vouchers with wet signatures and post with their reportable destruction report.
6.5.9 (U) Inadvertent Destruction of COMSEC Material. Due to the strict security procedures enforced within the LCMS
Workstation, when destruction of material is erroneously entered into AKMS, LCMS cannot
“reverse” this action. Should this situation occur, the custodian must perform the following steps immediately:
a. (U) Contact the COR account manager via e-mail, message, or fax with an explanation of the error (include the short title, edition, quantity, and serial number). Prepare a Memorandum For Record (MFR) explaining the circumstances of the error.
b. (U) Within LCMS, the custodian will generate a “reportable destruction report,”
annotate what transpired in the comment section, print and retain the document as an accountable record, and send the destruction report via the message server to the COR.
c. (U) Contact the EKMS Help Desk, explain the situation, and ask to be walked through Inventory Reconciliation Status Transaction (IRST) or inventory cycle procedures.
d. (U) The custodian will then be required to add those items back into the LCMS
database. The custodian should click on accounting > possession > originate possession
what transpired, enter the item, and then click
“add.” Prepare the report and record annotations. These steps will cause a
“Possession Report” to be generated. The custodian must wrap and send the transaction to the COR. A copy of the Possession Report will be printed, attached to the copy of the reportable destruction report and the MFR, and retained on file. When the item is later destroyed, normal destruction procedures will be followed.
6.5.10 (U) Account Transactions to COR.
When requested, the custodian will retransmit transactions to the COR. In the event that the COMSEC account transactions have been archived, the COR will be provided a hard copy of the transaction and will be notified that requested soft copy of these transactions have been archived.
6.6 GENERAL
INFORMATION ON AKMS ELECTRONIC KEY
DISTRIBUTION AND DESTRUCTION.
(U) The following paragraph provides some general guidance/information on AKMS electronic key distribution and destruction.
6.6.1 (U) Electronic Key Distribution.
a. (U) AKMS COMSEC accounts will issue electronic keying material to Hand Receipt Holders (HRHs) via a Data Transfer Device (DTD) or to a Common Fill Device (CFD). The COMSEC Custodian will retain a signed copy of the issuing SF 153 until a destruction certificate is received from the user or until unused portions of the electronic key is returned from the HRH. An automated audit trail exists when material is distributed to a DTD. The HRH can verify if key was received by viewing the key storage register in the DTD. The COMSEC Custodian will attach a descriptive ID to all electronic keying material being distributed to the DTD. This ID will provide a quick, verifiable means to identify the material.
TB 380-41
b. (U) It may become necessary to distribute the electronic keying material below the hand receipt level, or sub-hand receipt. This will be accomplished by issuing the key from DTD to DTD, DTD to CFD, or CFD to CFD.
HRHs will prepare a local Electronic Key Management (EKM) worksheet to record or control distribution (custodians may create their own EKM worksheets as long as the required fields are inserted): see Appendix D for a sample (reproducible) worksheet. The HRH will retain the local record until destruction and/or turn-in has been completed and the COMSEC Custodian closes out the hand receipt.
6.6.2 (U) Electronic Key Destruction. To ensure 100% accountability and control of electronic keying material from its generation until destruction, COMSEC Custodians and users must document a positive and uninterrupted audit trail. The HRH and a witness shall verify the destruction by signing and returning a Local Destruction Report to the issuing COMSEC Custodian. Signed Local Destruction Reports will be retained by the custodian as supporting documentation for the consolidated (reportable) destruction report IAW TB 380-41, and filed IAW AR 380-40, Appendix C. When HRHs distribute electronic key below the hand receipt level, they must ensure this material is destroyed upon supersession and that a valid, written audit trail of the destruction is completed and retained on-site. A locally developed EKM worksheet will be used to track this destruction. The HRH will retain a copy of the Sub-Hand Receipt Holder’s EKM worksheet for 60 days after the key is destroyed or turned in to the custodian.
6.7 ACCESSIBILITY TO THE LMD/KP.
(U) All personnel having read/write access to the LMD/KP will be registered as a User. The Systems Administrator (SA) for the LCMS Workstation will assign appropriate privileges for each individual. When there is a permanent, unauthorized absence of a COMSEC Custodian or alternate having access to the LMD/KP, or if an individual is no longer authorized access, the individual will immediately be deleted from the LCMS Workstation (see Table 6-2).
and Personal Identification Number (PIN) for the LCMS Workstation may be stored together unless the account is a TOP SECRET (TS) account. If the account is a TS account, follow the procedures set forth in AR 380-5, chapters 6
& 7.
6.7.2 (U) LMD/KP “Disaster Recovery Kit.”
The following is a list of critical materials (as a minimum) that must be maintained by each COMSEC account in case the LMD/KP has failed and must be reinitialized. The following listing is referred to as a "Disaster Recovery Kit."
a. (U) KP REINIT CIK #1 (2 each), KP REINIT CIK #2 (2 each). One set of the KP REINIT CIKs should be hand-receipted to the unit security office. The other set will remain with the Disaster Recovery Kit.
b. (U) Backup KP User CIKs, one each for the primary and alternate custodian, will be created and maintained in the Disaster Recovery Kit.
c. (U) A minimum of two EKMS ID STU -III keys must be retained on hand.
d. (U) The u/ Filesystem Backup Tape (as a minimum, the current day or a tape for the previous day).
e. (U) LMD User’s Floppy Disk (1 each, created and updated by custodian).
f. (U) SCO UNIX Emergency Floppy Disk - boot (1 each)
g. (U) SCO UNIX Emergency Floppy Disk - root (1 each)
h. (U) SCO UNIX OPENSERVER 5.0.5 Desktop Installation Software CD (1 each).
i. (U) SCO UNIX OPENSERVER 5 Supplement CD (1 each).
j. (U) Floppy disk, SCO OPENSERVER 5 OSS497B or OSS497C Patch (1 each).
k. (U) KP MPUP Field Download 0403.
l. (U) Master Copy of Utility Floppy Disk
TB 380-41
n. (U) (Laptop ONLY): LynnSoft PC Card Software, lsio4ports, Part # LSPC5D, Version 2.0 Release 1.6 (1 each).
o. (U) Floppy Disk (Laptop only): LynnSoft PC Card Software, LSIO4PORTS, part # LSPC5D, Version 2.0, Release 1.6 (1 each).
p. (U) LCMS Workstation System Backup and Restore Procedures for Phase 4 (1 each) (available in the SA Manual).
q. (U) (Desktop ONLY): Key to the mounting lock on the removable hard drive chassis (1 each).
r. (U (Desktop ONLY): Key to the rear CPU cabinet lock (1 each).
s. (U) SCO OPENSERVER 5 Certificate of License and Authenticity (COLA) should be maintained by the COMSEC account. If the Information Assurance Security Officer (IASO) requires that the original COLA be stored in the IASO office, arrangements to obtain this COLA within 24 hours must be made with the IASO.
(U) The LCMS Workstation Disaster Recovery Kit is mission essential and must be maintained as a complete unit to ensure immediate recovery of the system. It cannot be emphasized enough that material comprising the Disaster Recovery Kit must be maintained.
Failure to maintain the complete recovery kit will be considered a COMSEC Incident and will be reported to the Army COMSEC Incident monitoring activity.
6.7.3 (U) Archiving and Key Processor (KP) Changeover. Archiving and KP changeovers of the LCMS Workstation must be performed quarterly. More frequent archiving is acceptable and encouraged for accounts that process numerous transactions. To ensure that
information does not become lost and the LCMS system does not become overloaded with information, a database backup of the system must be performed. The custodian must perform the changeover in the following order:
a. (U) A backup of the /u filesystem must be performed using the UFD Backup and Restore menu option #2.
b. (U) Once the /u filesystem back up has been completed, archiving of the LCMS database will be performed. Archiving will remove all completed transactions that have occurred on the system to date. It is
recommended that archiving be performed on a floppy disk due to the smaller size of the disk and the cost effectiveness; however, any removable storage device may be used. Each time the system is archived, a different diskette/
storage device must be used. This will prevent the information from being overwritten and lost.
c. (U) Next, the custodian will perform the KP changeover. The KP changeover involves decrypting and re-encrypting all key and voucher data in the LCMS database. Archiving must be performed prior to KP changeovers. This procedure will minimize the amount of time required to decrypt and re-encrypt data stored in the LCMS database. A new set of REINIT #2 keys will be created at the end of this process;
therefore, there must be 2 blank KSD-64s on hand for this purpose. DO NOT ZEROIZE THE OLD REINIT KEY! The two most current sets of REINIT keys must be kept on hand. Any REINIT keys older than the two most current sets can be zeroized.
d. (U) Once it is determined that the KP changeover has been effectively accomplished, a /u filesystem backup must be performed again at this point. This will complete the functions that are required to ensure that the post-KP changeover LCMS database is successfully backed up. This /u filesystem backup may be done on the same tape as the first one mentioned in subparagraph a. All backup and archiving media must be marked SECRET and safeguarded according to AR 380-5. For additional backup requirements, refer to NAG-71. Explanations of archiving and changeover are contained in the EKMS 704 series user’s manual. COMSEC Custodians may also refer to guidance received from CSLA, such as the Utility Floppy Disk, and specific Army Backup and Restore Procedures documentation contained in the Army Phase 4 LCMS
Workstation System Administration Manual (TB 11-7010-348-10-1).
6.7.4 (U) Accountability for KSD-64 Transit CIKS. Transit CIKs that are fielded with a new depot-initialized KP are ALC- 4 and will be accounted for in the CMCS until the KP is
TB 380-41
becomes the user’s CIK and will be handled as SECRET “collateral” material. The CIK will no longer be accountable in the CMCS. Whenever a newly initialized KP is provided to an account, it is the responsibility of the account to provide blank KSDs.
6.7.5 (U) AKMS KP Settings. When an account is fielded via an LCMS Workstation, the KP settings are established. The KP selection in
the local account registration must remain “on”
at all times. De-selecting the KP option in an attempt to increase the processing times of the LCMS is a reportable COMSEC Incident.
6.7.6 (U) AKMS User Deletion. See Table 6.2.