Hubbry Logo
Electronic Key Management SystemElectronic Key Management SystemMain
Open search
Electronic Key Management System
Community hub
Electronic Key Management System
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Electronic Key Management System
Electronic Key Management System
Electronic Key Management System
View on Wikipedia
from Wikipedia

The Electronic Key Management System (EKMS) is a United States National Security Agency led program responsible for Communications Security (COMSEC) key management, accounting, and distribution. Specifically, EKMS generates and distributes electronic key material for all NSA encryption systems whose keys are loaded using standard fill devices, and directs the distribution of NSA produced key material. Additionally, EKMS performs account registration, privilege management, ordering, distribution, and accounting to direct the management and distribution of physical COMSEC material for the services. The common EKMS components and standards facilitate interoperability and commonality among the armed services and civilian agencies.[1][2][3]

Key Management Infrastructure (KMI) replaces EKMS.[4]

Reasons for development

[edit]

The primary reason for the development of EKMS centers on the security and logistics problems that plagued the COMSEC Material Control System (CMCS),[5] which replaced the Registered Publications System (RPS) in the 1970s. The CMCS was a very labor-intensive operation that had been stretched to capacity. The most serious, immediate concern was the human threat associated with access to and exploitation of paper key throughout its life cycle. The disclosure of the Walker spy ring was clear justification of this concern. Although eliminating the majority of paper keys will greatly reduce this human threat, the long-term goal of EKMS to minimize human access to keys will not be realized until benign fill key is fully implemented. Benign fill permits the encrypted distribution of electronic keying material directly to the COMSEC device without human access to the key itself.

The need for joint interoperability led to the Defense Reorganization Act of 1986, under which the Joint Chiefs of Staff (JCS) tasked NSA, the Defense Information Systems Agency (DISA), and the Joint Tactical Command, Control and Communications Agency (JTC3A) to develop a Key Management Goal Architecture (KMGA). Subsequent difficulties in coordinating COMSEC distribution and support during joint military operations, e.g., Desert Storm, Urgent Fury, and Operation Just Cause, have further emphasized the need for a system capable of interoperability between the Services.

Central facility (Tier 0)

[edit]

EKMS starts with the Central Facility (CF), run by NSA, which provides a broad range of capabilities to the Services and other government agencies. The CF, also referred to as Tier 0, is the foundation of EKMS. Traditional paper-based keys, and keys for Secure Telephone Unit – Third Generation (STU-III), STE, FNBDT, Iridium, Secure Data Network System (SDNS), and other electronic key are managed from an underground building in Finksburg, Maryland which is capable of the following:

  • processing orders for both physical and electronic keys
  • electronically generating and distributing keys
  • generating key material for FIREFLY (an NSA algorithm)
  • performing seed conversion and rekey
  • maintaining compromise recovery and management of FIREFLY material
  • support for over-the-air rekeying (OTAR)

The CF talks to other EKMS elements through a variety of media, communication devices, and networks, either through direct distance dialing using STU-III (data mode) or dedicated link access using KG-84 devices. During the transition to full electronic key, the 3.5-inch floppy disk and 9-track magnetic tape are also supported. A common user interface, the TCP/IP-based message service, is the primary method of communication with the CF. The message service permits EKMS elements to store EKMS messages that include electronic key for later retrieval by another EKMS element.

Tier 1

[edit]

Under CMCS, each service maintained a central office of record (COR) that performed basic key and COMSEC management functions, such as key ordering, distribution, inventory control, etc. Under EKMS, each service operates its own key management system using EKMS Tier 1 software that supports physical and electronic key distribution, traditional electronic key generation, management of material distribution, ordering, and other related accounting and COR functions. Common Tier 1 is based on the U.S. Navy's key distribution system (NKDS) software developed by the Naval Research Laboratory and further developed by SAIC in San Diego.

Tier 2

[edit]
KP and LMD

EKMS Tier 2, the Local Management Device (LMD), is composed of a commercial off-the-shelf (COTS) personal computer (PC) running the Santa Cruz Operation's SCO UNIX operating system, and an NSA KOK-22A Key Processor (KP). The KP is a trusted component of EKMS. It performs cryptographic functions, including encryption and decryption functions for the account, as well as key generation, and electronic signature operations. The KP is capable of secure field generation of traditional keys. Locally generated keys can be employed in crypto-net communications, transmission security (TRANSEC) applications, point-to-point circuits, and virtually anywhere that paper-based keys were used. Electronic keys can be downloaded directly to a fill device, such as the KYK-13, KYX-15, or the more modern AN/CYZ-10 Data Transfer Device (DTD) for further transfer (or fill) into the end cryptographic unit.

Tier 3

[edit]

The lowest tier or layer of the EKMS architecture which includes the AN/CYZ-10 (Data Transfer Device (DTD)), the SKL (Simple Key Loader) AN/PYQ-10, and all other means used to fill keys to End Cryptographic Units (ECUs); hard copy material holdings only; and STU-III/STE material only using Key Management Entities (KMEs) (i.e., Local Elements (LEs)). Unlike LMD/KP Tier 2 accounts, Tier 3 using entities never receive electronic key directly from a COR or Tier 0.

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Electronic Key Management System

View on Grokipedia
from Grokipedia
The Electronic Key Management System (EKMS) is an automated, interoperable program led by the National Security Agency (NSA) responsible for the generation, distribution, accounting, storage, usage, and destruction of cryptographic keys and related (COMSEC) materials to protect classified . Designed to support secure electronic rekeying for modern cryptographic equipment worldwide, EKMS ensures timely, efficient, and secure for U.S. Department of Defense (DoD) components, including the , , Marine Corps, , and allied forces. EKMS operates through a tiered to facilitate centralized control and decentralized access. The Tier 0 Central Facility, managed by the NSA, serves as the core hub for , validation, and initial distribution of electronic keys and certificates to a global customer base. Tier 1 consists of intermediate distribution centers that receive and further disseminate keys, while Tier 2 local management devices (such as the Local Management Device/Key Processor, or LMD/KP) enable site-level accounting, loading, and over-the-air rekeying for end cryptographic units (ECUs). Tier 3 involves end-user devices like the Simple Key Loader (SKL), which securely transfer keys to operational equipment such as secure telephones and encryption devices. This structure automates COMSEC processes, including inventory management, incident reporting, and compliance with two-person integrity rules for top-secret materials, minimizing manual errors and enhancing operational security. Key management under EKMS encompasses both symmetric and asymmetric keys, supporting devices like the (STE) and KSV-21 cards, while adhering to standards for storage in GSA-approved containers, semi-annual inventories, and witnessed destruction methods such as shredding or burning. Personnel handling EKMS must undergo mandatory training, including NSA Controlling Authority certification, and operate under strict access controls requiring Secret clearance or higher. Although EKMS has been the cornerstone of U.S. key management since its development to replace manual processes, as of 2025 it is gradually being superseded by the NSA's Key Management Infrastructure (KMI) for advanced automation in key ordering, production, and distribution.

Overview

Definition and Purpose

The Electronic Key Management System (EKMS) is an interoperable collection of systems, facilities, and components developed by U.S. Government services and agencies to automate the planning, ordering, generating, distributing, storing, filling, using, and destroying of electronic cryptographic keys and other Communications Security (COMSEC) material. As a Department of Defense (DoD) system, EKMS specifically manages COMSEC keying material across military services, including the Army, Navy, Air Force, Marine Corps, and Coast Guard, ensuring standardized handling of classified cryptographic resources. It operates through a tiered architecture to facilitate secure key lifecycle management from central generation to local deployment. The primary purpose of EKMS is to replace manual, paper-based COMSEC key management processes with automated electronic methods, thereby enhancing , efficiency, and while minimizing costs and supporting global military operations. By centralizing and distribution at facilities like the NSA's Central Facility, EKMS reduces in handling sensitive materials and enables timely provisioning of keys for secure communications. This automation integrates COMSEC protocols to protect transmitted over tactical and strategic networks, ensuring compliance with policies. EKMS plays a critical role in COMSEC by automating the full lifecycle of electronic keys, from initial creation to secure destruction, to safeguard encrypted military telecommunications against interception and compromise. It supports both physical distribution via couriers and electronic methods such as over-the-air rekeying for devices in the field, accommodating diverse operational environments. Through tools like the Local Management Device/Key Processor, EKMS ensures accountable tracking and auditing of keys, promoting interoperability among DoD components and allied forces. As of 2025, EKMS continues to support these functions while transitioning toward integration with the NSA's Key Management Infrastructure (KMI).

Scope and Applications

The Electronic Key Management System (EKMS) encompasses the automated generation, distribution, accounting, and control of cryptographic keys for (COMSEC) across a broad spectrum of operational levels within the U.S. Department of Defense (DoD). It supports both strategic applications at the national level, such as secure broadcast rekeying for fixed-facility and point-to-point circuits, and tactical uses in field environments, including over-the-air rekeying (OTAR) for mobile units. This scope extends to diverse systems like communications (e.g., Secure Modules), tactical radios (e.g., KY-57/58/67 series), and network encryptors (e.g., KG-84 family), ensuring , data, and transmission protection in joint and expeditionary operations. EKMS finds primary application in the U.S. Navy and Marine Corps, where it manages COMSEC materials for shore stations, ships, tactical units, and expeditionary forces across these services. The U.S. Army integrates EKMS with its Automated Key Management System (AKMS) to facilitate joint interoperability, enabling automated key distribution from planning levels to end-user points in theater and sustaining environments. The U.S. employs EKMS for COMSEC programs, including emission security and key management in units like the , supporting secure communications in air and ground operations. The U.S. Marine Corps aligns closely with Navy procedures but maintains distinct handling for tactical equipment in units such as . EKMS supports key management for a vast array of end-user devices across the DoD. Additionally, EKMS promotes interoperability with allies through standardized protocols (e.g., DS-101, DS-102) and coordination via the Distribution and Accounting Network (DACAN), enabling secure key sharing for multinational joint operations and combined networks.

History and Development

Reasons for Development

Prior to the development of the Electronic Key Management System (EKMS), the Communications Security Material Control System (CMCS) relied heavily on manual processes for handling cryptographic keys, including paper-based key lists and physical distribution methods. These approaches were labor-intensive, requiring extensive paperwork, frequent inventories, and significant manpower for accounting and transport, which often led to delays in and updates. Such manual systems were also error-prone, with risks of transcription mistakes during handling and storage, compromising the integrity of (COMSEC) material. Moreover, the pre-EKMS era exposed vulnerabilities to breaches, as physical key materials were susceptible to loss, , or unauthorized access during transit and custody, heightening the potential for exploitation by adversaries. The lack of real-time tracking and centralized oversight in these systems strained , particularly as the volume and complexity of electronic communications grew in the post-Cold War period of the and . This environment amplified the need for to mitigate and enhance the timeliness of key provisioning amid evolving electronic threats. The primary drivers for EKMS stemmed from Department of Defense (DoD) and National Security Agency (NSA) assessments in the 1990s, which identified critical inefficiencies in COMSEC material handling under the legacy CMCS. These reviews underscored the limitations of centralized, physical custody models, prompting the NSA—as the executive agent for key management—to pursue a state-of-the-art electronic alternative. The shift toward distributed electronic accountability aimed to eliminate paper products, reduce logistics burdens, and bolster security through encrypted digital distribution, thereby supporting scalable operations for tactical and strategic communications.

Implementation Timeline

The development of the Electronic Key Management System (EKMS) began in the early 1990s under the sponsorship of the National Security Agency (NSA) and the Department of Defense (DoD), driven by the need to automate and secure the distribution of cryptographic keys for communications security (COMSEC). This initiative addressed the limitations of manual key management processes, which were increasingly vulnerable in modern electronic warfare environments. Implementation proceeded in a phased manner, starting with Tier 0 at the NSA-managed Central Facility for centralized key production and progressively expanding to Tier 1 service-level management, Tier 2 regional distribution, and Tier 3 local elements. An early version, EKMS-1A, introduced automated key loading via standard fill devices and improved accountability for end-users, particularly in the U.S. . It was superseded by EKMS-1B in March 2007. In 2009, the EKMS-1B was introduced, establishing common Tier 1 software to standardize multi-service and facilitate shared electronic distribution across DoD components. This update became effective in April 2010 with policies for Tiers 2 and 3 operations. A significant upgrade occurred in 2017 with the release of EKMS-1E on June 7, superseding EKMS-1B to address evolving cybersecurity threats through enhanced access controls, two-person integrity requirements for sensitive keys, and improved intrusion detection for Local Management Devices/Key Processors. These changes strengthened safeguards against compromise, including tamper-evident seals on key storage and automated audit trails, while maintaining compatibility with legacy systems during the transition. The phased rollout ensured minimal disruption, with end-user expansion completing the system's operational footprint across DoD networks.

Transition to Key Management Infrastructure

The Key Management Infrastructure (KMI) is an NSA-led initiative designed to replace the legacy Electronic Key Management System (EKMS) by providing a modern framework for the secure ordering, generation, production, distribution, management, and auditing of cryptographic products, including encryption keys and certificates, across the Department of Defense (DoD), Intelligence Community, and other federal agencies. Unlike EKMS, which relied heavily on physical and manual processes, KMI emphasizes networked and automated capabilities to enhance efficiency and in cryptographic services. The transition to KMI was driven by EKMS's limitations in scalability and adaptability to evolving cryptographic demands, such as the need for more efficient over-the-network key distribution to reduce reliance on labor-intensive physical couriering and hand-delivery methods. Initiated in the early 2010s as part of broader DoD cryptographic modernization efforts, the program addressed the growing volume of secure communications requirements that strained EKMS's infrastructure. While EKMS supported basic electronic distribution, KMI incorporates advanced features to handle contemporary threats and operational needs, including support for upgraded end-cryptographic units. Transition timelines vary by service; for example, the U.S. Army completed its transition to KMI in late fiscal year 2018. KMI achieved initial operational capability through its Increment 2 in late 2019, with full deployment decision approved in November 2019 following operational testing. Increment 3 development began in 2021, with operational testing of initial releases planned for 2025 and a full deployment decision targeted for 2027. As of November 2025, the transition remains in a hybrid phase, with KMI enabling over-the-network keying for select commands like U.S. Southern Command (implemented in April 2025) and ongoing upgrades to legacy encryptors expected to continue through 2030, gradually phasing out EKMS components.

System Architecture

Tier 0: Central Facility

The Tier 0 Central Facility serves as the National Security Agency (NSA)-operated hub at the apex of the Electronic Key Management System (EKMS), functioning as the executive agent for developing and implementing national-level policies on Communications Security (COMSEC) key management. It provides centralized oversight for the generation, distribution, and accountability of all forms of COMSEC keying material, ensuring secure handling up to the TOP SECRET/SCI classification level. Located at the NSA's Fort Meade and Finksburg Key Facilities in Maryland, this composite facility operates under strict NSA oversight and includes components such as the National COMSEC Material Generation facilities, Central Office of Record (COR) services, National Distribution Authority (NDA), and National Credential Manager. As the foundational element of the tiered EKMS architecture, Tier 0 generates root seed keys with a five-year and operational keys with a one-year , using specialized Key Processors for electronic keys such as 128-bit cryptographic material that cannot be produced at lower tiers. It certifies subordinate tiers and accounts by issuing privilege certificates to Key Management Entities (KMEs) and validating EKMS operational readiness, while automating the ordering and distribution of keys via secure networks and media, including programming fill devices like KSV-21 cards for Equipment (STE). Additionally, Tier 0 maintains the national COMSEC database, tracking inventory, distributing Compromised Key Lists (CKL) and Key Conversion Notices (KCN), and providing support to ensure continuous accountability. This facility acts as the for the EKMS, establishing of custody for cryptographic material from the national level down to local elements by enforcing policy compliance and secure credential management for all U.S. accounts worldwide.

Tier 1: Service-Level Management

Tier 1 represents the service-level management layer within the Electronic Key Management System (EKMS), functioning as an intermediate and , Central Office of Record (COR), Privilege Certificate Manager, and for EKMS and (COMSEC) accounts. This tier is operated by central offices, such as the Navy's Naval Computer and Area Master Station (NCTAMS), in cooperation with entities like the (NSA), Joint Staff (J6), Army, and . It utilizes Common Tier 1 (CT1) software, along with supporting systems like the Local COMSEC Management Software (LCMS) and Local Management Device/Key Processor (LMD/KP), to manage operations at designated sites such as in and in . Personnel, including EKMS Managers and Alternates, must hold U.S. , a SECRET clearance or higher, and complete specific , such as the Navy EKMS Manager Course of Instruction (COI) and NSA computer-based within 60 days of assignment. The primary functions of Tier 1 involve receiving cryptographic keys from the national-level Tier 0 facilities, such as those managed by the NSA at Fort Meade and Finksburg, Maryland, through secure methods including electronic Bulk Encrypted Transactions (BETs) over X.400 or the Secret Internet Protocol Router Network (SIPRNET), or physical delivery via the Defense Courier Service (DCS). Once received, these keys are tailored to meet branch-specific requirements, such as adapting them for Navy fleet broadcasts or Marine Corps point-to-point circuits, while maintaining compatibility with diverse cryptographic devices across the Department of Defense (DoD). Tier 1 then distributes the customized keys to Tier 2 regional accounts electronically via over-the-air rekeying (OTAR), over-the-air transfer (OTAT), or fill devices like the Simple Key Loader (SKL) and Data Transfer Device (DTD), or physically using cleared couriers and local custody forms. This process supports electronic key fills over secure networks for end equipment, including Have Quick radios and Secure Terminal Equipment (STE) terminals, ensuring timely resupply with reorder levels typically set at 2-6 months. Tier 1 also oversees service-wide key accounts, generating reports like Inventory Reconciliation Status Transactions (IRST) to reconcile discrepancies between Tier 1 and Tier 2 inventories, and maintaining accurate Common Account Data (CAD) for . By standardizing protocols such as those in ACP 132 and supporting for Secure Data Network Systems (SDNS)/ (SCIP) keys, this tier accommodates branch-specific needs while facilitating seamless key management across DoD services and allied nations. Under Tier 0 oversight from the NSA, Tier 1 ensures all operations align with national COMSEC policies, including two-person integrity for sensitive tasks and retention of records per DoD directives.

Tier 2: Regional Distribution

The Tier 2 layer of the Electronic Key Management System (EKMS) serves as the command-level tier responsible for regional distribution of cryptographic keys and (COMSEC) materials, managed by regional COMSEC custodians such as fleet commands or unit-level account managers. These custodians oversee intermediate storage, accounting, and transfer of keying material to ensure secure logistics across operational theaters, comprising EKMS accounts and subaccounts that interface with higher tiers for material receipt and lower tiers for issuance. Key functions at this tier include receiving electronic keys from Tier 1 service-level facilities, performing verification through processes like page checks and Local COMSEC Management Software (LCMS) status validation, and issuing verified keys to Tier 3 local elements via secure channels such as Over-The-Air Distribution (OTAD), Over-The-Air Rekeying (OTAR), or fill devices. Regional COMSEC accounts automate the generation, distribution, and destruction of keys using tools like the Key Processor (KP) or Local Management Device (LMD), enabling bulk distribution to forward-deployed units while maintaining accountability through semi-annual inventories and discrepancy reconciliation within 90 days. This tier bridges strategic national-level key production and tactical end-user operations by emphasizing rapid response in dynamic environments, supported by global logistics networks including the Defense Courier Service's 18 stations and regional Central Office of Record (COR) audit teams in areas like the Atlantic (Norfolk, VA), Pacific (San Diego, CA; Pearl Harbor, HI), and . For instance, fleet commands utilize the Key Management Facility—encompassing LMD/KP suites and Simple Key Loaders (SKL)—to handle bulk transfers of materials like KSV-21 cards, ensuring timely rekeying for cryptographic equipment in carrier or amphibious groups without compromising security protocols such as two-person control for assets.

Tier 3: Local Elements

Tier 3, known as Local Elements (LEs), constitutes the lowest layer of the Electronic Key Management System (EKMS) architecture, serving as the end-user interface for on-site handling of (COMSEC) materials. These elements are subordinate to Tier 2 regional accounts and are responsible for the direct management, security, and operational use of cryptographic keying material at military units, ships, or other field-level sites. LEs emphasize decentralized, hands-on accountability to ensure rapid access to keys while minimizing administrative overhead, typically involving a single designated custodian per site who oversees local operations. Local COMSEC managers within LEs perform essential functions such as loading electronic keys into end-user devices, including radios, secure telephones, and satellite communication systems, using tools like the Simple Key Loader (SKL) or Transfer Key Loader (TKL). They receive keying material exclusively from their parent Tier 2 accounts via electronic fill devices or physical canisters, integrating it into operational workflows without direct access to higher-tier generation processes. Maintenance of local inventories is a core duty, involving watch-to-watch tracking, monthly spot checks, and semi-annual full inventories of all COMSEC assets, including physical fill cards and encrypted key material managed through applications like the Data Management Device Portable System (DMD PS). Reporting usage forms a critical loop, with LEs submitting standardized forms such as Standard Form 153 (SF-153) for custody issues and turn-ins, as well as destruction certificates (CMS-25), to their overseeing Tier 2 manager on a monthly basis. LEs are divided into two types: using LEs, which operate on a rotational basis in work centers like radio rooms or SATCOM stations, and issuing LEs, which handle local distribution to subordinate users under written appointments. Personnel requirements prioritize , mandating a minimum rank of E-5 or GS-5 equivalent for issuing roles, with all individuals holding clearances matching the classification of handled material (e.g., Two-Person Integrity for keys). Security protocols in LEs focus on physical and procedural safeguards, such as storing materials in approved containers rated for the highest classification level and requiring two-person verification for output, destruction, or access to unencrypted . Destruction of superseded must occur within 12 hours (or the next duty day if impractical), documented and reported to prevent compromise. Training for LE personnel is provided by parent accounts, ensuring compliance with EKMS policies and operational security doctrines. This tier supports field-level operations across diverse environments, from fixed installations to mobile units, maintaining the integrity of COMSEC at the tactical edge.

Key Components

Software Systems

The core software systems in the Electronic Key Management System (EKMS) include the Local COMSEC Management Software (LCMS) and the Common Tier 1 (CT1) system, which automate processes across different operational levels. LCMS serves as the primary tool for Tier 2 local management devices, enabling COMSEC account managers to handle accounting, auditing, distribution, ordering, and generation of cryptographic keys through a . This software reduces reliance on manual hardcopy records by facilitating electronic and distribution, thereby streamlining inventory tracking and ensuring compliance with security protocols. CT1, on the other hand, operates at the service-level management tier (Tier 1), functioning as a composite software application that supports central offices of record in managing COMSEC material. It provides capabilities for intermediate , secure electronic distribution, and overall oversight, integrating with broader EKMS to maintain a continuous record of key usage and allocation. These systems employ secure interfaces to ensure with cryptographic devices, allowing controlled access to key processing functions without exposing sensitive material. In practice, LCMS and CT1 incorporate protocols for electronic key distribution that align with Department of Defense standards, such as those outlined in EKMS policies, to support automated updates and secure transmission over . For instance, LCMS controls the cryptographic operations of associated key processors, enabling the wrapping and unwrapping of keys while tracking their lifecycle from generation to disposal. This tier-specific enhances efficiency in by prioritizing secure, auditable workflows that minimize human error and physical handling risks.

Hardware Devices

The hardware devices in the Electronic Key Management System (EKMS) primarily consist of secure and fill devices designed for the , distribution, storage, and loading of cryptographic keys into end cryptographic units such as radios and satellite communication equipment. These devices ensure tamper-evident handling and encrypted key injection in classified environments, supporting the U.S. Department of Defense's communication security (COMSEC) needs. At Tier 2, key hardware includes the Local Management Device (LMD), a computer running LCMS, interfaced with a Key Processor (KP) for local key and distribution. The Simple Key Loader (SKL), designated , is a ruggedized, handheld device that serves as the primary tool for secure and storage within EKMS at Tier 3. It enables operators to receive, store, and transfer keys, while providing automated auditing of key operations and compatibility with over 150 end cryptographic unit profiles. Fielded since 2005, the SKL features a glove-compatible , waterproof battery pack, and a recessed zeroize button for tamper resistance, making it suitable for conditions. Although still in use as of 2025, it is being phased out in favor of the Next Generation Load Device-Medium (NGLD-M). It holds NSA Type 1 certification, ensuring protection of top-secret . The Data Transfer Device (DTD), designated AN/CYZ-10, functions as an earlier-generation fill device for offline key transfers in EKMS, particularly at local tiers where secure fills are required without network connectivity. Weighing approximately 1.5 pounds (0.68 kg), it supports encrypted key injection into various encryption systems and incorporates tamper-evident seals to prevent unauthorized access. Like the SKL, the DTD is designed for rugged, classified use and maintains NSA certification for handling sensitive COMSEC material.

Operations and Procedures

Key Generation and Distribution

In the Electronic Key Management System (EKMS), as outlined in 2017 USMC policy, key generation begins at Tier 0, the Central Facility operated by the (NSA) at locations such as and Finksburg, where master keys are produced using certified key generators and NSA-approved algorithms to support cryptographic needs across military networks. Local generation may occur at lower tiers with Controlling Authority (CONAUTH) approval for specific cryptonets, involving devices like Key Processors (KPs) or Local Management Devices (LMDs), but all processes adhere to two-person integrity rules for handling material. This centralized initiation ensures that keys meet standardized security criteria before cascading to end users. Distribution follows a hierarchical model from Tier 0 through Tier 1 (intermediate facilities), Tier 2 (regional accounts), and Tier 3 (local elements), utilizing encrypted channels to maintain chain-of-custody integrity. Electronic methods predominate, transmitting keys over the Secret Internet Protocol Router Network (SIPRNet) via protocols such as Basic Electronic Transmission System (BETs), Integrated Electronic Transmission System (IETS), Over-The-Air Rekeying (OTAR), Over-The-Air Transfer (OTAT), or Secure Terminal Equipment (STE) transfers, with keys protected by AES-256 encryption during transit. Physical distribution supplements this through secure couriers, including the Defense Courier Service (DCS), State Department Courier Service (SDCS), or U.S. Transportation Command (USTRANSCOM) procedures, ensuring delivery to remote or disconnected sites. Validation occurs at each step, including page checks for completeness, status change messages (SCMR), audit trails in Local COMSEC Management Software (LCMS), and Standard Form 153 (SF-153) reports requiring multiple signatures, with discrepancies reported to the Central Office of Record (COR). Key rotations are scheduled according to cryptoperiods to mitigate risks, typically daily for high-usage traffic keys (TEKs) labeled "A," weekly for "B," and monthly for "C," with superseded material destroyed within 12 hours. Reserve keys maintain 2-6 months of on-board supply, reviewed annually, while Key Processor changeovers occur at least every 92 days. This tiered, end-to-end workflow enforces strict accountability from generation at the source to loading in end cryptographic units, incorporating tamper-evident seals, personal identification numbers (PINs), and zeroization capabilities to uphold without trusting intermediaries. Note that as of 2025, EKMS operations are transitioning to the NSA's Key Management Infrastructure (KMI), which automates and streamlines , reducing reliance on legacy physical methods.

Accounting and Secure Storage

In the Electronic Key Management System (EKMS), as outlined in 2017 USMC policy, accounting and secure storage encompass the systematic tracking and protection of cryptographic keys throughout their lifecycle, from issuance to zeroization, to mitigate risks of compromise and ensure accountability at all operational tiers. This process integrates automated tools and procedural controls to maintain a continuous , aligning with national standards for (COMSEC) material handling. Key accounting procedures rely on real-time logging facilitated by the Local COMSEC Management Software (LCMS), which records all transactions including key usage, destruction, and transfers across Tier 2 and Tier 3 elements. For instance, transfers are documented via SF-153 reports and Local Custody Issue (LCI) forms, submitted within three business days to central offices of record (COR), while destruction events—such as zeroization of superseded keys—are logged using CMS-25 forms and verified through LCMS trails. Annual , including semi-annual self-assessments and formal COR inspections every 24 months, reconcile holdings against LCMS databases to detect discrepancies and ensure compliance. Secure storage methods employ tamper-proof vaults and encrypted digital repositories tailored to classification levels and implemented at all EKMS tiers, from central facilities to local elements. Physical keys or fill devices are housed in (GSA)-approved containers with FF-L-2740/2740A locks, while electronic keys reside in Local Management Devices/Key Processors (LMD/KP) protected by password controls and backups alternated annually. For high-value or keys, two-person integrity (TPI) is mandatory, requiring the presence of at least two authorized personnel for access, handling, and storage to prevent unauthorized actions. These practices comply with CNSSI 4009 standards, which define key terms such as TPI and zeroization to support robust COMSEC accountability. Lifecycle management culminates in zeroization—electronically erasing keys within 12 hours of supersession—to render them irrecoverable, thereby preventing potential exploitation at distribution endpoints. Note that as of 2025, EKMS operations are transitioning to the NSA's Key Management Infrastructure (KMI), which automates and streamlines , reducing reliance on legacy physical methods.

Security and Compliance

Cryptographic Protocols

The Electronic Key Management System (EKMS) employs a suite of cryptographic protocols designed to protect (COMSEC) keys throughout their lifecycle, ensuring confidentiality, integrity, and authenticity. These protocols are governed by (NSA) standards and integrate classified and unclassified algorithms to safeguard key material from unauthorized access or interception. Central to EKMS operations is the use of NSA-approved cryptographic algorithms, including those from Suite A for high-sensitivity applications and Suite B for broader . Key wrapping in EKMS utilizes Suite A and Suite B algorithms to encrypt sensitive keys with a Key Encryption Key (KEK), preventing exposure during storage or transmission; this process encapsulates the target key in a protective layer, allowing secure handling without revealing plaintext. Public Key Infrastructure (PKI) plays a critical role in authentication, leveraging credentials such as Department of Defense Common Access Cards (CAC) or National Security Systems PKI tokens to verify user identities and enable secure electronic key transfers, often through mechanisms like the FIREFLY credential system. Prominent features include , achieved via Over-the-Air Rekeying (OTAR) and Over-the-Air Transfer (OTAT) protocols that transmit keys in encrypted form over secure channels, and digital signatures generated using PKI to confirm key authenticity and . EKMS integrates with encryptors like the KG-84A, supporting OTAR for Traffic Encryption Key (TEK) generation and distribution in tactical environments, where the KEK protects TEKs during over-the-air delivery to remote devices. These protocols collectively ensure keys remain secure against across , distribution, and loading phases by enforcing layered and at every step. As applied in processes, they enable automated, protected transfer from central facilities to local elements without compromising .

Auditing and Risk Management

Auditing in the Electronic Key Management System (EKMS) involves systematic oversight to ensure compliance with (COMSEC) policies, primarily through reviews conducted by COMSEC custodians. COMSEC account managers and commanding officers are required to perform quarterly spot checks on facilities where COMSEC material is used or stored, documenting results to verify and measures. These reviews, mandated under EKMS-1 policies, include inspections of storage containers, access logs, and records, with EKMS managers conducting additional monthly spot checks to maintain a minimum of 12 annual assessments. Formal audits occur biennially by trained Communications Material System (CMS) Contracting Officer's Representative (COR) teams, supplemented by semi-annual self-assessments using standardized checklists to evaluate , handling, and practices. Risk management within EKMS focuses on proactive threat mitigation and rapid response to potential compromises, integrating procedural controls to protect cryptographic keys. In the event of key compromise, such as loss, , or unauthorized access, custodians must incidents immediately via the National COMSEC Incident Reporting System (NCIRS), initiating emergency supersession to invalidate affected keys and issuing instructions through over-the-air (OTAR) or over-the-air transfer (OTAT) methods. Recall procedures involve submitting a Relief from Accountability to the Navy COMSEC Material System (NCMS) for approval, followed by physical destruction of compromised material under two-person integrity rules, typically within 12 hours or 48 hours during hostilities. Annual of Key Processors (KPs) and devices like the Simple Key Loader (SKL) is mandatory to prevent prolonged exposure, with audit trails reviewed monthly to detect and address anomalies promptly. These measures align with the Operating Manual (NISPOM, 32 CFR Part 117), which establishes baseline standards for protecting , including COMSEC material in contractor and military environments. EKMS auditing and risk management track incidents, such as key exposure events, through centralized reporting to evaluate impacts and refine procedures. Overall, the system balances operational accessibility—enabling timely key distribution to global users—with stringent controls like two-person integrity for top-secret materials and clearance verifications to minimize insider threats, thereby enhancing while supporting mission needs. This approach ensures custodians maintain secure storage practices alongside rigorous oversight, reducing vulnerabilities from internal actors.

References

  1. https://www.nsa.gov/Resources/Cryptographic-support-Services/
  2. https://www.hqmc.marines.mil/Portals/137/Users/139/51/651/EKMS-1E_Final_Page_Checked_07Jun2017.pdf?ver=2017-08-17-120932-160
  3. https://www.army.mil/article/168285/key_management
  4. https://thedefensewatch.com/cyber-space-defense/dod-launches-long-term-cryptographic-modernization-program/
  5. https://www.hqmc.marines.mil/portals/137/ekms-1b_amd-9.pdf
  6. https://www.dote.osd.mil/Portals/97/pub/reports/FY2022/dod/2022kmi.pdf?ver=Mf7ofOS5tVga6AV5uL0cKg%253D%253D
  7. https://info.publicintelligence.net/NSA-NAG-16F.pdf
  8. https://apps.dtic.mil/descriptivesum/Y2013/Army/stamped/0303140A_7_PB_2013.pdf
  9. https://media.defense.gov/2022/Mar/17/2002958571/-1/-1/1/AIR%252022-523%2520CYBER%2520SURETY.PDF
  10. https://publications.sto.nato.int/publications/STO%2520Meeting%2520Proceedings/RTO-MP-IST-054/MP-IST-054-19.pdf
  11. https://www.globalsecurity.org/intell/library/reports/2001/compendium/ekms.htm
  12. https://www.dote.osd.mil/Portals/97/pub/reports/FY2022/dod/2022kmi.pdf
  13. https://www.dote.osd.mil/portals/97/pub/reports/fy2019/dod/2019kmi.pdf
  14. https://www.army.mil/article/108985/army_advances_new_cryptographic_technology_reducing_burden_on_soldiers
  15. https://www.dote.osd.mil/Portals/97/pub/reports/FY2016/dod/2016kmi.pdf
  16. https://asc.army.mil/web/news-alt-jfm20-the-long-poles-in-the-acquisition-tent/
  17. https://www.dote.osd.mil/Portals/97/pub/reports/FY2024/dod/2024kmi.pdf
  18. https://www.army.mil/article/284517/special_delivery_no_longer_needed_for_comsec_keys
  19. https://csrc.nist.gov/glossary/term/tier_0_central_facility
  20. https://www.jcs.mil/Portals/36/Documents/Library/Manuals/CJCSM%25206520.01B.pdf
  21. https://csrc.nist.gov/glossary/term/tier_1_common_tier_1
  22. https://csrc.nist.gov/glossary/term/tier_2
  23. https://csrc.nist.gov/glossary/term/tier_3
  24. https://csrc.nist.gov/glossary/term/local_comsec_management_software
  25. https://ieeexplore.ieee.org/document/472108
  26. https://www.sncorp.com/capabilities/simple-key-loader-skl/
  27. https://www.arrow.com/globalecs/immixgroup/government-sales-insider/army-sees-smaller-it-budget-growth-in-fy2025/
  28. https://radionerds.com/images/8/86/TB_11-5820-890-12.PDF
  29. https://rmf.org/wp-content/uploads/2017/10/CNSSI-4009.pdf
  30. https://www.hqmc.marines.mil/portals/137/ekms-3d.pdf
  31. https://www.dcsa.mil/Industrial-Security/National-Industrial-Security-Program-Oversight/
Add your contribution
Related Hubs
User Avatar
No comments yet.