, and for ensuring the correct issuing and version
control.
16
RELEASE is the passing of Action Information to a Third Party to the Action, to the general
public, or to any member of the general public, by any means of communication.
SECURED AREA is a physically protected area with a visibly defined and protected
perimeter through which all entry and exit is controlled by means of a pass or personal
recognition system, where unescorted access is granted only to individuals who are
security cleared and are specifically authorised to enter the area on the basis of their need-
to-know, and where all other individuals are escorted at all times or are subject to
equivalent controls.
SECURITY ASPECTS LETTER (SAL) is a set of special contractual conditions, issued by
the Contracting of Granting Authority, which forms an integral part of a Classified Contract
or Classified Grant involving access to or generation of Classified Information, that
identifies the security requirements or those elements of the contract or grant requiring
security protection.
SECURITY AUTHORITY is the NSA, DSA or other authority which is responsible for the
maintenance of standards for the security of Classified Information of a country or an
organisation.
SECURITY BREACH occurs as result of an act or omission which is contrary to the
security provisions set out in this PSI or in any other applicable laws, rules or regulations.
SECURITY CLASSIFICATION GUIDE (SCG) is the document which describes the
elements of a programme, project or contract which are classified, specifying the applicable
security classification levels. The SCG issued to Beneficiaries or Contractors may be
modified throughout the life of the programme or contract and the classified elements may
be re-classified or downgraded.
SUB-CONTRACTOR is legal entity awarded a sub-contract under the Action.
THIRD PARTY TO THE ACTION is any international organisation or State that is not a
Participant to the Action, or individual or legal entity not involved in the Action.
TRANSMISSION means the sending of Action Information from one place to another by
electronic means.
UNDERTAKING means an entity, regardless of its legal status or the way in which it is
financed, which is engaged in an economic activity, and which is established in the Member
State in which it is incorporated, in accordance with the national law of that Member State.
17
Section 3
PSI applicability and the security responsibilities of Participants
3.1 Applicability 1. This PSI applies to any Beneficiary or Contractor that will access or create Classified
Information under the Action. The latest approved version of this PSI and its annexes will be referenced to in the Security Aspects Letter of a grant agreement or contract, and as such, is applicable to Beneficiaries or Contractors on a contractual basis.
2. Participants apply their respective laws, rules or regulations concerning the protection of Classified Information, taking into account the provisions of this PSI and its Annexes, in order to provide for standard security procedures and ease the functioning of the EDIDP.
3. Questions concerning the content and interpretation of this PSI, and any proposed changes, shall be addressed to the European Commission, who will consult with the Granting or Contracting Authority and the Participants’ Security Authorities, if required.
4. Nothing in this PSI shall cause prejudice to the national or EU laws and regulations of
Participants regarding public access to documents. 5. The text of the EDIDP PSI and its further amendments will be submitted to Commission
Security Expert Group for advice.
3.2 Responsibilities
3.2.1 Security Authorities 1. The Security Authorities of the Participant Member States are responsible for:
a. Monitoring the implementation of the provisions of this PSI within their establishments, and by Beneficiaries or Contractors under their jurisdiction;
b. Conducting the Facility Security Clearance (FSC) process for Beneficiaries or
Contractors that are required to handle and/or store Classified Information at the level of CONFIDENTIEL UE/EU CONFIDENTIAL or above at their facility;
c. Upon request, and where Classified Information at the level of CONFIDENTIEL
UE/EU CONFIDENTIAL or above is involved, responding to FSC Information Sheet (FIS) requests from another Security Authority or Granting or Contracting Authority;
d. Conducting the Personnel Security Clearance (PSC) process on personnel handling Classified Information at the level of CONFIDENTIEL UE/EU CONFIDENTIAL or above.
2. The Security Authorities of all Participants are responsible for:
a. Upon request, and where Classified Information at the level of CONFIDENTIEL
UE/EU CONFIDENTIAL or above is involved, responding to PSC Information Sheet (PSCIS) queries submitted by another Security Authority;
18
b. Submitting and/or approving Transportation Plans, Courier certificates, international visit requests (i.e. request for visit), etc. in accordance with the provisions of this PSI;
c. Informing the Originator, the Commission Security Authority and the relevant
NSA/DSAs, identified in Annex A2 about any security breach, which may have led to a loss or Compromise of Classified Information; and
d. Investigating all cases in which it is known, or where there are grounds for
suspecting a Compromise of Classified Information provided or generated pursuant to the Action has occurred;
e. Ensuring, in liaison with the PSI custodian, that their details in Annex A1 are up to
date.
3.2.2 Granting and Contracting Authorities 1. The Granting or Contracting Authorities for the EDIDP shall notify, through the Commission
Security Authority, the relevant Security Authority of the Beneficiary or Contractor of any Classified Grant, Contract (or Sub-Contract) awarded and its end-date, and shall provide a copy of the relevant parts of the Classified Grant or Contract (e.g. the security aspects letter) to the Security Authority of the Participant in order to facilitate their security monitoring of the grant or contract.
2. The Granting or Contracting Authorities shall distribute the latest issue of this PSI to their Beneficiaries or Contractors. Beneficiaries and Contractors shall forward the latest version of this PSI to their Sub-Contractors.
3. The Granting or Contracting Authorities are responsible for providing updated details of Beneficiary or Contractors or Sub-Contractors under grant agreement or contract with them.
3.2.3 Participants’ Beneficiaries or Contractors 1. Beneficiaries or Contractors are responsible for the implementation of this PSI within their
facilities, in particular for ensuring that:
a. The provisions of the latest version of this PSI are implemented; b. All Classified Information and COMSEC Items generated by the Beneficiary or
Contractor, or entrusted to them, are appropriately safeguarded; c. A Facility Security Officer is appointed who is responsible for supervising and
directing security measures in relation to the Action. This individual shall be responsible for limiting access to Classified Information involved in the Classified Grant or Contract to those employees who have been briefed, authorised for access, have a Need-to-Know and (for access to Classified Information at the level of CONFIDENTIEL UE/EU CONFIDENTIAL or above) have been granted a PSC at the appropriate level;
d. Any Foreground Information generated by the Beneficiary or Contractor is
classified in accordance with this PSI and the relevant Security Classification Guide (SCG);
19
e. The security classifications of Background Information are retained and not changed without the prior written consent of the Originator;
f. Classified Information is only provided to individuals who have a Need-to-Know;
g. Classified Information (at the level of CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET) is only provided to Beneficiary or Contractor facilities that have been granted a FSC. Prior to providing Classified Action Information to another Beneficiary or Contractor or Sub-Contractor the FSC status of that Beneficiary or Contractor or Sub-Contractor shall be established;
h. Classified Information is not released to Third Parties to the Action without the appropriate release procedures of this PSI having been followed;
i. Classified Foreground Information is not used for purposes other than the Action,
unless the prior written consent of the Originator has been obtained through their Granting or Contracting Authority;
j. The relevant security provisions of this PSI, as detailed in the Security Aspects
Letter, or parts thereof, are included as part of any contractual arrangement with Sub-Contractors;
k. Appropriate action is taken in the event of any actual or suspected Security
Breach, Compromise or loss involving Classified Information; and
l. Their Security Authority is informed about any suspected or actual Security Compromises or losses of Classified Information as soon as is possible.
20
Section 4
Security Instructions
4.1 Handling and Protection of Action related Classified Information 1. Foreground Information that is accessed, used or generated by Participants and their
Beneficiaries or Contractors shall be handled and protected in accordance with Commission Decision (EU, Euratom) 2015/444 on the security rules for protecting EU classified information, with its implementing rules on industrial security, respecting the supplementary provisions set out in this PSI.
2. Background Information shall be afforded the appropriate level of protection by Participants, in accordance with existing security agreements or arrangements. Annex B provides a table of equivalence for reference.
3. Classified Information shall be upgraded, downgraded or declassified only with the consent
of the Originator.
4. For compilations of information (i.e. aggregation) a higher level of classification may be required. Classification on this basis shall be clearly documented by the Originator of the Classified Information.
5. Equipment and system components or parts thereof revealing Classified Information (e.g.
during assembly or testing works) shall be handled and protected in accordance with the Classification level of the information revealed.
4.2 Marking of Classified Background Information 1. Any request for changes to the security classifications of Programme Background Information
shall require the prior written approval of the originating State or International Organisation.
2. Classified Background Information introduced in the Action shall be marked with the relevant security classification and an annotation that identifies it as [NAME OF THE ACTION].
Example for Classified Background Information at CONFIDENTIAL level:
CONFIDENTIEL DÉFENSE
[NAME OF THE ACTION]
Background information
21
3. EU Classified Background Information to be used for the purposes of the Action shall be protected in accordance with the security rules applicable to this information.
4.3 Marking of Classified Foreground Information generated by Participants 4.3.1 Security Classification Markings
1. Foreground Information shall be classified in accordance with the Security Aspects Letter. For grants or contracts, the relevant parts of the SCG shall be extracted or specific classification guidance shall be given by the Granting or Contracting Authority in the respective grant agreement or contract or SAL.
2. Such Foreground Information shall be marked with the appropriate EU classification marking: RESTREINT UE/EU RESTRICTED, CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET. For documents the EU classification marking will be applied on the top and bottom of each page, centred, and in capital letters.
3. The distribution limitation ‘Name of the Action’ shall be indicated, together with the
classification marking. An example is shown:
4. For Foreground Information not in the form of documents (e.g. electronic files and physical equipment/material) the EU classification marking shall be applied in such a way as to clearly identify the level of classification.
4.3.2 Declassification and Downgrading markings
1. If Foreground Information needs to maintain its classification only for a defined period, it may be downgraded/declassified at that point by or on behalf of the Originator. A date (or reason) for expiry of the classification may be indicated below the Classification marking. Two examples are:
SECRET UE/EU SECRET
[NAME OF THE ACTION]
Until [Day/Month/Year]
[NAME OF THE ACTION]
22
4.3.3 Releasibility Markings 1. Should the release of Classified Information be authorised to a Third Party to the Action or to
another EU Action or Programme, a releasability statement, in compliance, if necessary, with the EU-Third Party Security of Information Agreement, shall be added below any classification marking as shown in this example:
2. Releasibility Markings may be further detailed by the Participants. Such provisions will be communicated in the SAL.
4.3.4 Crypto and CCI markings 1. The caveats currently approved for the EDIDP are ‘CCI’ and ‘CRYPTO’. These identify that
Classified Information is COMSEC Item. Approved caveats may be added below the classification marking.
4.3.5 Additional markings 1. In addition to the classification markings described above and listed in Annex B, only
approved additional markings are permitted to be applied on Foreground Information. These may be any caveats, code-words or acronyms specifying the field of activity to which the document relates, a particular distribution on a need-to-know basis or restrictions on use.
2. Any other markings that are used will not be recognised by Participants and information so marked will not be protected in accordance with this PSI.
3. The ComSEG is consulted on such additional markings, which are defined in Annex B-bis4.
4 To be created in case of need.
SECRET UE/EU SECRET
[NAME OF THE ACTION]
Declassified when [reason/event]
SECRET UE/EU SECRET
[NAME OF THE ACTION]
RELEASABLE TO NATO
23
4.4 Security Classification Guide (SCG) 1. The SCG provides instructions on the appropriate level of protection, by means of a
classification marking or COMSEC caveat, to be applied to Foreground Information generated in the course of the Action.
2. It will be prepared in close coordination with experts of Participant Member States in the
projects and will form an annex to the Security Aspects Letter (SAL), which will be integral part of the classified contract or classified grant.
3. The classification levels assigned in the SCG are those anticipated for each item of listed
information or equipment. As stated in this PSI, compilations of Classified Information may require a different level of classification than that indicated in the SCG. The Originator should be consulted for advice if necessary. Changes or questions concerning the interpretation of the SCG shall be addressed to the Commission, who may consult with the Participants' Security Authorities.
4.5 Specific procedures for the protection of CONFIDENTIEL UE/EU CONFIDENTIAL
and SECRET UE/EU SECRET Classified Information
4.5.1 Access 1. Access to and handling of Classified Information at these levels for the purposes of the
Action shall be limited to individuals having the appropriate level of PSC and a Need-to-Know.
2. When individuals are first granted access to Classified Information at these levels for the Programmes they must have been briefed by their Facility Security Officer on the security requirements in this PSI. They shall acknowledge their responsibilities for protecting this information in writing, and a record of this acknowledgement shall be retained by the Facility Security Officer. Individuals required to access to Classified Information at these levels shall be briefed at regular intervals by their Facility Security Officer.
3. Security debriefings shall be given to personnel when they no longer require access to
Classified Information at these levels. The debriefing shall consist of a reminder of the continuing responsibility to protect the Classified Information and the possible penalties for failure to do so. Debriefing certificates may be used to record the debriefings and shall be retained by Facility Security Officers.
4.5.2 Handling and storage 1. Classified Information at these levels shall only be handled and stored in Participants’
establishments if they are authorised to handle and store that level of Classified Information in accordance with the applicable laws, rules or regulations of the Participant, and in the facilities of Beneficiaries or Contractors that have been granted an appropriate FSC.
2. When created or received, documents or material classified at these levels shall be
registered for purposes of accountability in dedicated registry or logbooks. For such purposes a classified registry shall be established which shall be responsible for recording the life-cycle of the Classified Information at these levels at the facility, including its dissemination and destruction. Registering of classified documents or material by electronic means shall be subject to the prior approval of the Security Authority.
3. Classified Information at these levels shall only be worked on in a Secured Area approved in
accordance with the applicable laws, rules and regulations of the Participant in a manner that
24
prevents unauthorised access to the information, shall not be discussed or worked on in public (e.g. on public transport) and shall not be left unattended or handled in a manner that could result in unauthorised access.
4. Secured Areas that have been designated as ‘Technically Secured Areas’ by Security Authorities shall be equipped with Intruder Detection Systems (IDS), be locked when not occupied and be guarded when occupied. Any keys shall be controlled, all persons and material entering such areas shall be controlled. Such areas shall be regularly physically and/or technically inspected as required by the competent Security Authority. Such inspections shall also be conducted following any unauthorised entry or suspicion of such entry. Technically secured areas shall be free of unauthorised communication lines, unauthorised telephones or other unauthorised communication devices and electrical or electronic equipment.
5. When not in use, documents or other small items classified at these levels shall be stored in
a secured container approved in accordance with the applicable laws, rules or regulations of the Participant. If the material is of such a size or format that it cannot be stored in a secured container advice shall be sought from the relevant Security Authority as to how it should be protected.
6. The physical reproduction of Classified Information at these levels shall be limited to the
minimum necessary to fulfil a particular action or function. Copies shall be made in a Secured Area using equipment approved in accordance with the applicable laws, rules or regulations of the Participant. The security measures applicable to the original document shall also apply to any copies made. Copies shall be managed appropriately and securely destroyed when no longer required.
7. Translations of Classified Information at these levels shall only be undertaken by personnel
holding an appropriate level of PSC. If a translation is created it shall be marked as the original, be afforded the same level of protection as the original, and be securely destroyed when no longer required.
8. When no longer required by the holder, Classified Information at these levels shall be
destroyed in such a manner to ensure that it cannot be reconstructed. The destruction shall be by a method that is in accordance with the applicable laws, rules or regulations of the Participant. Such destruction shall be carried out by, and witnessed by, an individual holding an appropriate level of PSC. A destruction certificate shall be created and shall be recorded and filed in the registry/logbook. Destruction certificates are to be retained by the establishment or facility where the destruction took place for five years.
4.5.3 Information Assurance
1. Classified Information at these levels shall be processed and stored electronically in CIS which have been appropriately accredited for the level of classification to be handled. The accreditation to be applied shall be in accordance with the applicable laws, rules or regulations of the Participant.
2. Classified Information at these levels may be stored on removable or portable data storage
media or devices. It shall be handled and protected to the same standards as documents containing the same level of classified information, if not encrypted with an approved encryption product. Sub-section 4.9.4 provides further information on the procedures and considerations that apply for removable storage media.
25
3. CIS used within facilities located on the territory of one Member State and handling Action-related Classified Information will be accredited by the relevant Security Authority or competent Security Accreditation Authority (SAA), as appropriate, in accordance with the applicable laws, rules or regulations of the hosting Participant.
4. For security accreditation of such CIS handling EDIDP-related Classified Information, whose components are under different jurisdictional domains (e.g. different SAAs), all concerned SAAs shall take part in the security accreditation process. In such case the system-specific information assurance requirements and the accreditation process will be identified in dedicated security requirements documentation, which will be jointly approved by the SAAs involved.
5. Accredited portable computing devices not using approved encryption shall only be used or stored in an accredited Secured Area.
6. Classified Information at this level that is transmitted, shall be protected by appropriately
approved cryptographic products.
7. Interconnection of Beneficiary or Contractor’s CIS handling Action related Classified Information to other Participants’ CIS will be jointly accredited by the respective Security Accreditation Authorities (SAAs). Appropriate security arrangements should be in place to ensure that the SAAs and the different CIS providers of the interconnected CIS are bound by relevant security requirements on the protection of Action-related Classified Information handled or exchanged via such CIS.
8. Areas in which CIS are installed or operated to display, store, process or transmit Action
related Classified Information will be established as Secure Areas. CIS areas housing servers, network management systems, network or communications controllers should be established as separate and controlled areas with an appropriate access control system. Access to these CIS areas should be limited to specifically authorised persons.
4.5.4 Tempest 1. Facilities that house CIS handling Classified Information at these levels shall be assessed by
their Security Authority on the threat of Compromise by unintentional electromagnetic emanations. TEMPEST security measures shall be commensurate with the risk of exploitation and the level of classification of information.
4.6 Specific Procedures for the Protection of RESTREINT UE/EU RESTRICTED
Classified Information
4.6.1 Access 1. Access to Classified Information at this level shall be limited to individuals who have an
established Need-to-Know for the purposes of the Action. 2. PSCs are not required for access to Classified Information at this level unless required by
a Participant state’s applicable laws, rules or regulations. A Participant state that requires its nationals to hold a PSC at this level shall not deny access to a national from another Participant that does not require a PSC at that level according to its applicable laws, rules or regulations.
4.6.2 Handling and Storage
1. FSCs are not required for Beneficiaries or Contractors handling and storing Classified Information at this level at their facility unless required by applicable laws, rules or regulations. A Participant that requires a FSC for its Beneficiaries or Contractors at this
26
level shall not require an FSC from a Beneficiary or Contractor of another Participant that does not require a FSC at that level according to its applicable laws, rules or regulations.
2. There is no requirement to register Classified Information at this level unless required by a
Participant state's applicable laws, rules or regulations. 3. Classified Information at this level shall not be discussed or worked on in public (e.g. on
public transport).
4. Classified Information at this level shall not be left unattended or handled in a manner that could result in unauthorised access. As a general rule, when not in use such information should be stored in locked desks, cabinets, or similar containers to which access is limited to persons having the required Need-to-Know. Classified Information at this level may also be stored in the open in locked rooms, provided access to the room is restricted to persons who have a Need-to-Know.
5. The physical reproduction of Classified Information at this level shall be limited to the
minimum necessary to fulfil a particular action or function. Copies shall be managed appropriately by the facility and securely destroyed when no longer required.
6. Translations of Classified Information at this level shall be marked as the original, be
afforded the same level of protection as the original and be securely destroyed when no longer required.
7. When no longer required by the holder, Classified Information at this level shall be
destroyed in such a manner that ensures it cannot be reconstructed. The destruction shall be by a method that is in accordance with the applicable laws, rules or regulations of the Participant.
4.6.3 Information Assurance 1. Classified Information at this level shall be processed and stored in CIS which have been
accredited for this level of classification by the appropriate Security Authority.
2. The security accreditation of CIS handling Classified Information at this level may be delegated to Beneficiaries or Contractors according to applicable laws, rules or regulations. Where this delegation is exercised, the relevant Security Authorities or SAAs shall retain the responsibility for the protection of Classified Information at this level handled by the Beneficiary or Contractor and the right to inspect the security measures taken by the Beneficiary or Contractor. In addition, the Beneficiary or Contractor will provide to the Granting or Contracting Authority and, where required, to its NSA/DSA a statement of compliance certifying that the CIS handling Classified Information at this level have been accredited. The accreditation to be applied shall be in accordance with the applicable laws, rules or regulations of the Participant. Minimum requirements for contractor CIS handling EUCI at RESTREINT UE/EU RESTRICTED level are described in Annex C.
3. Classified Information at this level that is transmitted shall be protected by cryptographic
products approved by the EU or the relevant Security Authority. For interconnected systems this needs to be approved by the relevant Security Authorities (or SAAs).
4. Portable computing devices not using approved encryption shall only be used or stored in
areas with appropriate access control. Data storage media and computing devices containing Classified Information at this level, which are not encrypted with an approved encryption
27
system shall not be carried outside premises unless they can be held under personal custody.
5. Classified Information at this level may be stored on removable data storage media or devices. Section 4.10.4 provides further information on the procedures and considerations that apply.
4.7 Access to Classified Information at Meetings 1. Access to Classified Information at meetings, which includes conferences, symposia and
seminars shall be subject to the provisions of this PSI.
4.8 Procedures for exchanging Classified Information 1. For the purposes of this document the following terminology is used in the context of
exchanging Classified Information:
a. Transport: for the physical exchange of Classified Information (e.g. by hand carriage, postal service, commercial courier, road, air).
b. Transmission: for the electronic transfer of Classified Information (e.g. via email).
2. For the purposes of this PSI, electronic transmission does not include the movement of
removable storage media and devices. This aspect is addressed in Section 4.9.4.
4.8.1 Movement within a single Participant State
1. The movement of Programme Classified Information within the territory of a Participant State will be in accordance with the applicable laws, rules or regulations.
4.8.2 Procedures for the exchange of CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET
UE/EU SECRET Classified Information between Participant States
1. As a general principle, the preferred means for the exchange of Classified Information at these levels under the Action is electronic transmission using approved encryption methods or products.
2. The following means may be permitted for the exchange of CONFIDENTIEL UE/EU
CONFIDENTIAL Classified information:
a. Electronic transmission using approved encryption systems, cryptographic products or methods;
b. Government-to-Government Channels; c. Hand carriage by authorised personnel holding the appropriate level of PSC; d. Approved transport by road, rail, ship or air by security cleared transport
companies or escorting personnel. e. Carriage by non-security cleared approved postal services or commercial courier
companies, in accordance with national laws and regulations.
28
3. The following means are permitted for the exchange of SECRET UE/EU SECRET Classified Information:
a. Electronic transmission using approved cryptographic products or methods; b. Government-to-Government Channels; c. Hand carriage by authorised personnel holding the appropriate level of PSC; or d. Approved transport by road, rail, ship or air by security cleared transport
companies or escorting personnel.
4. Companies and sites will exchange Classified Information, on the condition that the sender shall first obtain confirmation from its relevant Security Authority that the site holds a valid FSC at the appropriate level and that the company is entitled to receive Action-related Classified Information at that level.
International Electronic Transmission
5. Electronic transmission of Classified Information at these levels between Participants shall be protected by cryptographic methods or products approved by the EU.
Government-to-Government Channels
6. Government-to-Government Channels (e.g. diplomatic bag services) to be used for the transport of Classified Information at these levels shall be in compliance with the regulations of the sending Participant. Note: this is not to be confused with the hand carriage of Classified Information, which is covered in the next sub-section.
Hand Carriage 7. Classified Information at these levels may be hand carried by an individual holding the
appropriate level of PSC. 8. An individual hand carrying the Classified Information shall be briefed on their responsibilities
by the Facility Security Officer before the transport occurs. 9. An individual hand carrying the Classified Information from one Participant state to another
will be issued with a Courier certificate, a template of which is provided in Annex D. Senders can use this template in that Annex or an equivalent national document approved by their Security Authority. The individual hand-carrying the information shall carry the Courier certificate during the transport, and be able to present this upon arrival at the receiving facility.
10. During the hand carriage the consignment shall remain in the personal custody of the individual, or be appropriately secured as described in this PSI. It shall not be left unattended and shall not be read in public.
International Carriage by Approved Postal Services or Commercial Courier Services
29
11. SECRET UE/EU SECRET Classified Information shall not be sent internationally by postal service or commercial courier service.
12. The sending of Classified Information by approved postal services or commercial courier
services is only permitted for consignments up to and including the classification level CONFIDENTIEL UE/EU CONFIDENTIAL, provided such means of exchange are permitted by the applicable laws, rules or regulations of the sending Participant.
13. Postal services or commercial courier services for consignments up to and including the
classification level CONFIDENTIEL UE/EU CONFIDENTIAL shall only be used if the following criteria have been met:
a. The Security Authority of the sender permits the use of postal services or commercial
courier services according to its applicable laws, rules or regulations;
b. The Security Authority of the sender may, according to its applicable laws, rules or regulations, require the postal service or commercial courier service to hold a FSC;
c. The postal service or commercial courier service to be used is located within the Participant state’s territory, has a security programme for handling valuable items, including a signature service, a continuous record of accountability on custody and a tally record or electronic track and trace system;
d. The postal service or commercial courier service to be used shall ensure that the consignment is delivered to the recipient prior to a specified time and date within a 48-hour period under regular circumstances, or within a clearly defined time frame for consignments over distances that cannot reasonably be covered within a 48 hour period; and
e. The postal service or commercial courier service to be used shall obtain and provide to the sender proof of delivery on a signature/tally record.
14. When CONFIDENTIEL UE/EU CONFIDENTIAL Classified Information is sent by postal service or approved commercial courier service the consignment shall be prepared and packaged as follows:
a. The consignment shall be sent using double envelopes (the inner envelope being a
tamper-evident envelope) or other suitably secure packing material;
b. The classification level shall be clearly visible on the inner envelope/package;
c. The classification shall not be on the outer envelope/package;
d. Both the inner and outer envelope/package shall be clearly addressed to a named individual at the intended recipient, and shall include a return address;
e. A registration receipt form shall be placed inside the inner envelope/packaging for the recipient to complete and return. The registration receipt, which itself shall not be classified, shall quote the reference number, date and copy number of the document, but not the subject;
30
f. Delivery receipts are required in the outer envelope/packaging. The delivery receipt, which itself shall not be classified, should quote the reference number, date and copy number of the document, but not the subject; and
g. The courier service must first obtain and provide the consignor with proof of delivery of the consignment on the signature and tally record, or the courier must obtain receipts/package numbers.
15. The sender shall liaise with the named recipient before the consignment is sent to agree a suitable date/time for delivery.
16. The sender is solely responsible for the consignment that is sent by postal service or
commercial courier service. In the event that the consignment is lost or not delivered on time, the sender shall follow up with the postal service or commercial courier service to ascertain the circumstances of the security incident, and inform its NSA/DSA and the Granting or Contracting Authority.
Transport by Freight – General requirements 17. Classified Information at these levels which is of such size or shape that it cannot be
transported by one of the methods listed above, or an exchange of large volumes of Classified Information, may be transported as freight by a commercial transportation company. (Note: this is not to be confused with a commercial courier service as covered in the previous sub-section.)
18. The transport company either shall hold a FSC at the appropriate level or shall be capable of
deploying security cleared couriers or escorts for the transport, if permitted under the sender’s applicable laws, rules or regulations.
19. Where Classified Information at these levels requires overnight storage at the transport
company’s facilities a FSC with storage capabilities shall be required. Senders shall check with their Security Authority before selecting a commercial transportation company whether a FSC will be required for the transport.
20. The sender shall prepare a Transportation Plan using Annex E (or an equivalent national
document approved by their Security Authority). When the sender has completed the plan they shall submit this to their Security Authority for consideration. Once reviewed, the sender’s Security Authority will submit the Transportation Plan to the Security Authority of the recipient for their consideration. Transport by freight cannot take place until both the sending and recipient Security Authority have agreed the Transportation Plan.
21. The degree of protection and measures required for the transport shall be determined by the
highest classification level of the contents of the consignment.
22. Containers used for the transport shall not bear any visible indication that they contain Classified Information. These containers shall be sealed with seals/locks in such a way that any tampering is evident. Any evidence of tampering shall be considered a Security Breach and be reported as soon as possible.
23. Journeys will be point-to-point to the extent possible, and will be completed with the shortest possible delays and stops. Appropriate security measures shall be in place at all stages during the transport.
31
24. If possible, routes to be used for road and rail will be limited to the territory of Participant
states. If not possible, routes through non-Participant states will be planned in close cooperation with the Security Authorities of the sender and recipient.
Security escorts or Security Guards
25. Any security escort/guard team shall be composed of an adequate number of personnel to ensure regular tours of duty and rest. Their number shall depend on the highest classification level of the consignment, the method of transportation to be used, the estimated time in transit and at designated stops, and the quantity and level of the Classified Information to be protected.
26. It is the responsibility of the sender and, where applicable, the recipient to instruct security
escorts and security guards on how the consignment shall be protected. Transport by Road 27. The consignment shall be accompanied by at least two individuals with the appropriate level
of PSC, which may be the driver, co-driver or another individual escorting the transport. One of these individuals shall be issued with and carry a Courier Certificate (Annex D) and shall be briefed on their security responsibilities to protect the Classified Information before the transport occurs.
28. The Classified Information shall be secured in containers by a lock or padlock, or in a closed
or locked vehicle. If this is not possible because of the size or nature of the contents, the consignment shall be suitably sealed using a tamper-evident method to protect the classified aspects.
29. Where stops are required during transport, attempts should be made by the sender to arrange for stops to be at suitably cleared government establishments or Beneficiary or Contractor facilities holding a FSC. In the event such arrangements cannot be made, or an emergency situation arises due to accident or breakdown of the vehicle, at least one of the individuals with a PSC accompanying the consignment shall be responsible for monitoring and keeping it under constant control.
30. Where possible, loading and unloading of the consignment will be under the security control
of at least one individual holding an appropriate level of PSC. 31. Where appropriate and permissible, the sending and receiving Security Authorities, plus any
Participant states the transport will pass through, shall advise their customs or other relevant authorities of impending consignments.
Transport by Rail 32. The consignment shall be accompanied by at least two individuals with the appropriate level
of PSC. One of these individuals shall be issued with and carry a Courier Certificate and shall be briefed on their security responsibilities to protect the Classified Information before the transport occurs.
32
33. Passenger accommodation shall be made available for security escorts and/or security guards. During stops the security escorts and/or guards shall remain with the consignment.
34. Where possible, loading and unloading of the consignment shall be under the security control
of at least one individual holding the appropriate level of PSC. 35. Deliveries and collection shall be so timed to prevent, to the extent possible, a consignment
being held in warehouses without an appropriate level of FSC. Transport by Sea 36. The consignment shall be accompanied by at least two individuals with the appropriate level
of PSC. One of these individuals shall be issued with and carry a Courier Certificate (Annex D) and shall be briefed on their security responsibilities to protect the Classified Information before the transport occurs.
37. Preference shall be given to using ships that sail under the flag of a Participant state.
38. The consignment shall be stowed in locked stowage space approved by the Security
Authority of the sender. Where practicable, at least one security escort or security guard holding an appropriate PSC shall accompany the consignment.
39. Except in case of emergency, stops at a port of a non-Participant state are not permitted
unless the prior approval of the sender’s Security Authority has been obtained. Where possible, loading and unloading of the consignment will be under the security control of at least one individual holding the appropriate level of PSC.
40. Deliveries to the port of embarkation and collection from the port of disembarkation shall be
timed to prevent, as far as possible, a consignment being held in port warehouses (unless the warehouse has an appropriate level of FSC).
Transport by Air
41. Unless there are clear reasons why this is not possible, the consignment shall be accompanied by at least two individuals with the appropriate level of PSC. If this requirement cannot be met the sender should consult their Security Authority to seek their approval. One of these individuals shall be issued with and carry a Courier Certificate (Annex D) and shall be briefed on his responsibilities to protect the Classified Information before the transport occurs.
42. Where possible, the consignment will be delivered straight to the aircraft rather than being
stored in warehouses at airports or airfields (unless a warehouse has an appropriate level of FSC). A sufficient number of security escorts and/or security guards shall be provided to keep the consignment under adequate supervision.
43. Where possible, loading and unloading of the consignment will be under the security control
of at least one individual holding the appropriate level of PSC.
44. Direct flights will be used whenever possible. 45. Intermediate routine stops of short duration may be permitted, provided the consignment
remains in the aircraft. If the cargo compartment is to be opened at a stop, every effort shall
33
be made to ensure that a security escort or security guard accompanying the consignment is present.
46. In the event that the aircraft is delayed at an intermediate stop for a significant period of time,
or is forced to make an unscheduled or emergency landing, the individual holding the courier certificate will take all reasonable measures possible for the protection of the consignment. That individual shall inform their Security Authority as soon as possible. If necessary, that individual will seek the assistance of his Diplomatic mission in the country concerned.
47. At its final destination, every effort will be made for the aircraft to be met on landing and the consignment to be placed under the security control of at least one individual holding an appropriate level of PSC.
4.8.3 Procedures for the exchange of RESTREINT UE/EU RESTRICTED Classified Information 1. As a general principle the preferred means for the exchange of Classified Information at this
level under the Action is by electronic transmission. Such transmission shall be protected by approved cryptographic methods or products.
2. When electronic transmission is not available, the following physical means are permitted for the exchange of Classified Information at this level without additional requirements, unless required by the sender’s Security Authority:
a. Hand carriage
b. Transport by postal services or commercial courier services
c. Government-to-Government channels
d. By freight
3. The hand carriage or transport by postal service or commercial courier service of Classified
Information at this level shall be in accordance with the sender’s applicable laws, rules or regulations. The envelope or wrapping shall not reveal the classification level of the information contained.
4.8.4 Procedures for exchanging Classified Information using Removable Storage Media
1. The use of removable storage media to transfer Classified Information in the Action is generally encouraged over sending physical documents for both cost and practical reasons, but using removable storage media also carries additional risks that must be mitigated by the sender. The compromise of removable storage media containing a number of classified documents will usually be more damaging than the compromise of a consignment of physical documents given the volume of information which can be stored on such media.
2. When considering using removable storage media only the necessary classified documents
to perform a particular task/activity should be stored on the media. It is not permitted to store classified documents that are not relevant or no longer associated with a task/activity. Sender should bear in mind that large amounts of Classified Information stored on such devices may warrant a higher classification level.
3. Personal USB sticks and those given freely at conferences, seminars, etc. are not to be used
for storing or transferring Classified Information.
34
4. Removable storage media containing Classified Information are required to be labelled with
the appropriate classification marking. Measures shall be in place to prevent unauthorised access to such storage media and to maintain the Need-to-Know principle.
5. If CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET Classified
Information is stored on removable storage media it must be logged and registered as stipulated by this PSI.
6. The use of removable storage media in a facility must be strictly controlled and accounted
for.
7. Only CIS that has been appropriately accredited and/or approved shall be used to transfer Classified Information from the removable storage media.
8. When exchanging Classified Information on removable storage media particular care should
be taken to ensure that the media does not contain malware prior to the transfer of the data onto the media.
9. All CIS used for processing EUCI shall use appropriate system configuration to preserve
integrity, functionality and to enforce access control. For example, AutoRun and AutoPlay (or similar functions) shall be disabled on all CIS to prevent unauthorised applications or malware from running automatically from removable media. In the event that an application attempts to run automatically from removable media, the user must cancel it and take steps to ensure that it does not run again.
10. Unless the removable storage media is encrypted with an EU approved cryptographic
product for that level of classification it must be prepared, packaged and transported in exactly the same manner as Classified Information in physical form. If suitably encrypted, the removable storage media shall be handled in accordance with security operating procedures pertinent to the encryption system used.
11. Removable storage media that is used to transport Classified Information shall be
accompanied by a dispatch note, detailing the removable storage media containing the Classified Information, as well as all files contained on it, to allow the recipient to make the necessary verifications and to confirm receipt.
12. As a general rule, documents on the removable storage media that are either no longer required, or have been transferred onto an appropriate CIS, are to be securely removed or deleted using approved products or methods. Unless stored in an appropriate security cabinet or facility CDs/DVDs without rewriting capability should be destroyed when no longer needed. Any destruction/deletion shall be by use of a method that is in accordance with the applicable laws, rules or regulations of the Participant holding the removable storage media.
35
Section 5
Release of Classified Information
1. The release of Classified Information to entities other than to Participants and their
Beneficiaries or Contractors is not permitted without the specific written approval of the Originator. Requests for release shall be subject to the requirements described in this Section.
5.1 Release of EUCI to Third Parties to the Action 1. Classified Foreground Information may be released to a Third Party to the Action only if the
prior written approval of the competent EC Authority (as identified in Annex A2) is given, and, in case of non-EU Third Party to the Action, if a security of information agreement or administrative arrangement exists between the EU and the Third Party.
2. Requests for release of Foreground Information will be submitted through the Granting or
Contracting Authority to the competent EC Authority (as identified in Annex A2) for approval. Any such requests by Beneficiaries or Contractors and Sub-Contractors shall be made through the contractual chain.
3. If Background Information is being considered for release, the prior written approval of the
Originator is required before such information is released.
5.2 Release of Information to Third Parties to the Action at Symposia, Seminars or
Conferences 1. Where Third Parties to the Action attend or participate in symposia, seminars or conferences,
as a general rule, only unclassified information should be considered for discussion. Any such release shall be permitted only with the prior written consent of the Commission obtained through the relevant Granting or Contracting Authority or, where Background Information is concerned, the Originator.
36
Section 6
International Visits among Participants and Beneficiaries/Contractors5
1. Each Participant and their Beneficiaries or Contractors will permit visits involving access to Classified Information to their establishments, or to Beneficiary or Contractor facilities located on their territory or under their jurisdiction, by Government representatives of another Participating State, staff of Participants, and by Beneficiary or Contractor employees. Such visits are subject to the provisions of this Section.
6.1 Procedures for International Visits at the level of CONFIDENTIEL UE/EU
CONFIDENTIAL and SECRET UE/EU SECRET 1. The arrangements described hereafter apply to representatives of the Action Participants
and personnel of Beneficiaries, or Contractors under Action, who need to undertake visits to another Participant or to facilities of Beneficiaries or Contractors, and where such visits require or may require access to Action Information classified at the level of CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET.
2. Each Participant and Beneficiary/Contractor will permit visits involving access to classified Action information on a case-by-case basis to its facilities, by civilian or military representatives of other Action Participants or by personnel of Beneficiaries or Contractors, provided that the visitor holds the appropriate PSC (for CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET) and has a Need-to-Know.
3. Visitors shall comply with all security regulations and other relevant regulations of the host Participant and establishment to be visited. Any Action Information disclosed or made available to visitors shall be treated as if supplied via official channels to the entity sponsoring the visit.
4. Subject to the provisions described below, such visits will be arranged directly between the sending facility or establishment and the facility/establishment to be visited.
5. Prior to arrival at the facility to be visited, a Request for Visit, as shown in Annex F, including confirmation of the visitor’s PSC, shall be provided at least 24 hours before arrival directly by the Security Officer of the sending facility/establishment to the Security Officer of the facility to be visited.
6. Both the sending and receiving facilities are to confirm that there is a need for the visit.
(a) Responsibilities of the sending Security Officer:
• The sending Security Officer must ensure with the parent NSA/DSA that the receiving facility is in possession of an appropriate FSC;
• Confirm that the visitor holds a valid PSC.
(b) Responsibilities of the receiving Security Officer:
5 In this section, when the term “Contractors” is used it also refers to Sub-contractors.
37
• The receiving Security Officer must ensure that records are kept of all visitors, including the name, the organisation they represent, date of expiry of the PSC, the date(s) of the visit(s) and the name(s) of the person(s) visited.
Such records are to be retained for a period no less than two years.
(c) Responsibilities of the Visitor:
• To confirm identity, the visitor must be in possession of a valid ID card or passport for presentation to the Security Officer or other authorised official at the receiving facility/establishment/command/headquarters.
6.2 Procedures for International Visits at the level of RESTREINT UE/EU
RESTRICTED 1. Visits relating to Classified Information at the level of RESTREINT UE/EU RESTRICTED will
be arranged directly between the sending facility and the receiving facility without formal requirements.
38
Section 7
Awarding of grants and Contracting (security aspects)
1. A FSC is granted by a NSA/DSA to indicate, in accordance with its applicable laws, rules or regulations, that a Beneficiary or Contractor under its jurisdiction is capable of protecting Classified Information at the level of CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET at that facility. FSCs are confirmed by the Security Authority responding to a Facility Security Clearance Information Sheet (FIS) request submitted by another Security Authority. Some Participant states may, in accordance with their applicable laws, rules or regulations, also issue FSC certificates for their Beneficiaries or Contractors.
2. NSAs/DSAs will notify the appropriate authority of the Participants if a FSC that it has issued
to one of its Beneficiaries or Contractors has been suspended or withdrawn.
7.1 Proposal submission / Pre-letting / Tendering phase and awarding of Classified Grants and Contracts within EDIDP 1. Prior to launching an invitation to tender or a call for proposals, or letting a classified contract or awarding a classified grant agreement, the contracting authority will determine the security classification of any information that may be provided to tenderers or applicants. 2. All contractors or grant beneficiaries who are required to handle or store information classified CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET within their facilities, either during the performance of the classified contract or grant agreement itself or during the pre-contractual stage, must hold a Facility Security Clearance (hereinafter 'FSC') at the required level. The following identifies the three scenarios that may arise during the tendering phase for a classified contract or grant agreement involving EUCI at CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET level:
a) No access to EUCI at CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU
SECRET level during the tendering phase When the contract notice, invitation to tender or the call for proposals concerns a contract or grant agreement that will involve EUCI at CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET level, but does not require the tenderer or applicant to handle such information at the tender stage, a tenderer or applicant not holding an FSC at the required level shall not be excluded from the bidding process.
b) Access to EUCI at CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET level at the premises of the contracting or granting authority during the tendering phase Access will be granted to tenderer or applicant personnel who are in possession of a Personnel Security Clearance (hereinafter 'PSC') at the required level and who have a need-to know. The contracting or granting authority will verify whether an FSC is also required under national laws and regulations at this stage, before such access is granted. Where EUCI is provided to a tenderer or applicant at the tender stage, a non-disclosure agreement shall be signed, obliging the tenderer or applicant to handle and protect EUCI provided to him in accordance with Commission Decision (EU, Euratom) 2015/444.
39
c) Handling or storage of EUCI at CONFIDENTIEL UE/EU CONFIDENTIAL or
SECRET UE/EU SECRET level at the premises of the tenderer or applicant during the tendering phase
3. When the contract notice, invitation to tender or the call for proposals requires tenderers or applicants to handle or store EUCI at their premises, the tenderer or applicant shall hold an FSC at the required level. In such circumstances, the contracting or granting authority will obtain an assurance from the relevant NSA/DSA that the tenderer or applicant has been granted an appropriate FSC. Access will be granted to tenderer or applicant personnel who are in possession of a PSC at the required level and who have a need-to-know.
4. Where EUCI is provided to a tenderer or applicant at the tender stage, a non-disclosure agreement shall be signed, obliging the tenderer or applicant to handle and protect EUCI provided to him in accordance with Commission Decision (EU, Euratom) 2015/444. 5. An FSC is not required for access to classified information at RESTREINT UE/EU RESTRICTED level, either at the tender stage or for the performance of the contract or grant agreement. However, some EU Member States require an FSC for contracts/subcontracts or grant agreements at RESTREINT UE/EU RESTRICTED level under their national laws and regulations. Such national requirements shall not put additional obligations on other Member States or exclude tenderers or contractors/subcontractors/beneficiaries from Member States not having such FSC requirements for access to RESTREINT UE/EU RESTRICTED information for related contracts/subcontracts or grant agreements or a competition for such, while these contracts or grant agreements shall be performed in Member States according to their national laws and regulations. 6. Where an FSC is required for the performance of a classified contract or grant agreement, the contracting or granting authority will submit a request to the contractor's or beneficiary's NSA/DSA using a Facility Security Clearance Information Sheet (hereinafter 'FSCIS'). The classified contract or grant agreement will not be awarded until the contractor's or beneficiary's NSA/DSA has confirmed the tenderer's or applicant's FSC.
7.2 Sub-Contracting to Contractors of Participant States 1. Before a Beneficiary or Contractor enters into negotiations for a Sub-Contract involving
Classified Information at the level of CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET to a Contractor based in another Participant state, the Facility Security Officer of the Beneficiary or Contractor proposing the Sub-Contract shall first obtain confirmation from its NSA/DSA that the potential Sub-Contractor has a valid FSC (if required). FSCs will be queried and confirmed as described at the start of this Section.
2. No Classified Information at the level of CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET shall be provided to the facility of the Sub-Contractor before a FSC confirmation has been obtained from the relevant NSA/DSA.
3. The Contracting or Granting Authority shall notify, through the Commission Security
Authority, the NSA/DSA of a Sub-Contractor when a classified sub-contract is awarded, and shall provide a copy of the sub-contract-specific security provisions.
7.3 Sub-Contracting to Contractors of Third Parties to the Action 1. Before a Beneficiary or Contractor enters into negotiations for a Sub-Contract involving
Classified Information at the level of CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET to a Contractor based in a non-Participant EU Member State, the Facility
40
Security Officer of the Beneficiary or Contractor proposing the Sub-Contract shall first obtain confirmation from its NSA/DSA through the Commission Security Authority that the potential Sub-Contractor has a valid FSC (if required). FSCs will be queried and confirmed as described at the start of this Section.
2. Prior to authorising the placement of a Sub-contract with a Sub-Contractor from the Third Party to the Action which is not an EU Member State, the Contracting Authority shall ensure that this does not contravene the security and defence interests of the Union and its Member States.
3. Contracts placed with a Sub-Contractor from the Third Party to the Action which is not an EU Member State, will include a security clause requiring the Sub-Contractor to protect EUCI in accordance with the Security of Information Agreement in place between the EU and that Third State or International Organisation.
4. The Contracting or Granting Authority shall notify, through the Commission Security Authority,
the NSA/DSA of a Sub-Contractor when a classified sub-contract is awarded, and shall provide a copy of the sub-contract-specific security provisions.
7.4 List of approved Beneficiaries or Contractors In order to allow for tracing the flow of classified information relating to EDIDP, and to allow
NSAs/DSAs to monitor the implementation of the provisions of this PSI at facilities of
Beneficiaries or Contractors under their jurisdiction, the Commission will maintain a list of
Beneficiaries or Contractors that are involved in grant agreements or contracts classified at the
level of CONFIDENTIEL UE/EU CONFIDENTIAL and SECRET UE/EU SECRET in the EDIDP.
The list shall be provided to the Participants’ NSAs/DSAs at least twice a year.
7.5 Security Plan in the Event of Non-Selection, Termination of Classified Grant or
Contract or Classified Grant or Contract Expiry 1. This sub-section describes the procedures which the Participants and Beneficiaries or
Contractors shall follow in the event of the following:
a. A Participant, or Beneficiary or Contractor terminates a Classified Grant or Contract; b. A Classified Grant or Contract expires; c. A potential Beneficiary or Contractor receives or generates Classified Information in
the submission of proposals or the pre-letting of contracts phase but is not selected; or
d. A Beneficiary or Contractor receives and generates Classified Information during an early phase of the Action but is not selected for funding or work on a future phase of the Action.
2. For ease of reading in this sub-section, the term ‘Contractor’ also includes Sub-Contractors.
7.5.1 Participant Held Information 1. In the event of termination or expiry of a Classified Grant or Contract, the Participants'
respective rights and responsibilities with regard to Background and Foreground Information
41
relating to the Programme shall be determined by the Granting or Contracting Authority, taking into account the rights of the Originator.
2. A Participant that retains Classified Information shall continue to safeguard it in accordance
with this PSI and its applicable laws, rules or regulations, and shall not use that information for other purposes without the prior written consent of the Originator.
7.5.2 Beneficiary or Contractor Held Information 1. A Beneficiary or Contractor that is authorised by the Commission Security Authority (or the
Originator for Background Information) to retain Classified Information shall safeguard it in accordance with this PSI and the applicable laws, rules or regulations.
2. A Beneficiary or Contractor shall not use Classified Information for any other purpose than for which it was provided without the prior written consent of the Commission (or the Originator for Background Information).
3. All Classified Information released within the context of a Classified Grant, Contract, proposal
or bid, will be retained, returned, or destroyed according the following provisions:
a. A Beneficiary or Contractor receives or generates information during the pre-letting/tendering phase, and is not selected:
i. All invitations to proposal or bid shall contain a clause requiring a potential Beneficiary or Contractor who does not submit a proposal or bid to return all classified documents which were provided to enable the potential Beneficiary or Contractor to submit a proposal or bid to the Granting or Contracting Authority by the date set for the submission of proposals or opening of bids.
ii. An unsuccessful applicant/bidder shall be required to return all classified documents after a stipulated period of time (normally within 15 working days after notification that a bid or negotiation proposal was not accepted).
b. When a Beneficiary or Contractor has held a Classified Grant or Contract, but the Classified Grant or Contract is terminated, expires or if the Beneficiary or Contractor is not selected for further funding or work on the next phase of an action, the Beneficiary or Contractor:
i. Shall return all Classified Information unless approval for retention or destruction has been given by the Commission Security Authority (or Originator).
If the Commission Security Authority (or Originator) approves that a
Beneficiary or Contractor can destroy the Classified Information, the
Beneficiary or Contractor shall ensure that the destruction is undertaken in
accordance with the relevant security rules and regulations.
42
ii. If the Commission Security Authority (or Originator) approves that a Beneficiary or Contractor can retain the Classified Information, the Beneficiary or Contractor shall continue to protect the information in accordance with its applicable laws, rules or regulations and this PSI.
4. In the event that a FSC is withdrawn, the Beneficiary or Contractor shall return all Classified Information to their Granting or Contracting Authority or dispose of such information in accordance with instructions from its Security Authority.
5. Granting or Contracting Authorities shall ensure that the terms of this sub-section are included as an obligatory requirement in each Classified Grant or Contract they sign.
7.6 Procedures Related to Breaches, Compromises or Loss of Classified Information 1. Personnel shall report suspected or actual Security Breaches, Compromises and losses of
Classified Information to their Facility Security Officer or Local Security Officer as soon as possible, and no later than 24 hours after the discovery.
2. Where applicable, the Facility Security Officer concerned will initiate damage limitation or
mitigation measures promptly. 3. The Facility Security Officer concerned shall investigate the circumstances of the security
incident and report it to their Security Authority in accordance with the following:
a. If it is suspected that Classified Information has been compromised, lost, or a Security
Breach that represents a significant risk of future Compromise has occurred, this shall be reported to the relevant Security Authority as soon as possible, and no later than 48 hours after the discovery.
b. If Classified Information is known to have been compromised this shall be reported immediately in order for the Security Authority to mitigate the potential damage that may be caused.
4. Once informed of a security incident, the Security Authority concerned shall take the
appropriate action in accordance with its applicable laws, rules or regulations. 5. For suspected or actual Compromise, or loss of Classified Information, or serious security
breaches that may represent a significant risk of future Compromise, the Security Authority shall submit a report to the Commission Security Authority and the relevant NSA/DSAs , as identified in Annex A2 including the following details as a minimum:
a. A description of the circumstances of the security incident; b. The date or period when the security incident occurred; c. The location of the security incident; d. The security classification and markings of the information involved in the security
incident;
43
e. A list of the Classified Information that has been or may have been compromised or that is unaccounted for;
f. Specific identification of the Classified Information, to include Originator, subject, reference, date, copy number, and language;
g. Actions taken to locate and recover the Classified Information; h. The responsible person(s) and reasons for Compromise or possible Compromise;
i. Assessments of the likelihood of Compromise (i.e. "certain”, "probable", "possible”,
or "unlikely") including an explanation; j. A statement on whether the Originator has been informed of the security incident;
and k. Actions taken to secure the Classified Information and limit further damage.
6. Such reports may need to be classified, depending on their content.
7. The Facility Security Officer where the security incident occurred shall provide all necessary assistance to its Security Authority in preparing the report.
8. Any additional measures related to the reporting of Security Breaches, Compromise or loss of COMSEC Items are addressed in the Action COMSEC Instructions (Annex G).
44
ANNEX A - SECURITY AUTHORITIES OF PARTICIPANTS OF THE EDIDP ACTION6
A1 - SECURITY AUTHORITIES OF THE PARTICIPANT STATES
1.Austria
NSA
Bundeskanzleramt / Büro der Informationssicherheitskommission,
Federal Chancellery / Federal Office for Information Security
Ballhausplatz 2
1014 Wien
Österreich
Telephone: +43 1 53115/202594
Fax: +43 1 53109/202615
E-mail: [email protected]
DSA
Ministry of Defence
Telephone: +43 (0) 502011071114
Fax: +43 (0) 502011017301
E-mail: [email protected]
2. Belgium
NSA
National Security Authority
6 When drafting the specific PSI for the Action, this list should be adapted by leaving in it only the entries relating to Participants of that particular Action.
45
FPS Foreign Affairs, Foreign Trade and Development Cooperation
Rue des Petits Carmes 15
B-1000 BRUXELLES
Belgium
Telephone: +32 2 501 45 42
Fax: +32 2 501 45 96
E-mail: [email protected]
DSA
Ministry of Defense
General Intelligence and Security Service
Industrial Security Office
Queen Elisabeth Barracks
Rue d’Evère 1
B-1140 BRUXELLES
Belgium
Telephone: +32 2 501 46 03
E-mail: [email protected]
3. Bulgaria
NSA
Държавна комисия по сигурността на информацията
ул. “Чepkoвнa” No. 90
1505 София
България
State Commission on Information Security
46
90, Cherkovna Str.
BG-1505 Sofia
Bulgaria
Тelephone: +3592 9333 600
Fax: +3592 9873 750
E-mail: [email protected]
4. Cyprus
NSA
National Security Authority
172-174, Strovolos Avenue
2048 Strovolos, Nicosia
Cyprus
Telephone: +357 22 80 77 64
E-mail: [email protected]
5. Croatia
NSA/DSA
Telephone: +385 1 4681 222
Fax: +385 1 4686 049
E-mail: [email protected]
DSA
Telephone: +(countrycode) (number)
Fax: +(countrycode) (number)
47
E-mail:
Point of Contact for standard Requests for Visits (RfV)
Telephone: +385 1 4681 255
Fax: +385 1 4579 914
E-mail: [email protected]
6. Czech Republic
NSA
Národní bezpečnostní úřad
(National Security Authority)
Na Popelce 2/16
CZ-150 06 Praha 56
Czech Republic
Telephone: +420 257 28 33 35
Fax: +420 257 28 31 10
7. Denmark
NSA
Politiets Efterretningstjeneste (the Danish Security Intelligence Service)
Klausdalsbrovej 1
DK – 2860 Søborg
Denmark
Telephone: + 45 33 14 88 88
Fax: + 45 45 15 01 90
48
E-mail: [email protected]
DSA
Forsvarets Efterretningstjeneste (the Danish Defence Intelligence Service)
Kastellet 30
DK – 2100 Copenhagen Ø
Denmark
Telephone: + 45 33 32 55 66
Fax: + 45 33 93 13 20
E-mail: [email protected]
8. Estonia
NSA
Estonian National Security Authority Department
Estonian Foreign Intelligence Service
Rahumäe tee 4B
11316 Tallinn, Estonia
Telephone: + 372 6939211
E-mail: [email protected]
9. Finland
NSA
National Security Authority (NSA)
Ministry for Foreign Affairs
Kanavakatu 3 B, Helsinki
49
PO Box 453
FI-00023 Government
Finland
Telephone: +358 9 160 55890
Fax: +358 9 16 05 5140
E-mail: [email protected]
DSAs
COMSEC and NDA Issues
NCSA-FI
Finnish Transport and Communications Agency Traficom
PO Box 320
FI-00059 TRAFICOM
Finland
E-mail: [email protected]
10. France
NSA for Policy and National Regulations
Secrétariat général de la défense et de la sécurité nationale (SGDSN)
51 Boulevard de Latour-Maubourg
75700 Paris
France
Telephone: +33 1 71 75 81 93
Fax: +33 1 71 75 82 00
DSAs for Implementation
50
Ministère de la défense
Direction générale de l’armement (DGA)
Service de la sécurité de défense et des systèmes d’information
International defense and information security office
60, boulevard du Général Martial Valin
CS 21623
75509 Paris CEDEX 15
France
Audit and process department
Office of international affairs and programmes
Telephone: +33 9 88 67 04 21
E-mail: [email protected] and [email protected]
Point of Contact for standard Requests for Visits (RfV)
Telephone: +33 9 88 67 24 58
E-mail: [email protected] or [email protected] (first e-mail for French visits abroad, second e-mail for foreigners’ visits to France)
11. Germany
NSA
Federal Ministry of the Interior
Referat ÖSII5
Alt-Moabit 140
10557 Berlin
Germany
Telephone: +49 30 18 681 11593
Fax: +49 30 18 681 5 1593
51
E-mail: [email protected]
DSA
For industrial security policy matters, FSCs, Transportation Plans (except for COMSEC/
CRYPTO):
Federal Ministry of Economic Affairs and Energy
Industrial Security Division - ZB3
Villemombler Str. 76
D- 53123 Bonn
Germany
Telephone: +49 228 99615 ext.no. 4065 or ext. no. 3986
Fax: +49 228 99615 2676
E-mail: [email protected] (office e-mail address)
For standard visit requests from/ to German contractors:
Federal Ministry of Economic Affairs and Energy
Industrial Security Division – ZB2
Villemombler Str. 76
D- 53123 Bonn
Germany
Telephone: +49 228 99615 2401
Fax: +49 228 99615 2603
E-mail: [email protected] (office e-mail address)
12. Greece
NSA
Hellenic National Defence General Staff (HNDGS)
52
Military Intelligence Sectoral Directorate
Security Counterintelligence Directorate
GR-STG 1020
Holargos — Athens
Greece
Telephone: +30-210 657 20 09 (ώρες γραφείου), +30-210 657 20 10 (ώρες γραφείου)
Fax: +30-210 642 64 32, +30-210 652 76 12
13. Hungary
NSA
Nemzeti Biztonsági Felügyelet
H-1399 Budapest
Pf. 710/50
Telephone: +36 1 391 1862
Fax: +36 1 391 1889
E-mail: [email protected]
14. Ireland
NSA/DSA
National Security Authority Ireland
Department of Foreign Affairs and Trade
76-78 Harcourt Street
Dublin 2
D02 DX45
Ireland
53
Telephone: + 353 1 408 2724
E-mail: [email protected]
15. Italy
NSA/DSA
Presidenza Del Consiglio Dei Ministri
Dipartimento Informazioni Per La Sicurezza
Ufficio Centrale Per La Segretezza
Via di S.Susanna, 15
00187 ROMA
Italy
Telephone: + 39 06 6117-4855 663 (Dirigente seconda fascia livello C)
+ 39 06 6117-4032 (Level 1 Officer)
Fax: + 39 06 4885-273
E-mail: [email protected]
Point of Contact for standard Requests for Visits (RfV)
Presidenza Del Consiglio Dei Ministri
Dipartimento Informazioni Per La Sicurezza
Ufficio Centrale Per La Segretezza
Via di S.Susanna, 15
00187 ROMA
Italy
Telephone: +39 06 6117-487939 (Dirigente seconda fascia livello C)
+39 06 6117-5155 or +39 06 6117-4134 Level 2 Officer
Fax: +39 06 6129 7004-4885273
E-mail: [email protected]
54
16. Latvia
NSA
Constitution Protection
Bureau of the Republic of Latvia
National Security Authority
Miera iela 85 A
LV-1013 Rīga
Latvia
Telephone: +371 702 54 73
Fax: +371 702 54 54
E-mail: [email protected]
17. Lithuania
NSA
National Security Authority of the Republic of Lithuania
Gedimino pr. 40/1 LTL-2600
Vilnius
Lithuania
Telephone: +370 5 266 32 05
Fax: +370 5 266 32 00
18. Luxembourg
Autorité nationale de Sécurité
207, route d’Esch
55
L-1471 LUXEMBOURG
Telephone: +352 2 478 2210
Fax: +352 2 478 2243
E-mail: [email protected]
Point of Contact for standard Requests for Visits (RfV)
Autorité nationale de Sécurité
Telephone: +352 2 478 2210
Fax: +352 2 478 2243
E-mail: [email protected]
Note Luxembourg does not have a DSA.
19. Malta
NSA
Malta National Security Authority
Ministry for Home Affairs
P.O. Box 146
Valletta VLT1000
Malta
Telephone: +356 21249844
Fax: +356 25695321
DSA
Malta Standards Authority (MSA)
56
Second Floor, Evans Building
Merchants Street
Valletta VLT 1179
Malta
Telephone: +356 21242420
Fax: +356 21242406
E-mail: [email protected]
Point of Contact for standard Requests for Visits (RfV)
Francis Sciberras
Deputy Head
National Security Authority
Telephone: +356 25695301/324
Fax: +356 25695321
E-mail: [email protected]
Francis Farrugia
Head - Standarization Directorate
Malta Standards Authority
Telephone: +356 21242420
Fax: +356 21242406
E-mail: [email protected]
20. Netherlands
NSA/DSA
Ministry of Internal Affairs and Kingdom relations
57
General Intelligence and Security Service of the Netherlands
PO box 20010
2500 EA The Hague
Netherlands
Telephone: +31 70 320 44 00
Fax: +31 70 320 07 33
E-mail: [email protected]
Point of Contact for standard Requests for Visits (RfV)
Netherlands Industrial Visit Control Office, NIVCO
Telephone: +31 79 320 5331
Fax: +31 79 320 5430
E-mail: [email protected]
21. Poland
NSA
Agencja Bezpieczeństwa Wewnętrznego – ABW
Departament Ochrony Informacji Niejawnych
ul. Rakowiecka 2 A
00-993 Warszawa
Polska
E-mail: [email protected]
Służba Kontrwywiadu Wojskowego
Zarząd V
ul. Oczki 1
02-007 Warszawa
58
Polska
E-mail: [email protected]
22. Portugal
NSA
Presidência do Conselho de Ministros
Autoridade Nacional de Segurança
Avenida Ilha da Madeira, 1
P-1400-204 Lisboa
Portugal
Telephone: +351 21 301 17 10
Fax: +351 21 303 17 11
23. Romania
NSA
Romanian ANS – ORNISS
Strada Mureș nr. 4
RO-012275 București
Romania
Telephone: +40 21 224 58 30
Fax: +40 21 224 07 14
24. Slovakia
NSA
59
Národný bezpečnostný úrad
(National Security Authority)
Budatínska 30
851 06 Bratislava
Slovenská republika
Telephone: +421 2 68 69 11 11
Fax: +421 2 68 69 17 00
E-mail: [email protected]
25. Slovenia
NSA
Urad Vlade RS za varovanje tajnih podatkov
Gregorčičeva 27
SI-1000 Ljubljana
Slovenia
Telephone: +386 1 478 13 90
Fax: +386 1 478 13 99
26. Spain
NSA
Autoridad Delegada para la Seguridad de la Información Clasificada
Oficina Nacional de Seguridad
C/ Argentona 20
60
28023 Madrid
Spain
Telephone: +34 91 283 2583; +34 91 283 2752
Fax: +34 91 372 58 08
E-mail: [email protected]
Point of Contact for standard Requests for Visits (RfV) and Transport Plans
Telephone: +34 91 372 50 97
Fax: +34 91 372 58 08
E-mail: [email protected]
27. Sweden
NSA
Utrikesdepartementet (Ministry for Foreign Affairs)
UD SÄK/NSA
SE-103 39 STOCKHOLM
Sweden
Telephone: +46 8 405 10 00
Fax: +46 8 723 11 76
E-mail: [email protected]
DSA
Försvarets Materielverk (Swedish Defence Materiel Administration)
FMV Säkerhetsskyddsavdelning
SE-115 88 Stockholm
61
Sweden
Telephone: +46 8 782 40 00
Fax: +46 8 782 69 00
E-mail: [email protected]
28. United Kingdom
UK NSA
UK National Security Authority
Cabinet Office
Room 335
70 Whitehall
London
SW1A 2AS
United Kingdom
Mr Martin Sterling
Telephone: +44 (0)207 276 5645
E-mail: [email protected]
Mr Andrew Standeven
Telephone: +44 (0)207 276 5497
E-mail: [email protected]
General mailbox
E-mail: [email protected]
62
A2 – OTHER SECURITY AUTHORITIES
European Commission Security Authority
European Commission Security Directorate
DG HR Security Directorate (DS)
Rue de la Loi 200
B-1049
Brussels
Belgium
Telephone: +32 2 2958716 (Industrial Security Advice)
Point of Contact for standard Requests for Visits (RfV)
Telephone: +32 2 2991551
E-mail: [email protected]
Please send a copy to the LSO:
Mr. Juha Myllyaho – DG GROW Deputy LSO
BREY 08/319
Telephone: +32 2 2953831
E-mail: [email protected]
For matters related to the release of Action-related information:
Mr Alain Alexis, Head of Unit, Defence 1, DG GROW.DDG3.I.4
Email: [email protected]
For matters related to the PSI document content:
(to be confirmed later)
64
ANNEX B - TABLE OF EQUIVALENT SECURITY CLASSIFICATION
MARKINGS
Participant Secret Confidential Restricted
EU SECRET UE/EU
SECRET
CONFIDENTIEL UE/EU
CONFIDENTIAL
RESTREINT UE/EU
RESTRICTED
Austria GEHEIM VERTRAULICH EINGESCHRÄNKT
Belgium SECRET
(Loi du 11 Dec
1998) or
GEHEIM
(Wet van 11 Dec
1998)
CONFIDENTIEL
(Loi du 11 Dec 1998) or
VERTROUWELIJK
(Wet van 11 Dec 1998)
DIFFUSION RESTREINTE
or
BEPERKTE
VERSPREIDING
(Note, see below)
Bulgaria СЕКРЕТНО ПОВЕРИТЕЛНО ЗА СЛУЖЕБНО
ПОЛЗВАНЕ
Croatia TAJNO POVJERLJIVO OGRANIČENO
Cyprus ΑΠΌΡΡΗΤΟ
ABR:(ΑΠ)
ΕΜΠΙΣΤΕΥΤΙΚΌ ABR:(ΕΜ) ΠΕΡΙΟΡΙΣΜΈΝΗΣ
ΧΡΉΣΗΣ
ABR:(ΠΧ)
Czech Republic TAJNÉ DŮVĚRNÉ VYHRAZENÉ
Denmark HEMMELIGT FORTROLIGT TIL TJENESTEBRUG
Estonia SALAJANE KONFIDENTSIAALNE PIIRATUD
Finland SALAINEN
or
HEMLIG
LUOTTAMUKSELLINEN
or
KONFIDENTIELL
KÄYTTÖ RAJOITETTU
or
BEGRÄNSAD TILLGÅNG
France SECRET DÉFENSE CONFIDENTIEL DÉFENSE (Note, see below)
Germany
(Note, see below)
GEHEIM VS - VERTRAULICH VS - NUR FÜR DEN
DIENSTGEBRAUCH
65
Greece ΑΠΌΡΡΗΤΟ
ABR:(ΑΠ)
ΕΜΠΙΣΤΕΥΤΙΚΌ ABR:(ΕΜ) ΠΕΡΙΟΡΙΣΜΈΝΗΣ
ΧΡΉΣΗΣ
ABR:(ΠΧ)
Hungary TITKOS! BIZALMAS! KORLÁTOZOTT
TERJESZTÉSŰ!
Ireland SECRET CONFIDENTIAL RESTRICTED
Italy SEGRETO RISERVATISSIMO RISERVATO
Latvia SLEPENI KONFIDENCIĀLI DIENESTA VAJADZĪBĀM
Lithuania SLAPTAI KONFIDENCIALIAI RIBOTO NAUDOJIMO
Luxembourg SECRET LUX CONFIDENTIEL LUX RESTREINT LUX
Malta SIGRIET KUNFIDENZJALI RISTRETT
Netherlands Stg. GEHEIM Stg. CONFIDENTIEEL Dep. VERTROUWELIJK
Poland TAJNE POUFNE ZASTRZEŻONE
Portugal SECRETO CONFIDENCIAL RESERVADO
Romania STRICT SECRET SECRET SECRET DE SERVICIU
Slovakia TAJNÉ DÔVERNÉ VYHRADENÉ
Slovenia TAJNO ZAUPNO INTERNO
Spain RESERVADO CONFIDENCIAL DIFUSIÓN LIMITADA
Sweden HEMLIG KONFIDENTIELL BEGRÄNSAT HEMLIG
United Kingdom UK SECRET No equivalent
(Note: see below)
UK OFFICIAL -
SENSITIVE
Notes:
Belgium and France: Belgium and France handle and protect Classified Information bearing the marking
“RESTRICTED” or equivalent according to its national laws and regulations in force for the protective level
“DIFFUSION RESTREINTE” (also “BEPERKTE VERSPREIDING” in the case of Belgium) or the standards
defined in the present document whichever is higher. The other Participants will handle and protect
information marked “DIFFUSION RESTREINTE” (also “BEPERKTE VERSPREIDING” in the case of
Belgium) according to their national laws and regulations in force for the level “RESTRICTED” or equivalent
or according to the standards defined in the present document whichever is higher.
66
Germany: VS = Verschlusssache.
United Kingdom: The UK handles and protects Classified Information marked CONFIDENTIEL UE/EU
CONFIDENTIAL in accordance with the protective security requirements for UK SECRET.
67
ANNEX C – MINIMUM REQUIREMENTS FOR PROTECTION OF EUCI IN ELECTRONIC FORM AT RESTREINT UE/EU RESTRICTED LEVEL
HANDLED IN THE CONTRACTOR’S (BENEFICIARY’S) COMMUNICATION AND INFORMATION SYSTEMS
General
1. The contractor (beneficiary) must be responsible for ensuring that the protection of
RESTREINT UE/EU RESTRICTED classified information is in compliance with the
minimum security requirements as stated within this security clause and any other
additional requirements advised by the contracting (granting) authority or, if applicable, with
the National Security Authority (NSA) or Designated Security Authority (DSA).
2. It is the responsibility of the contractor (beneficiary) to implement the security requirements
identified in this document.
3. For the purpose of this document a communication and information system (CIS) covers all
equipment used to handle, store and transmit EUCI, including workstations, printers,
copiers, fax, servers, network management system, network controllers and
communications controllers, laptops, notebooks, tablet PCs, smart phones and removable
storage devices such as USB-sticks, CDs, SD-cards, etc.
4. Special equipment such as cryptographic products must be protected in accordance with its
dedicated Security Operating Procedures (SecOPs).
5. Contractors (beneficiaries) must establish a structure responsible for the security
management of the CIS handling information classified RESTREINT UE/EU RESTRICTED
and appoint a responsible Security Officer of the facility.
6. The use of privately-owned equipment of contractor’s (beneficiary's) personnel (hardware
and software) for processing RESTREINT UE/EU RESTRICTED classified information is
not permitted.
68
7. Accreditation of the contractor’s (beneficiary's) CIS handling information classified
RESTREINT UE/EU RESTRICTED must be approved by the Participant's Security
Accreditation Authority (SAA) or delegated to the Security Officer of the contractor
(beneficiary) as permitted by national laws and regulations.
8. Only information classified RESTREINT UE/EU RESTRICTED encrypted using approved
cryptographic products may be handled, stored or transmitted (wired or wireless) as any
other unclassified information under the contract (grant agreement). These cryptographic
products must be approved by the EU or a Member State.
9. External facilities involved in the maintenance/repair work must be obliged, on a contractual
basis, to comply with the applicable provisions for handling of information classified
RESTREINT UE/EU RESTRICTED as set out in this document.
10. At the request of the contracting (granting) authority or relevant NSA/DSA/SAA, the
contractor (beneficiary) must provide evidence of compliance with the Contract (Grant
Agreement) Security Clause. If also requested, contractors (beneficiaries) will permit an
audit and inspection of the contractor’s (beneficiary's) processes and facilities by
representatives of the contracting (granting) authority, the NSA/DSA/SAA, or the relevant
EU security authority in order to ensure compliance with these requirements.
Physical Security
11. Areas in which CIS are used to display, store, process or transmit RESTREINT UE/EU
RESTRICTED information or areas housing servers, network management system, network
controllers and communications controllers for such CIS should be established as separate
and controlled areas with an appropriate access control system. Access to these separate
and controlled areas should be limited to only specifically authorised persons. Without
prejudice to paragraph 8 equipment as described in paragraph 3 has to be stored in such
separate and controlled areas.
69
12. Security mechanisms and/or procedures must be implemented to regulate the introduction
or connection of removable computer storage media (for example, USB, mass storage
devices, CD-RWs) to components on the CIS.
Access to CIS
13. Access to contractor's (beneficiary's) CIS handling EUCI is based on a strict need to know
principle and authorisation of personnel.
14. All CIS must have up to date lists of authorised users and an authentication of all users at
the start of each processing session.
15. Passwords, which are part of most identification and authentication security measures,
must be a minimum of 9 characters long and must include numeric and “special” characters
(if permitted by the system) as well as alphabetic characters. Passwords must be changed
at least every 180 days. Passwords must be changed as soon as possible if they have or
are suspected of having been compromised or disclosed to an unauthorised person.
16. All CIS must have internal access controls to prevent unauthorised users from accessing or
modifying information classified RESTREINT UE/EU RESTRICTED and from modifying
system and security controls. Users are to be automatically logged off the CIS if their
terminals have been inactive for some predetermined period of time, or CIS must activate a
password protected screen saver after 15 minutes of inactivity.
17. Each user of the CIS is allocated a unique user account and ID. User accounts must be
automatically locked after at least 5 successive incorrect login attempts.
18. All users of the CIS must be made aware of their responsibilities and the procedures to be
followed to protect information classified RESTREINT UE/EU RESTRICTED on the CIS.
The responsibilities and procedures to be followed must be documented and acknowledged
by users in writing.
70
19. SecOPs must be available for the Users and Administrators and must include security roles
descriptions and associated list of tasks, instructions and plans.
Accounting, Audit and Incident Response
20. Any access to the CIS must be logged.
21. The following events must be recorded:
a) all log on attempts whether successful or failed;
b) log off (including time out where applicable);
c) creation, deletion or alteration of access rights and privileges; and
d) creation, deletion or alteration of passwords.
22. For all of the events listed above at least the following information must be communicated:
a) type of event;
b) user ID;
c) date and time; and
d) device ID.
23. The accounting records should support the capability to be examined by a Security Officer
for potential security incidents and that they can be used to support any legal investigations
in the event of a security incident. All security records should be regularly checked to
identify potential security incidents. The accounting records must be protected from
unauthorised deletion or modification.
24. The contractor (beneficiary) must have an established response strategy to deal with
security incidents. Users and Administrators must be instructed on how to react to
incidents, how to report incidents and what to do in case of emergencies.
71
25. The compromise or suspected compromise of information classified RESTREINT UE/EU
RESTRICTED must be reported to the contracting (granting) authority. The report must
contain a description of the information involved and a description of the circumstances of
the (suspected) compromise. All users of the CIS must be made aware of how to report any
actual or suspected security incident to the Security Officer.
Networking & Interconnection
26. When a contractor (beneficiary) CIS that handles information classified RESTREINT UE/EU
RESTRICTED is interconnected to a CIS that is not accredited, this leads to a significant
increase in threat to both the security of the CIS and the RESTREINT UE/EU
RESTRICTED classified information handled by that CIS. This includes the internet, other
public or private CIS such as other CIS owned by the contractor/subcontractor
(beneficiary). In this case, the contractor (beneficiary) must perform a risk assessment to
identify the additional security requirements that need to be implemented as part of the
security accreditation process. The contractor (beneficiary) will provide to the contracting
(granting) authority and where nationally required, the competent SAA a statement of
compliance certifying that the contractor (beneficiary) CIS and respective interconnection
have been accredited for handling EUCI at RESTREINT UE/EU RESTRICTED.
27. Remote access from others systems to LAN services (e.g., remote access to e-mail and
remote SYSTEM support) are prohibited unless special security measures are implemented
and agreed by the contracting (granting) authority and where nationally required, approved
by the competent SAA.
Configuration Management
28. A detailed hardware and software configuration, as reflected in the accreditation/approval
documentation (including system and network diagrams) must be available and regularly
maintained.
72
29. Configuration checks must be carried out by the Security Officer of the contractor
(beneficiary) on hardware and software to ensure that unauthorised hardware and software
has not been introduced.
30. Changes to the contractor (beneficiary) CIS configuration must be assessed for their
security implications and must be approved by the Security Officer and where nationally
required, the SAA.
31. The system must be scanned for the presence of security vulnerabilities at least quarterly.
Software must be implemented allowing detection of malware. Such software must be kept
up-to-date. If possible, the software should have a national or recognised international
approval, otherwise it should be a widely accepted industry standard.
32. The contractor (beneficiary) must develop a Business Continuity Plan. Back-up procedures
are established addressing the following:
a) frequency of back-ups;
b) storage requirements on-site (fireproof containers) or off-site;
c) control of authorised access to back-up copies.
Sanitisation and Destruction
33. For CIS or data storage media that has at any time held RESTREINT UE/EU RESTRICTED
classified information the following sanitisation must be performed to the entire system or
storage media prior to its disposal:
a) Random data in flash memory (e.g. USB sticks, SD cards, solid state drives, hybrid
hard drives) must overwrite at least three times then verify storage content matches
the random data or using approved deletion software;
b) Magnetic media (e.g. hard disks) must be overwritten or degaussed;
c) Optical media (e.g. CDs and DVDs) must be shredded or disintegrated; and
d) concerning other storage media, the contracting (granting) authority, or if appropriate
the NSA/DSA/SAA, should be consulted for the security requirements that need to be
met.
34. Information classified RESTREINT UE/EU RESTRICTED must be sanitised on any data
storage media before it is given to an entity not authorised to access RESTREINT UE/EU
RESTRICTED (e.g. for maintenance work).
73
ANNEX D - PROCEDURE FOR HAND CARRIAGE OF CLASSIFIED INFORMATION
C.1. When hand carriage of classified material is permitted, the following procedures will apply:
a. The Courier will carry a courier certificate recognised by all Participants, authorising him to carry the package as identified (see the courier certificate example below) stamped and signed by the Security Authority and the consignor's officer;
b. A copy of the "Notes for the Courier" (shown below) will be attached to the certificate; and,
c. The courier certificate will be returned to the issuing Security Authority through the consignor's security officer immediately after completion of the journey.
C.2. The consignor's security officer is responsible for instructing the bearer in all of his duties
and of the provisions of the "Notes for the Courier".
C.3. The courier will be responsible for the safe custody of the classified material until such
time that it has been handed over to the consignee's security officer. In the event of a
breach of security, the consignor's Security Authority may request the authorities in the
country in which the breach occurred to carry out an investigation, report their findings,
and take legal action, as appropriate.
74
(LETTERHEAD)
COURIER CERTIFICATE
EU EDIDP ACTION TITLE (optional)
COURIER CERTIFICATE NO. …………………… (*)
FOR THE INTERNATIONAL HAND CARRIAGE OF CLASSIFIED DOCUMENTS, EQUIPMENT
AND/OR COMPONENTS
This is to certify that the bearer:
Mr./Ms. (name/title)
Born on: (day/month/year) in (country)
A national of (country)
Holder of passport/identity card no.: (number)
Issued by: (issuing authority)
On: (day/month/year)
Employed with: (company or organisation)
Is authorised to carry on the journey detailed below the following consignment:
(Number and particulars of the consignment in detail, i.e. No. of packages, weight and
dimensions of each package and other identification data as in shipping documents)
……………………………………………………………………………………………..
……………………………………………………………………………………………..
(*) May also be used by security guards.
75
- The material comprising this consignment is classified in the interests of the security of:
(Indicate the countries having interest. At least the country of origin of the shipment and
that of the destination should be indicated. The country (or countries) to be transited also
may be indicated).
- It is requested that the consignment will not be inspected by other than properly authorised
persons of those having special permission.
- If an inspection is deemed necessary, it is requested that it be carried out in an area out of sight
of persons who do not belong to the service and, in the presence of the courier.
- It is requested that the package, if opened for inspection, be marked after re-closing, to show
evidence of the opening by sealing and signing it and by annotating the shipping documents (if
any) that the consignment has been opened.
- Customs, Police and/or Immigration officials of countries to be transmitted, entered or exited
are requested to give assistance, if necessary, to ensure successful and secure delivery of the
consignment.
(LETTERHEAD)
Annex to the "Courier Certificate" No………….
for the International Hand Carriage of
Classified Material
NOTES FOR THE COURIER(*)
1. You have been appointed to carry/escort a classified consignment. Your "COURIER CERTIFICATE" has been provided. Before starting the journey, you will be briefed on the security regulations governing the hand carriage of the classified consignments and on your security obligations during the specific journey (behaviour, itinerary, schedule, etc). You will also be requested to sign a declaration that you have read and understood and will comply with prescribed security obligations.
2. The following general points are brought to your attention:
(*) May also be used by security guards.
76
(a) You will be held liable and responsible for the consignment described in the Courier Certificate;
(b) Throughout the journey, the classified consignment must stay under your personal control;
(c) The consignment will not be opened en route except in the circumstances described in sub-paragraph (j) below;
(d) The classified consignment is not to be discussed or disclosed in any public place; (e) The classified consignment is not, under any circumstances, to be left unattended.
During overnight stops, military facilities or industrial companies having appropriate security clearance and storage facilities may be utilised. You are to be instructed on this matter by your company Security Officer;
(f) While hand carrying a classified consignment, you are forbidden to deviate from the travel schedule provided, unless unforeseen circumstances require a change of schedule;
(g) In cases of emergency, you must take such measures as you consider necessary to protect the consignment, but on no account will you allow the consignment out of your direct personal control; to this end, your instructions include details on how to contact the security authorities of the countries you will transit as listed in sub-paragraph (l) below. If you have not received these details, ask for them from your company Security Officer;
(h) You and the company Security Officer are responsible for ensuring that your personal expatriation and travel documentation (passport, currency and medical documents, etc) are complete, valid and current;
(i) If unforeseen circumstances make it necessary to transfer the consignment to an individual other than the designated representatives of the company or government you are to visit, you will give it only to authorised employees of one of the points of contact listed in sub-paragraph (I);
(j) There is no assurance of immunity from search by the Customs, Police, and/or Immigration Officials of the various countries whose borders you will be crossing; therefore, should such officials inquire into the contents of the consignment, show them your "Courier Certificate" and this note and insist on showing them to the senior Customs, Police and/or Immigration Official; this action should normally suffice to allow the consignment to pass through unopened. However, if the senior Customs, Police and/or Immigration Official demands to see the actual contents of the consignments you may open it in his presence, but this should be done in an area out of sight of the general public.
You should take precautions to show officials the minimum content necessary to
them that the consignment does not contain any other item and ask the official to
repack or assist in re-packing it immediately upon completion of the examination.
You should request the senior Customs, Police and/or Immigration Official to
provide evidence of the opening and inspection of the packages by signing and
sealing them when closed and confirming in the shipping documents (if any) that
the consignment has been opened.
If you have been required to open the consignment under such circumstances as
the foregoing, you must notify the receiving company Security Officer and the
77
dispatching company Security Officer, who should be requested to inform the
DSA's of their respective governments.
(k) Upon your return, you must produce a bona fide receipt for the consignment signed by the Security Officer of the company or agency receiving the consignment or by a DSA of the receiving government.
(l) Along the route you may contact the following officials to request assistance:
…………………………………………………………………………………………
…………………………………………………………………………………………
From:
(Originating country)
To:
(Country of destination)
Through:
(List intervening countries)
Authorised stops:
(List locations)
Date of beginning of journey:
(Day/month/year)
Signature of company's Security officer
Signature of the Security Authority
(Name) (Name)
78
Company's stamp Official stamp or NSA/DSA's seal
79
N O T E: To be signed on completion of journey
I declare in good faith that, during the journey covered by the "Courier Certificate", I am not aware
of any occurrence or action, by myself or by others that could have resulted in the compromise of
the consignment.
Courier's Signature:
Witnessed by:
(Company Security Officer's signature)
Date of return of the "Courier Certificate":
(Day/month/year)
80
MULTI-TRAVEL COURIER CERTIFICATE N° ……….
for international hand carriage of classified DOCUMENTS, EQUIPMENTS AND/OR
COMPONENTS
This is to certify that the bearer Mr/Ms (name and title) …………………… born on (day, month,
year) ………… in (country) ………..……, a national of (country) …………….. holder of passport
or identity card n° …………… issued by (issuing authority) : ………… on (day, month, year)
:………… employed by (company or organization) : ……..……………... is authorized to carry
classified documents, equipment and/or components between the following countries:
……………………………………………….……………….…………………
The bearer above is authorized to use this certificate as many times as necessary, for classified
shipments between the countries here above until (date): ………….
The shipment description should be attached to each consignment.
The attention of customs authorities, police and immigration services is drawn to the following
points:
The material forming each consignment is classified in the interest of national security of the countries here above.
It is requested that the consignment will not be inspected by other than properly authorized persons or those having special permission.
If an inspection is deemed necessary, it is requested that it be carried out in an area out of sight of persons who do not have a Need-to-Know and in the presence of the courier.
It is requested that the package, if opened for inspection, be marked after reclosing to show evidence of the opening by sealing and signing it and by annotating the shipping documents (if any) that the consignment has been opened.
Customs, Police and/or Immigration officials of countries to be transmitted, entered or exited are requested to give assistance if necessary to assure successful and secure delivery of the consignment.
Signature of Security Officer
Signature of the Security Authority
81
NOTES FOR THE COURIER
You have been appointed to carry/escort classified consignments. Your "Courier certificate" has
been provided. Before starting your journeys, you will be briefed on the security regulations
governing the hand carriage of the classified consignments and on your obligations during the
specific journey (behaviour, itinerary, schedule, etc.). You will also be requested to sign a
declaration that you have read and understood and will comply with prescribed security
obligations.
The following general points are brought to your attention:
1. You will be held liable and responsible for the consignments described in the "descriptions of shipments".
2. Throughout the journey, the classified consignments must stay in your personal possession, unless you are accompanying a classified consignment under NSA/DSA approved transportation plan.
3. The consignments will not be opened en route except in the circumstances described in paragraph 10 below.
4. The classified consignments are not to be discussed or disclosed in any public place.
5. The classified consignments are not, under any circumstances, to be left unattended. During overnight stops, military facilities or industrial companies having appropriate security clearance may be utilized. You are to be instructed on this matter by your company security officer.
6. While hand carrying or accompanying a classified consignment, you are forbidden to deviate from the schedule provided.
7. In case of emergency, you must take such measures as you consider necessary to protect the consignment, but on no account will you allow the consignment out of your direct personal possession except under circumstances described in paragraph 2 above; to this end, your instructions include details on how to contact the security authorities of the countries you will transit as stated in paragraph 11 below. If you have not received these details, ask for them from your company security officer.
8. You and the company security officer are responsible for ensuring that your personal expatriation and travel documentation (passport, currency and medical documents, etc.) are complete, valid and current.
9. If unforeseen circumstances make it necessary to transfer a consignment to other than the designated representative of the company or government you are to visit, you will give it only to authorised employees of one of the points of contact listed in the description of shipment.
10. There is no assurance of immunity from search by the Customs, Police, and/or Immigration Officials of the various countries whose borders you will be crossing; therefore, should such officials enquire into the contents of the consignment, show them your "courier certificate" the description of shipment and this note and insist on showing them to the senior Customs, Police, and/or Immigration Official; This action should normally suffice to allow the consignment to pass through unopened. However, if the senior Customs, Police, and/or Immigration Official demands to see the actual contents of the consignment you may open it in his presence, but this should be done in area out of sight of the general public.
82
You should take precautions to show officials only as much of the contents as will satisfy
them that the consignment does not contain any other item and ask the official to repack or
assist in repacking it immediately upon completion of the examination.
You should request the senior Customs, Police, and/or Immigration Official to provide
evidence of the opening and inspection of the consignment by signing and sealing them when
closed and confirming in the shipping documents (if any) that the consignment has been
opened.
If you have been required to open the consignment under such circumstances as the
foregoing, you must notify the receiving company Security Officer and the dispatching
company Security Officer, who should be requested to inform the NSA/DSA of their
respective governments.
11. Along the route you may contact the officials whose details will be provided to you before each journey and request assistance from them.
12. Upon return from each journey, you must produce a bona fide receipt for the consignment signed by the Security Officer of the company or agency receiving the consignment or by a NSA/DSA of the receiving government.
83
ANNEX to multi-travel certificate
Multi-travels courier certificate No:.......................
Description of shipment nr : ……..
Transport from (date) : …………… to (date) : ……………
Bearer (name) : ……………………………………………
Itinerary : from (originating country) ……………… to (destination country) ……………… through
(crossed countries) ……………………………… authorized stops (list of locations) :
…………………………………………
References of receipt or inventory list: ……………………………………
Description of the shipment (number of package, dimensions and, if needed, weight of each
package)
Officials you may contact to request assistance
Signature of company’s Security Officer
______________________________________________________________________
Note to be signed on completion of each shipment:
84
I declare in good faith that, during the journey covered by this "shipment description", I am not
aware of any occurrence or action, by myself or by other, that could have resulted in the
compromise of the consignment, except the events related below, if needed :
Place and date of declaration: ……………
Courier’s signature:…………………………..
Witnessed by (name and signature of company Security Officer): ………………………….
85
ANNEX E - TRANSPORTATION PLAN
(LETTERHEAD)
TRANSPORTATION PLAN -
FOR THE MOVEMENT OF CLASSIFIED CONSIGNMENTS
(INSERT NAME OF EDIDP ACTION)
1. INTRODUCTION
This transportation plan lists the procedures for the movement of classified (insert
EDIDP/Grant or Contract name) consignments between (insert EDIDP Action
Participants).
2. DESCRIPTION OF CLASSIFIED CONSIGNMENT
Provide a general description of the consignment to be moved. If necessary, a detailed,
descriptive listing of items to be moved under this plan, including nomenclature, may be
appended to this plan as an annex. Include in this section a brief description as to where
and under what circumstances transfers of custody will occur.
3. IDENTIFICATION OF AUTHORISED PARTICIPATING GOVERNMENT REPRESENTATIVES
This Section should identify by name, title and organisation, the authorised
representatives of each EDIDP Action Participant who will authorise receipt for and
assume security responsibilities for the classified consignment. Mailing addresses,
telephone numbers, telefax numbers, and/or telex address, network addresses should be
listed for each Participant’s representatives.
4. DELIVERY POINTS
(a) Identify the delivery points for each Participant (e.g. ports, railheads, airports, etc) and how transfer is to be effected.
(b) Describe the security arrangements that are required while the consignment is located at the delivery points.
86
(c) Specify any additional security arrangements, which may be required due to the unique nature of the movement or of a delivery point (e.g. an airport freight terminal or port receiving station).
5. IDENTIFICATION OF CARRIERS
Identify the commercial carriers, freight forwarders and transportation agents, where
appropriate, that might be involved to include the level of security clearance and storage
capability.
6. STORAGE/PROCESSING FACILITIES AND TRANSFER POINTS
(a) List, by participant, the storage or processing facilities and transfer points that will be used.
(b) Describe specific security arrangements necessary to ensure the protection of the classified consignment while it is located at the storage/processing facility or transfer point.
7. ROUTES
Specify in this section the routes for movements of the classified consignments under the
plan. This should include each segment of the route from the initial dispatch point to the
ultimate destination including all border crossings, in particular travel through non-
Participant states. Routes should be detailed for each Participant in the logical sequence
of the shipment from point to point. If overnight stops are required, security arrangements
for each stopping point should be specified. Contingency stop over locations should also
be identified as necessary.
8. PORT SECURITY AND CUSTOMS OFFICIALS
In this Section, identify arrangements for dealing with customs and port security officials of
each Participant. The facility must verify that the courier has been provided with the
necessary documentation and is aware of the rules necessary to comply with customs
and security requirements. Prior co-ordination with customs and port security agencies
may be required so that the Project/Programme movements will be recognised.
Procedures for handling custom searches and points of contact for verification of
movements at the initial dispatch points should also be included here.
9. COURIERS
87
When couriers are to be used, provisions for the international hand carriage of classified
materials specified in Section II and Annex D will apply.
10. RECIPIENT RESPONSIBILITIES
Describe the responsibilities of each recipient to carry out an inventory of movement and
to examine all documentation upon receipt of the movement and:
(a) Notify the dispatcher of any deviation in routes or methods prescribed by this plan;
(b) Notify the dispatcher of any discrepancies in the documentation or shortages in the shipment.
(c) Clearly state the requirement for recipients to promptly advise the Security Authority of the dispatcher of any known or suspected compromise of classified consignment or any other exigencies which may place the movement in jeopardy.
11. DETAILS OF CLASSIFIED MOVEMENTS
This section should contain the following items:
(a) Identification of dispatch assembly points.
(b) Packaging requirements that conform to the security rules of the EDIDP Action Participants. The requirements for dispatch documents seals, receipts, storage and security containers should be explained. Any unique requirement of the EDIDP Action Participants should also be stated.
(c) Documentation required for the dispatch points.
(d) Courier authorisation documentation and travel arrangements.
(e) Procedures for locking, sealing, verifying and loading consignments. Describe procedures at the loading points, to include tally records, surveillance responsibilities and witnessing of the counting and loading arrangements.
(f) Procedures for accessibility by courier to the shipment en route.
(g) Procedures for unloading at destination, to include identification or recipients and procedures for change of custody, and receipt arrangements.
88
(h) Emergency communications procedures. List appropriate telephone numbers and points of contact for notification in the event of emergency.
(i) Procedures for identifying each consignment and for providing details of each consignment; the notification should be transmitted no less than six working days prior to the movement of the classified consignment.
12. RETURN OF CLASSIFIED MATERIAL
This section should identify requirements for return of classified material to the
manufacturer or sending participant (e.g. warranty, repair, test and evaluation, etc.).
NOTE: Samples of these forms should be included, as appropriate, as enclosures to the
plan as necessary.
(1) Packing list
(2) Classified material receipts
(3) Bills of lading
(4) Export declaration
(5) Waybills
(6) Other Participant-required forms
89
ANNEX F - REQUEST FOR VISIT
Note: The completed form must be submitted directly to the Security Officer of the establishment
to be visited. Fields of the form related to NSAs/DSAs should be left empty.
REQUEST FOR VISIT
TO: _______________________________________
(Country/international organisation name)
1. TYPE OF VISIT REQUEST 2. TYPE OF INFORMATION/
MATERIAL OR SITE ACCESS
3. SUMMARY
One-time
Recurring
Emergency
Amendment
Dates
Visitors
Agency/Facility
For an amendment, insert the
NSA/DSA original RFV
Reference No._____________
CONFIDENTIAL or above
No. of sites:
_______
No. of visitors:
_____
4. ADMINISTRATIVE DATA:
Requestor:
To:
NSA/DSA RFV Reference No.________________
Date (dd/mm/yyyy): _____/_____/_____
90
5. REQUESTING GOVERNMENT AGENCY, ORGANISATION OR INDUSTRIAL FACILITY:
Government Industry European Commission Other
If other, specify: ______________________
NAME:
POSTAL ADDRESS:
E-MAIL ADDRESS:
FAX NO: TELEPHONE NO:
6. GOVERNMENT AGENCY(IES) , ORGANISATION(S) OR INDUSTRIAL FACILITY(IES) TO
BE VISITED - (Annex 1 to be completed)
7. DATE OF VISIT (dd/mm/yyyy): FROM _____/_____/_____ TO _____/_____/_____
8. TYPE OF INITIATIVE (Select one from each column):
Government initiative
Commercial initiative
Initiated by requesting agency or facility
By invitation of the facility to be visited
9. SUBJECT TO BE DISCUSSED/JUSTIFICATION/PURPOSE (To include details of host
Government/Project Authority and solicitation/contract number if known and any other
relevant information. Abbreviations should be avoided):
91
10. ANTICIPATED HIGHEST LEVEL OF INFORMATION/MATERIAL OR SITE ACCESS TO BE
INVOLVED:
Only if required by the laws/regulations of
the countries involved
Unclassified RESTRICTED
CONFIDENTIAL SECRET
If other, specify: ______________________
11. PARTICULARS OF VISITOR(S) - (Annex 2 to this form to be completed)
12. THE SECURITY OFFICER OF THE REQUESTING GOVERNMENT AGENCY,
ORGANISATION OR INDUSTRIAL FACILITY:
NAME:
TELEPHONE NO:
E-MAIL ADDRESS:
SIGNATURE:
92
13. CERTIFICATION OF SECURITY CLEARANCE LEVEL:
NAME:
ADDRESS:
TELEPHONE NO:
E-MAIL ADDRESS:
SIGNATURE: DATE (dd/mm/yyyy): _____/_____/_____
14. REQUESTING NATIONAL SECURITY AUTHORITY / DESIGNATED SECURITY
AUTHORITY:
NAME:
ADDRESS:
TELEPHONE NO:
E-MAIL ADDRESS:
SIGNATURE: DATE (dd/mm/yyyy): _____/_____/_____
15. REMARKS (Mandatory justification required in case of an emergency visit):
93
94
ANNEX 1 to RFV FORM
GOVERNMENT AGENCY(IES), ORGANISATION(S) OR INDUSTRIAL FACILITY(IES) TO
BE VISITED
1. Government Industry EU EDA Other
If other, specify: ______________________
NAME:
ADDRESS:
TELEPHONE NO:
FAX NO:
NAME OF POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
NAME OF SECURITY OFFICER OR
SECONDARY POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
95
2. Government Industry EU EDA Other
If other, specify: ______________________
NAME:
ADDRESS:
TELEPHONE NO:
FAX NO:
NAME OF POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
NAME OF SECURITY OFFICER OR
SECONDARY POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
96
3. Government Industry EU EDA Other
If other, specify: ______________________
NAME:
ADDRESS:
TELEPHONE NO:
FAX NO:
NAME OF POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
NAME OF SECURITY OFFICER OR
SECONDARY POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
97
4. Government Industry EU EDA Other
If other, specify: ______________________
NAME:
ADDRESS:
TELEPHONE NO:
FAX NO:
NAME OF POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
NAME OF SECURITY OFFICER OR
SECONDARY POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
98
4. Government Industry EU EDA Other
If other, specify: ______________________
NAME:
ADDRESS:
TELEPHONE NO:
FAX NO:
NAME OF POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
NAME OF SECURITY OFFICER OR
SECONDARY POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
(Continue as required)
99
ANNEX 2 to RFV FORM
PARTICULARS OF VISITOR(S)
1 Government Industry EU Employee EDA Employee
Other (Specify: ___________________________)
SURNAME:
FORENAMES (as per passport):
RANK (if applicable):
DATE OF BIRTH (dd/mm/yyyy):____/____/____
PLACE OF BIRTH:
NATIONALITY:
SECURITY CLEARANCE LEVEL:
PP/ID NUMBER:
POSITION:
COMPANY/AGENCY:
2 Government Industry EU Employee EDA Employee
Other (Specify: ___________________________)
SURNAME:
FORENAMES (as per passport):
RANK (if applicable):
DATE OF BIRTH (dd/mm/yyyy):____/____/____
PLACE OF BIRTH:
100
NATIONALITY:
SECURITY CLEARANCE LEVEL:
PP/ID NUMBER:
POSITION:
COMPANY/AGENCY:
3 Government Industry EU Employee EDA Employee
Other (Specify: ___________________________)
SURNAME:
FORENAMES (as per passport):
RANK (if applicable):
DATE OF BIRTH (dd/mm/yyyy):____/____/____
PLACE OF BIRTH:
NATIONALITY:
SECURITY CLEARANCE LEVEL:
PP/ID NUMBER:
POSITION:
COMPANY/AGENCY:
4 Government Industry EU Employee EDA Employee
Other (Specify: ___________________________)
SURNAME:
FORENAMES (as per passport):
101
RANK (if applicable):
DATE OF BIRTH (dd/mm/yyyy):____/____/____
PLACE OF BIRTH:
NATIONALITY:
SECURITY CLEARANCE LEVEL:
PP/ID NUMBER:
POSITION:
COMPANY/AGENCY:
5 Government Industry EU Employee EDA Employee
Other (Specify: ___________________________)
SURNAME:
FORENAMES (as per passport):
RANK (if applicable):
DATE OF BIRTH (dd/mm/yyyy):____/____/____
PLACE OF BIRTH:
NATIONALITY:
SECURITY CLEARANCE LEVEL:
PP/ID NUMBER:
POSITION:
COMPANY/AGENCY:
(Continue as required)
102
ANNEX G - COMSEC INSTRUCTIONS OF THE EDIDP ACTION XX
UNCLASSIFIED
Releasable to EDIDP Participants only
103
Version history
VERSION AUTHOR DATE
REASON FOR CHANGE
SUPERSEDED
DOCUMENT
COMMENTS
1.0 xx/xx/20xx
104
Table of Contents
Section 1 - Introduction....................................................................................................................... 106
1.1 Scope of the document ............................................................................................................. 106
1.2 Applicability ............................................................................................................................... 106
1.3 Acronyms and Glossary ............................................................................................................. 107
1.3.1 Acronyms ............................................................................................................................ 107
1.3.2 Glossary .............................................................................................................................. 107
1.4 COMSEC Items ........................................................................................................................... 108
1.4.1 Controlled COMSEC Items (CCI) ......................................................................................... 108
1.4.2 CRYPTO Items ..................................................................................................................... 108
Section 2 – Roles, Responsibilities and Functions ............................................................................... 109
2.1 Information Assurance Authority (IA Authority) ....................................................................... 109
2.2 Distribution Authority (DA) ....................................................................................................... 109
Section 3 - Security Measures to be implemented when handling COMSEC Items ........................... 110
3.1 Local Organisation ..................................................................................................................... 110
3.1.1 COMSEC Officer .................................................................................................................. 110
3.1.2 COMSEC Items Custodian ................................................................................................... 110
3.1.3 Alternate COMSEC Items Custodian .................................................................................. 110
3.1.4 Users ................................................................................................................................... 110
3.2 Access to COMSEC Items ........................................................................................................... 110
3.2.1 COMSEC Authorisation ....................................................................................................... 110
3.2.2 EDIDP COMSEC Authorisation ............................................................................................ 111
3.2.3 Personnel Training.............................................................................................................. 111
3.3 Auditing and Inspection of COMSEC Items ............................................................................... 111
3.3.1 Inventories and accounting ................................................................................................ 111
3.4 Movement of COMSEC Items .................................................................................................... 111
3.4.1 Transportation of Crypto Items .......................................................................................... 112
3.4.2 Notification/Transportation Plans (TPs) ............................................................................. 112
3.4.3 Preparation for Transport .................................................................................................. 113
3.4.4 Framework Transportation Plans ....................................................................................... 114
3.4.5 Transport of CCI.................................................................................................................. 114
3.4.6 Record of Transfer .............................................................................................................. 114
3.5 Destruction of COMSEC Items ................................................................................................... 114
3.6 Physical Security ........................................................................................................................ 115
3.6.1 No-Lone Zones ................................................................................................................... 115
3.6.2 Physical Security during Use .............................................................................................. 115
3.7 Security Incident handling ......................................................................................................... 115
105
3.7.1 Security Breach ................................................................................................................... 115
3.7.2 Compromise ....................................................................................................................... 115
Section 4 - Annexes ............................................................................................................................. 117
Annex 1 - Information assurance Authorities / Distribution Authorities OF PARTICIPANTS OF the EDIDP ACTION ................................................................................................................................................ 118
Annex 2 - Security Incident Report ..................................................................................................... 129
Annex 3 – Sample Certificate of COMSEC Authorisation .................................................................... 132
Annex 4 - EDIDP COMSEC Item Report ............................................................................................... 133
Annex 5 – Example of a COMSEC Authorisation Briefing ................................................................... 134
Annex 6 – Example of a COMSEC Authorisation Debriefing ............................................................... 136
106
Section 1 - Introduction
1. These instructions are part of the EDIDP PSI in its latest applicable version.
2. Their dissemination shall be limited to EDIDP Participants’ entities involved through a grant, contract, or by contractual or pre-contractual activity, in any phase of the EDIDP.
1.1 Scope of the document
1. This document establishes a set of common rules and security procedures and assigns responsibilities based upon the EU security policy concerning COMSEC information generated and exchanged under the EDIDP. It is intended to provide common security procedures for the marking, handling, storage, transmission, transport or destruction of COMSEC Items. The PSI and the related COMSEC Instructions are without prejudice to the applicable national and/or European prior-ranking rules and legislations. In case that the PSI or the COMSEC Instructions state a differing provision from the applicable national and/or European prior-ranking rules and legislations the stricter regulation is to be applied.
1.2 Applicability
1. This document applies to any Beneficiary or Contractor that will access or create COMSEC Items under the EDIDP. The latest version of the EDIDP COMSEC Instructions and its annexes is applicable to Beneficiaries or Contractors on a contractual basis.
2. It applies to all EDIDP participants in accordance with respective laws, rules and/or regulations, and to any company or national entity involved in contractual or pre-contractual activity7 in any of the phases of the EDIDP. Where mandated, item-specific Security Operating Procedures or Crypto Management Plans shall be used.
3. COMSEC Items shall be controlled and managed in accordance with specific handling and accounting procedures. Due to their particularly sensitive nature, additional handling measures may be required for COMSEC Items. Any compromise of COMSEC Items may lead to a compromise of Classified Information or systems. As a consequence, detailed handling procedures are established so as to:
a) allow the individual identification of COMSEC or CRYPTO Items;
b) ensure the proper dissemination control of COMSEC Items;
c) prevent the loss or compromise of COMSEC Items or their disclosure to
unauthorised entities;
d) detect any such loss or compromise; and
e) allow for the assessment of the possible damage caused.
4. Any Crypto Items used within the EDIDP shall be approved in accordance with the relevant laws, rules and/or regulations. Every COMSEC Item shall be accounted for and shall have a SecOps8. A Key Management Plan (or national equivalent) shall be in place before using the COMSEC item to protect the information.
7 Including proposal submission for a grant, grant signature and implementation.
8 As a minimum this should specify the environmental security assumptions and any procedural constraints or limitations applicable in order to maintain the certification status.
107
1.3 Acronyms and Glossary
1.3.1 Acronyms
CCI Controlled COMSEC Item
COMSEC Communication Security
DA Distribution Authority
IA Information Assurance
NSA National Security Authority
EDIDP European Defence Industrial Development Programme
1.3.2 Glossary Alternate: Alternate COMSEC Items Custodian.
Classified Information: any information or material designated by a security classification, of
which unauthorised disclosure could cause varying degrees of prejudice to the interests of the
Participants. Its classification is indicated by a classification marking.
COMSEC (Communication Security): application of security measures to telecommunications
in any form in order to deny unauthorised persons to access information of value derived from
the possession and study of such telecommunications or to ensure the confidentiality,
availability, authenticity, non-repudiation and integrity of the information travelling through the
communication channels.. Such measures include crypto, transmission (TRANSEC) and
emission (TEMPEST) security, as well as procedural, physical, personnel, document and
computer security.
COMSEC Authorisation: authorisation given by the appropriate authority of a Participant,
provided to an eligible individual to allow this person access to COMSEC Items.
Information Assurance Authority (IA Authority): The Participant’s Authority in charge of the
oversight of application of the rules regarding the management and the handling of COMSEC
Items. These IA Authorities are listed in Annex 1.
COMSEC Item: Item (equipment, data or information) that contributes through its integrity,
confidentiality, authenticity, availability and non-repudiation properties, to communications
security in an information system.
A COMSEC Item means all material, including keys in all forms, documents, devices or
equipment, that describe, contain or relate to cryptographic products and is essential to the
encryption, decryption or authentication of telecommunications and any other item that performs
critical COMSEC function. Therefore a COMSEC Item includes:
Keying material: key stored on all sort of media;
Device or piece of equipment: including the basic crypto device providing the
cryptographic service(s) and other related device such as crypto-ancillary device
(used in conjunction with the basic crypto device), keying material production
equipment, authentication equipment;
Documentation: including all documentation associated with a cryptosystem such
as operating instructions, user manual, installation manual, maintenance manual,
cryptographic security instruction and all other printed crypto material (excepting
keying material).
108
Controlled COMSEC Item (CCI): COMSEC Item of unclassified nature that contribute through
its integrity, confidentiality, authenticity, availability and non-repudiation properties, to the
security of a COMSEC system handling Classified Information.
Custodian: COMSEC Items Custodian.
Distribution Authority (DA): means the Distribution Authority of a Participant, responsible for
the security, distribution and accountability of the exchange of COMSEC Items in the framework
of the EDIDP.
Crypto: COMSEC Item of classified nature that contains sensitive cryptographic information
and/or that contribute through its integrity, confidentiality, authenticity, availability and non-
repudiation properties, to the security of a COMSEC system handling Classified Information.
Mandatory handling marking to be affixed these Items.
Participants’ Security Authorities: governmental bodies or bodies within EDIDP Participants
responsible for the security of Classified Information for the EDIDP and the coordination and
implementation of industrial security aspects of the EDIDP which are listed in the Annex A1 and
A2 of the EDIDP PSI.
1.4 COMSEC Items
1. A COMSEC Item (equipment, data or information) contributes through its integrity, confidentiality, authenticity, availability and non-repudiation properties, to communications security in an information system. (A full definition is included in the glossary.) In order to identify COMSEC Items as such they shall be marked additionally with appropriate administrative markings or annotations.
2. COMSEC Items shall be handled in accordance with their SecOps and any relevant local COMSEC procedures, in full compliance with the relevant rules and regulations of the Participant.
1.4.1 Controlled COMSEC Items (CCI)
1. A Controlled COMSEC Item (CCI) is a COMSEC Item of unclassified nature e.g. an unkeyed crypto device.
2. CCI shall bear a clearly visible handling marking “Controlled COMSEC Item” or “CCI”.
1.4.2 CRYPTO Items
1. A CRYPTO Item is a COMSEC Item of classified nature e.g. a crypto key.
2. The disclosure of a CRYPTO Item to unauthorised persons may seriously undermine the security of the related COMSEC system.
3. CRYPTO Items shall bear a clearly visible handling marking “CRYPTO”. This marking shall be applied in addition to the respective classification marking.
109
Section 2 – Roles, Responsibilities and Functions
2.1 Information Assurance Authority (IA Authority)
1. Each EDIDP Participant handling or generating COMSEC Items shall identify a IA Authority. This authority shall, in accordance with the relevant laws, rules and/or regulations, be responsible for the control of COMSEC Items held by entities under its jurisdiction, and for the coordination and implementation of these EDIDP COMSEC Instructions. The Participants´ IA Authorities and Distribution Authorities are listed in Annex 1
2. The IA Authority is responsible for regular security inspections within its area of responsibility to ensure that the relevant COMSEC Items are correctly protected. It shall check that access to COMSEC Items within its jurisdiction is limited to appropriately authorized individuals on a need to know basis.
2.2 Distribution Authority (DA)
1. Where COMSEC Items are held, each EDIDP Participant shall identify a Distribution Authority (DA). This DA is the responsible entity for ensuring that procedures are established for the comprehensive accounting, secure handling, storage, distribution and destruction of all COMSEC Items in its area of responsibility.
2. A list of the Participants’ IA Authorities and DAs, with points of contact, is at Annex 1.
110
Section 3 - Security Measures to be implemented when handling COMSEC Items
3.1 Local Organisation
1. A Beneficiary or Contractor that holds COMSEC Items shall establish an organisation with a COMSEC Officer, a COMSEC Items Custodian and an Alternate, and establish arrangements for the management and safeguarding of COMSEC Items.
3.1.1 COMSEC Officer
1. The COMSEC Officer is responsible for the correct application and compliance with these EDIDP COMSEC Instructions, as well as for the efficiency, accuracy and security of all COMSEC operations in his area of responsibility (including Crypto Accounts).
2. This role shall not be held by the person who holds the Custodian or Alternate role.
3. The COMSEC Officer shall be appointed in accordance with the relevant Participant’s laws, rules or regulations.
3.1.2 COMSEC Items Custodian
1. The COMSEC Items Custodian (the Custodian) of an organisation is responsible for the management (receipt, protection, accounting, inventory, distribution, and destruction) of all COMSEC Items held by the organisation.
2. The Custodian role shall not be held by the person who holds the Alternate role.
3.1.3 Alternate COMSEC Items Custodian
1. The Alternate COMSEC Items Custodian (the Alternate) assists the Custodian; however, responsibility for the COMSEC Items rests with the Custodian when he is present.
2. The Alternate role shall not be held by the person who holds the Custodian role.
3.1.4 Users
1. Users shall only be entrusted with COMSEC Items subject to signing a receipt and formally assuming the responsibility for the control and safeguarding of COMSEC Items, in accordance with the Participant’s laws, rules and/or regulations.
2. The User shall be briefed by the COMSEC Items Custodian on his responsibilities.
3. The User shall not pass COMSEC Items to another user without the approval of, and via, the COMSEC Items Custodian.
3.2 Access to COMSEC Items
1. COMSEC Items, whether classified or not, can only be issued or transferred to individuals belonging to an organisation or company that is directly involved in COMSEC activities in the framework of the EDIDP, and based strictly on the Need-to-Know principle.
3.2.1 COMSEC Authorisation
1. Individuals requiring access to EDIDP COMSEC Items shall be in possession of a specific authorisation to do so. This “COMSEC Authorisation” indicates that the individual has been briefed by the COMSEC Officer or the Custodian and is aware of his obligations regarding the handling of Programme COMSEC Items in accordance with these EDIDP COMSEC Instructions and the relevant laws, rules and/or regulations of the Participant where appropriate. COMSEC Authorisations or national equivalents shall comprise the information as contained in the sample attached in Annex 3).
111
2. The COMSEC Authorisation shall be removed when the need to know no longer exists. It can be renewed or re-issued, as appropriate in accordance with the Participants’ applicable laws, rules and/or regulations.
3. Individuals required to access COMSEC Items at the security classification level of CONFIDENTIEL UE/EU CONFIDENTIAL or above shall hold a Personnel Security Clearance (PSC) at the appropriate level.
4. When a person no longer requires a COMSEC Authorisation, the responsible COMSEC Officer shall debrief this person. The individual concerned shall sign a declaration of responsibility not to divulge any information on the COMSEC Items to which he had access.
5. When it is not possible to debrief an individual or a declaration cannot be signed, the COMSEC Authorisation is considered revoked and a detailed report shall be provided to the IA Authority of the relevant Participant.
3.2.2 EDIDP COMSEC Authorisation
1. Due to the international context of the EDIDP, the COMSEC Authorisation may need to be recognized by the other Participants. In such cases, the “EDIDP COMSEC Authorisation” (see Annex 3) shall be used to demonstrate that the individual has been appropriately briefed by the COMSEC Officer.
3.2.3 Personnel Training
1. Personnel shall be trained as appropriate for their roles and responsibilities in handling COMSEC Items for which they are responsible.
3.3 Auditing and Inspection of COMSEC Items
1. Entities holding COMSEC Items under their responsibility shall be subject to audit/inspection in accordance with the relevant Participant’s laws, rules and/or regulations.
3.3.1 Inventories and accounting
1. Within any entity where COMSEC Items are held, a COMSEC Account (or subaccount) must be formally established by the relevant DA.
2. COMSEC Items need to be accounted for throughout their lifecycle and shall be registered in the COMSEC Account.
3. COMSEC Items are accounted for through the use of transfer reports when they are transferred into or out of accounts, or possession reports when they are created or when they are discovered (e.g. in the event of a security incident). Annex 4 or a national equivalent shall be used for the purposes listed above and may also be used as an inventory form.
3.4 Movement of COMSEC Items
1. For the purposes of these Instructions, the term “movement” refers to both transmission and transportation. The term “transmission” refers to the electronic transfer of information, and the term “transportation” refers to the physical transfer of items via road, rail, air or sea.
2. The movement of COMSEC Items marked CRYPTO shall follow the applicable laws, rules and/or regulations of the sending Participant, or as otherwise provided for in the EDIDP PSI, including these EDIDP COMSEC Instructions.
112
3. The transportation of COMSEC Items marked CCI shall follow the applicable laws, rules and/or regulations of the sending Participant.
4. During transmission by electronic means of COMSEC Information marked CRYPTO, approved cryptographic products and Communication and Information Systems, which have been appropriately accredited for the purpose shall be used.
5. Transmission or transport of Classified Crypto Items among EDIDP Participants shall be through the transfer of the items between COMSEC accounts.
3.4.1 Transportation of Crypto Items
1. For the transportation of Crypto Items, the following general principles shall be applied by the sender when determining security arrangements:
a) the degree of protection afforded to a consignment shall be determined by a risk
assessment which considers the highest classification level of material contained
within it, the quantity of material being transported, and any constraints or
limitation imposed by any applicable SecOPs;
b) prior to any cross-border movement of COMSEC Items marked CRYPTO the
sending and receiving authorities shall be notified;
c) where required, a transportation plan (TP) shall be drawn up by the sender and
approved by the respective national IA Authorities or DAs;
d) journeys shall be point-to-point to the extent possible, and shall be completed as
quickly as circumstances permit.
3.4.2 Notification/Transportation Plans (TPs)
1. Transportation shall be notified by the sending DA to the recipient DA by means of a Notification or TP, which shall contain as a minimum the following information:
a) Identification of COMSEC Items being transported in the EDIDP COMSEC Items
Report (see Annex 4);
b) Distribution Authorities Involved;
c) Identification of Sending and Receiving COMSEC accounts;
d) Identification of Couriers;
e) Method of transportation.
2. Transportation Plans (TPs) shall remain unclassified unless there is a reason for them to be classified. In principle a TP should not be classified at a level higher than RESTREINT UE/EU RESTRICTED.
3. When a number of predefined COMSEC Items of the same type and classification are to be moved repeatedly between the same two COMSEC Accounts one Framework Transportation Plan (FTP) may be proposed by the sending entity to cover all these movements for a period of up to one year or as otherwise mutually agreed (see Section “Framework Transportation Plans” below for details).
4. Notifications and TPs for the international movement of Crypto Items shall be submitted to the sending DA no later than 10 working days prior to the proposed date of the transport.
5. The procedure for the approval cycle is as follows:
The sending entity agrees the details of the transport with the receiving entity;
a) If a TP is required, the sending entity drafts the TP;
b) The sending entity then provides the TP to its DA;
113
c) The DA of the sending entity checks the TP for compliance with relevant security
requirements and then forwards it to the DA of the receiving entity for agreement
or notification, as appropriate;
d) The receiving COMSEC Account notifies the sending COMSEC Account of receipt
of the TP or Notification;
e) In the absence of response regarding the approval from the DA of the receiving
entity, approval of the TP shall be assumed and the movement can take place.
6. Personnel acting as couriers shall be appropriately security cleared to carry the consignment.
7. The competent security authorities involved shall endeavour to ensure that any relevant national authority is informed and shall request cooperation according to local laws, rules and/or regulations.
3.4.3 Preparation for Transport
1. Crypto Items to be transported shall be prepared as follows:
a) the package shall not show external evidence of its security marking. The security
classification level or the handling marking shall only be applied on the internal
packaging and on the item itself;
b) the inner wrapping shall be marked with the addresses of both the sender and the
recipient, the classification, the marking “CRYPTO” and “to be opened only by the
COMSEC Items Custodian”;
c) the outer wrapping shall bear the public addresses of both the sending and the
receiving entities;
d) subject to the requirements of the SecOps, keys shall not be transported with their
associated equipment unless the physical configuration of the equipment makes
segregation and/or reading of key and equipment impossible (in this case the
equipment shall be classified at the same level as the stored key);
e) unless justified in exceptional cases and approved by the sending DA, Crypto
Items shall not be transported in operational state (i.e. keyed);
f) if it is necessary that Crypto Items are transported in an operational state, unless
otherwise decided by the sending entity’s DA, the equipment shall be classified at
the highest level of the transported items.
2. There is no assurance of immunity from search by customs, police and/or immigration officials of countries whose borders are crossed. If officials enquire into the contents of the consignment, the courier certificate shall be presented to the senior customs, police and/or immigration official. This action should, in principle, be sufficient to allow the consignment to pass unopened. However, if it is insisted that the consignment is opened for inspection:
a) this shall be done in the presence of the senior official;
b) the opening of the consignment shall take place in an area out of sight of the
general public;
c) precautions shall be taken to show the relevant officials the minimum content
necessary;
114
d) repacking shall be done immediately upon completion of the examination; the
senior official shall be asked to provide evidence of the opening and inspection of
the consignment on the shipping documents;
e) the senior official shall also be requested to sign and re-seal the consignment.
3.4.4 Framework Transportation Plans
1. In the case that transportation of COMSEC Items between two entities is expected to be recurrent, a framework Transportation Plan may be established. The decision to establish a FTP shall be agreed by both sending and receiving DAs.
2. The process for establishing an FTP is the same as that for normal TPs.
3. Each time a movement relating to the FTP occurs, notification shall be sent by the sending entity to the DA concerned. The minimum content of the notification shall be:
a) reference to the FTP;
b) details of the sender and recipient;
c) courier details;
d) any other detail deemed necessary.
3.4.5 Transport of CCI
1. CCI shall be transported in a manner that affords appropriate protection in accordance with the applicable laws, rules or regulations of the sending Participant.
3.4.6 Record of Transfer
1. The transfer of COMSEC Items shall always be between COMSEC Accounts, and supported by a COMSEC Items Report.
2. As a general rule, such reports shall be unclassified; if necessary such reports shall be classified in accordance with the information contained in the report itself.
3. The Custodian or Alternate at the final destination is the only person authorised to open, verify and sign the receipt note of the packages containing COMSEC Items. The sending Custodian shall account for the item until the signed receipt has been received from the receiving Custodian.
4. For every package or envelope the receiving Custodian shall:
a) before opening the package, carry out an examination to identify any sign of
tampering or violation; and
b) make a thorough check of the content based on the related transfer report (usually
included in the consignment)
c) sign and return the receipt note, annotating any discrepancies, providing a copy to
its DA; and
d) raise a Security Incident if there is any evidence of tampering or discrepancy.
5. Any evidence of tampering or discrepancy shall be considered a Security Incident until confirmed otherwise by an investigation.
3.5 Destruction of COMSEC Items
1. Both the routine and emergency destruction of COMSEC Items shall be in accordance with the SecOps and national rules and regulations, taking into account the following:
115
a) destruction should normally be performed by the Custodian and or the Alternate in
the presence of a witness
b) the use of destruction equipment and methods shall be approved by the
Participant’s Security Authority.
2. The destruction of COMSEC Items shall be reported by way of a destruction report. A COMSEC Items Report shall be used for this purpose.
3.6 Physical Security
1. COMSEC Items shall be handled in such a way that unauthorised access is prevented, and to safeguard the confidentiality, integrity, availability, authenticity and non-repudiation properties of the COMSEC Items concerned.
3.6.1 No-Lone Zones
1. A No-Lone Zone is an area where no single person can have unescorted access. It requires the presence of at least two appropriately cleared and COMSEC authorised persons at all times.
2. Where it is possible for an individual to directly access red key material (information for which any modification can lead to the failure of the cryptographic service that uses it), the use of a No-Lone-Zone shall be considered and if applied, done in accordance with Participant’s laws, rules and/or regulations.
3.6.2 Physical Security during Use
1. All COMSEC Items shall be used in accordance with local rules determined by the local IA Authority and in compliance with their SecOps.
3.7 Security Incident handling
1. Any incident involving COMSEC Items shall be reported in accordance with the EDIDP PSI; in particular for COMSEC Items (COMSEC Incident), the COMSEC Items Custodian has to be notified, who shall follow the procedure established by his relevant DA, and provide the details listed in Annex 2, where applicable.
3.7.1 Security Breach
1. Any unusual fact or event that leads to a compromise or potential compromise of COMSEC Items represents a violation of communications security and is considered a security breach. This security breach could be:
a) “procedural”, in the case of non-compliance with the relevant security regulations
for safeguarding COMSEC Items; or
b) “operational”, when due to non-compliance with the SecOps, the applicable
procedures for the management and use of COMSEC Items, or the malfunctioning
of cryptographic equipment.
3.7.2 Compromise
1. Compromise denotes a situation when, due to a breach of security or adverse activity (such as espionage, acts of terrorism, sabotage or theft), COMSEC Items have lost their confidentiality, integrity, availability, authenticity or non-repudiation properties. This includes loss, disclosure to unauthorised individuals or parties, unauthorised modification or destruction, or a denial of service.
2. A compromise can be:
116
a) “physical”, when an unauthorised person gains access to COMSEC Items as a
result of loss, capture, theft, recovery after an accident, unauthorised access, or
any other material cause;
b) “cryptographic”, when an unauthorised person succeeds through theft or
cryptographic analysis to get information pertaining to, for example:
the cryptographic techniques used;
the “plain text” , or part of it, contained in the ciphered message; or
a key or part of a key.
3. In the event of an actual or possible compromise, there may be an obligation to report this matter to the Granting or Contracting Authority/Agent in accordance with the EDIDP PSI.
117
Section 4 - Annexes
Important note: the templates provided in these sections are mostly unclassified when not
completed. It is the issuer’s responsibility to ensure that a document issued on the basis of the
template is classified in accordance with the information contained in it.
Annex 1 - Information Assurance Authorities / Distribution Authorities of Participants of the EDIDP
Action
Annex 2 - Security Incident Report
Annex 3 – Sample Certificate of COMSEC Authorisation
Annex 4 - EDIDP COMSEC Item Report
Annex 5 – Example of a COMSEC Authorisation Briefing
Annex 6 – Example of a COMSEC Authorisation Debriefing
118
Annex 1 - Information Assurance Authorities / Distribution Authorities of Participants of the EDIDP Action9
1. Austria
IA AUTHORITY DISTRIBUTION AUTHORITY
Austrian NDA
Bundeskanzleramt / Büro der Informationssicherheitskommission
Federal Chancellery / Federal Office for Information Security
Ballhausplatz 2
1014 Wien
Österreich
Care of:
Mr. Alfred GRABNER, Crypto-Custodian
Telephone: +43 1 53115 202791
E-mail: [email protected]
2. Belgium
IA AUTHORITY DISTRIBUTION AUTHORITY
Care of Cdt Serge Del Calzo: E-mail: [email protected] Quartier S/Lt Vilain Rue Brisee 309
7020 Nimy
Telephone: +32 65 22 15 10
E-mail: [email protected]
3. Bulgaria
IA AUTHORITY DISTRIBUTION AUTHORITY
State Agency for National Security
45 Cherni Vrah Blvd.
1407 Sofia
Bulgaria
State Agency for National Security
45 Cherni Vrah Blvd.
1407 Sofia
Bulgaria
9 When drafting the specific PSI for the Action, this list should be adapted by leaving in it only the entries relating to Participants of that particular Action.
119
Fax: +359 2 9632 188; +359 2 8147 441
E-mail: [email protected]
State Commission on Information Security
Cherkovna street 90
1505 Sofia
Bulgaria
Telephone: +359 2 9333 600
Fax: 359 2 9873 750
E-mail: [email protected]
Fax: +359 2 9632 188; +359 2 8147 441
E-mail: [email protected]
Permanent Representation of Bulgaria
Square Marie-Louise 49
1000 Bruxelles
Belgium
4. Croatia
IA AUTHORITY DISTRIBUTION AUTHORITY
Care of Assistant Director Ms. Iva Jeličić
Croatian NDA
Fra Filipa Grabovca 3
10000 Zagreb, Croatia
E-mail: [email protected]
5. Cyprus
IA AUTHORITY DISTRIBUTION AUTHORITY
Cyprus National Guard General Staff
Ministry of Defence
172-174, Strovolos Avenue, 2048 Strovolos,
Nicosia
Tel: +357 22417757
E-mail: [email protected]
Crypto Distribution Authority
Ministry of Foreign Affairs
Presidential Palace Avenue, 1447, Nicosia
Telephone: +357 22651001
E-mail: [email protected]
6. Czech Republic
IA AUTHORITY DISTRIBUTION AUTHORITY
Mr. Luděk Havel NCISA – NA Popelce 2/16
PO Box 14
120
150 06 Praha 56
7020 Nimy
Telephone: +420 257 283 205
E-mail: [email protected]
7. Denmark
IA AUTHORITY DISTRIBUTION AUTHORITY
Norvangen 23
PO Box 295
4220 Korsoer
Telephone: +45 58 30 84 90
Email: [email protected]
Care of Finn Larsen ([email protected])
Telephone: +45 7257 4636
8. Estonia
IA AUTHORITY DISTRIBUTION AUTHORITY
NDA Estonia
Estonian Foreign Intelligence Service
Rahumäe tee 4B
11316 Tallinn, Estonia
COMSEC Manager: Mr. Marek Lehtsalu
Telephone: +372 693 5084
E-mail: [email protected]
9. Finland
IA AUTHORITY DISTRIBUTION AUTHORITY
National Cyber Security Centre Finland (NCSC-FI) / National Communications Security Authority Finland (NCSA-FI) Finnish Transport and Communications Agency Traficom
Visiting address: Dynamicum, Erik Palménin aukio 1, Helsinki, Finland
Postal address: P.O. Box 313, FI-00059
National Cyber Security Centre Finland (NCSC-FI) / National Distribution Authority Finland (NDA-FI) Finnish Transport and Communications Agency Traficom
Visiting address: Dynamicum, Erik Palménin aukio 1, Helsinki, Finland
Postal address: P.O. Box 313, FI-00059
121
TRAFICOM
E-mail: [email protected]
TRAFICOM
Care of Mr. Seppo Piiroinen Telephone: +358 40 763 8848
E-mail: [email protected]
10. France
IA AUTHORITY
Monsieur le Directeur Général de l’Agence Nationale de la Sécurité des Systèmes d’Information
SGDSN/ANSSI
51, boulevard de la Tour-Maubourg
75700 Paris SP 07, France
DISTRIBUTION AUTHORITY
(INDUSTRY)
Crypto-Custodian name: OR9 ADC Maryse VOGT
Crypto Custodian telephone: +33 1 34936233
Alternate Crypto-Custodians : OR8 ADJ François BONVENTRE, OR7 MT Caroline SPARFEL, OR7 SGC Florian SAINTIER
Alternate Crypto-Custodian telephones: +33 1 34936325;+33 1 34936321; +33 1 34936730
Postal Address:
National Distribution Agency - Site de Maisons-Laffitte
Base des Loges
8 Avenue du Président Kennedy - BP 40202
78102 SAINT GERMAIN EN LAYE CEDEX
Material Delivery Address:
National Distribution Agency France
QUARTIER GALLIENI
Rue de la Muette
78 600 MAISONS-LAFFITTE
E-mail: [email protected]
122
For any other COMSEC Items, refer to the French IA Authority.
11. Germany
IA AUTHORITY DISTRIBUTION AUTHORITY
Federal Ministry of the Interior
Referat ÖS III5 – NSA
Alt-Moabit 140
10557 Berlin
Germany
Telephone: +49 30 18 681 11593
FAX: +49 30 18 681 51593
E-mail: [email protected]
Bundesamt für Sicherheit in der Informationstechnik (BSI) Federal Office for Information Security Referat/Section KT16 Postfach 20 03 63 53133 Bonn Germany Email: [email protected]
See note below
Note: Until further notice, Transportation Plans for EDIDP COMSEC/CRYPTO Items should be submitted to the German NSA.
12. Greece
IA AUTHORITY DISTRIBUTION AUTHORITY
HNDGS Bldg 18359 Mesogion Avenue
APO GR 1020 Cholargos
1020 Athens
Telephone: +30 21 0657 6132
Permanent Representation of Greece to the European Union
Rue Jacques de Lalaing 19–21
1040 Bruxelles
Belgique
123
13. Hungary
IA AUTHORITY DISTRIBUTION AUTHORITY
47 BEM Rakpart
1027 Budapest
Telephone: +361 458 1466
Permanent Representation of Hungary
Department of Security
Mr. György FEKETE, InfoSec Officer
92-98, Rue de Treves, 1040 Brussels
Fekete György - BEU
Email: [email protected]
14. Ireland
IA AUTHORITY DISTRIBUTION AUTHORITY
National Security Authority Ireland
Department of Foreign Affairs and Trade
76-78 Harcourt Street
Dublin 2
D02 DX45
Telephone: +353 1 408 2724
E-mail: [email protected]
15. Italy
IA AUTHORITY DISTRIBUTION AUTHORITY
Mr. Santi Irrera Presidenza del Consiglio dei Ministri Polo Tecnologico –NDA Via della Pineta Sacchetti 216
00168 Rome
Telephone: +39 06 22 52 594
E-mail: [email protected]
124
16. Latvia
IA AUTHORITY DISTRIBUTION AUTHORITY
Mr. Marcis Lipkins
NDA Latvia
Miera street 85A
LV - 1013 Riga
Telephone: +371 670 25 396
E-mail: [email protected]
17. Lithuania
IA AUTHORITY DISTRIBUTION AUTHORITY
Gedimino Avenue 40/1
Room 313
01110 Vilnius
Telephone: +370 5 266 3048
Permanent Representation of Lithuania
Rue Belliard 41-43
1040 Bruxelles
Belgique
18. Luxembourg
IA AUTHORITY DISTRIBUTION AUTHORITY
BP 11
L-6905 Nierdanven
Telephone: +352 24787124
Mr. Pascal THIES
Crypto Custodian, NDA LU
Centre de Communications du Gouvernement
NDA LUXEMBOURG
Château de et à SENNINGEN
50, rue du Château
125
L-6961 SENNINGEN
Luxembourg
Telephone: +352 24787124
E-mail: [email protected]
19. Malta
IA AUTHORITY DISTRIBUTION AUTHORITY
NSA Infosec
PO Box 146
Valetta
E-mail: [email protected]
20. Netherlands
IA AUTHORITY DISTRIBUTION AUTHORITY
Care of Mr. Alex Okkerse
Netherlands National Distribution Authority (NDA NL)
Europaweg 4
2711 AH Zoetermeer
PO Box 20010
2500 EA The Hague
Telephone: +31 79 320 5114
Fax: +31 79 320 5238
E-mail: [email protected]
21. Poland
IA AUTHORITY DISTRIBUTION AUTHORITY
Mr. Michał SIEMIĄTKOWSKI or Mr Andrzej MACIĄG
Internal Security Agency
Ul. Rakowiecka 2A
00-993 Warsaw
Telephone: +48 22 5858822; +48 22 5859722
E-mail: [email protected]
126
22. Portugal
IA AUTHORITY DISTRIBUTION AUTHORITY
Rua da Jujquira 69
1300-342 Lisboa
Telephone: +351 2111 25474/5
Email: [email protected]
23. Romania
IA AUTHORITY DISTRIBUTION AUTHORITY
Ms. Cristina Spatarelu
RO NSA
NDA Romania
Street Mures nr 4 Sector 1
Orniss – RO NSA
012275 Bucharest
Telephone: +40 21 2075 141
E-mail: [email protected]
24. Slovakia
IA AUTHORITY DISTRIBUTION AUTHORITY
National Security Authority
Budatinska 30
851 06 Bratislava
Telephone: +421 2 6869 1111
Fax: +421 2 6869 1700
E-mail: [email protected]
NDA Slovakia
National Security Authority
Budatinska 30
851 06 Bratislava
Telephone: +421 2 6869 1111
Fax: +421 2 6869 1700
E-mail: [email protected] and
127
25. Slovenia
IA AUTHORITY DISTRIBUTION AUTHORITY
NDA
Government Office for the Protection of Classified Information (SI NSA)
Gregorciceva 27
SI-1000 Ljubljana, Slovenia
Head of NDA: Mr. Miran Skobe
Telephone: +386 1 4781390/94
Fax: +386 1 4781399
E-mail: [email protected] and [email protected]
26. Spain
IA AUTHORITY DISTRIBUTION AUTHORITY
Centro Criptológico Nacional (CCN)
C/ Argentona, 30
28023 Madrid - España (SPAIN)
Telephone: +34 91 3726664; +34 91 3726743
Fax: +34 91 3725848
E-mail: [email protected];
Agencia Nacional de Distribución NDA ESP
Centro de Sistemas y Tecnologías de la Información y las Comunicaciones CESTIC
Pº de la Castellana, 109
28071 Madrid - España (SPAIN)
Telephone: +34 91 3955486; +34 913955400
Fax: +34 91 3955147
E-mail: [email protected]
27. Sweden
IA AUTHORITY DISTRIBUTION AUTHORITY
SWE NCSA/CAA
Military Intelligence and Security Agency
Swedish Armed Forces HQ
S - 107 85 Stockholm
Telephone: +46 8 788 75 00
Fax: +46 8 788 78 97
E-mail: [email protected]
SWE CDA/NDA
Military Intelligence and Security Agency
Swedish Armed Forces HQ
Must Säkk Säkt NF
S - 107 85 Stockholm
Telephone: +46 8 788 75 00
Fax: +46 8 788 78 97
128
E-mail: [email protected]
28. United Kingdom
IA AUTHORITY DISTRIBUTION AUTHORITY
CESG CINRAS
CESG
Hubble Road
Cheltenham
Gloucestershire
GL51 0EX
United Kingdom
Telephone: +44 1242 221491 ext 31873
E-mail: [email protected]
CESG NDA
A1-D7-4
CESG
Hubble Road
Cheltenham
Gloucestershire
GL51 0EX
United Kingdom
Telephone: +44 1242 221491 ext 32039
Fax: +44 1242 709151
E-mail: [email protected]
29. European Commission
IA AUTHORITY DISTRIBUTION AUTHORITY
Mr. Nicolas Dubois Head of Sector HR.DS.3.001 European Commission BERL 03/253 Berlaymont Rue de la Loi, 200 1040 Brussels Belgium E-mail: [email protected]
129
Annex 2 - Security Incident Report
The following serves as an example of the categories of information that may need to be included in a Security Incident Report
SUBJECT The subject of the report will consist of the words "COMSEC Compromise” only.
REFERENCES Identify the reporting requirement or previous related messages.
SECTION 1: COMSEC Account
Provide the number of the COMSEC account concerned.
SECTION 2: Material involved
(1) For hard copy keying material, hard copy key that has been converted to electronic form, and documents, list: the short title; edition; register or other accounting number, specific segments, tables, pages, etc., if not a complete edition or document; date stamped on the protective technology, if available; and the controlling authority for each short title. (2) For all other key in electronic form, list: the short title, key designator, tag, or other identifier, circuit designator; type of crypto equipment used to secure the circuit. (3) For equipment, list: the system designator or nomenclature; modification number, if applicable; serial number of material; serial number on the protective technology, if available; and the associated or host equipment. If the equipment was keyed, also provide the information required for keying material.
SECTION 3: Personnel involved
For Personnel Compromise only: for each individual involved, provide name, rank/grade, duty position, citizenship and the level of security clearance.
For all other COMSEC compromises: provide only the duty position, level of security clearance (if known), citizenship of the individual involved.
SECTION 4:
Circumstances of Incident
Give a chronological account of the events that caused the incident with enough detail to give a clear picture of how the incident occurred. The chronology must include all relevant dates, times of day, frequency of events, precise locations and organizational elements involved. If the reason for the incident is not known, describe the events that led to the discovery of the incident. Include a description of the security measures in effects at the location and estimate the possibility that unauthorized personnel had access to the material.
SECTION 5:
Possibility of Compromise
Provide an opinion as to the possibility of compromise and the basis for the opinion. Use one of the following terms:
1. Compromise. The material was irretrievably lost or available information clearly proves that the material was made available to an unauthorized person. 2. Compromise cannot be excluded. Available information indicates that the material could have been made available to an unauthorized person, but there was no clear proof that it was made available. 3. No compromise. Available information clearly proves that the material was not made available to an unauthorized person.
SECTION 6: Additional reporting requirements when the incident involved:
130
a. Incorrect use of COMSEC keying material or Use of unapproved operating procedures
(1) Describe the communications activity (e.g. on-line/off-line, point-to-point/netted operation, etc) and the operating mode of the COMSEC equipment. (2) Estimate the amount and type of traffic involved (3) Estimate the length of time the key was used.
b. Use of malfunctioning COMSEC equipment
(1) Describe the symptoms of the malfunction (2) Estimate the likelihood that the malfunction was deliberately induced. If so, see item d. (3) Estimate how long the malfunctioning equipment was in use (4) Estimate the amount and type of traffic involved.
c. Unauthorized modification or maintenance of COMSEC equipment
or discovery of a clandestine electronic surveillance or recording device in or near a COMSEC facility
(1) Describe the modification or device, installation, symptoms, host equipment involved, and protective technology, if applicable. (2) Estimate how long the item may have been in place. (3) Estimate the amount and type of traffic involved (4) Identify the counterintelligence organization notified, if applicable. Include a point of contact and telephone number at the counterintelligence organization.
d. Known or suspected defection, espionage, attempted recruitment, unauthorized absence, sabotage, capture, hostile cognizant agent activity, or treason
(1) Describe the individual's general background in COMSEC and the extent of knowledge of crypto principles and protective technologies. (2) List the crypto systems to which the individual had current access and whether the access was to keying material. State whether the individual had access to the cryptographic logic/parameters or access to full or limited maintenance manuals; for keying material, list the short titles and editions involved.
e. Unauthorized access to COMSEC material
(1) Estimate how long unauthorized personnel had access to the material. (2) State whether espionage is suspected. If so, see item d. (3) Identify the counterintelligence organization notified. Provide a point of contact and telephone number at the counterintelligence organization.
f. Loss of COMSEC material
(1) Describe the circumstances of last sighting; provide any available information concerning the cause of disappearance.
(2) Describe the actions taken to locate the material. (3) Estimate the possibility that material may have been removed by authorized or unauthorized persons. (4) Describe the methods of disposal of classified and unclassified waste and the possibility of loss by those methods
g. COMSEC material discovered outside of required COMSEC control or accountability
(1) Describe the action that caused accountability or physical control to be lost (if known) and restored. (2) Estimate the likelihood of unauthorized access. (3) Estimate the length of time the material was unsecured.
131
h. COMSEC material received with a damaged inner wrapper
(1) Give a complete description of the damage (2) When the damage occurred in transit, identify the means of transmittal. Include the package number and point of origin. (3) When the damage occurred in storage, describe how the material was stored. (4) Estimate the likelihood of unauthorized access or viewing. (5) Ensure all packaging containers, wrappers etc., are retained until destruction is authorized.
i. Known or suspected tampering with COMSEC equipment or penetration of protective technology
(1) Describe the evidence of tampering or penetration (2) When the suspected tampering or penetration occurred in transit, identify the means of transmittal. Include the package number or point of origin. (3) When the suspected tampering or penetration occurred in storage, describe how the material was stored. (4) Identify the counterintelligence organization notified. Provide a point of contact and telephone number at the counterintelligence organization. (5) Identify the date stamped on the protective technology, or serial number on the protective technology, as applicable.
j. Unauthorized photography or reproduction
(1) Identify the material or equipment that was reproduced or photographed. (2) Provide the reason for the reproduction and describe how the material was controlled. (3) Specify detail contained in the photographs of the inside of the equipment. (4) State whether espionage is suspected. If so, see item d. (5) If the incident is evaluated as "compromise" or "compromise cannot be excluded" forward a copy of each photograph or reproduction to the IA Authority.
k. Aircraft crash
(1) Identify the location of the crash (including coordinates), and specify whether the crash occurred in friendly or unfriendly territory. If the aircraft crashed at sea, see item l. (2) State whether the aircraft remained largely intact or if wreckage was scattered over a large area. Estimate the size of the area. (3) State whether the area was secured. If so, indicate how soon after the crash and by whom. (4) Provide the coordinates (when available) or the approximate distance and direction from the shore. (5) Estimate the depth of the water. (6) State whether material was in weighted containers or was observed to sink.
l. Material lost at sea
(1) Estimate the sea state, tidal tendency, and the most probable landfall.
(2)State whether salvage efforts were made or are anticipated.
(3)State whether foreign vessels were in the immediate area and their registry, if known.
(4)Estimate the possibility of unsuccessful salvage operations by unfriendly nations.
SECTION 7:
Point of Contact
Include the name and telephone number of an individual who is prepared to respond to questions from the evaluating authority.
132
Annex 3 – Sample Certificate of COMSEC Authorisation
PART I - BRIEFING
1. NAME
2. POSITION
3. LEVEL OF PERSONNEL SECURITY CLEARANCE
4. EXPIRATION DATE OF PERSONNEL SECURITY CLEARANCE
5. LEVEL OF SECURITY CLASSIFICATION OF CRYPTO INFORMATION FOR WHICH ACCESS IS AUTHORIZED
6. BRIEFING CERTIFICATE
I, hereby certify that I have received a briefing on COMSEC security, provided
to me by __________________________________________________________
on the date of ___ / ___ / 20___.
I understand that the safeguarding of COMSEC Items is of the utmost importance and
that the loss or compromise of COMSEC Items could lead to irreparable damage to
the EDIDP security.
I have been instructed in the security relations concerning the disclosure of
information pertaining to the EDIDP cryptosystems.
I understand the instructions provided to me, which govern the control and
safeguarding of the COMSEC Items to which I have been granted access.
7. SIGNATURE OF THE INDIVIDUAL
8. SIGNATURE OF THE COMSEC OFFICER
DATE DATE PART II - DEBRIEFING
DEBRIEFING CERTIFICATE I, _______________________________________ hereby certify that I have received a
debriefing on relinquishing my appointment.
I understand the importance of EDIDP security and of the necessity to continue
safeguarding EDIDP COMSEC Items and I commit myself to not disclose EDIDP
information I had access to.
9. SIGNATURE OF THE INDIVIDUAL
10. SIGNATURE OF THE COMSEC OFFICER
DATE DATE
When unfilled, the template is unclassified.
Once completed it, must be classified accordingly
Annex 4 - EDIDP COMSEC Item Report
FROM: DATE NUMBER
TYPE OF REPORT
TRANSFER HAND RECEIPT
DESTRUCTION INVENTORY
NOTIFICATION – POSSESSION TO:
SHORT TITLE QUANTITY FIRST COPY
NUMBER
LAST COPY NUMBER REMARKS
Nothing accountable below this line
return this copy to
originator
this copy to be
retained for addressee’s file
Transferring Custodian Receiving/witnessing Custodian
Signature:
Name:
Tel.:
Date:
Signature: Name: Tel.: Date:
134
Annex 5 – Example of a COMSEC Authorisation Briefing
1. INTRODUCTION You have been selected to perform duties that require access to cryptographic information. It is essential that you are made aware of certain facts and responsibilities before such access is granted. This briefing provides you with the background on the special safeguards necessary for protecting crypto material and on the damage that can occur from disclosure of this material to unauthorised persons. Personnel requiring crypto-authorisation shall have an up-to-date certificate of security clearance appropriate to the classification level of information to which they need access.
2. NEED-TO-KNOW Knowledge of cryptosystems is confined to individuals with a “need-to-know”. No disclosure of information relating to such cryptosystems is to be made to individuals or authorities not authorised to receive such information.
3. SPECIAL HANDLING MARKINGS The need-to-know principle is reinforced by use of special handling markings in addition to security classifications. This indicates access is limited to authorised individuals. Accountable crypto or COMSEC material bears the marking "CRYPTO" and/or "CCI". COMSEC Items marked “CCI” are UNCLASSIFIED. COMSEC Items marked “CRYPTO” are CLASSIFIED.
4. RESPONSIBILITIES Any individual who has CRYPTO material in his possession is directly responsible for its safekeeping and must ensure that anyone to whom he passes the material is authorised to receive it. He is responsible for following security rules at all times and for reporting any circumstances, occurrences, intentional or unintentional acts which could lead to the disclosure of classified cryptographic information or material to unauthorised individuals.
5. SENSITIVITY OF KEYING MATERIAL All keying material, regardless of its security classification level must be afforded the most stringent protection throughout its existence from the time it is produced until it is superseded and destroyed. When protecting operational information, all keying material will bear the marking "CRYPTO" to indicate its unique sensitivity. Keying material bearing the "CRYPTO" marking is subject to specific controls governing distribution, transmission, accounting, issue, usage, disposal, and destruction in accordance with the instructions contained in the present instruction. These controls are designed to ensure that access to keying material is strictly limited to individuals having a need-to-know and holding an appropriate certificate of security clearance.
6. PHYSICAL SECURITY Safeguarding crypto material from unauthorised access or physical loss is required to ensure the security of classified communications. Any knowledge or suspicion that crypto material has been lost or possibly compromised, or that cryptographic information has become known to unauthorised persons, shall be immediately reported. If a compromise is disclosed, prompt action can be taken to limit the amount of damage. If the compromise is undisclosed, the users assume their security is unimpaired, and continue to pass classified information to an adversary. It is for these reasons that prompt reporting of any suspicious incidents is critical to operational security.
135
7. After this briefing, you will sign a copy of the Certificate of COMSEC-Authorisation Form stating that you have understood this briefing and are aware of the damage resulting from disclosure of cryptographic information to any unauthorised person. This form authorises you access to cryptographic information. It does not entitle you to access cryptographic information for which you have no need-to-know, nor does it entitle you entry to a crypto facility unless your duties require your presence.
136
Annex 6 – Example of a COMSEC Authorisation Debriefing
1. You no longer have a need for access to cryptographic information. During the period that you have had access, you were warned through briefings and training that information you had become aware of through access to CRYPTO material, must never under any circumstances be divulged to unauthorised persons.
2. You are reminded that items bearing the special category designator CRYPTO are especially sensitive because they are used to protect other EDIDP classified information from unauthorized access. If the integrity of a cryptographic system is compromised at any time during its existence, all EDIDP classified information protected by that system, throughout its in-service life, may be compromised.
3. Therefore strict application of the need-to-know principle remains essential, even though you now no longer have a requirement to access CRYPTO material.
4. Regardless of the fact that you are being de-briefed and no longer have a need to access to CRYPTO material you must immediately report to your IA Authority any COMSEC incident of which you become aware. It will be your IA Authority's responsibility to ensure that the appropriate EDIDP authority is quickly informed.
5. You are to sign Part 2 of the Certificate of COMSEC-Authorisation Form, which states that you have understood the debriefing and that the personal details on the certificate are correct. A copy of the Certificate of COMSEC-Authorisation Form, recording your briefing and debriefing, will be retained by the CRYPTO Custodian.
ANNEX 2
Contact address (PSI Custodian)
PROGRAMME SECURITY INSTRUCTION
CONCERNING
[ACTION XX]
of the
European Defence Industrial Development Programme
(SHORT TITLE: EDIDP PSI FOR ACTION XX) issued by
xxxxxxxx
Version X.X
Dated
XX XXXX 20XX
Participants
[PARTICIPANT MEMBER STATES]
[EUROPEAN COMMISSION]
[INTERNATIONAL ORGANISATION]
138
Version history
VERSION REFERENCE DATE COMMENTS
X.X Approved xx xx 20xx
139
Table of Contents
- Section 1 - ................................................................................................................................................. 11
Introduction ................................................................................................................................................ 11
1.1 Scope and Purpose ........................................................................................................................... 11
–Section 2 – ................................................................................................................................................ 12
Glossary ...................................................................................................................................................... 12
- Section 3 – ................................................................................................................................................ 17
PSI applicability and the security responsibilities of Participants .............................................................. 17
3.1 Applicability ...................................................................................................................................... 17
3.2 Responsibilities ................................................................................................................................. 17
3.2.1 Security Authorities ................................................................................................................... 17
3.2.2 Granting and Contracting Authorities ....................................................................................... 18
3.2.3 Project Manager………………………………………………………………………………………………….
3.2.4 Participants’ Beneficiaries or Contractors ................................................................................. 18
-Section 4 – ................................................................................................................................................. 20
Security Instructions ................................................................................................................................... 20
4.1 Handling and Protection of Action related Classified Information .................................................. 20
4.2 Marking of Classified Background Information………………………………………………………………………
4.3 Marking of Classified Foreground Information generated by Participants……………………………….20
4.3.1 Security Classification Markings…………………………………………………………………………………….Error! Bookmark not defined.
4.3.2 Declassification and Downgrading Markings
4.3.3 Releasibility Markings
4.3.4 Crypto and CCI markings
4.3.5 Additional Markings ..................................................................... Error! Bookmark not defined.
4.4 Security Classification Guide (SCG)................................................................................................... 23
4.5 Specific procedures for the protection of CONFIDENTIAL and SECRET Classified Information ....... 23
4.5.1 Access ........................................................................................................................................ 23
4.5.2 Handling and storage ................................................................................................................ 23
4.5.3 Information Assurance .............................................................................................................. 24
4.5.4 Tempest ..................................................................................................................................... 25
4.6 Specific Procedures for the Protection of RESTRICTED Classified Information ............................... 25
4.6.1 Access ........................................................................................................................................ 25
4.6.2 Handling and Storage ................................................................................................................ 25
4.6.3 Information Assurance .............................................................................................................. 26
4.7 Access to Classified Information at Meetings .................................................................................. 27
4.8 Procedures for exchanging Classified Information .......................................................................... 27
4.8.1 Movement within a single Participant State ............................................................................. 27
140
4.8.2 Procedures for the exchange of CONFIDENTIAL or SECRET Classified Information between Participant States ............................................................................................................................... 27
4.8.3 Procedures for the exchange of RESTRICTED Classified Information ....................................... 33
4.8.4 Procedures for exchanging Classified Information using Removable Storage Media .............. 33
Section 5 - Release of Classified Information ............................................................................................. 35
5.1 Release of Classified Information to Third Parties to the Action ..................................................... 35
5.2 Release of Information to Third Parties to the Action at Symposia, Seminars or Conferences ...... 35
- Section 6 – ................................................................................................................................................ 36
International Visits ..................................................................................................................................... 36
6.1 Procedures for International Visits at the level of CONFIDENTIAL and SECRET............................... 36
6.2 Procedures for International Visits at the level of RESTRICTED ....................................................... 37
– Section 7 – ............................................................................................................................................... 38
Awarding of grants and Contracting (security aspects) ............................................................................. 38
7.1 Proposal submission/Pre-letting/Tendering phase and awarding of Classified Grants or Contracts within the EDIDP ........................................................................................ Error! Bookmark not defined.
7.2 Sub-Contracting to Contractors of Participant States ...................................................................... 38
7.3 Sub_Contracting to Contractors in Non-Participant States
7.4 List of approved Beneficiaries and Contractors
7.5 Security Plan in the Event of Non-Selection, Termination of Classified Grant or Contract or Classified Grant or Contract Expiry ........................................................................................................ 40
7.5.1 Participant Held Information ..................................................................................................... 40
7.5.2 Beneficiary or Contractor Held Information ............................................................................. 41
7.6 Procedures Related to Breaches, Compromises or Loss of Classified Information ......................... 42
ANNEX A - SECURITY AUTHORITIES OF PARTICIPANTS OF THE EDIDP ACTION ......................................... 44
ANNEX A1 SECURITY AUTHORITIES OF PARTICIPANT STATES ............................................................ 44
ANNEX A2 - OTHER SECURITY AUTHORITIES .............................................. Error! Bookmark not defined.
ANNEX B - TABLE OF EQUIVALENT SECURITY CLASSIFICATION MARKINGS
ANNEX C - MINIMUM REQUIREMENTS FOR PROTECTION OF CLASSIFIED INFORMATION IN ELECTRONIC FORM AT RESTRICTED LEVEL HANDLED IN THE CONTRACTOR'S (BENEFICIARY'S) COMMUNICATION AND INFORMATION SYSTEMS
ANNEX D - PROCEDURE FOR HAND CARRIAGE OF CLASSIFIED INFORMATION ......................................... 67
ANNEX E - TRANSPORTATION PLAN ........................................................................................................... 85
ANNEX F - REQUEST FOR VISIT ................................................................................................................... 89
ANNEX G - COMSEC INSTRUCTIONS OF THE EDIDP ACTION .......................... Error! Bookmark not defined.
ANNEX H - SECURITY CLASSIFICATION GUIDE OF THE EDIDP ACTION ........... Error! Bookmark not defined.
141
Section 1
Introduction
1.1 Scope and Purpose
1. This Programme Security Instruction (PSI) establishes the security procedures to be applied and the common security procedures and processes to be followed for management of the [NAME OF THE ACTION], established under the European Defence Industrial Development Programme (EDIDP), and assigns the responsibilities for the protection of Classified Information generated or exchanged in connection with the Action
2. This PSI supplements the relevant security rules of the Participant Member States concerning the protection of Classified Information (including COMSEC Items). The purpose of this PSI and its Annexes is to reconcile differences in national or international organisation policies so that standard security procedures are used by Participant Member States’ Contractors/Beneficiaries.
3. This PSI provides instructions on: the classification and marking of Action Information;
protective security procedures, including the handling and transfer of Classified Information; visit procedures to be followed when Classified Information is accessed; measures to be taken in the event of a Security Breach or Compromise involving Classified Information; procedures to be followed for releasing Classified Information; and procedures to be followed when awarding a grant, contracting or sub-contracting.
4. The protection of COMSEC Items is addressed in Annex G.
5. The Commission is considered as Participant to this PSI in order to have access to the
necessary information for the implementation of the Action. The Commission shall also have access to information needed to comply with the obligations set out in Article 18 of Regulation (EU) 2018/1092 for the purpose of protecting of the financial interests of the Union.
142
Section 2
Glossary
For the purpose of this PSI, the following terminology is used:
ACTION means, in the light of Regulation (EU) 2018/1092 of the European Parliament
and of the Council of 18 July 2018 establishing the European Defence Industrial
Development Programme aiming at supporting the competitiveness and innovation
capacity of the Union's defence industry, the project selected under the Programme which
the Consortium is to carry out.
ACTION CLASSIFIED INFORMATION is any Classified Information provided to,
generated in, or used in the Action regardless of form or type; it includes both Foreground
Information and Background Information.
BACKGROUND INFORMATION means any Classified Information necessary for, or
useful to the implementation of the EDIDP, generated before or outside the framework of
the Action.
BENEFICIARY is an individual or legal entity possessing the legal capacity to receive
funding through a grant in the EDIDP and which has been selected by the Programme to
receive the grant.
CLASSIFIED CONTRACT is a framework contract or contract entered into for the supply
of movable or immovable assets, execution of works or provision of services by a
contractor, the performance of which requires or involves access to, storage or creation of
Classified Information.
CLASSIFIED GRANT is a grant whereby a grant agreement, as referred to in Part I, Title
VIII, of Regulation (EU, Euratom) No 2018/1046, is signed, the performance of which
requires or involves access to, storage or creation of Classified Information.
CLASSIFIED INFORMATION means any information or material designated by a security
classification, the unauthorised disclosure or loss of which could cause varying degrees of
prejudice to the interests of one or more of the Participants or any other State or
international organisation with which the Participants have concluded a security of
information agreement. Its classification level, and therefore the level of protection to be
afforded to it by the recipient, is indicated by a classification marking.
CLASSIFIED SUB-CONTRACT is a contract entered into by a Beneficiary or Contractor
with another contractor (i.e. the sub-contractor), for the supply of movable or immovable
143
assets, execution of works or provision of services, the performance of which requires or
involves access to, storage or creation of Classified Information.
COMMUNICATION and INFORMATION SYSTEM (CIS) is any system enabling the
handling of information in electronic form. A CIS shall comprise the entire assets required
for it to operate, including the infrastructure, organisation, personnel and information
resources.
COMPROMISE of Classified Information denotes a situation when - due to a security
breach or adverse activity (such as espionage, acts of terrorism, sabotage or theft) –
Classified Information has lost its confidentiality, integrity or availability, or supporting
services and resources have lost their integrity or availability. This includes loss,
disclosure to unauthorised individuals (e.g. through espionage or to the media)
unauthorised modification, destruction in an unauthorised manner, or denial of service.
COMSEC (Communication Security) means the application of security measures to
telecommunications in any form in order to deny unauthorised persons to access
information of value derived from the possession and study of such telecommunications or
to ensure the confidentiality, availability, authenticity, nonrepudiation and integrity of such
telecommunications. Such measures include crypto, transmission and emission
(TEMPEST) security, as well as procedural, physical, personnel, document and computer
security.
COMSEC INSTRUCTIONS is the document that establishes the security instructions and
assigns the responsibilities for the implementation of security policy concerning COMSEC
Items generated and exchanged under the Action. This document also provides common
security procedures for the marking, handling, storage, destruction and electronic
transmission of COMSEC and CRYPTO Items. The COMSEC Instructions are at Annex
G to this PSI.
COMSEC ITEM means all material, including keys in all forms, such as documents,
devices or equipment, that describe, contain or relate to cryptographic products and is
essential to the encryption, decryption or authentication of telecommunications and any
other item that performs critical COMSEC functions.
CONSORTIUM means a collaborative grouping of Undertakings constituted to carry out
an Action under this Programme.
CONTRACTING AUTHORITY is the State, or bodies governed by public law which
prepares, awards, cancels or modifies contracts.
144
CONTRACTOR is an individual or legal entity possessing the legal capacity to undertake
contracts.
COURIER is an appropriately cleared and authorised government employee from a
Participant state or staff member of a Participant organisation, or a Beneficiary or
Contractor employee who is appropriately approved by the Security Authorities to hand-
carry Classified material to its destination.
DESIGNATED SECURITY AUTHORITY (DSA) is a state authority responsible to the
National Security Authority (NSA) of a participant which is responsible for communicating
to industrial or other entities national policy on all matters of industrial security and for
providing direction and assistance in its implementation. The function of DSA may be
carried out by the NSA or by any other competent authority in that Participant state.
DOCUMENT means any recorded information regardless of its physical form or
characteristics.
EU CLASSIFIED INFORMATION (EUCI) means any information or material designated
by an EU security classification, the unauthorised disclosure of which could cause varying
degrees of prejudice to the interests of the European Union or of one or more of the
Member States.
FACILITY SECURITY CLEARANCE (FSC) means an administrative determination by a
NSA, DSA or competent Security Authority that, a facility can afford an adequate level of
protection to Classified Information to a specified security classification level.
FACILITY SECURITY OFFICER is a person, having the appropriate security expertise,
designated by the management to be responsible for the proper implementation of
security-related decisions and for the co-ordination of available security resources and
measures within a facility involved in the classified parts of the Action, as well as to be the
technical advisor to management on security matters related to the Action.
FOREGROUND INFORMATION is Classified Information generated in the performance
of the Action.
GOVERNMENT-TO-GOVERNMENT CHANNELS are transfers of Classified Information
via diplomatic pouch or through other channels approved by the Security Authorities
involved.
GRANTING AUTHORITY is the Commission department, the State, or bodies governed
by public law, which prepares, awards, cancels or modifies grant agreements.
145
NATIONAL SECURITY AUTHORITY (NSA) is a Government authority with ultimate
responsibility for the security of Classified Information in that country.
NEED-TO-KNOW is the principle according to which a positive determination is made that
a prospective recipient has a requirement for access to, knowledge of, or possession of
information in order to accomplish a designated and approved function relating to the
Action.
ORIGINATOR means, for Classified Background Information, a State or International
Organisation under whose authority Classified Information has been created and/or
introduced into the Action; and for Classified Foreground Information, the Participant
Member States on the territory of which the Beneficiaries are established.
PARTICIPANTS are the European Commission, the Member States on the territory of
which the Beneficiaries are established and/or International Organisations that are listed
in the specific PSI of the Action, and which are linked by security agreements or
arrangements and are responsible for co-ordinating the implementation of this PSI.
PERSONNEL SECURITY CLEARANCE (PSC) means a statement by a competent
authority of a Participant state, which is made following completion of a security
investigation conducted by a competent authority of a Participant state and which certifies
that an individual is cleared to have access to Classified Information up to the level of
CONFIDENTIAL or above until a specific date.
PROGRAMME SECURITY INSTRUCTION (PSI) CONCERNING THE ACTION is a set of
security procedures applied to a specific Action in order to standardise security
procedures. It may be revised throughout the Action.
PROJECT MANAGER means a person appointed by Participant Member States to an
Action, tasked by a Member State or a group of Member States to manage a multinational
armament project permanently or on an ad-hoc basis.
PSI CUSTODIAN is the Project Manager and is responsible for the control of this PSI,
including annexes, and for ensuring the correct issuing and version control.
RELEASE is the passing of Action Information to a Third Party to the Action, to the
general public, or to any member of the general public, by any means of communication.
146
SECURED AREA is a physically protected area with a visibly defined and protected
perimeter through which all entry and exit is controlled by means of a pass or personal
recognition system, where unescorted access is granted only to individuals who are
security cleared and are specifically authorised to enter the area on the basis of their
need-to-know, and where all other individuals are escorted at all times or are subject to
equivalent controls.
SECURITY ASPECTS LETTER (SAL) is a set of special contractual conditions, issued by
the Contracting of Granting Authority, which forms an integral part of a Classified Contract
or Classified Grant involving access to or generation of Classified Information, that
identifies the security requirements or those elements of the contract or grant requiring
security protection.
SECURITY AUTHORITY is the NSA, DSA or other authority which is responsible for the
maintenance of standards for the security of Classified Information of a country or an
organisation.
SECURITY BREACH occurs as result of an act or omission which is contrary to the
security provisions set out in this PSI or in any other applicable laws, rules or regulations.
SECURITY CLASSIFICATION GUIDE (SCG) is the document which describes the
elements of a programme, project or contract which are classified, specifying the
applicable security classification levels. The SCG issued to Beneficiaries or Contractors
may be modified throughout the life of the programme or contract and the classified
elements may be re-classified or downgraded.
SUB-CONTRACTOR is legal entity awarded a sub-contract under the Action.
THIRD PARTY TO THE ACTION is any international organisation or State that is not a
Participant to the Action or individual or legal entity not involved in the Action.
TRANSMISSION means the sending of Action Information from one place to another by
electronic means.
UNDERTAKING means an entity, regardless of its legal status or the way in which it is
financed, which is engaged in an economic activity, and which is established in the
Member State in which it is incorporated, in accordance with the national law of that
Member State.
147
Section 3
PSI applicability and the security responsibilities of Participants
3.1 Applicability
1. This PSI applies to any Beneficiary or Contractor that will access or create Classified Information under the Action. The latest approved version of this PSI and its annexes will be referenced to in the Security Aspects Letter of a grant agreement of contract, and as such, is applicable to Beneficiaries or Contractors on a contractual basis.
2. Participants apply their respective laws, rules or regulations concerning the protection of Classified Information, taking into account the provisions of this PSI and its Annexes, in order to provide for standard security procedures and ease the functioning of the EDIDP.
3. Questions concerning the content and interpretation of this PSI, and any proposed changes, shall be addressed to the Action Project Manager, who will consult with the Participant Member States’ Security Authorities, if required.
4. Nothing in this PSI shall cause prejudice to the national or EU laws and regulations of
Participants regarding public access to documents.
5. The text of this PSI and its further amendments will be submitted to NSAs/DSAs of the Participant Member States.
3.2 Responsibilities
3.2.1 Security Authorities
1. The Security Authorities of the Participant Member States are responsible for:
a. Monitoring the implementation of the provisions of this PSI within their establishments, and by Beneficiaries or Contractors under their jurisdiction;
b. Conducting the Facility Security Clearance (FSC) process for Beneficiaries or
Contractors that are required to handle and/or store Classified Information at the level of CONFIDENTIAL or above at their facility;
c. Upon request, and where Classified Information at the level of CONFIDENTIAL
or above is involved, responding to FSC Information Sheet (FIS) requests from another Security Authority;
d. Conducting the Personnel Security Clearance (PSC) process on personnel handling Classified Information at the level of CONFIDENTIAL or above;
e. Upon request, and where Classified Information at the level of CONFIDENTIAL
or above is involved, responding to PSC Information Sheet (PSCIS) queries submitted by another Security Authority;
148
f. Submitting and/or approving Transportation Plans, Courier certificates, international visit requests (i.e. request for visit), etc. in accordance with the provisions of this PSI;
g. Informing the Originator, the relevant NSA/DSAs, identified in Annex A2, and the Commission Security Authority when it involves EU Classified Information, about any security breach, which may have led to a loss or Compromise of Classified Information;
h. Investigating all cases in which it is known, or where there are grounds for
suspecting a Compromise of Classified Information provided or generated pursuant to the Action has occurred;
i. Ensuring, in liaison with the PSI custodian, that their details in Annex A1 are up to
date.
3.2.2 Granting and Contracting Authorities
1. The Granting or Contracting Authorities for the Action shall notify, through the Commission Security Authority, the relevant Security Authority of the Beneficiary or Contractor of any Classified Grant, Contract (or Sub-Contract) awarded and its end-date, and shall provide a copy of the relevant parts of the Classified Grant or Contract (e.g. the security aspects letter) to the Security Authority of the Participants in order to facilitate their security monitoring of the grant or contract.
3.2.3 Project Manager
1. The Project Manager, and designated security officials acting under such authority, is
responsible for, in coordination with Participating Member States:
a. Preparing, maintaining and distributing to Participant Member States the PSI, including the Security Classification Guide (SCG);
b. Coordinating requests for changes and approval by the Participant Member States;
c. Ensuring compliance of the provisions of the PSI;
d. Coordinating with the consortium and respective Contractors on any security issues contained within this PSI;
e. Coordinating requests and responses for the release of classified Action Information.
3.2.4 Participants’ Beneficiaries or Contractors
1. Beneficiaries or Contractors are responsible for the implementation of this PSI within their facilities, in particular for ensuring that:
a. Classified subcontracts at CONFIDENTIAL level or above awarded in the frame of the Action are communicated to their NSA/DSA;
b. The provisions of the latest version of this PSI are implemented;
149
c. All Classified Information and COMSEC Items generated by the Beneficiary or
Contractor, or entrusted to them, are appropriately safeguarded; d. A Facility Security Officer is appointed who is responsible for supervising and
directing security measures in relation to the Action. This individual shall be responsible for limiting access to Classified Information involved in the Classified Grant or Contract to those employees who have been briefed, authorised for access, have a Need-to-Know and (for access to Classified Information at the level of CONFIDENTIAL or above) have been granted a PSC at the appropriate level;
e. Any Foreground Information generated by the Beneficiary or Contractor is
classified in accordance with this PSI and the relevant Security Classification Guide (SCG);
f. The security classifications of Background Information are retained and not
changed without the prior written consent of the Originator; g. Classified Information is only provided to individuals who have a Need-to-Know;
h. Classified Information (at the level of CONFIDENTIAL or SECRET) is only provided to Beneficiary or Contractor facilities that have been granted a FSC. Prior to providing Classified Action Information to another Beneficiary or Contractor or Sub-Contractor the FSC status of that Beneficiary or Contractor or Sub-Contractor shall be established;
i. Classified Information is not released to Third Parties to the Action without the appropriate release procedures of this PSI having been followed;
j. Classified Foreground Information is not used for purposes other than the Action,
unless the prior written consent of the Originator has been obtained through the Project Manager;
k. The relevant security provisions of this PSI as detailed in the Security Aspects
Letter, or parts thereof, are included as part of any contractual arrangement with Sub-Contractors;
l. Appropriate action is taken in the event of any actual or suspected Security
Breach, Compromise or loss involving Classified Information; and
m. Their Security Authority is informed about any suspected or actual Security Breaches, Compromises or losses of Classified Information as soon as is possible.
150
Section 4
Security Instructions
4.1 Handling and Protection of Action related Classified Information
1. Foreground Information that is accessed, used or generated by Participants and their Beneficiaries or Contractors shall be handled and protected in accordance with their respective laws, rules or regulations concerning the protection of Classified Information, respecting the supplementary provisions set out in this PSI.
2. Background Information shall be afforded the appropriate level of protection by Participants, in accordance with existing security agreements or arrangements. Annex B provides a table of equivalence for reference.
3. Classified Information shall be upgraded, downgraded or declassified only with the consent
of the Originator.
4. For compilations of information (i.e. aggregation) a higher level of classification may be required. Classification on this basis shall be clearly documented by the Originator of the Classified Information.
5. Equipment and system components or parts thereof revealing Classified Information (e.g.
during assembly or testing works) shall be handled and protected in accordance with the Classification level of the information revealed.
4.2 Marking of Classified Background Information
1. Any request for changes to the security classifications of Programme Background Information shall require the prior written approval of the originating State or International Organisation.
2. Classified Background Information introduced in the Action shall be marked with the relevant security classification and an annotation that identifies it as [NAME OF THE ACTION].
Example for Classified Background Information at CONFIDENTIAL level:
CONFIDENTIEL DÉFENSE
[NAME OF THE ACTION]
Background information
151
3. EU Classified Background Information to be used for the purposes of the Action shall be protected in accordance with the security rules applicable to this information.
4.3 Marking of Classified Foreground Information generated by Participants
4.3.1 Security Classification Markings
1. Foreground Information shall be classified in accordance with the Security Classification Guide (SCG).
2. Such Foreground Information shall be marked with the appropriate classification marking listed in Annex B and an annotation that identifies it as [NAME OF THE ACTION]. An example is shown:
3. Marking of Foreground Information shall be further detailed in the SCG.
4. For Foreground Information not in the form of documents (e.g. electronic files and physical equipment/material) the classification marking shall be applied in such a way to clearly identify the level of classification.
4.3.2 Declassification and Downgrading Markings
1. If Foreground Information needs to maintain its classification only for a defined period, it may be downgraded/declassified at that point by or on behalf of the Originator. A date (or reason) for expiry of the classification may be indicated below the Classification marking. Two examples are:
CONFIDENTIEL DÉFENSE
[NAME OF THE ACTION]
Until [Day/Month/Year]
CONFIDENTIEL DÉFENSE
[NAME OF THE ACTION]
152
4.3.3 Releasibility Markings 1. Should the release of Classified Information be authorised to a Third Party to the Action or
to another EU Action or Programme, a releasability statement shall be added below any classification marking as shown in this example:
2. Releasibility Markings may be further detailed by the Participant Member States. Such markings will be communicated in the SCG.
4.3.4 Crypto and CCI markings 1. The caveats currently approved for the EDIDP are ‘CCI’ and ‘CRYPTO’. These identify that
Classified Information is COMSEC Item. Approved caveats may be added below the classification marking.
4.3.5 Additional markings 1. In addition to the classification markings described above and listed in Annex B, only
approved additional markings are permitted to be applied on Foreground Information. Any other markings that are used will not be recognised by Participant Member States and information so marked will not be protected in accordance with this PSI.
2. Additional Markings of Foreground Information shall be further decided upon by Participant Member States and detailed in the SCG. These may be any caveats, code-words or
CONFIDENTIEL DÉFENSE
[NAME OF THE ACTION]
Declassified when [reason/event]
CONFIDENTIEL DÉFENSE
[NAME OF THE ACTION]
RELEASABLE TO NATO
153
acronyms specifying the field of activity to which the document relates, a particular distribution on a need-to-know basis or restrictions on use.
4.4 Security Classification Guide (SCG)
1. The SCG provides instructions on the appropriate level of protection, by means of a classification marking or COMSEC caveat, to be applied to Foreground Information generated in the course of the Action.
2. The SCG will be coordinated by the Project Manager and prepared by the Participant Member States and will form an annex to the Security Aspects Letter (SAL), which will be integral part of the classified contract or classified grant.
3. The classification levels assigned in the SCG are those anticipated for each item of listed
information or equipment. As stated in this PSI, compilations of Classified Information may require a higher level of classification than that indicated in the SCG. The Originator should be consulted for advice if necessary. Changes or questions concerning the interpretation of the SCG shall be addressed to the Project Manager, who may consult with the Participant Member States Security Authorities.
4.5 Specific procedures for the protection of CONFIDENTIAL and SECRET
Classified Information
4.5.1 Access
1. Access to and handling of Classified Information at these levels for the purposes of the Action shall be limited to individuals having the appropriate level of PSC and a Need-to-Know.
2. When individuals are first granted access to Classified Information at these levels for the Programmes they must have been briefed by their Facility Security Officer on the security requirements in this PSI. They shall acknowledge their responsibilities for protecting this information in writing, and a record of this acknowledgement shall be retained by the Facility Security Officer. Individuals required to access to Classified Information at these levels shall be briefed at regular intervals by their Facility Security Officer.
3. Security debriefings shall be given to personnel when they no longer require access to
Classified Information at these levels. The debriefing shall consist of a reminder of the continuing responsibility to protect the Classified Information and the possible penalties for failure to do so. Debriefing certificates may be used to record the debriefings and shall be retained by Facility Security Officers.
4. Provisions on access to Classified Background Information and Foreground Information as
well as Consultation Process for access may be further detailed by the Participant Member States. Such provisions will be communicated in the SAL.
4.5.2 Handling and storage
1. Classified Information at these levels shall only be handled and stored in Participants’ establishments if they are authorised to handle and store that level of Classified Information
154
in accordance with the applicable laws, rules or regulations of the Participant, and in the facilities of Beneficiaries or Contractors that have been granted an appropriate FSC.
2. When created or received, documents or material classified at these levels shall be
registered for purposes of accountability in dedicated registry or logbooks. For such purposes a classified registry shall be established which shall be responsible for recording the life-cycle of the Classified Information at these levels at the facility, including its dissemination and destruction. Registering of classified documents or material by electronic means shall be subject to the prior approval of the Security Authority.
3. Classified Information at these levels shall only be worked on in a Secured Area approved
in accordance with the applicable laws, rules and regulations of the Participant in a manner that prevents unauthorised access to the information, shall not be discussed or worked on in public (e.g. on public transport) and shall not be left unattended or handled in a manner that could result in unauthorised access.
4. Secured Areas that have been designated as ‘Technically Secured Areas’ by Security Authorities shall be equipped with Intruder Detection Systems (IDS), be locked when not occupied and be guarded when occupied. Any keys shall be controlled, all persons and material entering such areas shall be controlled. Such areas shall be regularly physically and/or technically inspected as required by the competent Security Authority. Such inspections shall also be conducted following any unauthorised entry or suspicion of such entry. Technically secured areas shall be free of unauthorised communication lines, unauthorised telephones or other unauthorised communication devices and electrical or electronic equipment.
5. When not in use, documents or other small items classified at these levels shall be stored in
a secured container approved in accordance with the applicable laws, rules or regulations of the Participant. If the material is of such a size or format that it cannot be stored in a secured container advice shall be sought from the relevant Security Authority as to how it should be protected.
6. The physical reproduction of Classified Information at these levels shall be limited to the
minimum necessary to fulfil a particular action or function. Copies shall be made in a Secured Area using equipment approved in accordance with the applicable laws, rules or regulations of the Participant. The security measures applicable to the original document shall also apply to any copies made. Copies shall be managed appropriately and securely destroyed when no longer required.
7. Translations of Classified Information at these levels shall only be undertaken by personnel
holding an appropriate level of PSC. If a translation is created it shall be marked as the original, be afforded the same level of protection as the original, and be securely destroyed when no longer required.
8. When no longer required by the holder and when permitted by applicable laws and
regulations, Classified Information at these levels shall be destroyed in such a manner to ensure that it cannot be reconstructed. The destruction shall be by a method that is in accordance with the applicable laws, rules or regulations of the Participant. Such destruction shall be carried out by, and witnessed by, an individual holding an appropriate level of PSC. A destruction certificate shall be created and shall be recorded and filed in the registry/logbook. Destruction certificates are to be retained by the establishment or facility where the destruction took place for five years.
4.5.3 Information Assurance
155
1. Classified Information at these levels shall be processed and stored electronically in CIS which have been appropriately accredited for the level of classification to be handled. The accreditation to be applied shall be in accordance with the applicable laws, rules or regulations of the Participant.
2. Classified Information at these levels may be stored on removable or portable data storage
media or devices. It shall be handled and protected to the same standards as documents containing the same level of classified information, if not encrypted with an approved encryption. Sub-section 4.9.4 provides further information on the procedures and considerations that apply for removable storage media.
3. CIS used within facilities handling Action-related Classified Information at these levels for
purposes other than system operation will be accredited by the relevant Security Authority or competent Security Accreditation Authority (SAA), as appropriate, in accordance with the applicable laws, rules or regulations of the hosting Participant.
4. For security accreditation of such CIS handling EDIDP-related Classified Information, which components are under different jurisdictional domains (e.g. different SAAs), all concerned SAAs shall take part in the security accreditation process. In such case the system-specific information assurance requirements and the accreditation process will be identified in dedicated security requirements documentation, which will be jointly approved by the SAAs involved.
5. Accredited portable computing devices not using approved encryption shall only be used or
stored in an accredited Secured Area.Classified Information at this level that is transmitted, shall be protected by cryptographic products approved by the Participants.
7. Interconnection of Beneficiary or Contractor’s CIS handling Action-related Classified Information to other Participants’ CIS will be jointly accredited by the respective Security Accreditation Authorities (SAAs). Appropriate security arrangements should be in place to ensure that the SAAs and the different CIS providers of the interconnected CIS are bound by relevant security requirements on the protection of Action-related Classified Information handled or exchanged via such CIS.
8. Areas in which CIS are installed or operated to display, store, process or transmit Action
related Classified Information will be established as Secure Areas. CIS areas housing servers, network management systems, network or communications controllers should be established as separate and controlled areas with an appropriate access control system. Access to these CIS areas should be limited to specifically authorised persons.
4.5.4 Tempest 1. Facilities that house CIS handling Classified Information at these levels shall be assessed
by their Security Authority on the threat of Compromise by unintentional electromagnetic emanations. TEMPEST security measures shall be commensurate with the risk of exploitation and the level of classification of information.
4.6 Specific Procedures for the Protection of RESTRICTED Classified Information
4.6.1 Access
1. Access to Classified Information at this level shall be limited to individuals who have an established Need-to-Know for the purposes of the Action.
156
2. PSCs are not required for access to Classified Information at this level unless required by a Participant state’s applicable laws, rules or regulations. A Participant state that requires its nationals to hold a PSC at this level shall not deny access to a national from another Participant that does not require a PSC at that level according to its applicable laws, rules or regulations.
4.6.2 Handling and Storage
1. FSCs are not required for Beneficiaries or Contractors handling and storing Classified Information at this level at their facility unless required by applicable laws, rules or regulations. A Participant that requires a FSC for its Beneficiaries or Contractors at this level shall not require an FSC from a Beneficiary or Contractor of another Participant that does not require a FSC at that level according to its applicable laws, rules or regulations.
2. There is no requirement to register Classified Information at this level unless required by
a Participant state's applicable laws, rules or regulations. 3. Classified Information at this level shall not be discussed or worked on in public (e.g. on
public transport).
4. Classified Information at this level shall not be left unattended or handled in a manner that could result in unauthorised access. As a general rule, when not in use such information should be stored in locked desks, cabinets, or similar containers to which access is limited to persons having the required Need-to-Know. Classified Information at this level may also be stored in the open in locked rooms, provided access to the room is restricted to persons who have a Need-to-Know.
5. The physical reproduction of Classified Information at this level shall be limited to the
minimum necessary to fulfil a particular action or function. Copies shall be managed appropriately by the facility and securely destroyed when no longer required.
6. Translations of Classified Information at this level shall be marked as the original, be
afforded the same level of protection as the original and be securely destroyed when no longer required.
7. When no longer required by the holder, Classified Information at this level shall be
destroyed in such a manner that ensures it cannot be reconstructed. The destruction shall be by a method that is in accordance with the applicable laws, rules or regulations of the Participant.
4.6.2 Information Assurance
1. Classified Information at this level shall be processed and stored in CIS which have been accredited for this level of classification by the appropriate Security Authority.
2. The security accreditation of CIS handling Classified Information at this level may be
delegated to Beneficiaries or Contractors according to applicable laws, rules or regulations. Where this delegation is exercised, the relevant Security Authorities or SAAs shall retain the responsibility for the protection of Classified Information at this level handled by the Beneficiary or Contractor and the right to inspect the security measures taken by the Beneficiary or Contractor. In addition, the Beneficiary or Contractor will provide to the Project Manager and, where required, to its NSA/DSA a statement of compliance certifying that the CIS handling Classified Information at this level have been accredited. The
157
accreditation to be applied shall be in accordance with the applicable laws, rules or regulations of the Participant and, where relevant, International Organisation. Minimum requirements for contractor CIS handling classified information at RESTRICTED level are described in Annex C.
3. Classified Information at this level that is transmitted shall be protected by cryptographic
products approved by the relevant Security Authority. For interconnected systems this needs to be approved by the relevant Security Authorities (or SAAs).
4. Portable computing devices not using approved encryption shall only be used or stored in
areas with appropriate access control. Data storage media and computing devices containing Classified Information at this level, which are not encrypted with an approved encryption system shall not be carried outside premises unless they can be held under personal custody.
5. Classified Information at this level may be stored on removable data storage media or devices. Section 4.10.4 provides further information on the procedures and considerations that apply.
4.7 Access to Classified Information at Meetings
1. Access to Classified Information at meetings, which includes conferences, symposia and seminars shall be subject to the provisions of this PSI.
4.8 Procedures for exchanging Classified Information
1. For the purposes of this document the following terminology is used in the context of exchanging Classified Information:
a. Transport: for the physical exchange of Classified Information (e.g. by hand carriage, postal service, commercial courier, road, air).
b. Transmission: for the electronic transfer of Classified Information (e.g. via
email).
2. For the purposes of this PSI, electronic transmission does not include the movement of removable storage media and devices. This aspect is addressed in Section 4.9.4.
4.8.1 Movement within a single Participant State
1. The exchange of Programme Classified Information within the territory of a Participant State will be in accordance with the applicable laws, rules or regulations.
4.8.2 Procedures for the exchange of CONFIDENTIAL or SECRET Classified Information
between Participant States
1. As a general principle, the preferred means for the exchange of Classified Information at these levels under the Action is electronic transmission using approved encryption methods or products.
158
2. The following means may be permitted for the exchange of CONFIDENTIAL Classified information:
a. Electronic transmission using approved encryption systems, cryptographic products or methods;
b. Government-to-Government Channels; c. Hand carriage by authorised personnel holding the appropriate level of PSC; d. Approved transport by road, rail, ship or air by security cleared transport
companies or escorting personnel. e. Carriage by non-security cleared approved postal services or commercial courier
companies, in accordance with national laws and regulations.
3. The following means are permitted for the exchange of SECRET Classified Information:
a. Electronic transmission using approved cryptographic products or methods; b. Government-to-Government Channels; c. Hand carriage by authorised personnel holding the appropriate level of PSC; or d. Approved transport by road, rail, ship or air by security cleared transport
companies or escorting personnel.
4. Companies and sites will exchange Classified Information, on the condition that the sender shall first obtain confirmation from its relevant Security Authority that the site holds a valid FSC at the appropriate level and that the company is entitled to receive Action-related Classified Information at that level.
International Electronic Transmission
5. Electronic transmission of Classified Information at these levels between Participants shall be protected by cryptographic methods or products approved amongst the Participants.
Government-to-Government Channels
6. Government-to-Government Channels (e.g. diplomatic bag services) to be used for the transport of Classified Information at these levels shall be in compliance with the regulations of the sending Participant. Note: this is not to be confused with the hand carriage of Classified Information, which is covered in the next sub-section.
Hand Carriage 7. Classified Information at these levels may be hand carried by an individual holding the
appropriate level of PSC. 8. An individual hand carrying the Classified Information shall be briefed on their
responsibilities by the Facility Security Officer before the transport occurs.
159
9. An individual hand carrying the Classified Information from one Participant state to another will be issued with a Courier certificate, a template of which is provided in Annex D. Senders can use this template in that Annex or an equivalent national document approved by their Security Authority. The individual hand-carrying the information shall carry the Courier certificate during the transport, and be able to present this upon arrival at the receiving facility.
10. During the hand carriage the consignment shall remain in the personal custody of the individual, or be appropriately secured as described in this PSI. It shall not be left unattended and shall not be read in public.
International Carriage by Approved Postal Services or Commercial Courier Services
11. SECRET Classified Information shall not be sent by postal service or commercial courier service.
12. The sending of Classified Information by approved postal services or commercial courier
services is only permitted for consignments up to and including the classification level CONFIDENTIAL, provided such means of exchange are permitted by the applicable laws, rules or regulations of the sending Participant.
13. Postal services or commercial courier services for consignments up to and including the
classification level CONFIDENTIAL shall only be used if the following criteria have been met:
a. The Security Authority of the sender permits the use of postal services or
commercial courier services according to its applicable laws, rules or regulations;
b. The Security Authority of the sender may, according to its applicable laws, rules or regulations, require the postal service or commercial courier service to hold a FSC;
c. The postal service or commercial courier service to be used is located within the Participant state’s territory, has a security programme for handling valuable items, including a signature service, a continuous record of accountability on custody and a tally record or electronic track and trace system;
d. The postal service or commercial courier service to be used shall ensure that the consignment is delivered to the recipient prior to a specified time and date within a 48-hour period under regular circumstances, or within a clearly defined time frame for consignments over distances that cannot reasonably be covered within a 48 hour period; and
e. The postal service or commercial courier service to be used shall obtain and provide to the sender proof of delivery on a signature/tally record.
14. When CONFIDENTIAL Classified Information is sent by postal service or approved commercial courier service the consignment shall be prepared and packaged as follows:
a. The consignment shall be sent using double envelopes (the inner envelope being a
tamper-evident envelope) or other suitably secure packing material;
b. The classification level shall be clearly visible on the inner envelope/package;
160
c. The classification shall not be on the outer envelope/package;
d. Both the inner and outer envelope/package shall be clearly addressed to a named individual at the intended recipient, and shall include a return address;
e. A registration receipt form shall be placed inside the inner envelope/packaging for the recipient to complete and return. The registration receipt, which itself shall not be classified, shall quote the reference number, date and copy number of the document, but not the subject;
f. Delivery receipts are required in the outer envelope/packaging. The delivery receipt, which itself shall not be classified, should quote the reference number, date and copy number of the document, but not the subject; and
g. The courier service must first obtain and provide the consignor with proof of delivery of the consignment on the signature and tally record, or the courier must obtain receipts/package numbers.
15. The sender shall liaise with the named recipient before the consignment is sent to agree a suitable date/time for delivery.
16. The sender is solely responsible for the consignment that is sent by postal service or
commercial courier service. In the event that the consignment is lost or not delivered on time, the sender shall follow up with the postal service or commercial courier service to ascertain the circumstances of the security incident, and inform its NSA/DSA and the Project Manager.
Transport by Freight – General requirements 17. Classified Information at these levels which is of such size or shape that it cannot be
transported by one of the methods listed above, or an exchange of large volumes of Classified Information, may be transported as freight by a commercial transportation company. (Note: this is not to be confused with a commercial courier service as covered in the previous sub-section.)
18. The transport company either shall hold a FSC at the appropriate level and/or shall be
capable of deploying security cleared couriers or escorts for the transport, if permitted under the sender’s applicable laws, rules or regulations.
19. Where Classified Information at these levels requires overnight storage at the transport
company’s facilities a FSC with storage capabilities shall be required. Senders shall check with their Security Authority before selecting a commercial transportation company whether a FSC will be required for the transport.
20. The sender shall prepare a Transportation Plan using Annex E (or an equivalent national
document approved by their Security Authority). When the sender has completed the plan they shall submit this to their Security Authority for consideration. Once reviewed, the sender’s Security Authority will submit the Transportation Plan to the Security Authority of the recipient for their consideration. Transport by freight cannot take place until both the sending and recipient Security Authority have agreed the Transportation Plan.
21. The degree of protection and measures required for the transport shall be determined by
the highest classification level of the contents of the consignment.
161
22. Containers used for the transport shall not bear any visible indication that they contain Classified Information. These containers shall be sealed with seals/locks in such a way that any tampering is evident. Any evidence of tampering shall be considered a Security Breach and be reported as soon as possible.
23. Journeys will be point-to-point to the extent possible, and will be completed with the shortest possible delays and stops. Appropriate security measures shall be in place at all stages during the transport.
24. If possible, routes to be used for road and rail will be limited to the territory of Participant
states. If not possible, routes through non-Participant states will be planned in close cooperation with the Security Authorities of the sender and recipient.
Security escorts or Security Guards
25. Any security escort/guard team shall be composed of an adequate number of personnel to ensure regular tours of duty and rest. Their number shall depend on the highest classification level of the consignment, the method of transportation to be used, the estimated time in transit and at designated stops, and the quantity and level of the Classified Information to be protected.
26. It is the responsibility of the sender and, where applicable, the recipient to instruct security
escorts and security guards on how the consignment shall be protected. Transport by Road 27. The consignment shall be accompanied by at least two individuals with the appropriate
level of PSC, which may be the driver, co-driver or another individual escorting the transport. One of these individuals shall be issued with and carry a Courier Certificate (Annex D) and shall be briefed on their security responsibilities to protect the Classified Information before the transport occurs.
28. The Classified Information shall be secured in containers by a lock or padlock, or in a
closed or locked vehicle. If this is not possible because of the size or nature of the contents, the consignment shall be suitably sealed using a tamper-evident method to protect the classified aspects.
29. Where stops are required during transport, attempts should be made by the sender to arrange for stops to be at suitably cleared government establishments or Beneficiary or Contractor facilities holding a FSC. In the event such arrangements cannot be made, or an emergency situation arises due to accident or breakdown of the vehicle, at least one of the individuals with a PSC accompanying the consignment shall be responsible for monitoring and keeping it under constant control.
30. Where possible, loading and unloading of the consignment will be under the security control
of at least one individual holding an appropriate level of PSC. 31. Where possible, the sending and receiving Security Authorities, plus any Participant states
the transport will pass through, shall advise their customs or other relevant authorities of impending consignments.
Transport by Rail
162
32. The consignment shall be accompanied by at least two individuals with the appropriate
level of PSC. One of these individuals shall be issued with and carry a Courier Certificate and shall be briefed on their security responsibilities to protect the Classified Information before the transport occurs.
33. Passenger accommodation shall be made available for security escorts and/or security
guards. During stops the security escorts and/or guards shall remain with the consignment. 34. Where possible, loading and unloading of the consignment shall be under the security
control of at least one individual holding the appropriate level of PSC. 35. Deliveries and collection shall be so timed to prevent, to the extent possible, a consignment
being held in warehouses without an appropriate level of FSC. Transport by Sea 36. The consignment shall be accompanied by at least two individuals with the appropriate
level of PSC. One of these individuals shall be issued with and carry a Courier Certificate (Annex D) and shall be briefed on their security responsibilities to protect the Classified Information before the transport occurs.
37. Preference shall be given to using ships that sail under the flag of a Participant state.
38. The consignment shall be stowed in locked stowage space approved by the Security
Authority of the sender. Where practicable, at least one security escort or security guard holding an appropriate PSC shall accompany the consignment.
39. Except in case of emergency, stops at a port of a non-Participant state are not permitted
unless the prior approval of the sender’s Security Authority has been obtained. Where possible, loading and unloading of the consignment will be under the security control of at least one individual holding the appropriate level of PSC.
40. Deliveries to the port of embarkation and collection from the port of disembarkation shall be
timed to prevent, as far as possible, a consignment being held in port warehouses (unless the warehouse has an appropriate level of FSC).
Transport by Air
41. Unless there are clear reasons why this is not possible, the consignment shall be accompanied by at least two individuals with the appropriate level of PSC. If this requirement cannot be met the sender should consult their Security Authority to seek their approval. One of these individuals shall be issued with and carry a Courier Certificate (Annex D) and shall be briefed on his responsibilities to protect the Classified Information before the transport occurs.
42. Where possible, the consignment will be delivered straight to the aircraft rather than being
stored in warehouses at airports or airfields (unless a warehouse has an appropriate level of FSC). A sufficient number of security escorts and/or security guards shall be provided to keep the consignment under adequate supervision.
43. Where possible, loading and unloading of the consignment will be under the security control
of at least one individual holding the appropriate level of PSC.
163
44. Direct flights will be used whenever possible. 45. Intermediate routine stops of short duration may be permitted, provided the consignment
remains in the aircraft. If the cargo compartment is to be opened at a stop, every effort shall be made to ensure that a security escort or security guard accompanying the consignment is present.
46. In the event that the aircraft is delayed at an intermediate stop for a significant period of
time, or is forced to make an unscheduled or emergency landing, the individual holding the courier certificate will take all reasonable measures possible for the protection of the consignment. That individual shall inform their Security Authority as soon as possible. If necessary, that individual will seek the assistance of his Diplomatic mission in the country concerned.
47. At its final destination, every effort will be made for the aircraft to be met on landing and the consignment to be placed under the security control of at least one individual holding an appropriate level of PSC.
4.8.3 Procedures for the exchange of RESTRICTED Classified Information
1. As a general principle the preferred means for the exchange of Classified Information at this level under the Action is by electronic transmission. Such transmission shall be protected by approved cryptographic methods or products.
2. When electronic transmission is not available, the following physical means are permitted for the exchange of Classified Information at this level without additional requirements, unless required by the sender’s Security Authority:
a. Hand carriage
b. Transport by postal services or commercial courier services
c. Government-to-Government channels
d. By freight
3. The hand carriage or transport by postal service or commercial courier service of Classified
Information at this level shall be in accordance with the sender’s applicable laws, rules or regulations. The envelope or wrapping shall not reveal the classification level of the information contained.
4.8.4 Procedures for exchanging Classified Information using Removable Storage Media
1. The use of removable storage media to transfer Classified Information in the Action is generally encouraged over sending physical documents for both cost and practical reasons, but using removable storage media also carries additional risks that must be mitigated by the sender. The compromise of removable storage media containing a number of classified documents will usually be more damaging than the compromise of a consignment of physical documents given the volume of information which can be stored on such media.
164
2. When considering using removable storage media only the necessary classified documents to perform a particular task/activity should be stored on the media. It is not permitted to store classified documents that are not relevant or no longer associated with a task/activity. Sender should bear in mind that large amounts of Classified Information stored on such devices may warrant a higher classification level.
3. Personal USB sticks and those given freely at conferences, seminars, etc. are not to be
used for storing or transferring Classified Information.
4. Removable storage media containing Classified Information are required to be labelled with the appropriate classification marking. Measures shall be in place to prevent unauthorised access to such storage media and to maintain the Need-to-Know principle.
5. If CONFIDENTIAL or SECRET Classified Information is stored on removable storage media
it must be logged and registered as stipulated by this PSI. 6. The use of removable storage media in a facility must be strictly controlled and accounted
for.
7. Only CIS that has been appropriately accredited and/or approved shall be used to transfer Classified Information from the removable storage media.
8. When exchanging Classified Information on removable storage media particular care
should be taken to ensure that the media does not contain viruses or malware prior to the transfer of the data onto the media.
9. All CIS used for processing Classified Information shall use appropriate system
configuration to preserve integrity, functionality and to enforce access control. For example, AutoRun and AutoPlay (or similar functions) shall be disabled on all CIS to prevent unauthorised applications or malware from running automatically from removable media. In the event that an application attempts to run automatically from removable media, the user must cancel it and take steps to ensure that it does not run again.
10. Unless the removable storage media is encrypted with an approved cryptographic product
for that level of classification it must be prepared, packaged and transported in exactly the same manner as Classified Information in physical form. If suitably encrypted, the removable storage media shall be handled in accordance with security operating procedures pertinent to the encryption system used.
11. Removable storage media that is used to transport Classified Information shall be
accompanied by a dispatch note, detailing the removable storage media containing the Classified Information, as well as all files contained on it, to allow the recipient to make the necessary verifications and to confirm receipt.
12. As a general rule, documents on the removable storage media that are either no longer required, or have been transferred onto an appropriate CIS, are to be securely removed or deleted using approved products or methods. Unless stored in an appropriate security cabinet or facility CDs/DVDs without rewriting capability should be destroyed when no longer needed. Any destruction/deletion shall be by use of a method that is in accordance with the applicable laws, rules or regulations of the Participant holding the removable storage media.
165
Section 5
Release of Classified Information
1. The release of Classified Information to entities other than to Participant Member States, Beneficiaries and their Contractors is not permitted without the specific written approval of the Originator. Requests for release shall be subject to the requirements described in this Section.
2. The decision on forwarding of the PSI annexes and of the SCG to the Commission shall be taken by the Project Manager. The Commission shall consult the Project Manager on the progress achieved in connection with the Action before executing the payment to the eligible beneficiaries.
5.1 Release of Classified Information to Third Parties to the Action
1. Requests for release of Foreground Information will be submitted to the Project Manager who will consult the Participant Member States on the decision and the associated modalities of such release. Any such requests by Beneficiaries or Contractors and Sub-Contractors shall be made through the contractual chain to the Project Manager. Classified Foreground Information may be released to a Third Party to the Action only if the security of information agreements or administrative arrangements exist between the Participant Member States and the Third Party.
2. If Background Information is being considered for release, the prior written approval of the
Originator is required before such information is released.
5.2 Release of Information to Third Parties to the Action at Symposia,
Seminars or Conferences
1. Where Third Parties to the Action attend or participate in symposia, seminars or conferences, as a general rule, only unclassified information should be considered for discussion. Any such release shall be permitted only with the prior written consent of the Originator obtained through the Project Manager.
166
Section 6
International Visits among Participants and Beneficiaries/Contractors10
1. Each Participant and their Beneficiaries or Contractors will permit visits involving access to Classified Information to their establishments, or to Beneficiary or Contractor facilities located on their territory or under their jurisdiction, by Government representatives of another Participating State, staff of Participants, and by Beneficiary or Contractor employees. Such visits are subject to the provisions of this Section.
6.1 Procedures for International Visits at the level of CONFIDENTIAL and SECRET
1. The arrangements described hereafter apply to representatives of the Action Participants and personnel of Beneficiaries, or Contractors under Action, who need to undertake visits to another Participant or to facilities of Beneficiaries or Contractors, and where such visits require or may require access to Action Information classified at the level of CONFIDENTIAL or SECRET.
2. Each Participant and Beneficiary/Contractor will permit visits involving access to classified Action information on a case-by-case basis to its facilities, by civilian or military representatives of other Action Participants or by personnel of Beneficiaries or Contractors, provided that the visitor holds the appropriate PSC (for CONFIDENTIAL and SECRET) and has a Need-to-Know.
3. Visitors shall comply with all security regulations and other relevant regulations of the host Participant and establishment to be visited. Any Action Information disclosed or made available to visitors shall be treated as if supplied via official channels to the entity sponsoring the visit.
4. Subject to the provisions described below, such visits will be arranged directly between the sending facility or establishment and the facility/establishment to be visited.
5. Prior to arrival at the facility to be visited, a Request for Visit, as shown in Annex F, including confirmation of the visitor’s PSC, shall be provided at least 24 hours before arrival directly by the Security Officer of the sending facility/establishment to the Security Officer of the facility to be visited.
6. Both the sending and receiving facilities are to confirm that there is a need for the visit.
(a) Responsibilities of the sending Security Officer:
• The sending Security Officer must ensure with the parent NSA/DSA that the receiving facility is in possession of an appropriate FSC;
• Confirm that the visitor holds a valid PSC.
10 In this section, when the term “Contractors” is used it also refers to Sub-contractors.
167
(b) Responsibilities of the receiving Security Officer:
• The receiving Security Officer must ensure that records are kept of all visitors, including the name, the organisation they represent, date of expiry of the PSC, the date(s) of the visit(s) and the name(s) of the person(s) visited.
Such records are to be retained for a period no less than two years.
(c) Responsibilities of the Visitor:
• To confirm identity, the visitor must be in possession of a valid ID card or passport for presentation to the Security Officer or other authorised official at the receiving facility/establishment/command/headquarters.
6.2 Procedures for International Visits at the level of RESTRICTED
1. Visits relating to Classified Information at the level of RESTRICTED will be arranged directly between the sending facility and the receiving facility without formal requirements.
168
Section 7
Awarding of grants and Contracting (security aspects)
1. A FSC is granted by a NSA/DSA to indicate, in accordance with its applicable laws, rules or regulations, that a Beneficiary or Contractor under its jurisdiction is capable of protecting Classified Information at the level of CONFIDENTIAL or SECRET at that facility. FSCs are confirmed by the Security Authority responding to a Facility Security Clearance Information Sheet (FIS) request submitted by another Security Authority. Some Participant states may, in accordance with their applicable laws, rules or regulations, also issue FSC certificates for their Beneficiaries or Contractors.
2. NSAs/DSAs will notify the appropriate authority of the Participants if a FSC that it has
issued to one of its Beneficiaries or Contractors has been suspended or withdrawn.
7.1 Proposal submission / Pre-letting / Tendering phase and awarding of Classified Grants and Contracts within EDIDP 1. Prior to launching an invitation to tender or a call for proposals, or letting a classified contract or awarding a classified grant agreement, the contracting authority will determine the security classification of any information that may be provided to tenderers or applicants. 2. All contractors or grant beneficiaries who are required to handle or store information classified CONFIDENTIAL or SECRET within their facilities, either during the performance of the classified contract or grant agreement itself or during the pre-contractual stage, must hold a Facility Security Clearance (hereinafter 'FSC') at the required level. The following identifies the three scenarios that may arise during the tendering phase for a classified contract or grant agreement involving EUCI at CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET level:
a) No access to EUCI at CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET
UE/EU SECRET level during the tendering phase When the contract notice, invitation to tender or the call for proposals concerns a contract or grant agreement that will involve EUCI at CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET level, but does not require the tenderer or applicant to handle such information at the tender stage, a tenderer or applicant not holding an FSC at the required level shall not be excluded from the bidding process.
b) Access to EUCI at CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET level at the premises of the contracting or granting authority during the tendering phase Access will be granted to tenderer or applicant personnel who are in possession of a Personnel Security Clearance (hereinafter 'PSC') at the required level and who have a need-to know. The contracting or granting authority will verify whether an FSC is also required under national laws and regulations at this stage, before such access is granted. Where EUCI is provided to a tenderer or applicant at the tender stage, a non-disclosure agreement shall be signed, obliging the tenderer or applicant to handle
169
and protect EUCI provided to him in accordance with Commission Decision (EU, Euratom) 2015/444.
c) Handling or storage of EUCI at CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET level at the premises of the tenderer or applicant during the tendering phase
3. When the contract notice, invitation to tender or the call for proposals requires tenderers or applicants to handle or store EUCI at their premises, the tenderer or applicant shall hold an FSC at the required level. In such circumstances, the contracting or granting authority will obtain an assurance from the relevant NSA/DSA that the tenderer or applicant has been granted an appropriate FSC. Access will be granted to tenderer or applicant personnel who are in possession of a PSC at the required level and who have a need-to-know.
4. Where EUCI is provided to a tenderer or applicant at the tender stage, a non-disclosure agreement shall be signed, obliging the tenderer or applicant to handle and protect EUCI provided to him in accordance with Commission Decision (EU, Euratom) 2015/444. 5. An FSC is not required for access to classified information at RESTREINT UE/EU RESTRICTED level, either at the tender stage or for the performance of the contract or grant agreement. However, some EU Member States require an FSC for contracts/subcontracts or grant agreements at RESTREINT UE/EU RESTRICTED level under their national laws and regulations. Such national requirements shall not put additional obligations on other Member States or exclude tenderers or contractors/subcontractors/beneficiaries from Member States not having such FSC requirements for access to RESTREINT UE/EU RESTRICTED information for related contracts/subcontracts or grant agreements or a competition for such, while these contracts or grant agreements shall be performed in Member States according to their national laws and regulations. 6. Where an FSC is required for the performance of a classified contract or grant agreement, the contracting or granting authority will submit a request to the contractor's or beneficiary's NSA/DSA using a Facility Security Clearance Information Sheet (hereinafter 'FSCIS'). The classified contract or grant agreement will not be awarded until the contractor's or beneficiary's NSA/DSA has confirmed the tenderer's or applicant's FSC.
7.2 Sub-Contracting to Contractors of Participant States
1. Before a Beneficiary enters into negotiations for a Sub-Contract involving Classified Information at the level of CONFIDENTIAL or SECRET to a Contractor based in another Participant state, the Facility Security Officer of the Beneficiary or Contractor proposing the Sub-Contract shall first obtain confirmation from its NSA/DSA that the potential Sub-Contractor has a valid FSC (if required). FSCs will be queried and confirmed as described at the start of this Section.
2. No Classified Information at the level of CONFIDENTIAL or SECRET shall be provided to the facility of the Sub-Contractor before a FSC confirmation has been obtained from the relevant NSA/DSA.
3. The Beneficiary shall notify, through its National Security Authority, the NSA/DSA of a Sub-
Contractor when a classified sub-contract is awarded, and shall provide a copy of the sub-contract-specific security provisions. The Beneficiary will also inform the Commission Security Authority.
170
7.3 Sub-Contracting to Contractors in Non-Participant States
1. Before a Beneficiary or Contractor enters into negotiations for a Sub-Contract involving Classified Information at the level of CONFIDENTIAL or SECRET to a Contractor based in a non-Participant EU Member State, the Facility Security Officer of the Beneficiary or Contractor proposing the Sub-Contract shall first obtain confirmation from its NSA/DSA that the potential Sub-Contractor has a valid FSC (if required). FSCs will be queried and confirmed as described at the start of this Section.
2. Prior to authorising the placement of a Sub-contract with a Sub-Contractor from the Third Party to the Action which is not an EU Member State, the Contracting Authority shall ensure that this does not contravene the security and defence interests of the Union and its Member States.
3. Contracts placed with a Sub-Contractor from the Third Party to the Action which is not an EU Member State, will include a security clause requiring the Sub-Contractor to protect classified information in accordance with the bilateral Security of Information Agreement in place between the concerned Participant EU Member State and that Third State or International Organisation.
7.4 List of approved Beneficiaries or Contractors
1. In order to allow for tracing the flow of classified information relating to the Action, and to
allow NSAs/DSAs to monitor the implementation of the provisions of this PSI at facilities of
Beneficiaries or Contractors under their jurisdiction, the Project Manager will maintain a list of
Beneficiaries or Contractors that are involved in grant agreements or contracts classified at the
level of CONFIDENTIAL and SECRET in the Action.
The list shall be provided to the Participants’ NSAs/DSAs at least twice a year.
7.5 Security Plan in the Event of Non-Selection, Termination of Classified Grant or
Contract or Classified Grant or Contract Expiry
1. This sub-section describes the procedures which the Participants and Beneficiaries or Contractors shall follow in the event of the following:
a. A Participant, or Beneficiary or Contractor terminates a Classified Grant or Contract; b. A Classified Grant or Contract expires; c. A potential Beneficiary or Contractor receives or generates Classified Information in the
submission of proposals or the pre-letting of contracts phase but is not selected; or
d. A Beneficiary or Contractor receives and generates Classified Information during an early phase of the Action but is not selected for funding or work on a future phase of the Action.
171
7.5.1 Participant Held Information
1. In the event of termination or expiry of a Classified Grant or Contract, the Participants' respective rights and responsibilities with regard to Background and Foreground Information relating to the Programme shall be determined by the Project Manager, taking into account the rights of the Originator.
2. A Participant that retains Classified Information shall continue to safeguard it in accordance
with this PSI and its applicable laws, rules or regulations, and shall not use that information for other purposes without the prior written consent of the Originator.
7.5.2 Beneficiary or Contractor Held Information
1. A Beneficiary or Contractor that is authorised by the Project Manager (or the Originator for Background Information) to retain Classified Information shall safeguard it in accordance with this PSI and the applicable laws, rules or regulations.
2. A Beneficiary or Contractor shall not use Classified Information for any other purpose other than for which it was provided without the prior written consent of the Project Manager (or the Originator for Background Information).
3. All Classified Information released within the context of a Classified Grant, Contract,
proposal or bid, will be retained, returned, or destroyed according the following provisions:
a. A Beneficiary or Contractor receives or generates information during the pre-letting/tendering phase, and is not selected:
i. All invitations to proposal or bid shall contain a clause requiring a
potential Beneficiary or Contractor who does not submit a proposal or bid to return all classified documents which were provided to enable the potential Beneficiary or Contractor to submit a proposal or bid to the Granting or Contracting Authority by the date set for the submission of proposals or opening of bids.
ii. An unsuccessful applicant/bidder shall be required to return all classified documents after a stipulated period of time (normally within 15 working days after notification that a bid or negotiation proposal was not accepted).
b. When a Beneficiary or Contractor has held a Classified Grant or Contract, but the Classified Grant or Contract is terminated, expires or if the Beneficiary or Contractor is not selected for further funding or work on the next phase of an action, the Beneficiary or Contractor:
i. Shall return all Classified Information unless approval for retention or destruction has been given by the Project Manager (or Originator).
If the Project Manager (or Originator) approves that a Beneficiary or
Contractor can destroy the Classified Information, the Beneficiary or
172
Contractor shall ensure that the destruction is undertaken in accordance
with the relevant security rules and regulations.
ii. If the Project Manager (or Originator) approves that a Beneficiary or Contractor can retain the Classified Information, the Beneficiary or Contractor shall continue to protect the information in accordance with its applicable laws, rules or regulations and this PSI.
4. In the event that a FSC is withdrawn, the Beneficiary or Contractor shall return all Classified Information to their Granting or Contracting Authority or dispose of such information in accordance with instructions from its Security Authority.
5. Granting or Contracting Authorities shall ensure that the terms of this sub-section are included as an obligatory requirement in each Classified Grant or Contract they sign.
7.6 Procedures Related to Breaches, Compromises or Loss of Classified Information
1. Personnel shall report suspected or actual Security Breaches, Compromises and losses of Classified Information to their Facility Security Officer or Local Security Officer as soon as possible, and no later than 24 hours after the discovery.
2. Where applicable, the Facility Security Officer concerned will initiate damage limitation or
mitigation measures promptly. 3. The Facility Security Officer concerned shall investigate the circumstances of the security
incident and report it to their Security Authority in accordance with the following:
a. If it is suspected that Classified Information has been compromised, lost, or a Security
Breach that represents a significant risk of future Compromise has occurred, this shall be reported to the relevant Security Authority as soon as possible, and no later than 48 hours after the discovery.
b. If Classified Information is known to have been compromised this shall be reported
immediately in order for the Security Authority to mitigate the potential damage that may be caused.
4. Once informed of a security incident, the Security Authority concerned shall take the
appropriate action in accordance with its applicable laws, rules or regulations. 5. For suspected or actual Compromise, or loss of Classified Information, or serious security
breaches that may represent a significant risk of future Compromise, the Security Authority shall submit a report to the Project Manager and the relevant NSA/DSAs, as identified in Annex A1, and to the Originator in case of Background Information, including the following details as a minimum:
a. A description of the circumstances of the security incident; b. The date or period when the security incident occurred;
173
c. The location of the security incident; d. The security classification and markings of the information involved in the security
incident; e. A list of the Classified Information that has been or may have been compromised
or that is unaccounted for;
f. Specific identification of the Classified Information, to include Originator, subject, reference, date, copy number, and language;
g. Actions taken to locate and recover the Classified Information; h. The responsible person(s) and reasons for Compromise or possible
Compromise;
i. Assessments of the likelihood of Compromise (i.e. "certain”, "probable", "possible”, or "unlikely") including an explanation;
j. A statement on whether the Originator has been informed of the security incident;
and k. Actions taken to secure the Classified Information and limit further damage.
6. Such reports may need to be classified, depending on their content.
7. The Facility Security Officer where the security incident occurred shall provide all necessary assistance to its Security Authority in preparing the report.
8. Any additional measures related to the reporting of Security Breaches, Compromise or loss of COMSEC Items are addressed in the Action COMSEC Instructions (Annex G).
ANNEX A - SECURITY AUTHORITIES OF PARTICIPANTS OF THE EDIDP ACTION11
A1 - SECURITY AUTHORITIES OF THE PARTICIPANT STATES
1.Austria
NSA
Bundeskanzleramt / Büro der Informationssicherheitskommission,
Federal Chancellery / Federal Office for Information Security
Ballhausplatz 2
1014 Wien
Österreich
Telephone: +43 1 53115/202594
Fax: +43 1 53109/202615
E-mail: [email protected]
DSA
Ministry of Defence
Telephone: +43 (0) 502011071114
Fax: +43 (0) 502011017301
E-mail: [email protected]
2. Belgium
NSA
National Security Authority
FPS Foreign Affairs, Foreign Trade and Development Cooperation
11 When drafting the specific PSI for the Action, this list should be adapted by leaving in it only the entries relating to Participants of that particular Action.
175
Rue des Petits Carmes 15
B-1000 BRUXELLES
Belgium
Telephone: +32 2 501 45 42
Fax: +32 2 501 45 96
E-mail: [email protected]
DSA
Ministry of Defense
General Intelligence and Security Service
Industrial Security Office
Queen Elisabeth Barracks
Rue d’Evère 1
B-1140 BRUXELLES
Belgium
Telephone: +32 2 501 46 03
E-mail: [email protected]
3. Bulgaria
NSA
Държавна комисия по сигурността на информацията
ул. “Чepkoвнa” No. 90
1505 София
България
State Commission on Information Security
90, Cherkovna Str.
BG-1505 Sofia
176
Bulgaria
Тelephone: +3592 9333 600
Fax: +3592 9873 750
E-mail: [email protected]
4. Cyprus
NSA
National Security Authority
172-174, Strovolos Avenue
2048 Strovolos, Nicosia
Cyprus
Telephone: +357 22 80 77 64
E-mail: [email protected]
5. Croatia
NSA/DSA
Telephone: +385 1 4681 222
Fax: +385 1 4686 049
E-mail: [email protected]
DSA
Telephone: +(countrycode) (number)
Fax: +(countrycode) (number)
E-mail:
Point of Contact for standard Requests for Visits (RfV)
177
Telephone: +385 1 4681 255
Fax: +385 1 4579 914
E-mail: [email protected]
6. Czech Republic
NSA
Národní bezpečnostní úřad
(National Security Authority)
Na Popelce 2/16
CZ-150 06 Praha 56
Czech Republic
Telephone: +420 257 28 33 35
Fax: +420 257 28 31 10
7. Denmark
NSA
Politiets Efterretningstjeneste (the Danish Security Intelligence Service)
Klausdalsbrovej 1
DK – 2860 Søborg
Denmark
Telephone: + 45 33 14 88 88
Fax: + 45 45 15 01 90
E-mail: [email protected]
178
DSA
Forsvarets Efterretningstjeneste (the Danish Defence Intelligence Service)
Kastellet 30
DK – 2100 Copenhagen Ø
Denmark
Telephone: + 45 33 32 55 66
Fax: + 45 33 93 13 20
E-mail: [email protected]
8. Estonia
NSA
Estonian National Security Authority Department
Estonian Foreign Intelligence Service
Rahumäe tee 4B
11316 Tallinn, Estonia
Telephone: + 372 6939211
E-mail: [email protected]
9. Finland
NSA
National Security Authority (NSA)
Ministry for Foreign Affairs
Kanavakatu 3 B, Helsinki
PO Box 453
FI-00023 Government
Finland
179
Telephone: +358 9 160 55890
Fax: +358 9 16 05 5140
E-mail: [email protected]
DSAs
COMSEC and NDA Issues
NCSA-FI
Finnish Transport and Communications Agency Traficom
PO Box 320
FI-00059 TRAFICOM
Finland
E-mail: [email protected]
10. France
NSA for Policy and National Regulations
Secrétariat général de la défense et de la sécurité nationale (SGDSN)
51 Boulevard de Latour-Maubourg
75700 Paris
France
Telephone: +33 1 71 75 81 93
Fax: +33 1 71 75 82 00
DSAs for Implementation
Ministère de la défense
Direction générale de l’armement (DGA)
Service de la sécurité de défense et des systèmes d’information
180
International defense and information security office
60, boulevard du Général Martial Valin
CS 21623
75509 Paris CEDEX 15
France
Audit and process department
Office of international affairs and programmes
Telephone: +33 9 88 67 04 21
E-mail: [email protected] and [email protected]
Point of Contact for standard Requests for Visits (RfV)
Telephone: +33 9 88 67 24 58
E-mail: [email protected] or [email protected] (first e-mail for French visits abroad, second e-mail for foreigners’ visits to France)
11. Germany
NSA
Federal Ministry of the Interior
Referat ÖSII5
Alt-Moabit 140
10557 Berlin
Germany
Telephone: +49 30 18 681 11593
Fax: +49 30 18 681 5 1593
E-mail: [email protected]
181
DSA
For industrial security policy matters, FSCs, Transportation Plans (except for COMSEC/
CRYPTO):
Federal Ministry of Economic Affairs and Energy
Industrial Security Division - ZB3
Villemombler Str. 76
D- 53123 Bonn
Germany
Telephone: +49 228 99615 ext.no. 4065 or ext. no. 3986
Fax: +49 228 99615 2676
E-mail: [email protected] (office e-mail address)
For standard visit requests from/ to German contractors:
Federal Ministry of Economic Affairs and Energy
Industrial Security Division – ZB2
Villemombler Str. 76
D- 53123 Bonn
Germany
Telephone: +49 228 99615 2401
Fax: +49 228 99615 2603
E-mail: [email protected] (office e-mail address)
12. Greece
NSA
Hellenic National Defence General Staff (HNDGS)
Military Intelligence Sectoral Directorate
Security Counterintelligence Directorate
182
GR-STG 1020
Holargos — Athens
Greece
Telephone: +30-210 657 20 09 (ώρες γραφείου), +30-210 657 20 10 (ώρες γραφείου)
Fax: +30-210 642 64 32, +30-210 652 76 12
13. Hungary
NSA
Nemzeti Biztonsági Felügyelet
H-1399 Budapest
Pf. 710/50
Telephone: +36 1 391 1862
Fax: +36 1 391 1889
E-mail: [email protected]
14. Ireland
NSA/DSA
National Security Authority Ireland
Department of Foreign Affairs and Trade
76-78 Harcourt Street
Dublin 2
D02 DX45
Ireland
Telephone: + 353 1 408 2724
E-mail: [email protected]
183
15. Italy
NSA/DSA
Presidenza Del Consiglio Dei Ministri
Dipartimento Informazioni Per La Sicurezza
Ufficio Centrale Per La Segretezza
Via di S.Susanna, 15
00187 ROMA
Italy
Telephone: + 39 06 6117-4855 663 (Dirigente seconda fascia livello C)
+ 39 06 6117-4032 (Level 1 Officer)
Fax: + 39 06 4885-273
E-mail: [email protected]
Point of Contact for standard Requests for Visits (RfV)
Presidenza Del Consiglio Dei Ministri
Dipartimento Informazioni Per La Sicurezza
Ufficio Centrale Per La Segretezza
Via di S.Susanna, 15
00187 ROMA
Italy
Telephone: +39 06 6117-487939 (Dirigente seconda fascia livello C)
+39 06 6117-5155 or +39 06 6117-4134 Level 2 Officer
Fax: +39 06 6129 7004-4885273
E-mail: [email protected]
16. Latvia
NSA
184
Constitution Protection
Bureau of the Republic of Latvia
National Security Authority
Miera iela 85 A
LV-1013 Rīga
Latvia
Telephone: +371 702 54 73
Fax: +371 702 54 54
E-mail: [email protected]
17. Lithuania
NSA
National Security Authority of the Republic of Lithuania
Gedimino pr. 40/1 LTL-2600
Vilnius
Lithuania
Telephone: +370 5 266 32 05
Fax: +370 5 266 32 00
18. Luxembourg
Autorité nationale de Sécurité
207, route d’Esch
L-1471 LUXEMBOURG
Telephone: +352 2 478 2210
Fax: +352 2 478 2243
E-mail: [email protected]
185
Point of Contact for standard Requests for Visits (RfV)
Autorité nationale de Sécurité
Telephone: +352 2 478 2210
Fax: +352 2 478 2243
E-mail: [email protected]
Note Luxembourg does not have a DSA.
19. Malta
NSA
Malta National Security Authority
Ministry for Home Affairs
P.O. Box 146
Valletta VLT1000
Malta
Telephone: +356 21249844
Fax: +356 25695321
DSA
Malta Standards Authority (MSA)
Second Floor, Evans Building
Merchants Street
Valletta VLT 1179
Malta
Telephone: +356 21242420
186
Fax: +356 21242406
E-mail: [email protected]
Point of Contact for standard Requests for Visits (RfV)
Francis Sciberras
Deputy Head
National Security Authority
Telephone: +356 25695301/324
Fax: +356 25695321
E-mail: [email protected]
Francis Farrugia
Head - Standarization Directorate
Malta Standards Authority
Telephone: +356 21242420
Fax: +356 21242406
E-mail: [email protected]
20. Netherlands
NSA/DSA
Ministry of Internal Affairs and Kingdom relations
General Intelligence and Security Service of the Netherlands
PO box 20010
2500 EA The Hague
Netherlands
Telephone: +31 70 320 44 00
Fax: +31 70 320 07 33
187
E-mail: [email protected]
Point of Contact for standard Requests for Visits (RfV)
Netherlands Industrial Visit Control Office, NIVCO
Telephone: +31 79 320 5331
Fax: +31 79 320 5430
E-mail: [email protected]
21. Poland
NSA
Agencja Bezpieczeństwa Wewnętrznego – ABW
Departament Ochrony Informacji Niejawnych
ul. Rakowiecka 2 A
00-993 Warszawa
Polska
E-mail: [email protected]
Służba Kontrwywiadu Wojskowego
Zarząd V
ul. Oczki 1
02-007 Warszawa
Polska
E-mail: [email protected]
22. Portugal
NSA
188
Presidência do Conselho de Ministros
Autoridade Nacional de Segurança
Avenida Ilha da Madeira, 1
P-1400-204 Lisboa
Portugal
Telephone: +351 21 301 17 10
Fax: +351 21 303 17 11
23. Romania
NSA
Romanian ANS – ORNISS
Strada Mureș nr. 4
RO-012275 București
Romania
Telephone: +40 21 224 58 30
Fax: +40 21 224 07 14
24. Slovakia
NSA
Národný bezpečnostný úrad
(National Security Authority)
Budatínska 30
851 06 Bratislava
Slovenská republika
Telephone: +421 2 68 69 11 11
Fax: +421 2 68 69 17 00
189
E-mail: [email protected]
25. Slovenia
NSA
Urad Vlade RS za varovanje tajnih podatkov
Gregorčičeva 27
SI-1000 Ljubljana
Slovenia
Telephone: +386 1 478 13 90
Fax: +386 1 478 13 99
26. Spain
NSA
Autoridad Delegada para la Seguridad de la Información Clasificada
Oficina Nacional de Seguridad
C/ Argentona 20
28023 Madrid
Spain
Telephone: +34 91 283 2583; +34 91 283 2752
Fax: +34 91 372 58 08
E-mail: [email protected]
Point of Contact for standard Requests for Visits (RfV) and Transport Plans
Telephone: +34 91 372 50 97
Fax: +34 91 372 58 08
190
E-mail: [email protected]
27. Sweden
NSA
Utrikesdepartementet (Ministry for Foreign Affairs)
UD SÄK/NSA
SE-103 39 STOCKHOLM
Sweden
Telephone: +46 8 405 10 00
Fax: +46 8 723 11 76
E-mail: [email protected]
DSA
Försvarets Materielverk (Swedish Defence Materiel Administration)
FMV Säkerhetsskyddsavdelning
SE-115 88 Stockholm
Sweden
Telephone: +46 8 782 40 00
Fax: +46 8 782 69 00
E-mail: [email protected]
28. United Kingdom
UK NSA
UK National Security Authority
Cabinet Office
Room 335
70 Whitehall
191
London
SW1A 2AS
United Kingdom
Mr Martin Sterling
Telephone: +44 (0)207 276 5645
E-mail: [email protected]
Mr Andrew Standeven
Telephone: +44 (0)207 276 5497
E-mail: [email protected]
General mailbox
E-mail: [email protected]
192
A2 – OTHER SECURITY AUTHORITIES
European Commission Security Authority
European Commission Security Directorate
DG HR Security Directorate (DS)
Rue de la Loi 200
B-1049
Brussels
Belgium
Telephone: +32 2 2958716 (Industrial Security Advice)
Point of Contact for standard Requests for Visits (RfV)
Telephone: +32 2 2991551
E-mail: [email protected]
Please send a copy to the LSO:
Mr. Juha Myllyaho – DG GROW Deputy LSO
BREY 08/319
Telephone: +32 2 2953831
E-mail: [email protected]
Security Authority of the European Defence Agency (EDA)
(to be completed)
Security Authority of the Organisation for Joint Armament Co-operation (OCCAR)
(to be completed)
193
ANNEX B - TABLE OF EQUIVALENT SECURITY CLASSIFICATION
MARKINGS
Participant Secret Confidential Restricted
EU SECRET UE/EU
SECRET
CONFIDENTIEL UE/EU
CONFIDENTIAL
RESTREINT UE/EU
RESTRICTED
Austria GEHEIM VERTRAULICH EINGESCHRÄNKT
Belgium SECRET
(Loi du 11 Dec
1998) or
GEHEIM
(Wet van 11 Dec
1998)
CONFIDENTIEL
(Loi du 11 Dec 1998) or
VERTROUWELIJK
(Wet van 11 Dec 1998)
DIFFUSION RESTREINTE
or
BEPERKTE
VERSPREIDING
(Note, see below)
Bulgaria СЕКРЕТНО ПОВЕРИТЕЛНО ЗА СЛУЖЕБНО
ПОЛЗВАНЕ
Croatia TAJNO POVJERLJIVO OGRANIČENO
Cyprus ΑΠΌΡΡΗΤΟ
ABR:(ΑΠ)
ΕΜΠΙΣΤΕΥΤΙΚΌ ABR:(ΕΜ) ΠΕΡΙΟΡΙΣΜΈΝΗΣ
ΧΡΉΣΗΣ
ABR:(ΠΧ)
Czech Republic TAJNÉ DŮVĚRNÉ VYHRAZENÉ
Denmark HEMMELIGT FORTROLIGT TIL TJENESTEBRUG
Estonia SALAJANE KONFIDENTSIAALNE PIIRATUD
Finland SALAINEN
or
HEMLIG
LUOTTAMUKSELLINEN
or
KONFIDENTIELL
KÄYTTÖ RAJOITETTU
or
BEGRÄNSAD TILLGÅNG
France SECRET DÉFENSE CONFIDENTIEL DÉFENSE (Note, see below)
Germany
(Note, see below)
GEHEIM VS - VERTRAULICH VS - NUR FÜR DEN
DIENSTGEBRAUCH
194
Greece ΑΠΌΡΡΗΤΟ
ABR:(ΑΠ)
ΕΜΠΙΣΤΕΥΤΙΚΌ ABR:(ΕΜ) ΠΕΡΙΟΡΙΣΜΈΝΗΣ
ΧΡΉΣΗΣ
ABR:(ΠΧ)
Hungary TITKOS! BIZALMAS! KORLÁTOZOTT
TERJESZTÉSŰ!
Ireland SECRET CONFIDENTIAL RESTRICTED
Italy SEGRETO RISERVATISSIMO RISERVATO
Latvia SLEPENI KONFIDENCIĀLI DIENESTA VAJADZĪBĀM
Lithuania SLAPTAI KONFIDENCIALIAI RIBOTO NAUDOJIMO
Luxembourg SECRET LUX CONFIDENTIEL LUX RESTREINT LUX
Malta SIGRIET KUNFIDENZJALI RISTRETT
Netherlands Stg. GEHEIM Stg. CONFIDENTIEEL Dep. VERTROUWELIJK
Poland TAJNE POUFNE ZASTRZEŻONE
Portugal SECRETO CONFIDENCIAL RESERVADO
Romania STRICT SECRET SECRET SECRET DE SERVICIU
Slovakia TAJNÉ DÔVERNÉ VYHRADENÉ
Slovenia TAJNO ZAUPNO INTERNO
Spain RESERVADO CONFIDENCIAL DIFUSIÓN LIMITADA
Sweden HEMLIG KONFIDENTIELL BEGRÄNSAT HEMLIG
United Kingdom UK SECRET No equivalent
(Note: see below)
UK OFFICIAL -
SENSITIVE
Notes:
Belgium and France: Belgium and France handle and protect Classified Information bearing the marking
“RESTRICTED” or equivalent according to its national laws and regulations in force for the protective
level “DIFFUSION RESTREINTE” (also “BEPERKTE VERSPREIDING” in the case of Belgium) or the
standards defined in the present document whichever is higher. The other Participants will handle and
protect information marked “DIFFUSION RESTREINTE” (also “BEPERKTE VERSPREIDING” in the case
of Belgium) according to their national laws and regulations in force for the level “RESTRICTED” or
equivalent or according to the standards defined in the present document whichever is higher.
195
Germany: VS = Verschlusssache.
United Kingdom: The UK handles and protects Classified Information of CONFIDENTIAL level in
accordance with the protective security requirements for UK SECRET.
196
ANNEX C – MINIMUM REQUIREMENTS FOR PROTECTION OF CLASSIFIED INFORMATION IN ELECTRONIC FORM AT RESTRICTED
LEVEL HANDLED IN THE CONTRACTOR’S (BENEFICIARY’S) COMMUNICATION AND INFORMATION SYSTEMS
General
1. The contractor (beneficiary) must be responsible for ensuring that the protection of
RESTRICTED classified information is in compliance with the minimum security
requirements as stated within this security clause and any other additional requirements
advised by the contracting (granting) authority or, if applicable, with the National Security
Authority (NSA) or Designated Security Authority (DSA).
2. It is the responsibility of the contractor (beneficiary) to implement the security
requirements identified in this document.
3. For the purpose of this document a communication and information system (CIS) covers
all equipment used to handle, store and transmit EUCI, including workstations, printers,
copiers, fax, servers, network management system, network controllers and
communications controllers, laptops, notebooks, tablet PCs, smart phones and removable
storage devices such as USB-sticks, CDs, SD-cards, etc.
4. Special equipment such as cryptographic products must be protected in accordance with
its dedicated Security Operating Procedures (SecOPs).
5. Contractors (beneficiaries) must establish a structure responsible for the security
management of the CIS handling information classified RESTRICTED and appoint a
responsible Security Officer of the facility.
6. The use of privately-owned equipment of contractor’s (beneficiary's) personnel (hardware
and software) or processing RESTRICTED classified information is not permitted.
197
7. Accreditation of the contractor’s (beneficiary's) CIS handling information classified
RESTRICTED must be approved by the Participant's Security Accreditation Authority
(SAA) or delegated to the Security Officer of the contractor (beneficiary) as permitted by
national laws and regulations.
8. Only information classified RESTRICTED encrypted using approved cryptographic
products may be handled, stored or transmitted (wired or wireless) as any other
unclassified information under the contract (grant agreement). These cryptographic
products must be approved by a Participant Member State.
9. External facilities involved in the maintenance/repair work must be obliged, on a
contractual basis, to comply with the applicable provisions for handling of information
classified RESTRICTED as set out in this document.
10. At the request of the contracting (granting) authority or relevant NSA/DSA/SAA, the
contractor (beneficiary) must provide evidence of compliance with the Contract (Grant
Agreement) Security Clause. If also requested, contractors (beneficiaries) will permit an
audit and inspection of the contractor’s (beneficiary's) processes and facilities by
representatives of the contracting (granting) authority or the NSA/DSA/SAA in order to
ensure compliance with these requirements.
Physical Security
11. Areas in which CIS are used to display, store, process or transmit RESTRICTED
information or areas housing servers, network management system, network controllers
and communications controllers for such CIS should be established as separate and
controlled areas with an appropriate access control system. Access to these separate and
controlled areas should be limited to only specifically authorised persons. Without
prejudice to paragraph 8 equipment as described in paragraph 3 has to be stored in such
separate and controlled areas.
198
12. Security mechanisms and/or procedures must be implemented to regulate the introduction
or connection of removable computer storage media (for example, USB, mass storage
devices, CD-RWs) to components on the CIS.
Access to CIS
13. Access to contractor's (beneficiary's) CIS handling classified information is based on a
strict need to know principle and authorisation of personnel.
14. All CIS must have up to date lists of authorised users and an authentication of all users at
the start of each processing session.
15. Passwords, which are part of most identification and authentication security measures,
must be a minimum of 9 characters long and must include numeric and “special”
characters (if permitted by the system) as well as alphabetic characters. Passwords must
be changed at least every 180 days. Passwords must be changed as soon as possible if
they have or are suspected of having been compromised or disclosed to an unauthorised
person.
16. All CIS must have internal access controls to prevent unauthorised users from accessing
or modifying information classified RESTRICTED and from modifying system and security
controls. Users are to be automatically logged off the CIS if their terminals have been
inactive for some predetermined period of time, or CIS must activate a password
protected screen saver after 15 minutes of inactivity.
17. Each user of the CIS is allocated a unique user account and ID. User accounts must be
automatically locked after at least 5 successive incorrect login attempts.
18. All users of the CIS must be made aware of their responsibilities and the procedures to be
followed to protect information classified RESTRICTED on the CIS. The responsibilities
and procedures to be followed must be documented and acknowledged by users in
writing.
199
19. SecOPs must be available for the Users and Administrators and must include security
roles descriptions and associated list of tasks, instructions and plans.
Accounting, Audit and Incident Response
20. Any access to the CIS must be logged.
21. The following events must be recorded:
a) all log on attempts whether successful or failed;
b) log off (including time out where applicable);
c) creation, deletion or alteration of access rights and privileges; and
d) creation, deletion or alteration of passwords.
22. For all of the events listed above at least the following information must be communicated:
a) type of event;
b) user ID;
c) date and time; and
d) device ID.
23. The accounting records should support the capability to be examined by a Security Officer
for potential security incidents and that they can be used to support any legal
investigations in the event of a security incident. All security records should be regularly
checked to identify potential security incidents. The accounting records must be protected
from unauthorised deletion or modification.
24. The contractor (beneficiary) must have an established response strategy to deal with
security incidents. Users and Administrators must be instructed on how to react to
incidents, how to report incidents and what to do in case of emergencies.
200
25. The compromise or suspected compromise of information classified RESTRICTED must
be reported to the contracting (granting) authority. The report must contain a description of
the information involved and a description of the circumstances of the (suspected)
compromise. All users of the CIS must be made aware of how to report any actual or
suspected security incident to the Security Officer.
Networking & Interconnection
26. When a contractor (beneficiary) CIS that handles information classified RESTRICTED is
interconnected to a CIS that is not accredited, this leads to a significant increase in threat
to both the security of the CIS and the RESTRICTED classified information handled by
that CIS. This includes the internet, other public or private CIS such as other CIS owned
by the contractor/subcontractor (beneficiary). In this case, the contractor (beneficiary)
must perform a risk assessment to identify the additional security requirements that need
to be implemented as part of the security accreditation process. The contractor
(beneficiary) will provide to the contracting (granting) authority and where nationally
required, the competent SAA a statement of compliance certifying that the contractor
(beneficiary) CIS and respective interconnection have been accredited for handling
RESTRICTED classified information.
27. Remote access from others systems to LAN services (e.g., remote access to e-mail and
remote SYSTEM support) are prohibited unless special security measures are
implemented and agreed by the contracting (granting) authority and where nationally
required, approved by the competent SAA.
Configuration Management
28. A detailed hardware and software configuration, as reflected in the accreditation/approval
documentation (including system and network diagrams) must be available and regularly
maintained.
201
29. Configuration checks must be carried out by the Security Officer of the contractor
(beneficiary) on hardware and software to ensure that unauthorised hardware and
software has not been introduced.
30. Changes to the contractor (beneficiary) CIS configuration must be assessed for their
security implications and must be approved by the Security Officer and where nationally
required, the SAA.
31. The system must be scanned for the presence of security vulnerabilities at least quarterly.
Software must be implemented allowing detection of malware. Such software must be
kept up-to-date. If possible, the software should have a national or recognised
international approval, otherwise it should be a widely accepted industry standard.
32. The contractor (beneficiary) must develop a Business Continuity Plan. Back-up
procedures are established addressing the following:
a) frequency of back-ups;
b) storage requirements on-site (fireproof containers) or off-site;
c) control of authorised access to back-up copies.
Sanitisation and Destruction
33. For CIS or data storage media that has at any time held RESTRICTED classified
information the following sanitisation must be performed to the entire system or storage
media prior to its disposal:
a) Random data in flash memory (e.g. USB sticks, SD cards, solid state drives, hybrid
hard drives) must overwrite at least three times then verify storage content matches
the random data or using approved deletion software;
b) Magnetic media (e.g. hard disks) must be overwritten or degaussed;
c) Optical media (e.g. CDs and DVDs) must be shredded or disintegrated; and
d) concerning other storage media, the contracting (granting) authority, or if
appropriate the NSA/DSA/SAA, should be consulted for the security requirements
that need to be met.
34. Information classified RESTRICTED must be sanitised on any data storage media before it
is given to an entity not authorised to access RESTRICTED classified information (e.g. for
maintenance work).
202
ANNEX D - PROCEDURE FOR HAND CARRIAGE OF CLASSIFIED INFORMATION
C.1. When hand carriage of classified material is permitted, the following procedures will
apply:
a. The Courier will carry a courier certificate recognised by all Participants, authorising him to carry the package as identified (see the courier certificate example below) stamped and signed by the Security Authority and the consignor's officer;
b. A copy of the "Notes for the Courier" (shown below) will be attached to the certificate; and,
c. The courier certificate will be returned to the issuing Security Authority through the consignor's security officer immediately after completion of the journey.
C.2. The consignor's security officer is responsible for instructing the bearer in all of his duties
and of the provisions of the "Notes for the Courier".
C.3. The courier will be responsible for the safe custody of the classified material until such
time that it has been handed over to the consignee's security officer. In the event of a
breach of security, the consignor's Security Authority may request the authorities in the
country in which the breach occurred to carry out an investigation, report their findings,
and take legal action, as appropriate.
203
(LETTERHEAD)
COURIER CERTIFICATE
EU EDIDP ACTION TITLE (optional)
COURIER CERTIFICATE NO. …………………… (*)
FOR THE INTERNATIONAL HAND CARRIAGE OF CLASSIFIED DOCUMENTS,
EQUIPMENT AND/OR COMPONENTS
This is to certify that the bearer:
Mr./Ms. (name/title)
Born on: (day/month/year) in (country)
A national of (country)
Holder of passport/identity card no.: (number)
Issued by: (issuing authority)
On: (day/month/year)
Employed with: (company or organisation)
Is authorised to carry on the journey detailed below the following consignment:
(Number and particulars of the consignment in detail, i.e. No. of packages, weight and
dimensions of each package and other identification data as in shipping documents)
……………………………………………………………………………………………..
……………………………………………………………………………………………..
(*) May also be used by security guards.
204
- The material comprising this consignment is classified in the interests of the security of:
(Indicate the countries having interest. At least the country of origin of the shipment and
that of the destination should be indicated. The country (or countries) to be transited
also may be indicated).
- It is requested that the consignment will not be inspected by other than properly authorised
persons of those having special permission.
- If an inspection is deemed necessary, it is requested that it be carried out in an area out of
sight of persons who do not belong to the service and, in the presence of the courier.
- It is requested that the package, if opened for inspection, be marked after re-closing, to show
evidence of the opening by sealing and signing it and by annotating the shipping documents (if
any) that the consignment has been opened.
- Customs, Police and/or Immigration officials of countries to be transmitted, entered or exited
are requested to give assistance, if necessary, to ensure successful and secure delivery of the
consignment.
(LETTERHEAD)
Annex to the "Courier Certificate" No………….
for the International Hand Carriage of
Classified Material
NOTES FOR THE COURIER(*)
3. You have been appointed to carry/escort a classified consignment. Your "COURIER CERTIFICATE" has been provided. Before starting the journey, you will be briefed on the security regulations governing the hand carriage of the classified consignments and on your security obligations during the specific journey (behaviour, itinerary, schedule, etc). You will also be requested to sign a declaration that you have read and understood and will comply with prescribed security obligations.
4. The following general points are brought to your attention:
(*) May also be used by security guards.
205
(a) You will be held liable and responsible for the consignment described in the Courier Certificate;
(b) Throughout the journey, the classified consignment must stay under your personal control;
(c) The consignment will not be opened en route except in the circumstances described in sub-paragraph (j) below;
(d) The classified consignment is not to be discussed or disclosed in any public place;
(e) The classified consignment is not, under any circumstances, to be left unattended. During overnight stops, military facilities or industrial companies having appropriate security clearance and storage facilities may be utilised. You are to be instructed on this matter by your company Security Officer;
(f) While hand carrying a classified consignment, you are forbidden to deviate from the travel schedule provided, unless unforeseen circumstances require a change of schedule;
(g) In cases of emergency, you must take such measures as you consider necessary to protect the consignment, but on no account will you allow the consignment out of your direct personal control; to this end, your instructions include details on how to contact the security authorities of the countries you will transit as listed in sub-paragraph (l) below. If you have not received these details, ask for them from your company Security Officer;
(h) You and the company Security Officer are responsible for ensuring that your personal expatriation and travel documentation (passport, currency and medical documents, etc) are complete, valid and current;
(i) If unforeseen circumstances make it necessary to transfer the consignment to an individual other than the designated representatives of the company or government you are to visit, you will give it only to authorised employees of one of the points of contact listed in sub-paragraph (I);
(j) There is no assurance of immunity from search by the Customs, Police, and/or Immigration Officials of the various countries whose borders you will be crossing; therefore, should such officials inquire into the contents of the consignment, show them your "Courier Certificate" and this note and insist on showing them to the senior Customs, Police and/or Immigration Official; this action should normally suffice to allow the consignment to pass through unopened. However, if the senior Customs, Police and/or Immigration Official demands to see the actual contents of the consignments you may open it in his presence, but this should be done in an area out of sight of the general public.
You should take precautions to show officials the minimum content necessary to
them that the consignment does not contain any other item and ask the official to
repack or assist in re-packing it immediately upon completion of the examination.
You should request the senior Customs, Police and/or Immigration Official to
provide evidence of the opening and inspection of the packages by signing and
sealing them when closed and confirming in the shipping documents (if any) that
the consignment has been opened.
If you have been required to open the consignment under such circumstances as
the foregoing, you must notify the receiving company Security Officer and the
dispatching company Security Officer, who should be requested to inform the
DSA's of their respective governments.
206
(k) Upon your return, you must produce a bona fide receipt for the consignment signed by the Security Officer of the company or agency receiving the consignment or by a DSA of the receiving government.
(l) Along the route you may contact the following officials to request assistance:
…………………………………………………………………………………………
…………………………………………………………………………………………
From:
(Originating country)
To:
(Country of destination)
Through:
(List intervening countries)
Authorised stops:
(List locations)
Date of beginning of journey:
(Day/month/year)
Signature of company's Security officer
Signature of the Security Authority
(Name) (Name)
Company's stamp Official stamp or NSA/DSA's seal
207
N O T E: To be signed on completion of journey
I declare in good faith that, during the journey covered by the "Courier Certificate", I am not
aware of any occurrence or action, by myself or by others that could have resulted in the
compromise of the consignment.
Courier's Signature:
Witnessed by:
(Company Security Officer's signature)
Date of return of the "Courier Certificate":
(Day/month/year)
208
MULTI-TRAVEL COURIER CERTIFICATE N° ……….
for international hand carriage of classified DOCUMENTS, EQUIPMENTS AND/OR
COMPONENTS
This is to certify that the bearer Mr/Ms (name and title) …………………… born on (day, month,
year) ………… in (country) ………..……, a national of (country) …………….. holder of passport
or identity card n° …………… issued by (issuing authority) : ………… on (day, month, year)
:………… employed by (company or organization) : ……..……………... is authorized to carry
classified documents, equipment and/or components between the following countries:
……………………………………………….……………….…………………
The bearer above is authorized to use this certificate as many times as necessary, for classified
shipments between the countries here above until (date): ………….
The shipment description should be attached to each consignment.
The attention of customs authorities, police and immigration services is drawn to the following
points:
The material forming each consignment is classified in the interest of national security of the countries here above.
It is requested that the consignment will not be inspected by other than properly authorized persons or those having special permission.
If an inspection is deemed necessary, it is requested that it be carried out in an area out of sight of persons who do not have a Need-to-Know and in the presence of the courier.
It is requested that the package, if opened for inspection, be marked after reclosing to show evidence of the opening by sealing and signing it and by annotating the shipping documents (if any) that the consignment has been opened.
Customs, Police and/or Immigration officials of countries to be transmitted, entered or exited are requested to give assistance if necessary to assure successful and secure delivery of the consignment.
Signature of Security Officer
Signature of the Security Authority
209
NOTES FOR THE COURIER
You have been appointed to carry/escort classified consignments. Your "Courier certificate" has
been provided. Before starting your journeys, you will be briefed on the security regulations
governing the hand carriage of the classified consignments and on your obligations during the
specific journey (behaviour, itinerary, schedule, etc.). You will also be requested to sign a
declaration that you have read and understood and will comply with prescribed security
obligations.
The following general points are brought to your attention:
1. You will be held liable and responsible for the consignments described in the "descriptions of shipments".
2. Throughout the journey, the classified consignments must stay in your personal possession, unless you are accompanying a classified consignment under NSA/DSA approved transportation plan.
3. The consignments will not be opened en route except in the circumstances described in paragraph 10 below.
4. The classified consignments are not to be discussed or disclosed in any public place.
5. The classified consignments are not, under any circumstances, to be left unattended. During overnight stops, military facilities or industrial companies having appropriate security clearance may be utilized. You are to be instructed on this matter by your company security officer.
6. While hand carrying or accompanying a classified consignment, you are forbidden to deviate from the schedule provided.
7. In case of emergency, you must take such measures as you consider necessary to protect the consignment, but on no account will you allow the consignment out of your direct personal possession except under circumstances described in paragraph 2 above; to this end, your instructions include details on how to contact the security authorities of the countries you will transit as stated in paragraph 11 below. If you have not received these details, ask for them from your company security officer.
8. You and the company security officer are responsible for ensuring that your personal expatriation and travel documentation (passport, currency and medical documents, etc.) are complete, valid and current.
9. If unforeseen circumstances make it necessary to transfer a consignment to other than the designated representative of the company or government you are to visit, you will give it only to authorised employees of one of the points of contact listed in the description of shipment.
10. There is no assurance of immunity from search by the Customs, Police, and/or Immigration Officials of the various countries whose borders you will be crossing; therefore, should such officials enquire into the contents of the consignment, show them your "courier certificate" the description of shipment and this note and insist on showing them to the senior Customs, Police, and/or Immigration Official; This action should normally suffice to allow the consignment to pass through unopened. However, if the senior Customs, Police, and/or Immigration Official demands to see the actual contents of the consignment you may open it in his presence, but this should be done in area out of sight of the general public.
210
You should take precautions to show officials only as much of the contents as will satisfy
them that the consignment does not contain any other item and ask the official to repack or
assist in repacking it immediately upon completion of the examination.
You should request the senior Customs, Police, and/or Immigration Official to provide
evidence of the opening and inspection of the consignment by signing and sealing them
when closed and confirming in the shipping documents (if any) that the consignment has
been opened.
If you have been required to open the consignment under such circumstances as the
foregoing, you must notify the receiving company Security Officer and the dispatching
company Security Officer, who should be requested to inform the NSA/DSA of their
respective governments.
11. Along the route you may contact the officials whose details will be provided to you before each journey and request assistance from them.
12. Upon return from each journey, you must produce a bona fide receipt for the consignment signed by the Security Officer of the company or agency receiving the consignment or by a NSA/DSA of the receiving government.
211
ANNEX to multi-travel certificate
Multi-travels courier certificate No:.......................
Description of shipment nr : ……..
Transport from (date) : …………… to (date) : ……………
Bearer (name) : ……………………………………………
Itinerary : from (originating country) ……………… to (destination country) ……………… through
(crossed countries) ……………………………… authorized stops (list of locations) :
…………………………………………
References of receipt or inventory list: ……………………………………
Description of the shipment (number of package, dimensions and, if needed, weight of each
package)
Officials you may contact to request assistance
Signature of company’s Security Officer
______________________________________________________________________
Note to be signed on completion of each shipment:
I declare in good faith that, during the journey covered by this "shipment description", I am not
aware of any occurrence or action, by myself or by other, that could have resulted in the
compromise of the consignment, except the events related below, if needed :
212
Place and date of declaration: ……………
Courier’s signature:…………………………..
Witnessed by (name and signature of company Security Officer): ………………………….
213
ANNEX E - TRANSPORTATION PLAN
(LETTERHEAD)
TRANSPORTATION PLAN -
FOR THE MOVEMENT OF CLASSIFIED CONSIGNMENTS
(INSERT NAME OF EDIDP ACTION)
1. INTRODUCTION
This transportation plan lists the procedures for the movement of classified (insert
EDIDP/Grant or Contract name) consignments between (insert EDIDP Action
Participants).
2. DESCRIPTION OF CLASSIFIED CONSIGNMENT
Provide a general description of the consignment to be moved. If necessary, a detailed,
descriptive listing of items to be moved under this plan, including nomenclature, may be
appended to this plan as an annex. Include in this section a brief description as to where
and under what circumstances transfers of custody will occur.
3. IDENTIFICATION OF AUTHORISED PARTICIPATING GOVERNMENT REPRESENTATIVES
This Section should identify by name, title and organisation, the authorised
representatives of each EDIDP Action Participant who will authorise receipt for and
assume security responsibilities for the classified consignment. Mailing addresses,
telephone numbers, telefax numbers, and/or telex address, network addresses should
be listed for each Participant’s representatives.
4. DELIVERY POINTS
(a) Identify the delivery points for each Participant (e.g. ports, railheads, airports, etc) and how transfer is to be effected.
(b) Describe the security arrangements that are required while the consignment is located at the delivery points.
214
(c) Specify any additional security arrangements, which may be required due to the unique nature of the movement or of a delivery point (e.g. an airport freight terminal or port receiving station).
5. IDENTIFICATION OF CARRIERS
Identify the commercial carriers, freight forwarders and transportation agents, where
appropriate, that might be involved to include the level of security clearance and storage
capability.
6. STORAGE/PROCESSING FACILITIES AND TRANSFER POINTS
(a) List, by participant, the storage or processing facilities and transfer points that will be used.
(b) Describe specific security arrangements necessary to ensure the protection of the classified consignment while it is located at the storage/processing facility or transfer point.
7. ROUTES
Specify in this section the routes for movements of the classified consignments under
the plan. This should include each segment of the route from the initial dispatch point to
the ultimate destination including all border crossings, in particular travel through non-
Participant states. Routes should be detailed for each Participant in the logical sequence
of the shipment from point to point. If overnight stops are required, security
arrangements for each stopping point should be specified. Contingency stop over
locations should also be identified as necessary.
8. PORT SECURITY AND CUSTOMS OFFICIALS
In this Section, identify arrangements for dealing with customs and port security officials
of each Participant. The facility must verify that the courier has been provided with the
necessary documentation and is aware of the rules necessary to comply with customs
and security requirements. Prior co-ordination with customs and port security agencies
may be required so that the Project/Programme movements will be recognised.
Procedures for handling custom searches and points of contact for verification of
movements at the initial dispatch points should also be included here.
9. COURIERS
When couriers are to be used, provisions for the international hand carriage of classified
materials specified in Section II and Annex D will apply.
215
10. RECIPIENT RESPONSIBILITIES
Describe the responsibilities of each recipient to carry out an inventory of movement and
to examine all documentation upon receipt of the movement and:
(a) Notify the dispatcher of any deviation in routes or methods prescribed by this plan;
(b) Notify the dispatcher of any discrepancies in the documentation or shortages in the shipment.
(c) Clearly state the requirement for recipients to promptly advise the Security Authority of the dispatcher of any known or suspected compromise of classified consignment or any other exigencies which may place the movement in jeopardy.
11. DETAILS OF CLASSIFIED MOVEMENTS
This section should contain the following items:
(a) Identification of dispatch assembly points.
(b) Packaging requirements that conform to the security rules of the EDIDP Action Participants. The requirements for dispatch documents seals, receipts, storage and security containers should be explained. Any unique requirement of the EDIDP Action Participants should also be stated.
(c) Documentation required for the dispatch points.
(d) Courier authorisation documentation and travel arrangements.
(e) Procedures for locking, sealing, verifying and loading consignments. Describe procedures at the loading points, to include tally records, surveillance responsibilities and witnessing of the counting and loading arrangements.
(f) Procedures for accessibility by courier to the shipment en route.
(g) Procedures for unloading at destination, to include identification or recipients and procedures for change of custody, and receipt arrangements.
(h) Emergency communications procedures. List appropriate telephone numbers and points of contact for notification in the event of emergency.
216
(i) Procedures for identifying each consignment and for providing details of each consignment; the notification should be transmitted no less than six working days prior to the movement of the classified consignment.
12. RETURN OF CLASSIFIED MATERIAL
This section should identify requirements for return of classified material to the
manufacturer or sending participant (e.g. warranty, repair, test and evaluation, etc.).
NOTE: Samples of these forms should be included, as appropriate, as enclosures to the
plan as necessary.
(1) Packing list
(2) Classified material receipts
(3) Bills of lading
(4) Export declaration
(5) Waybills
(6) Other Participant-required forms
217
ANNEX F - REQUEST FOR VISIT
Note: The completed form must be submitted directly to the Security Officer of the
establishment to be visited. Fields of the form related to NSAs/DSAs should be left empty.
REQUEST FOR VISIT
TO: _______________________________________
(Country/international organisation name)
1. TYPE OF VISIT REQUEST 2. TYPE OF INFORMATION/
MATERIAL OR SITE ACCESS
3. SUMMARY
One-time
Recurring
Emergency
Amendment
Dates
Visitors
Agency/Facility
For an amendment, insert the
NSA/DSA original RFV
Reference No._____________
CONFIDENTIAL or above
No. of sites:
_______
No. of visitors:
_____
4. ADMINISTRATIVE DATA:
Requestor:
To:
NSA/DSA RFV Reference No.________________
Date (dd/mm/yyyy): _____/_____/_____
218
5. REQUESTING GOVERNMENT AGENCY, ORGANISATION OR INDUSTRIAL FACILITY:
Government Industry European Commission OCCAR Other
If other, specify: ______________________
NAME:
POSTAL ADDRESS:
E-MAIL ADDRESS:
FAX NO: TELEPHONE NO:
6. GOVERNMENT AGENCY(IES) , ORGANISATION(S) OR INDUSTRIAL FACILITY(IES) TO
BE VISITED - (Annex 1 to be completed)
7. DATE OF VISIT (dd/mm/yyyy): FROM _____/_____/_____ TO _____/_____/_____
8. TYPE OF INITIATIVE (Select one from each column):
Government initiative
Commercial initiative
Initiated by requesting agency or facility
By invitation of the facility to be visited
9. SUBJECT TO BE DISCUSSED/JUSTIFICATION/PURPOSE (To include details of host
Government/Project Authority and solicitation/contract number if known and any other
relevant information. Abbreviations should be avoided):
219
10. ANTICIPATED HIGHEST LEVEL OF INFORMATION/MATERIAL OR SITE ACCESS TO BE
INVOLVED:
Only if required by the laws/regulations of
the countries involved
Unclassified RESTRICTED
CONFIDENTIAL SECRET
If other, specify: ______________________
11. PARTICULARS OF VISITOR(S) - (Annex 2 to this form to be completed)
12. THE SECURITY OFFICER OF THE REQUESTING GOVERNMENT AGENCY,
ORGANISATION OR INDUSTRIAL FACILITY:
NAME:
TELEPHONE NO:
E-MAIL ADDRESS:
SIGNATURE:
13. CERTIFICATION OF SECURITY CLEARANCE LEVEL:
NAME:
ADDRESS:
TELEPHONE NO:
E-MAIL ADDRESS:
SIGNATURE: DATE (dd/mm/yyyy): _____/_____/_____
220
14. REQUESTING NATIONAL SECURITY AUTHORITY / DESIGNATED SECURITY
AUTHORITY:
NAME:
ADDRESS:
TELEPHONE NO:
E-MAIL ADDRESS:
SIGNATURE: DATE (dd/mm/yyyy): _____/_____/_____
15. REMARKS (Mandatory justification required in case of an emergency visit):
221
ANNEX 1 to RFV FORM
GOVERNMENT AGENCY(IES), ORGANISATION(S) OR INDUSTRIAL FACILITY(IES) TO
BE VISITED
1. Government Industry EU OCCAR Other
If other, specify: ______________________
NAME:
ADDRESS:
TELEPHONE NO:
FAX NO:
NAME OF POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
NAME OF SECURITY OFFICER OR
SECONDARY POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
222
2. Government Industry EU OCCAR Other
If other, specify: ______________________
NAME:
ADDRESS:
TELEPHONE NO:
FAX NO:
NAME OF POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
NAME OF SECURITY OFFICER OR
SECONDARY POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
223
3. Government Industry EU OCCAR Other
If other, specify: ______________________
NAME:
ADDRESS:
TELEPHONE NO:
FAX NO:
NAME OF POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
NAME OF SECURITY OFFICER OR
SECONDARY POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
224
4. Government Industry EU OCCAR Other
If other, specify: ______________________
NAME:
ADDRESS:
TELEPHONE NO:
FAX NO:
NAME OF POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
NAME OF SECURITY OFFICER OR
SECONDARY POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
225
5. Government Industry EU OCCAR Other
If other, specify: ______________________
NAME:
ADDRESS:
TELEPHONE NO:
FAX NO:
NAME OF POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
NAME OF SECURITY OFFICER OR
SECONDARY POINT OF CONTACT:
E-MAIL:
TELEPHONE NO:
(Continue as required)
226
ANNEX 2 to RFV FORM
PARTICULARS OF VISITOR(S)
1 Government Industry EU Employee OCCAR Employee
Other (Specify: ___________________________)
SURNAME:
FORENAMES (as per passport):
RANK (if applicable):
DATE OF BIRTH (dd/mm/yyyy):____/____/____
PLACE OF BIRTH:
NATIONALITY:
SECURITY CLEARANCE LEVEL:
PP/ID NUMBER:
POSITION:
COMPANY/AGENCY:
2 Government Industry EU Employee OCCAR Employee
Other (Specify: ___________________________)
SURNAME:
FORENAMES (as per passport):
RANK (if applicable):
DATE OF BIRTH (dd/mm/yyyy):____/____/____
PLACE OF BIRTH:
NATIONALITY:
227
SECURITY CLEARANCE LEVEL:
PP/ID NUMBER:
POSITION:
COMPANY/AGENCY:
3 Government Industry EU Employee OCCAR Employee
Other (Specify: ___________________________)
SURNAME:
FORENAMES (as per passport):
RANK (if applicable):
DATE OF BIRTH (dd/mm/yyyy):____/____/____
PLACE OF BIRTH:
NATIONALITY:
SECURITY CLEARANCE LEVEL:
PP/ID NUMBER:
POSITION:
COMPANY/AGENCY:
4 Government Industry EU Employee OCCAR Employee
Other (Specify: ___________________________)
SURNAME:
FORENAMES (as per passport):
RANK (if applicable):
DATE OF BIRTH (dd/mm/yyyy):____/____/____
228
PLACE OF BIRTH:
NATIONALITY:
SECURITY CLEARANCE LEVEL:
PP/ID NUMBER:
POSITION:
COMPANY/AGENCY:
5 Government Industry EU Employee OCCAR Employee
Other (Specify: ___________________________)
SURNAME:
FORENAMES (as per passport):
RANK (if applicable):
DATE OF BIRTH (dd/mm/yyyy):____/____/____
PLACE OF BIRTH:
NATIONALITY:
SECURITY CLEARANCE LEVEL:
PP/ID NUMBER:
POSITION:
COMPANY/AGENCY:
(Continue as required)
ANNEX G - COMSEC INSTRUCTIONS OF THE EDIDP ACTION XX
UNCLASSIFIED
Releasable to EDIDP Participants only
230
Version history
VERSION AUTHOR DATE
REASON FOR CHANGE
SUPERSEDED
DOCUMENT
COMMENTS
1.0 xx/xx/20xx
231
Table of Contents
Section 1 - Introduction ............................................................................................................................ 106
1.1 Scope of the document .................................................................................................................. 106
1.2 Applicability .................................................................................................................................... 106
1.3 Acronyms and Glossary .................................................................................................................. 107
1.3.1 Acronyms ................................................................................................................................. 107
1.3.2 Glossary ................................................................................................................................... 107
1.4 COMSEC Items ................................................................................................................................ 108
1.4.1 Controlled COMSEC Items (CCI) .............................................................................................. 108
1.4.2 CRYPTO Items .......................................................................................................................... 108
Section 2 – Roles, Responsibilities and Functions .................................................................................... 109
2.1 Information Assurance Authority (IA Authority) ............................................................................ 109
2.2 Distribution Authority (DA) ............................................................................................................ 109
Section 3 - Security Measures to be implemented when handling COMSEC Items ................................ 110
3.1 Local Organisation .......................................................................................................................... 110
3.1.1 COMSEC Officer ....................................................................................................................... 110
3.1.2 COMSEC Items Custodian ........................................................................................................ 110
3.1.3 Alternate COMSEC Items Custodian ........................................................................................ 110
3.1.4 Users ........................................................................................................................................ 110
3.2 Access to COMSEC Items ................................................................................................................ 110
3.2.1 COMSEC Authorisation ............................................................................................................ 110
3.2.2 EDIDP COMSEC Authorisation ................................................................................................. 111
3.2.3 Personnel Training ................................................................................................................... 111
3.3 Auditing and Inspection of COMSEC Items .................................................................................... 111
3.3.1 Inventories and accounting ..................................................................................................... 111
3.4 Movement of COMSEC Items ......................................................................................................... 111
3.4.1 Transportation of Crypto Items ............................................................................................... 112
3.4.2 Notification/Transportation Plans (TPs) .................................................................................. 112
3.4.3 Preparation for Transport ....................................................................................................... 113
3.4.4 Framework Transportation Plans ............................................................................................ 114
3.4.5 Transport of CCI ....................................................................................................................... 114
3.4.6 Record of Transfer ................................................................................................................... 114
3.5 Destruction of COMSEC Items ........................................................................................................ 114
3.6 Physical Security ............................................................................................................................. 115
3.6.1 No-Lone Zones ......................................................................................................................... 115
3.6.2 Physical Security during Use .................................................................................................... 115
3.7 Security Incident handling .............................................................................................................. 115
3.7.1 Security Breach ........................................................................................................................ 115
232
3.7.2 Compromise ............................................................................................................................ 115
Section 4 - Annexes .................................................................................................................................. 117
Annex 1 - Information assurance Authorities / Distribution Authorities OF PARTICIPANTS OF the EDIDP ACTION .......................................................................................................................................... 118
Annex 2 - Security Incident Report ........................................................................................................... 129
Annex 3 – Sample Certificate of COMSEC Authorisation ......................................................................... 132
Annex 4 - EDIDP COMSEC Item Report .................................................................................................... 133
Annex 5 – Example of a COMSEC Authorisation Briefing ......................................................................... 134
Annex 6 – Example of a COMSEC Authorisation Debriefing .................................................................... 136
233
Section 1 - Introduction
1. These instructions are part of the EDIDP PSI in its latest applicable version.
Their dissemination shall be limited to EDIDP Participants’ entities involved through a grant, contract, or by contractual or pre-contractual activity, in any phase of the EDIDP.
1.1 Scope of the document
1. This document establishes a set of common rules and security procedures and assigns responsibilities based upon the EU security policy concerning COMSEC information generated and exchanged under the EDIDP. It is intended to provide common security procedures for the marking, handling, storage, transmission, transport or destruction of COMSEC Items. The PSI and the related COMSEC Instructions are without prejudice to the applicable national and/or European prior-ranking rules and legislations. In case that the PSI or the COMSEC Instructions state a differing provision from the applicable national and/or European prior-ranking rules and legislations the stricter regulation is to be applied.
1.2 Applicability
1. This document applies to any Beneficiary or Contractor that will access or create COMSEC Items under the EDIDP. The latest version of the EDIDP COMSEC Instructions and its annexes is applicable to Beneficiaries or Contractors on a contractual basis.
2. It applies to all EDIDP participants in accordance with respective laws, rules and/or regulations, and to any company or national entity involved in contractual or pre-contractual activity12 in any of the phases of the EDIDP. Where mandated, item-specific Security Operating Procedures or Crypto Management Plans shall be used.
3. COMSEC Items shall be controlled and managed in accordance with specific handling and accounting procedures. Due to their particularly sensitive nature, additional handling measures may be required for COMSEC Items. Any compromise of COMSEC Items may lead to a compromise of Classified Information or systems. As a consequence, detailed handling procedures are established so as to:
a) allow the individual identification of COMSEC or CRYPTO Items;
b) ensure the proper dissemination control of COMSEC Items;
c) prevent the loss or compromise of COMSEC Items or their disclosure to
unauthorised entities;
d) detect any such loss or compromise; and
e) allow for the assessment of the possible damage caused.
4. Any Crypto Items used within the EDIDP shall be approved in accordance with the relevant laws, rules and/or regulations. Every COMSEC Item shall be accounted for and shall have a SecOps13. A Key Management Plan (or national equivalent) shall be in place before using the COMSEC item to protect the information.
12 Including proposal submission for a grant, grant signature and implementation.
13 As a minimum this should specify the environmental security assumptions and any procedural constraints or limitations applicable in order to maintain the certification status.
234
1.2 Acronyms and Glossary
1.3.1 Acronyms
CCI Controlled COMSEC Item
COMSEC Communication Security
DA Distribution Authority
IA Information Assurance
NSA National Security Authority
EDIDP European Defence Industrial Development Programme
1.3.2 Glossary
Alternate: Alternate COMSEC Items Custodian.
Classified Information: any information or material designated by a security classification,
of which unauthorised disclosure could cause varying degrees of prejudice to the interests
of the Participants. Its classification is indicated by a classification marking.
COMSEC (Communication Security): application of security measures to
telecommunications in any form in order to deny unauthorised persons to access
information of value derived from the possession and study of such telecommunications or
to ensure the confidentiality, availability, authenticity, non-repudiation and integrity of the
information travelling through the communication channels. Such measures include crypto,
transmission (TRANSEC) and emission (TEMPEST) security, as well as procedural,
physical, personnel, document and computer security.
COMSEC Authorisation: authorisation given by the appropriate authority of a Participant,
provided to an eligible individual to allow this person access to COMSEC Items.
Information Assurance Authority (IA Authority): The Participant’s Authority in charge of
the oversight of application of the rules regarding the management and the handling of
COMSEC Items. These IA Authorities are listed in Annex 1.
COMSEC Item: Item (equipment, data or information) that contributes through its integrity,
confidentiality, authenticity, availability and non-repudiation properties, to communications
security in an information system.
A COMSEC Item means all material, including keys in all forms, documents, devices or
equipment, that describe, contain or relate to cryptographic products and is essential to the
encryption, decryption or authentication of telecommunications and any other item that
performs critical COMSEC function. Therefore a COMSEC Item includes:
Keying material: key stored on all sort of media;
Device or piece of equipment: including the basic crypto device providing the
cryptographic service(s) and other related device such as crypto-ancillary
device (used in conjunction with the basic crypto device), keying material
production equipment, authentication equipment;
Documentation: including all documentation associated with a cryptosystem
such as operating instructions, user manual, installation manual, maintenance
235
manual, cryptographic security instruction and all other printed crypto material
(excepting keying material). Controlled COMSEC Item (CCI): COMSEC Item of unclassified nature that contribute
through its integrity, confidentiality, authenticity, availability and non-repudiation properties,
to the security of a COMSEC system handling Classified Information.
Custodian: COMSEC Items Custodian.
Distribution Authority (DA): means the Distribution Authority of a Participant, responsible
for the security, distribution and accountability of the exchange of COMSEC Items in the
framework of the EDIDP.
Crypto: COMSEC Item of classified nature that contains sensitive cryptographic information
and/or that contribute through its integrity, confidentiality, authenticity, availability and non-
repudiation properties, to the security of a COMSEC system handling Classified Information.
Mandatory handling marking to be affixed these Items.
Participants’ Security Authorities: governmental bodies or bodies within EDIDP
participants responsible for the security of Classified Information for the EDIDP and the
coordination and implementation of industrial security aspects of the EDIDP which are listed
in the Annex A1 and A2 of the EDIDP PSI.
1.4 COMSEC Items
1. A COMSEC Item (equipment, data or information) contributes through its integrity, confidentiality, authenticity, availability and non-repudiation properties, to communications security in an information system. (A full definition is included in the glossary.) In order to identify COMSEC Items as such they shall be marked additionally with appropriate administrative markings or annotations.
2. COMSEC Items shall be handled in accordance with their SecOps and any relevant local COMSEC procedures, in full compliance with the relevant rules and regulations of the Participant.
1.4.1 Controlled COMSEC Items (CCI)
1. A Controlled COMSEC Item (CCI) is a COMSEC Item of unclassified nature e.g. an unkeyed crypto device.
2. CCI shall bear a clearly visible handling marking “Controlled COMSEC Item” or “CCI”.
1.4.2 CRYPTO Items
1. A CRYPTO Item is a COMSEC Item of classified nature e.g. a crypto key.
2. The disclosure of a CRYPTO Item to unauthorised persons may seriously undermine the security of the related COMSEC system.
3. CRYPTO Items shall bear a clearly visible handling marking “CRYPTO”. This marking shall be applied in addition to the respective classification marking.
236
Section 2 – Roles, Responsibilities and Functions
2.1 Information Assurance Authority (IA Authority)
1. Each EDIDP Participant handling or generating COMSEC Items shall identify a IA Authority. This authority shall, in accordance with the relevant laws, rules and/or regulations, be responsible for the control of COMSEC Items held by entities under its jurisdiction, and for the coordination and implementation of these EDIDP COMSEC Instructions. The Participants´ IA Authorities and Distribution Authorities are listed in Annex 1
2. The IA Authority is responsible for regular security inspections within its area of responsibility to ensure that the relevant COMSEC Items are correctly protected. It shall check that access to COMSEC Items within its jurisdiction is limited to appropriately authorized individuals on a need to know basis.
2.2 Distribution Authority (DA)
1. Where COMSEC Items are held, each EDIDP Participant shall identify a Distribution Authority (DA). This DA is the responsible entity for ensuring that procedures are established for the comprehensive accounting, secure handling, storage, distribution and destruction of all COMSEC Items in its area of responsibility.
2. A list of the Participants’ IA Authorities and DAs, with points of contact, is at Annex 1.
237
Section 3 - Security Measures to be implemented when handling COMSEC Items
3.1 Local Organisation
1. A Beneficiary or Contractor that holds COMSEC Items shall establish an organisation with a COMSEC Officer, a COMSEC Items Custodian and an Alternate, and establish arrangements for the management and safeguarding of COMSEC Items.
3.1.1 COMSEC Officer
1. The COMSEC Officer is responsible for the correct application and compliance with these EDIDP COMSEC Instructions, as well as for the efficiency, accuracy and security of all COMSEC operations in his area of responsibility (including Crypto Accounts).
2. This role shall not be held by the person who holds the Custodian or Alternate role.
3. The COMSEC Officer shall be appointed in accordance with the relevant Participant’s laws, rules or regulations.
3.1.2 COMSEC Items Custodian
1. The COMSEC Items Custodian (the Custodian) of an organisation is responsible for the management (receipt, protection, accounting, inventory, distribution, and destruction) of all COMSEC Items held by the organisation.
2. The Custodian role shall not be held by the person who holds the Alternate role.
3.1.3 Alternate COMSEC Items Custodian
1. The Alternate COMSEC Items Custodian (the Alternate) assists the Custodian; however, responsibility for the COMSEC Items rests with the Custodian when he is present.
2. The Alternate role shall not be held by the person who holds the Custodian role.
3.1.4 Users
1. Users shall only be entrusted with COMSEC Items subject to signing a receipt and formally assuming the responsibility for the control and safeguarding of COMSEC Items, in accordance with the Participant’s laws, rules and/or regulations.
2. The User shall be briefed by the COMSEC Items Custodian on his responsibilities.
3. The User shall not pass COMSEC Items to another user without the approval of, and via, the COMSEC Items Custodian.
238
3.2 Access to COMSEC Items
1. COMSEC Items, whether classified or not, can only be issued or transferred to individuals belonging to an organisation or company that is directly involved in COMSEC activities in the framework of the EDIDP, and based strictly on the Need-to-Know principle.
3.2.1 COMSEC Authorisation
1. Individuals requiring access to EDIDP COMSEC Items shall be in possession of a specific authorisation to do so. This “COMSEC Authorisation” indicates that the individual has been briefed by the COMSEC Officer or the Custodian and is aware of his obligations regarding the handling of Programme COMSEC Items in accordance with these EDIDP COMSEC Instructions and the relevant laws, rules and/or regulations of the Participant where appropriate. COMSEC Authorisations or national equivalents shall comprise the information as contained in the sample attached in Annex 3).
2. The COMSEC Authorisation shall be removed when the need to know no longer exists. It can be renewed or re-issued, as appropriate in accordance with the Participants’ applicable laws, rules and/or regulations.
3. Individuals required to access COMSEC Items at the security classification level of CONFIDENTIAL or above shall hold a Personnel Security Clearance (PSC) at the appropriate level.
4. When a person no longer requires a COMSEC Authorisation, the responsible COMSEC Officer shall debrief this person. The individual concerned shall sign a declaration of responsibility not to divulge any information on the COMSEC Items to which he had access.
5. When it is not possible to debrief an individual or a declaration cannot be signed, the COMSEC Authorisation is considered revoked and a detailed report shall be provided to the IA Authority of the relevant Participant.
3.2.2 EDIDP COMSEC Authorisation
1. Due to the international context of the EDIDP, the COMSEC Authorisation may need to be recognized by the other Participants. In such cases, the “EDIDP COMSEC Authorisation” (see Annex 3) shall be used to demonstrate that the individual has been appropriately briefed by the COMSEC Officer.
3.2.3 Personnel Training
1. Personnel shall be trained as appropriate for their roles and responsibilities in handling COMSEC Items for which they are responsible.
3.3 Auditing and Inspection of COMSEC Items
1. Entities holding COMSEC Items under their responsibility shall be subject to audit/inspection in accordance with the relevant Participant’s laws, rules and/or regulations.
239
3.3.1 Inventories and accounting
1. Within any entity where COMSEC Items are held, a COMSEC Account (or subaccount) must be formally established by the relevant DA.
2. COMSEC Items need to be accounted for throughout their lifecycle and shall be registered in the COMSEC Account.
3. COMSEC Items are accounted for through the use of transfer reports when they are transferred into or out of accounts, or possession reports when they are created or when they are discovered (e.g. in the event of a security incident). Annex 4 or a national equivalent shall be used for the purposes listed above and may also be used as an inventory form.
3.4 Movement of COMSEC Items
1. For the purposes of these Instructions, the term “movement” refers to both transmission and transportation. The term “transmission” refers to the electronic transfer of information, and the term “transportation” refers to the physical transfer of items via road, rail, air or sea.
2. The movement of COMSEC Items marked CRYPTO shall follow the applicable laws, rules and/or regulations of the sending Participant, or as otherwise provided for in the EDIDP PSI, including these EDIDP COMSEC Instructions.
3. The transportation of COMSEC Items marked CCI shall follow the applicable laws, rules and/or regulations of the sending Participant.
4. During transmission by electronic means of COMSEC Information marked CRYPTO, approved cryptographic products and Communication and Information Systems, which have been appropriately accredited for the purpose shall be used.
5. Transmission or transport of Classified Crypto Items among EDIDP Participants shall be through the transfer of the items between COMSEC accounts.
3.4.1 Transportation of Crypto Items
1. For the transportation of Crypto Items, the following general principles shall be applied by the sender when determining security arrangements:
a) the degree of protection afforded to a consignment shall be determined by a risk
assessment which considers the highest classification level of material
contained within it, the quantity of material being transported, and any
constraints or limitation imposed by any applicable SecOPs;
b) prior to any cross-border movement of COMSEC Items marked CRYPTO the
sending and receiving authorities shall be notified;
c) where required, a transportation plan (TP) shall be drawn up by the sender and
approved by the respective national IA Authorities or DAs;
d) journeys shall be point-to-point to the extent possible, and shall be completed as
quickly as circumstances permit.
3.4.2 Notification/Transportation Plans (TPs)
1. Transportation shall be notified by the sending DA to the recipient DA by means of a Notification or TP, which shall contain as a minimum the following information:
240
a) Identification of COMSEC Items being transported in the EDIDP COMSEC Items
Report (see Annex 4);
b) Distribution Authorities Involved;
c) Identification of Sending and Receiving COMSEC accounts;
d) Identification of Couriers;
e) Method of transportation.
2. Transportation Plans (TPs) shall remain unclassified unless there is a reason for them to be classified. In principle a TP should not be classified at a level higher than RESTREINT UE/EU RESTRICTED.
3. When a number of predefined COMSEC Items of the same type and classification are to be moved repeatedly between the same two COMSEC Accounts one Framework Transportation Plan (FTP) may be proposed by the sending entity to cover all these movements for a period of up to one year or as otherwise mutually agreed (see Section “Framework Transportation Plans” below for details).
4. Notifications and TPs for the international movement of Crypto Items shall be submitted to the sending DA no later than 10 working days prior to the proposed date of the transport.
5. The procedure for the approval cycle is as follows:
The sending entity agrees the details of the transport with the receiving entity;
a) If a TP is required, the sending entity drafts the TP;
b) The sending entity then provides the TP to its DA;
c) The DA of the sending entity checks the TP for compliance with relevant security
requirements and then forwards it to the DA of the receiving entity for
agreement or notification, as appropriate;
d) The receiving COMSEC Account notifies the sending COMSEC Account of
receipt of the TP or Notification;
e) In the absence of response regarding the approval from the DA of the receiving
entity, approval of the TP shall be assumed and the movement can take
place.
6. Personnel acting as couriers shall be appropriately security cleared to carry the consignment.
7. The competent security authorities involved shall endeavour to ensure that any relevant national authority is informed and shall request cooperation according to local laws, rules and/or regulations.
3.4.3 Preparation for Transport
1. Crypto Items to be transported shall be prepared as follows:
a) the package shall not show external evidence of its security marking. The security
classification level or the handling marking shall only be applied on the
internal packaging and on the item itself;
241
b) the inner wrapping shall be marked with the addresses of both the sender and the
recipient, the classification, the marking “CRYPTO” and “to be opened only by
the COMSEC Items Custodian”;
c) the outer wrapping shall bear the public addresses of both the sending and the
receiving entities;
d) subject to the requirements of the SecOps, keys shall not be transported with
their associated equipment unless the physical configuration of the equipment
makes segregation and/or reading of key and equipment impossible (in this
case the equipment shall be classified at the same level as the stored key);
e) unless justified in exceptional cases and approved by the sending DA, Crypto
Items shall not be transported in operational state (i.e. keyed);
f) if it is necessary that Crypto Items are transported in an operational state, unless
otherwise decided by the sending entity’s DA, the equipment shall be
classified at the highest level of the transported items.
2. There is no assurance of immunity from search by customs, police and/or immigration officials of countries whose borders are crossed. If officials enquire into the contents of the consignment, the courier certificate shall be presented to the senior customs, police and/or immigration official. This action should, in principle, be sufficient to allow the consignment to pass unopened. However, if it is insisted that the consignment is opened for inspection:
a) this shall be done in the presence of the senior official;
b) the opening of the consignment shall take place in an area out of sight of the
general public;
c) precautions shall be taken to show the relevant officials the minimum content
necessary;
d) repacking shall be done immediately upon completion of the examination; the
senior official shall be asked to provide evidence of the opening and
inspection of the consignment on the shipping documents;
e) the senior official shall also be requested to sign and re-seal the consignment.
3.4.4 Framework Transportation Plans
1. In the case that transportation of COMSEC Items between two entities is expected to be recurrent, a framework Transportation Plan may be established. The decision to establish a FTP shall be agreed by both sending and receiving DAs.
2. The process for establishing an FTP is the same as that for normal TPs.
3. Each time a movement relating to the FTP occurs, notification shall be sent by the sending entity to the DA concerned. The minimum content of the notification shall be:
a) reference to the FTP;
b) details of the sender and recipient;
c) courier details;
d) any other detail deemed necessary.
242
3.4.5 Transport of CCI
1. CCI shall be transported in a manner that affords appropriate protection in accordance with the applicable laws, rules or regulations of the sending Participant.
3.4.6 Record of Transfer
1. The transfer of COMSEC Items shall always be between COMSEC Accounts, and supported by a COMSEC Items Report.
2. As a general rule, such reports shall be unclassified; if necessary such reports shall be classified in accordance with the information contained in the report itself.
3. The Custodian or Alternate at the final destination is the only person authorised to open, verify and sign the receipt note of the packages containing COMSEC Items. The sending Custodian shall account for the item until the signed receipt has been received from the receiving Custodian.
4. For every package or envelope the receiving Custodian shall:
a) before opening the package, carry out an examination to identify any sign of
tampering or violation; and
b) make a thorough check of the content based on the related transfer report
(usually included in the consignment)
c) sign and return the receipt note, annotating any discrepancies, providing a copy
to its DA; and
d) raise a Security Incident if there is any evidence of tampering or discrepancy.
5. Any evidence of tampering or discrepancy shall be considered a Security Incident until confirmed otherwise by an investigation.
3.5 Destruction of COMSEC Items
1. Both the routine and emergency destruction of COMSEC Items shall be in accordance with the SecOps and national rules and regulations, taking into account the following:
a) destruction should normally be performed by the Custodian and or the Alternate
in the presence of a witness
b) the use of destruction equipment and methods shall be approved by the
Participant’s Security Authority.
2. The destruction of COMSEC Items shall be reported by way of a destruction report. A COMSEC Items Report shall be used for this purpose.
3.6 Physical Security
1. COMSEC Items shall be handled in such a way that unauthorised access is prevented, and to safeguard the confidentiality, integrity, availability, authenticity and non-repudiation properties of the COMSEC Items concerned.
243
3.6.1 No-Lone Zones
1. A No-Lone Zone is an area where no single person can have unescorted access. It requires the presence of at least two appropriately cleared and COMSEC authorised persons at all times.
2. Where it is possible for an individual to directly access red key material (information for which any modification can lead to the failure of the cryptographic service that uses it), the use of a No-Lone-Zone shall be considered and if applied, done in accordance with Participant’s laws, rules and/or regulations.
3.6.2 Physical Security during Use
1. All COMSEC Items shall be used in accordance with local rules determined by the local IA Authority and in compliance with their SecOps.
3.7 Security Incident handling
1. Any incident involving COMSEC Items shall be reported in accordance with the EDIDP PSI; in particular for COMSEC Items (COMSEC Incident), the COMSEC Items Custodian has to be notified, who shall follow the procedure established by his relevant DA, and provide the details listed in Annex 2, where applicable.
3.7.1 Security Breach
1. Any unusual fact or event that leads to a compromise or potential compromise of COMSEC Items represents a violation of communications security and is considered a security breach. This security breach could be:
a) “procedural”, in the case of non-compliance with the relevant security regulations
for safeguarding COMSEC Items; or
b) “operational”, when due to non-compliance with the SecOps, the applicable
procedures for the management and use of COMSEC Items, or the
malfunctioning of cryptographic equipment.
3.7.2 Compromise
1. Compromise denotes a situation when, due to a breach of security or adverse activity (such as espionage, acts of terrorism, sabotage or theft), COMSEC Items have lost their confidentiality, integrity, availability, authenticity or non-repudiation properties. This includes loss, disclosure to unauthorised individuals or parties, unauthorised modification or destruction, or a denial of service.
2. A compromise can be:
a) “physical”, when an unauthorised person gains access to COMSEC Items as a
result of loss, capture, theft, recovery after an accident, unauthorised access,
or any other material cause;
b) “cryptographic”, when an unauthorised person succeeds through theft or
cryptographic analysis to get information pertaining to, for example:
the cryptographic techniques used;
the “plain text” , or part of it, contained in the ciphered message; or
a key or part of a key.
244
3. In the event of an actual or possible compromise, there may be an obligation to report this matter to the Project Manager in accordance with the PSI of the Action.
245
Section 4 - Annexes
Important note: the templates provided in these sections are mostly unclassified when not
completed. It is the issuer’s responsibility to ensure that a document issued on the basis of the
template is classified in accordance with the information contained in it.
Annex 1 - Information Assurance Authorities / Distribution Authorities of Participants of the EDIDP
Action
Annex 2 - Security Incident Report
Annex 3 – Sample Certificate of COMSEC Authorisation
Annex 4 - EDIDP COMSEC Item Report
Annex 5 – Example of a COMSEC Authorisation Briefing
Annex 6 – Example of a COMSEC Authorisation Debriefing
246
Annex 1 - Information Assurance Authorities / Distribution Authorities of Participants of the EDIDP Action14
1. Austria
IA AUTHORITY DISTRIBUTION AUTHORITY
Austrian NDA
Bundeskanzleramt / Büro der Informationssicherheitskommission
Federal Chancellery / Federal Office for Information Security
Ballhausplatz 2
1014 Wien
Österreich
Care of:
Mr. Alfred GRABNER, Crypto-Custodian
Telephone: +43 1 53115 202791
E-mail: [email protected]
2. Belgium
IA AUTHORITY DISTRIBUTION AUTHORITY
Care of Cdt Serge Del Calzo: E-mail: [email protected] Quartier S/Lt Vilain Rue Brisee 309
7020 Nimy
Telephone: +32 65 22 15 10
E-mail: [email protected]
3. Bulgaria
IA AUTHORITY DISTRIBUTION AUTHORITY
State Agency for National Security
45 Cherni Vrah Blvd.
1407 Sofia
Bulgaria
State Agency for National Security
45 Cherni Vrah Blvd.
1407 Sofia
Bulgaria
14 When drafting the specific PSI for the Action, this list should be adapted by leaving in it only the entries relating to Participants of that particular Action.
247
Fax: +359 2 9632 188; +359 2 8147 441
E-mail: [email protected]
State Commission on Information Security
Cherkovna street 90
1505 Sofia
Bulgaria
Telephone: +359 2 9333 600
Fax: 359 2 9873 750
E-mail: [email protected]
Fax: +359 2 9632 188; +359 2 8147 441
E-mail: [email protected]
Permanent Representation of Bulgaria
Square Marie-Louise 49
1000 Bruxelles
Belgium
4. Croatia
IA AUTHORITY DISTRIBUTION AUTHORITY
Care of Assistant Director Ms. Iva Jeličić
Croatian NDA
Fra Filipa Grabovca 3
10000 Zagreb, Croatia
E-mail: [email protected]
5. Cyprus
IA AUTHORITY DISTRIBUTION AUTHORITY
Cyprus National Guard General Staff
Ministry of Defence
172-174, Strovolos Avenue, 2048 Strovolos,
Nicosia
Tel: +357 22417757
E-mail: [email protected]
Crypto Distribution Authority
Ministry of Foreign Affairs
Presidential Palace Avenue, 1447, Nicosia
Telephone: +357 22651001
E-mail: [email protected]
6. Czech Republic
IA AUTHORITY DISTRIBUTION AUTHORITY
Mr. Luděk Havel NCISA – NA Popelce 2/16
PO Box 14
248
150 06 Praha 56
7020 Nimy
Telephone: +420 257 283 205
Email: [email protected]
7. Denmark
IA AUTHORITY DISTRIBUTION AUTHORITY
Norvangen 23
PO Box 295
4220 Korsoer
Telephone: +45 58 30 84 90
Email: [email protected]
Care of Finn Larsen ([email protected])
Telephone: +45 7257 4636
8. Estonia
IA AUTHORITY DISTRIBUTION AUTHORITY
NDA Estonia
Estonian Foreign Intelligence Service
Rahumäe tee 4B
11316 Tallinn, Estonia
COMSEC Manager: Mr. Marek Lehtsalu
Telephone: +372 693 5084
E-mail: [email protected]
9. Finland
IA AUTHORITY DISTRIBUTION AUTHORITY
National Cyber Security Centre Finland (NCSC-FI) / National Communications Security Authority Finland (NCSA-FI) Finnish Transport and Communications Agency Traficom
Visiting address: Dynamicum, Erik Palménin aukio 1, Helsinki, Finland
Postal address: P.O. Box 313, FI-00059
National Cyber Security Centre Finland (NCSC-FI) / National Distribution Authority Finland (NDA-FI) Finnish Transport and Communications Agency Traficom
Visiting address: Dynamicum, Erik Palménin aukio 1, Helsinki, Finland
Postal address: P.O. Box 313, FI-00059
249
TRAFICOM
E-mail: [email protected]
TRAFICOM
Care of Mr. Seppo Piiroinen Telephone: +358 40 763 8848
E-mail: [email protected]
10. France
IA AUTHORITY
Monsieur le Directeur Général de l’Agence Nationale de la Sécurité des Systèmes d’Information
SGDSN/ANSSI
51, boulevard de la Tour-Maubourg
75700 Paris SP 07, France
DISTRIBUTION AUTHORITY
(INDUSTRY)
Crypto-Custodian name: OR9 ADC Maryse VOGT
Crypto Custodian telephone: +33 1 34936233
Alternate Crypto-Custodians : OR8 ADJ François BONVENTRE, OR7 MT Caroline SPARFEL, OR7 SGC Florian SAINTIER
Alternate Crypto-Custodian telephones: +33 1 34936325;+33 1 34936321; +33 1 34936730
Postal Address:
National Distribution Agency - Site de Maisons-Laffitte
Base des Loges
8 Avenue du Président Kennedy - BP 40202
78102 SAINT GERMAIN EN LAYE CEDEX
Material Delivery Address:
National Distribution Agency France
QUARTIER GALLIENI
Rue de la Muette
78 600 MAISONS-LAFFITTE
E-mail: [email protected]
250
For any other COMSEC Items, refer to the French IA Authority.
11. Germany
IA AUTHORITY DISTRIBUTION AUTHORITY
Federal Ministry of the Interior
Referat ÖS III5 – NSA
Alt-Moabit 140
10557 Berlin
Germany
Telephone: +49 30 18 681 11593
FAX: +49 30 18 681 51593
E-mail: [email protected]
Bundesamt für Sicherheit in der Informationstechnik (BSI) Federal Office for Information Security Referat/Section KT16 Postfach 20 03 63 53133 Bonn Germany Email: [email protected]
See note below
Note: Until further notice, Transportation Plans for EDIDP COMSEC/CRYPTO Items should be submitted to the German NSA.
12. Greece
IA AUTHORITY DISTRIBUTION AUTHORITY
HNDGS Bldg 18359 Mesogion Avenue
APO GR 1020 Cholargos
1020 Athens
Telephone: +30 21 0657 6132
Permanent Representation of Greece to the European Union
Rue Jacques de Lalaing 19–21
1040 Bruxelles
Belgique
251
13. Hungary
IA AUTHORITY DISTRIBUTION AUTHORITY
47 BEM Rakpart
1027 Budapest
Telephone: +361 458 1466
Permanent Representation of Hungary
Department of Security
Mr. György FEKETE, InfoSec Officer
92-98, Rue de Treves, 1040 Brussels
Fekete György - BEU
Email: [email protected]
14. Ireland
IA AUTHORITY DISTRIBUTION AUTHORITY
National Security Authority Ireland
Department of Foreign Affairs and Trade
76-78 Harcourt Street
Dublin 2
D02 DX45
Telephone: +353 1 408 2724
E-mail: [email protected]
15. Italy
IA AUTHORITY DISTRIBUTION AUTHORITY
Mr. Santi Irrera Presidenza del Consiglio dei Ministri Polo Tecnologico –NDA Via della Pineta Sacchetti 216
00168 Rome
Telephone: +39 06 22 52 594
E-mail: [email protected]
252
16. Latvia
IA AUTHORITY DISTRIBUTION AUTHORITY
Mr. Marcis Lipkins
NDA Latvia
Miera street 85A
LV - 1013 Riga
Telephone: +371 670 25 396
E-mail: [email protected]
17. Lithuania
IA AUTHORITY DISTRIBUTION AUTHORITY
Gedimino Avenue 40/1
Room 313
01110 Vilnius
Telephone: +370 5 266 3048
Permanent Representation of Lithuania
Rue Belliard 41-43
1040 Bruxelles
Belgique
18. Luxembourg
IA AUTHORITY DISTRIBUTION AUTHORITY
BP 11
L-6905 Nierdanven
Telephone: +352 24787124
Mr. Pascal THIES
Crypto Custodian, NDA LU
Centre de Communications du Gouvernement
NDA LUXEMBOURG
Château de et à SENNINGEN
50, rue du Château
253
L-6961 SENNINGEN
Luxembourg
Telephone: +352 24787124
E-mail: [email protected]
19. Malta
IA AUTHORITY DISTRIBUTION AUTHORITY
NSA Infosec
PO Box 146
Valetta
E-mail: [email protected]
20. Netherlands
IA AUTHORITY DISTRIBUTION AUTHORITY
Care of Mr. Alex Okkerse
Netherlands National Distribution Authority (NDA NL)
Europaweg 4
2711 AH Zoetermeer
PO Box 20010
2500 EA The Hague
Telephone: +31 79 320 5114
Fax: +31 79 320 5238
E-mail: [email protected]
21. Poland
IA AUTHORITY DISTRIBUTION AUTHORITY
Mr. Michał SIEMIĄTKOWSKI or Mr Andrzej MACIĄG
Internal Security Agency
Ul. Rakowiecka 2A
00-993 Warsaw
Telephone: +48 22 5858822; +48 22 5859722
E-mail: [email protected]
254
22. Portugal
IA AUTHORITY DISTRIBUTION AUTHORITY
Rua da Jujquira 69
1300-342 Lisboa
Telephone: +351 2111 25474/5
Email: [email protected]
23. Romania
IA AUTHORITY DISTRIBUTION AUTHORITY
Ms. Cristina Spatarelu
RO NSA
NDA Romania
Street Mures nr 4 Sector 1
Orniss – RO NSA
012275 Bucharest
Telephone: +40 21 2075 141
E-mail: [email protected]
24. Slovakia
IA AUTHORITY DISTRIBUTION AUTHORITY
National Security Authority
Budatinska 30
851 06 Bratislava
Telephone: +421 2 6869 1111
Fax: +421 2 6869 1700
E-mail: [email protected]
NDA Slovakia
National Security Authority
Budatinska 30
851 06 Bratislava
Telephone: +421 2 6869 1111
Fax: +421 2 6869 1700
E-mail: [email protected] and
255
25. Slovenia
IA AUTHORITY DISTRIBUTION AUTHORITY
NDA
Government Office for the Protection of Classified Information (SI NSA)
Gregorciceva 27
SI-1000 Ljubljana, Slovenia
Head of NDA: Mr. Miran Skobe
Telephone: +386 1 4781390/94
Fax: +386 1 4781399
E-mail: [email protected] and [email protected]
26. Spain
IA AUTHORITY DISTRIBUTION AUTHORITY
Centro Criptológico Nacional (CCN)
C/ Argentona, 30
28023 Madrid - España (SPAIN)
Telephone: +34 91 3726664; +34 91 3726743
Fax: +34 91 3725848
E-mail: [email protected];
Agencia Nacional de Distribución NDA ESP
Centro de Sistemas y Tecnologías de la Información y las Comunicaciones CESTIC
Pº de la Castellana, 109
28071 Madrid - España (SPAIN)
Telephone: +34 91 3955486; +34 913955400
Fax: +34 91 3955147
E-mail: [email protected]
27. Sweden
IA AUTHORITY DISTRIBUTION AUTHORITY
SWE NCSA/CAA
Military Intelligence and Security Agency
Swedish Armed Forces HQ
S - 107 85 Stockholm
Telephone: +46 8 788 75 00
Fax: +46 8 788 78 97
E-mail: [email protected]
SWE CDA/NDA
Military Intelligence and Security Agency
Swedish Armed Forces HQ
Must Säkk Säkt NF
S - 107 85 Stockholm
Telephone: +46 8 788 75 00
Fax: +46 8 788 78 97
256
E-mail: [email protected]
28. United Kingdom
IA AUTHORITY DISTRIBUTION AUTHORITY
CESG CINRAS
CESG
Hubble Road
Cheltenham
Gloucestershire
GL51 0EX
United Kingdom
Telephone: +44 1242 221491 ext 31873
E-mail: [email protected]
CESG NDA
A1-D7-4
CESG
Hubble Road
Cheltenham
Gloucestershire
GL51 0EX
United Kingdom
Telephone: +44 1242 221491 ext 32039
Fax: +44 1242 709151
E-mail: [email protected]
29. European Commission
IA AUTHORITY DISTRIBUTION AUTHORITY
Mr. Nicolas Dubois Head of Sector HR.DS.3.001 European Commission BERL 03/253 Berlaymont Rue de la Loi, 200 1040 Brussels Belgium E-mail: [email protected]
30. European Defence Agency (EDA)
IA AUTHORITY DISTRIBUTION AUTHORITY
(to be completed, if needed) (to be completed, if needed)
31. Organisation for Joint Armament Co-operation (OCCAR)
IA AUTHORITY DISTRIBUTION AUTHORITY
(to be completed, if needed) (to be completed, if needed)
257
Annex 2 - Security Incident Report
The following serves as an example of the categories of information that may need to be included in a Security Incident Report
SUBJECT The subject of the report will consist of the words "COMSEC Compromise” only.
REFERENCES Identify the reporting requirement or previous related messages.
SECTION 1: COMSEC Account
Provide the number of the COMSEC account concerned.
SECTION 2: Material involved
(4) For hard copy keying material, hard copy key that has been converted to electronic form, and documents, list: the short title; edition; register or other accounting number, specific segments, tables, pages, etc., if not a complete edition or document; date stamped on the protective technology, if available; and the controlling authority for each short title. (5) For all other key in electronic form, list: the short title, key designator, tag, or other identifier, circuit designator; type of crypto equipment used to secure the circuit. (6) For equipment, list: the system designator or nomenclature; modification number, if applicable; serial number of material; serial number on the protective technology, if available; and the associated or host equipment. If the equipment was keyed, also provide the information required for keying material.
SECTION 3: Personnel involved
For Personnel Compromise only: for each individual involved, provide name, rank/grade, duty position, citizenship and the level of security clearance.
For all other COMSEC compromises: provide only the duty position, level of security clearance (if known), citizenship of the individual involved.
SECTION 4:
Circumstances of Incident
Give a chronological account of the events that caused the incident with enough detail to give a clear picture of how the incident occurred. The chronology must include all relevant dates, times of day, frequency of events, precise locations and organizational elements involved. If the reason for the incident is not known, describe the events that led to the discovery of the incident. Include a description of the security measures in effects at the location and estimate the possibility that unauthorized personnel had access to the material.
SECTION 5:
Possibility of Compromise
Provide an opinion as to the possibility of compromise and the basis for the opinion. Use one of the following terms:
4. Compromise. The material was irretrievably lost or available information clearly proves that the material was made available to an unauthorized person. 5. Compromise cannot be excluded. Available information indicates that the material could have been made available to an unauthorized person, but there was no clear proof that it was made available. 6. No compromise. Available information clearly proves that the material was not made available to an unauthorized person.
SECTION 6: Additional reporting requirements when the incident involved:
258
a. Incorrect use of COMSEC keying material or Use of unapproved operating procedures
(4) Describe the communications activity (e.g. on-line/off-line, point-to-point/netted operation, etc) and the operating mode of the COMSEC equipment. (5) Estimate the amount and type of traffic involved (6) Estimate the length of time the key was used.
b. Use of malfunctioning COMSEC equipment
(5) Describe the symptoms of the malfunction (6) Estimate the likelihood that the malfunction was deliberately induced. If so, see item d. (7) Estimate how long the malfunctioning equipment was in use (8) Estimate the amount and type of traffic involved
c. Unauthorized modification or maintenance of COMSEC equipment
or discovery of a clandestine electronic surveillance or recording device in or near a COMSEC facility
(5) Describe the modification or device, installation, symptoms, host equipment involved, and protective technology, if applicable. (6) Estimate how long the item may have been in place. (7) Estimate the amount and type of traffic involved (8) Identify the counterintelligence organization notified, if applicable. Include a point of contact and telephone number at the counterintelligence organization.
d. Known or suspected defection, espionage, attempted recruitment, unauthorized absence, sabotage, capture, hostile cognizant agent activity, or treason
(3) Describe the individual's general background in COMSEC and the extent of knowledge of crypto principles and protective technologies. (4) List the crypto systems to which the individual had current access and whether the access was to keying material. State whether the individual had access to the cryptographic logic/parameters or access to full or limited maintenance manuals; for keying material, list the short titles and editions involved.
e. Unauthorized access to COMSEC material
(4) Estimate how long unauthorized personnel had access to the material. (5) State whether espionage is suspected. If so, see item d. (6) Identify the counterintelligence organization notified. Provide a point of contact and telephone number at the counterintelligence organization.
f. Loss of COMSEC material
(1) Describe the circumstances of last sighting; provide any available information concerning the cause of disappearance.
(5) Describe the actions taken to locate the material. (6) Estimate the possibility that material may have been removed by authorized or unauthorized persons. (7) Describe the methods of disposal of classified and unclassified waste and the possibility of loss by those methods
g. COMSEC material discovered outside of required COMSEC control or accountability
(4) Describe the action that caused accountability or physical control to be lost (if known) and restored. (5) Estimate the likelihood of unauthorized access. (6) Estimate the length of time the material was unsecured.
259
h. COMSEC material received with a damaged inner wrapper
(6) Give a complete description of the damage (7) When the damage occurred in transit, identify the means of transmittal. Include the package number and point of origin. (8) When the damage occurred in storage, describe how the material was stored. (9) Estimate the likelihood of unauthorized access or viewing. (10) Ensure all packaging containers, wrappers etc., are retained until destruction is authorized.
i. Known or suspected tampering with COMSEC equipment or penetration of protective technology
(6) Describe the evidence of tampering or penetration (7) When the suspected tampering or penetration occurred in transit, identify the means of transmittal. Include the package number or point of origin. (8) When the suspected tampering or penetration occurred in storage, describe how the material was stored. (9) Identify the counterintelligence organization notified. Provide a point of contact and telephone number at the counterintelligence organization. (10) Identify the date stamped on the protective technology, or serial number on the protective technology, as applicable.
j. Unauthorized photography or reproduction
(6) Identify the material or equipment that was reproduced or photographed. (7) Provide the reason for the reproduction and describe how the material was controlled. (8) Specify detail contained in the photographs of the inside of the equipment. (9) State whether espionage is suspected. If so, see item d. (10) If the incident is evaluated as "compromise" or "compromise cannot be excluded" forward a copy of each photograph or reproduction to the IA Authority.
k. Aircraft crash
(7) Identify the location of the crash (including coordinates), and specify whether the crash occurred in friendly or unfriendly territory. If the aircraft crashed at sea, see item l. (8) State whether the aircraft remained largely intact or if wreckage was scattered over a large area. Estimate the size of the area. (9) State whether the area was secured. If so, indicate how soon after the crash and by whom. (10) Provide the coordinates (when available) or the approximate distance and direction from the shore. (11) Estimate the depth of the water. (12) State whether material was in weighted containers or was observed to sink.
l. Material lost at sea
(1) Estimate the sea state, tidal tendency, and the most probable landfall.
(2)State whether salvage efforts were made or are anticipated.
(3)State whether foreign vessels were in the immediate area and their registry, if known.
(4)Estimate the possibility of unsuccessful salvage operations by unfriendly nations.
SECTION 7:
Point of Contact
Include the name and telephone number of an individual who is prepared to respond to questions from the evaluating authority.
260
Annex 3 – Sample Certificate of COMSEC Authorisation
PART I - BRIEFING
1. NAME
2. POSITION
3. LEVEL OF PERSONNEL SECURITY CLEARANCE
4. EXPIRATION DATE OF PERSONNEL SECURITY CLEARANCE
5. LEVEL OF SECURITY CLASSIFICATION OF CRYPTO INFORMATION FOR WHICH ACCESS IS AUTHORIZED
6. BRIEFING CERTIFICATE
I, hereby certify that I have received a briefing on COMSEC security, provided
to me by __________________________________________________________
on the date of ___ / ___ / 20___.
I understand that the safeguarding of COMSEC Items is of the utmost importance and
that the loss or compromise of COMSEC Items could lead to irreparable damage to
the EDIDP security.
I have been instructed in the security relations concerning the disclosure of
information pertaining to the EDIDP cryptosystems.
I understand the instructions provided to me, which govern the control and
safeguarding of the COMSEC Items to which I have been granted access.
7. SIGNATURE OF THE INDIVIDUAL
8. SIGNATURE OF THE COMSEC OFFICER
DATE DATE PART II - DEBRIEFING
DEBRIEFING CERTIFICATE I, _______________________________________ hereby certify that I have received a
debriefing on relinquishing my appointment.
I understand the importance of EDIDP security and of the necessity to continue
safeguarding EDIDP COMSEC Items and I commit myself to not disclose EDIDP
information I had access to.
9. SIGNATURE OF THE INDIVIDUAL
10. SIGNATURE OF THE COMSEC OFFICER
DATE DATE
261
When unfilled, the template is unclassified.
Once completed it, must be classified accordingly
Annex 4 - EDIDP COMSEC Item Report
FROM: DATE NUMBER
TYPE OF REPORT
TRANSFER HAND RECEIPT
DESTRUCTION INVENTORY
NOTIFICATION – POSSESSION TO:
SHORT TITLE QUANTITY FIRST COPY
NUMBER
LAST COPY NUMBER REMARKS
Nothing accountable below this line
return this copy to
originator
this copy to be
retained for addressee’s file
Transferring Custodian Receiving/witnessing Custodian
Signature:
Name:
Tel.:
Date:
Signature: Name: Tel.: Date:
262
Annex 5 – Example of a COMSEC Authorisation Briefing
1. INTRODUCTION You have been selected to perform duties that require access to cryptographic information. It is essential that you are made aware of certain facts and responsibilities before such access is granted. This briefing provides you with the background on the special safeguards necessary for protecting crypto material and on the damage that can occur from disclosure of this material to unauthorised persons. Personnel requiring crypto-authorisation shall have an up-to-date certificate of security clearance appropriate to the classification level of information to which they need access.
2. NEED-TO-KNOW Knowledge of cryptosystems is confined to individuals with a “need-to-know”. No disclosure of information relating to such cryptosystems is to be made to individuals or authorities not authorised to receive such information.
3. SPECIAL HANDLING MARKINGS The need-to-know principle is reinforced by use of special handling markings in addition to security classifications. This indicates access is limited to authorised individuals. Accountable crypto or COMSEC material bears the marking "CRYPTO" and/or "CCI". COMSEC Items marked “CCI” are UNCLASSIFIED. COMSEC Items marked “CRYPTO” are CLASSIFIED.
4. RESPONSIBILITIES Any individual who has CRYPTO material in his possession is directly responsible for its safekeeping and must ensure that anyone to whom he passes the material is authorised to receive it. He is responsible for following security rules at all times and for reporting any circumstances, occurrences, intentional or unintentional acts which could lead to the disclosure of classified cryptographic information or material to unauthorised individuals.
5. SENSITIVITY OF KEYING MATERIAL All keying material, regardless of its security classification level must be afforded the most stringent protection throughout its existence from the time it is produced until it is superseded and destroyed. When protecting operational information, all keying material will bear the marking "CRYPTO" to indicate its unique sensitivity. Keying material bearing the "CRYPTO" marking is subject to specific controls governing distribution, transmission, accounting, issue, usage, disposal, and destruction in accordance with the instructions contained in the present instruction. These controls are designed to ensure that access to keying material is strictly limited to individuals having a need-to-know and holding an appropriate certificate of security clearance.
6. PHYSICAL SECURITY Safeguarding crypto material from unauthorised access or physical loss is required to ensure the security of classified communications. Any knowledge or suspicion that crypto material has been lost or possibly compromised, or that cryptographic information has become known to unauthorised persons, shall be immediately reported. If a compromise is disclosed, prompt action can be taken to limit the amount of damage. If the compromise is undisclosed, the users assume their security is unimpaired, and continue to pass classified information to an
263
adversary. It is for these reasons that prompt reporting of any suspicious incidents is critical to operational security.
7. After this briefing, you will sign a copy of the Certificate of COMSEC-Authorisation Form stating that you have understood this briefing and are aware of the damage resulting from disclosure of cryptographic information to any unauthorised person. This form authorises you access to cryptographic information. It does not entitle you to access cryptographic information for which you have no need-to-know, nor does it entitle you entry to a crypto facility unless your duties require your presence.
264
Annex 6 – Example of a COMSEC Authorisation Debriefing
1. You no longer have a need for access to cryptographic information. During the period that you have had access, you were warned through briefings and training that information you had become aware of through access to CRYPTO material, must never under any circumstances be divulged to unauthorised persons.
2. You are reminded that items bearing the special category designator CRYPTO are especially sensitive because they are used to protect other EDIDP classified information from unauthorized access. If the integrity of a cryptographic system is compromised at any time during its existence, all EDIDP classified information protected by that system, throughout its in-service life, may be compromised.
3. Therefore strict application of the need-to-know principle remains essential, even though you now no longer have a requirement to access CRYPTO material.
4. Regardless of the fact that you are being de-briefed and no longer have a need to access to CRYPTO material you must immediately report to your IA Authority any COMSEC incident of which you become aware. It will be your IA Authority's responsibility to ensure that the appropriate EDIDP authority is quickly informed.
5. You are to sign Part 2 of the Certificate of COMSEC-Authorisation Form, which states that you have understood the debriefing and that the personal details on the certificate are correct. A copy of the Certificate of COMSEC-Authorisation Form, recording your briefing and debriefing, will be retained by the CRYPTO Custodian.