6.2.1 (U) Purpose. The purpose of LCMS is to reduce the operational and security human intelligence threat vulnerabilities by automated key management using electronically generated and distributed COMSEC key material. It is recommended that the LCMS Workstation be stored in an operational configuration where it does not have to be dismantled at the end of each workday. When this is not possible, the
key generator and other classified components of the workstation must be secured in a GSA-approved security container.
6.2.2 (U) LCMS Workstation. The term
“LCMS Workstation” specifically applies to the Local Management Device and Key Processor (LMD/KP). At a future date, the AKMS will include another component called the Automated Communications Engineering Software (ACES) workstation that can provide Signal Operation Instructions (SOI) and net planning information. This future capability will not be further addressed in this TB. The Army’s distribution plan for LCMS Workstations placed a workstation in all existing Army COMSEC accounts, except for a few small Army COMSEC Accounts.
6.2.3 (U) LCMS Functional Elements.
When the two functional elements of the LCMS Workstation are operating in tandem and interconnected, they are referred to as the LMD/KP. The LCMS Workstation consists of two functional elements.
a. (U) First Functional Element. The first functional element (LMD) is a commercial Pentium, (Y2K compliant) Personal Computer (PC), with a hard drive loaded with SCO UNIX and Local COMSEC Management Software (LCMS). Depending on the mission, units have been issued either a “ruggedized” laptop PC or a desktop model. When the PC is loaded with all the required software, it is referred to as a Local Management Device (LMD). If open classified storage of the LCMS Workstation is not
possible, the LMD hard drive must be stored in a GSA-approved security container as specified in AR 380-5. The desktop model LMD’s
removable hard drive must be stored as
SECRET collateral material. The laptop model’s hard drive is not removable, which requires the secure storage of the computer itself, when required. The laptop LMD will also be stored as SECRET collateral material.
TB 380-41
b. (U) Second Functional Element. The second functional area of the system is the Key Processor (KP). The KP must be stored in an approved COMSEC Facility except for those workstations that are deployed in a tactical environment for a period not to exceed 90 days.
6.2.4 (U) LCMS Power Requirements. The facility or work area housing the LCMS
Workstation must have a continuous source of stable power. The use of a surge protector is recommended. An Uninterruptible Power Supply (UPS) is included with each initial fielding of the desktop LCMS Workstation to allow for an orderly and safe shutdown of the LCMS
Workstation in the event of an unscheduled power loss. Due to the Laptop LMD’s internal computer battery, an UPS is not provided for the Laptop configuration of the LCMS Workstation.
It is recommended that the unit locally obtain an UPS for the protection and orderly shut down of the KP when in a laptop configuration.
6.3 ACCOUNTABILITY OF THE LCMS WORKSTATION.
(U) The LMD is an unclassified PC and must be accounted for on the unit property book and controlled by the Property Book Officer (PBO), IAW AR 710-2. The LCMS is classified SECRET (non-COMSEC accountable) and, when loaded onto the LMD, causes the hard drive of the LMD to be classified SECRET (not CMCS accountable). The removable hard drives and laptop LMDs with internal hard drives are to be controlled as SECRET collateral material as specified in AR 380-5. The KP is a SECRET COMSEC device and is centrally accountable in the CMCS as ALC-1 (Serial Number accountable to the COR). The KP is not, repeat, not, a Controlled Cryptographic Item (CCI).
6.4 INVENTORY REQUIREMENTS.
(U) Upon initial start up of an LCMS
Workstation, COMSEC Custodians will print SF 153 hard copies of the following transactions as they occur. These documents will be retained as required by AR 380-40, Appendix C.
b. (U) Incoming/Outgoing Transfer Reports.
c. (U) Reportable Destructions d. (U) Local Destructions e. (U) Active Hand Receipts f. (U) Generation Reports g. (U) Possession Reports
h. (U) Relief from Accountability Reports i. (U) ALC 4/7 Inventory Reports (included in full local inventory). These reports are required so the auditors can verify that local inventories of ALC 4/7 material are being conducted. ALC 4/7 material, listed on a Relief from Accountability Report SF-153 is exempt from this requirement.
6.4.1 (U) COMSEC Account Semiannual Inventory Report (SAIR). For AKMS accounts, the COR electronically initiates a request for an SAIR to the LCMS Workstation. The COMSEC Custodian generates and forwards this inventory back to the COR within the required 30 days (45 days for National Guard and Army Reserve accounts only). Any AKMS-required modifications to the COMSEC Account Registration Packet (CARP) must also be forwarded to the Army service authority
representative (CSLA). After the Central Office of Record (COR) reconciles the SAIR, a Certificate of Verification will be provided to the COMSEC Custodian via a Tier 1 free-form text message advising the commander that the assets charged to their COMSEC account have been satisfactorily accounted for.
6.4.2 (U) COMSEC Account Change of Custodian Inventory Report (CCIR). The CCIR for AKMS accounts will be created and sent by the custodian to the COR for
reconciliation. The Service Authority must receive the CARP within 14 days after the CCIR has been sent. A new hard copy CARP, with an original wet signature, will be provided to the Service Authority for update of the database. A copy of the inventory with an original signature will also be maintained by the account. After the
TB 380-41
custodian via a free-form text message. The outgoing custodian will not be released from or depart the organization until this verification message is received. The account will print a copy of the message and file it with the original, signed inventory. The new custodian will not be capable of logging onto the LCMS Workstation and signing for any COMSEC material received by the account prior to his or her official
appointment and issuance of the registration certification specified in the new CARP. After the appointment date and signature of the CCIR Certification & Correction (C&C) page, the new custodian will assume responsibility for all material and account records in their existing condition. If the commander allows the COMSEC Custodian to depart the unit prior to clearance from COR, the commander assumes personal responsibility for the COMSEC account and any accounting irregularities that may exist. A CCIR also serves as an SAIR. The next SAIR will be scheduled six (6) months from the CCIR signature dat e.
6.4.3 (U) Special Inventory Report (SIR).
There are no Special Inventory Reports (SIRs) generated by the LCMS. Under circumstances other than a routine CCIR or SAIR, the need may arise for a custodian to perform an SIR. An example of an SIR would be an unexplained temporary absence or permanent and
unauthorized absence of a COMSEC Custodian (see Table 6-2 for deletion of a user account from the LCMS). When an SIR becomes necessary, custodians will generate a CCIR, annotate that this is an SIR in the comment section (see paragraph 2.8, paragraph C, sub-paragraph 1), print the SF 153, pen and ink change the type of inventory from CCIR to SIR, and provide this report to the servicing COR.
6.4.4 (U) Change of Account Location Inventory Report. When an LCMS Workstation is to be physically relocated to another location, the custodian will perform the following:
a. (U) Generate a Change Account Location Inventory in the LCMS.
b. (U) Perform a 100% physical inventory of the COMSEC material being accounted for on the LCMS Workstation and any physical material on-hand prior to the movement, and verify this inventory upon arrival at the new location.
c. (U) If a COMSEC account is relocated to an area where an existing account does not exist, the following actions must be adhered to prior to movement of the AKMS account.
(1) (U) A new CFAR and CARP must be submitted to the COR. The COMSEC account number or EKMS ID will remain unchanged. Failure to obtain a new CFA prior to relocation will result in a reportable incident for all COMSEC material charged to the account.
(2) (U) Upon approval of the CFA, all COMSEC accountable material must be shipped via DCS or a properly cleared courier to the new, approved COMSEC Facility.
(3) (U) The CIK associated with the key processor must be transported in separate containers from the KP when being transported via DCS or via courier.
(4) (U) The LMD removable hard drive must be handled as SECRET collateral. All non-CMCS accountable material associated with the LMD must be shipped to the new location IAW AR 380-5.
6.4.5 (U) AKMS Daily and Shift Change Inventory Requirements. All Army COMSEC Accounts will conduct daily or shift change inventories as specified in paragraph 4.12, sub-paragraphs c and d. The LCMS does not provide a daily/shift change inventory sheet.
Custodians will use a DA Form 2653-E or develop their own by use of word processor or
spreadsheet.
6.4.6 (U) ALC 4 Inventory Requirements.
AKMS cannot produce or print an inventory report for ALC 4 materiel only, as required in paragraph 4.13.5. To ensure that ALC 4 annual inventories are conducted and reported,
custodians will print a copy of the Semiannual Inventory Report (SAIR) (created for the Local Account—not for the COR). The custodian will then inventory the ALC 4 material to ensure that all items are on-hand, line through the
semiannual report, and make a pen and ink change stating “Annual ALC 4 Inventory.”