COMSEC

The Cyber Centre provides services and guidance on COMSEC products including:

  • Advice and guidance on cryptonet development and safeguards
  • Crytopgraphic key to protect the Government of Canada’s (GC) most sensitive information
  • Information on COMSEC products and authorization of their procurement
 
Products

The Cyber Centre authorizes the procurement of COMSEC products to safeguard Government of Canada classified electronic communications.

The following is a list of the major families of devices that are approved by the Cyber Centre:

  • Secure voice devices: includes wireline and wireless devices, which communicate over conventional telephone circuits, cellular or satellite-based networks.
  • Network encryptors: high-speed devices, which provide security services for Asynchronous Transfer Mode (ATM) and Internet Protocol (IP) networks by providing data confidentiality, integrity mechanisms, and authentication services.
  • Link encryptors: includes devices used to encrypt information at the data link layer during data transmission between two points within a network. Unlike network encryptors, link encryptors also provide traffic-flow security (i.e. the routing information is not transmitted in clear).
  • Secure remote access devices: refers to devices that allow users with laptops in remote locations to securely access centralized classified networks.
  • Hard disk encryptors: refers to hardware-based disk encryption devices.
  • Tier 3 management devices: refers to equipment that accepts, stores, and fills cryptographic key devices.

If you are qualified to hold COMSEC products or materials and would like more information, please contact your COMSEC Client Services representative or login to the COMSEC User Portal.

Federal departments

The Cyber Centre provides services and guidance to federal departments who require COMSEC solutions to protect their information.

Federal departments requiring COMSEC material must establish a COMSEC Account and appoint supporting COMSEC personnel following these requirements:

Federal departments requiring COMSEC material must submit a request as a letter from their Departmental Security Officer (DSO) to COMSEC Client Services to establish of a COMSEC Account.

The request must include information such as:

  • A justification for the requirement to hold COMSEC material;
  • Interoperability requirements;
  • Highest security classification of the COMSEC material; and
  • Statement that the minimum physical security standards are in place in accordance with Treasury Board Operational Security Standard on Physical Security.

Federal departments must also appoint appropriate COMSEC personnel to manage their departmental COMSEC program:

  • A Departmental COMSEC Authority (DCA) may be appointed by the DSO to act in his/her stead to develop, implement, maintain, coordinate and monitor the departmental COMSEC program;
  • A COMSEC custodian, who will be responsible for the generation, receipt, custody, distribution, disposition or destruction, and accounting of COMSEC material entrusted to their COMSEC account or sub-account.

If a federal department needs to provide COMSEC material to Other Levels of Government (OLG), either provincial or municipal, please contact COMSEC Client Services for more information.

Private industry

The Cyber Centre provides direction to Canadian private sector clients regarding how to handle of COMSEC material in support of a federal government contract. These must be sponsored by a Government of Canada department that has a current COMSEC account prior to acquiring cryptographic material.

The private sector client requires a federal sponsor who is responsible for initiating coordination with the Cyber Centre. The sponsor is also responsible for seeking approval from COMSEC Client Services prior to providing any accountable cryptographic equipment to a Canadian private sector client. Such equipment is managed through the CSE Industrial COMSEC account (CICA).

For more detailed information, please refer to the Cyber Centre's Directive for the Control of COMSEC Material in the Canadian Private Sector (ITSD-06A), COMSEC Client Services, or CICA.

COMSEC incidents

A COMSEC incident is a situation or activity that jeopardizes the confidentiality, integrity or availability of COMSEC information, material or services.

The National COMSEC Incident Office (NCIO) is responsible for providing final assessment and closure to all COMSEC incidents. Such incidents, suspected or confirmed, must be reported within 24 hours through your COMSEC Custodian to the Departmental COMSEC Authority (DCA) and to the Departmental Security Officer (DSO). The DCA must then report it to the National COMSEC Incidents Office (NCIO).

For more detailed information, please refer to the Directive for Reporting and Evaluating COMSEC Incidents Involving Accountable COMSEC Material (ITSD-05).

 

Date modified: