ITSD-03

UNCLASSIFIED 

Directive 

for the 

Control of COMSEC Material 

in the 

Government of Canada 

ITSD-03 

October 2011

UNCLASSIFIED 

Directive for the Control of COMSEC Material in the Government of Canada (ITSD-03) 

This page intentionally left blank. 

October 2011

UNCLASSIFIED 


Foreword 

The Directive for the Control of COMSEC Material in the Government of Canada is an 

unclassified publication issued under the authority of the Chief, Communications Security 

Establishment Canada (CSEC) in accordance with the Policy on Government Security. 

This directive takes effect on the date of signature and supersedes the COMSEC Material 

Control Manual (ITSG-10) dated July 2006. 

CSEC will issue appropriate direction, as required, to notify users of changes to this directive. 

General inquiries and suggestions for amendments must be forwarded through departmental 

COMSEC channels to COMSEC Client Services at CSEC by e-mail at 

comsecclientservices@cse-cst.gc.ca or call (613) 991-8495. 

____________________________________________________ 

Toni Moffa 

Deputy Chief, Information Technology Security 

October 31, 2011 

______________________________ 

Date 

© Government of Canada, Communications Security Establishment Canada, 2011 

It is permissible to reproduce or make extracts from this publication provided it is used for 

Government of Canada departmental use. Reproduction of multiple copies of this publication for 

the purpose of commercial redistribution is prohibited except with written permission from the 

Government of Canada’s copyright administrator, Public Works and Government Services 

Canada. 

Foreword October 2011 i

UNCLASSIFIED 



ii October 2011 Foreword

UNCLASSIFIED 


Record of Amendments 

Amendment No. Date Authority 

Record of Amendments October 2011 iii

UNCLASSIFIED 



iv October 2011 Record of Amendments

UNCLASSIFIED 

Table of Contents 


Foreword ......................................................................................................................... i 

Record of Amendments ............................................................................................... iii 

List of Tables ............................................................................................................... xv 

List of Figures ............................................................................................................. xv 

List of Abbreviations and Acronyms ....................................................................... xvii 

1 Introduction ........................................................................................................... 1 

1.1 Purpose ....................................................................................................... 1 

1.2 Authority ..................................................................................................... 1 

1.3 Scope ........................................................................................................... 1 

1.4 Definitions ................................................................................................... 1 

1.5 Application .................................................................................................. 2 

1.6 Compliance ................................................................................................. 2 

1.7 Expected Results ........................................................................................ 3 

1.8 Consequence .............................................................................................. 3 

1.9 Requests for Exceptions ........................................................................... 3 

1.10 Points of Contact ........................................................................................ 3 

1.11 COMSEC User Portal .................................................................................. 4 

1.12 Communications Security Establishment Canada – Web Site ............... 4 

2 National COMSEC Material Control System ....................................................... 5 

2.1 Structure and Organization Overview ...................................................... 5 

2.2 National Central Office of Record ............................................................. 6 

2.2.1 Overview ............................................................................................ 6 

2.2.2 Registration Authority ........................................................................ 6 

2.2.3 COMSEC Account Manager .............................................................. 6 

2.2.4 Key Processor Privilege Certificate Manager ..................................... 7 

2.3 Central Office of Record ............................................................................ 7 

2.4 National Distribution Authority ................................................................. 7 

2.5 COMSEC Accounts .................................................................................... 8 

2.6 COMSEC Sub-Accounts ............................................................................ 8 

2.7 Local Elements ........................................................................................... 9 

3 Personnel ............................................................................................................. 11 

3.1 Roles and Responsibilities ...................................................................... 11 

3.1.1 Deputy Head .................................................................................... 11 

3.1.2 Departmental Security Officer .......................................................... 11 

3.1.3 Departmental COMSEC Authority ................................................... 11 

3.1.4 COMSEC Custodian ........................................................................ 12 

3.1.5 Alternate COMSEC Custodian ......................................................... 12 

Table of Contents October 2011 v

UNCLASSIFIED 


3.1.6 COMSEC Sub-Account Custodian .................................................. 12 

3.1.7 Alternate COMSEC Sub-Account Custodian ................................... 12 

3.1.8 Local Element .................................................................................. 12 

3.1.9 Controlling Authority ........................................................................ 13 

3.1.10 Other Authorized Users ................................................................... 13 

3.1.11 Key Ordering Personnel ................................................................... 13 

3.1.12 Witness ............................................................................................ 14 

3.2 Personnel Selection and Training ........................................................... 14 

3.2.1 Selection of COMSEC Custodians/Alternate COMSEC 

Custodians, COMSEC Sub-Account Custodians/Alternate 

COMSEC Sub-Account Custodians ................................................. 14 

3.2.2 COMSEC Training ........................................................................... 14 

4 Management of COMSEC Accounts .................................................................. 17 

4.1 Establish COMSEC Account .................................................................... 17 

4.1.1 Request Establishment of COMSEC Account ................................. 17 

4.1.2 Approve Establishment of COMSEC Account ................................. 17 

4.1.3 Establish COMSEC Sub-Accounts .................................................. 18 

4.1.4 Register Local Elements .................................................................. 18 

4.2 Establish COMSEC Account Files and Records .................................... 18 

4.2.1 Administrative Files .......................................................................... 18 

4.2.2 Accounting Files .............................................................................. 19 

4.2.3 Communications Security Establishment Canada-Approved 

Accounting Sub-Systems ................................................................. 19 

4.2.4 Retention/Disposition of Records and Files ..................................... 19 

4.2.5 Classification of Records and Files .................................................. 19 

4.2.6 Access to Records and Files ........................................................... 20 

4.3 Changes to COMSEC Accounts .............................................................. 20 

4.3.1 Changes to COMSEC Account Registration Information ................. 20 

4.3.2 Changes to the COMSEC Signing Authority Form 

(CSEC/CSTC-599) .......................................................................... 20 

4.3.3 Change of Personnel ....................................................................... 20 

4.3.4 Scheduling the COMSEC Custodian Changeover ........................... 20 

4.3.5 Conversion of a COMSEC Sub-Account to a COMSEC Account .... 21 

4.3.6 Change of Classification Level of a COMSEC Account ................... 21 

4.3.7 Absence of COMSEC Custodial Staff .............................................. 21 

4.4 Closing a COMSEC Account ................................................................... 22 

4.5 Closing a COMSEC Sub-Account ........................................................... 22 

4.6 Suspension of a COMSEC Account ........................................................ 23 

4.6.1 General ............................................................................................ 23 

4.6.2 Suspension ...................................................................................... 23 

4.6.3 Lifting Suspension ........................................................................... 23 

vi October 2011 Table of Contents

UNCLASSIFIED 


5 Identification of COMSEC Material .................................................................... 25 

5.1 Long Title .................................................................................................. 25 

5.2 Short Title .................................................................................................. 25 

5.3 Edition ....................................................................................................... 25 

5.4 Accounting Number ................................................................................. 25 

5.4.1 Assignment of Accounting Number .................................................. 25 

5.4.2 Local Accounting Identifier ............................................................... 25 

5.4.3 Unique Accounting Numbers for Electronic Key .............................. 26 

5.5 Accounting Legend Code ........................................................................ 26 

5.5.1 Description ....................................................................................... 26 

5.5.2 Entry of COMSEC Material into National COMSEC Material 

Control System ................................................................................ 26 

5.5.3 Accounting Legend Code 1 COMSEC Material ............................... 26 





5.6 Types of COMSEC Material...................................................................... 28 

5.6.1 Key Material ..................................................................................... 28 

5.6.2 COMSEC Equipment ....................................................................... 28 

5.6.3 COMSEC Publications ..................................................................... 28 

5.7 CRYPTO Marking ...................................................................................... 29 

5.8 Controlled Cryptographic Item Marking ................................................. 29 

5.9 Classification or Protected Marking ....................................................... 29 

6 Accounting Forms, Reports and Notices .......................................................... 31 

6.1 COMSEC Material Report ......................................................................... 31 

6.2 Local Accounting Records and Logs ..................................................... 31 

6.2.1 Handling Instructions/Disposition Record Card ................................ 31 

6.2.2 Local Accounting Logs ..................................................................... 31 

6.3 COMSEC Material Reports ....................................................................... 32 

6.3.1 Preparation and Distribution of COMSEC Material Reports ............. 32 

6.3.2 Transfer Report ................................................................................ 32 

6.3.3 Hand Receipt ................................................................................... 33 

6.3.4 Possession Report ........................................................................... 35 

6.3.5 Key Generation Report .................................................................... 36 

6.3.6 Conversion Report ........................................................................... 37 

6.3.7 Relief from Accountability Report ..................................................... 37 

6.3.8 Destruction Report ........................................................................... 38 

6.3.9 Consolidated Destruction Report ..................................................... 38 

6.3.10 Inventory Report .............................................................................. 40 

6.4 Accounting Notices .................................................................................. 41 

6.4.1 Tracer Notice – Transfers ................................................................ 41 

Table of Contents October 2011 vii

UNCLASSIFIED 


6.4.2 Tracer Action by the COMSEC Custodian ....................................... 41 

6.4.3 Tracer Action by National Central Office of Record/Central Office 

of Record ......................................................................................... 42 

7 Special Accounting Requirements .................................................................... 43 

7.1 Drop Accounting of North Atlantic Treaty Organization and 

International COMSEC Material .............................................................. 43 

7.1.1 General Requirement ...................................................................... 43 

7.1.2 North Atlantic Treaty Organization Funded Units ............................. 43 

7.1.3 North Atlantic Treaty Organization COMSEC Material Requiring 

Two-Person-Integrity Control ........................................................... 43 

7.2 Canadian Controlled COMSEC Material Outside of the National 

COMSEC Material Control System .......................................................... 43 

7.3 Criteria for Release of COMSEC Material to the Private Sector ........... 44 

7.4 Government Furnished Equipment ......................................................... 44 

7.4.1 Government Furnished Equipment for Canadian Industry ............... 44 

7.4.2 Government Furnished Equipment for Allied Contractors ................ 45 

7.5 COMSEC Material under Contract ........................................................... 45 

8 Access to COMSEC Material .............................................................................. 47 

8.1 Prerequisite for Access to COMSEC Material ........................................ 47 

8.1.1 Access by Government of Canada Employees and Contractors ..... 47 

8.1.2 Access by Foreign Nationals ........................................................... 47 

8.2 COMSEC Briefing and COMSEC Briefing Certificate ............................ 47 

8.2.1 Requirements .................................................................................. 47 

8.2.2 Retention of COMSEC Briefing Certificates ..................................... 48 

8.2.3 COMSEC Debriefings/Updates ........................................................ 48 

8.3 Two Person Integrity ................................................................................ 48 

8.4 No Lone Zone ............................................................................................ 48 

9 Physical Security ................................................................................................. 49 

9.1 COMSEC Facilities ................................................................................... 49 

9.1.1 Requirement .................................................................................... 49 

9.1.2 Planning and Establishing a COMSEC Facility ................................ 49 

9.1.3 Access Controls and Restrictions .................................................... 49 

9.1.4 COMSEC Facility Approval .............................................................. 50 

9.2 Secure Storage ......................................................................................... 51 

9.2.1 Security Containers ......................................................................... 51 

9.2.2 Segregation of COMSEC Material in Storage .................................. 51 

9.2.3 Opening of Security Containers in Emergency Situations ................ 51 

9.2.4 Incidents Involving Security Containers ........................................... 52 

9.2.5 Protecting Lock Combinations and Lock Keys ................................. 52 

9.3 Storage of Physical Key Material ............................................................ 54 

9.3.1 Storage Requirements ..................................................................... 54 

viii October 2011 Table of Contents

UNCLASSIFIED 


9.3.2 Key Material Held in Reserve .......................................................... 54 

9.4 Storage of Electronic Key Material ......................................................... 56 

9.5 Storage of COMSEC Equipment .............................................................. 56 

9.5.1 General Requirement ...................................................................... 56 

9.5.2 Preparation for Storage ................................................................... 56 

9.5.3 Spare or Standby Equipment ........................................................... 56 

9.6 Storage of COMSEC Publications ........................................................... 56 

10 Distribution and Receipt of COMSEC Material ................................................. 57 

10.1 Distributing COMSEC Material ................................................................ 57 

10.2 Distributing Electronic Key on Magnetic or Optical Media ................... 58 

10.3 Tracking the Shipment of COMSEC Material ......................................... 59 

10.4 Packaging Physical COMSEC Material ................................................... 59 

10.4.1 Overview .......................................................................................... 59 

10.4.2 Inner Wrapping ................................................................................ 59 

10.4.3 Outer Wrapping ............................................................................... 60 

10.4.4 Types of Packaging ......................................................................... 60 

10.4.5 Wooden Crates or Transit Cases ..................................................... 61 

10.5 Authorized Modes of Transportation ...................................................... 61 

10.5.1 Overview .......................................................................................... 61 

10.5.2 North Atlantic Treaty Organization and Foreign COMSEC Material 62 

10.6 Authorized Couriers of COMSEC Material ............................................. 64 

10.6.1 Canadian Government Diplomatic Courier Service ......................... 64 

10.6.2 Authorized Departmental Couriers ................................................... 64 

10.6.3 Contractor’s Authorized Couriers ..................................................... 65 

10.6.4 Commercial Carriers ........................................................................ 65 

10.7 Receiving COMSEC Material ................................................................... 66 

10.7.1 Preparation before Receiving COMSEC Material ............................ 66 

10.7.2 Inspection of Packages .................................................................... 67 

10.7.3 Validation of Content ....................................................................... 67 

11 Handling and Use ................................................................................................ 69 

11.1 Accountable Key Material ........................................................................ 69 

11.1.1 Purpose and Use ............................................................................. 69 

11.1.2 Labels .............................................................................................. 69 

11.1.3 Protective Packaging ....................................................................... 69 

11.1.4 Key Tape in Canisters...................................................................... 69 

11.1.5 Electronic Key Material on Magnetic or Optical Media ..................... 70 

11.1.6 Electronic Key on a Key Storage Device ......................................... 70 

11.1.7 Copies of Key .................................................................................. 70 

11.1.8 Two Person Integrity Controls .......................................................... 71 

11.2 Accountable COMSEC Equipment .......................................................... 71 

11.2.1 Sight Verification .............................................................................. 71 

Table of Contents October 2011 ix

UNCLASSIFIED 


11.2.2 Equipment Labels ............................................................................ 71 

11.2.3 Modification ...................................................................................... 72 

11.2.4 Equipment Installed for Operational Use ......................................... 72 

11.2.5 Key Storage/Fill Equipment Containing Key Material....................... 72 

11.2.6 Equipment Audit Trails ..................................................................... 72 

11.3 Accountable COMSEC Publications ....................................................... 73 

11.3.1 Reproduction ................................................................................... 73 

11.3.2 Frequency of Page Checks .............................................................. 73 

11.3.3 Conducting Page Checks ................................................................ 74 

11.3.4 Amendments to Accountable COMSEC Publications ...................... 74 

11.4 Local Tracking of Other Associated Material ......................................... 76 

11.4.1 Local Tracking System..................................................................... 76 

11.4.2 Control and Protection of Crypto Ignition Keys ................................ 76 

11.4.3 Record of Personal Identification Numbers and Passwords ............ 76 

11.4.4 Change of Personal Identification Numbers and Passwords ........... 77 

11.4.5 Storage of Personal Identification Numbers and Passwords ........... 77 

11.4.6 Configuration Disks .......................................................................... 77 

11.4.7 Software Upgrades .......................................................................... 77 

12 Destruction/Disposal of Accountable COMSEC Material ................................ 79 

12.1 General Requirement ............................................................................... 79 

12.2 Destruction of Key Material ..................................................................... 79 

12.2.1 Scheduling Destruction of Key Material ........................................... 79 

12.2.2 Unavailability of Destruction Devices ............................................... 79 

12.2.3 Conditions Affecting Destruction of Key Material ............................. 79 

12.2.4 Key Material Issued for Use ............................................................. 79 

12.2.5 Sealed Key Material ......................................................................... 80 

12.2.6 Emergency Supersession ................................................................ 80 

12.2.7 Defective Key Material ..................................................................... 80 

12.3 Destruction/Disposal of COMSEC Equipment ....................................... 81 

12.4 Destruction of COMSEC Publications .................................................... 81 

12.5 Performing Routine Destruction ............................................................. 81 

12.5.1 Personnel ......................................................................................... 81 

12.5.2 Training ............................................................................................ 82 

12.5.3 Performing Physical Destruction ...................................................... 82 

12.6 Routine Destruction Methods .................................................................. 83 

12.6.1 Paper COMSEC Material ................................................................. 83 

12.6.2 Non-Paper COMSEC Material ......................................................... 84 

12.7 Approved Routine Destruction Devices ................................................. 85 

12.8 Emergency Destruction Priorities ........................................................... 85 

12.8.1 Priorities within Categories .............................................................. 85 

12.8.2 Priorities for Combined Categories .................................................. 87 

12.9 Emergency Destruction Methods ............................................................ 87 

x October 2011 Table of Contents

UNCLASSIFIED 


12.10 Reporting Emergency Destruction ......................................................... 87 

13 COMSEC Account Inventory .............................................................................. 89 

13.1 Reasons for Inventory .............................................................................. 89 

13.2 Types of Inventory .................................................................................... 89 

13.2.1 Annual Inventory .............................................................................. 89 

13.2.2 Change of COMSEC Custodian Inventory ....................................... 89 

13.2.3 Special Inventory ............................................................................. 90 

13.3 Inventory Reports ..................................................................................... 90 

13.3.1 National Central Office of Record/Central Office of Record- 

Initiated Inventory Report ................................................................. 90 

13.3.2 COMSEC Account Inventory Report ................................................ 90 

13.3.3 Amendment to Inventory Report ...................................................... 91 

13.4 Inventory Process .................................................................................... 91 

13.4.1 Scheduling the Sight Inventory ........................................................ 91 

13.4.2 Conducting the Sight Inventory ........................................................ 92 

13.4.3 Reconciling the COMSEC Account Inventory Report ...................... 92 

14 COMSEC Emergency Plan .................................................................................. 95 

14.1 Preparing the COMSEC Emergency Plan ............................................... 95 

14.1.1 Requirement .................................................................................... 95 

14.1.2 Development of the Plan .................................................................. 95 

14.1.3 Maintaining and Testing the Plan ..................................................... 95 

14.1.4 Emergency Destruction Plan ........................................................... 95 

14.2 Planning for Emergency Events .............................................................. 96 

14.2.1 Best Practices .................................................................................. 96 

14.2.2 Natural Disasters and Accidental Emergencies ............................... 96 

14.2.3 Hostile Activity ................................................................................. 97 

15 COMSEC Account Audit ..................................................................................... 99 

15.1 Planning the Audit .................................................................................... 99 

15.1.1 Delegation of Authority..................................................................... 99 

15.1.2 Purpose of an Audit ......................................................................... 99 

15.1.3 Frequency of Audits ......................................................................... 99 

15.1.4 Scheduling the Audit ........................................................................ 99 

15.2 Conducting the Audit ............................................................................. 100 

15.2.1 Access to COMSEC Account Holdings .......................................... 100 

15.2.2 Scope of the Audit ......................................................................... 100 

15.2.3 Exit Interview ................................................................................. 100 

15.3 Audit Reporting ...................................................................................... 101 

15.3.1 COMSEC Account Audit Report .................................................... 101 

15.3.2 Statement of Action Form .............................................................. 101 

15.3.3 Failure to Return a Statement of Action Form ................................ 101 

15.4 COMSEC Sub-Account Audits .............................................................. 101 

Table of Contents October 2011 xi

UNCLASSIFIED 


15.4.1 Requirement .................................................................................. 101 

15.4.2 Communications Security Establishment Canada Participation ..... 101 

16 COMSEC Incidents ............................................................................................ 103 

16.1 General .................................................................................................... 103 

16.2 Classes of COMSEC Incidents .............................................................. 103 

16.2.1 Compromising Incidents ................................................................ 103 

16.2.2 Practices Dangerous to Security .................................................... 103 

16.3 Categories of COMSEC Incidents ......................................................... 104 

16.3.1 Cryptographic Incidents ................................................................. 104 

16.3.2 Personnel Incidents ....................................................................... 105 

16.3.3 Physical Incidents .......................................................................... 106 

16.4 Handling of Incidents ............................................................................. 107 

16.4.1 Departmental Procedures .............................................................. 107 

16.4.2 COMSEC Custodian Responsibility ............................................... 107 

16.4.3 Departmental COMSEC Authority Responsibility .......................... 107 

16.4.4 Reporting COMSEC Incidents ....................................................... 108 

16.5 Recovery of COMSEC Material .............................................................. 109 

16.6 Post-Incident Evaluation ........................................................................ 109 

16.7 COMSEC Incidents Involving North Atlantic Treaty Organization 

COMSEC Material ................................................................................... 110 

16.8 COMSEC Incidents Involving In-Process COMSEC Material .............. 110 

16.9 Disciplinary Action ................................................................................. 110 

Glossary ..................................................................................................................... 111 

Bibliography .............................................................................................................. 125 

Annex A – Control of In-Process COMSEC Material .............................................. 127 

A.1 Introduction ............................................................................................ 127 

A.1.1 Purpose ......................................................................................... 127 

A.1.2 Scope............................................................................................. 127 

A.1.3 Content of Annex ........................................................................... 127 

A.2 In-Process Plan ....................................................................................... 128 

A.2.1 Content of the In-Process Plan ...................................................... 128 

A.2.2 Approval of an In-Process Plan ..................................................... 129 

A.2.3 Approving Authority ....................................................................... 129 

A.2.4 Changes to an In-Process Plan ..................................................... 129 

A.3 Accounting for In-Process COMSEC Material...................................... 131 

A.3.1 Automated In-Process Accounting System .................................... 131 

A.3.2 In-Process Accounting Records ..................................................... 131 

A.3.3 Reconciliation of In-Process Accounting Records ......................... 132 

A.3.4 In-Process Accounting Reports ..................................................... 132 

A.3.5 Retention and Disposition of In-Process Records and Reports ..... 135 

xii October 2011 Table of Contents

UNCLASSIFIED 


A.3.6 Audit of In-Process COMSEC Accounts ........................................ 135 

A.4 Control of In-Process COMSEC Equipment ......................................... 135 

A.4.1 Integrated Circuits .......................................................................... 135 

A.4.2 Controlled Cryptographic Items ..................................................... 136 

A.4.3 Breakage, Waste and Scrap In-Process COMSEC Material .......... 139 

A.4.4 Loss of In-Process COMSEC Material ........................................... 140 

A.5 COMSEC Equipment under Repair and Maintenance Contract .......... 140 

A.5.1 Transfer to/from the Contractor ...................................................... 140 

A.5.2 Accountability within the Repair and Maintenance In-Process 

Facility ............................................................................................ 140 

A.5.3 Sources of Spare COMSEC Parts, Components and Assemblies . 140 

A.5.4 Non-Serviceable In-Process Parts, Components and Assemblies 141 

A.5.5 Non-repairable COMSEC Equipment ............................................ 142 

A.6 Accountable COMSEC Publications under Development ................... 142 

A.6.1 In-Process Manuscripts ................................................................. 142 

A.6.2 Working Papers ............................................................................. 142 

A.6.3 Release of In-Process Manuscripts before Government of 

Canada Acceptance ...................................................................... 142 

A.6.4 Government of Canada Acceptance of a Final Manuscript ............ 144 

A.6.5 Destruction of In-Process Manuscripts .......................................... 144 

A.7 Accountable COMSEC Publications under Reproduction or 

Translation Contract .............................................................................. 145 

A.7.1 In-Process Manuscripts ................................................................. 145 

A.7.2 COMSEC Publications Controlled within the National COMSEC 

Material Control System................................................................. 145 

A.7.3 Destruction of In-Process Material Surplus to Contract 

Requirement .................................................................................. 145 

Table of Contents October 2011 xiii

UNCLASSIFIED 



xiv October 2011 Table of Contents

UNCLASSIFIED 


List of Tables 

Table 1 – Contact Information ......................................................................................... 3 

Table 2 – Key Material Held in Reserve ........................................................................ 54 

Table 3 – Storage of Physical Key Material ................................................................... 55 

Table 4 – Authorized Modes of Transportation for COMSEC Material .......................... 63 

Table 5 – Approval of IP Plans .................................................................................... 129 

Table 6 – Labelling CCI ............................................................................................... 139 

List of Figures 

Figure 1 – National COMSEC Material Control System (NCMCS).................................. 5 

Figure 2 – Example of Magnetic or Optical Media Label ............................................... 59 

Figure 3 – IP Hand Receipt Required Information ....................................................... 134 

Figure 4 – Return of Issued IP COMSEC Material ...................................................... 134 

Figure 5 – IP COMSEC Material Label ........................................................................ 144 

List of Tables and October 2011 xv 

List of Figures

UNCLASSIFIED 



xvi October 2011 List of Tables and 

List of Figures

UNCLASSIFIED 


List of Abbreviations and Acronyms 

ACM 

ACMCA 

ALC 

CA 

CARDS 

CCD 

CCF 

CCI 

CD 

CFCSU 

CICA 

CIK 

CKL 

CMAC 

COMSEC 

COR 

CSC 

CSEC 

CSO 

CUP 

DCA 

DDSM 

DIAS 

DND 

DSC 

DSO 

DVD 

EKMS 

FAA 

FOUO 

FSC 

FSU 

GC 

GFE 

HI/DR 

IC 

ICMCM 

ID 

Accountable COMSEC Material 

Accountable COMSEC Material Control Agreement 

Accounting Legend Code 

Controlling Authority 

COMSEC Accounting, Reporting and Distribution System 

Canadian Cryptographic Doctrine 

Canadian Central Facility 

Controlled Cryptographic Item 

Compact Disk 

Canadian Forces COMSEC Support Unit 

CSEC Industrial COMSEC Account 

Crypto-Ignition Key 

Compromise Key List 

Crypto Material Assistance Centre 

Communications Security 

Central Office of Record 

COMSEC Safeguarding Capability 

Communications Security Establishment Canada 

Company Security Officer 

COMSEC User Portal 

Departmental COMSEC Authority 

Directive on Department Security Management 

Distributed INFOSEC Accounting System 

Department of National Defence 

Document Safeguarding Capability 

Departmental Security Officer 

Digital Versatile Disk 

Electronic Key Management System 

Financial Administration Act 

For Official Use Only 

Facility Security Clearance 

Field Software Upgrade 


Government Furnished Equipment 

Handling Instructions/Disposition Record 

Integrated Circuit 

Industrial COMSEC Material Control Manual 

Identifier 

List of Abbreviations and October 2011 xvii 

Acronyms

UNCLASSIFIED 


IP 

INFOSEC 

ISDN 

IT 

ITS AFU 

ITSA 

ITSB 

ITSD 

ITSLC 

KEK 

KMID 

KMSP 

KP 

MOA 

MOU 

NATO 

NCER 

NCIO 

NCMCS 

NCOR 

NDA 

NLZ 

NSA 

ORR 

PDS 

PGS 

PIN 

PSTN 

PWA 

PWGSC 

R&M 

SCIP 

SDNS 

SKCR 

SPIRS 

T3MD 

TBS 

TEK 

TPI 

TRA 

In-Process 

Information Security 

Integrated Services Digital Network 

Information Technology 

Information Technology Security Approvals for Use 

Information Technology Security Alert 

Information Technology Security Bulletin 

Information Technology Security Directive 

Information Technology Security Learning Centre 

Key Encryption Key 

Key Material Identifier 

Key Material Support Plan 

Key Processor 

Memorandum of Agreement 

Memorandum of Understanding 

North Atlantic Treaty Organization 

National Cryptographic Equipment Reserve 

National COMSEC Incidents Office 

National COMSEC Material Control System 

National Central Office of Record 

National Distribution Authority 

No Lone Zone 

National Security Agency 

Operational Rekey Report 

Practices Dangerous to Security 

Policy on Government Security 

Personal Identification Number 

Public Switched Telephone Network 

Printed Wiring Assembly 

Public Works and Government Services Canada 

Repair and Maintenance 

Secure Communications Interoperability Protocol 

Secure Data Network System 

Seed Key Conversion Report 

SDNS PSTN-ISDN Rekey Subsystem 

Tier 3 Management Device 

Treasury Board of Canada Secretariat 

Traffic Encryption Key 

Two-Person Integrity 

Threat and Risk Assessment 

xviii October 2011 List of Abbreviations and 

Acronyms

UNCLASSIFIED 

U//FOUO 

U.K. 

U.S. 


Unclassified//For Official Use Only 

United Kingdom 

United States 

List of Abbreviations and October 2011 xix 

Acronyms

UNCLASSIFIED 

1 Introduction 

1.1 Purpose 


This directive provides the minimum security requirements for the control of accountable 

Communications Security (COMSEC) material in the Government of Canada (GC). 

1.2 Authority 

This directive is promulgated pursuant to the Policy on Government Security (PGS), which 

delegates Communications Security Establishment Canada (CSEC) as the lead security agency 

and national authority for the development, approval and promulgation of COMSEC policy 

instruments and for the development of guidelines and tools related to Information 

Technology (IT) Security. 

1.3 Scope 

The methods for the control of COMSEC material vary and are determined by the nature of the 

material itself. The scope of this directive includes: 

 

 

 

COMSEC material, which requires control and accountability within the National 

COMSEC Material Control System (NCMCS); 

COMSEC material under development, which requires local accounting and control 

within an In-Process (IP) accounting system as detailed in Annex A; and 

COMSEC material (other than above), which requires control and local tracking by the 

COMSEC Custodian through a manual or electronic tracking system outside of the 

NCMCS. 

1.4 Definitions 

COMSEC – The application of cryptographic security, transmission and emission 

security, physical security measures, operational practices and controls to deny 

unauthorized access to information derived from telecommunications and that ensure the 

authenticity of such telecommunications. 

COMSEC Material – Material designed to secure or authenticate telecommunications 

information. COMSEC material includes, but is not limited to, key, equipment, modules, 

devices, documents, hardware, firmware or software that embodies or describes 

cryptographic logic and other items that perform COMSEC functions. 

Introduction October 2011 1

UNCLASSIFIED 


Accountable COMSEC Material (ACM) – COMSEC material that requires control and 

accountability within the National COMSEC Material Control System (NCMCS) in 

accordance with its accounting legend code and for which transfer or disclosure could be 

detrimental to the national security of Canada. 

NCMCS – A CSEC-approved, central logistic system through which COMSEC material, 

including COMSEC material marked “CRYPTO” is distributed, controlled and 

safeguarded. 

Refer to the Glossary for additional definitions of terms used in this directive. 

1.5 Application 

This directive applies to: 

 

 

 

GC departments within the meaning of Schedules I, I.1, II, IV and V of the Financial 

Administration Act (FAA), unless excluded by specific acts, regulations or Orders in 

Council; 

GC departments not listed in the above mentioned FAA Schedules, but that have entered 

into a written agreement with the Treasury Board of Canada Secretariat (TBS) to adopt 

the requirements of the PGS. A copy of the agreement must be maintained in the CSEC 

National Central Office of Record (NCOR) chronological files; and 

Private Sector companies and organizations managing COMSEC material under the 

direction of the Industrial COMSEC Material Control Manual (ICMCM). If a situation 

arises that is not covered by the ICMCM, or a discrepancy arises between it and the 

content of this directive, ITSD-03 takes precedence. 

NOTE: For the purpose of this directive, the term ‘GC departments’ includes all federal 

institutions (e.g. departments, agencies, organizations) subject to the FAA and PGS. 

1.6 Compliance 

All GC departments identified in Article 1.5 must comply with the baseline security 

requirements of the Directives for the Application of Communications Security in the 

Government of Canada (ITSD-01) and this directive. While compliance with these minimum 

security requirements is the responsibility of each GC department, this does not preclude 

individual departments from applying more stringent security measures. Departmental directives 

that exceed the minimum security requirements of ITSD-03 take precedence within that 

department. 

2 October 2011 Introduction

UNCLASSIFIED 

1.7 Expected Results 


This directive describes courses of action which CSEC has determined are required to achieve a 

minimum level of control, safeguard and accounting for COMSEC material in departmental 

communications operations. 

1.8 Consequence 

Failure to comply with this directive may result in escalated administrative controls being placed 

on a COMSEC Account. In extreme circumstances, a COMSEC Account will be suspended until 

an external audit is conducted and the Departmental Security Officer (DSO) or DSO-delegated 

Departmental COMSEC Authority (DCA) has rectified any shortcomings. 

1.9 Requests for Exceptions 

Requests for exceptions or waivers to any of the direction contained herein must be submitted to 

COMSEC Client Services at CSEC. Requests must be submitted in writing and include 

justification. CSEC approval is required before implementing any exception or waiver. 

NOTE: Exceptions or waivers are designed to be remedial and of limited duration. 

1.10 Points of Contact 

The CSEC points of contact for topics covered by this directive are listed in Table 1 below. 

Table 1 – Contact Information 

Office Phone Number E-mail Address 

COMSEC Client Services 613-991-8495 comsecclientservices@cse-cst.gc.ca 

Crypto Material Assistance Centre 

(CMAC) 

and 

National Central Office of Record 

(NCOR) 

National COMSEC Incidents 

Office (NCIO) 

613-991-8600 cmac-camc@cse-cst.gc.ca 

613-991-8175 ncio@cse-cst.gc.ca 

Introduction October 2011 3

UNCLASSIFIED 


1.11 COMSEC User Portal 

Authorized users may access the CSEC COMSEC User Portal (CUP) at http://comsecportal.csecst.gc.ca. 

The CSEC CUP provides COMSEC-related information and Field Software Upgrades 

(FSUs), up to PROTECTED A, associated with high assurance products, systems and services. 

For information on becoming an authorized user of the CSEC CUP, contact the CMAC at CSEC. 

1.12 Communications Security Establishment Canada – Web Site 

Other COMSEC directives and information (UNCLASSIFIED only) associated with high 

assurance products, systems and services are available at http://www.cse-cst.gc.ca/itssti/publications/index-eng.html. 

4 October 2011 Introduction

UNCLASSIFIED 


2 National COMSEC Material Control System 

2.1 Structure and Organization Overview 

The NCMCS is a CSEC-approved logistics system which includes the personnel and procedures 

that enable GC departments to effectively handle and control COMSEC material. The NCMCS 

provides for the control of COMSEC material through: 

National Central Office of Record (NCOR) 

Central Office of Record (COR) 

 

 

 

 

National Distribution Authority (NDA) 

COMSEC Accounts 

COMSEC Sub-Accounts, and 

Local Elements (formerly referred to as Loan Holders or Authorized Users). 

National Central 

Office of 

Record (NCOR) 

National Distribution 

Authority (NDA) 

GC Department 


CSEC Industrial 

COMSEC Account 

(CICA) 

Department of National 

Defence (DND) 

Central Office of Record 

(COR) 

Local 

Elements 

COMSEC 

Sub-accounts 

COMSEC 

Sub-accounts 

DND 


Local 

Elements 

COMSEC 

Sub-accounts 

Local 

Elements 

Local 

Elements 

Figure 1 – National COMSEC Material Control System (NCMCS) 

National COMSEC Material October 2011 5 

Control System

UNCLASSIFIED 


2.2 National Central Office of Record 

2.2.1 Overview 

NCOR is the entity at CSEC which is responsible for overseeing the management and 

accounting of COMSEC material produced in, or entrusted to Canada. NCOR is not a COMSEC 

Account and never holds COMSEC material. NCOR responsibilities include the three distinct 

roles of Registration Authority, COMSEC Account Manager and Key Processor (KP) Privilege 

Certificate Manager. These roles are administered by the CMAC. 

2.2.2 Registration Authority 

As the national Registration Authority for GC COMSEC Accounts, NCOR personnel: 

manage the block of Electronic Key Management System (EKMS) Identifiers (IDs) 

(i.e. COMSEC Account numbers) used in Canada; 

 

 

 

 

 

 

 

 

register NCOR with allied COMSEC material control systems; 

participate in the opening and closing of COMSEC Accounts for the GC; 

temporarily deactivate COMSEC Accounts for GC departments; 

confirm the appointment or termination of appointment of the DCA, COMSEC Custodian 

and Alternate COMSEC Custodian(s); 

assign a unique EKMS ID to each COMSEC Account; 

collect and maintain account registration data in the EKMS Directory Service; 

provide registration data to COMSEC Accounts that do not have access to the EKMS 

Directory Service; and 

register COMSEC Accounts with allied COMSEC material control systems when those 

accounts are authorized to exchange COMSEC material with allied countries. 

2.2.3 COMSEC Account Manager 

As COMSEC Account Manager, NCOR personnel: 

maintain a master inventory of all centrally accountable COMSEC material for those 

COMSEC Accounts under their purview; 

process COMSEC Material Reports, including validation of signature(s) against signature 

specimens; 

perform annual inventory reconciliations with COMSEC Accounts under his or her 

purview; 

6 October 2011 National COMSEC Material 

Control System

UNCLASSIFIED 


 

 

 

monitor the effective dates of key material to ensure key material is destroyed and 

reported as destroyed in a timely manner; 

support the evaluation and recovery from compromise or potential compromise of 

COMSEC material; and 

liaise with COMSEC Account personnel and provide guidance and assistance on all 

COMSEC accounting matters. 

2.2.4 Key Processor Privilege Certificate Manager 

As the KP Privilege Certificate Manager, NCOR personnel: 

accept and validate requests for KP Privilege Certificates; 

 

 

create, sign and distribute KP Privilege Certificates; and 

maintain configuration control of KP Privilege Certificates. 

2.3 Central Office of Record 

A COR is an entity within a GC department, which is responsible for overseeing the 

management and accounting of COMSEC material held by COMSEC Accounts subject to its 

oversight. NCOR will establish a COR in a GC department upon approval from COMSEC Client 

Services at CSEC that sufficient justification for a COR exists. A COR can only be established 

by receiving delegated authorities from the NCOR to administer the regulatory processes of this 

directive within its own department. 

NOTE: CSEC has established the Department of National Defence (DND) Canadian Forces 

COMSEC Support Unit (CFCSU) as a COR. Throughout this directive, the combined 

term NCOR/COR will mean NCOR (or COR if applicable). 

2.4 National Distribution Authority 

The NDA is the entity at CSEC responsible for the movement (receipt and distribution) of ACM 

in and out of the country. It is also responsible for: 

 

 

 

 

 

storing a limited amount of ACM for eventual distribution; 

storing contingency key material, in the event of system failure; 

holding the National Cryptographic Equipment Reserve (NCER); 

receiving ACM for disposal or out-of-country repair or transfer; 

receiving and redistributing allied ACM; 


Control System

UNCLASSIFIED 


 

 

receiving damaged or defective ACM being returned to CSEC for technical evaluation; 

and 

generating and distributing electronic key, as required. 

2.5 COMSEC Accounts 

GC departments must establish a COMSEC Account before receiving COMSEC material. 

Normally, only one COMSEC Account is established at each GC department. However, if 

sufficient justification exists, COMSEC Client Services at CSEC may approve the establishment 

of additional COMSEC Account(s) within a GC department. COMSEC Accounts may establish 

COMSEC Sub-Accounts and may register Local Elements. Each COMSEC Account is assigned 

by NCOR/COR a unique EKMS ID. 

The minimum COMSEC Account personnel requirements include: 

a DCA 

a COMSEC Custodian, and 

at least one Alternate COMSEC Custodian. 

NOTE 1: For COMSEC Accounts requiring Two-Person Integrity (TPI) or No Lone Zone 

(NLZ) controls, more than one Alternate COMSEC Custodian is recommended. 

NOTE 2: Refer to Chapter 3 for requirements applicable to personnel roles and responsibilities 

and Chapter 4 for information on establishing COMSEC Accounts. 

2.6 COMSEC Sub-Accounts 

GC departments may establish COMSEC Sub-Accounts to assist with the control of COMSEC 

material. The COMSEC Sub-Account: 

 

 

 

 

 

 

will be assigned a unique EKMS ID by the parent COMSEC Account Custodian; 

must have a COMSEC Sub-Account Custodian and at least one Alternate COMSEC 

Sub-Account Custodian; 

must exchange COMSEC material and accounting transactions only with its own GC 

parent COMSEC Account; 

must not hold COMSEC material to which the parent COMSEC Account cannot have 

access; 

must register Local Elements; and 

must not establish transactions with other COMSEC Sub-Accounts. 

NOTE: CSEC is responsible for establishing COMSEC Sub-Accounts within the private 

sector. 


Control System

UNCLASSIFIED 

2.7 Local Elements 


Local Elements are individuals who are authorized to hold and use COMSEC material. Local 

Elements do not have their own EKMS ID. They share the EKMS ID of the COMSEC Account 

or COMSEC Sub-Account at which they are registered. Local Elements are authorized to 

exchange COMSEC material only with the COMSEC Account or COMSEC Sub-Account at 

which they are registered. Local Elements are not authorized to re-loan COMSEC material to 

other Local Elements except through their own COMSEC Account Custodian or COMSEC Sub- 

Account Custodian. 


Control System

UNCLASSIFIED 




Control System

UNCLASSIFIED 

3 Personnel 


3.1 Roles and Responsibilities 

All COMSEC Account personnel and other personnel requiring access to COMSEC material 

must be Canadian citizens (including dual nationality) (see Article 3.2.1, Article 6.3.3.4 and 

Chapter 8 for additional detail). Except for private sector COMSEC Sub-Accounts, COMSEC 

Account personnel must be an employee of the GC department registered to the COMSEC 

Account. 

3.1.1 Deputy Head 

Deputy Heads of GC departments are responsible for implementing this directive. 

3.1.2 Departmental Security Officer 

The DSO is appointed by the department Deputy Head. Among other duties, as listed in the PGS, 

the DSO is responsible to manage the departmental security program. For more detail on the 

roles and responsibilities of the DSO, consult the Directive on Department Security Management 

(DDSM). 

3.1.3 Departmental COMSEC Authority 

A DCA may be appointed by the DSO to act in his/her stead to manage the departmental 

COMSEC program. The DCA is responsible for developing, implementing, maintaining, 

coordinating and monitoring a departmental COMSEC program that is consistent with the PGS 

and its operational standards. Additionally, the DCA is responsible for the overall control of 

COMSEC material that has been charged to the departmental COMSEC Account. Refer to the 

DCA Quick Reference Guide for an overview of the DCA responsibilities associated with the 

control of COMSEC material. 

NOTE: In departments where a DCA is not appointed, the DSO must assume the role and 

responsibilities of the DCA. 

3.1.3.1 Separation of Duties 

The DCA, or any other individual within the GC department fulfilling the role of the DCA, may 

not be appointed as a COMSEC Custodian, Alternate COMSEC Custodian, COMSEC Sub- 

Account Custodian or Alternate COMSEC Sub-Account Custodian. 

COMSEC Custodian personnel must not be designated to more than one COMSEC Account or 

COMSEC Sub-Account at the same time. 

Personnel October 2011 11

UNCLASSIFIED 


3.1.4 COMSEC Custodian 

COMSEC Custodians are responsible for the generation, receipt, custody, distribution, 

disposition or destruction, and accounting of COMSEC material entrusted to their COMSEC 

Account or Sub-Account in accordance with this directive. COMSEC Custodians are also 

responsible for providing their departmental users with COMSEC equipment troubleshooting 

support and guidance on the use of key material. Refer to the COMSEC Custodian Quick 

Reference Guide for an overview of the COMSEC Custodian responsibilities. 

3.1.5 Alternate COMSEC Custodian 

The Alternate COMSEC Custodian assists the COMSEC Custodian in the day-to-day activities 

of the COMSEC Account or Sub-Account and performs the duties of the COMSEC Custodian in 

the temporary absence of the COMSEC Custodian. Refer also to the same COMSEC Custodian 

Quick Reference Guide mentioned in Article 3.1.4. 

3.1.6 COMSEC Sub-Account Custodian 

COMSEC Sub-Account Custodians are responsible for the generation, receipt, custody, 

distribution, disposition or destruction, and accounting of COMSEC material entrusted to their 

COMSEC Sub-Account in accordance with this directive. COMSEC Sub-Account Custodians 

are also responsible for providing their authorized users with COMSEC equipment 

troubleshooting support and guidance on the use of key material. Refer also to the same 

COMSEC Custodian Quick Reference Guide mentioned in Article 3.1.4. 

3.1.7 Alternate COMSEC Sub-Account Custodian 

The Alternate COMSEC Sub-Account Custodian assists the COMSEC Sub-Account Custodian 

in the day-to-day activities of the COMSEC Sub-Account and performs the duties of the 

COMSEC Sub-Account Custodian in the temporary absence of the COMSEC Sub-Account 

Custodian. Refer also to the same COMSEC Custodian Quick Reference Guide mentioned in 

Article 3.1.4. 

3.1.8 Local Element 

A Local Element is an individual who is authorized to hold and use COMSEC material. A Local 

Element is personally responsible for the control, safeguarding and disposition of COMSEC 

material entrusted to he or she, in accordance with the control and handling instructions provided 

by their COMSEC Account or Sub-Account Custodian. 

12 October 2011 Personnel

UNCLASSIFIED 


3.1.9 Controlling Authority 

Controlling Authorities (CAs) must be appointed by the DCA to establish and maintain order, 

supervise cryptographic logistics and respond to security issues affecting a cryptographic 

network (cryptonet) that has been established to protect the electronic communication of 

classified and PROTECTED C information. 

All cryptonets require an appointed CA to manage the operational use of the key material 

assigned to the cryptonet and to develop a Key Material Support Plan (KMSP) before it can be 

given authority to operate. Refer to the Directive for the Use of CSEC-Approved COMSEC 

Equipment and Key on a Telecommunications Network (ITSD-04) for complete detail on the 

responsibilities of the CA and how to prepare a KMSP. 

3.1.10 Other Authorized Users 

In certain instances, individuals such as shift workers and technicians may require short term 

(immediate) access to COMSEC material. Before allowing this access, the individual who is 

personally responsible for the COMSEC material must confirm with the DCA, COMSEC 

Custodian or COMSEC Sub-Account Custodian that the user requiring access: 

 

 

 

 

 

 

is a Canadian citizen (including dual nationality); 

has a need-to-know, has been COMSEC briefed and possesses the required security 

clearance or reliability status; 

signs for and maintains constant personal surveillance of the COMSEC material until it is 

returned (refer to Article 6.2); 

does not store the COMSEC material and returns it for lock-up when not under positive 

personal possession; 

does not transport the COMSEC material to another work area or building without 

consent; and 

understands what constitutes a COMSEC incident or potential COMSEC incident. 

3.1.11 Key Ordering Personnel 

The DCA is responsible to appoint key ordering personnel and establish their privileges to 

submit orders for key material. In addition to their regular responsibilities, COMSEC custodial 

staff can also be appointed to handle key ordering responsibilities. 

NOTE: Refer to the Cryptographic Key Ordering Manual (ITSG-13) for key ordering 

requirements. 


UNCLASSIFIED 


3.1.12 Witness 

Sight inventory of COMSEC material and most types of destruction (see Article 12.5.1.3) must 

be witnessed. The witness would normally be an Alternate COMSEC Custodian; however, 

another appropriately cleared and COMSEC briefed individual may act as a witness when an 

Alternate COMSEC Custodian is not available. The COMSEC Custodian (or other personnel) 

who asks an individual to serve as a witness must ensure that the individual is fully conversant 

with the responsibilities of being a witness. The witness must not sign any documentation 

without having personally sighted the COMSEC material being inventoried or destroyed. 

3.2 Personnel Selection and Training 

3.2.1 Selection of COMSEC Custodians/Alternate COMSEC Custodians, 

COMSEC Sub-Account Custodians/Alternate COMSEC Sub-Account 

Custodians 

The DCA must carefully screen individuals who have been selected to become a COMSEC 

Custodian, Alternate COMSEC Custodian, COMSEC Sub-Account Custodian or Alternate 

COMSEC Sub-Account Custodian to ensure that each proposed individual: 

 

 

 

 

 

 


possesses a security clearance at least equal to the highest sensitivity of the COMSEC 

material held in the COMSEC Account; 

is a responsible individual who is qualified to assume the duties and responsibilities of 

COMSEC Custodian, Alternate COMSEC Custodian, COMSEC Sub-Account Custodian 

or Alternate COMSEC Sub-Account Custodian; 

is in a position or level of authority which would permit the individual to exercise proper 

jurisdiction in fulfilling the responsibilities of the position; 

has not previously been relieved of COMSEC Custodian, Alternate COMSEC Custodian, 

COMSEC Sub-Account Custodian or Alternate COMSEC Sub-Account Custodian duties 

for reasons of negligence or non-performance of duties; and 

will not be assigned duties that would interfere or conflict with the duties as COMSEC 

Custodian, Alternate COMSEC Custodian, COMSEC Sub-Account Custodian or 

Alternate COMSEC Sub-Account Custodian. 

3.2.2 COMSEC Training 

3.2.2.1 General 

Appointments of COMSEC Account personnel in Article 3.2.1 require that each appointee have 

completed CSEC-approved training before starting the role or as soon as possible (next available 

course) following the appointment. 


UNCLASSIFIED 


NOTE: Training can be delayed only in extenuating circumstances (e.g. no formal course 

available prior to appointment). If training has to be delayed, COMSEC Client 

Services should be contacted for additional instruction. 

3.2.2.2 Schedules and Registration 

Course schedules and registration information are available from the IT Security Learning 

Centre (ITSLC), at CSEC. 

NOTE 1: Personnel attending courses requiring access to ACM will be COMSEC briefed by 

ITSLC staff at the outset of the course. 

NOTE 2: Due to technological, procedural and standards advances, former COMSEC staffs, 

who have not performed COMSEC related duties for more than two years, must 

attend formal COMSEC training. 

3.2.2.3 Formal COMSEC Custodian Course 

COMSEC Custodians require formal training. The DCA must ensure that each new COMSEC 

Custodian and Alternate COMSEC Custodian attends the formal COMSEC Custodian course 

before or as soon as possible following the appointment. Other departmental personnel who use 

or are responsible for the control of COMSEC material may also attend this course. 

3.2.2.4 Interim COMSEC Custodian Training 

Where formal training is unavailable prior to appointment or when a new COMSEC Custodian 

or Alternate COMSEC Custodian is unable to attend, due to extenuating circumstances, the 

formal COMSEC Custodian training course before the appointment, the DCA or the COMSEC 

Custodian, as applicable, must provide interim training. If interim training cannot be provided, 

contact NCOR to arrange for interim training assistance. 

3.2.2.5 COMSEC Accounting System Training 

Before installing CSEC-approved accounting software packages, COMSEC Custodians and 

Alternate COMSEC Custodians must attend formal training. Other COMSEC Account personnel 

may also attend this course. 

3.2.2.6 COMSEC Equipment Training 

Before using COMSEC equipment and to the extent possible, COMSEC Custodians and 

Alternate COMSEC Custodians should attend formal COMSEC equipment training courses. 

Local Elements may also attend these courses. 


UNCLASSIFIED 


3.2.2.7 Other Training Courses 

CSEC offers additional training courses that will assist COMSEC Account personnel in the use 

and protection of COMSEC material or increase their knowledge on the basic concepts of 

IT security and cryptography. 

3.2.2.8 COMSEC Sub-Account and Local Element Training 

COMSEC Custodians are normally responsible for training their COMSEC Sub-Account 

personnel and Local Elements. However, COMSEC Sub-Account personnel and Local Elements 

may attend the formal COMSEC Custodian training course provided by CSEC. 


UNCLASSIFIED 


4 Management of COMSEC Accounts 

4.1 Establish COMSEC Account 

4.1.1 Request Establishment of COMSEC Account 

GC departments requiring COMSEC material must submit a request to COMSEC Client 

Services at CSEC for the establishment of a COMSEC Account. The request must include: 

a letter containing – 

o justification for the requirement to hold COMSEC material 

o interoperability (beyond department) requirements 

o highest security classification of the COMSEC material, and 

o statement that the minimum physical security standards of this directive can be met 

for the highest level of sensitivity of COMSEC material to be held; and 

the following forms – 

o Account Registration, to identify the department, location and COMSEC custodial 

staff being appointed 

o Appointment Certificate, for each individual to be appointed to the COMSEC 

Account, including the DCA, the COMSEC Custodian and at least one Alternate 

COMSEC Custodian, and 

o COMSEC Signing Authority Form, also called the COMSEC Courier Certificate, to 

provide records of COMSEC Account personnel or any additional departmental staff 

who are authorized to receive and sign for COMSEC material. Only COMSEC 

Custodial staff members are authorized to open parcels and sign COMSEC material 

reports. 

4.1.2 Approve Establishment of COMSEC Account 

Before validating a request to open a COMSEC Account, a CSEC representative(s) will visit the 

GC department to verify that the physical security requirements of this directive (refer to 

Chapter 9) can be met and that COMSEC Account personnel have been COMSEC briefed. 

Following validation of the request, NCOR/COR will provide written approval for the request 

including: 

the assigned EKMS ID 

confirmation of the name of the DCA 

 

verification of the appointment of the COMSEC Custodian and the Alternate COMSEC 

Custodian(s), and 

Management of COMSEC Accounts October 2011 17

UNCLASSIFIED 


 

a list of publications required to effectively manage the COMSEC Account. 

4.1.3 Establish COMSEC Sub-Accounts 

The DCA may establish COMSEC Sub-Accounts to assist with the control of COMSEC material 

within the department. The DCA must implement procedures for opening a departmental 

COMSEC Sub-Account based upon the direction contained herein. 

4.1.4 Register Local Elements 

COMSEC Custodians and COMSEC Sub-Account Custodians must register Local Elements 

before authorizing their access to or use of COMSEC material (refer to Article 6.3.3.4). The 

registration of Local Elements must include at a minimum a record of the full name, title or 

designator, location and phone number. 

4.2 Establish COMSEC Account Files and Records 

4.2.1 Administrative Files 

The COMSEC Custodian must establish and maintain administrative files containing 

documentation related to the COMSEC Account, including: 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

courier, mail and package receipts 

correspondence 

IT Security Alerts (ITSA) 

IT Security Bulletins (ITSB) 

IT Security Approvals for Use (ITS AFU) 

Account Registration Forms 

Appointment Certificates 

Security Screening Certificates 

COMSEC Briefing Certificates 

COMSEC Signing Authority Forms 

COMSEC Incident Initial Reports 

COMSEC Account Audit Reports 

related files for each COMSEC Sub-Account (if applicable), and 

other relevant documentation. 

18 October 2011 Management of COMSEC Accounts

UNCLASSIFIED 


4.2.2 Accounting Files 

The COMSEC Custodian must establish and maintain accounting files (paper or electronic as is 

appropriate for the authorized accounting system being employed) that include: 

 

 

 

a copy of all accounting reports (see Chapter 6), records, registers and logs with 

appropriate physical or digital signatures; 

a copy of all inventory reports (see Chapter 13); and 

IP accounting records (if applicable). 

4.2.3 Communications Security Establishment Canada-Approved Accounting 

Sub-Systems 

CSEC has approved the use of several automated accounting/management systems to 

accommodate the minimum security requirements of the NCMCS. These systems employ 

terminology and procedures that are quite distinct from each other. Each department is 

responsible for ensuring that its custodial personnel are trained in the use of its CSEC-approved 

automated system and are familiar with the terms used by the respective software to describe the 

NCMCS activities detailed in this directive. Manual inventory systems (e.g. CSEC 417 cards) 

must not be the sole mechanism used by COMSEC Accounts for managing COMSEC Account 

inventories. Contact COMSEC Client Services at CSEC for list of approved systems or for 

requests for approval of new systems. 

The NCMCS and supporting sub-systems must be classified minimally to PROTECTED A with 

additional appropriate classification to meet special inventory requirements (see Article 4.2.5) 

and any other classified information stored on the system. 

4.2.4 Retention/Disposition of Records and Files 

All inactive or archived COMSEC Account records and files must be retained for a period of no 

less than five years by the COMSEC Custodian (or responsible DCA), after which they may be 

destroyed or forwarded to NCOR/COR for disposal. 

4.2.5 Classification of Records and Files 

COMSEC Account records and files must be marked “PROTECTED A” unless they contain: 

classified information (e.g. effective dates, classified long titles or remarks), in which case 

it must be marked in accordance with the sensitivity of the content; or 

a list containing COMSEC material that was provided by a United Kingdom (U.K.) 

source, in which case the list must be classified at least to the minimum standard that the 

U.K. is handling the material. 


UNCLASSIFIED 


NOTE: 

Contact NCOR/COR if assistance is required in properly classifying these 

records, files and reports. 

4.2.6 Access to Records and Files 

The COMSEC Custodian must limit access to COMSEC Account records and files to individuals 

who have a need-to-know and possess the appropriate security clearance or reliability status. 

Access to COMSEC Account records and files by individuals other than the COMSEC 

Custodian or Alternate COMSEC Custodian must be closely monitored. 

4.3 Changes to COMSEC Accounts 

4.3.1 Changes to COMSEC Account Registration Information 

COMSEC Custodians must promptly post changes to COMSEC Account registration 

information (e.g. mailing and shipping addresses, phone numbers) to the Directory Server or 

submit them to NCOR/COR. The Account Registration form is to be used to submit these 

changes. 

4.3.2 Changes to the COMSEC Signing Authority Form (CSEC/CSTC-599) 

The COMSEC Custodian must submit a new COMSEC Signing Authority Form to NCOR/COR 

annually and whenever there is a change of personnel or other information. The COMSEC 

Signing Authority Form contains the names, telephone numbers and signatures of COMSEC 

Account personnel and any additional departmental staff who are authorized to sign for 

shipments containing COMSEC material. 

4.3.3 Change of Personnel 

Before the departure of currently appointed COMSEC Account personnel, the DCA must 

provide NCOR/COR with an Appointment Certificate, including: 

 

 

the new COMSEC Account personnel information completed; and 

the “Termination of Appointment” section completed for the individual being replaced. 

The DCA or COMSEC Custodian, as applicable, must ensure the new appointee receives a 

COMSEC briefing. 

4.3.4 Scheduling the COMSEC Custodian Changeover 

The changeover of COMSEC Custodians should be scheduled at least 40 calendar days in 

advance of the COMSEC Custodian’s departure date. The current COMSEC Custodian and the 

individual being appointed as the new COMSEC Custodian must conduct an inventory of the 

COMSEC material held in the COMSEC Account as detailed in Chapter 13 of this directive. 


UNCLASSIFIED 


The departing COMSEC Custodian is not relieved of responsibility for COMSEC material 

involved in any unresolved discrepancy until all discrepancies are resolved. 

4.3.5 Conversion of a COMSEC Sub-Account to a COMSEC Account 

The DCA must submit a letter to COMSEC Client Services at CSEC requesting the 

establishment of new COMSEC Account in accordance with Article 4.1.1. The letter must 

contain justification for the conversion of the COMSEC Sub-Account to a COMSEC Account. 

Upon approval of the conversion, NCOR/COR will provide accounting instructions. 

4.3.6 Change of Classification Level of a COMSEC Account 

The DCA must submit a written request to COMSEC Client Services at CSEC requesting a 

change in the level of classification for the COMSEC Account. The request must include a 

justification for the requirement and indicate the new level of classification requested. 

When requesting a lower level of classification, COMSEC Client Services will provide written 

approval once NCOR/COR has confirmed that the COMSEC Account holds COMSEC material 

at, or lower than, the requested classification. 

When requesting to upgrade the classification level of a COMSEC Account, COMSEC Client 

Services will provide written approval once a CSEC representative has visited the COMSEC 

Account to verify that the physical security requirements of this directive can be met. The 

COMSEC Account must not receive COMSEC material at the higher level until approval of the 

change of classification level has been granted. 

4.3.7 Absence of COMSEC Custodial Staff 

4.3.7.1 Temporary Absence of COMSEC Custodian 

In the absence of the COMSEC Custodian for a period of 60 calendar days or less, the DCA 

must ensure the Alternate COMSEC Custodian assumes the responsibilities and duties of the 

COMSEC Custodian. 

4.3.7.2 Temporary Absence of Alternate COMSEC Custodian 

In the absence of the Alternate COMSEC Custodian for a period of 60 calendar days or less, the 

DCA must ensure the second Alternate COMSEC Custodian assumes the responsibilities and 

duties. Where no second Alternate COMSEC Custodian has been appointed, the DCA must 

appoint one. 

4.3.7.3 Absence Longer then 60 Calendar Days 

An absence of more than 60 calendar days must be treated as a permanent absence, and the DCA 

must appoint a new COMSEC Custodian or Alternate COMSEC Custodian, as applicable. 


UNCLASSIFIED 


4.3.7.4 Unexplainable Departure of COMSEC Custodian or Alternate COMSEC 

Custodian 

In the case of an unexplainable (does not include death, serious illness, short notice personnel 

transfer) sudden, indefinite or permanent departure of the COMSEC Custodian or Alternate 

COMSEC Custodian, the DCA must take the following steps: 

a. Immediately report the circumstances of any departure in accordance with Chapter 16 of 

this directive. 

b. Appoint a new COMSEC Custodian or Alternate COMSEC Custodian as required. 

c. Ensure the combinations and the keys of containers and vaults are changed. 

d. Ensure the new COMSEC Custodian or Alternate COMSEC Custodian immediately 

conducts an inventory (see Chapter 13) with an appropriately cleared witness,. 

e. Ensure the COMSEC Account audit is conducted by the appropriate authority. 

4.4 Closing a COMSEC Account 

When a COMSEC Account no longer has a requirement to hold COMSEC material, the DCA 

must provide COMSEC Client Services at CSEC with a written request to close the COMSEC 

Account and must include Termination Certificates for all COMSEC Account personnel. 

The COMSEC Custodian will transfer all ACM currently held in the COMSEC Account to 

another COMSEC Account, or destroy it (if authorized), and forward all accounting reports as 

well as a signed “zero balance” inventory to NCOR/COR. 

Once NCOR/COR has confirmed receipt of the Termination Certificates, confirmed that the 

COMSEC Account no longer holds any COMSEC material and has updated the COMSEC 

Account status in the EKMS Directory Server to “closed”, COMSEC Client Services at CSEC 

will issue a letter to the DCA, officially closing the COMSEC Account. 

The DSO will ensure that all COMSEC Account files are retained for a period of five years and 

then dispose of them in accordance with the direction at Article 4.2.4. 

4.5 Closing a COMSEC Sub-Account 

When it is determined that the requirement for a COMSEC Sub-Account no longer exists, the 

DCA must take the following steps: 

a. Direct the COMSEC Sub-Account Custodian to return to the parent COMSEC Account, or 

destroy (if authorized), all COMSEC material held by the COMSEC Sub-Account and 

submit a signed “zero balance” Inventory Report (refer to Chapter 13). 

b. Provide the parent COMSEC Account with a Termination Certificate for all COMSEC 

Sub-Account personnel. 


UNCLASSIFIED 


4.6 Suspension of a COMSEC Account 

4.6.1 General 

COMSEC Accounts are audited at least once every 18 months (refer to Article 15.4.1). In rare 

cases, due to the severity of account infraction(s) or the effect that poor account management 

could have on other government departments or allies, NCOR/COR, in consultation with the 

DSO, may authorize the DCA to temporarily suspend a COMSEC Account. NCOR/COR may also 

initiate an account suspension. A COMSEC Account may be suspended if: 

 

 

the DCA fails to take action to correct serious deficiencies reported in the COMSEC 

Account Audit Report or fails to submit a Statement of Action form showing that 

corrective action is underway; or 

the number of security violations or reporting and management practices at the account 

demonstrates a continued disregard for COMSEC policy and procedures. 

NOTE: Any suspension, regardless of how temporary, may severely impact the COMSEC 

Account activities. 

4.6.2 Suspension 

A COMSEC Account whose status is “suspended” will cease to have COMSEC material 

transferred in or transferred out. The custodial staff will remain in place to conduct all other 

normal activities within the account, including the corrective action that would lead to the lifting 

of the suspension. 

NOTE: NCOR/COR will inform the DSO, the DCA and the Departmental COMSEC 

Custodian that, transfers to and from the account will be suspended. The notification 

will include a list of the discrepancies that caused the suspension, the corrective action 

needed to allow the lifting of the suspension and a target completion date. 

4.6.3 Lifting Suspension 

Upon receipt of the Statement of Action form, which certifies that corrective action has been 

completed (or is underway), CSEC may lift the suspension. Before lifting the suspension, CSEC 

will conduct another audit of the account to ensure that conditions have been rectified. 

Upon lifting the suspension, NCOR/COR will notify other affiliated or affected organizations or 

accounts, and transfers of COMSEC material to and from the account will resume. 


UNCLASSIFIED 




UNCLASSIFIED 


5 Identification of COMSEC Material 

5.1 Long Title 

The long title provides a general description of the COMSEC material. In some cases, long titles 

may be classified. 

5.2 Short Title 

A short title must be assigned to COMSEC material at its point of origin for accounting 

purposes. The short title is an identifying combination of letters or digits that consists of a 

maximum of 24 alphanumeric characters. For some CSEC-approved accounting/management 

systems (see Article 4.2.3), special characters (e.g. /, -, * or #) are not allowed. For these 

systems, the special characters that may appear on ACM short titles, COMSEC equipment 

nameplates and COMSEC publications are replaced with a space. The individual short titles of 

COMSEC material are UNCLASSIFIED. For further details on short titles, refer to the Short 

Title Nomenclature in Canada (ITSG-09) 1 . 

5.3 Edition 

COMSEC material may be identified by a unique alphabetic or numeric designator. COMSEC 

material may be time sensitive and is superseded when the next edition becomes effective. Refer 

to ITSG-13 for more information on editions. 

5.4 Accounting Number 

5.4.1 Assignment of Accounting Number 

COMSEC material may be assigned a unique accounting serial or register number at the point of 

origin to facilitate accounting (see Article 5.5 for a description of the relationship between 

accounting numbers and the ALC). Serial numbers are used with CCI and COMSEC equipment, 

while register numbers are used for any other material requiring an accounting number. 

5.4.2 Local Accounting Identifier 

The COMSEC Custodian may assign a local accounting identifier to COMSEC material that is 

accounted for by quantity. This local accounting identifier must not be used as an accounting 

number on a COMSEC Material Report. It may be entered in the remarks column of the 

COMSEC Material Report. 

1 ITSG-09 is available upon request through COMSEC Client Services at CSEC. 

Identification of COMSEC Material October 2011 25

UNCLASSIFIED 


5.4.3 Unique Accounting Numbers for Electronic Key 

Unique accounting numbers for electronic key are not required when: 

all copies of the key within a particular short title and edition are the same; 

each copy can be individually controlled without the use of a unique accounting number; 

or 

the CA for the short title has determined that the key does not need to be copy-controlled 

through the use of unique accounting numbers. 

5.5 Accounting Legend Code 

5.5.1 Description 

The ALC is a numeric code assigned by the originator of the COMSEC material to indicate its 

accounting and reporting requirements. The ALC is recorded on all COMSEC Material Reports 

but does not normally appear on the COMSEC material itself. The ALC assigned by the 

originator must not be changed without authorization from COMSEC Client Services at CSEC. 

Authorized changes to ALCs must be managed through NCOR/COR, as noted in Chapter 6. 

NOTE 1: If the accountability of the COMSEC material is in question, contact NCOR/COR. 

NOTE 2: ALC 3 and ALC 5 are no longer used. 

5.5.2 Entry of COMSEC Material into National COMSEC Material Control System 

Whenever COMSEC material is assigned an ALC, it must be entered into the NCMCS. This 

COMSEC material must be controlled in the NCMCS until it is authorized for destruction or 

other disposition, or the appropriate authority removes the accountability requirement. A 

COMSEC Material Report is used to enter COMSEC material into the NCMCS in circumstances 

described at Article 6.3.4. 

5.5.3 Accounting Legend Code 1 COMSEC Material 

ALC 1 is assigned to physical COMSEC material that is subject to continuous accountability to 

NCOR/COR by short title and accounting number. ALC 1 COMSEC material will include: 

some unclassified and all classified physical key material marked CRYPTO; 

all cryptographic equipment approved for classified processing; 

CCI; 

 

classified cryptographic software and firmware that are the functional equivalents of, or 

emulate, COMSEC equipment operations and cryptography; and 

26 October 2011 Identification of COMSEC Material

UNCLASSIFIED 


 

classified full maintenance manuals and depot maintenance manuals (and their printed 

amendments), which contain crypto-information. 


ALC 2 is assigned to physical COMSEC material that is subject to continuous accountability to 

NCOR/COR by short title and quantity. ALC 2 COMSEC material may include: 

 

 

 

classified and CCI components (e.g. modular assemblies, printed wiring 

assemblies [PWA], integrated circuits [IC], microcircuits, microchips, permuters) 

intended for installation (but not installed) in COMSEC equipment; 

specific COMSEC devices; and 

COMSEC publications. 


ALC 4 is assigned to physical COMSEC material that, following initial receipt to the distributing 

COMSEC Account, is locally accountable by the receiving COMSEC Account by short title and 

quantity, or by short title and accounting number. ALC 4 COMSEC material may include: 

 

 

 

unclassified or classified COMSEC publications dealing with a cryptographic subject 

(e.g. classified maintenance manuals); 

protected and unclassified key material (e.g. test, maintenance and training key); and 

other unclassified or classified COMSEC material which, due to the nature of the 

COMSEC information it contains, requires accountability within the NCMCS. 


ALC 6 is assigned to electronic key tracked by the GC EKMS and is subject to continuous 

accountability to NCOR/COR, as determined by the controlling authority for the key and by the 

doctrine specific to the equipment, where applicable. ALC 6 may be assigned to electronic key: 

intended to protect information having long-term intelligence value (e.g. TOP SECRET); 

used to protect other keys (e.g. key encryption key [KEK]); 

used for joint or combined interoperability; 

marked “CRYPTO”; 

used to generate other electronic keys (e.g. key production key); and 

generated from ALC 1 physical key material. 


UNCLASSIFIED 



ALC 7 is assigned to electronic key tracked by the GC EKMS that is locally accountable to the 

generating COMSEC Account until final disposition. 

5.6 Types of COMSEC Material 

5.6.1 Key Material 

The term key material applies to both physical and electronic formats of key. Refer to ITSG-13 

for additional information on key material. 

5.6.2 COMSEC Equipment 

COMSEC equipment is normally identified and accounted for by one short or long title, rather 

than by individual components or sub-assemblies. Whenever a component or sub-assembly that 

has been assigned an ALC is removed from its host equipment, it requires accountability within 

the NCMCS and it must be identified separately by its individual short title. Refer to the 

Canadian Cryptographic Doctrine (CCD) series for further information on specific COMSEC 

equipment. 

5.6.3 COMSEC Publications 

COMSEC publications may include: 

 

 

 

 

 

 

 

 

 

 

 

crypto-maintenance manuals 

sensitive pages of a crypto-maintenance manual 

cryptographic operating instructions 

classified full maintenance manuals 

classified depot maintenance manuals 

cryptographic logic descriptions 

drawings of cryptographic logics 

specifications describing a cryptographic logic 

other classified cryptographic and non-cryptographic operational publications 

replacement pages to the above and like publications, and 

extracts, supplements and addenda from accountable COMSEC publications. 


UNCLASSIFIED 


5.7 CRYPTO Marking 

The CRYPTO caveat is used to indicate the unique sensitivity of the COMSEC material on 

which it appears (or is otherwise identified). Items so marked must always be accounted for 

within the NCMCS. The CRYPTO marking will appear in bold letters on classified printed 

circuit boards, on the covers of printed key material, on disks, on individual key variables, and 

(as required) on equipment and tags or labels affixed to physical storage device (e.g. KSD-64) 

containing electronic key. 

5.8 Controlled Cryptographic Item Marking 

The CCI marking indicates a type of COMSEC equipment that must always be accounted for 

and controlled within the NCMCS or within a foreign nation’s formal COMSEC channels. The 

CCI category applies to specific unclassified, secure communications and information handling 

equipment, as well as associated cryptographic components and assemblies. 

In many cases, COMSEC material in the CCI category will not be assigned a short title, but will 

instead bear the manufacturer’s commercial designator. This equipment will be marked 

“Controlled Cryptographic Item” or “CCI”, and will bear a government serial number label. 

Since CCI and associated cryptographic components employ a classified cryptographic logic, it 

is only the hardware or firmware embodiment of that logic that is UNCLASSIFIED. The 

associated cryptographic engineering drawings, logic descriptions, theory of operation, computer 

programs, and related cryptographic information remain classified. 

5.9 Classification or Protected Marking 

COMSEC material may be marked or otherwise identified with a classification or protected level 

at the time it is created to indicate its storage and handling requirements. Operational key 

material is classified or protected at the sensitivity level of the information that it is intended to 

protect. 


UNCLASSIFIED 




UNCLASSIFIED 


6 Accounting Forms, Reports and Notices 

6.1 COMSEC Material Report 

The primary accounting form used for the control of COMSEC material is the multipurpose 

COMSEC Material Report (commonly referred to as the GC-223 form). This form is used to: 

 

 

 

report the change in the status of COMSEC material (e.g. transfer, issue, possession, 

generation, conversion, relief from accountability or destruction); 

report the inventory holdings of a COMSEC Account (i.e. Inventory Report); and 

provide notice of an action associated with COMSEC material (e.g. Tracer Notice). 

6.2 Local Accounting Records and Logs 

6.2.1 Handling Instructions/Disposition Record Card 

The HI/DR card is used to record the issue and destruction of individual segments of an edition 

of key tape. The HI/DR card is to be stored with its associated canister until all segments have 

been issued and destroyed. Before issuing a canister of key tape, the COMSEC Custodian must 

enter the short title and its attributes on the HI/DR card. The HI/DR card is UNCLASSIFIED, 

but becomes CONFIDENTIAL once an entry is made. The individual and witness who perform 

the destruction of key tape segments must both initial or sign the HI/DR card beside the entry 

corresponding to the segment that was destroyed. The COMSEC Custodian must review each 

HI/DR card to confirm the destruction of each key tape segment before using the record to 

prepare a Consolidated Destruction Report. 

6.2.2 Local Accounting Logs 

When the distribution or re-distribution of COMSEC material or other material specified in 

equipment doctrine can not be automatically tracked, the COMSEC Custodian must establish a 

manual accounting system to locally control and account for this material. The Crypto-Ignition 

Key (CIK) CIK Local Accounting Log is used to record the creation and distribution of locally 

accountable CIKs. The COMSEC Material Local Accounting Register may be used for local 

tracking of redistributed material. See specific system or equipment CCD for additional detail. 

Accounting Forms, October 2011 31 

Reports and Notices

UNCLASSIFIED 


6.3 COMSEC Material Reports 

6.3.1 Preparation and Distribution of COMSEC Material Reports 

General instructions for the preparation of COMSEC Material Reports can be found with the 

GC-223 form. The following articles list the specific requirements applicable to the preparation 

and distribution of each type of report. Refer to the Glossary for definitions of each type of 

COMSEC Material Reports. 

6.3.2 Transfer Report 


The distribution of COMSEC material between two COMSEC Accounts is called a transfer. 

COMSEC material being transferred must be prepared and receipted for as detailed in 

Chapter 10. The COMSEC Custodian who originates the transfer of COMSEC material remains 

accountable for the material until the signed receipt is returned to the originating COMSEC 

Account. 

Approval from the appropriate CA must be granted before COMSEC material is transferred. 

Whenever the transfer of COMSEC material is required for operational or contingency purposes, 

appropriate authorities will notify the affected COMSEC Custodians. 

COMSEC Client Services at CSEC are required to approve all transfers of COMSEC material by 

methods not pre-authorized in accordance with Article 10.5 and Table 4. 

6.3.2.2 Distribution 

The following applies to the distribution of Transfer Reports: 

 

Along with the original, prepare sufficient copies of the Transfer Report to ensure 

effective accountability – 

o Enclose the original with physical shipment. 

o If the report lists centrally-accountable COMSEC material, send a copy to 

NCOR/COR of the receiving COMSEC Account (COMSEC Accounts using an 

automated CSEC-approved accounting system will send an electronically-signed 

copy to NCOR/COR). 

o Retain a copy of the original on file until it can be replaced with a receipt signed by 

the recipient COMSEC Custodian. 

32 October 2011 Accounting Forms, 

Reports and Notices

UNCLASSIFIED 


 

When a receipt for a Transfer Report cannot be provided, the Transfer Report must be 

cancelled. For example, if a removable data storage device (e.g. floppy disk, compact 

disk, flash drive) containing the transaction was destroyed in-transit, or if physical 

COMSEC material being transferred is destroyed in-transit, or if a Transfer Report was 

prepared and circumstances cancelled the need for the COMSEC material to be 

distributed, the destination COMSEC Account Custodian would not return a receipt for 

the material. The Transfer Report may be cancelled by – 

o preparing a Cancel Distribution Transaction, and forwarding a copy to the intended 

recipient COMSEC Account and NCOR/COR; or 

o marking the Transfer Report as cancelled and forwarding a copy to the intended 

recipient COMSEC Account and NCOR/COR. 

6.3.2.3 Receipt 

To relieve the shipping COMSEC Account from accountability for the transferred material, the 

receiving COMSEC Custodian must sign the Transfer Report, make copies and distribute them 

according to the following: 

 

 

 

Return the signed original to the shipping COMSEC Custodian. 

If the report lists centrally-accountable COMSEC material, send a copy to NCOR/COR 

(COMSEC Accounts using an automated CSEC-approved accounting system will send 

an electronically-signed copy to NCOR/COR). 

Retain a signed copy of the original receipt on file. 

6.3.3 Hand Receipt 


The distribution of COMSEC material to a COMSEC Sub-Account or Local Element is called an 

issue. COMSEC material being issued may be packaged as a shipment or it may be hand 

delivered directly to an authorized recipient. Packages wrapped for shipment must be prepared in 

accordance with the direction in Chapter 10. 

6.3.3.2 Distribution 

The issuance of COMSEC material is recorded on a Hand Receipt. When distributing COMSEC 

material to a COMSEC Sub-Account or a Local Element, the COMSEC Custodian must use a 

Hand Receipt. 

Recipients must sign the Hand Receipt to certify their acceptance of the listed material, as well 

as an understanding of the handling requirements for the COMSEC material entrusted to them. 


Reports and Notices

UNCLASSIFIED 


Before signing the Hand Receipt, the recipient must inspect the COMSEC material to verify the 

accuracy of the document and to establish the condition of the material. See Chapter 10. 

Control and tracking responsibilities for issued material remains within the COMSEC Account; 

therefore, Hand Receipts are not sent to NCOR/COR. 

NOTE: Hand Receipts for COMSEC material must be reviewed annually by the COMSEC 

Custodian to ensure their accuracy and to verify the continued requirement for ACM 

by authorized end-users. 

6.3.3.3 Accountability 

Accountability for issued COMSEC material includes the issuing COMSEC Account, the 

COMSEC Sub-Account (if applicable) and the Local Element. Upon signing the Hand Receipt, 

the recipient assumes responsibility for the care and control of all material listed on the 

document; however, the recipient’s signature on a Hand Receipt does not relieve the issuing 

COMSEC Custodian from accountability for the issued material. 

6.3.3.4 Confirmation before Issue 

Before issuing COMSEC material to a COMSEC Sub-Account or a Local Element, the 

COMSEC Custodian must ensure the recipient: 

 

 

 

 

 

 

 

 

 

has a need-to-know for COMSEC material listed on the Hand Receipt; 


is cleared to the security level of the COMSEC material listed on the Hand Receipt; 

has been COMSEC briefed and has signed a COMSEC Briefing Certificate; 

has the appropriate storage facilities for the material listed on the Hand Receipt; 

has been trained on the handling, storage, use and destruction (where authorized) of the 

COMSEC material listed on the Hand Receipt; 

is aware of what constitutes a COMSEC incident; 

where necessary, has established a local accounting system that maintains strict control 

of each item of the COMSEC material listed on the Hand Receipt whenever it – 

o must be accounted for during shift work operations; or 

o is temporarily loaned to another authorized user. 

signs the Hand Receipt acknowledging the receipt of the material and understanding of 

the responsibilities associated with handling the COMSEC material listed on the Hand 

Receipt. 


Reports and Notices

UNCLASSIFIED 


6.3.3.5 Returning COMSEC Material 

COMSEC Sub-Accounts and Local Elements must return COMSEC material to the COMSEC 

Custodian if it is no longer required and is not authorized for destruction. 

COMSEC material issued to a COMSEC Sub-Account must be returned to the parent account 

that issued the material. The COMSEC Sub-Account Custodian must prepare a COMSEC 

Material Report (annotate the “OTHER” box with “Hand Receipt”) addressed to the parent 

account. 

Upon receipt and verification of the material, the COMSEC Custodian at the parent account must 

sign the COMSEC Material Report and return it to the COMSEC Sub-Account, thereby relieving 

the COMSEC Sub-Account from accountability for the returned material. 

COMSEC material issued to a Local Element must be returned to the COMSEC Account or 

COMSEC Sub-Account that issued the material. The COMSEC Custodian must prepare a Hand 

Receipt for material being returned from the Local Element. The COMSEC Custodian must 

ensure that the Hand Receipt, which lists the material being returned from the Local Element, is 

addressed to the COMSEC Account. The COMSEC Custodian’s signature on the Hand Receipt 

relieves the Local Element from accountability for the returned COMSEC material. Local 

Elements are not authorized to re-loan COMSEC material to any other Local Elements. 

6.3.4 Possession Report 


Occasionally, extraordinary circumstances dictate that COMSEC material, for which a current 

record of accountability within the NCMCS does not exist, be taken on charge at a COMSEC 

Account. 

A Possession Report is used to document the entry of COMSEC material into the NCMCS in the 

following circumstances when: 

 

 

 

 

 

COMSEC material under development or manufacture has been accepted by the GC 

(refer to Annex A); 

COMSEC material received from a foreign government or international organization 

requires accountability within the NCMCS; 

COMSEC material previously declared lost and removed from accountability is 

subsequently found; 

a COMSEC publication requiring control within the NCMCS is reproduced in whole or 

in part; 

magnetic or optical media is used to transfer or issue electronic key material; 


Reports and Notices

UNCLASSIFIED 


 

 

a non-automated COMSEC Account converts its inventory to an automated CSECapproved 

accounting system; and 

COMSEC material is in the possession of a COMSEC Account and is not listed on any 

other COMSEC Account inventory. 

6.3.4.2 Preparation and Distribution 

Authorization from NCOR/COR, is required before submitting a Possession Report. A 

Possession Report may not be created by a COMSEC Sub-Account. The Sub-Account Custodian 

must report the requirement to the parent COMSEC Account. 

The following applies to the preparation and distribution of Possession Reports: 

 

 

A brief description of why the item is being possessed must be included in either the 

Remarks column or after the “NOTHING FOLLOWS” line. 

If the report lists centrally-accountable COMSEC material, a copy must be sent to 

NCOR/COR within five working days following the creation of the report. Possession 

reports listing only ALC 4 or ALC 7 COMSEC material must be retained locally. 

6.3.5 Key Generation Report 

6.3.5.1 Privileges 

Some automated COMSEC Accounts are granted the privilege of generating electronic keys or 

importing physical key material and converting it to electronic form. These privileges are 

granted by the Privilege Certificate Manager at NCOR/COR. Whenever an electronic key is 

generated at an account, a Generation Report must be raised. 


The following applies to the preparation and distribution of Generation Reports: 

COMSEC Custodians must submit Generation Reports to NCOR/COR whenever ALC 6 

key material is generated. Imported ALC 1 physical key when converted to electronic 

form must be reported as ALC 6 key. 

COMSEC Custodians must retain copies of Generation Reports on file whenever ALC 7 

key material is generated. Imported ALC 4 physical key when converted to electronic 

form must be reported as ALC 7 key. 

 

 

COMSEC Sub-Account Custodians must submit Generation Reports to their parent 

COMSEC Account whenever ALC 6 or ALC 7 key material is generated, or when ALC 1 

or 4 physical key is imported. 

A signed copy of all Generation Reports must be retained on file. 


Reports and Notices

UNCLASSIFIED 

6.3.6 Conversion Report 



When it becomes necessary to change or correct a short title, an equipment modification number, 

or the ALC of ACM, a Conversion Report must be raised. Conversion Reports may be initiated 

by a COMSEC Custodian or by NCOR/COR. COMSEC Custodians must not initiate conversion 

activities without receiving explicit instructions from NCOR/COR. 

A Conversion Report may not be created at a COMSEC Sub-Account. The COMSEC Sub- 

Account Custodian must report the requirement to the parent COMSEC Account. 

If the automated accounting system in use at the COMSEC Account does not have the capability 

to generate a Conversion Report, contact NCOR/COR for instructions. 


In the preparation and distribution of Conversion Reports, the COMSEC Custodian: 

 

 

 

 

may raise a Conversion Report only if the material being converted is on-hand at the 

COMSEC Account; 

must send a copy to NCOR/COR if the Conversion Report lists centrally-accountable 

COMSEC material; 

must send a copy of the Conversion Report to all COMSEC Sub-Accounts that hold 

COMSEC material to be converted; and 

must retain a signed copy of the Conversion Report on file. 

6.3.7 Relief from Accountability Report 


COMSEC Custodians may seek relief from accountability for COMSEC material that has been 

irretrievably lost. Normally, an investigation will be conducted by the DCA to determine the 

injury caused by the loss and the NCIO will issue a report on the results of the investigation. 

A Relief from Accountability Report is used to document the removal of COMSEC material from 

a COMSEC Account inventory. Authorization from the NCIO is required before preparing a 

Relief from Accountability Report. 

If the automated accounting system in use at the COMSEC Account does not have the capability 

to generate a Relief from Accountability Report, contact NCOR/COR for instructions. 


Reports and Notices

UNCLASSIFIED 



The following rules apply to the preparation and distribution of Relief from Accountability 

Reports: 

 

 

 

Reference to the authority under which the COMSEC material was removed from 

accountability must be included in either the remarks column or after the NOTHING 

FOLLOWS line. 

If the report lists centrally-accountable COMSEC material, a copy must be sent to 

NCOR/COR. 

A signed copy of all Relief from Accountability Reports must be retained on file. 

6.3.8 Destruction Report 


Cryptographic material must be destroyed after it is superseded. Other COMSEC material may 

be authorized for destruction after it has served its intended purpose. A Destruction Report is 

used to document the physical destruction or electronic zeroization of COMSEC material, 

whether by authorized means or by accident, and serves to report the items’ removal from 

accountability (see Chapter 12 for complete destruction instructions). 


The following applies to the preparation and distribution of Destruction Reports: 

 

 

 

 

List, in alphanumerical order, all material that is scheduled for destruction. 

Enter the reason for the destruction (e.g. zeroized, superseded, filled in equipment 

[include the short title and serial number of the equipment], obsolete) in either the 

Remarks column or after the “NOTHING FOLLOWS” line. 

If the Destruction Report lists centrally-accountable COMSEC material, send a signed 

copy to NCOR/COR. 

A signed copy of all Destruction Reports must be retained on file. 

6.3.9 Consolidated Destruction Report 


Occasionally, COMSEC material (e.g. superseded key) is authorized for destruction by 

personnel other than the COMSEC Custodian. Except in tactical situations (operational theatres), 

such destructions must be performed in the same secure environment using the same security 

procedures required of the COMSEC Custodian. 


Reports and Notices

UNCLASSIFIED 


In such cases, the appropriate destruction documents, duly signed and witnessed, must be 

forwarded to the COMSEC Custodian. The COMSEC Custodian must compile the documents 

(e.g. HI/DR card) into a single Consolidated Destruction Report for forwarding to NCOR/COR. 


The following applies to the preparation and distribution of Consolidated Destruction Reports: 

a. Review local destruction records (e.g. HI/DR card) for accuracy, appropriate 

authorizations and required signatures. 

b. List the COMSEC material that was destroyed (and reported as destroyed on local 

accounting records) during the month. 

c. Annotate the report with “Consolidated Destruction Report”. 

d. If the report contains centrally-accountable COMSEC material, submit the report to 

NCOR/COR no later than the 16 th of the month following destruction of the key material. 

e. Retain a copy of all Consolidated Destruction Reports on file. 

6.3.9.3 Seed Key Conversion Report 

The Canadian Central Facility (CCF) generates a monthly Seed Key Conversion Report (SKCR) 

for Secure Communications Interoperability Protocol (SCIP) equipment that lists the Key 

Material Identifier (KMID) number of the key that has been converted from seed key to 

operational key. When a user initiates a secure call from authorized SCIP equipment to the 

Secure Data Network System (SDNS) Public Switched Telephone Network (PSTN)-(Integrated 

Services Digital Network (ISDN) Rekey Subsystem (SPIRS), operational key is sent to that 

user’s SCIP equipment. Once the operation is completed, the user can use their equipment to 

place secure calls to other SCIP users. A copy of the SKCR will be sent to the COMSEC 

Account Custodian on a monthly basis or upon request. The COMSEC Custodian must use the 

SKCR to verify that a Destruction Report has been completed for all KMIDs listed on the report. 

6.3.9.4 Operational Rekey Report 

The CCF generates a monthly Operational Rekey Report (ORR) that lists the KMID of keys for 

SCIP equipment that were used to place a secure call to the SPIRS. Upon initiation of a secure 

call to the SPIRS, a new operational key is downloaded to the SCIP equipment along with a 

Compromised Key List (CKL). A copy of the ORR will be sent to the COMSEC Account 

Custodian on a monthly basis or upon request. This report must be used to verify that end users 

conduct quarterly rekey calls to the SPIRS and ensure that they have the latest CKL. The 

COMSEC Custodian must use the ORR to verify that a Destruction Report has been completed 

for all KMIDs listed on the report. 


Reports and Notices

UNCLASSIFIED 


6.3.10 Inventory Report 


COMSEC Custodians are responsible for conducting inventories. During the inventory process, 

the COMSEC material held at the COMSEC Account is physically sighted and the actual 

holdings are compared to the accounting records. The inventory process is very important as it is 

sometimes the only means of discovering the loss of COMSEC material. For a complete 

description of inventories, see Chapter 13. 

A list of COMSEC Account’s holdings is recorded on an Inventory Report. 


The following rules apply to the preparation and distribution of Inventory Reports: 

NCOR/COR will prepare, for distribution to each COMSEC Account, a list of all ALC 1, 

ALC 2 and ALC 6 COMSEC material held by a COMSEC Account. This list is called an 

Inventory Report and contains all the material that the COMSEC Account has reported to 

NCOR/COR via various COMSEC Material Reports (e.g. Transfers, Receipts, 

Destructions and Possessions). 

 

 

 

 

COMSEC Custodians must prepare an Inventory Report for each Sub-Account and Local 

Element. This report must contain all ACM (i.e. ALC 1, ALC 2, ALC 4, ALC 6 and 

ALC 7) issued to each element. 

Each Local Element must conduct a physical sighting of COMSEC material in his or her 

possession, annotate the Inventory Report as required, sign and have someone else 

witness and sign the report, and then return the completed report to the COMSEC 

Custodian. The COMSEC custodian must retain a copy of each signed Inventory Report 

on file. 

The COMSEC Custodian must verify the accuracy of each returned report, resolve 

discrepancies, report COMSEC incidents (for lost items) and return the signed Inventory 

Report along with all supplemental accounting transactions to NCOR/COR. Inventory 

Reports returned to NCOR/COR must contain a compilation of all ALC 1, ALC 2 and 

ALC 6 material held at the COMSEC Account. 

A copy of all signed Inventory Reports must be retained on file. 


Reports and Notices

UNCLASSIFIED 


6.4 Accounting Notices 

6.4.1 Tracer Notice – Transfers 

If the signed Transfer Report (receipt) has not been received when due, tracer action must be 

initiated as follows: 

 

 

 

The initial tracer action may be accomplished via a documented phone call, e-mail, or by 

using an official tracer notice. 

The initiation of tracer action is dependent on the distribution method (e.g. electronic, 

courier) and whether the COMSEC Account or NCOR/COR is initiating the tracer 

action. 

In exceptional cases, when physical COMSEC material cannot be delivered and receipted 

for within the allotted time, an extension of up to 20 working days is acceptable. In such 

cases, a note must be added on the transfer report. 

6.4.2 Tracer Action by the COMSEC Custodian 

The COMSEC Custodian must ensure that a signed receipt has been received for every transfer 

initiated at the COMSEC Account as follows: 

 

Electronic Distribution. If a signed receipt for the electronic distribution of key is not 

received within five working days from the date of distribution of the COMSEC material, 

the COMSEC Custodian must initiate tracer action. 

 

If the signed receipt is not received within five working days of this initial tracer action, 

the COMSEC Custodian must notify NCOR/COR. NCOR/COR will assist the COMSEC 

Custodian in obtaining the receipt. 

Physical Distribution. If a signed receipt for the physical shipment of COMSEC material 

is not received within 10 working days from the date of shipment, the COMSEC 

Custodian must initiate tracer action. 

If the receipt is not received within 10 working days of this initial tracer action, the 

COMSEC Custodian must notify NCOR/COR. NCOR/COR will assist the COMSEC 

Custodian in obtaining the receipt. 


Reports and Notices

UNCLASSIFIED 


6.4.3 Tracer Action by National Central Office of Record/Central Office of 

Record 

6.4.3.1 Tracer Action for Transfer Reports 

If NCOR/COR has not received a signed Transfer Report (receipt) within 20 working days of the 

date on which the report was sent, NCOR/COR will send a Tracer Notice to the delinquent 

account. Up to three Tracer Notices will be sent. 

NCOR/COR occasionally receives signed receipts for Transfer Reports that have not been 

forwarded to NCOR/COR. The receipt cannot be reconciled unless the original Transfer Report 

has been processed. In such cases, NCOR/COR will immediately send a Tracer Notice for the 

missing Transfer Report. 

6.4.3.2 Tracer Action for Inventory Reports 

Tracer Notices may also be sent with respect to the Inventory process. During an inventory, 

NCOR/COR may discover that COMSEC Material Reports have not been forwarded for 

processing at NCOR/COR. 

Missing COMSEC Material Reports will result in an inability to reconcile a COMSEC 

Account’s inventory. NCOR/COR will originate tracer action for the missing COMSEC Material 

Reports. 

6.4.3.3 Failure to Respond to Tracer Notices 

Failure to respond to Tracer Notices could result in an immediate audit of the COMSEC 

Account. 


Reports and Notices

UNCLASSIFIED 


7 Special Accounting Requirements 

7.1 Drop Accounting of North Atlantic Treaty Organization and 

International COMSEC Material 

7.1.1 General Requirement 

When GC departments are entrusted with COMSEC material by a North Atlantic Treaty 

Organization (NATO) or other international authority, it must be accounted for, transported, 

stored and handled in accordance with the directive contained herein for Canadian COMSEC 

material of equivalent sensitivity. Similarly, Canada accepts that our allies will also account for, 

transport, store, and handle Canadian COMSEC material in accordance with their own national 

policy and procedures. This arrangement is known as drop accounting. There is no requirement 

for GC departments to hold the policy and procedural publications of the nation or alliance that 

provides the material, except as detailed in the following two articles. 

7.1.2 North Atlantic Treaty Organization Funded Units 

When NATO funded units such as Satellite Ground Terminals are located on Canadian territory, 

the COMSEC holdings will be entirely of NATO origin and must be accounted for, transported, 

stored, and handled in accordance with the current editions of Instructions for the Control and 

Safeguard of NATO Cryptomaterial (SDIP 293) and NATO Crypto Distribution and Accounting 

Publication (AMSG 505). 

7.1.3 North Atlantic Treaty Organization COMSEC Material Requiring Two- 

Person-Integrity Control 

Where GC departments are issued with NATO COMSEC material that requires TPI control, 

such items must be accounted for, transported, stored, and handled in accordance with the 

current edition of Policy and Procedures for the Handling and Control of Two-Person- 

Controlled NATO Security Material (AMSG 773). The format of NATO COMSEC material 

requiring TPI control is significantly different from its national equivalent and requires different 

storage and handling procedures. 

7.2 Canadian Controlled COMSEC Material Outside of the National 

COMSEC Material Control System 

COMSEC material, including CCI, must exit the NCMCS only via the NDA at CSEC. Canadian 

CCI destined for use outside of Canada must be accounted for and handled within the receiving 

foreign nation’s formal COMSEC channels. Subsequent to CSEC providing case-by-case 

authority with a foreign nation, the NDA will initiate formal transfer to a foreign nation’s 

established COMSEC Account with appropriate notification being sent to the foreign nation’s 

responsible COR. 

Special Accounting Requirements October 2011 43

UNCLASSIFIED 


NOTE 1: 

NOTE 2: 

Where a foreign private sector company or organization is involved, the COMSEC 

material, including CCI, must be transferred to an established COMSEC Account or, 

in the case of CCI under development (within established IP channels), via the 

appropriate foreign nation’s NDA, in coordination with the foreign NDA’s COR. 

COMSEC Client Services at CSEC may authorize GC departments or private sector 

companies or organizations to by-pass this channel if sufficient justification is 

provided in writing before the distribution. 

7.3 Criteria for Release of COMSEC Material to the Private Sector 

Private sector companies or organizations (including those in Canadian industry, 

universities, etc.) that require COMSEC material must have a COMSEC Sub-Account 

established by the CICA. Before the establishment of a COMSEC Sub-Account at a private 

sector institution or organization, the institution or organization must: 

 

 

 

 

have a legal agreement with the GC (i.e. a contract or pre-contractual agreement, or be a 

member of a CSEC program which requires the production or support of COMSEC 

material); 

have been granted a Facility Security Clearance (FSC) by CSEC. The FSC, which 

includes a Document Safeguarding Capability (DSC) and COMSEC Safeguarding 

Capability (CSC), must be equal to or higher than the classification or protected level of 

the COMSEC material being issued or produced; 

have a Company Security Officer (CSO), and a trained COMSEC Custodian and Alternate 

COMSEC Custodian, all approved by CSEC; and 

if receiving or producing COMSEC material items, sign an Accountable COMSEC 

Material Control Agreement (ACMCA) with CSEC. A copy of the ACMCA is found in 

ITSD-01. 

7.4 Government Furnished Equipment 

7.4.1 Government Furnished Equipment for Canadian Industry 

When transferring Government Furnished Equipment (GFE) to a Canadian industry COMSEC 

Sub-Account, the COMSEC Custodian must ensure that: 

the COMSEC material is identified as GFE on the Transfer Report; 

 

 

the contract number and Memorandum of Understanding (MOU) or Memorandum of 

Agreement (MOA), which must be identified by the client GC department’s contract 

authority, is included on the Transfer Report; and 

an appropriate ACMCA is in place for each contract. 

44 October 2011 Special Accounting Requirements

UNCLASSIFIED 


7.4.2 Government Furnished Equipment for Allied Contractors 

Transfer of GFE to or from allied contractors is handled on a case-by-case basis. Contact 

COMSEC Client Services at CSEC. 

7.5 COMSEC Material under Contract 

Refer to Annex A – Control of IP COMSEC Material for accounting and control direction 

applicable to COMSEC material under a maintenance or repair contract and COMSEC 

publications under a reproduction or translation contract. 

Special Accounting Requirements October 2011 45

UNCLASSIFIED 



46 October 2011 Special Accounting Requirements

UNCLASSIFIED 


8 Access to COMSEC Material 

8.1 Prerequisite for Access to COMSEC Material 

8.1.1 Access by Government of Canada Employees and Contractors 

Access to COMSEC material may be granted to Canadian citizens (including dual nationality) 

who: 

 

 

 

 

 

possess a valid GC security clearance or reliability status commensurate with the security 

classification of the material and information they will access; 

have a “need-to-know”; 

have been given a COMSEC Briefing; 

have signed a COMSEC Briefing Certificate; and 

are familiar with applicable COMSEC material control procedures. 

NOTE: Access by persons with Permanent Resident Status is not authorized. 

8.1.2 Access by Foreign Nationals 

Access to COMSEC material may be granted to foreign nationals (i.e. non-Canadian citizens) 

upon approval from CSEC on a case-by-case basis. Requests for such access must be submitted 

in writing to COMSEC Client Services at CSEC. 

8.2 COMSEC Briefing and COMSEC Briefing Certificate 

8.2.1 Requirements 

The DCA and COMSEC Custodian must ensure individuals requiring access to COMSEC 

material receive a COMSEC Briefing and sign a COMSEC Briefing Certificate. A COMSEC 

Briefing is required for individuals (includes, but is not limited to, COMSEC Account personnel, 

Local Elements, individuals attending CSEC and international COMSEC courses and COMSEC 

forums; and, individuals who need “user access” or “maintainer access” during installation, 

troubleshooting, repair, or physical keying of equipment) who require access to: 

COMSEC material controlled within the NCMCS; 

 

 

crypto-information which embodies, describes or implements a classified cryptographic 

logic; 

crypto-information including, but not limited to full maintenance manuals, cryptographic 

computer software (must be a continuing requirement); 

Access to COMSEC Material October 2011 47

UNCLASSIFIED 


 

 

classified IP COMSEC material or CCI and components at any phase during its 

production or development; and 

cryptographic key or logic during its production or development. 

8.2.2 Retention of COMSEC Briefing Certificates 

A COMSEC Briefing Certificate must be retained by the COMSEC Custodian for a minimum of 

two years after an individual’s authorization to access COMSEC material has ended. 

8.2.3 COMSEC Debriefings/Updates 

COMSEC debriefings are not required when access to COMSEC material is no longer required. 

Periodic or annual briefing updates are not required for active COMSEC Custodians, Alternate 

COMSEC Custodians and Local Elements. Any individual being re-appointed at the same or at a 

different COMSEC Account as a COMSEC Custodian, Alternate COMSEC Custodian or Local 

Element must be given a new COMSEC Briefing and sign a new COMSEC Briefing Certificate. 

8.3 Two Person Integrity 

TPI is a security measure designed to prevent any one person from having access to specified 

COMSEC material (e.g. TOP SECRET key material). Each individual having such access must 

be capable of detecting incorrect or unauthorized security procedures with respect to the task 

being performed. TPI-regulated storage and handling requires the use of security devices 

protected by two approved locks, Personal Identification Numbers (PINs) or passwords, with no 

one person having access to both sets of combinations, keys, PINs or passwords. 

8.4 No Lone Zone 

Certain areas in a COMSEC facility may be designated as a NLZ. A minimum of two authorized 

individuals must be in visual contact with each other at all times within a NLZ. If the departure 

of one individual would leave a single occupant, then both individuals must leave and secure the 

NLZ. 

The DCA will establish a NLZ for COMSEC Accounts that: 

receive, store, handle, use or destroy TOP SECRET key material; 

produce physical key material; or 

 

take part in the design, development, manufacture or maintenance of crypto equipment. 

48 October 2011 Access to COMSEC Material

UNCLASSIFIED 

9 Physical Security 

9.1 COMSEC Facilities 

9.1.1 Requirement 


A COMSEC facility must be established wherever COMSEC material is generated, stored, 

repaired, used or operations warrant (e.g. COMSEC Custodian work area, key distribution 

centre, repair facility). COMSEC Custodian work areas outside of established COMSEC 

facilities (e.g. temporary structures, mobile vehicles) that are not considered COMSEC facilities 

must provide the maximum possible protection from theft, compromise, damage and 

deterioration of COMSEC material and ensure access and accounting integrity is maintained. 

9.1.2 Planning and Establishing a COMSEC Facility 

When planning and establishing a COMSEC facility, the DCA should: 

 

 

 

establish the COMSEC facility in an area which provides positive control over access 

using a hierarchy of zones (refer to Article 6.2 of the TBS’ Operational Security Standard 

on Physical Security); 

produce a standard operating procedure (in conjunction with the COMSEC Emergency 

Plan) containing provisions for securely conducting facility operations; and 

ensure a Threat and Risk Assessment (TRA) is conducted before initial activation (where 

practical) and periodically thereafter based on threat, physical modifications, sensitivity of 

operations and COMSEC incident reports of a serious nature. 

9.1.3 Access Controls and Restrictions 

The COMSEC Custodian must: 

 

 

 

establish an access list for authorized individuals who have regular duty assignments in 

the COMSEC facility; 

limit unescorted access to individuals who are Canadian citizens (including dual 

nationality), whose duties require such access, and who meet the access requirements of 

Chapter 8; 

ensure all visits are recorded in a visitor log and retain the log for at least one year after 

the date of the last entry. The visitor log must contain, at a minimum: 

o date/time of arrival and departure 

o printed name 

o signature of visitor 

o purpose of visit, and 

Physical Security October 2011 49

UNCLASSIFIED 


 

 

 

 

 

o signature, including printed name, of authorized individual admitting the visitor; 

ensure visitors are continuously escorted by an individual whose name is on the access 

list; 

prohibit unauthorized personally owned devices and equipment capable of receiving and 

recording intelligible images, sound recording devices and equipment, radio transmitting 

and receiving equipment and microphones and television receivers from the COMSEC 

facility; 

post a sign to identify the area as a RESTRICTED ACCESS area; 

establish and document a daily security check procedure to ensure COMSEC material is 

properly safeguarded, and that approved physical security protection devices (e.g. door 

locks, alarm system) are functioning properly; and 

ensure unmanned facilities in areas posing a high risk of compromise are protected by an 

approved intrusion detection system and that physical checks are conducted at least once 

every 24 hours to ensure that all doors to the facility are locked and that there have been 

no attempts at forceful entry. 

9.1.4 COMSEC Facility Approval 

9.1.4.1 Initial Inspection of Facility for COMSEC Custodian Work Area 

The facility for the COMSEC Custodian work area must be approved by CSEC before the GC 

department is authorized to establish a COMSEC Account and hold COMSEC material. The 

approval will be based on a security inspection to determine if the facility meets the 

requirements for safeguarding COMSEC material as detailed in this directive, the Operational 

Security Standard on Physical Security and the applicable RCMP Physical Security Guide. 

9.1.4.2 Other Departmental COMSEC Facilities 

Where a departmental Threat and Risk Assessment (TRA) indicates the requirement for other 

COMSEC facilities (e.g. COMSEC Sub-Account, telecommunications facility, maintenance or 

repair depot), the DCA is responsible for ensuring these COMSEC facilities are established and 

approved. 

9.1.4.3 Re-inspection of COMSEC Facilities 

CSEC representatives will re-inspect the facility for the COMSEC Custodian work area during 

the audit of the COMSEC Account. The DCA must ensure other departmental COMSEC 

facilities are re-inspected periodically based on threat, physical modifications, past security 

performance and sensitivity of operations. These inspections must be conducted by individuals 

not directly involved in the installation, operations or maintenance of the facility. 

50 October 2011 Physical Security

UNCLASSIFIED 


9.1.4.4 Records of COMSEC Facility Inspections 

The inspection of a COMSEC facility must be documented and records kept on file at the 

COMSEC Account or CSEC, as applicable, for a minimum of five years. 

9.2 Secure Storage 

9.2.1 Security Containers 

COMSEC material must be stored in security containers (e.g. vaults, safes, file cabinets, etc.) 

that are approved for the classification or protected level of the COMSEC material and which 

meet the requirements of the RCMP Security Equipment Guide (G1-001). Security containers 

used for the storage of COMSEC material must be located in a security zone appropriate for the 

level of the COMSEC material. Additional information can be found at RCMP’s Physical 

Security Guides and Reports web page. 

NOTE: Brief cases are not considered storage containers and must not be used as such. 

9.2.2 Segregation of COMSEC Material in Storage 

The rules for the minimum segregation of COMSEC material in physical storage are: 

 

 

Effective editions, reserve editions and superseded key material awaiting destruction must 

be stored separately from each other in approved security containers. 

Key material or CIKs must not be stored in the same security container as the equipment 

with which they may be used. 

NOTE: In situations where space is at a premium, segregation may be accomplished using a 

locked strongbox housed within a single security container. 

9.2.3 Opening of Security Containers in Emergency Situations 

When the COMSEC Custodian and Alternate COMSEC Custodian(s) are not available to open a 

security container in an emergency, the DCA (or other designated authority) may direct the 

opening of the security container, under the following conditions: 

 

 

 

At least two individuals must be present to gain access to the combination and to open the 

security container. 

The individuals who opened the security container must prepare a written report 

(containing an inventory of the contents and the circumstances surrounding the access 

requirement) to the individual(s) in charge of the security container, after the emergency 

opening. 

The individual(s) responsible for the security container must conduct a full inventory of 

the COMSEC material and change the combination(s), immediately upon their return. 


UNCLASSIFIED 


In the event of an emergency where access is required to COMSEC material that has been 

previously issued to a Local Element who is not available, the individual requiring immediate 

access must contact either the COMSEC Custodian or Alternate COMSEC Custodian. 

9.2.4 Incidents Involving Security Containers 

In the event of a security incident (e.g. if a container or vault is found open after normal working 

hours), the individual discovering the incident must notify the COMSEC Custodian or Alternate 

COMSEC Custodian. If the COMSEC Custodian or Alternate COMSEC Custodian cannot be 

located, one of the other individuals on the list of individuals having knowledge of the 

combinations to the container must be contacted. The COMSEC Custodian and Alternate 

COMSEC Custodian must conduct a full inventory of its contents and immediately change the 

combination. 

In the event of an incident in which COMSEC material has been issued to a Local Element, the 

individual discovering the incident must contact either the COMSEC Custodian or Alternate 

COMSEC Custodian. 

9.2.5 Protecting Lock Combinations and Lock Keys 

9.2.5.1 Security Measure 

Any sign of tampering with or suspicion of compromise of a lock or its associated combinations 

(or keys) must be immediately reported to the DCA. 

9.2.5.2 Change of Combinations 

The COMSEC Custodian must ensure that combinations for locks used for the secure storage of 

COMSEC material are changed when: 

 

 

 

 

 

 

 

the lock is first put into use by the COMSEC Custodian (i.e. the manufacturer’s preset 

combination) must not be used; 

an individual knowing the combination ceases to have authorized access to the storage 

facility or the security container; 

an unauthorized individual has had access to the written record of the combination; 

the combination is known or suspected to have been compromised; 

the lock has been repaired, serviced or inspected by a person not having authorized access 

to storage facility or the security container; 

the combination has not been changed in the last 12 months; or 

the lock is temporarily or permanently taken out of use. 


UNCLASSIFIED 


9.2.5.3 Selection of Combinations 

Each lock must have a combination composed of randomly selected numbers based on the 

manufacturer’s specifications. The combination must not be a duplicate of another lock 

combination within the facility. 

9.2.5.4 Change of Key Operated Locks 

The COMSEC Custodian must ensure that key-operated locks used to secure COMSEC material 

are replaced and not re-used to secure COMSEC material when: 

an individual ceases to have authorized access to the security container; 

an unauthorized individual has had access to a key; 

the key or lock is known or suspected to have been compromised; 

 

 

the lock has been repaired, serviced or inspected by a person not having authorized access 

to the security container; or 

the lock has not been changed in the last 12 months. 

9.2.5.5 Protective Packaging of Combinations or Spare Keys 

When a combination (or key operated lock) is changed by the individual responsible for the 

security container, the COMSEC Custodian must ensure that the responsible individual has: 

a. sealed the combination numbers (or spare keys) in an opaque envelope in such a manner 

that tampering with the envelope is evident; 

b. marked the envelope with the highest classification or protected level of the material that 

the combinations (or keys) protect and listed the name and phone number of the 

individual(s) authorized access to the combinations (or keys); and 

c. given the envelope to the DCA (or other authorized individual) for secure storage in a 

storage container that meets or exceeds the classification or protected level of the material 

being protected by the combinations (or keys). 

9.2.5.6 Record of Combinations and Keys 

The COMSEC Custodian must keep a record of the name and telephone number of individuals 

having knowledge of the combinations (or hold keys) to containers in which COMSEC material 

is stored. Normally, the containers will be under the direct control of the COMSEC Custodian 

and the Alternate COMSEC Custodian(s). 


UNCLASSIFIED 


9.2.5.7 Access to and Knowledge of Combinations or Keys 

The COMSEC Custodian must ensure that only appropriately cleared and authorized personnel 

have access to, or knowledge of, combinations (or keys) that protect the COMSEC material for 

which they are accountable. Personnel with knowledge of combinations must not record and 

carry the combinations or store the records of such combinations in electronic form. Keys must 

not be stored in key presses that are accessible to any personnel other than the COMSEC 

Custodian or his/her staff. 

9.2.5.8 Combinations for Two-Person Integrity Containers and No Lone Zone 

The COMSEC Custodian must ensure that no one person may change both combinations or will 

be allowed access to or have knowledge of both combinations to a security container used to 

store COMSEC material requiring TPI control or to an area used as a NLZ. 

NOTE: Lock combinations must be classified and safeguarded at the highest classification of 

the material they protect. 

9.3 Storage of Physical Key Material 

9.3.1 Storage Requirements 

Key material not under the direct continuous control of a cleared and authorized individual (or 

individuals where applicable) must be stored in a locked, approved security container, in an area 

protected by security guards or by an intrusion-detection system (i.e. Security Zone, High 

Security Zone). Refer to Table 3 for specific requirements for the storage of key material. 

9.3.2 Key Material Held in Reserve 

The amount of key material to be held in reserve varies with the supersession rate of the key 

material. Table 2 provides a guide to the amount that should normally be held in reserve. 

Table 2 – Key Material Held in Reserve 

Supersession Rate 

Material superseded daily, ten times monthly, 

semi-monthly and monthly. 

Material superseded every two months or 

quarterly. 

Material superseded semi-annually, annually 

and irregularly. 

SDNS seed key (five year retention factor). 

Held in Reserve 

Editions effective during the current month, plus 

three months reserve. 

Effective edition plus two editions reserve. 

Effective edition plus one edition reserve. 

One seed key may be held in reserve. 


UNCLASSIFIED 


Table 3 – Storage of Physical Key Material 

Key Material 

TOP SECRET Key 

Material and other Key 

Material Requiring TPI 

Control 

SECRET, 

CONFIDENTIAL and 

PROTECTED C Key 

Material 

PROTECTED A and 

PROTECTED B Key 

Material 

UNCLASSIFIED Key 

Material 

Foreign Key Material 

Storage Requirements 

TOP SECRET key material must be stored under TPI controls in 

containers meeting the RCMP Security Equipment Guide (G1-001) 

standards. 

TOP SECRET key material that is held within a work area for 

intermittent use throughout the day may be kept under one lock in a 

NLZ. Knowledge of the combination or access to the key used to 

secure the lock must be restricted to the supervisor on duty. 

TOP SECRET key material in tactical environments, may be: 

stored in a standard, approved field safe; 

stored in a similar container secured by a combination lock meeting 

the RCMP Security Equipment Guide (G1-001) standards; or 

kept under personal custody if adequate storage facilities are not 

available. 

SECRET, CONFIDENTIAL and PROTECTED C key material must 

be stored : 

in any manner approved for TOP SECRET key material; or 

in a container approved for SECRET, CONFIDENTIAL or 

PROTECTED C material, as applicable, with an approved 

combination lock. 

PROTECTED A and PROTECTED B key material must be stored in 

any manner approved for classified key material. 

UNCLASSIFIED key material must be stored by the most secure 

means available to the authorized user provided that it will reasonably 

preclude theft, sabotage, tampering or use by unauthorized individuals. 

Foreign key material must be stored in accordance with the 

instructions for Canadian COMSEC material of equivalent sensitivity. 

UNCLASSIFIED, RESTRICTED and UNCLASSIFIED/For Official 

Use Only (U//FOUO) foreign key material marked “CRYPTO” must 

be stored as PROTECTED A (or higher) COMSEC material. 


UNCLASSIFIED 


9.4 Storage of Electronic Key Material 

Electronic key material must be stored in accordance with the applicable system or equipment 

doctrine. 

9.5 Storage of COMSEC Equipment 

9.5.1 General Requirement 

All COMSEC equipment must be stored in a manner consistent with its classification or 

protected level and security markings (e.g. CRYPTO, CCI) when not under the direct and 

continuous control of appropriately cleared and authorized personnel. COMSEC equipment may 

require special storage procedures or storage facilities. Refer to the applicable equipment 

doctrine. 

NOTE: UNCLASSIFIED COMSEC equipment and unkeyed CCI require storage that must 

provide reasonable protection from compromise, theft, tampering and damage. 

9.5.2 Preparation for Storage 

COMSEC equipment must never be stored in a keyed state, unless: 

 

 

operational requirements mandate it and no practical alternative exists; or 

keyed equipment cannot be zeroized due to malfunction or damage. 

When COMSEC equipment is stored in a keyed state, it must be stored in accordance with the 

highest classification of key loaded in the equipment. 

NOTE 1: CCI that utilize a CIK are considered keyed whenever the CIK is inserted and 

unkeyed with the CIK removed and not accessible for use by unauthorized persons. 

NOTE 2: CCI that utilize a PIN to unlock the secure mode are considered keyed whenever the 

PIN is entered. 

9.5.3 Spare or Standby Equipment 

Spare or standby COMSEC equipment that is located within a secure work area may be 

considered installed for operation. The storage requirements in the previous articles are not 

applicable to such equipment. 

9.6 Storage of COMSEC Publications 

COMSEC publications must be stored in accordance with their security classification and any 

caveat(s) or other security markings. 


UNCLASSIFIED 


10 Distribution and Receipt of COMSEC Material 

10.1 Distributing COMSEC Material 

To meet secure communications requirements, COMSEC Custodians may be directed to 

distribute COMSEC material to other NCMCS elements. It is a COMSEC Custodian’s 

responsibility to ensure that individual shipments of COMSEC material are kept to the minimum 

required to support operational requirements (including contingency operations). 

When preparing COMSEC material for distribution, the COMSEC Custodian must: 

 

 

 

 

 

 

 

verify the receiving COMSEC Account, COMSEC Sub-Account or Local Element is 

authorized to hold the COMSEC material; 

verify the security classification of the receiving COMSEC Account, COMSEC Sub- 

Account or Local Element; 

perform page checks, equipment checks and inspection of protective packaging 

immediately (no earlier than 48 hours) before packaging; 

zeroize or remove CIKs from all CCI before transportation (or, when circumstances 

warrant, keyed devices may be hand-carried by authorized GC couriers or contractor 

couriers); 

package operational and seed key material separately from its associated COMSEC 

equipment (including CCI) and transport in different vehicles on different days, unless – 

o the application or design of the equipment is such that the corresponding key material 

cannot be physically separated from it; 

o the key material is an UNCLASSIFIED maintenance key (which may be shipped in 

the same container as its associated COMSEC equipment); or 

o there are no other means available to effect delivery to support an immediate 

operational requirement; 

NOTE: When COMSEC equipment must be shipped in a keyed state or with its 

associated key material, ship the package in accordance with the 

classification of the key material or the COMSEC equipment, whichever is 

higher. 

dispatch the list of effective dates of editions of key material separately, and on different 

days, from the key material; 

package each Traffic Encryption Key (TEK) separately from its associated KEK; 

Distribution and Receipt of October 2011 57 

COMSEC Material

UNCLASSIFIED 


 

 

 

 

package components which, as a whole, comprise a cryptographic system (i.e. the 

cryptographic equipment, ancillaries, associated documentation and key variables) 

separately and transport in different shipments; 

apply TPI controls to the TOP SECRET key material during its transit unless it is 

enclosed in protective packaging and is double-wrapped, in which case only one courier is 

required; 

ensure that electronic key material is transmitted in accordance with the applicable system 

or equipment doctrine; and 

prepare a COMSEC Material Report in accordance with Chapter 6 of this directive. 

10.2 Distributing Electronic Key on Magnetic or Optical Media 

In addition to the criteria at Article 10.1, when electronic key is distributed (i.e. transferred or 

issued) on magnetic or optical media, the selected media must be controlled as a separate 

COMSEC item within NCMCS as ALC 1. The COMSEC Custodian must affix a label to the 

media similar to the example label depicted at Figure 2. The accounting number is taken from a 

“next in sequence” number log maintained by the COMSEC Custodian to record the sequential 

serial numbers of the media. The originating COMSEC Custodian must prepare and process a 

Possession Report in accordance with Chapter 6 to enter the new COMSEC material into the 

NCMCS before distributing the media (and the electronic key material). 

Two GC-223 Transfer Reports must be generated: one to account for the physical transport 

media; and, the second to account for the transfer of the electronic key that is being transported 

by the media. Both reports are signed and returned to the originating COMSEC Account. 

If unencrypted key is being transported by magnetic or optical media, the label must also display 

the CRYPTO marking and highest classification of key being transported (minimum SECRET). 

NOTE: Magnetic or optical media used for distribution of electronic key is not authorized for 

re-use. The electronic key being transported by the media must be processed and 

reconciled, and along with the transporting medium, be physically destroyed within 

three working days of receipt. 

Classification: 

SECRET (CRYPTO if applicable) 

Accounting Legend Code: ALC 4 

Short Title: 

CAKAE 4005 (+ EKMS ID) 

Accounting Number: (Unique next in sequence number) 

58 October 2011 Distribution and Receipt 

of COMSEC Material

UNCLASSIFIED 


Figure 2 – Example of Magnetic or Optical Media Label 

10.3 Tracking the Shipment of COMSEC Material 

Following the shipment of COMSEC material, the COMSEC Custodian must: 

notify the recipient, within 24 hours of shipment, of the details of the shipment and the 

estimated time of delivery; 

ensure the telephone numbers of both the shipping and the receiving COMSEC Accounts 

are listed on the waybill when COMSEC material is shipped by commercial carrier or 

Canada Post Priority Courier; 

keep a local record of the shipment; and 

 

follow-up to ensure the COMSEC material is delivered to the authorized recipient 

according to schedule and – 

o if a shipment is not received within 48 hours of expected delivery, initiate shipment 

tracer action with the carrier to determine the last known location of the shipment; 

and 

o if the location is not determined and the shipment is not recovered within 24 hours of 

the shipment tracer initiation, assume that the shipment is lost in transit and 

immediately report the loss as a COMSEC incident as detailed in Chapter 16. 

10.4 Packaging Physical COMSEC Material 


Packaging used for the distribution of physical COMSEC material will depend upon the 

material’s size, weight, shape and intended method of transport. All COMSEC material must be 

double-wrapped or otherwise encased in two opaque containers, and securely sealed (including 

seams) before its transportation. 

10.4.2 Inner Wrapping 

The inner wrapping for package(s) must be secure enough to detect tampering, guard against 

damage and be marked as follows: 

 

 

 

full addresses of both the shipping and receiving COMSEC Accounts 

highest classification or protected level of the contents 

caveat “CRYPTO” if any of the contents are so marked, and 


COMSEC Material

UNCLASSIFIED 


 

notation “TO BE OPENED ONLY BY THE COMSEC CUSTODIAL STAFF”. 

The sealed envelope containing the copies of the COMSEC Material Report may be enclosed 

inside the package or affixed to the external surface of the inner wrapping of the package. When 

more than one package is required, the envelope may be enclosed or affixed to the first package 

of the series. 

10.4.3 Outer Wrapping 

The outer wrapping must: 

be secure enough to prevent damage to the contents or inadvertent or accidental 

unwrapping; 

not bear any indication that the package contains classified or protected COMSEC 

material; 

be marked with the – 

 

o full addresses of both the shipping COMSEC Account and the receiving COMSEC 

Account 

o shipment number or authorized courier number, and 

o package number, followed by a forward slash (“/”), followed by the total number of 

the packages in the shipment (e.g. 1/3, 2/3, 3/3); and 

have all required customs documentation clearly identified and affixed to it. 

10.4.4 Types of Packaging 

10.4.4.1 Envelopes 

Double official envelopes may be used for the shipment of COMSEC material by mail or by 

courier. If the inner envelope contains cryptographic material (of any classification) or 

COMSEC material classified SECRET or above, both the inner and outer envelope flap must be 

sealed with reinforced or tamper-evident tape in addition to the envelope gum seal. 

If the inner envelope contains COMSEC material classified CONFIDENTIAL or below, both the 

inner and outer envelopes require gum sealing only. However, envelopes should be sealed with 

reinforced or tamper-evident tape if, in the opinion of the COMSEC Custodian, the envelopes 

may tear during transportation. 

10.4.4.2 Parcels 

Good quality brown wrapping paper and fibre-reinforced paper tape should be used when 

preparing COMSEC parcels. Such parcels must be packaged and bound as follows: 


of COMSEC Material

UNCLASSIFIED 


 

 

 

All seams of the inner wrapping must be bound with fibre-reinforced paper tape. 

Sharp corners must be reinforced or bound with cardboard to prevent damage to the inner 

wrapping while in transit. 

Outer wrapping must consist of paper and fibre-reinforced tape heavy enough to ensure a 

suitably sturdy parcel. 

10.4.4.3 Cartons 

Cartons may be used as the inner or outer container for a shipment. Used cartons must be in good 

condition, with all previous markings obliterated. Additional packing must be used within the 

carton to prevent movement of the contents. Fibre-reinforced paper tape must be used to seal all 

seams and to reinforce edges and corners. 

10.4.5 Wooden Crates or Transit Cases 

Wooden crates or transit cases should normally be used only as outer wrapping for shipments, 

except when specially designed and authorized to be used as inner wraps. The outer crate or case 

must be strapped with a minimum of one strap lengthwise and one width-wise, both centred. The 

clamp securing the strap running lengthwise must be positioned above the strap running widthwise. 

10.4.5.1 Canvas Bags 

A canvas bag may be used as the outer wrapping of a parcel. The bag must be sealed with a lever 

lock and a plik. The identification number on each plik is a tamper evident security control that 

must be used to detect unauthorized access to the bag. The user must take note of the plik’s 

unique ID/serial number when the plik is used to seal the bag. Later, when the bag is to be 

opened, the user must verify that the ID number of the plik on the bag has not changed. This 

verification of the ID number confirms that the bag has not been opened by someone else and 

then re-sealed using a different plik. The seams of the bag must be on the inside. Damaged or 

repaired bags must not be used. 

10.4.5.2 Briefcases 

Within Canada, a briefcase with a GC-approved lock is an appropriate outer wrapper for 

COMSEC material carried by authorized departmental couriers. See the RCMP Security 

Equipment Guide (G1-001) for details. 

10.5 Authorized Modes of Transportation 


The approved modes of transportation for Canadian COMSEC material are listed in Table 4. 


COMSEC Material

UNCLASSIFIED 


10.5.2 North Atlantic Treaty Organization and Foreign COMSEC Material 

10.5.2.1 Classified COMSEC Material and UNCLASSIFIED Key Material Marked 

CRYPTO 

The approved modes of transportation listed in this chapter do not apply to NATO or foreign 

classified COMSEC material or unclassified key material marked CRYPTO. This COMSEC 

material must be transported in accordance with NATO and foreign national manuals, such as: 

 

 

Communications Security and Cryptography (IS-4) – Part 1: Management of 

Cryptographic Systems, U.K. 

Communications Security and Cryptography (IS-4) – Part 2: Forms and Instructions, 

U.K. 

Instructions for the Control and Safeguarding of NATO Cryptomaterial (SDIP 293). 

NATO Crypto Distribution and Accounting Publication (AMSG 505). 

 

Control of Communications Security (COMSEC) Material (NSA/CSS Policy Manual 

No. 3-16), United States (U.S.). 

NOTE: Contact COMSEC Client Services at CSEC for information regarding these 

publications. 

10.5.2.2 UNCLASSIFIED, RESTRICTED and U/FOUO COMSEC Material 

(other than Key Material marked CRYPTO) 

UNCLASSIFIED, RESTRICTED and U/FOUO foreign and NATO COMSEC material (other 

than key material marked CRYPTO) must be shipped by the modes listed in Table 4 as approved 

for PROTECTED “A” COMSEC material of the same type. CCI, whether of foreign or national 

origin, must always be shipped by approved modes listed in Table 4. 


of COMSEC Material

UNCLASSIFIED 


Table 4 – Authorized Modes of Transportation for COMSEC Material 

Destination 

Classification or Protected Level of COMSEC Material 

(see COMSEC Material Legend) 

1, 2 3, 4, 5 6, 7 8 9 

Within Canada 

A, B, C 

(Notes I, II, IV) 

A, B, C, D 


A, B, C, D, E, F 


A, B, D, E, F 

A, B, C, D, E, F 

(Notes I, II) 

Between Canadian Addressees 

Outside of Canada (see Note V) 

A, B, C 


A, B, C, D 


A, B, C, D 


A, B, D, E, F 

A, B, C, D, E, F 

(Notes I, II) 

To or From Non-Canadian 

Addressees (see Note VI) 

A, B, C 


A, B, C, D 

(Notes I, II, III, IV) 

A, B, C, D 

(Notes I, II, III, IV) 

A, B, D, E 

A, B, C, D 

(Notes I, II, III) 

UNCLASSIFIED COMSEC material may be shipped by any means intended to assure safe arrival at its destination. 

UNCLASSIFIED COMSEC material marked with “CRYPTO” caveat must be shipped as per PROTECTED A (Note IV). 

COMSEC Material Legend: 

Authorized Mode Legend: 

1 All TOP SECRET and PROTECTED C COMSEC material 

A Canadian Government Diplomatic Courier Service 

2 All Crypto Keying Material not in Protective Packaging B Authorized Departmental Couriers 

3 Classified Crypto-Information (not TOP SECRET) 

C 

Electronic Transfer 

4 Classified Crypto Equipment D Contractor’s Authorized Couriers 

5 SECRET Crypto Keying Material in Protective Packaging 

6 

7 

PROTECTED B, CONFIDENTIAL and SECRET COMSEC 

Information 

CONFIDENTIAL and PROTECTED B Crypto Keying Material in 

Protective Packaging 

8 UNCLASSIFIED CCI and UNCLASSIFIED CRYPTO Material 

9 PROTECTED A COMSEC Material 

Notes: 

E 

F 

Authorized Commercial Carriers 

Canada Post Priority Courier Service 

I 

II 

III 

Systems for electronic transfer of COMSEC material are authorized by CSEC on a case-by-case basis. 

Electronic transfer of keying material when authorized by CSEC and in accordance with system operational doctrine. 

Departmental and Contractor’s couriers authorized by CSEC for urgent requirements only. 

IV 

V 

NATO and foreign COMSEC material (including Crypto key) may require additional considerations (see also SDIP-293, AMSG-505, 

NSA/CSS Policy Manual 3-16, IS-4, etc. for details). 

Refers to those addressees outside of Canada, where mail and shipment of material, once delivered, are handled and opened by 

Canadian citizens (including dual nationality), e.g. Canadian Forces Base, Canadian Embassies, consular offices. 

VI Refers to any other foreign addressee not covered in Note V. 

Instructions: Locate the correct classification/protected level of the COMSEC material from the COMSEC Material Legend. Find the 

destination in the upper left hand column. The authorized modes of transportation are indicated by letters, which correspond to letters listed 

in the Authorized Mode Legend. Refer to the notes for additional information. 


COMSEC Material

UNCLASSIFIED 


10.6 Authorized Couriers of COMSEC Material 

10.6.1 Canadian Government Diplomatic Courier Service 

The Canadian Diplomatic Mail Services of Foreign Affairs and International Trade Canada 

provides all authorized diplomatic courier services for the GC. 

10.6.2 Authorized Departmental Couriers 

10.6.2.1 Requirements 

Before authorizing the appointment of a departmental courier for the transport of COMSEC 

material, the DCA must ensure the courier: 

 

 

 

 

 

 


is appointed for a specific period of time; 

carries an authorized COMSEC Courier Certificate; 

is cleared to a security level equal to or higher than the highest classification or protected 

level of the COMSEC material that is being carried; 

has been appropriately briefed regarding responsibilities upon appointment; and 

is provided with COMSEC Signing Authority Forms (refer to Article 4.3.2), as required. 

10.6.2.2 COMSEC Courier Certificate 

The COMSEC Courier Certificate attests to all concerned individuals (e.g. air carrier security 

agents, customs officials) that the sealed container or package transported by the courier holds 

only official matter. Presentation of the courier certificate should extend immunity from search 

or examination of the official material carried or escorted by the courier. When further 

verification is needed regarding the authenticity of a COMSEC Courier Certificate, the courier 

will direct the concerned individual to contact the nearest Canadian Military or Diplomatic 

representative, as appropriate. 

10.6.2.3 Courier Instructions 

The DCA must brief the courier and provide written instructions regarding his or her 

responsibilities to personally safeguard the COMSEC material until the package has been 

delivered to and signed for by the authorized recipient. The courier instructions must include, at 

a minimum, what actions to take: 

 

before the start of the trip (e.g. contacting airline security or customs officials to make 

arrangements for clearance without inspection); 


of COMSEC Material

UNCLASSIFIED 


 

 

 

during the pre-boarding security screening or customs inspection to ensure the COMSEC 

material is not compromised or damaged (e.g. requirement to show the COMSEC Courier 

Certificate when requested to do so by appropriate authorities); 

for alternate storage arrangements and whom to contact in the event of emergency 

situations, lengthy delays or stopovers en route; and 

in the event of loss, compromise or possible compromise of COMSEC material and know 

who to contact in such a case. 

10.6.2.4 Customs and Pre-Boarding Inspections 

In cases where customs officials request or demand to view (X-ray is authorized if 

requested/demanded) the contents of a COMSEC shipment, the authorized courier, or the 

COMSEC Custodian if called, will request an interview with the Chief of Customs or Air 

Transport Security Authority. The courier may agree to limited inspection as a means of assuring 

customs officials that the shipment contains nothing other than what is described on the 

documentation. Whenever COMSEC packages are subjected to increased scrutiny, the 

authorized courier will request that the inspection: 

 

 

 

take place in a private location; 

be conducted by duly authorized individuals in the presence of the authorized courier; 

and 

be restricted only to the external viewing of the COMSEC material. 

The courier may be obliged to discontinue the courier run and return to the point of departure 

with the COMSEC material if an arrangement regarding the extent of customs clearance 

examination required cannot be reached. 

10.6.3 Contractor’s Authorized Couriers 

Appropriately cleared contractor personnel who have been appointed by CSEC may be 

employed as couriers. Contact CICA for details on the requirements that must be met by 

personnel appointed as contractor couriers. A COMSEC Courier Certificate is required. 

10.6.4 Commercial Carriers 

A commercial carrier service (including Canada Post Priority Courier Service) may be used as a 

courier service for COMSEC material (at the levels specified in Table 4) provided the carrier can 

ensure a continuous chain of accountability and custody for the material while in transit. The 

courier must offer speed of service (e.g. overnight delivery), physical protection and track-andtrace 

capabilities. 


COMSEC Material

UNCLASSIFIED 


A commercial carrier (non-military contracted aircraft) may be used to transport CCI providing 

the carrier warrants in writing that the carrier: 

 

 

 

 

 

 

 

provides door-to-door service and guarantees delivery within a reasonable number of 

days based on the distance to be travelled; 

possesses a means of tracking individual packages within its system (i.e. manual or 

electronic) to the extent that should a package become lost, the carrier can, within 

24 hours following notification, provide information regarding the last known location of 

the package(s); 

guarantees the integrity of the transporters’ contents at all times; 

guarantees the integrity of package contents, including protection against damage, 

tampering and theft; 

has the capability to store in-transit COMSEC packages in a securely locked facility 

(e.g. security cage) that is accessible solely to authorized carrier personnel, should it 

become necessary for the carrier to make a prolonged stop at a carrier terminal (during 

overnight stopovers); 

obtains manual or electronic signatures, whenever a shipment changes hands within the 

carrier company; and 

obtains date-timed signatures upon pickup and delivery. 

10.7 Receiving COMSEC Material 

10.7.1 Preparation before Receiving COMSEC Material 

Before receipt of any COMSEC material, the COMSEC Custodian must: 

notify the departmental mailroom or shipping area of – 

 

 

o the name of the departmental COMSEC Account that has been established 

o the name and internal address of the COMSEC Custodian, and 

o the requirement to deliver mail and packages addressed to the COMSEC Account to 

the COMSEC Custodian unopened; 

provide the departmental mailroom or shipping area with up-to-date copies of the 

COMSEC Signing Authority Form; and 

ensure other individuals who are authorized to sign for packages can provide appropriate 

secure storage for the received package(s) (when the COMSEC Custodian or Alternate 

COMSEC Custodian is not available). 


of COMSEC Material

UNCLASSIFIED 


10.7.2 Inspection of Packages 

On receipt of a shipment, the COMSEC Custodian must: 

a. carefully inspect the outer wrapping and inner wrapping of the shipment for signs of 

damage or tampering before removing each wrapping; 

b. check the addresses on both outer and inner wrapping to confirm the shipment has been 

sent to the intended recipient; 

c. immediately report any evidence of possible tampering with either the inner or outer 

wrappings or unauthorized access to the contents as a possible COMSEC incident in 

accordance with Chapter 16 and – 

o pending investigation of a possible compromise, discontinue unwrapping the package 

and quarantine the package; and 

o notify the shipping COMSEC Custodian to annotate all COMSEC material involved 

as “Pending Investigation”. 

10.7.3 Validation of Content 

When satisfied that the packaging has not been tampered with, the COMSEC Custodian must: 

a. open the package (with TPI control in place if the shipment contains TOP SECRET key 

material or other key material requiring TPI control); 

b. unpack the contents and confirm that the items listed on the enclosed COMSEC Material 

Report match the items shipped by confirming the – 

o short title, edition and quantities of all items, and 

o accounting numbers, where applicable; 

c. report any discrepancies to the shipping COMSEC Custodian and, if required, contact 

NCOR/COR for assistance with reconciliation of the discrepancy; 

d. inspect the protective packaging on each item of COMSEC material, where applicable; 

NOTE: Certain items of COMSEC material are protectively packaged at the time of 

production and must not be opened until they are to be issued to the authorized 

user. 

e. check key tape canisters and confirm that the first segment shown displays the proper short 

title, register number and segment number; 

f. page check all copies of accountable COMSEC publications; 


COMSEC Material

UNCLASSIFIED 


g. if applicable, process and reconcile electronic key received on magnetic or optical media 

and destroy the media within three working days of receipt; and 

h. if no discrepancies are found, sign the three copies of the COMSEC Material Report and 

distribute in accordance with instructions found at Article 6.3.2.3. 


of COMSEC Material

UNCLASSIFIED 

11 Handling and Use 


11.1 Accountable Key Material 

11.1.1 Purpose and Use 

Key material may be used only for its intended purpose and only in the equipment for which it 

was produced, unless otherwise directed by the CA for the key. Refer to the ITSG-13 for more 

information on the purpose and use of key material. 

11.1.2 Labels 

Except for the labels affixed to protective packaging at a production facility and the CSEC 

authorized barcode labels approved for the COMSEC Accounting, Reporting and Distribution 

System (CARDS), no other labels may be affixed to the protective packaging of any key 

material. 

11.1.3 Protective Packaging 

Certain items of COMSEC material are protectively packaged at the time of production and will 

not, in most cases, be opened until issued to an authorized user. The protective packaging must 

be inspected for signs of tampering upon initial receipt, during inventory, before transfer or issue 

and before destruction of sealed key material. Protective packaging applied to individual items of 

TOP SECRET key must be removed under TPI controls. 

11.1.4 Key Tape in Canisters 

11.1.4.1 Sealed Key Tape 

Key material in its original canister is considered to be protectively packaged and sealed. The 

following applies to key tape in canisters: 

 

 

 

Do not segment check punched key tape in sealed plastic canisters. 

Issue the entire canister to the Local Element and annotate the HI/DR card with the short 

title, edition, register number and classification of the key material. However, when 

warranted and approved by the CA, before the effective date of use, individual segments 

may be issued using the HI/DR card. Remove the label containing the short title, edition 

and registration number from the outside of the canister before distribution. 

Seal individual segments which were authorized for pre-exposure in an envelope, along 

with a copy of the CA approval, and stored in the plastic bag containing the associated 

key tape canister. 

Handling and Use October 2011 69

UNCLASSIFIED 


 

Do not remove more segments than required for current use and, as each segment is 

removed, appropriately initial and date the HI/DR card. 

11.1.4.2 Unauthorized Removal of Key Tape 

When a segment(s) of key tape is unintentionally removed from its protective packaging before 

its effective period, the removal of the segment must be reported to the CA for disposition 

instructions. Disposition instructions may include destruction of the pre-exposed segment or 

resealing the segment. The documentation of unintentional removal must include: 

a statement that the segment was unintentionally removed 

identity of segment(s) actually removed 

date of removal 

 

 

signature(s) of the individual(s) who removed the segment, and 

reference to CA approval. 

Key discovered removed from its protective packaging before its effective date, with no 

documentation validating that the removal was unintentional, must be reported as a COMSEC 

incident in accordance with Chapter 16. 

11.1.5 Electronic Key Material on Magnetic or Optical Media 

The COMSEC Custodian must ensure that protective packaging on magnetic or optical medium 

used for the distribution of electronic key material is not opened until required for use. 

11.1.6 Electronic Key on a Key Storage Device 

The COMSEC Custodian must ensure that protective packaging for electronic seed or 

operational key material received on a key storage device is not opened before operational use. 

The key storage device will normally be attached to a label bearing the identification information 

for the electronic key and will be sealed in a plastic bag or in thermoplastic film. 

11.1.7 Copies of Key 

11.1.7.1 Operational Symmetric Key 

Operational key may be copied, in whole or in part, as authorized by the CA for the key and in 

accordance with equipment doctrine (see also Article 11.1.7.3). The following rules apply: 

 

 

Retain the short title of the key being copied. 

Safeguard the copies according to their classification and CRYPTO caveat (if 

applicable). 

70 October 2011 Handling and Use

UNCLASSIFIED 


 

 

 

Do not retain the copies beyond the destruction date for the key from which they were 

copied (they may be destroyed before this date). 

Destroy the copies before destroying the original key from which the copies were made. 

Locally account for the copies using a manual tracking system when equipment or system 

audit trails are not available. 

11.1.7.2 Test Symmetric Key 

Test key may be copied and locally accounted for within a COMSEC Account. If the test key is 

transferred to another COMSEC Account, all copies must be destroyed. 

11.1.7.3 Asymmetric Key 

Copying of any asymmetric key is absolutely forbidden. 

11.1.8 Two Person Integrity Controls 

TPI controls must be applied to unencrypted TOP SECRET key material and other specified key 

material from the time of production to destruction unless: 

 

 

the TOP SECRET key is resident in the crypto-equipment that is built to preclude access 

by an individual to the TOP SECRET key; or 

the key material has been issued for use in tactical situations. 

11.2 Accountable COMSEC Equipment 

11.2.1 Sight Verification 

The COMSEC Custodian must verify the completeness of COMSEC equipment upon initial 

receipt, during inventory, and before transfer or issue. 

11.2.2 Equipment Labels 

Manufacturing labels (includes the equipment nomenclature plate, the CCI label, anti-tamper 

labels, and any other labels attached by the manufacturer that identify the equipment for 

accounting purposes) must not be removed or covered, unless specifically authorized to do so by 

CSEC. Unauthorized labels inhibit scrutiny of equipment for evidence of tampering; therefore, 

except for the labels affixed to protective packaging at a production facility and the CSEC 

authorized barcode labels approved for CARDS, no other labels are to be placed on COMSEC 

equipment unless specifically authorized by CSEC. Contact COMSEC Client Services at CSEC 

for additional detail. Visible signs of tampering of labels must be reported as detailed in 

Chapter 16. 


UNCLASSIFIED 


11.2.3 Modification 

Modification of any kind (includes unauthorized labelling) to COMSEC equipment may only be 

made upon before approval of COMSEC Client Services at CSEC. Approved modifications to 

COMSEC equipment must be done by authorized and qualified personnel. 

11.2.4 Equipment Installed for Operational Use 

The COMSEC Custodian must ensure that: 

equipment installed for operational use is protected based on the classification of the 

equipment or the key material, whichever is higher; and 

authorized procedures have been put in place to prevent unauthorized use of the 

equipment or extraction of its key. 

11.2.5 Key Storage/Fill Equipment Containing Key Material 

11.2.5.1 Common Fill Devices Containing Unencrypted Key 

Common Fill Devices (e.g. KYK-13) that store key in unencrypted form and provide no record 

of transactions must not be used for long term storage of key. Key may be held in this device no 

longer than 12 hours after the end of the applicable cryptoperiod. This type of device must be 

marked to show the highest classification of the key contained and must be kept under TPI 

controls whenever it holds TOP SECRET key. 

11.2.5.2 Tier 3 Management Devices Containing Encrypted Key 

Tier 3 Management Devices (T3MD) that store key in encrypted form must be used in 

accordance with the applicable equipment doctrine. 

11.2.5.3 Magnetic or Optical Media Containing Key 

Magnetic or optical media containing unencrypted electronic key must be returned to secure 

storage after the key or associated data has been loaded into the end equipment. Removable 

magnetic or optical storage media holding key material must be marked to show the highest 

classification of the key held and where applicable display the CRYPTO marking. 

11.2.6 Equipment Audit Trails 

11.2.6.1 Responsibility for Reviewing 

The audit trails for COMSEC equipment must be reviewed as specified in equipment doctrine. 

11.2.6.2 Reviewing Audit Trails 

The individual authorized to monitor the audit trail data must: 


UNCLASSIFIED 


 

 

 

 

 

 

not be the primary COMSEC equipment user; 

be a Canadian citizen (including dual nationality), be COMSEC briefed and hold a valid 

GC security clearance equal to the classification level of the audit trail data being 

reviewed; 

have sufficient knowledge concerning the authorized use of the applicable COMSEC 

equipment and the key material stored or filled in the COMSEC equipment; 

confirm only authorized copies of key material are made; 

be able to detect any anomalies in the audit trail data; and 

send a record of the conduct of the audit trail review to the COMSEC Custodian. 

11.2.6.3 Retention of Audit Logs 

Audit logs must be retained as detailed in Article 4.2.4, or as detailed in the applicable 

equipment doctrine if different from this directive. 

11.2.6.4 Retention of Records of Audit Trail Reviews 

The COMSEC Custodian must retain a record of the completion of audit trail reviews until the 

COMSEC Account receives an Annual Inventory Reconciliation Notification letter attesting that 

the account inventory has been reconciled. Any previous audit trail data can then be destroyed. 

11.3 Accountable COMSEC Publications 

11.3.1 Reproduction 

Accountable COMSEC publications may be reproduced upon specific written authorization from 

the originator. Instructions for reproduction of extracts will be contained in the publication’s 

handling instructions. Publications that are authorized for reproduction must be reproduced by 

the COMSEC Custodian unless they are authorized for reproduction under a Private Sector 

contract. Refer to Annex A of this directive for information on the reproduction of accountable 

COMSEC publications under a Private Sector contract. 

11.3.2 Frequency of Page Checks 

Unsealed key material (i.e. not protectively packaged), accountable COMSEC publications and 

amendments to accountable COMSEC publications must be page checked: 

during each COMSEC Account inventory 

upon receipt 

before transfer and issue 


UNCLASSIFIED 


 

 

before routine destruction, and 

after posting any amendment (includes removal of pages and/or replacement of pages). 

11.3.3 Conducting Page Checks 

11.3.3.1 Requirement 

The COMSEC Custodian (or other authorized individual) must conduct a page check of unsealed 

COMSEC material to ensure the presence of all required pages. To conduct the page check, the 

presence of each page must be verified against the “List of Effective Pages” or the “Handling 

Instructions”, as appropriate. 

11.3.3.2 No Missing Pages 

If there are no missing pages, the “Record of Page Checks” page must be signed and dated. If the 

COMSEC material has no “Record of Page Checks” page, the notation must be placed on the 

cover. 

11.3.3.3 Missing Pages 

If any pages are missing, the “Record of Page Checks” page must be annotated accordingly and a 

COMSEC Incident Report must be submitted in accordance with Chapter 16. When pages are 

missing upon initial receipt of COMSEC material from a production facility, the COMSEC 

Custodian must notify the issuing authority and request disposition instructions (e.g. transfer 

back for replacement, destroy, use with missing page). 

11.3.3.4 Duplicate Pages 

In the case of duplicate pages, the COMSEC Custodian must prepare a Possession Report in 

accordance with Chapter 6 and notify NCOR/COR for disposition instructions of the duplicate 

page(s). The Possession Report must list the page number as part of the short title 

(e.g. AMSG 600, page 3) and list the accounting number assigned to the COMSEC material. A 

notation of the duplicate page(s), and the resultant disposition of the duplicate page(s), must be 

entered on the “Record of Page Checks” page. 

11.3.4 Amendments to Accountable COMSEC Publications 

11.3.4.1 Printed Amendments 

The COMSEC Custodian must account for the printed amendment as an accountable COMSEC 

publication in accordance with its respective ALC until the printed amendment has been posted 

and its residue destroyed. Care should be taken when preparing the Destruction Report to ensure 

that the short title, edition, and accounting number of the amendment are reported (rather than 

that of the publication). Printed amendments must be entered in sequence. If one is received and 


UNCLASSIFIED 


the previous amendment(s) have not been entered they must be entered (or acquired and entered) 

before processing the latest amendment. 

11.3.4.2 Message Amendments 

A message amendment is used to announce information that must be immediately entered into an 

accountable COMSEC publication. Post the amendment and note the entry on the “Record of 

Amendments” page, then file the message amendment according to its security classification or 

protected level and ALC. Message amendments must be entered in sequence. If one is received 

and the previous amendment(s) have not been entered they must be entered (or acquired and 

entered) before processing the latest amendment. 

11.3.4.3 Posting Amendments 

The following applies to the posting of amendments: 

 

 

 

 

 

 

 

 

 

The COMSEC Custodian (or other authorized individual) must post the amendment as 

soon as possible after its receipt (or effective date). 

Personnel who is authorized to post amendments must be appropriately trained. 

Specific instructions contained in the letter of promulgation or handling instructions must 

be read and understood before posting amendments. 

Entire amendments must be posted at one time, and not extended over a period of time. 

If replacement pages are included in an amendment, page checks of both the publication 

and the residue of the amendment must be made before destruction of the residue. 

Inadvertent destruction of the effective portions of publications along with the residue 

from amendments must be reported as a COMSEC incident in accordance with 

Chapter 16. 

Personnel posting amendments must annotate the posting of the amendment on the 

“Record of Amendments”. If pages were added to or removed from the publication, date 

and sign the “Record of Page Checks” page. 

Personnel, other than the COMSEC Custodian, posting amendments must return all 

residue of the amendment (including any pages removed from the publication) to the 

COMSEC Custodian for destruction. 

Amendment residue must be placed in a sealed envelope marked with the short title, 

accounting number, and the classification of the amendment. 

Amendment residue must be destroyed within five working days after entry of the 

amendment. 


UNCLASSIFIED 


11.4 Local Tracking of Other Associated Material 

11.4.1 Local Tracking System 

Certain material (e.g. CIKs, PINs, configuration disks) associated with COMSEC equipment, 

which cannot be controlled within NCMCS, must be controlled by the COMSEC Custodian 

through a local tracking and control system. It is the responsibility of the originating authority to 

identify this material. Control and handling of this material will be according to this directive, 

unless otherwise specified by the applicable equipment doctrine or the originator. 

11.4.2 Control and Protection of Crypto Ignition Keys 

The COMSEC Custodian must locally track CIKs using departmental procedures that will 

minimize any potential for compromise associated with their use. Local tracking procedures for 

CIKs will include: 

 

 

 

 

 

 

maintaining a record of each CIK created, including the serial number of the CIK (if 

possible), the serial number of the associated equipment, location of the equipment, date 

equipment was keyed, and name of each authorized user; 

ensuring each CIK is signed for and held by the authorized user to whom it has been 

issued and verifying, at least annually, that all authorized users still hold their CIK; 

shipping CIKs (separately from their associated equipment) in a COMSEC channel 

approved by CSEC; 

providing adequate storage for a CIK when it is not held under the personal control of the 

authorized user; 

zeroizing or destroying CIKs that are no longer required; and 

developing procedures for detecting potential compromises. 

11.4.3 Record of Personal Identification Numbers and Passwords 

When a written record of PINs or passwords is required, the COMSEC Custodian must ensure: 

the record contains of the name and telephone number of individual(s) having knowledge 

of the PIN or password, the serial number of the associated equipment, location of the 

equipment, and the date the PIN or password was changed; 

the record of PINs or passwords is safeguarded as directed by its classification or the 

classification of the associated equipment, whichever is higher; 

access to individual PINs or passwords is restricted to the individual to whom it is 

assigned, unless an emergency situation dictates otherwise; and 


UNCLASSIFIED 


 

the record of PINs and passwords or individual PINs and passwords are distributed via 

COMSEC channels or via approved methods for classified material. 

11.4.4 Change of Personal Identification Numbers and Passwords 

The COMSEC Custodian must ensure that PINs and passwords for COMSEC equipment are 

changed as detailed in the specific equipment doctrine. Where direction is not otherwise 

provided, the PIN or password must be changed when: 

the equipment is first put into use by the COMSEC Custodian; 

 

 

 

 

an individual knowing the PIN or password ceases to have authorized access to the 

equipment; 

an unauthorized individual has had access to the written record of the PIN or password; 

the PIN or password is known or suspected to have been compromised; and 

the PIN or password has not been changed in the last six months. 

11.4.5 Storage of Personal Identification Numbers and Passwords 

When records of PINs or passwords, or a list of PINs and passwords need to be maintained, they 

must be safeguarded and managed by an appropriate DCA or COMSEC Custodian who must 

mark and protect the record in accordance with the minimum classification level of the highest 

classification of the material being protected by the PIN or password. 

11.4.6 Configuration Disks 

The COMSEC Custodian must ensure the label on the equipment configuration disk identifies 

the equipment to which it belongs, the date it was created, and its classification. Local tracking 

includes recording the information on the label, the name of the individual responsible for the 

control of the disk and the location of the associated equipment. 

11.4.7 Software Upgrades 

All software upgrades must be approved by COMSEC Client Services at CSEC. The COMSEC 

Custodian must control the equipment software upgrade process to ensure that all operational 

COMSEC equipment, and those held in reserve, are compatible. All mandatory software 

upgrades must be completed by the date authorized by CSEC. 


UNCLASSIFIED 




UNCLASSIFIED 


12 Destruction/Disposal of Accountable COMSEC Material 

12.1 General Requirement 

COMSEC material must never be destroyed without specific authorization, unless the risk of 

compromise in a hazardous situation or in an emergency is greater than the security in place to 

prevent the compromise. It is imperative that routine destruction of COMSEC material be 

performed promptly, in order to keep to a minimum the amount of COMSEC material that would 

require destruction in an emergency. 

12.2 Destruction of Key Material 

12.2.1 Scheduling Destruction of Key Material 

Superseded key is normally authorized for destruction when the next edition becomes effective, 

unless directed otherwise by the CA for the key material. 

12.2.2 Unavailability of Destruction Devices 

COMSEC material that can not be zeroized or destroyed at the COMSEC Account must be 

transferred to the NDA at CSEC for destruction. 

12.2.3 Conditions Affecting Destruction of Key Material 

Destruction requirements for key material will vary depending on whether the key: 

 

 

 

 

 

is marked CRYPTO 

has been issued for use 

remains sealed in secure storage 

is involved in an emergency supersession, or 

is defective. 

12.2.4 Key Material Issued for Use 

Superseded key material, whether regularly or irregularly superseded, must always be destroyed 

within 12 hours of supersession except in the following circumstances: 

 

In the case of an extended holiday period or when special circumstances prevent 

compliance with the 12-hour rule (e.g. destruction facility not operational), key material 

must be destroyed as soon as possible and should not be held longer than 72 hours 

following supersession. 

Destruction/Disposal of October 2011 79 

COMSEC Material

UNCLASSIFIED 


 

 

 

 

Where authorized destruction devices are not available, superseded key must be 

destroyed as soon as practicable upon completion of operations. 

Magnetic or optical media which contained electronic key must be destroyed within three 

working days of receipt. 

The destruction of KEK must be accomplished as soon as it is filled into the COMSEC 

equipment unless specific equipment or systems doctrine allows retention. 

Key material involved in compromised situations must be destroyed within 72 hours after 

disposition instructions are received and the Destruction Report sent to NCOR/COR 

immediately following destruction. 

12.2.5 Sealed Key Material 

Superseded segments of sealed key material (whether issued or unissued) need not be destroyed 

until the entire edition is superseded or the segment is unsealed – whichever occurs first. When 

retained until the entire edition is superseded, destroy: 

 

 

key marked CRYPTO no later than five working days after supersession; and 

other key no later than five working days after the first of the month in which the 

supersession occurs. 

“Sealed” key material is key that either remains unopened in its original protective packaging or 

which has been resealed in accordance with Article 11.1.4. Canister packaged key material is 

considered sealed even if one or more segments have been removed for use provided the 

removed individual segments have been resealed and stored in accordance with Article 11.1.4.1. 

12.2.6 Emergency Supersession 

Key material involved in an emergency supersession must be destroyed in accordance with the 

CA instructions. 

12.2.7 Defective Key Material 

Damaged or defective key material must not be destroyed at the COMSEC Account. The 

COMSEC Custodian must immediately report the matter to the appropriate CA for instructions. 

Defective key material must be transferred to the NDA at CSEC for evaluation and destruction 

as authorized (i.e. physical destruction, zeroization or making the key useless). 

80 October 2011 Destruction/Disposal of 

COMSEC Material

UNCLASSIFIED 


12.3 Destruction/Disposal of COMSEC Equipment 

COMSEC equipment, including CCI, must not be destroyed, dismantled or cannibalized without 

specific authorization from COMSEC Client Services at CSEC. Requests for destruction of 

COMSEC equipment will be evaluated on a case-by-case basis. Refer to the Canadian 

Cryptographic Doctrine for the Disposal of Accountable COMSEC Equipment (CCD-49) for 

information on the disposal of surplus, obsolete or unserviceable COMSEC equipment. 

12.4 Destruction of COMSEC Publications 

COMSEC publications must be destroyed within 15 working days following the date of 

supersession or the authorized date of destruction. COMSEC publications must be page checked 

no more than 48 hours before their destruction. 

12.5 Performing Routine Destruction 

12.5.1 Personnel 

12.5.1.1 COMSEC Custodian and Alternate COMSEC Custodian 

The COMSEC Custodian and the Alternate COMSEC Custodian will normally perform routine 

destruction of COMSEC material. However, granting the authority to destroy superseded 

COMSEC material to other appropriately cleared and COMSEC briefed individuals (who then 

verify the destruction to the COMSEC Custodian) is preferable to delaying destruction, even for 

a short time. 

12.5.1.2 Local Element 

A Local Element may be granted the authority to destroy key material in the presence of an 

appropriately cleared and COMSEC briefed witness, if an approved destruction device is 

available. If an approved destruction device is not available, the key material must be returned to 

the COMSEC Custodian for destruction. 

12.5.1.3 Witness 

The destruction of all physical material and electronic key on physical media must be witnessed. 

Two authorized individuals must personally witness the complete destruction or zeroization of 

the COMSEC material. The zeroization (i.e. destruction) of electronic key may or may not 

require a witness depending on whether the system records an audit trail. Refer to the specific 

equipment doctrine for direction. 


COMSEC Material

UNCLASSIFIED 


12.5.2 Training 

The COMSEC Custodian must ensure that the individuals whom they authorize to destroy 

COMSEC material are: 

cleared to the highest classification of the COMSEC material being destroyed; 

briefed on the correct procedures and methods of destruction; and 

trained in the use of authorized destruction devices. 

12.5.3 Performing Physical Destruction 

The following steps must be carried out by the two individuals performing the destruction: 

a. Verify that the material to be destroyed is authorized for destruction before listing the 

material on the Destruction Report. 

b. Perform equipment verification and page checking before destruction (normally, no earlier 

than 48 hours before the scheduled destruction). 

c. List all material to be destroyed on the Destruction Report in accordance with Article 

6.3.8. Use the (unsigned) Destruction Report (or HI/DR card or other local destruction log) 

as a “check list” during the destruction process to ensure that the correct COMSEC 

material will be destroyed. 

d. If sufficient destruction facilities are not available and the individuals carrying out the 

destruction have been authorized to transport the COMSEC material – 

i Place the material listed for destruction in burn bags or other destruction containers. 

ii Seal and mark the containers in accordance with the appropriate classification or 

protected level (if there is more than one container they must be individually 

numbered (e.g. 1 of 2, 2 of 2, etc.). 

iii Transport the material directly to the location where the destruction is to take place. 

e. Immediately before destruction, verify the material being destroyed (short title, edition, 

accounting number, and quantity for each item) against the Destruction Report (or HI/DR 

card or other local destruction log) ensuring that all accounting information is correct. 

f. Immediately destroy the material using approved destruction methods. 

g. Examine the destruction device and the surrounding area to ensure that all material has 

been destroyed. 

h. Thoroughly inspect the residue to ensure that the destruction was complete. 

i. Sign and witness the Destruction Report (or HI/DR card or other local destruction log) 

unless the specific equipment doctrine specifies that a witness is not required. The 

Destruction Report must not be signed until the complete destruction of the listed material 

is confirmed. 


COMSEC Material

UNCLASSIFIED 


12.6 Routine Destruction Methods 

12.6.1 Paper COMSEC Material 

12.6.1.1 Overview 

The destruction criteria listed in the following articles apply to classified COMSEC key material, 

and to media which embody, contain, describe, or implement a classified cryptographic logic. 

Other paper COMSEC material may be destroyed by any means approved for the destruction of 

paper COMSEC material of equal classification or protected level. 

NOTE: 

Where possible, burning or pulverizing should be used as the preferred method for 

ensuring the terminal destruction of COMSEC material. 

12.6.1.2 Incineration 

The burning of paper COMSEC material must be complete (so that all COMSEC material is 

reduced to white ash) and contained (so that no unburned pieces escape). Ashes must be 

inspected and, if necessary, broken up. 

12.6.1.3 Pulverizing, Chopping or Pulping 

Pulverizing, chopping or pulping devices used to destroy paper COMSEC material must reduce 

the COMSEC material to bits no larger than five millimeters (1/5 inch) in any dimension. 

NOTE: DO NOT PULP paper-Mylar-paper key tape or high wet strength paper (map stock) 

and durable-medium paper substitute (e.g. TYVEC olefin, polyethylene fibre). These 

materials will not reduce to pulp and must be destroyed by burning, pulverizing, 

chopping or cross-cut shredding. 

12.6.1.4 Cross-cut Shredding 

In GC departments where burning or pulverizing are not feasible, approved Type II shredders 

may be used as a first step in the destruction process. However, the residue from the shredders 

must not be considered as a “terminal” destruction. Where cross-cut shredding is used as the first 

step, the waste from the shredders must be: 

 

 

retained and stored as classified waste and securely transported to a facility that is 

capable of burning or pulverizing the shredded residue; or 

dispersed in a method that will prevent or preclude collection of all portions of a key 

segment such as – 

o separating into small amounts (handfuls) and mixing with other shredded material of 

the same color and texture and then transferring it to multiple and random trash 

containers; 


COMSEC Material

UNCLASSIFIED 


o flushing mixed shredded residue down a toilet to prevent reconstruction; or 

o dispersing (loosely) the shredded residue overboard (for ships at sea with limited 

storage). 

NOTE 1: Type II shredders must reduce the material to shreds not more than 1.0 mm wide and 

14.3 mm long. Type II shredders must be highly maintained and free of any defect 

that would output larger waste size. 

NOTE 2: Because coloured material has the added vulnerability of instant recognition, it 

should be held over for burning or pulverizing after shredding. 

12.6.2 Non-Paper COMSEC Material 

12.6.2.1 Microforms 

Microfilm, microfiche, or other reduced-image photo negatives may be destroyed by burning, or 

by chemical means. When destroying by chemical means, film sheets must be separated, and roll 

film must be unrolled. Chemical destruction may be performed by immersing (for approximately 

five minutes or more) silver film masters in household bleach and by immersing diazo 

reproductions in acetone or methylene chloride. 

NOTE: Health and safety requirements must be adhered to and caution must always be 

exercised when using chemical methods of destruction. Read and follow all warning 

and cautionary labels on chemical containers. 

12.6.2.2 Magnetic and Optical Media 

The method of disposal (e.g. degaussing, overwriting, zeroization or physical destruction) for 

magnetic media (e.g. floppy disks, hard drives and back-up tapes) and optical media 

(e.g. compact disks [CD] and digital versatile disks [DVD]) must be consistent with the 

individual system and equipment doctrine, CSEC Clearing and Declassifying Electronic Data 

Storage Devices (ITSG-06) and the RCMP Security Equipment Guide (G1-001). General 

guidelines include: 

 

 

 

 

Magnetic backup tapes, when no longer required or unserviceable, may be destroyed by 

disintegration, incineration or shredding. 

Magnetic cores may be destroyed by incineration or smelting. 

Magnetic disks, disk packs and drums may be destroyed by incinerating or by removal of 

the entire recording surface by means of an emery wheel or disc sander. 

Floppy disks may be destroyed by shredding, in accordance with regulations for 

shredding a floppy disk which contains classified data. 


COMSEC Material

UNCLASSIFIED 


12.6.2.3 Hardware Keying Material 

Contact COMSEC Client Services at CSEC for authorization for destruction (or disposal) of 

hardware key material, such as Programmable Read Only Memories, and permuting plugs and 

their associated manufacturing aids. 

12.6.2.4 Electronic Key Material 

The destruction of electronic key is accomplished by zeroization or overwriting of the key. 

For specific instructions on the destruction or zeroization of electronic key loaded in equipment 

refer to the appropriate equipment doctrine. 

12.6.2.5 Plastic Canisters 

Empty canisters must be fractured or smashed to ensure all key segments have been removed, 

and then disposed of as unclassified waste. The unauthorized retention of intact key tape 

canisters is a COMSEC incident. 

12.7 Approved Routine Destruction Devices 

Information regarding routine destruction devices which have been tested and approved by 

CSEC may be obtained from COMSEC Client Services at CSEC. 

12.8 Emergency Destruction Priorities 

12.8.1 Priorities within Categories 


When sufficient personnel and destruction facilities are available, different individuals should be 

made responsible for destroying the COMSEC material in each of the following three categories 

(Key Material, COMSEC Publications and COMSEC Equipment). 

12.8.1.2 Key Material 

Emergency destruction priorities for key material are: 

a. superseded key material marked CRYPTO 

b. currently effective key material marked CRYPTO (to include the zeroization of key 

variables stored electrically in crypto-equipment and fill devices) 

c. future editions of TOP SECRET key material marked CRYPTO 

d. future editions of SECRET and CONFIDENTIAL key material marked CRYPTO, and 

e. training and maintenance key. 


COMSEC Material

UNCLASSIFIED 


12.8.1.3 COMSEC Publications 

In deteriorating conditions, consideration must be given to destroying all full maintenance 

manuals (i.e. those containing cryptographic logic information) that are not absolutely essential 

to continued mission accomplishment. When there is insufficient time under emergency 

conditions to completely destroy such manuals, every reasonable effort must be made to remove 

and destroy their sensitive pages (i.e. those containing cryptographic logic). 

Emergency destruction priorities for classified COMSEC publications and other classified 

publications are: 

a. COMSEC publications marked CRYPTO 

b. status documents showing the effective dates for key material 

c. complete crypto-equipment maintenance manuals (or the sensitive pages thereof) 

d. the remaining classified pages of crypto-equipment maintenance manuals 

e. classified cryptographic and general (non-cryptographic) publications 

f. cryptographic operating instructions 

g. the remaining classified COMSEC publications, and 

h. national and departmental doctrinal guidance publications. 

12.8.1.4 COMSEC Equipment 

In deteriorating conditions, all reasonable efforts must be made to evacuate COMSEC 

equipment. During an actual emergency, when evacuation may not be possible, the immediate 

goal is to render COMSEC equipment unusable and irreparable. Consequently, when there is 

warning of hostile intent, consideration must be given to discontinue secure communications to 

allow for the thorough destruction of COMSEC equipment. Emergency destruction priorities for 

COMSEC equipment are: 

a. zeroization of equipment, if the keying element (e.g. key card, permuter plug) cannot be 

physically withdrawn 

b. destruction of removable classified and CCI components (e.g. printed circuit boards), and 

c. destruction of remaining classified and CCI components. 

The hulks (bodies or casings) of equipment, and unclassified devices not marked CCI, need not 

be destroyed. 


COMSEC Material

UNCLASSIFIED 


12.8.2 Priorities for Combined Categories 

When personnel or destruction facilities are limited, the three categories of COMSEC material 

must be combined, in which case the destruction priorities are: 

a. all key material marked CRYPTO, in the following order – 

i superseded key, in descending order of classification or protected level from 

TOP SECRET 

ii currently effective key, in descending order of classification or protected level from 

TOP SECRET, and 

iii future key material, in descending order of classification level from TOP SECRET; 

b. COMSEC publications marked CRYPTO and status documents showing the effective 

dates for key material; 

c. classified pages from classified maintenance manuals (or the entire manual if classified 

pages are not separately identified); 

d. classified and CCI components of classified equipment and CCI; 

e. any remaining classified COMSEC material or other classified material; and 

f. any other COMSEC material. 

12.9 Emergency Destruction Methods 

Any of the methods approved for the routine destruction of classified COMSEC material may be 

used for emergency destruction. Incendiary destruction devices may be available at certain 

locations outside Canada. Information concerning these devices is available from COMSEC 

Client Services at CSEC. Basic hand tools (e.g. hammer, cold chisel, screwdrivers, pliers, 

crowbar, fire axe, sledge hammer) should be readily available for the emergency destruction of 

COMSEC equipment. 

12.10 Reporting Emergency Destruction 

Accurate and timely reporting of emergency destruction is essential in order to evaluate the 

severity of an emergency, and is second in importance only to ensuring that the COMSEC 

material is thoroughly destroyed. A report must be submitted to NCOR/COR as soon as possible. 

The report must clearly indicate, for the destroyed COMSEC material, the method(s) of 

destruction, and the degree of destruction. This report must also identify any items that were not 

destroyed and which may be presumed compromised. In such cases, a COMSEC Incident Report 

must be submitted, as detailed in Chapter 16. 


COMSEC Material

UNCLASSIFIED 




COMSEC Material

UNCLASSIFIED 


13 COMSEC Account Inventory 

13.1 Reasons for Inventory 

An inventory is the verification of a COMSEC Account’s holdings. NCOR/COR maintains a 

database that reflects all ALC 1, ALC 2 and ALC 6 COMSEC material charged to the COMSEC 

Account. The data is taken from COMSEC Material Reports (e.g. Destruction, Possession) that 

COMSEC Accounts submit to NCOR/COR. COMSEC Material Reports that were processed by 

the account but were not entered in NCOR/COR database will result in a discrepancy between 

NCOR/COR database and the COMSEC Account records. 

Inventories serve to ensure that: 

 

 

 

 

COMSEC Account records are up-to-date; 

NCOR/COR database is up-to-date by verifying that all COMSEC Material Reports have 

been forwarded to NCOR/COR and have been processed by NCOR/COR; 

COMSEC material charged to a COMSEC Account is actually on-hand and sighted by 

authorized personnel; and 

COMSEC material charged to a COMSEC Account is still required for use by the 

account. 

13.2 Types of Inventory 

13.2.1 Annual Inventory 

The COMSEC Custodian and the Alternate COMSEC Custodian must conduct an annual sight 

inventory of all ACM in their COMSEC Account (including all Local Elements and COMSEC 

Sub-Accounts). 

NCOR/COR will distribute an Inventory Report annually that lists all accountable material 

charged to the COMSEC Account as of the date of printing. A sight inventory must be conducted 

to verify the presence of all –and only– material listed on the report. The COMSEC Custodian 

must return the signed Inventory Reports to NCOR/COR no later than 10 working days after the 

initial receipt of that report. 

13.2.2 Change of COMSEC Custodian Inventory 

In cases of sudden (indefinite or permanent) departure of the COMSEC Custodian, a newlyappointed 

COMSEC Custodian must conduct a sight inventory of all COMSEC material in the 

COMSEC Account before the formal COMSEC Custodian handover. 

COMSEC Account Inventory October 2011 89

UNCLASSIFIED 


Upon completion of the inventory, the new COMSEC Custodian must sign the Inventory Report 

as the Custodian. The new COMSEC Custodian, except for discrepancies being resolved, 

assumes responsibility for all ACM in the account. 

13.2.3 Special Inventory 

The COMSEC Custodian must complete a special inventory when directed to do so by 

NCOR/COR and DCA. Special inventories may be requested for reasons such as the suspected 

loss of COMSEC material or frequent deviation from accounting procedures. 

The procedures used for an annual inventory must be used for a special inventory. 

13.3 Inventory Reports 

13.3.1 National Central Office of Record/Central Office of Record-Initiated 

Inventory Report 

NCOR/COR-initiated Inventory Reports are distributed to COMSEC Accounts to announce the 

beginning of the inventory process. Each Inventory Report lists all ALC 1, ALC 2 and ALC 6 

COMSEC material that have been recorded in the NCOR/COR database for the respective 

COMSEC Account as of the date of the printing of the Inventory Report. 

NOTE: CSEC has approved the use of several automated accounting/management systems 

with terminology and procedures that are quite distinct from each other. Each GC 

department is responsible for ensuring that its custodial personnel is trained in the use 

of its automated system and are familiar with the terms used by the respective software 

to describe activities during the inventory process. 

13.3.2 COMSEC Account Inventory Report 

Inventory Reports produced by the COMSEC Custodian at a COMSEC Account may be directed 

at two different audiences: 

 

 

Within the COMSEC Account, where they may be distributed for use during the physical 

sighting of on-hand material. 

At NCOR/COR, in order to report the complete holdings of the COMSEC Account. 

13.3.2.1 Distribution within the COMSEC Account 

The COMSEC Custodian prepares Inventory Reports for internal distribution to Sub-Account(s) 

and Local Elements. These Inventory Reports list all ALC 1, ALC 2, ALC 4, ALC 6 and ALC 7 

COMSEC material that the COMSEC Custodian has issued to elements within the COMSEC 

Account and which are still out on loan. Instructions for the completion of an Inventory Report 

can be found with the GC-223 form. 

90 October 2011 COMSEC Account Inventory

UNCLASSIFIED 


13.3.2.2 Distribution to National Central Office of Record/Central Office of 

Record 

The COMSEC Custodian compiles the results of all Inventory Reports that were distributed 

within the account and return an Inventory Report to NCOR/COR. This report contains all 

ALC 1, ALC 2 and ALC 6 COMSEC material held by the COMSEC account. 

13.3.3 Amendment to Inventory Report 

The Amendment to Inventory Report is used to report any discrepancies between the COMSEC 

Account’s inventory and NCOR/COR-initiated Inventory Report. For example, if the COMSEC 

Account failed to submit a Destruction Report to NCOR/COR, all the material destroyed by the 

account, which was listed on the Destruction Report, would not be recorded in NCOR/COR 

database. Consequently, NCOR/COR-initiated Inventory Report would list that material as being 

on-hand at the COMSEC Account. An Amendment to Inventory Report would provide the details 

of the missing Destruction Report. When submitting the Amendment to Inventory Report, the 

COMSEC Custodian must attach all supplemental accounting reports in order for NCOR/COR to 

proceed with the inventory reconciliation. 

13.4 Inventory Process 

13.4.1 Scheduling the Sight Inventory 

The COMSEC Custodian must ensure that a sight inventory of the entire COMSEC Account is 

carried out during an inventory. Before the expected receipt of the annual NCOR/COR-initiated 

Inventory Report, the COMSEC Custodian must: 

 

 

 

 

Generate a COMSEC Account Inventory Report. 

Conduct a sight inventory of COMSEC material that has been issued to Local Elements 

or direct the Local Element to do so with an appropriate witness. 

Direct each COMSEC Sub-Account Custodian to conduct a sight inventory of COMSEC 

Sub-Account holdings in the same manner as described for a COMSEC Account 

inventory. 

Conduct a sight inventory of the COMSEC material on-hand, under the direct custody of 

the COMSEC Custodian. 


UNCLASSIFIED 


13.4.2 Conducting the Sight Inventory 

The COMSEC Custodian will provide an Inventory Report for personnel conducting a sight 

inventory of COMSEC material. The following applies when conducting a sight inventory of 

COMSEC material: 

 

 

 

 

 

 

The sight inventory must be conducted by two individuals who are appropriately cleared 

and who have been COMSEC briefed. 

The two individuals conducting the sight inventory must verify that the COMSEC 

material on-hand agrees with the COMSEC Account Inventory Report. 

Unsealed COMSEC publications and key material must be page checked. 

COMSEC equipment in use does not need to be opened to verify it contains all the 

required subassemblies and elements. 

Removable assemblies that are listed separately on an inventory report and are not listed 

on the equipment’s chassis must be physically sighted unless the equipment is 

undergoing tests or is in operation. 

Electronic key, which is stored in equipment that has a verifiable audit trail, may be 

inventoried without a witness. 

COMSEC Custodians are responsible to NCOR/COR for only the original ALC 6 

electronic key distributed to the account or generated by the account. Copies of electronic 

key are locally accountable. 

13.4.3 Reconciling the COMSEC Account Inventory Report 

13.4.3.1 Local Element Inventory Reconciliation 

Persons conducting Local Element inventories may mark-up the Inventory Report to indicate 

that material is on-hand or, conversely, that it is lost, missing or contains extra material. They 

must both sign the Inventory Report before returning it to the COMSEC Custodian. 

The COMSEC Custodian must reconcile the Inventory Reports returned from all Local Elements 

with the COMSEC Account Inventory Report. 

13.4.3.2 COMSEC Sub-Account Inventory Reconciliation 

The COMSEC Sub-Account Custodian must return their signed Inventory Reports to the 

COMSEC Account Custodian for reconciliation. If discrepancies are noted in any COMSEC 

Sub-Account Inventory Report, the COMSEC Custodian must direct the custodian of that 

COMSEC Sub-Account to take corrective action within 48 hours of receipt of such notice, 

advise the COMSEC Custodian of the action taken and submit any substantiating reports 

required. 


UNCLASSIFIED 


The COMSEC Custodian must reconcile the Inventory Reports returned from all COMSEC 

Sub-Accounts with the COMSEC Account Inventory Report. 

13.4.3.3 COMSEC Account Inventory Reconciliation 

Upon receipt of NCOR/COR-initiated Inventory Report, the COMSEC Custodian must reconcile 

the COMSEC Account holdings with NCOR/COR-initiated Inventory Report. This is 

accomplished by conducting a sight inventory of all COMSEC material held by all elements 

within the account and returning a signed Inventory Report to NCOR/COR. 

13.4.3.4 Completion and Submission of Inventory Report and Supplements 

Upon completion of the COMSEC Account inventory, the COMSEC Custodian and the witness 

must sign and date the Inventory Report. The number of supplemental accounting reports and 

pages of amendments must be entered on the last page of the Inventory Report. The Inventory 

Report and the Amendment to Inventory Report with all supplemental COMSEC Material 

Reports (if required) must be sent to NCOR/COR no later than 10 working days after receipt of 

NCOR/COR-initiated Inventory Report. A signed copy of the Inventory Report must be retained 

on file. 

13.4.3.5 National Central Office of Record/Central Office of Record 

Reconciliation of COMSEC Account Inventory Report 

NCOR/COR will process Inventory Reports submitted by COMSEC Accounts. 

If NCOR/COR notifies the COMSEC Account of discrepancies between the COMSEC Account 

Inventory Report and NCOR/COR Inventory Report, the COMSEC Custodian must attempt to 

resolve the discrepancies. 

If the discrepancies are the result of missing COMSEC Material Reports, the COMSEC 

Custodian must prepare and submit, within 48 hours, an Amendment to Inventory Report with all 

supplemental COMSEC Material Reports to update NCOR/COR database. 

If the sight inventory of the COMSEC Account is correct, and there are no missing COMSEC 

Material Reports, NCOR/COR will issue an Inventory Reconciliation Report, which certifies the 

inventory as being correct. 

If the sight inventory reveals lost or missing COMSEC material or other discrepancies, a 

COMSEC incident must be reported as detailed in Chapter 16. An Inventory Reconciliation 

Report will not be issued until all discrepancies have been resolved or an investigation into the 

incident has been completed and disposal instructions issued. 


UNCLASSIFIED 




UNCLASSIFIED 


14 COMSEC Emergency Plan 

14.1 Preparing the COMSEC Emergency Plan 


Every GC department that holds COMSEC material must prepare a COMSEC Emergency Plan. 

Consideration must be given to incorporating this plan into the Business Continuity Plan 

established for the entire GC department. Procedures must emphasize maintaining security 

control over the COMSEC material until order is restored without endangering life. 

14.1.2 Development of the Plan 

The DCA, in coordination with the COMSEC Custodian is responsible for the preparation, 

implementation and annual re-evaluation of the COMSEC Emergency Plan. Coordination with 

appropriate security, fire and safety personnel will ensure that the plan is realistic, workable, and 

accomplishes the goals for which it is prepared. The duties under the plan must be clearly 

described and the contact information for all individuals with duties under the plan must be 

documented. Refer to the COMSEC Emergency Plan template for an outline and an emergency 

destruction plan. 

14.1.3 Maintaining and Testing the Plan 

The COMSEC Custodian must ensure that: 

 

 

 

 

 

all individuals are aware of the existence of the plan and how alerts and warnings to an 

emergency event will be communicated; 

each individual who has duties assigned under the plan receives detailed instructions on 

how to carry out these duties when the plan is put into effect; 

all individuals are familiar with all duties, so changes in assignment can be made if 

necessary; 

training exercises are conducted periodically, to ensure that all personnel (especially new 

personnel) can carry out their duties; and 

the plan is revised based on experience gained in the training exercises (if necessary). 

14.1.4 Emergency Destruction Plan 

If the COMSEC Emergency Plan calls for destroying COMSEC material, an emergency 

destruction plan must be included. Refer to Chapter 12 for emergency destruction priorities and 

methods of destruction. 

COMSEC Emergency Plan October 2011 95

UNCLASSIFIED 


14.2 Planning for Emergency Events 

14.2.1 Best Practices 

14.2.1.1 COMSEC Accounts Operating in Normal Conditions 

The COMSEC Custodian will organize normal operating routines such that the number and 

complexity of the activities that must be taken during an emergency are minimized. The 

COMSEC Custodian must ensure that: 

 

 

 

 

 

only the minimum amount of COMSEC material necessary for operational and 

contingency requirements are held by the COMSEC Account (see Table 2 in Chapter 9); 

COMSEC material is stored in a manner that will facilitate emergency evacuation or 

destruction; 

routine destruction is always conducted promptly upon authorization; 

excess COMSEC material is promptly disposed of in accordance with any disposition 

instructions; and 

COMSEC material prepared for use in an emergency is distributed without delay. 

14.2.1.2 COMSEC Accounts Operating in Hazardous Conditions 

COMSEC Accounts operating in hazardous conditions, where the risk of loss of key material due 

to accident or capture is high must hold only the minimum amount of key material deemed 

necessary to support mission requirements. Plans for the prompt re-supply of such COMSEC 

Accounts, in the event of an emergency supersession, must be prepared and readily implemented 

whenever needed. 

14.2.2 Natural Disasters and Accidental Emergencies 

Planning for a natural disaster or accidental emergency (e.g. fire, flood, tornado, or earthquake) 

must provide for: 

safety of all personnel; 

notification of emergency event during normal business hours and after hours; 

assignment of on-scene responsibility for ensuring the protection of COMSEC material; 

 

 

 

protection or removal of COMSEC material in the event that the admission of 

unauthorized individuals into the secure area(s) becomes necessary; 

evacuation of the area(s); 

assessment and reporting of the probable exposure of COMSEC material to unauthorized 

individuals during the emergency; 

96 October 2011 COMSEC Emergency Plan

UNCLASSIFIED 


 

 

 

 

 

post-emergency inventory of COMSEC material and reporting of the loss or unauthorized 

exposure of COMSEC material to the DCA; 

identification of primary and secondary recovery sites, when recovery will not be 

possible at the current location; 

identification of critical resources required to support the recovery; 

off-site storage facilities; and 

business continuity during and business resumption following the emergency event. 

14.2.3 Hostile Activity 

14.2.3.1 Assessment of situations 

Planning for potential hostile activity (e.g. enemy attack, civil uprising, riot) must concentrate on 

the activities necessary to safely evacuate or securely destroy the COMSEC material (without 

endangering life). It must take into consideration all possible situations which could occur, such 

as those in which: 

 

 

 

an orderly withdrawal could be conducted over a specified period of time; 

a volatile environment exists such that destruction must be performed discretely in order 

to avoid triggering hostilities; or 

invasion or capture is imminent. 

14.2.3.2 Consideration Factors 

Some important factors to be considered when planning for hostile activity: 

 

 

 

 

 

Likelihood of the various types of hostile actions and the threats that those actions pose. 

Availability and adequacy of physical security protection (e.g. perimeter controls, 

strength of guard forces, physical defences at locations which hold COMSEC material). 

Availability of transportation and adequate storage facilities for emergency evacuation 

and an assessment of the probable risks associated with emergency evacuation. 

Availability and adequacy of facilities for emergency destruction of COMSEC material, 

including approved destruction devices, electrical power, location, personnel, etc. 

Requirement for, and availability of, external communications during emergency 

situations. Unless there is an urgent need to restore communications after relocation, key 

material should be destroyed rather than evacuated. 

COMSEC Emergency Plan October 2011 97

UNCLASSIFIED 


14.2.3.3 External Communications 

External communications during an emergency situation should be limited to contact with a 

single remote point. This point will act as a distribution centre for outgoing message traffic and 

as a filter for incoming queries and guidance, thus relieving site personnel from multiple 

activities during the emergency. When there is a warning of hostile intent and the physical 

protection is inadequate to prevent overrun of the facility, secure communications should be 

discontinued in time to allow for thorough destruction of all COMSEC material. 

14.2.3.4 Protecting COMSEC Material 

The three options for the control of COMSEC material in an emergency due to hostile activity 

are: 

securing COMSEC material; 

 

 

removing COMSEC material from the scene of the emergency; and 

destroying COMSEC material. 

Planners must consider which of the above options (singly or in combination) are applicable to 

particular situations, and to their facilities. The option(s) from which to choose in various 

situations should be clearly stated in the plan. The following two scenarios are provided as 

examples: 

 

 

If it appears that a civil uprising is to be short-lived and that the COMSEC facility is to 

be only temporarily abandoned, the actions to take could be as follows – 

o Ensure that all superseded key material has been destroyed. 

o Gather up current and future key material and take it along if adequate security 

protection is available or destroy it using approved methods. 

o Zeroize the key from all keyed operational or on-standby equipment. 

o Remove all classified and CCI components from crypto-equipment and lock them, 

along with other classified COMSEC material, in approved storage containers. 

o Secure the facility door(s) and leave. 

o Upon return, conduct a complete inventory. 

If it appears that the facility is likely to be overrun, the emergency destruction plan should 

be put into effect. 

98 October 2011 COMSEC Emergency Plan

UNCLASSIFIED 


15 COMSEC Account Audit 

15.1 Planning the Audit 

15.1.1 Delegation of Authority 

The PGS mandates that CSEC report to the TBS on the state of COMSEC in the GC when 

requested. Compliance with this mandate requires CSEC to audit COMSEC Accounts on a 

regular basis. In concert with international partnership agreements, the audit is also required to 

ensure continued access to foreign COMSEC material. The COMSEC Account audit will 

hereafter be referred to as simply an audit. 

15.1.2 Purpose of an Audit 

The audit provides an independent review of a COMSEC Account’s records and activities to 

ensure COMSEC material produced by or entrusted to the COMSEC Account is controlled as 

detailed in this directive. 

15.1.3 Frequency of Audits 

A CSEC representative will audit COMSEC Accounts at least once every 18 months. Audits 

may be conducted more frequently based on: 

 

 

 

 

 

 

previous audit findings; 

size of the COMSEC Account inventory; 

volume of COMSEC Material Reports; 

frequency of deviation from COMSEC directive; 

abnormal number of COMSEC Custodian changes; or 

type of automated accounting system in use at the COMSEC Account. 

15.1.4 Scheduling the Audit 

Three weeks advance notice is normally provided. However, the audit may occur on short notice 

when irregularities of a serious nature have occurred. The CSEC representative conducting the 

audit will: 

 

 

 

contact the COMSEC Account Custodian (usually via a phone call or e-mail) to schedule 

the audit; 

confirm the date and time of the audit, in writing; and 

provide an audit check list that will be used as a guide during the audit. 

COMSEC Account Audit October 2011 99

UNCLASSIFIED 


15.2 Conducting the Audit 

15.2.1 Access to COMSEC Account Holdings 

The CSEC representative(s) is (are) authorized to have supervised access to all COMSEC 

Account reports, records and files, including electronic files and databases, upon presentation of 

their CSEC identification badge and copy of their COMSEC Briefing Certificate. 

NOTE: The CSEC representative(s) may require supervised access to COMSEC Sub-Account 

and Local Element sites. COMSEC Sub-Account and Local Element audits must be 

coordinated by the COMSEC Account Custodian (see Article 15.4.2). 

15.2.2 Scope of the Audit 

The audit must be sufficient in scope to determine the accuracy of COMSEC accounting records 

and to confirm that COMSEC material control procedures have been, and continue to be, 

correctly applied. The audit includes: 

 

 

 

 

 

 

 

verification that accounting reports, records and files are complete and accurate; 

verification of compliance with packaging, marking and distribution procedures; 

verification of the consistent application of procedures and processes (including physical 

security) related to the control, storage and use of COMSEC material; 

assessment of the adequacy of automated accounting system controls; 

a detailed audit of IP accounting records, if applicable; 

verification of the completion of COMSEC Sub-Account audits, if applicable; and 

discussion with the COMSEC Custodian regarding any problems encountered with the 

control of COMSEC material or the maintenance the COMSEC Account. 

15.2.3 Exit Interview 

Upon conclusion of the COMSEC Account audit, the CSEC representative(s) will hold an exit 

interview with the DSO, the DCA (if designated) and the COMSEC Custodian to advise them of 

any situations that require immediate corrective action(s) and to brief them on the audit findings 

and recommendations. 

NOTE: If neither the DSO, nor the DCA is available, the CSEC representative(s) will 

reschedule the exit interview. 

100 October 2011 COMSEC Account Audit

UNCLASSIFIED 

15.3 Audit Reporting 


15.3.1 COMSEC Account Audit Report 

The COMSEC Account Audit Report will document all observations, recommendations and 

required corrective actions. CSEC will provide the DCA with a copy of the COMSEC Account 

Audit Report (in both English and French) within 15 working days of completion of the audit. If 

corrective actions are required, a Statement of Action form will be included with the COMSEC 

Account Audit Report. 

15.3.2 Statement of Action Form 

The COMSEC Custodian must complete the corrective actions stated in the COMSEC Account 

Audit Report and return a signed Statement of Action form to CSEC within 10 working days of 

receipt of the COMSEC Account Audit Report. If due to operational requirements, the required 

corrective actions cannot be completed before the due date, CSEC may grant an extension to this 

period. 

15.3.3 Failure to Return a Statement of Action Form 

CSEC will send a tracer notice to the DCA if the signed Statement of Action form is not received 

when due. If a signed Statement of Action form is not returned to CSEC at the end of an 

additional 10 working days following dispatch of the initial tracer notice, a second tracer notice 

will be sent. After another five working days, following the second tracer, if the signed 

Statement of Action has not yet been received by CSEC, the matter will be treated as a 

COMSEC incident and forwarded to the NCIO for action. 

15.4 COMSEC Sub-Account Audits 


The COMSEC Custodian must audit COMSEC Sub-Accounts(s), at least once every 18 months, 

using the same considerations, and in the same manner, as detailed in this chapter. 

15.4.2 Communications Security Establishment Canada Participation 

Although COMSEC Custodians are normally responsible for conducting audits of their 

COMSEC Sub-Accounts, CSEC may conduct an audit of a COMSEC Sub-Account, including 

Local Elements, when irregularities of a serious nature have occurred. 

NOTE: COMSEC Sub-Account and Local Element irregularities notwithstanding, CSEC may 

request to collaborate with the COMSEC Account Custodian during routine audits. 

COMSEC Account Audit October 2011 101

UNCLASSIFIED 



102 October 2011 COMSEC Account Audit

UNCLASSIFIED 

16 COMSEC Incidents 

16.1 General 


A COMSEC incident occurs whenever there is a situation or activity that jeopardizes the 

confidentiality, integrity or availability of COMSEC information, material or services. 

Prompt and accurate reporting of COMSEC incidents minimizes the potential for compromise of 

COMSEC material and the classified information that it protects. Unless all personnel who 

handle or manage COMSEC material immediately report all occurrences that are specifically 

identified as COMSEC incidents, corrective action cannot be implemented in a timely manner to 

mitigate or eliminate their impact. 

It is vitally important that all suspected COMSEC incidents be promptly reported to the 

responsible DCA. 

16.2 Classes of COMSEC Incidents 

16.2.1 Compromising Incidents 

Compromising incidents may have serious consequences for operational security. Investigation 

of compromising incidents helps to determine if sensitive records were irretrievably lost by the 

rightful owners or accessed by an unauthorized individual. It is important to note that the 

compromise of sensitive information or asset(s) may have implications far beyond the local 

authorized user or GC department. Compromising incidents are reportable at the national level 

(report to COMSEC Custodian, DCA and NCIO). 

16.2.2 Practices Dangerous to Security 

Practices Dangerous to Security (PDS) are incidents that are considered minor violations of 

administrative requirements and do not result in the loss of control, unauthorized access or 

unauthorized viewing of COMSEC material. PDS are considered administrative infractions 

and are not reportable at the national level. PDS do not result in a compromise of 

information, assets or functionality, but create situations where exploitation is possible unless 

action is taken to correct the practice. Even minor violations may warrant an evaluation. 

Therefore, PDS must be handled locally by the DCA in accordance with departmental directives. 

PDS include: 

 

 

premature or out-of-sequence use of keying material without the approval of the CA 

(report to CA, Custodian and DCA only) 

inadvertent destruction of keying material without authorization of the CA, as long as the 

destruction was properly performed and documented (only report to the CA, the 

COMSEC Custodian and the DCA) 

COMSEC Incidents October 2011 103

UNCLASSIFIED 


 

 

 

 

 

 

 

removing keying material from its protective packaging prior to issue for use, or removing 

the protective packaging without authorization, as long as the removal was documented, 

the exposed key material was properly protected, and there was no reason to suspect 

espionage (only report to the COMSEC Custodian and the DCA) 

receipt of a package with damaged outer wrapper, but an intact inner wrapper (only report 

to the COMSEC Custodian and the DCA) 

incidents involving unclassified, non-registered documents, unclassified equipment not 

marked CCI, and unclassified keying material not marked CRYPTO (only report to the 

COMSEC Custodian and the DCA) 

activation of the anti-tamper mechanism or unexplained zeroization of COMSEC 

equipment as long as there were no other indications of unauthorized access or penetration 

(only report to the COMSEC Custodian and the DCA) 

NOTE: When these events occur (without explanation) to a KP, report as a National 

COMSEC incident vice a PDS. 

failure to zeroize key from a common fill device or T3MD within the time limits imposed 

in Article 12.2.3 (only report to the COMSEC Custodian and the DCA) 

destruction of COMSEC material not performed within required time limits (only report 

to the COMSEC Custodian and the DCA) 

loss of audit trail data in T3MDs due to the failure to upload when the time and means are 

unavailable (only report to the COMSEC Custodian and the DCA) 

16.3 Categories of COMSEC Incidents 

16.3.1 Cryptographic Incidents 

Cryptographic incidents are directly related to the improper or unauthorized use of key material 

or cryptographic equipment or systems. The following examples of cryptographic COMSEC 

incidents are not all inclusive. Additional reportable COMSEC incidents, which are unique to a 

given cryptosystem or to a particular application of a cryptosystem, will be listed in the specific 

system or equipment doctrine. 

Such incidents include: 

the use of key material which is compromised, superseded, defective, previously used 

(and not authorized for reuse) or incorrectly used. For example the – 

104 October 2011 COMSEC Incidents

UNCLASSIFIED 

 

 

 

 


o use of key material that was produced without CSEC authorization 

o unauthorized use of any key material for other than its intended purpose 

o unauthorized extension of a cryptoperiod, and 

o premature use of key material; 

the use of COMSEC systems, equipment, software, operational practices or maintenance 

practices which are not approved by CSEC. For example – 

o the operational use of COMSEC equipment without the completion of a required 

alarm-check test or after the failure of an alarm-check test 

o the maintenance of crypto-equipment by unauthorized or unqualified individuals, and 

o tampering with, or unauthorized modification of a COMSEC component, equipment 

or system; 

the operational use of COMSEC equipment having defective cryptographic logic circuitry 

or use of an unapproved operating procedure. For example – 

o plain text transmission resulting from a COMSEC equipment failure or malfunction 

o any transmission during a failure, or after an uncorrected failure that may cause 

improper operation of COMSEC equipment, and 

o compromising emanations from a COMSEC equipment or system while processing 

classified information; 

discussion via non-secure communications of the details of a crypto-equipment failure or 

malfunction; and 

any other unauthorized use of key material or cryptographic equipment. 

16.3.2 Personnel Incidents 

Personnel incidents are situations involving individuals who have access to COMSEC material, 

which could jeopardize the security of that COMSEC material. Such incidents include: 

 

 

 

 

 

 

 

known or suspected defection or treason; 

known or suspected espionage or sabotage; 

known or suspected subversion; 

theft of COMSEC material; 

deliberate falsification of COMSEC records or reports; 

known or deliberate failing to report a known or suspected COMSEC incident; 

unauthorized disclosure, or an attempt at disclosure, of information concerning COMSEC 

material; and 

COMSEC Incidents October 2011 105

UNCLASSIFIED 


 

accidentally or knowingly processing, storing or transmitting classified or protected 

information on an inappropriate COMSEC system or equipment. 

16.3.3 Physical Incidents 

Physical incidents are situations that adversely affect the physical security of COMSEC material. 

Such incidents include: 

loss of any COMSEC material or portions thereof; 

unauthorized access to COMSEC material; 

 

 

 

 

 

 

 

 

 

discovery of COMSEC material outside of required accountability and physical control. 

For example – 

o material reflected on a destruction report as having been destroyed and witnessed, but 

found not completely destroyed and left unattended; 

o material left unsecured and unattended where unauthorized individuals could have had 

access; 

o failure to maintain required TPI or NLZ controls for TOP SECRET key; and 

o failure to destroy a key (including zeroizing a fill device) after use or supersession 

within the prescribed period of time; 

COMSEC material improperly packaged or shipped; 

receipt of classified equipment, CCI or key material marked CRYPTO with a damaged 

inner wrapper; 

destruction of COMSEC material by other than authorized means; 

actual or attempted unauthorized maintenance (including maintenance by unqualified 

individuals) or the use of a maintenance procedure that deviates from established 

directive; 

known or suspected tampering with or penetration of COMSEC material including, but 

not limited to, COMSEC material received in protective packaging which shows evidence 

of tampering and unauthorized premature opening of a sealed package of key material; 

unauthorized copying, reproducing or photographing of COMSEC material; 

discovery of a clandestine intercept or recording device in or near a COMSEC facility; 

and 

any other occurrence which jeopardizes the physical security of COMSEC material. 


UNCLASSIFIED 


16.4 Handling of Incidents 

16.4.1 Departmental Procedures 

The DCA must establish internal COMSEC incident identification and response procedures that 

will ensure prompt and accurate reporting of COMSEC incidents and minimize the potential for 

or actual loss or compromise of COMSEC material. 

The COMSEC Custodian must ensure that each individual who uses, or otherwise has access to 

COMSEC material is capable of recognizing a COMSEC incident and understands the 

requirements for immediately reporting COMSEC incidents. 

16.4.2 COMSEC Custodian Responsibility 

When COMSEC material is actually or potentially compromised, the COMSEC Custodian must 

take the following steps: 

a. Immediately report the circumstances to the DCA. 

b. Mark all item(s) of the affected COMSEC material as “Pending Investigation” in the 

COMSEC material inventory file. 

c. Maintain accountability for the COMSEC material until the COMSEC investigation is 

complete and a Final Assessment and Closure Report have been received from the NCIO 

authorizing the disposition of the COMSEC material (e.g. transfer to CSEC for evaluation, 

destruction, relief from accountability for lost item). 

16.4.3 Departmental COMSEC Authority Responsibility 

Upon notification of an actual or potential COMSEC incident, the DCA must: 

a. conduct a preliminary investigation to verify the validity of the report and determine any 

immediate corrective action that is required; 

b. consider the impact of corrective actions or inaction on national or international security; 

c. inform all individuals within and outside of the GC department who have a need to be 

aware of the incident; and 

d. follow-up with a more thorough investigation, if required. 

Occurrences that are clearly administrative in nature and that pose no security implications 

(e.g. COMSEC material accounting procedural matters) may be reported to NCOR/COR as a 

routine matter. If any doubt exists about an occurrence, it must be treated as a COMSEC 

incident. 


UNCLASSIFIED 


16.4.4 Reporting COMSEC Incidents 

16.4.4.1 Initial Response to COMSEC Incident 

Immediately following the preliminary investigation, if it is determined that a reportable 

COMSEC incident has occurred, the DCA must, within 24 hours after discovery, forward a 

COMSEC Incident Initial Report to the NCIO at CSEC. The NCIO will assess the situation to 

determine the significance and potential impact of each case. Except in very minor cases, the 

NCIO will require the GC department to conduct a more thorough investigation and to submit a 

COMSEC Incident Evaluation Report. 

16.4.4.2 COMSEC Incident Initial Report 

The COMSEC Incident Initial Report may take the form of a verbal notification by secure 

telephone or informal notification by secure facsimile. A formal written report may also be 

requested by the NCIO to clarify details. The COMSEC Incident Initial Report must provide the 

following information: 

identification of the COMSEC Account in which the incident occurred; 

category of the incident (i.e. Cryptographic, Physical or Personnel); 

 

 

 

 

 

 

identification of all COMSEC material involved including short title(s), edition and 

segment of key(s) loaded in COMSEC equipment, accounting numbers (e.g. KMID), 

classification, responsible CA and key expiry or supersession date; 

identity of all individual(s) involved including name, citizenship, position and security 

clearance level; 

description of circumstances surrounding the incident including the date of incident or 

discovery and the date reported; 

name of the DCA responsible for investigating and evaluating the incident; 

immediate corrective action(s) taken, or planned; and 

an estimation of the possibility of compromise (i.e. “Certain”, “Possible”, “Unlikely” or 

“Impossible”) with the basis for the estimation. 

16.4.4.3 COMSEC Incident Evaluation Report (Letter) 

A COMSEC Incident Evaluation Report provides the NCIO with the required details and facts 

surrounding a COMSEC incident. 

For simple incidents, the NCIO will request a COMSEC Incident Evaluation Report in the form 

of a letter, which must provide: 

 

 

a detailed chronological account of the nature and circumstances of the COMSEC 

incident; 

an assessment of the probability of compromise; and 


UNCLASSIFIED 

 


a description of corrective action taken to limit damage resulting from the incident and to 

prevent recurrence of the incident. 

For more complex cases, the NCIO will provide additional direction and request a more detailed 

COMSEC Incident Evaluation Report. 

16.4.4.4 Sensitivity of COMSEC Incident Reports 

COMSEC incident reports must be classified and protected at a level consistent with the most 

sensitive information actually or potentially exposed, lost or compromised in the incident. The 

following additional rules apply: 

 

 

 

When deemed necessary, a GC department may classify a COMSEC incident report at a 

higher level. A COMSEC incident report involving COMSEC material of different levels 

of sensitivity must be classified at the most sensitive level applicable to the incident. 

In a case where the incident involves COMSEC equipment, systems or material, the 

incident must be handled and reported at a level at least commensurate with that of the 

COMSEC equipment, system or COMSEC material. 

In a case where the COMSEC material relates to IT systems processing information at a 

classification level greater than that of the COMSEC material, the incident must be 

handled and reported at the greater classification level (e.g. an incident involving 

PROTECTED A authentication key material used on an IT system processing SECRET 

information will be controlled and reported at the SECRET level). 

16.4.4.5 Dissemination of COMSEC Incident Information 

Dissemination of information relevant to any COMSEC incident must be limited to those with a 

clear need-to-know. 

16.5 Recovery of COMSEC Material 

The DCA must ensure that individuals who are responsible for recovery action are able to 

quickly implement the required recovery procedures and consequently minimize the impact of a 

COMSEC incident. 

16.6 Post-Incident Evaluation 

Following the collection and assessment of all information received or available from existing 

records, the NCIO will issue a COMSEC Incident Final Assessment and Closure Report for each 

reported COMSEC incident. The report will include recommendations to prevent a similar 

COMSEC incident or reduce the impact of a recurrence. 


UNCLASSIFIED 


16.7 COMSEC Incidents Involving North Atlantic Treaty Organization 

COMSEC Material 

GC departments holding NATO COMSEC material must report COMSEC incidents involving 

NATO material to the NCIO at CSEC. The NCIO, in coordination with DND, will provide 

direction with respect to the conduct of the investigation and ensure that NATO authorities are 

kept informed. 

16.8 COMSEC Incidents Involving In-Process COMSEC Material 

Canadian Private Sector organizations holding IP COMSEC material must report COMSEC 

incidents to CICA (see reporting COMSEC Incidents in the ICMCM). CICA will, in turn, 

immediately notify the CICA DCA who will notify the NCIO. 

16.9 Disciplinary Action 

The primary purpose of reporting COMSEC incidents is to continuously maintain the maximum 

possible level of protection for GC sensitive information and COMSEC material. This directive 

provides for administrative control measures in support of GC policy and the PGS. Disciplinary 

action, if deemed warranted by circumstance, is entirely in the purview of the DSO and host 

departmental authorities. Failure to report a COMSEC incident, or cover it up, may be 

considered “wilful or gross neglect” and must be evaluated accordingly. 

In cases of non-compliance, CSEC may escalate administrative control of a department’s 

COMSEC Account including suspension (refer to Article 4.6.1). 


UNCLASSIFIED 


Glossary 

Access 

Accountability 

Accountable COMSEC 

Material (ACM) 

Accountable COMSEC 

Material Control 

Agreement (ACMCA) 

Accounting Legend Code 

(ALC) 

Alternate COMSEC 

Custodian 

Audit Trail 

The capability and opportunity to gain knowledge or 

possession of, or to alter, information or material. 

The responsibility of an individual for the safeguard and 

control of COMSEC material which has been entrusted to 

his or her custody. 

COMSEC material that requires control and 

accountability within the National COMSEC Material 

Control System in accordance with its accounting legend 

code and for which transfer or disclosure could be 

detrimental to the national security of Canada. 

A binding agreement between Communications Security 

Establishment Canada and an entity (Government or 

Canadian private sector) not listed in Schedules I, I.1, II, 

IV and V of the Financial Administration Act that will 

permit the procurement, ownership, control and 

management of COMSEC material. It will also prescribe 

the conditions for the financing, resale and final 

disposition of the COMSEC material. 

Numeric code used to indicate the minimum accounting 

controls for COMSEC material which requires 

accountability and control within the National COMSEC 

Material Control System. 

The individual designated by the Departmental COMSEC 

Authority to assist the COMSEC Custodian and to 

perform the duties of the COMSEC Custodian during the 

temporary absence of the COMSEC Custodian. 

A chronological record of system activities to enable the 

construction and examination of the sequence of events or 

changes in an event (or both). 

Glossary October 2011 111

UNCLASSIFIED 


Authorized User (AU) 

BLACK Key 

Centrally-Accountable 


Communications Security 

(COMSEC) 

Compromise 

COMSEC Account 

COMSEC Account Audit 

COMSEC Courier 

Certificate 

An individual, who is required to use COMSEC material 

in the performance of assigned duties, possesses the 

required security clearance or reliability status, has been 

COMSEC briefed, has the need-to-know and is 

responsible for safeguarding COMSEC material. 

Encrypted key (i.e. classified keying material in 

encrypted format that has been encrypted with 

cryptography approved by Communications Security 

Establishment Canada). 

COMSEC material that has been assigned an Accounting 

Legend Code of 1, 2 or 6 and is continuously accountable 

to a Central Office of Record. 

The application of cryptographic security, transmission 

and emission security, physical security measures, 

operational practices and controls to deny unauthorized 

access to information derived from telecommunications 

and that ensure the authenticity of such 

telecommunications. 

Unauthorized disclosure, destruction, removal, 

modification, interruption or use of assets. 

An administrative entity identified by an Electronic Key 

Management System Identifier (i.e. COMSEC Account 

number), used to maintain accountability, custody and 

control of COMSEC material that has been entrusted to 

the entity. 

Independent cooperative examination of a COMSEC 

Account’s records and activities to ensure COMSEC 

material produced by or entrusted to the COMSEC 

Account is handled and controlled in accordance with 

applicable directive. 

A document authorizing an individual to transport 

COMSEC material. 

112 October 2011 Glossary

UNCLASSIFIED 


COMSEC Custodian 

COMSEC Equipment 

COMSEC Facility 

COMSEC Incident 


COMSEC Material Report 

COMSEC Sub-Account 

The individual designated by the Departmental COMSEC 

Authority to be responsible for the receipt, storage, 

access, distribution, accounting, disposal and destruction 

of all COMSEC material that has been charged to the 

departmental COMSEC Account. 

Communications Security Establishment Canadaapproved 

cryptographic equipment and systems designed 

to protect classified or PROTECTED C information and 

data for the Government of Canada. It may also include 

crypto-ancillary, crypto-production and authentication 

equipment. 

An authorized space in a building or other location that is 

employed for the purpose of generating, storing, repairing 

or using COMSEC material. 

Any occurrence that jeopardizes or potentially 

jeopardizes the security of classified or protected 

Government of Canada information while it is being 

stored, processed, transmitted or received during the 

telecommunications process. 

Material designed to secure or authenticate 

telecommunications information. COMSEC material 

includes, but is not limited to, key, equipment, modules, 

devices, documents, hardware, firmware or software that 

embodies or describes cryptographic logic and other 

items that perform COMSEC functions. 

A general-purpose form (i.e. GC-223) used by COMSEC 

Custodians to report accounting transactions or to provide 

notice of an action involving COMSEC material. 

An administrative entity identified by an Electronic Key 

Management System Identifier (i.e. COMSEC Account 

number) established by a COMSEC Account to assist in 

the control of the COMSEC material entrusted to the 

COMSEC Account. 


UNCLASSIFIED 


Controlled Cryptographic 

Item (CCI) 

Controlled Cryptographic 

Item (CCI) Marking 

Controlling Authority (CA) 

Conversion Report 

CRYPTO 

Crypto Material Assistance 

Centre (CMAC) 

Cryptographic 

Cryptographic Logic 

Unclassified secure telecommunications or information 

handling equipment, or associated cryptographic 

components, that are governed by a special set of control 

requirements within the National COMSEC Material 

Control System and marked “Controlled Cryptographic 

Item”, or where space is limited, “CCI”. 

A marking applied to COMSEC material that serves as a 

warning that material so marked is subject to special 

handling and control requirements. 

Designated entity responsible for managing the 

operational use and control of key assigned to that 

cryptographic network. 

Accounting report documenting the change of an 

Accounting Legend Code and/or short title of physical 

COMSEC material, or recording the modification 

number(s) assigned to COMSEC equipment. 

A marking which is applied to key material indicating 

that items so marked are subject to specific controls 

governing access, distribution, storage, accounting, 

disposal and destruction (see Cryptographic below). 

The entity within Communications Security 

Establishment Canada responsible for all aspects of key 

ordering including privilege management, the 

management of the National Central Office of Record and 

the administration of the Assistance Centre. 

Pertaining to or concerned with cryptography (often 

abbreviated as "CRYPTO" and used as a prefix). 

The embodiment of one (or more) crypto-algorithm(s) 

along with alarms, checks, and other processes essential 

to effective and secure performance of the cryptographic 

process(es). 


UNCLASSIFIED 


Cryptographic Material 

Cryptographic Network 

(cryptonet) 

Cryptography 

Crypto-Ignition Key (CIK) 

Cryptoperiod 

Departmental COMSEC 

Authority (DCA) 

Departmental Security 

Officer (DSO) 

Destruction Device 

Destruction Report 

All material, including documents, devices and 

equipment, which contain crypto-information and is 

essential to the encryption, decryption or authentication 

of communications. 

A telecommunications network (regardless of size or 

number of users) in which information is protected by the 

use of compatible cryptographic equipment using the 

same cryptographic key. 

The discipline that treats the principles, means and 

methods for making plain information unintelligible and 

reconverting the unintelligible information back into plain 

information. 

A device or electronic key that can be used to unlock the 

secure mode of cryptographic equipment. 

A specific period of time during which a cryptographic 

key is in effect. 

The individual designated by, and responsible to, the 

Departmental Security Officer for developing, 

implementing, maintaining, coordinating and monitoring 

a departmental COMSEC program which is consistent 

with the Policy on Government Security and its standards. 

The individual responsible for developing, implementing, 

maintaining, coordinating and monitoring a departmental 

security program consistent with the Policy on 

Government Security and its standards. 

Any device or process used to change the medium which 

contains classified or protected information in such a way 

that the classified or protected information can no longer 

be derived from the medium. 

Accounting report documenting the physical destruction 

or electronic zeroization of COMSEC material, whether 

by authorized means or by accident. 


UNCLASSIFIED 


Electronic Key 

Encryption 

Facility Security Clearance 

Fill 

GC-223 

Generation Report 


(GC) department 

Hand Receipt 

Hierarchy of Zones 

Key that is stored on magnetic media, optical media, or in 

electronic memory, transferred by electronic circuitry, or 

loaded into COMSEC equipment. 

The transformation of readable data into an unreadable 

stream of characters using a reversible coding process. 

An administrative determination that an organization is 

eligible, from a security viewpoint, for access to 

classified and protected information or assets of the same 

or lower classification level as the clearance being 

granted. 

The process of providing key material to an end 

equipment or end crypto unit for its internal use. 

See COMSEC Material Report. 

Accounting report documenting the generation or import 

of electronic key. 

Any federal department, organization, agency or 

institution subject to the Policy on Government Security. 

An accounting record that documents the issue of and 

acceptance of responsibility for COMSEC material. 

Process by which Government of Canada departments 

must ensure that access to, and safeguards for, protected 

and classified COMSEC material are based on a clearly 

discernable hierarchy of zones. There are five zones: 

Public Zone; Reception Zone; Operations Zone; Security 

Zone and High Security Zone. 


UNCLASSIFIED 


High Security Zone 


(IT) 


(IT) Security 

In-Process (IP) COMSEC 

Material 

Integrity 

Inventory Report 

Issue 

Key 

Key Encryption Key (KEK) 

Area to which access is limited to authorized, 

appropriately-screened personnel and authorized and 

properly-escorted visitors. It must be indicated by a 

perimeter built to the specifications recommended in the 

Threat and Risk Assessment, monitored continuously (i.e. 

24 hours a day and 7 days a week) and be an area to 

which details of access are recorded and audited. 

The acquisition, processing, storage and dissemination of 

vocal, pictorial, textual and numerical information by a 

combination of computing hardware, firmware, and 

software, telecommunications and automated information 

systems, automatic data processing equipment, and video. 

Safeguards to preserve the confidentiality, integrity, 

availability, intended use and value of electronically 

stored, processed or transmitted information. 

COMSEC material being developed, produced, 

manufactured or repaired. 

The accuracy and completeness of information and assets, 

and the authenticity of transactions. 

An accounting report listing COMSEC material charged 

to a COMSEC Account. 

The process of distributing COMSEC material from a 

COMSEC Account to its COMSEC Sub-Account(s) or 

Local Element(s). 

Information used to set up and periodically change the 

operations performed in crypto-equipment for the purpose 

of encrypting and decrypting electronic signals and digital 

signatures, determining electronic countermeasures 

patterns, or producing other keys. 

A key that encrypts or decrypts other key for transmission 

or storage. 


UNCLASSIFIED 


Key Management 

Key Material 

Key Material Support Plan 

(KMSP) 

Local Accounting 

Local Accounting Identifier 

Local Element 

Locally-Accountable 


National Central Office of 

Record (NCOR) 

The procedures and mechanisms for generating, 

disseminating, replacing, storing, archiving, and 

destroying keys which control encryption or 

authentication processes. 

Key, code, or authentication information that is in 

physical or electronic form. 

A detailed description of the COMSEC requirements of a 

cryptographic network. 

The process used by the COMSEC Custodian to control 

and account for COMSEC material and other specified 

material that is not reportable to the National Central 

Office of Record/Central Office of Record. 

A unique number or alpha-numeric designator assigned 

locally to material that requires local accounting within a 

COMSEC Account. 

NOTE: Local accounting identifiers must not be used on 

the COMSEC Material Report as an accounting 

number. They may be included in the remarks 

column. 

Individual registered at a COMSEC Account or 

COMSEC Sub-Account who may receive COMSEC 

material from that account. 

COMSEC material that has been assigned an Accounting 

Legend Code 4 or 7 and which is continuously 

accountable within a COMSEC Account after initial 

receipt has been sent to the distributing COMSEC 

Account. 

The entity at Communications Security Establishment 

Canada responsible for maintaining records of 

accountability for all accountable COMSEC material, 

produced in, or entrusted to, Canada. 


UNCLASSIFIED 


National COMSEC 

Incidents Office (NCIO) 

National COMSEC 

Material Control System 

(NCMCS) 

Need-to-Know 

No Lone Zone (NLZ) 

Operations Zone 

Organization 

Permuter 

Personal Identification 

Number (PIN) 

The entity at Communications Security Establishment 

Canada responsible for managing COMSEC incidents 

through registration, investigation, assessment, 

evaluation, and closure. 

A logistic system through which COMSEC material, 

including COMSEC material marked “CRYPTO” is 

distributed, controlled and safeguarded. 

The requirement for someone to access and know certain 

information in order to perform his or her duties. 

An area, room, or space to which no one person is 

permitted to have unaccompanied access, and that when 

occupied must have two or more appropriately cleared 

individuals within, who must remain within sight of each 

other. 

Area where access is limited to personnel who work there 

and to properly-escorted visitors. It must be indicated by 

a recognizable perimeter and monitored periodically. 

Any institution, other than a Government of Canada 

department, agency or crown corporation, holding or 

seeking a Facility Security Clearance. The majority are 

commercial corporations, but other institutions are also 

included such as universities, partnerships, and other 

levels of government and their agencies. 

Device used in crypto-equipment to change the order in 

which the contents of a shift register are used in various 

non-linear combing circuits. 

A series of letters, special characters, and numbers used 

to unlock the secure mode of COMSEC equipment. 


UNCLASSIFIED 


Personnel Security 

Screening 

Physical Key 

Physical Security 

Plik 

Possession Report 

Private Sector 

Protected Information 

Protection 

The process of examining the trustworthiness and 

suitability of employees and, where national interest is 

concerned, their loyalty and associated reliability. When 

satisfactory, an employee is grated reliability status or a 

security clearance. Reliability status applies when only 

protected assets are concerned. When the employee has 

access to classified assets, a security clearance 

corresponding to the level of classified assets is issued. 

A security clearance includes reliability status. 

Hard copy key in a non-electronic format. 

The use of physical safeguards to prevent or delay 

unauthorized access to assets, to detect attempted and 

actual unauthorized access and to activate appropriate 

responses. 

A tamper evident, theft prevention, high security seal that 

is affixed to packages before shipment. 

Accounting report documenting the entry of COMSEC 

material into the National COMSEC Material Control 

System. 

Canadian companies or organizations that do not fall 

under the Financial Administration Act or are not 

subordinate to a provincial or municipal government. 

Information related to other than the national interest that 

may qualify for an exemption or exclusion under the 

Access to Information Act or Privacy Act. 

For physical security, protection means the use of 

physical, procedural and psychological barriers to delay 

or deter unauthorized access, including visual and 

acoustic barriers. 


UNCLASSIFIED 


Protective Packaging 

Public Zone 

Reception Zone 

RED Key 

Relief from Accountability 

(RFA) Report 

Restricted Access Area 

Reticule 

Risk 

Risk Assessment 

Screening 

Packaging techniques for COMSEC material, which 

discourage penetration, and/or reveal that a penetration 

has occurred, or which inhibit viewing or copying of 

COMSEC material, before the time it is exposed for use. 

Area where the public has unimpeded access and 

generally surrounds or forms part of a government 

facility. 

Area where the transition from a public zone to a 

restricted access area is demarcated and controlled. It is 

typically located at the entry to the facility where initial 

contact between visitors and the department occurs. 

Access by visitors may be limited to specific times of the 

day or for specific reasons. 

Unencrypted key. 

Accounting report documenting the removal of COMSEC 

material from a COMSEC Account inventory. 

A work area where access is limited to authorized 

individuals. It includes Operation Zones, Security Zones 

and High Security Zones. 

A disk, or the like, with a pattern of opaque and 

transparent portions which can be rotated in the path of a 

beam of light or other radiation so as to modulate it. 

The chance of a vulnerability being exploited. 

An evaluation based on the effectiveness of existing or 

proposed security safeguards, of the chance of 

vulnerabilities being exploited. 

The process of verifying visitors and/or material at entry 

points of a facility or a restricted area for authorizing 

access. 


UNCLASSIFIED 


Security Classification 

Security Screening 

Security Zone 

Short Title 

Sight Inventory 

Supersession 

Threat 

Threat Assessment 

Tier 3 Management Device 

(T3MD) 

A category or grade assigned to information or material to 

indicate the degree of danger to national security that 

would result from its unauthorized disclosure and the 

standard of protection required to guard against 

unauthorized disclosure (e.g. TOP SECRET, SECRET 

and CONFIDENTIAL). 

The process which must be completed before an 

individual can be granted a security clearance. 

Area to which access is limited to authorized personnel 

and to authorized and properly-escorted visitors. It must 

be indicated by a recognizable perimeter and monitored 

continuously (i.e. 24 hours a day and 7 days a week). 

Identifying combination of letters and numbers assigned 

to COMSEC material to facilitate handling, accounting, 

and control. 

The physical verification of the presence of each item of 

COMSEC material charged to a COMSEC Account. 

Scheduled or unscheduled replacement of a key or 

COMSEC publication with a different edition. 

Any event or act, deliberate or accidental, that could 

cause injury to people, information, assets or services. 

An evaluation of the nature, likelihood and consequences 

of acts or events that could cause injury to people, 

information, assets or services. 

A Communications Security Establishment Canadaapproved 

device (e.g. AN/CYZ-10/10A, KIK-20 and 

AN/PYQ-10), that securely stores, transports and 

transfers (electronically) both COMSEC and TRANSEC 

key and that is programmable to support modern mission 

systems. Designed to be backwards compatible with 

previous generations of common fill devices. 


UNCLASSIFIED 


Tracer Notice – Transfer 

Transfer 

Transfer Report 

Transmission Security 

(TRANSEC) 

Two Person Integrity (TPI) 

Unauthorized Access 

Vulnerability 

Zones 

A notice sent by a COMSEC Custodian or the National 

Central Office of Record/Central Office of Record when a 

copy of a Transfer Report or a Transfer Report Receipt is 

not received within a pre-determined period of time. 

The process of distributing COMSEC material from one 

COMSEC Account to another COMSEC Account. 

An accounting report that documents the distribution of 

COMSEC material from one COMSEC Account to 

another COMSEC Account. 

The application of measures designed to protect 

transmissions from interception and exploitation by 

means other than cryptanalysis. 

A control procedure whereby TOP SECRET key material 

and other specified key material is never handled or made 

available to one individual only. 

Access to assets by an individual who is not properly 

security screened and/or does not have a need-to-know. 

An inadequacy related to security that could increase 

susceptibility to compromise or injury. 

A series of clearly discernable spaces to progressively 

control access. See Hierarchy of Zones. 


UNCLASSIFIED 


Bibliography 

Documents available from COMSEC Client Services at CSEC: 

 

 

 

 

A Guide to Security Risk Management for Information Technology Systems (MG-2), 

January 1996. 

Canadian Cryptographic Doctrine for the Government of Canada Electronic Key 

Management System (GC EKMS) (CCD-06), November 2006. 

Canadian Cryptographic Doctrine for the Local Management Device/Key Processor 

(LMD/KP [KOK-22/22A]) (CCD-07), August 2002. 

Canadian Cryptographic Doctrine for the Disposal of Accountable COMSEC 

Equipment (CCD-49), February 2008. 

Industrial COMSEC Material Control (ICMCM) (ITSD-CSD-01), December 2001. 

 

Local Management Device/Key Processor (LMD/KP) Operator’s Manual, 

September 2000. 

Manual of Cryptographic Equipment and COMSEC Devices (MG-16), July 1997. 

 

 

NATO Crypto Distribution and Accounting Publication (AMSG 505), undated. 

Policy and Procedures for the Handling and Control of Two-Person-Controlled (TPC) 

NATO Security Material (AMSG 773), undated. 

Short Title Nomenclature in Canada (ITSG-09), October 2001. 

 

Control of Communications Security (COMSEC) Material (NSA/CSS Policy Manual 

No. 3-16), U.S., August 5, 2005. 

Bibliography October 2011 125

UNCLASSIFIED 


Documents available on the Internet: 

Communications Security Establishment Canada 

Directive for the Application of Communications Security in the Government of 

Canada (ITSD-01), January 2005. 

Cryptographic Key Ordering Manual (ITSG-13), May 2006. 

Clearing and Declassifying Electronic Data Storage Devices (ITSG-06), July 2006. 

Justice Canada 

Financial Administration Act (FAA), 1985 (current as of April 19, 2011). 

Public Works and Government Services Canada 

Industrial Security Manual, December 11, 2009. 

Royal Canadian Mounted Police 

Control of Access (G1-024), August 2004. 

Protection, Detection and Response (G1-025), December 2004. 

Guide to the Application of Physical Security Zones (G1-026), September 2005. 

Security Equipment Guide (G1-001), March 2006. 

Treasury Board of Canada Secretariat 

Policy on Government Security, July 1, 2009. 

Operational Security Standard on Physical Security, December 1, 2004. 

 

Operational Security Standard: Management of Information Technology Security (MITS), 

May 31, 2004. 

126 October 2011 Bibliography

UNCLASSIFIED 


Annex A – Control of In-Process COMSEC Material 

A.1 Introduction 

A.1.1 

Purpose 

This annex provides the minimum security requirements for COMSEC material that requires 

control and accounting within an “In-Process (IP)” logistics system. 

A.1.2 

Scope 

IP COMSEC material includes: 

key material, COMSEC publications or COMSEC equipment (including CCI and 

sensitive IP COMSEC parts, components and assemblies) which is being developed, 

manufactured, assembled, disassembled, produced or reproduced before being controlled 

in the NCMCS (or a foreign national COMSEC system); 

 

 

A.1.3 

COMSEC equipment (controlled in the NCMCS) which is under a Repair and 

Maintenance (R&M) contract and includes the removal or insertion of COMSEC parts, 

components or assemblies; and 

COMSEC publications (controlled in the NCMCS) and IP manuscripts which are under 

contract for translation or reproduction. 

Content of Annex 

This annex contains the following sections: 

Section A.1 – Introduction 

Section A.2 – IP Plan 

Section A.3 – Accounting for IP COMSEC Material 

Section A.4 – Control of IP COMSEC Equipment 

Section A.5 – COMSEC Equipment under R&M Contract 

Section A.6 – COMSEC Publications under Development 

Section A.7 – COMSEC Publications under Reproduction or Translation Contract 

Annex A – Control of In-Process October 2011 127 

COMSEC Material

UNCLASSIFIED 


A.2 In-Process Plan 

A.2.1 

Content of the In-Process Plan 

The IP Plan must include: 

purpose of the IP plan; 

references and definitions used in or to develop the IP plan; 

name, address and account number of the IP COMSEC Account; 

individual responsibilities and duties; 

access and storage requirements, including a floor plan if possible, and any NLZ and TPI 

control requirements; 

 

 

 

 

 

 

 

 

 

 

 

list of the item(s) to be controlled and the point in the production process at which an 

item becomes IP COMSEC material, and becomes subject to IP accounting; 

NOTE: Assistance in identifying this point and in identifying the level of security 

classification or protected level is available by contacting the appropriate 

approving authority. 

accounting records (with examples) that reflect an accurate accounting status of each 

individual IP item or portions thereof, at every stage of production at any given time; 

internal and external process for the reconciliation of accounting records; 

procedures for the control of material during all aspects of its production as well as any 

form of drafts, extracts, waste, scrap, etc., applicable to that production; 

shipment methods for transfer or issue (hand receipt) of IP material; 

methods of disposal of breakage, waste and scrap, as well as accounting procedures to 

reflect the disposal of the items; 

procedures for the entry of COMSEC material from the NCMCS into the IP accounting 

system and transition of completed items into the NCMCS; 

identity of subcontractors, where applicable; 

COMSEC incident reporting procedures; 

an addendum to the plan for each contract where processing of IP COMSEC material is 

required, identifying the COMSEC material to be produced under that contract, and 

describing any procedures that are specific to that contract; and 

any special instructions. 

128 October 2011 Annex A – Control of In-Process 

COMSEC Material

UNCLASSIFIED 

A.2.2 


Approval of an In-Process Plan 

An approved IP Plan must be in place before the release of or commencement of work on IP 

COMSEC material by the GC, GC contractor or subcontractors. Table 5 outlines the approval 

process of IP Plans for GC departments and the private sector, including subcontracts that will 

involve COMSEC material that is subject to IP controls. 

A.2.3 

Approving Authority 

CSEC is the approving authority for private sector IP Plans and GC IP Plans. 

A.2.4 

Changes to an In-Process Plan 

If changes to the planned development or production process are required, the IP plan must be 

amended in accordance with the instructions in this section. Changes to an IP plan must not be 

implemented before approval from the appropriate approval authority. 

Table 5 – Approval of IP Plans 

Private Sector IP Plan Approval Process 

Step 

Action 

The contractor must submit a draft IP Plan to CSEC ninety (90) calendar days 

1 

before the start date of the IP work. 

CSEC will review the draft IP Plan and provide comments, if any, to the 

2 

contractor. 

When the plan is acceptable to CSEC, the contractor must, if required by 

3 contractual agreement, submit the IP Plan formally to the GC client department’s 

contract coordinating office or Project Management Office, with a copy to CSEC. 

4 CSEC will issue formal approval to the GC client department and the contractor. 


COMSEC Material

UNCLASSIFIED 


Government IP Plan Approval Process 

Step 

1 

2 

3 

Action 

The GC department must submit a draft IP Plan to CSEC ninety (90) calendar 

days before the start of the IP work. 

CSEC will review the draft IP Plan and provide comments, if any, to the GC 

department. 

When the plan is acceptable to CSEC, the GC department must, if required by 

contractual agreement, submit the IP Plan formally to the GC client department’s 

contract coordinating office or Project Management Office, with a copy to CSEC. 

4 CSEC will issue formal approval to the GC department and the contractor. 

Sub-Contractor IP Plan Approval Process 

Step 

Action 

The primary contractor must ensure that the applicable requirements for IP Plan 

1 

(as set forth in this Annex) are specified in the contract with the subcontractor. 

2 The primary contractor must ensure that the subcontractor develops an IP Plan. 

The primary contractor will review the draft IP Plan and provide comments, if 

3 

any, to the subcontractor. 

The primary contractor must submit a draft IP Plan to CSEC on behalf of the 

4 

subcontractor ninety (90) calendar days before the start date of the IP work. 

CSEC will review the draft IP Plan and provide comments, if any, to the primary 

5 

contractor. 

When the plan is acceptable to CSEC, the primary contractor must, if required by 

contractual agreement, submit the IP Plan formally to the GC department’s 

6 

contract coordinating office or Project Management Office, with a copy to CSEC 

and the subcontractor. 

CSEC will issue formal approval to the GC department and the primary 

7 

contractor. 


COMSEC Material

UNCLASSIFIED 


A.3 Accounting for In-Process COMSEC Material 

A.3.1 

Automated In-Process Accounting System 

The COMSEC Custodian must use a CSEC-approved IP accounting system to account for IP 

COMSEC material. 

A.3.2 

In-Process Accounting Records 

IP accounting records must contain the following information for each item: 

the date that the item was introduced into the IP accounting system within the facility 

(including IP items being returned by a subcontractor or the government, or being 

returned for rework); 

 

 

a brief, unclassified description of the items to be controlled which may include one or a 

combination of the following – 

o NATO Stock Number 

o U.S. Federal Stock Number 

o CSEC or vendor part number 

o short title (if applicable) 

o sensitivity (classification or protected level, or CCI), or 

o ALC (if required); 

quantity (when accounting by quantity is approved) or serial number (if individual item 

accounting is required); and 

disposition – 

o incorporated into a higher assembly (identify the higher assembly), or otherwise made 

a part of, another item of IP COMSEC material; 

o transferred or issued within IP accounting procedures; 

o entered into the NCMCS as an individual accountable item; 

o destroyed or declassified; 

o re-entered into the IP for rework; or 

o any other disposition not covered above. 


COMSEC Material

UNCLASSIFIED 


A.3.3 

Reconciliation of In-Process Accounting Records 

The IP COMSEC Custodian and an appropriately cleared and COMSEC briefed witness must 

conduct a reconciliation of IP accounting records semi-annually and at final delivery of the 

COMSEC material. The reconciliation must determine that every item brought into the IP 

accounting system or produced within the IP process is accounted for by physically sighting the 

COMSEC material to ensure that it: 

is still in the IP process or has been integrated or destroyed; 

is in IP COMSEC material storage; 

has been transferred out as a delivery of completed COMSEC material; or 

has been transferred or issued to a contractor, subcontractor or the GC client department. 

Any item that cannot be accounted for must be immediately reported as a COMSEC incident in 

accordance with the directive in Chapter 16. 

A.3.4 

In-Process Accounting Reports 

A.3.4.1 

Transfer before Government of Canada Acceptance 

Before GC acceptance, the IP COMSEC Custodian must transfer IP material from one IP 

COMSEC Account to another IP COMSEC Account using an IP Transfer Report with an IP 

transaction number. The IP Transfer Report must state that the COMSEC material is IP 

COMSEC material and the reason for the transfer, such as “provided to support contract (insert 

number)”. The IP accounting records must be annotated to reflect the transfer quoting the IP 

transaction number of the IP Transfer Report. 

NOTE: CSEC will provide IP COMSEC Account information for the transfer of IP COMSEC 

material to the Private Sector. 

A.3.4.2 

Transfer following Government of Canada Acceptance 

Following GC acceptance and purchase, the IP COMSEC Custodian must transfer IP COMSEC 

material from the IP COMSEC Account to the GC COMSEC Account using an IP Transfer 

Report. The IP Transfer Report must be annotated in the remarks column with “NEW COMSEC 

MATERIAL”. When received, the COMSEC Custodian must sign the IP Transfer Report and 

immediately enter the COMSEC material into the NCMCS via a Possession Report in 

accordance with Chapter 6. 


COMSEC Material

UNCLASSIFIED 

A.3.4.3 


In-Process Transfer Report Receipt 

The IP Transfer Report must be signed and assigned an IP transaction number by the IP 

COMSEC Custodian. The IP accounting records must be annotated to reflect the receipt of this 

material. 

A.3.4.4 

In-Process Hand Receipt 

When IP COMSEC material is issued to an authorized user (i.e. Local Element) before GC 

acceptance, the IP COMSEC Custodian must issue the material on an IP Hand Receipt. The IP 

Hand Receipt must be assigned an IP transaction number and contain the information in Figure 

2. The loan period should not exceed 90 calendar days without renewal. The IP accounting 

records must be annotated to reflect the issue. The IP COMSEC material must be shipped 

directly to the Local Element. 

A.3.4.5 

Temporary Release to Government of Canada 

When the IP COMSEC material is temporarily released to the GC, a copy of the Hand Receipt 

must be provided to the COMSEC Account at which the Local Element is registered (or to the 

DSO if the GC department does not have a COMSEC Account). The IP material must not be 

entered into NCMCS. 

NOTE: The IP COMSEC Custodian must contact the COMSEC Custodian or the DSO to 

ensure the authorized user has the appropriate security clearance, has been COMSEC 

briefed and has the appropriate storage for the IP COMSEC material. 

A.3.4.6 

Temporary Release to Private Sector 

When the IP COMSEC material is temporarily released to the Private Sector, a copy of the Hand 

Receipt must be provided to CSEC. The IP material must not be entered into NCMCS. 

NOTE: The IP COMSEC Custodian must contact CSEC to ensure the authorized user has the 

appropriate security clearance, has been COMSEC briefed and has the appropriate 

storage for the IP COMSEC material. 

A.3.4.7 

Hand Receipt Renewal 

The IP COMSEC Custodian must review hand receipts on a regular basis to ensure IP COMSEC 

material is returned before its due date. If the Hand Receipt needs to be renewed, the IP 

COMSEC Custodian must prepare a new IP Hand Receipt with a new IP transaction number and 

a reference to the previous IP Hand Receipt transaction number. The IP Hand Receipt for the 

renewal must include the additional information provided in Figure 2. The Local Element must 

sign the new Hand Receipt each time it is renewed. 


COMSEC Material

UNCLASSIFIED 


A.3.4.8 

Return of In-Process COMSEC Material 

When the IP COMSEC material is to be returned, the IP COMSEC Custodian must prepare an IP 

Hand Receipt for the Local Element. The Local Element must include this Hand Receipt with the 

shipment. Upon receipt of the material, the IP COMSEC Custodian will sign the IP Hand 

Receipt and return a copy to the Local Element. The IP Hand Receipt must include the additional 

information provided in Figure 3. 

The above listed IP COMSEC material has not been accepted by the Government of Canada 

and is the property of: 

_____________________________________________. 

(Name) 

This IP COMSEC material is being issued (on a Hand Receipt) for 90 calendar days for: 

_____________________________________________. 

(Reason for Loan) 

Should the length of the loan exceed 90 calendar days, the recipient must sign a new IP Hand 

Receipt Report provided by: 

_____________________________________________. 

(Name) 

THIS IP COMSEC MATERIAL MUST NOT BE ENTERED INTO THE NCMCS. 

Figure 3 – IP Hand Receipt Required Information 

The above listed IP COMSEC material has not been accepted by the Government of Canada 

and is the property of: 

_____________________________________________. 

(Contractor Name) 

This IP COMSEC material is being returned to the originator. 

THIS IP COMSEC MATERIAL MUST NOT BE ENTERED INTO THE NCMCS. 

Figure 4 – Return of Issued IP COMSEC Material 


COMSEC Material

UNCLASSIFIED 


A.3.4.9 

In-Process Destruction Report 

The IP COMSEC Custodian must prepare an IP Destruction Report to report the destruction of 

COMSEC material and to record the removal of IP COMSEC material from the IP accounting 

system. The IP Destruction Report must be signed by the IP COMSEC Custodian and the 

witness who performed the destruction. The remarks column of the IP Destruction Report must 

be annotated with the authority for destruction (e.g. breakage, waste, scrap). Destruction must be 

carried out in accordance with the directive in Chapter 12. 

A.3.5 

Retention and Disposition of In-Process Records and Reports 

IP records, files and reports must be retained for a minimum of two years. 

A.3.6 

Audit of In-Process COMSEC Accounts 

IP COMSEC Accounts must be audited annually or more frequently if deemed necessary. An 

unscheduled audit of an IP COMSEC Account may be conducted if audit reports (or other 

sources) reveal a significant deviation from the IP Plan, resulting in a lack of control and/or 

accountability of IP COMSEC material. 

NOTE 1: CSEC will audit all GC departmental IP COMSEC Accounts. 

NOTE 2: CICA will audit all private sector IP COMSEC Accounts. 

A.4 Control of In-Process COMSEC Equipment 

A.4.1 

Integrated Circuits 

A.4.1.1 

Individual Items 

Individual classified or protected IP wafers, masks, reticules, masters, test samples, pattern 

generation tapes, etc., must be controlled on a continuous receipt system from one manufacturing 

process to another, and from one IP COMSEC Account to another. The accounting and control 

record must show the receipt or fabrication of each IP item, description and quantity of the 

COMSEC material and the disposition of the item and bear the signatures of the responsible 

individuals (e.g. production supervisor, loan holder) for each phase of fabrication. 

A.4.1.2 

Partial Items 

Less than a full wafer must be controlled as individual dies, in accordance with Article A.4.1.1, 

unless the wafer is reconstructed on an adhesive base. In that case, accountability resumes by 

wafer count, and the record must show the number of dies removed. An attempt should be made 

to determine the number of possible full dies in a wafer before dicing the wafer. 


COMSEC Material

UNCLASSIFIED 


If this cannot be accomplished, the number of full dies must be established immediately after 

dicing the wafer. Less than a full die must be considered classified or protected scrap and 

controlled accordingly. 

A.4.1.3 

Broken Items 

Any area in which the breakage of an IP wafer, mask, reticule or die has occurred must be 

immediately safeguarded. Every effort must be made to reconstruct the broken item onto an 

adhesive base. If any chip or portion thereof cannot be accounted for, a COMSEC Incident 

Report must be made in accordance with Chapter 16. If the missing portion or the entire wafer, 

mask, reticule or die has fragmented to such a degree that reconstruction is impossible, the 

COMSEC Custodian must: 

a. remove all particles from the breakage area by vacuuming; 

b. mark, once the area has been vacuumed, the vacuum bag containing the residue of the item 

with the wafer, mask or reticule number and its sensitivity (or, where applicable, with the 

identification of the chip or portion thereof belonging to the wafer, mask or reticule 

number); 

c. ensure the vacuum cleaner bag is initialled by two properly cleared individuals; and 

d. control the vacuum bag as classified and protected COMSEC material until its contents can 

be destroyed using a CSEC-approved destruction method or transported to the NDA at 

CSEC for destruction. 

A.4.2 

Controlled Cryptographic Items 

A.4.2.1 

Development 

The development, manufacture or assembly of IP CCI equipment may begin with either: 

 

 

A.4.2.2 

an IP design which goes through transition during development to become an IP CCI 

component or assembly, which the contractor further processes into IP CCI equipment; or 

CCI component or assembly that the contractor receives from an authorized source and 

further processes into IP CCI equipment. 

Protection of In-Process COMSEC Functions 

Microcircuit chips used in hardware or firmware embodiments must be protectively coated by a 

CSEC-approved process that will resist attempts to: 

recover IP design information by reverse engineering; 

defeat the security features; or 


COMSEC Material

UNCLASSIFIED 


 

otherwise recover information in memory (e.g. by external probing), unless, as verified 

by the CSEC Project Manager, one of the following applies – 

o the protective coating is incompatible with the microcircuit chip, such that the 

reduced effectiveness inherent with the use of the coating is unacceptable, or 

o other equally protective measures have been adopted in order to resist the abovementioned 

threats. 

NOTE 1: Unless it can be demonstrated that it is not technically feasible to do so, hardware 

embodiments of IP COMSEC functions must be in custom microcircuit form 

(i.e. embodiments that are composed of discrete components or standard 

microcircuits are not permitted). 

NOTE 2: Firmware embodiments of IP COMSEC functions must be in microcircuit form 

(custom or standard). They must employ an irreversible security feature that prevents 

both readout and modification, of the programmed information in the on-board 

memory from external, physically accessible pins. 

A.4.2.3 

Transition from In-Process Design Status to In-Process Controlled 

Cryptographic Items – Hardware Embodiments 

For hardware embodiments, the transition from IP design status to IP CCI occurs at the 

microcircuit photo-mask stage. Design automation by-products leading to, and including, the 

reticule for each layer of the microcircuit must be handled at the same classification or protected 

level as the engineering drawings from which they were derived. The photo-masks ultimately 

used as tooling in the actual production process, as well as the resulting semiconductor wafers 

and its subsequent forms (e.g. individual chips) leading to sealed devices, must be controlled as 

IP CCI material, in accordance with Article A.4.2.5. 

A.4.2.4 

Transition from In-Process Design Status to In-Process Controlled 

Cryptographic Items – Firmware Embodiments 

For firmware embodiments, the transition from IP design status to IP CCI occurs after the 

IP design information has been entered into the microcircuit memory, and the security feature 

described in Article A.4.2.2 has been set. Thereafter, the microcircuits must be controlled as 

IP CCI material, in accordance with Article A.4.2.6. Software source data for firmware 

embodiments of IP design information remain IP and must be safeguarded in accordance with 

this directive. 


COMSEC Material

UNCLASSIFIED 


A.4.2.5 

Control of In-Process Microcircuit Devices 

Following the transition from IP design status to IP CCI, the microcircuit devices must be 

controlled throughout the remainder of the manufacturing and assembly process as follows: 

Photo masks and wafers must – 

o be clearly marked “CONTROLLED CRYPTOGRAPHIC ITEM” or “CCI”; 

o bear a serial number and be accounted for by that serial number (until the photo 

masks are securely destroyed and the wafers are diced); and 

o be accounted for by quantity after a wafer is diced. 

 

 

 

When a microcircuit is completely fabricated, purchased, accepted and transferred to the 

government, accountability must be in accordance with NCMCS accounting procedures. 

When a microcircuit is completely fabricated, and purchased and shipped to another 

private sector organization for use in a manufacturing process, accountability must be in 

accordance with the IP accounting procedures. 

When the microcircuit is stored for future sale or stored for contractual obligations or 

moves to the next level of assembly, the microcircuit must be maintained in the 

contractor’s IP accounting system. 

A.4.2.6 

Control of Printed Wiring Assemblies 

The PWAs assume IP CCI status as soon as a CCI microcircuit is installed upon it. Following 

this transition, the PWA must be controlled throughout the remainder of the manufacturing and 

assembly process as follows: 

 

 

 

 

 

At the point of transition, accountability for the microcircuit ceases, and accountability for 

the PWA begins. 

NOTE: This disposition of the microcircuit, and the subsequent accountability for the 

PWA, must be reflected in the IP accounting records. 

Completely fabricated PWAs are accountable by quantity when they fit the definition of 

“CCI Component” and by serial number when they fit the definition of “CCI Assembly”. 

During further assembly, PWAs must be accounted for by quantity. 

When a PWA is completely fabricated, and purchased and transferred to the government, 

accountability must be in accordance with NCMCS accounting procedures. 

When a PWA is completely fabricated, purchased and shipped to another private sector 

organization for use in a manufacturing process, accountability must be in accordance 

with the IP accounting procedures. 


COMSEC Material

UNCLASSIFIED 


 

When the PWA is stored for future sale or stored for contractual obligations or moves to 

the next level of assembly, it must be maintained in the contractor’s IP accounting system. 

A.4.2.7 

Labelling Controlled Cryptographic Item Components, Assemblies and 

Equipment 

CCI components, assemblies and equipment must be labelled, “CONTROLLED 

CRYPTOGRAPHIC ITEM” or “CCI” depending on the labelling space available, in accordance 

with standard drawings available from CSEC and with the information provided in Table 6. 

Table 6 – Labelling CCI 

CCI 

CCI 

Components 

CCI 

Assemblies 

CCI 

Equipment 

Labelling and Control Requirements 

 

 

 

 

 

 

 

 

Each CCI component must be labelled “CCI” at the same time as other 

part-specific nomenclature is applied. 

Each CCI assembly must bear a government serial number for 

accounting purposes, in accordance with criteria which will be furnished 

by CSEC. 

Labelling may be applied at any stage of the assembly process before the 

end of the assembly process. 

CCI controls applicable to a CCI assembly need not take effect until a 

CCI component is installed. 

Each item of CCI equipment must be labelled “CONTROLLED 

CRYPTOGRAPHIC ITEM” in a conspicuous, external location. 

Each item of CCI equipment must also bear a government serial number 

for accounting purposes, in accordance with criteria furnished by CSEC. 

Labelling may be applied at any stage of the assembly process before the 

end of the assembly process. 

CCI controls applicable to such equipment need not take effect until a 

CCI component or CCI assembly is installed. 

A.4.3 

Breakage, Waste and Scrap In-Process COMSEC Material 

IP COMSEC material leaving the development, production, manufacturing or assembly process 

due to failure, breakage or normal waste (e.g. broken wafer, partial die, broken or faulty PWAs 

or microcircuit devices) must be controlled until its approved destruction can be performed. 

When authorized methods of destruction are not available, contact COMSEC Client Services, at 

CSEC for disposal guidance. 


COMSEC Material

UNCLASSIFIED 


A.4.4 

Loss of In-Process COMSEC Material 

An extensive search must be made for any lost IP COMSEC material. Loss of such material must 

be documented in the IP COMSEC Account records and immediately reported as a COMSEC 

incident in accordance with the direction in Chapter 16. 

A.5 COMSEC Equipment under Repair and Maintenance Contract 

A.5.1 

Transfer to/from the Contractor 

The COMSEC Custodian for the GC department must transfer COMSEC equipment requiring 

repair or maintenance to the contractors COMSEC Account. The COMSEC Custodian will issue 

the COMSEC equipment to the IP COMSEC Account and annotate the Hand Receipt with an IP 

transaction number. When the item is ready to be returned to the GC department, the process will 

be reversed. Transfers of COMSEC equipment destined for the contractor’s COMSEC Sub- 

Account must be through the CICA unless a direct transfer has been pre-approved by CSEC. 

A.5.2 

Accountability within the Repair and Maintenance In-Process Facility 

Special attention must be given to ensure that the IP accounting procedures record the removal, 

insertion, disposal, destruction (if authorized) and conversion (if required) of all COMSEC parts, 

components and assemblies used in the R&M process as well as the continuous accountability of 

the COMSEC equipment being serviced by the contractor or maintenance depot. 

A.5.3 

Sources of Spare COMSEC Parts, Components and Assemblies 

A.5.3.1 

In-House Sources 

If the R&M contractor is the same as the contractor who built the COMSEC equipment, the 

required COMSEC parts, components and assemblies require an in-house IP Transfer Report 

from the manufacturing IP accounting system to the R&M IP accounting system. 

A.5.3.2 

Government Sources 

The COMSEC Custodian must transfer the COMSEC parts, components and assemblies to the 

CSEC CICA who will, in turn, transfer the material as GFE to a Canadian industrial COMSEC 

Account in accordance with Article 7.4.1 of this directive. 

Transfer of GFE to or from allied contractors is handled on a case-by-case basis. Contact 

COMSEC Client Services at CSEC. 


COMSEC Material

UNCLASSIFIED 

A.5.3.3 


Another Contractor 

COMSEC parts, component and assemblies that originate from another contractor, whether by 

purchase or by contractual agreement, should be transferred from the manufacturer’s IP 

accounting system to the R&M contractor’s IP accounting system using an IP Transfer Report. 

A.5.4 

Non-Serviceable In-Process Parts, Components and Assemblies 

A.5.4.1 

Disposition 

Any COMSEC part, component or assembly removed from GC COMSEC equipment and 

replaced with IP COMSEC material (part, component or assembly) automatically becomes nonserviceable 

IP COMSEC material for disposal. Disposal of these items can consist of local 

destruction or transfer for destruction. The IP disposition records must show the disposition, and 

if required, replacement of non-serviceable COMSEC parts, components and assemblies. IP 

disposition must be detailed in the IP Plan. 

A.5.4.2 

Local Destruction 

When local destruction is authorized by CSEC, the IP COMSEC Custodian must prepare an 

IP Destruction Report for the local destruction of non-serviceable parts, components and 

assemblies. The destruction must be carried out in accordance with the direction in Chapter 12. 

A.5.4.3 

Transfer to Private Sector Destruction Facility 

If non-serviceable items are to be moved out of the R&M IP accounting system for disposal at a 

private sector destruction facility, the destruction facility requires an IP Plan. The IP COMSEC 

Custodian must transfer the items from the R&M contractor’s IP accounting system to the 

destruction facility’s IP accounting system using an IP Transfer Report. Disposition records must 

reflect this transfer. Upon destruction, the destruction facility must originate an IP Destruction 

Report and their IP disposition records must reflect the destruction. 

A.5.4.4 

Transfer to Government of Canada for Destruction 

If non-serviceable items are to be moved out of the R&M IP accounting system for disposal at a 

GC destruction facility, the IP COMSEC Custodian must transfer the items from the R&M 

contractor’s IP accounting system to CSEC using an IP Transfer Report. Disposition records 

must reflect this transfer. CSEC will prepare a Possession Report to enter the items into the 

NCMCS and initiate final transfer for disposal. 


COMSEC Material

UNCLASSIFIED 


A.5.5 

Non-repairable COMSEC Equipment 

Non-repairable COMSEC equipment under an R&M contract must be returned to the GC 

department for disposal. The R&M contractor may only dispose of a GC department’s COMSEC 

equipment by returning it to that GC department. The GC department is responsible for the 

disposition of their COMSEC equipment in accordance with the Canadian Cryptographic 

Doctrine for the Disposal of Accountable COMSEC Material (CCD-49). 

A.6 Accountable COMSEC Publications under Development 

A.6.1 

In-Process Manuscripts 

Manuscripts that will eventually become accountable COMSEC publications within the NCMCS 

must be categorized as “IP Manuscripts”. An IP manuscript is an item that in any form 

(e.g. computer printout, artwork, magnetic or optical media) provides information relative to 

COMSEC management, design, operability or repair and maintenance and is used as input to the 

development of an accountable COMSEC publication. 

A.6.2 

Working Papers 

Material drafted in support of IP manuscripts must be handled as “working papers” (including 

hand written or electronic notes) in accordance with the classification or protected level of the 

source information. Working papers held by a writer for a period of thirty (30) calendar days 

must, at that time, become accountable under the IP accounting system. Once entered into the IP 

accounting system, records must be maintained of its existence, location, quantity, and 

disposition. This process must continue until all portions of the manuscript are developed, and 

are entered into the IP system. When fully developed, the manuscript must remain in the IP 

accounting system until final disposition. 

A.6.3 Release of In-Process Manuscripts before Government of Canada 

Acceptance 

A.6.3.1 

Release of In-Process Manuscripts Portions 

When it is necessary to release portions of an IP manuscript outside of the organization 

responsible for its creation, the following rules apply: 

 

 

 

The IP accounting records must reflect the number of pages comprising the initial 

release; 

The number of pages must also be annotated on the IP manuscript’s cover; 

When the release is in a form other than physical copy, the label identifying the contents 

must also be annotated with the number of pages contained therein; and 


COMSEC Material

UNCLASSIFIED 


 

Whenever manuscripts are released in parts, the pages of all parts must be numbered 

consecutively (e.g. if 50 textual pages are released first, the second-portion of the release 

must be numbered beginning with page 51). 

A.6.3.2 

Draft of In-Process Manuscripts 

When it is necessary to release a completed draft of an IP manuscript outside of the organization 

responsible for its creation, the following rules apply: 

The IP accounting records must reflect the number of pages comprising the release. 

 

 

A.6.3.3 

The pages must be numbered consecutively and the number of pages must be annotated 

on the IP manuscript’s cover. 

When the release is in a form other than physical copy, the label identifying the contents 

must also be annotated with the number of pages contained therein. 

Marking In-Process Manuscripts for Release before Government of 

Canada Acceptance 

The cover page of an IP manuscript must be marked with a short title (CSEC is the authority for 

all short titles), edition (if applicable), copy number and classification or protected level. Each 

section, part, paragraph or similar portion of an IP manuscript must be marked to reflect the 

highest level of its classification or protected level. The IP manuscript must bear the marking 

“COMSEC MATERIAL” as illustrated in Figure 4. 

NOTE 1: If release to U.K. or U.S. contractors has been authorized by CSEC, the above 

marking must be modified to indicate “U.K./CANADIAN CITIZENS” or 

“U.S./CANADIAN CITIZENS”, as appropriate. 

NOTE 2: If release to a GC department has been authorized by the originator, the above 

marking must be modified to indicate the name of the GC department instead of 

contractor and MOU or LOA instead of contract number. 

A.6.3.4 

Printing In-Process Manuscripts before Government of Canada 

Acceptance 

If the IP Plan calls for the printing of copies of IP manuscripts within the IP developer’s facility, 

the IP COMSEC Custodian must ensure that all copies are accounted for within the IP COMSEC 

Account. If the IP Plan calls for the printing of copies of IP manuscripts outside the IP 

developer’s facility under a reproduction contract, refer to Section A.7 of this annex. 


COMSEC Material

UNCLASSIFIED 


A.6.4 

Government of Canada Acceptance of a Final Manuscript 

An IP manuscript must remain under IP accounting system controls until such time as it reaches 

a final state for acceptance by the GC. At that time, the manuscript will be brought into the 

NCMCS, as specified in Section A.3.4 of this annex. 

A.6.5 

Destruction of In-Process Manuscripts 

The IP COMSEC Custodian should destroy IP manuscripts and working papers as soon as a 

requirement for the material no longer exists. Once the IP manuscript has been delivered and 

accepted by the GC, the COMSEC Custodian must prepare an IP Destruction Report and destroy 

all copies of the manuscript and associated working papers. The destruction must be carried out 

in accordance with the directive in Chapter 12. 

IP COMSEC MATERIAL 

THE ENCLOSED COMSEC INFORMATION HAS BEEN RELEASED TO 

_____________________________________________. 

(Name of Contractor) 

BY THE GOVERNMENT OF CANADA FOR CONTRACT 

_____________________________________________. 

(Contract Number) 

ACCESS BY CONTRACTOR PERSONNEL MUST BE RESTRICTED TO CANADIAN 

CITIZENS (INCLUDING DUAL NATIONALITY) WITH A “NEED-TO-KNOW” WHO 

HOLD A VALID SECURITY CLEARANCE AND HAVE BEEN COMSEC BRIEFED. ANY 

OTHER DISCLOSURE OR RELEASE WITHOUT SPECIFIC CSEC APPROVAL, AS 

APPLICABLE, IS STRICTLY PROHIBITED. 

Figure 5 – IP COMSEC Material Label 


COMSEC Material

UNCLASSIFIED 


A.7 Accountable COMSEC Publications under Reproduction or 

Translation Contract 

A.7.1 

In-Process Manuscripts 

IP manuscripts provided to a contractor for reproduction or translation must originate from either 

the GC department or a private sector contractor who wrote the IP manuscript. The IP COMSEC 

Custodian must transfer the manuscript from the originator’s IP COMSEC Account to the 

contractor’s IP COMSEC Account using an IP Transfer Report. On completion of the translation 

or reproduction contract, the original IP manuscript and all physical and electronic copies must 

be transferred back to the originating IP COMSEC Account using an IP Transfer Report. All 

items going to the private sector must be through CICA unless pre-approval for direct transfer 

has been granted by the COMSEC Client Services at CSEC. 

A.7.2 

COMSEC Publications Controlled within the National COMSEC Material 

Control System 

When existing COMSEC publications controlled within the NCMCS are authorized for 

reproduction under a reproduction contract, the COMSEC Custodian will issue a copy to the 

contractor’s IP COMSEC Custodian in accordance with Section A.3.4 of this directive. The 

COMSEC Custodian must review and renew the hand receipt every ninety (90) calendar days 

until the COMSEC publication is returned. 

On completion of the translation or reproduction contract, the IP COMSEC Custodian must 

return the original copy and transfer the reproduced copies (electronic or physical) to the 

originating IP COMSEC Account using an IP Transfer Report. On receipt, the COMSEC 

Custodian must sign for the copies on the Transfer Report and prepare a Possession Report to 

enter the copies into the NCMCS. 

NOTE: Accountable COMSEC publications may only be reproduced upon specific written 

authorization from the originator. Instructions for reproduction of extracts will be 

contained in the publication’s handling instructions. 

A.7.3 

Destruction of In-Process Material Surplus to Contract Requirement 

Once the copies have been delivered and accepted by the GC, the IP COMSEC Custodian must 

prepare an IP Destruction Report and destroy all start up runs, additional electronic copies, 

partial electronic copies, over runs, misprints, misfeeds, etc. The destruction must be carried out 

in accordance with the direction in Chapter 12. 


COMSEC Material

UNCLASSIFIED 




COMSEC Material

ITSD-03

Create successful ePaper yourself

Delete template?

Save as template?