b. The second group is COMSEC equipment. This refers to COMSEC hardware. It includes equipment
end items, components, and repairs parts. The NSA determines the classification of all COMSEC equipment.
COMSEC terms. To identify COMSEC material, you must know its related terms.
a. Key refers to a sequence of randomly-generated binary bits. They are used to encrypt and decrypt
electronic signals. A keys classification equals the highest classification of the data being encrypted. Classified
keys are not downgraded or declassified without written approval from the controlling authority. The four major
key types are:
(1) Traffic encryption key. This encrypts and decrypts plain text and encrypted data.
(2) Key encryption key. This encrypts and decrypts other keys for transmission or storage.
(3) Transmission security key. This controls transmission security processes.
(4) Key production key. This is used to initialize a key generator for producing other electronically
b. CRYPTO identifies COMSEC keying that protects or authenticates communications. Written items
are marked CRYPTO only if they contain crypto key information. The term CRYPTO is always capitalized. It
identifies keying material handled under the special access, storage, distribution, accounting, and destruction
requirements of the CMCS. Most hard copy key produced by the NSA is marked CRYPTO. It is used on both
classified and unclassified key. It is not used on equipment, manuals, or other COMSEC material.
c. Controlled cryptographic items (CCI) are secure telecommunications or information handling
equipment. They also include associated crypto components and common fill devices. CCI are unclassified when
unkeyed, but they are still controlled. Equipment, components, and fill devices so designated bear the designator
controlled cryptographic item or CCI.
d. A COMSEC incident is an occurrence that could jeopardize COMSEC material or secure COMSEC.
Examples are lost COMSEC material and unauthorized persons who gain access to classified COMSEC material.
e. A COMSEC insecurity is any investigated or evaluated incident which has been determined to
jeopardize the security integrity of COMSEC material or the secure transmission of government data.
(1) A physical incident is the loss, theft, loss of control, capture, recovery by salvage, tampering, or
unauthorized viewing, access, or photography of classified