The evolution of technology, as well the publication of EMI/EMC regulations which are of appliance in the information and communications systems, has enabled the Body of Certification to acquire equipment that has led to a reduction of the signs radiation level –although it wasn't designed in order to comply with the TEMPEST regulation.
That's why nowadays organizations tend to an optimized usage of the available resources in order to keep an appropriate level of TEMPEST security. Therefore, the TEMPEST requirements are determined by not only the equipment or system but also by the characteristics of the surrounding area and the complexity of the processed signs.
The evaluating procedures vary depending on the objectives. You will find a list of the different sorts of evaluation and the serviced provided by the CCN TEMPEST group.
- ZONING Evaluation
The ZONING evaluations have the objective to optimise the available resources in order to protect the information systems regarding the emanations security.
As in other NATO member countries, the CCN applies the ZONING Model for the identification of facilities and equipment that process classified information. This norm relates to premises attenuation evaluation and equipment classification depending on their levels of electromagnetic radiation, allow users to dispose of the necessary tools to carry out the correct installation of the environment without reducing security.
The CCN is the authorized certification body. During the past years, this activity has been widely increased thanks to the collaboration the CCN receives from accredited laboratories. These laboratories, which belong to the Ministry of Defence, are: the Laboratory of Engineers of the Army, which depends on the Ministry of Defence's General Infrastructure Department and the Air Force Transmission Group. Both laboratories have evaluated and issued certifications for about 200 premises, and the CCN itself evaluated some other ones to be added to this amount.
- Shielded Enclosures
Sometimes, the ZONING evaluation for a premise and equipment reveals that they don't meet the minimum requirements to be installed. In those cases, some alternative options could be applied, such as the protection of a complete system through shielded cabinets the acquisition of certified TEMPEST equipment or the integral protection of a room.
The CCN has the capacity to evaluate the shielding possibilities for both rooms (integral shielding) and systems (shielded cabinets), despite the fact that there exist several international procedures to perform this measures, which implies that such task can be carried out by companies that have the appropriate technical skills. The standard CCN-STIC-153 « Evaluation and Classification of Shielded Cabinet », establishes the process of evaluation for this type of shielding methods, due to the small size of such shielded rooms.
The standard CCN-STIC-153 «Evaluation and Classification of Shielded Cabinet », establishes the process of evaluation for this type of shielding methods and the process to be followed to obtain usage recommendations by the CCN. During past years, the CCN has performed evaluations of shielded cabinets for companies such as Pemac, S.L. and Equinsa Networking, which were added to the catalogue of already evaluated products of these companies and of Sme, S.A. Besides, shielding performance measurements have been implemented for private companies and the CCN advises these companies.
- TEMPEST Evaluation
In certain cases, equipment must comply not only with the levels of radiation established by the ZONING regulation, but they must also meet special requirements that are feasible after the complete TEMPEST certification is performed. This is also the case for equipment that must be installed in platforms such as aircrafts, ships or tactical vehicles. Several organizations and companies have shown interest in the acquisition or development of such equipment.
- TEMPEST Inspections
Guaranteeing the TEMPEST security not only implies the equipment and systems evaluation, but also how they should be installed in order to avoid any lack of security. For that reason, support guidelines have been developed in order to correctly install the equipment in a room. The main guideline is CCN-STIC-154 TEMPEST Protection Measures of Installations – it is based on NATO and EU guidelines but it has been modified so that it can comply with the needs of national systems. Likewise, during the systems accreditation process, organizations have to send the information concerning installations of interest in order to decide if further measures need to be taken. With this aim, people responsible for ICT security of installations can find the questionnaire in the forms section.