TEMPEST Level I
The National Security Agency (NSA) Certified TEMPEST Products List (CTPL) Level I is a list of commercially developed and produced TEMPEST telecommunications equipment which NSA has certified, under the auspices of the NSA Certified TEMPEST Products Program (CTPP), for use by Government entities and their contractors to process classified U.S. Government information. NSA certification is a statement that the company has successfully demonstrated to NSA that its product complies with the requirements of the National TEMPEST Standard, NSTISSAM TEMPEST/1-92, Compromising Emanations Laboratory Test Standard, Electromagnetics, dated 15 December 1992, and that the company has in place applies to the product, the manufacturing capability and product assurance controls necessary to ensure the continued TEMPEST integrity of the product subsequent to certification. In contrast to the accreditation process, which relied almost exclusively on private industry-certified TEMPEST professionals to determine product compliance with NACSIM 5100A, the CTPP certification process requires significant and active involvement by NSA technical resources in the evaluation and post certification product assurance inspection processes.
WARNINGS AND CAVEATS FOR LEVEL I:
NSA certification and placement of a product on the CTPL (Level I) does not occur until the Agency determines that a company has satisfied all CTPP requirements, including but not limited to, company submission and NSA approval of a process assessment, which includes an evaluation of the company manufacturing process; company submission and NSA approval of a product specific proposal; company submission and NSA approval of the test plan; company execution of the test plan on a production unit; and company submission of the test report, critical features list, and configuration baseline list.
In an effort to assist U.S. Government buyers and users with their procurement and budget planning, the Agency has created a Potential Certified TEMPEST Product List (PCTPL). Companies are eligible to have their products included on this list upon satisfying preliminary CTPP requirements toward product certification, i.e., company submission and agency approval of the process assessment and acceptance of the product test plan. Users are warned that inclusion upon this list does not in any way imply that the product will, in fact, receive certification. It merely evidences that the company has expressed intent to obtain certification of their product in accordance with the Technical and Security Requirements Document (TSRD).
Date Posted: Sep 25, 2014 | Last Modified: Sep 25, 2014 | Last Reviewed: Sep 25, 2014