TEMPEST Equipment Selection Process

BACKGROUND

The traditional approach for TEMPEST product approval provides for government supervision of evaluations to include testing oversight and technical reviews of both the TEMPEST test plans and test reports produced by a nation’s TEMPEST evaluation personnel. NATO agreed on a scheme in 1981 to have vendors offer approved TEMPEST products for sale to NATO and NATO member nations. Rapid functional improvements in IT products results in continuous requirements for TEMPEST compliant versions of these improved products.

The time required to modify and qualify products to the requirements under the MCM-SYG-26-81 process became a significant fraction of the product’s sales life. To decrease the time required to make commercial off-the-shelf (COTS) IT products available in a modified version that meets the reference d, Level A or Level B requirements, a National TEMPEST Authority (NTA) must place more responsibility on their certified vendors. It is appropriate that NATO adopt new procedures that will allow TEMPEST product vendors to rapidly qualify their new TEMPEST products and provide NATO with the latest in technology.

The Technical and Implementation Directive on Emission Security (AC/322-D(2007)0036) offers the facility Accreditation Authority several TEMPEST countermeasure alternatives based upon the information being processed and the physical configuration of the facility. In some cases the use of equipment approved to meet the Level A or Level B requirements of reference d, will be the optimum solution for a specific facility. For other facilities the use of equipment that is tested to meet specific zone requirements, as noted in reference c, may offer operational advantages. The use of shielded enclosures within facilities is a third countermeasure option also discussed in AC/322-D(20070036.

This process focuses primarily on qualifying and controlling products to meet the requirements of Level A and Level B. Products are not generally qualified to the Level C requirements as a large percentage of Commercial Off The Shelf (COTS) Information Technology (IT) products conform to the Level C requirements without modifications. However, COTS equipment that meets Level C requirements must be managed. Level C products are more appropriate for qualification using the SDIP-28 zoning procedures and quality guidance. 

This publication applies to all entities that are involved in the certification processes for TEMPEST vendors. It is also applicable to those NATO Nations, Commands and Agencies that use information technology (IT) products in communications and information systems (CIS) to process, store or transmit NATO information that is classified NATO CONFIDENTIAL or above in accordance with the requirements of reference c below. NATO Nations, Commands and Agencies are encouraged to use the NIAPC to identify the responsible NTA as well as certified vendors that can produce products that meet the appropriate reference c emission requirements.

CERTIFIED VENDORS

The NTA shall establish a Certified Vendor Program designed to reduce the time required to modify and deliver certified TEMPEST products based on the latest commercial-off the-shelf (COTS) IT equipment. A certified vendor program should produce modified versions of critically needed products in less time than that required for a traditional government reviewed program. The NTA shall address all of the qualification and control components described below when developing national processes. 

 The NTA shall develop a process that customers can use to verify the TEMPEST status of a product. This could be accomplished with an official product letter, product listing on an NTA website, or other official NTA product accreditation. The NTA determines which TEMPEST products from a certified vendor are available to NATO.

This does not mean NTA management of vendors at the product level, but simply oversight at the product level. While the vendors are responsible for following their processes, the NTA is responsible for determining the requirements, and ensuring the vendor’s processes meet those requirements.

The NTA shall perform at least biennial audits of certified vendors to ensure continued compliance with national processes. The NTA shall develop vendor suspension/termination processes to address vendor compliance failures. The vendor shall submit a certification report to the NTA that demonstrates the evaluation facility is compliant with the technical requirements specified in reference d. Each NTA is encouraged to fully document their Certified Vendor Program and share these processes with other interested parties such as a NTA. SECAN can facilitate this exchange of information.

Vendors shall have an up to date NATO SECRET facility clearance. Additionally, nations agree to limit sales of Level A and Level B products to NATO, NATO member Nations and selected Allies for government use only. The NTA shall ensure this requirement is adhered to by vendors. 

The NTA shall verify that the evaluation facilities used to qualify products are certified, at a minimum, based upon submitted Certification Reports demonstrating the compliance of the facility to the technical requirements specified in SDIP 27/1. To ensure quality the QA process should meet the requirements of an internationally recognized standard, such as ISO 17025, or a national equivalent as agreed by the NTA. Following initial certification, at least biennial audits shall be conducted by the NTA to ensure the required documentation is being archived and the quality control processes are correctly executed. The NTA shall also verify that the personnel performing qualification testing and developing documentation have the appropriate experience, training, and credentials.

Each NTA is encouraged to archive vendor qualification documentation as well as product test reports and configuration management documentation for products sold to NATO. SECAN or their authorized representative shall provide technical oversight of national Certified Vendor programs to ensure the NTA has access to the training and testing resources needed to support product conformance. 

In order for a TEMPEST certified vendor to be listed on the NIAPC, the responsible NTA must forward a certificate of compliance to SECAN and the NCI Agency Cyber Security Service Line. This certification must include the name, location(s) and contact information for the certified vendor. This certification must also include contact information for the responsible NTA. This information will be included with the listing.

The responsible NTA shall forward vendor developed documentation that addresses the NIAPC Certified Vendor Questionnaire included as Appendix A. Proprietary information in this documentation shall be identified as such, and shall be treated accordingly by the NCI Agency Cyber Security Service Line. This documentation only needs to be updated if there is significant change to the information provided, such as contact details, ownership, or location(s) change. 

LIFE CYCLE SUPPORT

One critical element of quality control is the product’s configuration management. Any changes to product components that may contribute to a product’s failure to comply with the Level A or Level B requirements shall mandate appropriate retesting to confirm the continued compliance with the requirements. The NTA is responsible for ensuring that vendors adopt a quality assurance process that delivers TEMPEST products which will continue to meet the emanation limits of either the Level A or Level B requirements as originally certified under their national process.

When qualified equipment are serviced there shall be a documented quality control process established and approved by the NTA that specifies how the service personnel confirm the equipment continues to meet the certified emanations limits. These quality control processes, as agreed by the appropriate NTA or NATO authority, shall provide records of when and who provided any required maintenance on certified products.

Production tests shall be performed, as identified by the NTA approved quality assurance (QA) process, to confirm the production products meet the reference d, Level A or Level B requirement as documented during the prototype or initial production unit evaluations. There are many quality assurance process variations that can ensure the provision of quality TEMPEST products for NATO and the NATO member nations. To ensure quality, the QA process should meet the requirements of an internationally recognized standard such as ISO 9001, or a nationally recognized equivalent, as agreed by the NTA. If technical questions arise, the NTA is encouraged to liaise with SECAN for their resolution.

NATO authorities are encouraged to perform spot checks of TEMPEST qualified equipment used in critical facilities. If conformance issues arise in regards to a certified equipment not meeting either the Level A or Level B requirements the responsible vendor performs any remedial work required for the equipment to meet the requirements to which is was certified. SECAN and NITC will work with the NTA to support the resolution of any technical issues. SECAN shall provide technical oversight to ensure the quality of TEMPEST certified products is maintained. 

REFERENCES

a. AC/322-D/0062, INFOSEC Product, Protection Profile and Package ListDirective, dated 16 July, 2002

b. C-M(2002)49, NATO Security Policy, dated 17 June, 2002 (including Corrigenda)

c. AC/322-D/(2007)0036, INFOSEC Technical and Implementation Directive on Emission Security, dated 12 July, 2007

d. SECAN  and Information Publication (SDIP) – 27/1, NATO TEMPEST Requirements and Evaluation Procedures, dated December 2009

e. SECAN Doctrine and Information Publication (SDIP) – 28/1, NATO Zoning Procedures, dated December 2009  

Application Form

In order for vendors to be considered for inclusion in the NIAPC TEMPEST (Emission Security) category, the following form needs to be completed and submitted to the NATO Information Assurance Product Catalogue:

Please enter a search term !