(U//FOUO) Joint Chiefs of Staff Instruction: Cryptographic Modernization Planning

The following manual is part of a series of “limited release” DoD doctrine publications that are not released to the public.

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION 6510.02D: CRYPTOGRAPHIC MODERNIZATION PLANNING

16 pages
For Official Use Only
October 15, 2010

4. Policy. Pursuant to reference c, U.S. military forces require interoperable secure communications to support joint, allied, combined, interagency, and coalition operations. Although the responsibility for acquiring, installing, and maintaining secure communications lies primarily with the Services, the command and control responsibilities of the joint military command structure dictate that the Chairman of the Joint Chiefs of Staff (supported by the Joint Staff) and the combatant commanders, exercise continuing oversight of assigned forces’ IA solutions and cryptographic programs, as well as their implementations. Therefore;a. DOD components will use only NSA approved cryptographic products to protect classified and/or sensitive national security information that is processed and transmitted over National Security Systems (NSS).

b. The NSA, as the national manager for cryptographic products will, through the National Cryptographic Solutions Management Office (NCSMO), identify cryptographic products requiring replacement, pursuant to reference b. The NCSMO will collaborate with data owners in determining the specific last year of use (LYOU) for aging devices and algorithms. Urgency associated with modernization planning will be reported in reference b, using color codes as follows: RED — cryptographic product modernization planning and/or execution is not sufficient to avoid risk to the intelligence life of information encrypted by those products. Immediate removal from operational mission areas is required. YELLOW — cryptographic product modernization planning and/or execution must ensure product removal from mission areas before the year listed in reference b table as LYOU. GREEN — devices are fully compliant with national cryptographic standards. This is the case for devices with LYOU beyond 2025.

c. Services must comply with reference b.

(1) Designated Approving Authorities (DAAs) or system owners, when no DAA has been identified, in conjunction with other Services, should request a risk assessment for continued use of decertified products no later than one year prior to published LYOU. This request should be directly coordinated with the NSA NCSMO. In the event it would be required to use a decertified product beyond the published cease key dates then the DAA or system owner must submit a key extension for decertified product request. Requests should be submitted as soon as a deficiency and/or limitation is noted, but no later than one year prior to the published Cease key dates. Requests shall be submitted on a case-by-case basis until such systems can be transformed, modernized, or otherwise replaced. Enclosure B defines this process.

(2) In cases where a key extension for decertified products affects multiple Services across the DOD and there is no specified service DAA; the petition for a key extension will be initiated by the Service with the greatest operational impact, as determined by the Cryptographic Solutions Technical Advisory Group (CSTAG). That Service will act as the Lead Organization (LO) to facilitate the petition for a key extension. The LO will provide supporting documentation pursuant to Enclosure A, paragraphs 1-a thru 1-e, (i.e., impact statements, and requirements) from the user communities affected by the decertification. All other Services that are affected to a lesser degree will gather information and provide supporting documentation pursuant to Enclosure B, paragraphs 4-a and 4-e. Once this action is completed, with the culmination of supporting documentation from the Services, the request will then be passed up through their chain for staffing and final endorsement before being sent to the Joint Staff. Once the endorsement has been received, the petition request will then be forwarded to the Joint Staff (J65C) for formal staffing and processing. From that point, the process follows the directions given in this instruction in Enclosure B, Figure B-1. During Joint Staff processing, the request will be forwarded to the NSA for analysis and recommendations. NSA will forward the results of their analysis with specific recommendations to the Military Communications-Electronics Board (MCEB) via Joint Staff (J65C). The request will continue to follow the procedures as outlined in Figure B-1. In the submission of the request, the petitioning Service will address the same requirements outlined in the responsibilities of the DAA, as outlined in Enclosure A of this instruction.