Canadian Industrial TEMPEST Program Manual - ITSG-05

Published Date: August 2002

Table of Contents

Foreword

This document presents general information pertaining to the Canadian Industrial TEMPEST Program (CITP). It explains the development processes in sufficient detail to enable a potential CITP vendor to prepare and submit a proposal for consideration by the Communications Security Establishment (CSE). This document should also be useful to Government of Canada (GC) project managers, design authorities and contracting authorities planning the acquisition of TEMPEST-related telecommunications equipment and systems.

The primary objectives of the CITP are: to foster a Canadian industrial capability to produce TEMPEST products and services in order to meet government needs; and to prepare Canadian industry for participation in capital expenditure programs on a continuing basis.

Changes and refinements are sometimes necessary in order to increase a program's effectiveness. Such has been the case in restructuring the CITP into separate endorsement programs that are product- and service-oriented, while at the same time dropping the membership concept from the Program. This restructuring also addresses unique Canadian requirements, while conforming to a similar United States (U.S.) industrial TEMPEST program restructuring.

The CITP restructuring incorporates four programs . They are:

  • the Endorsed TEMPEST Products Program;
  • the Endorsed TEMPEST Support Services Program (the unique Canadian Program);
  • the Endorsed TEMPEST Test Services Program; and
  • the Endorsed TEMPEST Test Instrumentation Program.

Please forward comments on any aspect of the CITP or its component programs to:

Communications Security Establishment
Attention: CITP Manager
P.O. Box 9703
Terminal
Ottawa, Ontario, K1G 3Z4

© 2000 Government of Canada, Communications Security Establishment
P.O. Box 9703, Terminal, Ottawa, Ontario, Canada, K1G 3Z4

This publication may be reproduced verbatim, in its entirety, without change, for educational and personal purposes only. However, written permission from CSE is required for use of the material in edited or excerpted form, or for any commercial purpose.

List of Annexes

Annex A
CITP Business Oriented and Product Assurance Survey
Annex B
Foreign Ownership, Control or Influence (FOCI) Evaluation Submission Package
Annex C
CITP Marketing Guidance for Participating Companies
Annex D
Memorandum of Understanding - Concerning Transfer of Classified TEMPEST Information
Annex E
Memorandum of Agreement - Concerning a TEMPEST Product
Annex F
Memorandum of Agreement - Concerning Provision of Endorsed TEMPEST Support Services
Annex G
Memorandum of Agreement - Concerning Provision of Endorsed TEMPEST Test Services
Annex H
Memorandum of Agreement - Concerning a TEMPEST Test Instrumentation Product
Annex I
Memorandum of Agreement - Concerning a TEMPEST Test Instrumentation Product
Annex J
CSE Technical and Security Requirements Document (TSRD 88-9A) for the Endorsed TEMPEST Products Program
Annex K
CSE Technical and Security Requirements Document (TSRD 88-X) for the Endorsed TEMPEST Test Instrumentation Program
Annex L
Agreement Data Requirements List (ADRL) for the Endorsed TEMPEST Test Instrumentation Program

List of Acronyms

ADRL
Agreement Data Requirements List
CITP
Canadian Industrial TEMPEST Program
COMSEC
Communications Security
CSE
Communications Security Establishment
ETPL
Endorsed TEMPEST Products List
ETPP
Endorsed TEMPEST Products Program
ETSSP
Endorsed TEMPEST Support Services Program
ETTIL
Endorsed TEMPEST Test Instrumentation List
ETTIP
Endorsed TEMPEST Test Instrumentation Program
ETTSP
Endorsed TEMPEST Test Services Program
FOCI
Foreign Ownership, Control or Influence
FOD
Foreign Ownership or Dominance
GC
Government of Canada
MOU
Memorandum of Understanding
MOA
North Atlantic Treaty Organization
NATO
North Atlantic Treaty Organization
NRPL
NATO Recommended Products List
NSA
National Security Agency
OEM
Original Equipment Manufacturer
PETPL
Potential Endorsed TEMPEST Products List
PMP
Product Management Plan
PWGSC
Public Works and Government Services Canada
SMP
Service Management Plan
TSRD
Technical and Security Requirements Document
U.K.
United Kingdom
U.S.
United States

1 Canadian TEMPEST Endorsement Programs

1.1 General

1.1.1 Background

The Canadian Industrial TEMPEST Program (CITP) was begun in 1979, to: encourage the availability of Canadian-produced TEMPEST equipment that would meet the needs of the Government of Canada (GC); protect and control TEMPEST information; and place Canadian suppliers of TEMPEST products in competitive positions for offshore contracts. In order to achieve these aims, the CITP was initiated as the vehicle by which a Canadian firm, under a no-cost Agreement-Under-Seal, and with security prerequisites in place, could obtain classified TEMPEST documentation and information outside of a contract requiring the delivery of goods and services.

In order to increase its effectiveness, the CITP has been structured as four Canadian TEMPEST endorsement programs. This document describes the development processes, procedures and requirements necessary for companies to operate within these newly restructured programs.

1.1.2 Introduction

The CITP endorsement programs addresses unique Canadian requirements, and conforms to similar U.S. industrial TEMPEST program changes. It also makes the CITP product-oriented in nature, while dropping its previously existing membership concept.

The four programs introduced are:

  1. the Endorsed TEMPEST Products Program;
  2. the Endorsed TEMPEST Support Services Program (the unique Canadian program);
  3. the Endorsed TEMPEST Test Services Program; and
  4. the Endorsed TEMPEST Test Instrumentation Program.

1.1.3 Objectives

The purposes of the CITP are: to foster a Canadian industrial capability for producing off-the-shelf TEMPEST products and services in order to meet GC needs; and to prepare Canadian industry for participation in capital expenditure programs.

1.1.4 Scope

Chapter 1 of this manual provides general information pertaining to the four TEMPEST endorsement programs, and discusses the CITP's development processes (including: eligibility criteria; initial contact; program decision; memorandum of understanding (MOU); memorandum of agreement (MOA); program execution; endorsement; production and in-service support; and termination). It also provides details pertaining to program administration, security prerequisites, and the rationale for the unique Canadian Endorsed Support Services Program.

Chapters 2 to 5 describe the procedures, requirements and specifications that apply to each program.

Annexes A to M provide: a two-part CITP program survey questionnaire; communications security (COMSEC) access certification material; marketing guidance for participating companies; sample MOUs and MOAs pertaining to each program; technical and security requirements documents (TSRDs); agreement data requirements lists (ADRLs); and guidelines for the standardization of Endorsed TEMPEST Products List (ETPL) product descriptions.

The reader is invited to peruse this manual's table of contents for an overview, and to gain an appreciation of the scope of coverage.

This manual is forwarded in response to a Company's request for information pertaining to the CITP. The next phase involves the Company submitting a proposal either to manufacture a Canadian TEMPEST product, or to offer a TEMPEST service (such as a TEMPEST support service, or a TEMPEST test service).

1.1.5 Eligibility Criteria

Any potential vendor that wishes to participate in the CITP must meet certain criteria. Evaluation of the Company and its proposed product(s) and/or service(s) commences with initial contact, and continues until the end of the decision phase (see article 1.2 of this chapter, CITP Development Process). Initial and continued eligibility to participate in a program to develop, produce and sell a TEMPEST-related product or service is conditional upon the Company meeting minimum requirements. Eligibility criteria and requirements common to all four programs include the following:

  1. The Company must pass a joint Communications Security Establishment (CSE)/Public Works and Government Services Canada (PWGSC) business oriented and product assurance review (see Annex A), and must have COMSEC access approval (see Annex B). These criteria ensure that the Company:
    1. is financially viable;
    2. has an acceptable business plan;
    3. has a credible product or service proposal; and
    4. is not under disqualifying foreign ownership, control or influence (FOCI);

    Note 1:

    The term "foreign ownership, control or influence (FOCI)"means the same as the term" foreign ownership or dominance (FOD)", and the two terms may be used interchangeably. For the purposes of this document, FOCI is used throughout, except where another document that has already employed FOD is quoted or enclosed as an annex.

    Note 2:

    FOCI considerations do not apply to the Endorsed TEMPEST Support Services Program. Consequently, that program is exempt from the certification requirements in Annex B.

  2. The Company must already have, or must establish, security prerequisites through PWGSC. These prerequisites include a security-cleared facility and personnel qualified to handle and safeguard the classified TEMPEST design and standards documentation, as well as the classified COMSEC information, necessary to develop a TEMPEST product, or to provide a TEMPEST service; and
  3. The Company must continually abide by the terms and conditions of any signed MOUs and MOAs, including any supporting attachments.

Company eligibility criteria, and the requirements applicable to individual programs, include the following:

  1. Pertaining to the Endorsed TEMPEST Products Program:
    1. The proposed product must provide direct and obvious benefit to the cause of improving the communications security of Canada, the United States (U.S.), other North Atlantic Treaty Organization (NATO) countries, Australia, and/or New Zealand;
    2. The Company must already have, or must establish, the ability to produce a TEMPEST product of reasonable quality, at the production rate necessary to cover the target market identified in the proposal; and
    3. The Company must already have, or must establish, the ability to achieve and maintain configuration control over the TEMPEST product during its production;
  2. Pertaining to the Endorsed TEMPEST Test Services Program:
    1. The Company, if providing a TEMPEST test-house service, must achieve certification by CSE; and
  3. Pertaining to the Endorsed TEMPEST Support Services Program:
    1. The Company must include any requirements regarding installation, interface and integration; and
    2. The Company must already have, or must arrange to obtain, adequate training from the original equipment manufacturer (OEM) to maintain the TEMPEST-critical features of each serviced product throughout its life cycle.

1.1.6 Meetings And International Symposia

In order to facilitate communications between CITP companies and the GC, CSE sponsors meetings and symposia. All participating companies: that have products listed on the U.S. ETPL and/or the NATO Recommended Products List (NRPL).; or that have TEMPEST product or service proposals under MOUs and/or MOAs, will be invited to these meetings, and to the Canadian symposium. (Note: U.S. and United Kingdom (U.K.) symposia are not open to Canadian industrial participation, and vice versa.) TEMPEST criteria in all countries is under review and until definitive measures are discussed amongst nations symposia are on hold.

1.2 CITP Development Process

1.2.1 General

There are several sequential events in the CITP process. All seven of the sequential steps shown below are applicable to the Endorsed TEMPEST Products Program. The other programs utilize various steps in their process.

The sequential events in CITP development are:

  1. initial contact;
  2. program decision;
  3. Memorandum of Understanding;
  4. Memorandum of Agreement;
  5. program execution;

    Note: The following steps apply to the Endorsed TEMPEST Products Program only.

  6. endorsement
  7. production and in-service support.

1.2.2 Initial Contact

1.2.2.1 General

Once a potential vendor has established contact with CSE, obtained a copy of the CITP manual and met the selection criteria (see article 1.1.5, Eligibility Criteria, in the preceding section of this chapter), the next step in the process is the Company's preparation of a CITP proposal package. This package shall consist of:

  1. a written product or service proposal;
  2. a completed company profile,
  3. a completed quality assurance survey (see the Business Oriented and Product Assurance Survey, contained in Annex A, for both items); and
  4. a completed COMSEC access certification package (see Annex B).
1.2.2.2 Written Product or Service Proposal

The decision as to whether or not CSE will enter into a relationship with the potential vendor under one of its four CITP programs will be based on the information contained in the product or service proposal, as measured against TEMPEST and other COMSEC needs and priorities.

A separate product or service proposal is required for each potential TEMPEST product or service submitted for consideration.

Although detailed information about a proposed product or service might not be available at this stage, the following points should be covered in as much detail as possible.

  1. A written TEMPEST product proposal requires the following information:
    1. Describe the proposed product, and how TEMPEST capability will be integrated into it. If the product is to be used in a larger system, provide details on how the product would be integrated into that system. If TEMPEST is being added to an existing product, include product brochures and specifications that describe the existing product;
    2. Identify the intended market for the proposed product (include a specific customer base, or firmly established customer requirements, if possible). Describe what portion of this market you intend to address, and explain how specific market projections were derived. In cases where the product to be developed is a retrofit to existing equipment, include the potential sales volume for existing equipment that is already fielded. Include a target market price, and why this product should be marketable at the stated price;
    3. State the production rate expected to be achieved in order to cover the above-identified market segment;
    4. Describe any other applications for the proposed TEMPEST equipment or system;
    5. Provide a target development schedule;
    6. Identify known or projected GC requirements that the product will satisfy. Identify the differences (including the advantages) of the proposed product relative to similar products currently available;
    7. Describe how the equipment will be interoperable with any other communications equipment (with or without the proposed equipment's COMSEC features enabled). Describe the intended interoperability, if any, with other COMSEC equipment;
    8. Identify the type(s) of communications media the proposed product will secure (data, voice, video, fax, etc.), and describe the environment in which the product will be used (office, secure facility, combat, etc.);
    9. Describe any security features (anti-tampering features, etc.) considered for development and incorporation into the proposed product;
    10. Describe any plans to employ subcontractors at any time during the product's life cycle. Identify those subcontractors, and describe their involvement in the program's plan; and

      Note:

      A company profile for one or more subcontractors might be requested, based on the type and degree of the subcontractors' involvement with the proposed product.

    11. Additional details on a written TEMPEST product proposal are included in Chapter 2
  2. For a written TEMPEST service proposal, describe the proposed service to be offered under either of the two services programs (the Endorsed TEMPEST Test Services Program, or the Endorsed TEMPEST Support Services Program).
1.2.2.3 Company Profile

A potential vendor must satisfy certain security and suitability criteria, prior to establishing a CITP relationship. The Company is encouraged to submit as much detailed documentation as necessary to establish its identity, capability, and suitability for the CITP. The submission shall include the following information (see: Annex A, Part 1, Business Survey; and Annex B, COMSEC access questionnaires):

  1. Provide the Company name and address;
  2. Provide: a principal point of contact; a technical point of contact (that is, a Company-appointed TEMPEST authority); and alternates. For each, include:
    1. name and title
    2. business address
    3. business telephone
    4. citizenship
    5. security clearance (if applicable)
    6. social insurance number
    7. date/place of birth;
  3. Describe the product(s) or service(s) offered (this could be supplemented with a Company capabilities brochure);
  4. Provide the latest annual report, or a certified financial report;
  5. Provide the number of Company personnel who will develop and produce the proposed CITP product;
  6. Describe the expertise of the key Company personnel who will be involved in the proposed product development, with emphasis on their previous TEMPEST experience;
  7. Provide the security status of the Company's facilities that will be involved with the proposed product. Include the clearance level of each facility under the Industrial Security Program (if applicable), and the total number of each level of security clearance held by personnel at the facility;
  8. Describe the manufacturing capability of the production facility in terms of product type(s), product capabilities, certifications, etc.;
  9. Describe any previous Company experience in producing TEMPEST or other government COMSEC equipment; and
  10. Complete the COMSEC access questionnaire (see Annex B) in full.
1.2.2.4 Product Assurance Survey

CSE must establish the existence of those capabilities and qualifications within a Company that should be present for the successful development and production of a COMSEC product or service. Such a survey (with instructions and CSE objectives for product assurance standards) is included in Annex A. This survey is designed to provide preliminary information prior to a visit by a CSE survey team to the Company's facility. Areas of primary interest include: experience; manufacturing capability; product integrity; configuration control; and product support.

1.2.2.5 Submission of Proposal

Three copies of the completed CITP proposal package (including a written product or service proposal, the survey questionnaires provided in Annex A and the COMSEC access questionnaire provided in Annex B) must be forwarded to the above address. (The proposal package forms that are contained in Annexes A and B may be reproduced in sufficient quantities to satisfy the submission requirements.)

Questions regarding the CITP can be answered by writing to the address below, or by calling the office of:

Communications Security Establishment
PO Box 9703
Terminal
Ottawa, Ontario
K1G 3Z4
Attention - CITP Manager

1.2.3 Program Decision

Upon receipt of the Company's CITP proposal package, CSE will send the Company written notification that the package has been received, and is under consideration. CSE and PWGSC will review the proposal, visit the Company facilities, and determine the value of, and the need for, the proposed product or service. CSE and PWGSC will also assess the security and the suitability of the Company. Then, consideration will be given to the priority of commencing development, as it relates to the availability of adequate CSE resources to support the program. When a decision is reached, CSE will notify the Company in writing whether the proposal has been accepted or rejected. If accepted, CSE will request that the security prerequisites (that is, the personnel and facility security clearances) be put into place on a continuing basis by PWGSC (if not already in place for the Company as a GOC contractor). When these prerequisites have been met, a CSE Product Manager (PM) will be assigned, and an MOU (see below) that allows the transfer of classified TEMPEST information will be executed between the Company and the GC.

1.2.4 Memorandum of Understanding

The purpose and function of an MOU (see Annex D) is to establish a legal relationship between the GC and a potential CITP vendor (Company). The provisions of an MOU are outlined below:

  1. CSE agrees to:
    1. provide necessary and relevant TEMPEST (COMSEC) documentation and information to the Company; and
    2. protect any proprietary Company information provided under the agreement;
  2. The Company agrees to:
    1. protect the TEMPEST (COMSEC) information in accordance with GC regulations, and to restrict further dissemination of the information unless authorized to do so by the CITP marketing guidance as outlined in Annex C;
    2. provide CSE with the information necessary to assess the Company's TEMPEST product or service design efforts; and
    3. follow the intent and requirements of the CITP procedures leading to a product or service endorsement; and
  3. Both parties agree to review the continuation, as well as the terms, of the MOU every two years.

1.2.5 Memorandum of Agreement

On completion of all of the activities required under the MOU, an MOA (see Annexes E to H) will be signed. An MOA:

  1. defines the product or service that the Company proposes to develop and/or provide, and identifies the target market;
  2. defines the specific terms of the endorsement to be afforded by CSE, once the evaluation of the product or service determines that it is in compliance with the TSRD (see Annexes I to K);
  3. provides a best-estimate schedule, so that CSE and the Company can perform various planning functions (evaluation, marketing, product line planning, etc.);
  4. commits the Company to offer certain follow-on product support services;
  5. commits CSE to provide the necessary technical guidance, and to assess the product upon completion of its development;
  6. establishes the ground rules for follow-on sampling, testing and security evaluation by CSE (or, at Company expense, by a CSE-certified TEMPEST test house); and
  7. establishes various rights and obligations on the part of both CSE and the Company, as are necessary and mutually agreeable.

The TSRD and the ADRL (see Annexes I to L for examples) are two documents, developed by CSE, that become attachments to the applicable MOA.

The TSRD addresses all of the functional security requirements and specifications applicable to the particular CITP product under development or service being offered. It includes such items as:

  1. the security requirements to be met;
  2. the TEMPEST requirements to be met; and
  3. the configuration control requirements to be met.

The ADRL identifies the specific data items to be delivered by the Company as part of the product evaluation and endorsement processes of the Endorsed TEMPEST Product Program, and the Endorsed TEMPEST Test Instrumentation Program. It includes such items as:

  1. the documentation necessary to establish a configuration control baseline on the TEMPEST product;
  2. TEMPEST test plans, test reports, etc;
  3. in-process accounting procedures for implementation during production of the product;
  4. manuals, operating instructions and other supporting materials;
  5. the plans for maintenance and other life-cycle support items; and
  6. a Product Management Plan (PMP) (see Annexes I and L), or a Service Management Plan (SMP).

1.2.6 Program Execution

After signing an MOA applicable to the program of operation (that is, an MOA based on Annex E, F, G or H), the Company shall perform the applicable tasks necessary to satisfy the requirements of both the MOA, and the program of operation. In the case of the Endorsed TEMPEST Products Program, the assigned CSE PM will ensure that all of the required CSE support actions are provided.

1.2.7 Endorsement

When the requirements of an MOA pertaining to either the Endorsed TEMPEST Products Program or the Endorsed TEMPEST Instrumentation Program (as applicable) have been met, the Company shall submit all equipment and items that are necessary for evaluation (called for in the applicable TSRD, see Annex I or K), to the CSE PM. CSE will evaluate the product; if it is determined to be in compliance with the applicable TSRD, its use will be endorsed as specified in the MOA, and the product will appear on the applicable ETPL.

Consult the CITP Management Office for specific procedures pertaining to the application for a product listing on the U.S. ETPL or the NRPL.

1.2.8 Production and In-Service Support

Following endorsement, CSE will ensure that the endorsed product remains in compliance with the TSRD, and with the terms of the endorsement, through periodic checks.

1.2.9 Termination Processe

1.2.9.1 General

There are three separate termination processes available for removing a Company from a CITP program. Which process is used depends upon whether CSE or the Company initiates the termination and the stage of the TEMPEST endorsement process at which termination takes place. The standards and procedures deal with:

  1. CSE termination of an MOA prior to endorsement;
  2. CSE termination of an existing product endorsement; and
  3. a Company voluntarily choosing to terminate its participation in a CITP program.

The standards and procedures pertaining to the first two categories are discussed below. The standards and procedures pertaining to the third category (voluntary Company termination of participation) will be issued separately.

1.2.9.2 CSE Termination of an MOA Prior to Endorsement

Participation in the CITP after MOA execution is permitted only if: the Company continues to satisfy the eligibility requirements for the Program; and the Company pursues product or service endorsement in accordance with the schedule in the applicable PMP or SMP. CSE may initiate processes to terminate an MOA if it finds that:

  1. The Company's facility security clearance and/or storage capability have been, or will be, revoked;
  2. The Company becomes unacceptably foreign owned, controlled or influenced;
  3. The Company is suspended, or otherwise prohibited, from contracting with the GC;
  4. The Company refuses, or fails, to adhere to the schedule agreed to in the PMP or SMP; or
  5. The Company fails to satisfy the requirements for endorsement in the time allotted in the PMP or SMP.

CSE will notify the Company in writing (by registered mail, return receipt requested) of its intent to terminate and the grounds upon which such intended termination is founded. It will then afford the Company a reasonable opportunity (at least 14 days) to show cause as to why the MOA should not be terminated.

If the Company responds to the termination notification, CSE will review the response, and will determine whether or not the MOA should be terminated. CSE will notify the Company in writing (by registered mail, return receipt requested) of its decision. If CSE still intends to terminate the MOA, the letter will state the effective date of termination and request that the Company immediately return all information, materials, parts, components, assemblies and equipment provided under the MOA. It will also include instructions on how to appeal CSE's decision (should the Company elect to do so).

CSE will not terminate the MOA for 14 days following the Company's receipt of the termination review letter, in order to allow the Company an opportunity to appeal the decision to CSE.

The Company must submit its appeal in writing. The appeal notice must specify the Company's grounds for appeal, and must include all pertinent evidence. Termination of the MOA will then be stayed until receipt of the CSE decision. The CSE decision will be based solely on the written evidence submitted; there will be no opportunity for oral argument. CSE will be the final arbiter of the dispute, and its decision is final.

1.2.9.3 CSE Termination of Endorsement

Continued product endorsement is permitted only if the Company continues to satisfy the eligibility requirements for the CITP and the Company complies with the terms and conditions of the MOA and its attachments. CSE may initiate processes to terminate product endorsement if it finds that:

  1. The Company's facility security clearance and/or storage capability have been, or will be, revoked;
  2. The Company becomes unacceptably foreign owned, controlled or influenced;
  3. The Company is suspended, or otherwise prohibited, from contracting with the GC;
  4. The Company discontinues, or fails to provide, maintenance and/or life-cycle support for the product as delineated in the TSRD;
  5. The Company refuses, or fails, to correct TEMPEST deficiencies discovered in the product subsequent to endorsement;
  6. The Company refuses, or fails, to adhere to the requirements for product integrity as delineated in the TSRD;
  7. The Company refuses, or fails, to adhere to the security requirements delineated in the MOA and its incorporated references;
  8. The Company refuses, or fails, to make sample unit(s) of the product available to a CSE-designated representative, as required in the TSRD, for testing and inspection against the standards set forth in the TSRD;
  9. The Company refuses, or fails, to allow CSE's designated representative access to the Company's facility and records, for inspection against the standards set forth in the TSRD; or
  10. The Company incorporates engineering changes, waivers and/or deviations that affect the TEMPEST integrity of the product, without CSE approval.

CSE will notify the Company in writing (by registered mail, return receipt requested) of: its intent to terminate endorsement; and the grounds upon which such intended termination is founded. It will then afford the Company a reasonable opportunity (at least 14 days) to show cause as to why such product endorsement should not be terminated.

If the Company responds to the termination notification, CSE will review the response, and will determine whether or not the product endorsement should be terminated. CSE will then notify the Company in writing (by registered mail, return receipt requested) of its decision. If CSE still intends to terminate its product endorsement, the letter will state the effective date of termination and request that the Company immediately return all information, materials, parts, components, assemblies and equipment provided under the MOA. The letter will also include any special instructions pertaining to completion of existing purchase orders for the product, as well as instructions on how to appeal CSE's decision (should the Company elect to do so).

Upon termination of a Company's product endorsement, the product is listed in Section V (Red pages - Terminated Endorsement) of the ETPL. Once a CSE product endorsement is terminated, the product cannot be re-endorsed with the same model number; the Company must reapply to CSE as if it were making a new product proposal.

Notice of CSE product endorsement termination will not be posted on the GC's Electronic Bulletin Board, nor listed in Section V of the ETPL, for 14 days following Company receipt of the termination review letter, in order to allow the Company an opportunity to appeal the decision to CSE.

The Company must submit its appeal in writing. The appeal must specify the Company's grounds for appeal, and must include all pertinent evidence. Product endorsement termination will be stayed until Company receipt of CSE's decision. The decision will be based solely on the written evidence submitted; there will be no opportunity for oral argument. CSE will be the final arbiter of the dispute, and its decision is final.

1.3 Program Administration

1.3.1 Security Prerequisites

Following a positive program decision (see article 1.2.3), the Company will be required to process security clearances for the facility and for the personnel involved (if the security prerequisites are not already in place as result of a previous contract with the GC). These requests will be processed through PWGSC. When the security prerequisites are fulfilled, a COMSEC account will be opened, permitting classified TEMPEST and other COMSEC-related documentation to be issued under the terms and conditions of an MOU.

1.3.2 Points of Contact

The CITP Management Office administers the CITP development processes, with assistance from PWGSC, during the program decision phase. PWGSC reviews the business oriented portion of the questionnaire included in Annex A, and makes recommendations to CSE.

PWGSC is also responsible for all contracts and TEMPEST procurement (including classified contracts and TEMPEST procurement). PWGSC will open a COMSEC account for the Company, if approved, and will then assign a Field Industrial Security Officer to the Company.

PWGSC also reviews and approves visit clearance requests and document release requests.

1.3.3 Channels of Communication

Cross-border communication of U.S. and U.K. TEMPEST information must be directed through government-to-government channels. The sequence of contacts shall be: from the Canadian vendor's (that is, the Company's) security officer; through the CITP Management Office; through the U.S. National Security Agency, or through the U.K. Communications Electronics Security Group (whichever is applicable); to the U.S. or U.K. vendor's security officer (whichever is applicable); and vice versa.

International agreements abide by this concept because government-to-government channels provide maximum protection for the transfer of classified or sensitive TEMPEST information.

Note: Not dealing through government-to-government channels is considered a security violation.

2 Endorsed TEMPEST Products Program

2.1 Introduction

2.1.1 General

The Endorsed TEMPEST Products Program (ETPP) has been established in order to combine Canadian industry's leadership and expertise in the design, development and production of telecommunications and automated information processing equipment, with the TEMPEST experience of CSE. This culminates, as a result, with TEMPEST-endorsed products appearing on the U.S. Endorsed TEMPEST Products List (ETPL), and on the NATO Recommended Products List (NRPL).

2.1.2 Objective

The objective of the program is to enable industry to develop, produce and sell TEMPEST products, meeting international TEMPEST standards, for use by: Government of Canada (GC) institutions; the U.S.; the U.K.; other NATO countries; Australia; New Zealand; and certain CSE-approved, non-government users in Canada (such as banks, oil companies, courts and companies directly involved in sensitive government contracts).

Approval for non-government users is considered on a case-by-case basis. In order to initiate approval, a formal request identifying: the specific equipment involved; the system configuration; the non-government customer; and (if applicable) the GC contract and sponsoring agency agreement, must be forwarded to CSE (Attention: CITP Manager, INFOSEC Systems Group).

At the time of sale, the CITP vendor (the Company) shall advise the approved customer of: the requirement for CITP-approved maintenance; and the TEMPEST equipment disposal procedures contained in Procedures for the Release, Export and Disposal of TEMPEST-Designed Equipment and Technology.

2.1.3 Eligibility Requirements

Initial and continued eligibility to participate in this program to develop, produce and sell a TEMPEST product is conditional upon the vendor (the Company) meeting the minimum following requirements:

  1. The Company must not be under disqualifying foreign ownership, control or influence;
  2. The Company must hold a current SECRET facility security clearance, and the storage capability to handle the classified TEMPEST information necessary for the design and development of a TEMPEST product;
  3. The Company must propose to develop a TEMPEST product that will provide direct and obvious benefit to the cause of improving the communications security of Canada, the U.S., the U.K., other NATO countries, Australia and/or New Zealand;
  4. The Company must have a demonstrable financial, technical and manufacturing capability to design and produce a product of reasonable quality;
  5. The Company must not be suspended, nor otherwise prohibited, from contracting with the GC; and
  6. CSE must not have excluded the Company from future participation in the program (see article 2.3).

2.2 Endorsed TEMPEST Products Program Development Process

2.2.1 Introduction

The following information is intended to provide a potential TEMPEST product manufacturer with an overview of the seven sequential steps in the development process of the ETPP. The steps are:

  1. initial contact;
  2. program decision;
  3. Memorandum of Understanding (MOU);
  4. Memorandum of Agreement (MOA);
  5. program execution;
  6. endorsement; and
  7. production and in-service support.

A description of each sequential step is provided in the articles below.

2.2.2 Initial Contact

Initial contact with CSE to express interest in the ETPP and to request further information is responded to by the CITP Management Office. The response involves a letter that requests Company submission of a product-specific proposal. In addition, survey questionnaires (see Annexes A and B) are forwarded for completion. These questionnaires provide CSE with a company profile, and with certification that no disqualifying foreign ownership, control or influence exists.

Each potential vendor interested in participating in the ETPP is required to submit a written product proposal for each product that the Company wants considered. Product proposals should include the following information:

  1. Describe the proposed product (including its model number, application and function). If the proposed product involves modifying an existing product, include product brochures and specifications of the existing product. The Company must distinguish between components that are integral parts of the proposed product, and those that are ancillary accessories to be offered as options to the endorsed product. The description should also include a copy of the proposed product description as it would appear in the ETPL (see Appendix 3 of Annex I for standardized format guidelines);
  2. Describe the intended market for the proposed product (include a specific GC customer base, and/or other firmly established requirements). This discussion shall explain: the target price; why the product would be marketable at the stated price and how the specific market projections were derived. In cases where the product to be developed is a retrofit to existing equipment, include the potential sales volume for the existing equipment that is already fielded;
  3. Provide the Company's target development and production schedule, as well as proposed delivery dates for the endorsement plan deliverables.

    Note: This proposed schedule would serve as the basis for negotiating the Product Management Plan [PMP], described later in this section under Memorandum of Agreement;

  4. Describe the differences (including the advantages) of the proposed product relative to similar products currently available; and
  5. Describe any plans to employ subcontractors at any time during the product's life cycle. Identify those subcontractors, and describe their involvement with the proposed product.

    Note: A company profile and a product assurance survey might be required for a

    subcontractor proposed to be involved in the development, manufacture or production of the proposed product. CSE acceptance of proposals that include subcontracting is contingent upon:

    1. CSE's determination that the proposed subcontractor satisfies the program's minimum eligibility requirements;
    2. the Company's agreement to ensure subcontractor compliance with the terms and conditions of the ETPP MOA (including all attached and incorporated documents); and
    3. the proposed subcontractor's agreement to be bound by all the terms and conditions of the ETPP MOA (including all attachments and incorporated documents):
  6. Express interest in having the product listed on the NRPL, as well as on the ETPL;
  7. Provide a completed product assurance survey (see Annex A):
    1. The Company shall also submit photographs (or a video), depicting the manufacturing facility and the processes to be used in developing and producing the TEMPEST product, with its completed survey;
    2. Through the survey, as well as through CSE survey team visits to Company facilities and/or discussions concerning Company capabilities, CSE and PWGSC will make a general assessment as to whether the Company possesses the financial, technical and manufacturing capability to successfully develop and produce a TEMPEST product. The areas examined include: experience; manufacturing capability; product integrity processes; configuration control; and product support; and
    3. Some questions in the survey require information that might duplicate information requested in the data deliverables required for endorsement. If so, the Company may reference the pertinent part(s) of its survey response(s) in order to satisfy the data deliverable requirements. (See Part 3 of Technical and Security Requirements

    Document [TSRD] 88-9A, reproduced in Annex I). The TSRD delineates the technical, security and data requirements necessary for endorsement of a product under the ETPP. For an overview of the TSRD's contents, see the Table of Contents, Annex I.);

  8. Provide a company profile (see Annex A). A potential ETPP participant must satisfy certain security and suitability criteria prior to establishing a relationship with CSE. The potential vendor is required to submit a company profile (that is, a completed Business Survey questionnaire) that provides as much documentation as necessary to establish its identity, capability and suitability for the Program. The submission shall include the following information.
    1. Provide the Company name and address;
    2. Provide: a principal point of contact; a technical point of contact; a marketing point of contact; and alternates. For each person, include: name and title; business address; business telephone; citizenship; security clearance status; social insurance number; and date/place of birth;
    3. Describe the product(s) or service(s) offered. This could be supplemented with a Company capabilities brochure;
    4. Provide a copy of the Company's annual financial report (reflecting Canadian operations, not that of a U.S. Company);
    5. Describe the expertise, and the clearance levels, of the personnel to be involved with the proposed product development, with emphasis on previous TEMPEST experience;

The Company is required to submit a product assurance survey and a company profile with its initial proposal only. However, the Company is required to include the following certifications with all of its subsequent proposals.

  1. Provide a newly completed COMSEC access certification package (see Annex B); and
  2. Provide certification by the official with Company signatory authority that the information provided in the original product assurance survey and company profile are still true and accurate, and that there have been no changes or deviations. If there have been changes or deviations, the Company shall identify them, and submit them along with the product-specific proposal for CSE's review and approval.

Three copies of the complete proposal package should be sent to:

Attention: Manager, CITP
Communications Security Establishment
PO Box 9703
Terminal
Ottawa, Ontario
K1G 3Z4

Questions regarding the ETPP proposal process can be answered by writing to the address above.

2.2.3 Program Decision

Upon receipt of the Company's: written product proposal; completed product assurance survey and company profile; and completed COMSEC access certification package, CSE will send the Company written notification that the proposal package has been received, and is under consideration.

CSE and PWGSC will jointly review the proposal in accordance with the ETPP's minimum eligibility requirements and assess the acceptability of the product-specific proposal, as expeditiously as possible. CSE will then notify the Company in writing of the review results. If the results are positive, CSE will request that PWGSC process the necessary security prerequisites (that is, the facility and personnel security clearances), if they are not already in place from a previous program or contract.

2.2.4 Memorandum of Understanding

Following the granting of a facility security clearance to the SECRET level, and the granting of SECRET-level personnel security clearances for those persons involved in TEMPEST activities, PWGSC will open a COMSEC account for the Company. This COMSEC account will allow the transfer of the classified technical standard Compromising Emanations Laboratory Test Requirements Electromagnetics (CID/09/15A) for the program, as well as the transfer of other required classified TEMPEST and COMSEC documentation, to the Company's security officer. The transfer of this documentation will be subject to the terms and conditions of an MOU (see Annex D) signed between CSE and the Company.

2.2.5 Memorandum of Agreement

After the negotiation of the MOU, but prior to a formal acceptance of the Company's proposal through the execution of an MOA (see Annex E), a Product Management Plan (PMP) (see Annex I, Appendix 2) must be established. This PMP becomes part of the Agreement Data Requirements List (ADRL) (see Annex I, Appendix 2). The ADRL and the PMP are both components of Technical and Security Requirements Document (TSRD) 88-9A (see Annex I) that becomes an attachment to the MOA.

The PMP delineates a mutually-agreed-upon schedule of supportable milestones and events, including the delivery of data and reports that are required of each party in order to accomplish product development, evaluation and endorsement under the ETPP.

Failure to negotiate and conclude the PMP within 120 days of the Company's receipt of notification of a positive joint CSE/PWGSC evaluation constitutes grounds for CSE to not accept the Company's proposal. (The Company may also withdraw its proposal at any time, should it determine that it does not wish to pursue product development or endorsement.)

In developing a proposed PMP, the Company should assume that under normal circumstances CSE will require 30 working days to review and approve a data deliverable. CSE will maintain a master PMP that includes all approved PMPs, in order to control the workload and to ensure proper resource allocation. It is therefore critical that the Company propose delivery dates for its deliverable submissions that are realistic, and that are consistent with its obligations.

If the Company realizes that it will not be able to meet the negotiated PMP delivery date, it must notify CSE immediately, in order to negotiate a new delivery date (and potentially a new PMP). CSE will reschedule the review date in accordance with the first available time period. However, given that the master PMP is predicated on negotiated PMP schedules, any company failing to submit a deliverable (for which CSE review is required) on the date scheduled in the PMP may forfeit the time frame for that review.

Upon the establishment of a PMP, CSE will forward the MOA to the Company for execution. Attached to the MOA will be the TSRD (including the ADRL with its accompanying PMP).

The function of the MOA is to establish the following formal relationship between the Company and CSE. The Company, having obtained necessary TEMPEST documentation under the MOU, agrees to continue to protect the information in accordance with GC regulations and to design, develop, produce, market and sell the specified TEMPEST product at its own risk and expense. CSE agrees to protect Company proprietary information, to evaluate the Company's product and, if appropriate, to endorse that product. The MOA also formally establishes the responsibilities and obligations of the parties with respect to the Company's marketing and sales of TEMPEST products subsequent to endorsement, as well as the terms and conditions for continued endorsement.

2.2.6 Program Execution

Once the MOA is executed, the Company and CSE perform the tasks that are necessary in order to meet the MOA's requirements for product development and evaluation.

In order to assist GC buyers and users with their procurement and budget planning, a Potential Endorsed TEMPEST Products List (PETPL) has been created. The PETPL includes: the names of companies and the model numbers and equipment categories of the products for which the companies are seeking endorsement. The Company is eligible to have its product included on the PETPL upon satisfying the ETPP's preliminary requirements, which are:

  1. Company submission, and CSE approval, of a product-specific proposal;
  2. Company/CSE negotiation of a PMP;
  3. Company/CSE execution of a product-specific MOA; and
  4. Company submission, and CSE approval, of a test plan for the proposed product.

Products on the PETPL are not yet endorsed, and inclusion on the PETPL does not imply that the product will necessarily receive CSE endorsement. Inclusion merely evidences that the Company has completed preliminary steps toward obtaining product endorsement and the Company has expressed intent to obtain product endorsement in accordance with the schedule delineated in the PMP. The Company may not, directly or by implication, market or advertise a product listed on the PETPL as a product already endorsed by CSE, or as a product that will be endorsed by CSE.

2.2.7 Endorsement

Endorsement is a statement of CSE's findings that a product satisfies the technical and security requirements set forth in the applicable TSRD.

Upon determining that the product is in compliance with the TSRD (including the ADRL), CSE will notify the Company (in writing) within 20 working days that the product is endorsed.

Also upon endorsement, a brief description of the product, along with the Company's name and principal point of contact, will be forwarded through CSE COMSEC channels to the U.S. National Security Agency (NSA), with an application to place the product on the ETPL that is published quarterly as part of the Information Systems Security Products and Services Catalogue. The ETPL (as well as the NATO Recommended Products List (NRPL)) is made available to U.S. and Canadian Government buyers and users, to help them readily identify equipment: that they may acquire directly from vendors and that meet the national TEMPEST standard.

Listing on the ETPL is done on a product-specific basis. CSE's endorsement and subsequent application to NSA for placement of a product on the ETPL does not occur until CSE determines that the Company has satisfied all the requirements of the TSRD. Generally, this includes:

  1. Company submission, and CSE approval, of a test plan;
  2. Company execution of the test plan on a pre-production (prototype) unit for listing on the PETPL; and
  3. Company submission, and CSE approval, of a test report plus all product-integrity data deliverables on a production unit.

The Company must then apply through CSE to have the product listed on the NSA ETPL. As an integral part of the application for ETPL listing, the TEMPEST test plan and test report (if requested by NSA) are forwarded through CSE COMSEC channels to NSA, in accordance with the requirements delineated in Part 2 of Annex I and Appendix 3 of Annex I.

Consult the CITP Manager for further procedures pertaining to an application to have a product listed on the ETPL.

Deadlines are as follows:

The Company must have the required documentation to CSE by:

15 September
15 March

CSE must have its submissions to NSA by:

1 October
1 April

NSA must deliver the final ETPL/PETPL for inclusion in the ISSPSC by:

1 December
1 June

Catalogue publishing months:

January
July

2.2.8 Production and In-Service Support

This phase involves the production and life-cycle support of the product. It begins after product endorsement is granted, and ends when production is terminated and the product is no longer in use by GC institutions or its contractors. The stringent technical and security requirements pertaining to production and life-cycle support (covered in Parts 2, 3 and 4 of the TSRD [see Annex I]) deal with: the product-evaluation process; product-integrity processes; and general requirements. The Table of Contents of Annex I identifies the scope of these requirements.

In accordance with the MOA, the endorsed product will be checked periodically for continued compliance with the TSRD, and with the terms of the endorsement.

2.3 Endorsed TEMPEST Products Program Termination Processes

2.3.1 General

There are three termination categories: CSE termination of the MOA prior to endorsement; CSE termination of the product endorsement process; and Company termination of participation termination. The standards and procedures dealing with the first two categories are discussed below: The Company participation termination process is to be issued separately.

2.3.2 CSE Termination of the Memorandum of Agreement Prior to Endorsement

Participation in the program after MOA execution is permitted only if the Company continues to satisfy the eligibility requirements for the ETPP and the Company pursues product endorsement in accordance with the schedule in the PMP. CSE may initiate termination of the MOA (and thus any product listing on the PETPL) if it finds that:

  1. The Company's facility security clearance and/or storage capability have been, or will be, revoked;
  2. The Company becomes unacceptably foreign owned, controlled or influenced;
  3. The Company is suspended, or otherwise prohibited, from contracting with the GC;
  4. The Company refuses, or fails, (two incidents) to adhere to the schedule agreed to in the PMP;
  5. The Company fails to satisfy the requirements for endorsement in the time allotted in the PMP; or
  6. The Company refuses, or fails, to adhere to the security, procedural and/or administrative requirements delineated in the MOA and its incorporated references.

CSE will notify the Company in writing (by registered mail, return receipt requested) of its intent to terminate the MOA and the grounds upon which the intended termination is founded. CSE will then afford the Company a reasonable opportunity (at least 14 days) to show cause as to why the MOA should not be terminated.

If the Company responds to the termination notification, CSE will review the response to determine whether or not the MOA should be terminated. CSE will then notify the Company in writing (by registered mail, return receipt requested) of its decision. If CSE still intends to terminate the MOA, the letter will state the effective date of termination and request that the Company immediately return all information, materials, parts, components, assemblies and equipment provided under the MOA. It will also include instructions on how to appeal CSE's decision (should the Company elect to do so).

CSE will not terminate the MOA (and a product's listing on the PETPL) for 14 days following Company receipt of the termination review letter, in order to allow the Company an opportunity to appeal the decision to CSE.

The Company must submit its appeal in writing. The appeal notice must specify the Company's grounds for appeal, and must include all pertinent evidence. Termination of the MOA will be stayed until Company receipt of CSE's decision. The decision will be based solely on the written evidence submitted; there will be no opportunity for oral argument. CSE will be the final arbiter of the dispute, and its decision is final. Notice of CSE's decision will be sent in writing to the Company within 10 working days.

2.3.3 CSE Termination of Product Endorsement

Continued product endorsement is permitted only if the Company continues to satisfy the eligibility requirements for the ETPP and the Company complies with the terms and conditions of the MOA and its attachments. CSE may initiate termination of the MOA and the endorsement if it finds that:

  1. The Company's facility security clearance and/or storage capability have been, or will be, revoked;
  2. The Company becomes unacceptably foreign owned, controlled or influenced;
  3. The Company is suspended, or otherwise prohibited, from contracting with the GC;
  4. The Company has discontinued, or fails to provide, maintenance and/or life-cycle support for the product, as delineated in the TSRD;
  5. The Company refuses, or fails, to correct TEMPEST deficiencies discovered in the product subsequent to endorsement;
  6. The Company refuses, or fails, to adhere to the requirements for product integrity, as delineated in the TSRD;
  7. The Company refuses, or fails, to adhere to the security, procedural and/or administrative requirements delineated in the MOA and its incorporated references;
  8. The Company refuses, or fails, to make sample unit(s) of the product available to CSE's designated representative, as required in the TSRD, for testing and inspection against the standards set forth in the TSRD;
  9. The Company refuses, or fails, to allow CSE's designated representative access to the Company's facility and/or records for inspection against the standards set forth in the TSRD;
  10. The Company incorporates engineering changes, waivers and/or deviations that affect the TEMPEST integrity of the product, without CSE approval; or
  11. The Company refuses, or fails, (two incidents) to ensure subcontractor compliance with the terms and conditions of the MOA and its incorporated references.

CSE will notify the Company in writing (by registered mail, return receipt requested) of its intent to terminate the endorsement and the grounds upon which such intended termination is founded. CSE will then afford the Company a reasonable opportunity (at least 14 days) to show cause as to why the product endorsement should not be terminated.

Product endorsement will be suspended effective immediately upon Company receipt of the letter. Once endorsement is suspended, the Company cannot continue to advertise the product as CSE-endorsed, nor take any new orders from GC institutions for the CSE-endorsed product. (Products with suspended endorsements are listed in Section IV of the ETPL [blue pages]).

If the Company responds to the termination notification, CSE will review the response to determine whether or not product endorsement should be terminated. CSE will then notify the Company in writing (by registered mail, return receipt requested) of its decision. The letter will state the effective date of termination and request that the Company immediately return all information, materials, parts, components, assemblies and equipment provided under the MOA. The letter will also include any special instructions pertaining to the completion of existing purchase orders for the product, and instructions on how to appeal CSE's decision (should the Company elect to do so).

Upon termination of a Company's product endorsement, the product will be listed in Section V (Red pages - Terminated Endorsement) of the ETPL. Once a product endorsement is terminated, the product cannot be re-endorsed with the same model number; the Company must re-apply to CSE for endorsement as if the product were part of a new product proposal.

Notice of the product endorsement termination will not be listed in Section V of the ETPL for 14 days following Company receipt of the termination review letter, in order to allow the Company an opportunity to appeal the decision to CSE. The Company must submit any appeal in writing. The appeal must specify the Company's grounds for appeal, and must include all pertinent evidence. Product endorsement termination will be stayed until receipt of the CSE decision. The decision will be based solely on the written evidence submitted; there will be no opportunity for oral argument. CSE will be the final arbiter of the dispute, and its decision is final. Notice of the CSE decision will be sent in writing to the Company within 10 working days.

2.3.4 Company Termination of Participation

Standards and procedures pertaining to the Company participation termination process will be issued separately.

3 Endorsed TEMPEST Support Services Program

3.1 Introduction

3.1.1 General

Adequate maintenance and life-cycle support enable product purchasers to ensure the TEMPEST integrity of a product once it is fielded. Consequently, the Endorsed TEMPEST Support Services Program (ETSS) has been implemented to ensure the product integrity process is applied to TEMPEST equipment during the in-service phase.

Chapter 2 (Endorsed TEMPEST Products Program) describes in detail the manufacturer's responsibilities in the product integrity process, including (amongst other things) the maintenance and life-cycle support processes. (These responsibilities are also described in article 3.4 of this chapter, and in Part 3 of Annex I). These responsibilities are also inherent within the ETSSP.

In addition to satisfying the requirements of the product integrity process, the ETSSP also satisfies the CITP's marketing requirements (see Annex C) and maintenance training requirements. The maintenance requirements are satisfied by Company personnel who have successfully completed a formal course, from the original equipment manufacturer (OEM), on the systems for which they shall provide maintenance services (including all TEMPEST-critical features built into the equipment). The OEM will issue certificates confirming this training.

It is the Company's responsibility to ensure the continued training of its maintenance personnel; and to report any personnel changes to CSE. Such reports shall document all of the personnel on staff who have the foregoing maintenance qualifications.

Note: Contrary to the other endorsed TEMPEST programs, foreign ownership, control or influence (FOCI) considerations do not apply to the ETSSP.

3.1.2 Objective

The objective of the ETSSP is to enable industry to provide sales and support services for TEMPEST products that meet the national TEMPEST standard. Therefore, the ETSSP has been established to provide guidelines for maintenance and life-cycle support (including integration and installation) and the TEMPEST-integrity process, for the large quantities of TEMPEST products imported into Canada.

These products are used by: Government of Canada (GC) institutions; the U.S.; the U.K.; other NATO countries; Australia; New Zealand; and certain CSE-approved, non-government users in Canada (such as banks, oil companies, courts and companies directly involved in sensitive government contracts).

Implementation and management of the product integrity process is the responsibility of a single authority within the Company operating within the ETSSP. At the time of sale, the CITP vendor (the Company) shall advise the approved customer of the requirement for CITP-approved maintenance and the TEMPEST equipment disposal procedures contained in Procedures for the Release, Export and Disposal of TEMPEST-Designed Equipment and Technology.

3.1.3 Eligibility Requirements

As with the other CITP programs, a Company's initial and continued eligibility to participate in the ETSSP is conditional upon it meeting minimum requirements. For the ETSSP, they include the following:

  1. The Company must hold a current SECRET facility security clearance, and must have the storage capability to handle the classified TEMPEST and other COMSEC information necessary for the installation, integration and maintenance of TEMPEST products;
  2. The Company must propose a TEMPEST service that will provide direct and obvious benefit to the cause of improving the communications security of the GC and/or the other countries listed in the Objective section of this chapter;
  3. The Company must have a demonstrable financial and technical capability to install, integrate and maintain the TEMPEST-critical features built into TEMPEST products and to provide complete technical maintenance during the life cycle of the product;
  4. The Company must not be suspended, nor otherwise prohibited, from contracting with the GC; and
  5. The Company must not have been excluded by CSE from participation in the ETSSP, in accordance with article 2.3 of this chapter.

Note: As explained in Chapter 1, "foreign ownership, control or influence" (FOCI) considerations do not apply to the ETSSP; therefore, the Annex B certification requirements do not have to be met in order for the Company to participate in this program.

3.2 Endorsed TEMPEST Support Services Program Development Process

3.2.1 Introduction

A company wishing to submit a proposal under the ETSSP must follow the first five of the seven sequential development steps described (in a generic way) in Chapter 1. The application of these five steps (initial contact; program decision; Memorandum of Understanding (MOU); Memorandum of Agreement (MOA); and program execution) to the ETSSP is described in the following paragraphs.

3.2.2 Initial Contact

Once the potential vendor has established initial contact with CSE, the CITP Manager will ask the Company to submit a written service proposal and business plan that addresses short-term as well as long-term TEMPEST strategies and to complete the two-part survey questionnaire contained in Annex A. Upon receipt of the proposal package, the CITP Manager will acknowledge in writing that the package has been received, and that it will be given a joint CSE/PWGSC review. This joint review will be conducted as expeditiously as possible.

3.2.3 Program Decision

If the joint review by PWGSC and CSE is positive, PWGSC will be requested to process the necessary security prerequisites (that is, the facility security clearance and personnel security clearances), if they are not already in place because of previous program or contractual requirements. PWGSC will also assign a Field Industrial Security Officer to the Company, to oversee the implementation of these prerequisites. When they have been successfully implemented, PWGSC will open a COMSEC account that will enable the Company's security officer to receive CSE-controlled, classified TEMPEST and other COMSEC information commensurate with the program of operation.

3.2.4 Memorandum of Understanding

Following the granting of a facility security clearance to the SECRET level, personnel security clearances to the SECRET level for personnel who will be involved in TEMPEST activities and the issuance of a COMSEC account, an MOU (see Annex D) will be negotiated between CSE and the Company, in order to allow the transfer of classified documentation. This MOU will describe the terms and conditions under which CSE will provide the documents through PWGSC.

3.2.5 Memorandum of Agreement

After the negotiation of the MOU, CSE will forward the standard MOA form (see Annex F) to the Company for execution. The function of the MOA is to establish a formal relationship between the Company and CSE under which the Company, having obtained the necessary classified TEMPEST and other COMSEC documentation under the MOU, agrees to protect the CSE-provided information in accordance with GC regulations. The MOA further establishes the necessary agreement for the Company to market, sell, integrate, install and maintain specified TEMPEST products at its own risk and expense.

3.2.6 Program Execution

After signing the MOA, the Company shall then proceed to market, sell, integrate, install and maintain TEMPEST products for the GC and its contractors in accordance with: the product integrity process contained in article 3.4 of this chapter; and the marketing guidance contained in Annex C of this manual.

3.3 Endorsed TEMPEST Support Services Termination Processes

3.3.1 Termination Conditions

Continued operation under the ETSSP is permitted only if the Company continues to satisfy the eligibility requirements for the program and the Company complies with the terms and conditions of the MOA. CSE may initiate termination of the MOA if it finds that:

  1. The Company's facility security clearance and/or storage capability have been, or will be, revoked;
  2. The Company is suspended or otherwise prohibited from contracting with the GC;
  3. The Company has discontinued, or fails to provide, maintenance and/or life-cycle support for the product, as delineated in article 3.4 of this chapter;
  4. The Company fails, or refuses, to adhere to the requirements for product integrity as delineated in article 3.4 of this chapter;
  5. The Company fails, or refuses, to correct TEMPEST deficiencies discovered in the product, by installing manufacturer's retrofit kits;
  6. The Company refuses, or fails, to adhere to the security requirements delineated in the MOU and/or MOA;
  7. The Company fails, or refuses, to allow CSE's designated representative access to the Company's facility and/or records for inspection against standards set forth in article 3.4 of this chapter; or
  8. The Company incorporates engineering changes, waivers and/or deviations that affect the TEMPEST integrity of the product, without CSE approval.

3.3.2 Termination Procedures

CSE will notify the Company in writing (by registered mail, return receipt requested) of its intent to terminate the MOA and the grounds upon which the intended termination is founded. CSE will then afford the Company a reasonable opportunity (at least 14 days) to show cause as to why the MOA should not be terminated.

If the Company responds to the termination notification, CSE will review the response to determine whether or not the MOA should be terminated. CSE will then notify the Company in writing (by registered mail, return receipt requested) of its decision. If CSE still intends to terminate the MOA, the letter will state the effective date of termination and request that the Company immediately return all information, materials, parts, components, assemblies and equipment provided under the MOA. It will also include instructions on how to appeal CSE's decision (should the Company elect to do so).

CSE will not terminate the MOA for 14 days following Company receipt of the termination review letter, in order to allow the Company an opportunity to appeal the decision to CSE.

The Company must submit its appeal in writing. The appeal notice must specify the Company's grounds for appeal, and must include all pertinent evidence. Termination of the MOA will then be stayed until Company receipt of CSE's decision. CSE's decision will be based solely on the written evidence submitted; there will be no opportunity for oral argument. CSE will be the final arbiter of the dispute, and its decision is final. Notice of CSE's decision will be sent in writing to the Company within 10 working days.

3.4 Endorsed TEMPEST Support Services Program Product Integrity Processes

3.4.1 Maintenance and Life-Cycle Support

Within the Endorsed TEMPEST Products Program (under Product Integrity Processes), maintenance and life-cycle support is the responsibility of the product manufacturer. In order to ensure TEMPEST security, these same responsibilities must be adopted by any company operating within the ETSSP. Therefore, as long as the parent company intends its products to remain on the ETPL, the Company (operating within the ETSSP on the parent company's behalf) must provide the maintenance, integration, installation and life-cycle support necessary to ensure the TEMPEST integrity of the product.

Accordingly, the ETSSP Company shall provide CSE with a written description of its maintenance and life-cycle support system. This description shall include:

  1. a statement as to the availability of the maintenance services that will ensure the continuing TEMPEST integrity of the product;
  2. assurances that the individuals identified to CSE in the written description as performing TEMPEST product maintenance are trained to diagnose and repair TEMPEST products; are knowledgeable of the unique restrictions and/or precautions necessary to maintain the TEMPEST integrity of the product and are provided access to the maintenance manual developed by the OEM; and
  3. copies of all hardware maintenance manuals held by the ETSSP Company for the product on which the Company proposes to offer maintenance services. Such manuals shall include all documentation necessary to support the maintenance of each critical TEMPEST feature of the product (for example, maintenance procedures, with their accompanying troubleshooting charts, schematics, wiring diagrams and illustrations).

3.4.2 TEMPEST Critical Features List

The ETSSP Company shall obtain a TEMPEST "critical features list" prepared by the parent Company's certified TEMPEST professional. This list (see Appendix 1 of Annex I) must identify the specific critical features (such as parts, materials, workmanship, assemblies, assembly procedures and manufacturing processes) that are of paramount importance to the TEMPEST integrity of the product. This list shall be submitted to CSE for review.

Companies operating within the ETSSP must have knowledge of the contents of Technical and Security Requirements Document (TSRD) 88-9A (see Annex I), which is applicable to TEMPEST product manufacturers under the Endorsed TEMPEST Products Program.

Note: Paragraphs 1.12 and 1.13 of Annex I (pertaining to manufacturing, market and export controls) are of particular importance to companies in the ETSSP; TEMPEST products may be exported only to NATO member governments, and/or the governments of Australia and New Zealand. Exports to companies, non-government organizations or governments in countries other than those listed in Annex I are prohibited.

4 Endorsed TEMPEST Test Services Program

4.1 Introduction

4.1.1 General

The Endorsed TEMPEST Test Services Program (ETTSP) has been established to promote the development of endorsed TEMPEST test service facilities for use by: Government of Canada (GC) institutions; GC contractors; and eligible Canadian TEMPEST product manufacturers, when developing and producing TEMPEST products.

4.1.2 Objective

The objective of the ETTSP is to ensure that the TEMPEST testing and product-configuration services required during the development and production of endorsed TEMPEST products are provided by facilities meeting minimum personnel, equipment and facility requirements. (The ETTSP is an adjunct to the Canadian Government TEMPEST Certification Program, which is responsible for the certification of TEMPEST professionals.)

4.1.3 Eligibility Requirements

Initial and continued eligibility to participate in the ETTSP is conditional upon a Company meeting the following minimum requirements:

  1. The Company must not be under disqualifying foreign ownership, control or influence;
  2. The Company must have a SECRET facility security clearance, and the storage capability to handle the classified TEMPEST information necessary for the design, development and testing of TEMPEST products;
  3. The Company must demonstrate through its proposal that it can, or will be able to, satisfy the technical, security, personnel and equipment requirements associated with becoming an endorsed TEMPEST test services facility; and
  4. The Company must not be suspended, nor otherwise prohibited, from contracting with the GC.

4.2 Endorsed TEMPEST Test Services Program Development Process

4.2.1 Introduction

This section provides a potential TEMPEST test services Company with an overview of the five sequential steps in the processes of this program. These five steps are: initial contact; program decision; Memorandum of Understanding (MOU); Memorandum of Agreement (MOA); and CSE evaluation and endorsement (that is, certification) of the TEMPEST test services facility.

4.2.2 Initial Contact

Initial contact with CSE expressing interest in the ETTSP is responded to by the CITP Management Office. The response involves a covering letter, which requests the Company to submit a written test services proposal. In addition, survey questionnaires (see Annexes A and B) are forwarded for completion. These questionnaires provide a company profile, and certification that no debarring foreign ownership, control or influence exists.

The written TEMPEST test services proposal, together with the completed survey questionnaires, assists CSE in establishing that the Company has the capabilities and qualifications necessary to successfully provide TEMPEST test services. The proposal package is designed to provide preliminary information before a CSE survey team visits to evaluate the Company's test services facility. Therefore, the Company is encouraged to submit as much detailed documentation as necessary to establish its identity, its capabilities, and its suitability for the program.

Some of the information required in the proposal package might duplicate information requested in the data deliverables required for endorsement. Consequently, the Company may, as appropriate, reference the pertinent part(s) of its proposal in order to satisfy the data deliverable requirements (refer to Technical and Security Requirements Document [TSRD] 88-8A [see Annex J]) for this program.

The proposal package shall include, at a minimum, the following information:

  1. Provide the Company name and address;
  2. Provide a principal point of contact; a marketing point of contact; a technical point of contact and alternates. For each, include:
    1. name and title;
    2. business address;
    3. business telephone;
    4. citizenship;
    5. security clearance (if applicable);
    6. social insurance number; and
    7. date/place of birth;
  3. Describe the product(s) or service(s) offered (this could be supplemented with a Company capabilities brochure);
  4. Provide a copy of the Company's annual financial report;
  5. Provide the number of key personnel to be involved in the provision of TEMPEST test services. Describe each person's expertise, with emphasis on TEMPEST certification(s), previous TEMPEST experience, and technical and educational background;
  6. Describe the TEMPEST testing capability of the Company in terms of its test instrumentation, shielded enclosures, etc.; and
  7. Describe any previous Company experience in testing TEMPEST products.

Questions regarding the ETTSP's proposal process can be answered by writing the address below, or by calling the office of: Manager, Canadian Industrial TEMPEST Program (CITP).

Send three copies of the completed proposal package, including questionnaires to:

Communications Security Establishment
Manager, (CITP)
PO Box 9703
Terminal
Ottawa, Ontario
K1G 3Z4

4.2.3 Program Decision

Upon receipt of the Company's proposal package, CSE will send the Company written notification that the proposal package has been received, and is under consideration. CSE and PWGSC will jointly review the proposal package to make an assessment of the Company's qualifications and suitability for providing TEMPEST test services. If the review results are positive, PWGSC will be requested to process the necessary security prerequisites (the facility security clearance and the personnel security clearances), if they are not already in place because of previous program or contractual requirements. At that time PWGSC will also assign a Field Industrial Security Officer to the Company, to oversee the implementation of the prerequisites. When they have been successfully implemented, PWGSC will open a COMSEC account that enables the Company's security officer to receive CSE-controlled, classified TEMPEST and other COMSEC information, commensurate with the program of operation.

4.2.4 Memorandum of Understanding

Following the granting of a facility security clearance to the SECRET level, the granting of personnel security clearances to the SECRET level (for personnel who will be involved in TEMPEST activities) and the issuance of a COMSEC account, an MOU (see Annex D) will be negotiated between CSE and the Company in order to allow the transfer of classified documentation. This MOU will describe the terms and conditions under which CSE will provide these documents to the Company through PWGSC.

4.2.5 Memorandum of Agreement

After negotiation of the MOU, but prior to formal acceptance of the Company's proposal through execution of an MOA (see Annex G), CSE and the Company must negotiate a Service Management Plan (SMP) that delineates a mutually agreed upon schedule of supportable milestones and events (including the delivery of data and reports required of each party in order to accomplish test services facility evaluation and endorsement). Failure to negotiate an SMP within 120 days of the Company's receipt of CSE's notice constitutes grounds for CSE to not accept the Company's proposal. (The Company may withdraw its proposal at any time, should it determine that it does not wish to pursue test services facility endorsement.)

In developing a proposed SMP, the Company should assume that under normal circumstances CSE will require 30 working days to review and approve a data deliverable. CSE will maintain a master SMP that includes all approved SMPs in order to control the workload, and to ensure proper resource allocation. It is therefore critical that the Company propose delivery dates for its deliverable submissions that are realistic, and consistent with known obligations.

Given that the master plan is predicated on negotiated SMP schedules, if the Company fails to submit a deliverable (for which CSE review is required) on the date scheduled in its SMP, it may be required to forfeit the time frame for that review. Therefore, if the Company realizes that it will not be able to meet an SMP delivery date, it must notify CSE immediately, in order to negotiate a new delivery date (and potentially to negotiate a new SMP). CSE will reschedule the review date in accordance with its first available time period.

Upon the establishment of the SMP, CSE will forward the MOA to the Company for execution. The function of the MOA is to establish a formal relationship between the Company and CSE, under which the Company: obtains necessary TEMPEST information; agrees to protect CSE-provided information in accordance with GC regulations; and agrees to market, sell and provide TEMPEST test services at its own risk and expense.

Attached to the MOA will be Technical and Security Requirements Document (TSRD) 88-8A (see Annex J), the applicable agreement data requirements list (ADRL) and the SMP. Together, these documents specify the requirements and the time schedule for test services facility evaluation and endorsement.

For its part under the MOA, CSE agrees to protect Company proprietary information; and to evaluate and (if suitable) endorse the Company's test services facility. The MOA also formally establishes the responsibilities and obligations of the parties with respect to the Company's marketing and sales of TEMPEST test services subsequent to endorsement, as well as the terms and conditions for continued endorsement.

4.2.6 CSE Evaluation and Endorsement

Once the MOA is executed, the Company and CSE will perform the tasks necessary to satisfy the requirements of the MOA regarding test services facility evaluation and endorsement. Upon its determination that the Company's test services facility is in compliance with the TSRD and the ADRL, CSE will notify the Company in writing that the test services facility is endorsed. CSE endorsement is a statement of its finding that the facility satisfies the technical and security requirements set forth in the TSRD.

Upon test services facility endorsement, the Company's name, facility location, and point of contact will be placed on the Endorsed TEMPEST Test Services List (ETTSL) that is published quarterly as part of the Information Systems Security Products and Services Catalogue. This list is available to assist U.S. and Canadian federal government departments and agencies, U.S. and Canadian federal government contractors and TEMPEST product manufacturers in identifying endorsed TEMPEST test services facilities.

Initial and continued endorsement is contingent upon the Company's continued adherence to the technical, security and procedural terms and conditions of the MOA (including its attachments).

4.3 Endorsed TEMPEST Test Services Program Termination Processes

4.3.1 General

There are two termination process categories associated with the ETTSP. Their standards and procedures deal with CSE termination of the MOA prior to endorsement and CSE termination of an existing endorsement. The two termination processes are discussed below.

4.3.2 CSE Termination Prior to Endorsement

Participation in the ETTSP after the MOA is executed is permitted only if the Company continues to satisfy the eligibility requirements for the program and the Company pursues test services facility endorsement in accordance with the schedule in the SMP. CSE may initiate termination of the MOA if it finds that:

  1. The Company's facility security clearance and/or storage capability have been, or will be, revoked;
  2. The Company is suspended, or otherwise prohibited, from contracting with the GC;
  3. The Company refuses, or fails, (two incidents) to adhere to the schedule agreed to in the SMP; or
  4. The Company fails to satisfy the requirements for endorsement in the time allotted in the SMP.

CSE will notify the Company in writing (by registered mail, return receipt requested) of its intent to terminate the MOA and the grounds upon which the intended termination is founded. CSE will then afford the Company a reasonable opportunity (at least 14 days) to show cause as to why the MOA should not be terminated.

After reviewing the Company's response (if any) to the termination notification, CSE will determine whether or not the MOA should be terminated. CSE will notify the Company in writing (by registered mail, return receipt requested) of its decision. If CSE still intends to terminate the MOA, the letter will state the effective date of termination and request that the Company immediately return all information, materials, parts, components, assemblies and equipment provided under the MOA. It will also include instructions on how to appeal the CSE decision (should the Company elect to do so).

CSE will not terminate the MOA for 14 days following Company receipt of the termination review letter, in order to allow the Company an opportunity to appeal the decision.

The Company must submit its appeal in writing. The appeal notice must specify the Company's grounds for appeal, and must include all pertinent evidence. Termination of the MOA will be stayed until Company receipt of the CSE decision. The decision will be based solely on the written evidence submitted; there will be no opportunity for oral argument. CSE will be the final arbiter of the dispute, and its decision is final.

4.3.3 CSE Termination of Endorsement

Continued endorsement of the TEMPEST test services facility is permitted only if the Company continues to satisfy the eligibility requirements for the ETTSP and the Company complies with the terms and conditions of the MOA (including its attachments). CSE may initiate termination of the TEMPEST test services facility's endorsement if it finds that:

  1. The Company's facility security clearance and/or storage capability have been, or will be, revoked;
  2. The Company becomes unacceptably foreign owned, controlled or influenced;
  3. The Company is suspended, or otherwise prohibited, from contracting with the GC;
  4. The Company fails, or refuses, to satisfy the staffing requirements specified in the TSRD;
  5. The Company fails, or refuses, to satisfy the facility and/or equipment requirements specified in the TSRD;
  6. The Company fails, or refuses, to ensure that TEMPEST test services or product configuration services are performed only by certified TEMPEST professionals, as specified in the TSRD;
  7. The Company fails, or refuses, to adhere to the security requirements delineated in the MOA and its incorporated references; or
  8. The Company fails, or refuses, to allow CSE's designated representative access to inspect the Company's facilities and/or records, in compliance with the requirements specified in the TSRD.

CSE will notify the Company in writing (by registered mail, return receipt requested) of its intent to terminate its endorsement and the grounds upon which the intended termination is founded. CSE will then afford the Company a reasonable opportunity (at least 14 days) to show cause as to why the test services facility endorsement should not be terminated.

Service endorsement will be suspended effective immediately upon Company receipt of the letter. Once endorsement is suspended, the Company cannot continue to advertise its facility as CSE endorsed nor take any new orders from GC departments or agencies, or from TEMPEST product manufacturers requiring CSE-endorsed services. The facility with suspended endorsement will be listed in Section II (Blue pages - Facilities with Suspended Endorsement, Pending Facility Endorsement Termination and Appeal) of the ETTSL.

If the Company responds to the termination notification, CSE will review the response to determine whether or not the endorsement should be terminated. CSE will then notify the Company in writing (by registered mail, return receipt requested) of its decision. If CSE still intends to terminate the endorsement, the letter will state the effective date of termination and request that the Company immediately return all information, materials, parts, components, assemblies and equipment provided under the MOA. It will also provide any special instructions pertaining to the completion of existing purchase orders for TEMPEST test services and instructions on how to appeal the CSE decision (should the Company elect to do so).

Upon termination of a Company's test services facility endorsement, the Company will be listed in Section III (Red pages - Terminated Endorsement) of the ETTSL. Once a test services facility endorsement is terminated, the Company's facility cannot be re-endorsed for a period of three years, at which time it must reapply to CSE as if making a new ETTSP proposal.

Notice of the endorsement termination will not be posted on the Electronic Bulletin Board, nor listed in the ETTSL, for 14 days following Company receipt of the termination review letter, in order to allow the Company an opportunity to appeal the decision to CSE.

The Company must submit its appeal in writing. The appeal must specify the Company's grounds for appeal, and must include all pertinent evidence. Service endorsement termination will be stayed until Company receipt of CSE's decision. The decision will be based solely on the written evidence submitted; there will be no opportunity for oral argument. CSE will be the final arbiter of the dispute, and its decision is final.

5 Endorsed TEMPEST Test Instrumentation Program

5.1 Introduction

5.1.1 General

The Endorsed TEMPEST Test Instrumentation Program (ETTIP) has been established in order to combine industry's leadership and expertise in test instrumentation design, development and production with CSE's TEMPEST experience.

5.1.2 Objective

The objective of the program is to enable Canadian industry's development, production and sale of TEMPEST-unique test instrumentation, for use by selected Government of Canada (GC) institutions and eligible CSE-certified Canadian TEMPEST test services facilities.

5.1.3 Definition

A TEMPEST-unique test instrument is equipment, capable of operating in an automated fashion, that quantifies and/or analyzes the TEMPEST characteristics of equipment under test against CID/09/15A.

5.1.4 Eligibility Requirements

Initial and continued eligibility to participate in the ETTIP is conditional upon a Company meeting the following minimum requirements:

  1. The Company must not be under disqualifying foreign ownership, control or influence;
  2. The Company must have, or must obtain a SECRET facility security clearance, a COMSEC account and the storage capability necessary to handle classified TEMPEST information necessary for the design, development and production of a TEMPEST test instrument;
  3. The Company must propose to develop a TEMPEST test instrument that will be of direct and obvious benefit to the development or testing of TEMPEST products;
  4. The Company must have a demonstrable financial, technical and manufacturing capability to design and produce a product of reasonable quality; and
  5. The Company must not be suspended, nor otherwise prohibited, from contracting with the Canadian Government.

5.2 Endorsed TEMPEST Test Instrumentation Program Development Process

5.2.1 Introduction

The information that follows is intended to provide a potential test instrumentation manufacturer with an overview of the six sequential steps in the process of this program. They are: initial contact; program decision; Memorandum of Understanding (MOU); Memorandum of Agreement (MOA); program execution; and CSE evaluation and endorsement.

A description of each sequential step is provided below.

5.2.2 Initial Contact

5.2.2.1 General

Initial contact with CSE expressing interest in the ETTIP is responded to by the CITP Management Office. This response involves a covering letter, which requests a Company submission of a written test instrumentation product proposal. In addition, survey questionnaires (see Annexes A and B) are forwarded for completion. These questionnaires provide a Company profile, and certification that no debarring foreign ownership, control or influence exists.

5.2.2.2 Written TEMPEST Test Instrumentation Product Proposal

The written TEMPEST test instrumentation product proposal (together with the completed questionnaires) assists CSE in establishing that the Company has the capabilities and qualifications necessary for successful TEMPEST test instrumentation manufacturing. The proposal package is also designed to provide preliminary information, before a visit by a CSE survey team to evaluate the Company's manufacturing facility.

The Company is encouraged to submit as much detailed documentation as necessary to establish its identity, its capabilities, and its suitability for the Program. Some of the information required in the proposal package might duplicate information in the data deliverables required for endorsement (see Annexes K and L). Consequently, the Company may, as appropriate, reference the pertinent part(s) of its survey response in order to satisfy the data deliverable requirements.

A written product proposal is required for each TEMPEST test instrumentation product that the Company wants considered. Product proposals should include the following information:

  1. Describe the proposed product, including its application and function. If the proposed product involves modifying an existing product, include product brochures and specifications of the existing product;
  2. Identify the intended market for the proposed product (include a specific GC customer base, and/or firmly established requirements). This discussion shall provide the target price, explain how the product would be marketable at the stated price and explain how the specific market projections were derived. If the product to be developed is a retrofit to existing equipment, include the potential sales volume for existing equipment that is already fielded;
  3. Provide the Company's target development and production schedule;
  4. Describe the differences (including the advantages) of the proposed product relative to similar products that are currently available; and
  5. Describe any plans to employ subcontractors at any time during the product's life cycle. Identify these subcontractors, and their involvement in the proposed product.

    Note: Company profiles for subcontractors may be requested, depending upon the type(s) and degree(s) of subcontractor involvement with the proposed product.

5.2.2.3 Company Profile

A potential ETTIP participant must satisfy certain security and suitability criteria prior to establishing a relationship with CSE. The Company is required to submit a Company profile (including completed questionnaires, Annexes A and B) that provides as much documentation as necessary to establish its identity, its capabilities, and its suitability for the Program. The submission shall include (at a minimum) the following information:

  1. Provide the Company name and address;
  2. Provide a principal point of contact, a technical point of contact, and alternates. For each, include:
    1. name and title;
    2. business address;
    3. business telephone;
    4. citizenship;
    5. security clearance (if applicable);
    6. social insurance number; and
    7. date/place of birth;
  3. Describe the product(s) or service(s) offered (this could be supplemented with a Company capabilities brochure);
  4. Provide a copy of the Company's annual financial report; and
  5. Describe the expertise (and provide the security clearance levels) of the key personnel to be involved in the proposed product development, with emphasis on previous TEMPEST test instrumentation development experience.
5.2.2.4 Submission of Proposal

Three copies of the completed proposal package, including questionnaires, should be sent to:

Communications Security Establishment
Manager (CITP)
PO Box 9703
Terminal
Ottawa, Ontario
K1G 3Z4

Questions regarding the ETTIP proposal process can be answered by writing to the above address, or by calling the office of: Manager, Canadian Industrial TEMPEST Program (CITP).

5.2.3 Program Decision

Upon receipt of the Company's written ETTIP proposal package, CSE will send the Company written notification that the proposal package has been received, and is under consideration. CSE and PWGSC will jointly review the proposal in order to make an assessment of the Company's qualifications and suitability for manufacturing TEMPEST test instrumentation products. CSE will notify the Company in writing of the review results.

If the review results are positive, PWGSC will be requested to process the necessary security prerequisites (facility security clearance and personnel security clearances), if they are not already in place because of previous program or contractual requirements. At that time, PWGSC will assign a Field Industrial Security Officer to the Company to oversee implementation of the prerequisites. When they have been successfully implemented, PWGSC will open a COMSEC account that enables the Company's security officer to receive CSE-controlled, classified TEMPEST and other COMSEC information, commensurate with the program of operation.

5.2.4 Memorandum of Understanding

Following the granting of a facility security clearance to the SECRET level, personnel security clearances to the SECRET level for personnel involved in TEMPEST activities and the issuance of a COMSEC account, an MOU (see Annex D) will be negotiated between CSE and the Company, to allow for the transfer of classified documentation. The MOU will describe the terms and conditions under which CSE will provide classified TEMPEST and other COMSEC documents to the Company through PWGSC.

5.2.5 Memorandum of Agreement

After the negotiation of the MOU, but prior to formal acceptance of the Company's proposal through execution of an MOA (see Annex H), a Product Management Plan (PMP) must be established.

The PMP will delineate a mutually agreed upon schedule of supportable milestones and events, including the delivery of the data and reports required of each party in order to accomplish product development, evaluation and endorsement. This PMP is part of the CSE Agreement Data Requirements List (ADRL) (see Annex L). Failure to negotiate and conclude a PMP within 120 days of the Company's receipt of CSE's notice constitutes grounds for CSE to not accept the Company's proposal. (The Company may withdraw its proposal at any time, should it determine that it does not wish to pursue product development or endorsement.)

Upon the establishment of a PMP, CSE will forward the MOA to the Company for execution. The purpose and function of the MOA is to establish a formal relationship, between the Company and CSE, under which the Company: obtains necessary TEMPEST information; agrees to protect CSE-provided information in accordance with GC regulations; and agrees to design, develop, produce, market and sell a specified TEMPEST test instrumentation product at its own risk and expense. Attached to the MOA will be Technical and Security Requirements Document (TSRD) 88-X (see Annex K); the ADRL (see Annex L) and the PMP, which together specify the requirements and the time schedule for product development, evaluation and endorsement.

For its part under the MOA, CSE agrees to protect Company proprietary information and to evaluate and (if appropriate) endorse the Company's product. The MOA also formally establishes the responsibilities and obligations of CSE and the Company with respect to the Company's marketing and sales of TEMPEST test instrumentation products subsequent to endorsement and the terms and conditions necessary for continued endorsement.

5.2.6 Program Execution

After the MOA is executed, the Company and CSE will perform the tasks necessary to satisfy the requirements of the MOA for product development.

5.2.7 CSE Evaluation and Endorsement

Upon its determination that the product is in compliance with TSRD 88-X and the ADRL, CSE will notify the Company in writing that the product has been endorsed. Endorsement is a statement of CSE's findings that the product satisfies the technical and security requirements set forth in the TSRD.

5.3 Endorsed TEMPEST Test Instrumentation Program Termination Processes

5.3.1 General

There are two termination process categories associated with the ETTIP. Their standards and procedures deal with CSE termination of the MOA prior to endorsement and CSE termination of endorsement. The two termination processes are discussed below.

5.3.2 CSE Termination Prior to Endorsement

Participation in the ETTIP after MOA execution is permitted only if the Company continues to satisfy the eligibility requirements for the Program and the Company pursues product endorsement in accordance with the schedule in the PMP. CSE may initiate processes to terminate the MOA if it finds that:

  1. The Company's facility security clearance and/or storage capability have been, or will be, revoked;
  2. The Company becomes unacceptably foreign owned, controlled or influenced;
  3. The Company is suspended, or otherwise prohibited, from contracting with the GC;
  4. The Company refuses, or fails, (two incidents) to adhere to the schedule agreed to in the PMP; or
  5. The Company fails to satisfy the requirements for endorsement in the time allotted in the PMP.

CSE will notify the Company in writing (by registered mail, return receipt requested) of its intent to terminate the MOA and the grounds upon which the intended termination is founded. CSE will then afford the Company a reasonable opportunity (at least 14 days) to show cause as to why the MOA should not be terminated.

If the Company responds to the termination notification, CSE will review the response in order to determine whether or not the MOA should be terminated. CSE will then notify the Company in writing (by registered mail, return receipt requested) of its decision. If CSE still intends to terminate the MOA, the letter will state the effective date of termination and request that the Company immediately return all information, materials, parts, components, assemblies and equipment provided under the MOA. It will also include instructions on how to appeal CSE's decision (should the Company elect to do so).

CSE will not terminate the MOA for 14 days following Company receipt of the termination review letter, in order to allow the Company an opportunity to appeal the decision to CSE.

The Company must submit its appeal in writing. The appeal notice must specify the Company's grounds for appeal, and must include all pertinent evidence. Termination of the MOA will then be stayed until Company receipt of the CSE decision. The decision will be based solely on the written evidence submitted; there will be no opportunity for oral argument. CSE will be the final arbiter of the dispute, and its decision is final.

5.3.3 CSE Termination of Endorsement

Continued product endorsement is permitted only if the Company continues to satisfy the eligibility requirements for the Program and the Company complies with the terms and conditions of the MOA and its attachments. CSE may initiate processes to terminate product endorsement if it finds that:

  1. The Company's facility security clearance and/or storage capability have been, or will be, revoked;
  2. The Company becomes unacceptably foreign owned, controlled or influenced;
  3. The Company is suspended, or otherwise prohibited, from contracting with the GC;
  4. The Company has discontinued, or fails to provide, maintenance and/or life-cycle support for the product as delineated in the TSRD;
  5. The Company fails, or refuses, to correct TEMPEST deficiencies discovered in the product subsequent to endorsement;
  6. The Company fails, or refuses, to adhere to the requirements for product integrity as delineated in the TSRD;
  7. The Company fails, or refuses, to adhere to the security requirements delineated in the MOA and its incorporated references;
  8. The Company fails, or refuses, to make sample unit(s) of the product available to CSE's designated representative, as required in the TSRD, for testing and inspection against the standards set forth in the TSRD;
  9. The Company fails, or refuses, to allow CSE's designated representative access to the

    Company's facility and/or records, for inspection against the standards set forth in the TSRD; or

  10. The Company incorporates engineering changes, waivers and/or deviations that affect the TEMPEST integrity of the product, without CSE approval.

CSE will notify the Company in writing (by registered mail, return receipt requested) of its intent to terminate its product endorsement and the grounds upon which the intended termination is founded. It will then afford the Company a reasonable opportunity (at least 14 days) to show cause as to why the product endorsement should not be terminated.

If the Company responds to the termination notification, CSE will review the response in order to determine whether or not the product endorsement should be terminated. CSE will notify the Company in writing (by registered mail, return receipt requested) of its decision. If CSE still intends to terminate the product endorsement, the letter will state the effective date of termination; and request that the Company immediately return all information, materials, parts, components, assemblies and equipment provided under the MOA. It will also provide special instructions pertaining to the completion of existing purchase orders for the product and instructions on how to appeal CSE's decision (should the Company elect to do so).

Upon termination of a Company's product endorsement, the product will be listed in Section V (Red pages - Terminated Endorsement) of the Endorsed TEMPEST Test Instrumentation List (ETTIL). Once the product endorsement is terminated, the product cannot be re-endorsed with the same model number, and the Company must reapply to CSE as if the product were part of a new product proposal.

Notice of a product endorsement termination will not be posted on the Electronic Bulletin Board, or on the ETTIL, for 14 days following Company receipt of the termination review letter, in order to allow the Company an opportunity to appeal the decision to CSE.

The Company must submit its appeal in writing. The appeal must specify the Company's grounds for appeal, and must include all pertinent evidence. Product endorsement termination will be stayed until Company receipt of CSE's decision. The decision will be based solely on the written evidence submitted; there will be no opportunity for oral argument. CSE will be the final arbiter of the dispute, and its decision is final.