Skip Information Assurance Menus
Information Assurance Menu
The National Security Agency (NSA) Certified TEMPEST Products List (CTPL) Level II is a list of commercially developed and produced TEMPEST telecommunications equipment which NSA has certified, under the auspices of the NSA Certified TEMPEST Products Program (CTPP), for use by Government entities and their contractors to process classified U.S. Government information. NSA certification is a statement that the company has successfully demonstrated to NSA that its product complies with the requirements of the National TEMPEST Standard, NSTISSAM TEMPEST/1-92, Compromising Emanations Laboratory Test Standard, Electromagnetics, dated 15 December 1992, and that the company has in place and applies to the product the manufacturing capability and product assurance controls necessary to ensure the continued TEMPEST integrity of the product subsequent to certification. In contrast to the PPL accreditation process, which relied almost exclusively on private industry-certified TEMPEST professionals to determine product compliance with NACSIM 5100A, the CTPP certification process requires significant and active involvement by NSA technical resources in the evaluation and post certification product assurance inspection processes.
WARNINGS AND CAVEATS FOR LEVEL II:
- NSA does not make, by virtue of its certification, any warranty or representation, regarding the efficacy or fitness for use of the products contained in the CTPL.
- NSA certification is limited to the specific product, manufacturer, and configuration of the product delineated on the CTPL. Users of equipment are cautioned that similar products of other manufacturers or equipment deviating from the CTPL listed configuration may not meet TEMPEST standards. Similarly, equipment/systems interconnecting with CTPL-listed equipment may not meet TEMPEST standards. Users are therefore advised to consult with their TEMPEST authority before processing classified information on non-certified equipment/systems.
- The CTPL is designed to assist U.S. Government buyers and users to identify commercially available equipment which meet the national TEMPEST standard and to which manufacturers have committed to satisfying a vigorous product assurance program for ensuring the TEMPEST integrity of the product. The CTPL does not however, constitute an inclusive list of products which meet the national TEMPEST standard. The absence of a product from this list means one of the following:
- The manufacturer of the product has not submitted a product proposal for certification under the auspices of the CTPP.
- The manufacturer has submitted a proposal but was unable to satisfy the CTPP eligibility requirements.
- The manufacturer has submitted a product proposal and is currently pursuing certification under the CTPP.
- The manufacturer failed to satisfy the requirements for certification under the CTPP.
- The manufacturer initially satisfied certification requirements, but product certification has since been terminated due to failure by the manufacturer to continue to satisfy post certification requirements.
- EXPORT CONTROL NOTE: TEMPEST equipment falls under the licensing jurisdiction of the Department of State, Category XI (C), Title 22 of Federal Regulations, Section 121.
- The equipment on the CTPL is listed by the name of the company which manufactured the TEMPEST version of the product and not by the Original Equipment Manufacturer (OEM).
NSA certification and placement of a product on the CTPL (Level II) does not occur until the Agency determines that a company has satisfied all CTPP requirements, including but not limited to, company submission and NSA approval of a process assessment, which includes an evaluation of the company manufacturing process; company submission and NSA approval of a product specific proposal; company submission and NSA approval of the test plan; company execution of the test plan on a production unit; and company submission of the test report, critical features list, and configuration baseline list.
In an effort to assist U.S. Government buyers and users with their procurement and budget planning, the Agency has created a Potential Certified TEMPEST Products List (PCTPL). Companies are eligible to have their products included on this list upon satisfying preliminary CTPP requirements toward product certification, i.e., company submission and agency approval of the process assessment and acceptance of the product test plan. Users are warned that inclusion upon this list does not in any way imply that the product will, in fact, receive certification. It merely evidences that the company has expressed intent to obtain certification of their product in accordance with the Technical and Security Requirements Document (TSRD).
- Once a product is listed in Section V or VI, it will remain there for one year, after which it will be deleted from the CTPL Level II.
- Products listed on the CTPL Level II are included in the NATO Recommended Products List (NRPL) Level II. The NRPL is available from the Government Printing Office (GPO).
- Further information about a product on the list or specific questions regarding the absence or deletion of a particular product should be directed to the company point of contact provided.
- Companies desiring information concerning the process for proposing the development of candidate TEMPEST products for the CTPL Level II should contact:
NATIONAL SECURITY AGENCY
9800 SAVAGE ROAD
FT MEADE, MD 20755-6708
ATTN: National TEMPEST Operations, Suite 6708