TEMPEST Level 2
The National Security Agency (NSA) Certified TEMPEST Products List (CTPL) Level II is a list of commercially developed and produced TEMPEST telecommunications equipment which NSA has certified, under the auspices of the NSA Certified TEMPEST Products Program (CTPP), for use by Government entities and their contractors to process classified U.S. Government information. NSA certification is a statement that the company has successfully demonstrated to NSA that its product complies with the requirements of the National TEMPEST Standard, NSTISSAM TEMPEST/1-92, Compromising Emanations Laboratory Test Standard, Electromagnetics, dated 15 December 1992, and that the company has in place and applies to the product the manufacturing capability and product assurance controls necessary to ensure the continued TEMPEST integrity of the product subsequent to certification. In contrast to the PPL accreditation process, which relied almost exclusively on private industry-certified TEMPEST professionals to determine product compliance with NACSIM 5100A, the CTPP certification process requires significant and active involvement by NSA technical resources in the evaluation and post certification product assurance inspection processes.
WARNINGS AND CAVEATS FOR LEVEL II:
EXPORT CONTROL NOTE: TEMPEST equipment falls under the licensing jurisdiction of the Department of State, Category XI (C), Title 22 of Federal Regulations, Section 121.
The equipment on the CTPL is listed by the name of the company which manufactured the TEMPEST version of the product and not by the Original Equipment Manufacturer (OEM).
NSA certification and placement of a product on the CTPL (Level II) does not occur until the Agency determines that a company has satisfied all CTPP requirements, including but not limited to, company submission and NSA approval of a process assessment, which includes an evaluation of the company manufacturing process; company submission and NSA approval of a product specific proposal; company submission and NSA approval of the test plan; company execution of the test plan on a production unit; and company submission of the test report, critical features list, and configuration baseline list.
In an effort to assist U.S. Government buyers and users with their procurement and budget planning, the Agency has created a Potential Certified TEMPEST Products List (PCTPL). Companies are eligible to have their products included on this list upon satisfying preliminary CTPP requirements toward product certification, i.e., company submission and agency approval of the process assessment and acceptance of the product test plan. Users are warned that inclusion upon this list does not in any way imply that the product will, in fact, receive certification. It merely evidences that the company has expressed intent to obtain certification of their product in accordance with the Technical and Security Requirements Document (TSRD).
Date Posted: Jan 15, 2009 | Last Modified: Jun 11, 2009 | Last Reviewed: Jun 11, 2009