Donate for the Cryptome collection of files from June 1996 to the present


NSA TEMPEST Documents

19 October 2014:

CNSSAM TEMPEST-1/13 RED/BLACK Installation Guidance (January 17, 2014)

https://cryptome.org/2014/10/cnssam-tempest-1-13.pdf

2 May 2014:

NSA TEMPEST 01-02 NONSTOP Evaluation Standard (Oct 2002):

https://cryptome.org/2014/05/nsa-tempest-01-02-oct-02.pdf (3.2MB)

7 December 2012:

NSA Tempest Control Plan: https://cryptome.org/dodi/nsa-tempest-control.pdf

10 May 2012:

NSA TEMPEST History: https://cryptome.org/2012/05/nsa-tempest-history.pdf

22 June 2011:

Joel McNamara's comprehensive Complete, Unofficial TEMPEST Information Page has closed. A mirror: http://www.kubieziel.de/blog/uploads/complete_unofficial_tempest_page.pdf

6 April 2003: Add

NCSC 3 - TEMPEST Glossary, 30 March 1981

5 March 2002: Two security papers announced today on optical Tempest risks:

Information Leakage from Optical Emanations, J. Loughry and D.A. Umphress

Optical Time-Domain Eavesdropping Risks of CRT Displays, Markus Kuhn

For emissions security, HIJACK, NONSTOP and TEAPOT, see also Ross Anderson's Security Engineering, Chapter 15.

HIJACK, NONSTOP, and TEAPOT Vulnerabilities

A STU-III is a highly sophisticated digital device; however, they suffer from a particular nasty vulnerability to strong RF signals that if not properly addressed can cause the accidental disclosure of classified information, and recovery of the keys by an eavesdropper. While the unit itself is well shielded, the power line feeding the unit may not have a clean ground (thus negating the shielding).

If the encryption equipment is located within six to ten wavelengths of a radio transmitter (such as a cellular telephone, beeper, or two way radio) the RF signal can mix with the signals inside the STU and carry information to an eavesdropper. This six to ten wavelengths is referred to as the "near field" or the wave front where the magnetic field of the signal is stronger then the electrical field.

The best way to deal with this is to never have a cellular telephone or pager on your person when using a STU, or within a radius of at least thirty feet (in any direction) from an operational STU (even with a good ground). If the STU is being used in a SCIF or secure facility a cell phone is supposed to be an excluded item, but it is simply amazing how many government people (who know better) forget to turn off their phone before entering controlled areas and thus cause classified materials to be compromised.

Spook Hint: If you have a powered up NEXTEL on your belt and you walk within 12 feet of a STU-III in secure mode you have just compromised the classified key.

-- Secure Telephone Units, Crypto Key Generators, Encryption Equipment, and Scramblers (offsite) 
Files at Cryptome.org:

tempest-time.htm   TEMPEST Timeline
tempest-old.htm    TEMPEST History

NSA Documents Obtained by FOIA

nacsem-5112.htm    NACSEM 5112 NONSTOP Evaluation Techniques
nstissi-7000.htm   NSTISSI No. 7000 TEMPEST Countermeasures for Facilities           

nacsim-5000.htm    NACSIM 5000 Tempest Fundamentals
nacsim-5000.zip    NACSIM 5000 Tempest Fundamentals (Zipped 570K)
nsa-94-106.htm     NSA No. 94-106 Specification for Shielded Enclosures
tempest-2-95.pdf   NSTISSAM TEMPEST/2-95 Red/Black Installation Guidance (PDF original)
tempest-2-95.htm   NSTISSAM TEMPEST/2-95 Red/Black Installation Guidance (HTM)

nt1-92-1-5.htm     NSTISSAM TEMPEST 1/92 - TOC and Sections 1-5
nt1-92-6-12.htm    NSTISSAM TEMPEST 1/92 - Sections 6-12
nstissam1-92a.htm  NSTISSAM TEMPEST 1/92 - Appendix A (TEMPEST Overview)
nt1-92-B-M.htm     NSTISSAM TEMPEST 1/92 - Appendixes B-M
nt1-92-dist.htm    NSTISSAM TEMPEST 1/92 - Distribution List

nsa-reg90-6.htm    NSA/CSS Reg. 90-6, Technical Security Program
nsa-foia-app2.htm  NSA Letter Releasing TEMPEST Documents
nsa-foia-app.htm   NSA FOIA Appeal for TEMPEST Information
nsa-foia-req.htm   NSA FOIA Request for TEMPEST Documents

Other TEMPEST Documents

nsa-etpp.htm       NSA Endorsed TEMPEST Products Program
nsa-ettsp.htm      NSA Endorsed TEMPEST Test Services Procedures
nsa-zep.htm        NSA Zoned Equipment Program
nstissam1-00.htm   Maintenance and Disposition of TEMPEST Equipment (2000)
nstissi-7000.htm   TEMPEST Countermeasures for Facilities (1993)

tempest-fr.htm     French TEMPEST Documentation (2000)
af-hb202d.htm      US Air Force EI Tempest Installation Handbook (1999)
afssi-7010.htm     US Air Force Emission Security Assessments (1998)
afssm-7011.htm     US Air Force Emission Security Countermeasure Reviews (1998)
qd-tempest.htm     Quick and Dirty TEMPEST Experiment (1998)

mil-hdbk-1195.htm  Radio Frequency Shielded Enclsoures (1988)
emp.htm            US Army Electromagnetic Pulse (EMP) and TEMPEST
                   Protection for Facilities (1990)
zzz1002.htm        National TEMPEST School Courses (1998)
navch16.htm        Chapter 16 of US Navy's Automated Information Systems
                   Security Guidelines

tempest-cpu.htm    Controlled CPU TEMPEST emanations (1999)
tempest-door.htm   TEMPEST Door (1998)
bema-se.htm        Portable Radio Frequency Shielded Enclosures (1998)
datasec.htm        Data Security by Architectural Design, George R. Wilson (1995)
rs232.pdf          The Threat of Information Theft by Reception
                   of Electromagnetic Radiation from RS-232 Cables,
                   Peter Smulders (1990)

tempest-law.htm    Laws On TEMPEST, Christopher Seline (1989)
tempest-leak.htm   The Tempest Over Leaking Computers, Harold Highland (1988)
bits.pdf           Electromagnetic Eavesdropping Machines for 
bits.htm           Christmas?, Wim Van Eck (1988)
nsa-vaneck.htm     NSA, Van Eck, Banks TEMPEST (1985)
emr.pdf            Electromagnetic Radiation from Video Display Units: 
                   An Eavesdropping Risk?, Wim Van Eck (1985)