Afi 17 130

The National Manager for National Security Telecommunications and Information Systems Security

The Secretary of Defense who is the Executive Agent of the Government for the Committee of National Security Systems (CNSS)

Develops, implements, and oversees all Cybersecurity disciplines to include COMSEC

The lead command for Cybersecurity and AF cryptographic Modernization (CM) efforts

The Service Authority for COMSEC Policy Subject Matter Expertise, COMSEC Audit, and Tier 2 waiver authority

- Compliance by providing field support - Working closely with the COMSEC Audit team - Reviewing all T-0, T-1, and T-2 waivers, exceptions, or deviations from policy

Requirements Lead for CM, Space COMSEC, and Air and Ground COMSEC

The requirements for the development, integration, and fielding of all CM efforts for the Air Force and some DoD offices (e.g. Remote-Rekey, VINSON Advanced Narrowband Digital Voice Terminal Cryptographic Modernization)

New capabilities, cryptographic equipment, modifications, or certification support prior to submission to SAF/CN for final approval by NSA

Type-1 cryptographic algorithm waivers prior to submission to NSA

COMSEC requirements for US Civil and COmmerical Space Systems

- Policy and compliance Subject Matter Expertise (SME) to COMSEC field units - SME support to Air Staff and other audit/assessment activities (e.g. Air Force Audit Agency) regarding COMSEC programs and procedures -Semiannual reports to the AF Chief Information Security Officer (CISO) detailing COMSEC incidents, audit results, and trends

COMSEC responsibilities for supported MAJCOMs except those functions performed by other activities as cited by Chapter 2 of this AFMAN

Cryptologic systems

- The Air Force COMSEC Incident Program and serves as the Air Force COMSEC incident monitoring activity for all units and agencies that safeguard and handle Air Force COMSEC material, in accordance with CNSSI 4003 - The CAP in accordance with CNSSP 3 and DoDI 5205.08

COMSEC audits on all AF COMSEC accounts, including non-MAJCOM owned accounts (e.g. Defense Logistics Agency, Defense Contract Management Agency, Joint Personnel Recovery Agency, Pentagon, Combatant Commands, contractor) in accordance with CNSSI 4005 and AFMAN 17-1302-O Chapter 17 and Attachment 13, COMSEC Detailed Checklist

Point of contact (POC) information for base COMSEC functions

- The KOAM organizational email list - The COMSEC Management System (CMS)

The scheduling of COMSEC audits with the MAJCOM Inspector General gatekeeper in accordance with AFI 90-201, The Air Force Inspection System, to avoid or minimize scheduling conflicts

2.6.1 Be a US Citizen 2.6.2 Possess a clearance appropriate to the material being audited 2.6.3 Be an officer, warrant officer, or noncommissioned officer E-6 or higher or a civilian General Schedule (GS)-7 or higher 2.6.4 Be Formally trained on the duties of the COMSEC Manager for both manual and automated accounts 2.6.5 Have a minimum of 3 years COMSEC operations experience 2.6.6 Be enrolled in CAP if accessing Secret or Top Secret cryptographic keying material

Technical and and program management (PM) support to Cybersecurity Lead Command programs, projects, and initiatives (e.g. KMI, PKI, Cryptographic Modernization 2), according to AF Cybersecurity specialized publications. Refer to AFI 17-130, Cybersecurity Program Management, for a complete list of Roles and Responsibilities

COMSEC material life cycle management to include acquisition, item management, technical service, stock, storage, distribution, and final disposition.

Air Force central COMSEC acquisition authority

approved cryptographic and keying devices in accordance with DoDI 8523.01

All AF cryptographic and keying device development and procurement occurring outside the Information Security Systems Program Element

cryptographic key distribution and management of all CCI assets held in the Air Force

Central CCI Authority providing oversight for management of all CCI assets held in the Air Force

The control requirements set forth by DIRNSA

2.7.4.1 Controlling management and distribution of cryptographic hardware 2.7.4.2 Approving COMSEC account establishment with concurrence of HQ CCC 2.7.4.3 Approving authority for certification approval authorities 2.7.4.4 Implementing COMSEC Material Control System/Key Management Infrastructure policy and procedures 2.7.4.5 Direct operational support 2.7.4.6 Registration authority for KMI 2.7.4.7 Air Force Modern Key Command Authority 2.7.4.8 Air Force Central Office of Record (COR) for COMSEC material

Reconciliation of COR inventory with the KOAM every 6 months Note: If the semiannual COR inventory cannot be reconciled within the required timeframe (no more than 90 days with approved waiver), the COMSEC account will be placed in "SUSPENSION" status by the COR

Notification to squadron commander of the COMSEC account and HQ CCC

- Less than the required number of trained KOAMs assigned - Failure to reconcile semiannual COR inventory - Recommendation from HQ CCC

- Program Management Offices (PMOs)/Program Executive Offices (PEOs) perform configuration management functions for systems using COMSEC equipment - Advanced development programs are reviewed for compatibility with COMSEC equipment and systems

Terrestrial telemetry waiver requests and uploads the waiver into CMS

CNSSI 4003 and CNSSI 4006

The establishment and operation of the cryptonet and manage the operational use of traditional keying material assigned to the cryptonet

- AFI 10-401, Air Force Operations Planning and Execution - AFI 10-402, Mobilization Planning - AFI 10-403, Deployment Planning and Execution - AFI 10-404, Base Support and Expeditionary Site Planning - AFI 10-601, Operational Capability Requirements Development

Overall COMSEC posture on the installation in regards to organizations that are supported by the host Wing COMSEC account

The COMSEC posture of their organization

Wing/base main COMSEC account Note: Tactical units such as Combat Communication Squadrons, Air Control Squadrons, etc. Also have main COMSEC accounts

The best-qualified KOAM and a sufficient number of alternate KOAMs to the COMSEC account. The wing commander may delegate appointment authority to the unit commander of the supporting COMSEC account

Situational awareness of all COMSEC-related incidents indicative of criminal activities. This includes criminal activities, espionage, or terrorism. Ensure the reporting of such incidents is provided to all appropriate agencies. Wing/Installation Commanders may designate the Communications Group/Squadron Commanders (or civilian equivalents) as the notifying official for this responsibility