Alternate format: Procedures for zeroization and handling of key storage devices (KSD-64) (ITSA-52) (PDF, 978 KB)
ITSA-52 | January 2009
The purpose of this Alert is to provide Government of Canada (GC) COMSEC accounts with procedures for zeroization and handling of Key Storage Devices (KSD-64).
ITSA-52 supercedes the bulletin Updated Procedures on the Handling, Transportation and Zeroization of KSD-64 Devices (ITSB-44), September 24, 2007.
The KSD-64 is one of the delivery mechanisms from which GC COMSEC accounts receive keys for most of the Secure Communications Interoperability Protocol (SCIP) devices, and for GC COMSEC accounts with STU-III waivers, their keys for STU-III terminals.
The KSD-64 will be used to key SCIP devices until such time as all Secure Data Network System (SDNS) keys can be distributed to GC COMSEC accounts electronically.
The KSD-64 is currently loaded onto SCIP devices using the DataKey Electronics PKS-703 Parallel Key Reader/Writer (PKS-703).
Unlike the STU-III terminal, which zeroizes the KSD-64 during the load process as well as being capable of zeroizing the KSD-64 as one of its functions, the PKS-703 overwrites the KSD-64 content at the end of the load process. This overwrite process is not approved as a method of destruction by Communications Security Establishment Canada (CSEC); therefore the KSD-64 retains the same classification and handling as before the key loading process began.
Initially, GC COMSEC accounts using the PKS-703 to load keys on SCIP devices, were authorized to utilize the STU-III terminal or the Local Management Devices/Key Processor (LMD/KP) platform to zeroize the KSD-64. However, GC COMSEC accounts were advised that the use of STU-III after 30 September 2007 was no longer approved (see reference D). As a result, unless granted a STU-III waiver, the use of a STU-III terminal to zeroize the KSD-64 is no longer authorized.
Find below the procedures applicable to your COMSEC account.
If your COMSEC account has been granted a STU-III waiver or manages a LMD/KP platform follow procedure "1"; otherwise follow procedure "2".
1. GC COMSEC Accounts Authorized to Zeroize the KSD-64
- GC COMSEC accounts with STU-III Waiver: GC COMSEC accounts that have been granted a STU-III waiver allowing them to use STU-III terminals for secure communications may continue to zeroize the KSD-64 using STU-III. Once zeroized, the KSD-64 is UNCLASSIFIED and should be returned to the CSEC National Distribution Authority (NDA) unless it is to be retained and used as a user Crypto-Ignition Key (CIK).
- GC COMSEC accounts with Local Management Devices/Key Processor (LMD/KP) platform: GC COMSEC accounts that manage a LMD/KP platform shall utilize the KP to zeroize the KSD-64. Once zeroized the KSD-64 is UNCLASSIFIED and should be returned to the CSEC NDA unless it is to be retained and used as a user CIK.
Note 1: GC COMSEC accounts with a STU-III waiver and a LMD/KP platform may choose option 1 or 2 to zeroize the KSD-64.
Note 2: A blank or zeroized KSD-64 does not have to be shipped through COMSEC channels.
Note 3: GC COMSEC accounts located in the Ottawa area may contact the CSEC NDA at 613-991-8822 to coordinate the pickup of the KSD-64 by CSEC NDA staff during routine courier runs.
2. GC COMSEC Accounts Not Authorized to Zeroize KSD-64
GC COMSEC accounts which have not been granted a STU-III waiver allowing them to use STU-III terminals for secure communications and do not manage a LMD/KP platform must follow these procedures:
- When ordering SDNS keys on KSD-64s: GC COMSEC accounts should keep to a minimum the number of operational keys ordered. KSD-64s loaded with operational keys must be handled in accordance with the classification (up to and including TOP SECRET Compartmented Information [CI]) of the key it contains. For example, if the KSD-64 is loaded with operational TOP SECRET key, storage and handling must meet Two person Integrity [TPI] compliance until the KSD-64 has been zeroized). GC COMSEC accounts should opt to order seed keys on their KSD-64s. The KSD-64 loaded with seed key is at the PROTECTED A level, facilitating the handling of the KSD-64 throughout its life cycle.
- When keying SCIP devices, using the KSD-64 and the PKS-703, GC COMSEC accounts shall apply these interim procedures:
- The COMSEC Custodian shall prepare a GC-223 Transfer Report Initiating (TRI), instead of Destruction Report (DR) (as instructed in the ITSG-10), to transfer the KSD-64 to CSEC NDA which is authorized to zeroize the KDS-64. When preparing the GC-223, GC COMSEC accounts shall record, in the remarks column, the serial number of the PKS-703 and of the SCIP device on which the SDNS key will be loaded.
- Once the COMSEC Custodian has loaded the SDNS key on the SCIP device, he/she shall sign the TRI, package the KSD-64 with its identification tag and the TRI according to ITSG-10 (Chapter 6, Section 6) and transfer the package to the CSEC NDA where it is authorized for destruction.
Note 1: GC COMSEC accounts located in the Ottawa area may contact the CSEC NDA at 613-991-8822 to coordinate the pickup of KSD-64s by CSEC NDA staff during routine courier runs.
Note 2: GC COMSEC accounts located outside the Ottawa area shall courier the package(s) according to ITSG-10 (Chapter 6, Section 7)
- Canadian Cryptographic Doctrine for the DataKey Electronics PKS-703 Parallel Key Reader/Writer and PK64KC and KSD-64A (CCD-26), January 2004
- CSEC, Approval For Use Datakey Electronics PKS-703 Parallel Memory Key ReaderWriter and PK64KC and KSD-64 A Key Storage Device, 2 February 2004
- COMSEC Material Control Manual (ITSG-10), July 2006
- STU-III Technology No Longer Approved for Use in Canada (ITSA-43), 25 October 2007
Contacts and Assistance
Head, IT Security Client Services
Communications Security Establishment Canada
PO Box 9703, Terminal
Ottawa, Ont K1G 3Z4
e-mail : email@example.com
Originally signed by
Acting Director, IT Security Mission Management