Keysight AC6800 Series
This manual provides the memory declassification
and sanitation procedures for the following instruments:
Keysight AC6801A, AC6802A, AC 6803A, AC6804A
Keysight AC6801B, AC6802B, AC 6803B, AC6804B
Instrument
Security
Information
Manual
2
Notices
© Keysight Technologies, Inc.
2014, 2017
No part of this manual may be
reproduced in any form or by any
means (including electronic
storage and retrieval or translation
into a foreign language) without
prior agreement and written
consent from Keysight
Technologies, Inc. as governed by
United States and international
copyright laws.
Trademark
Acknowledgements
N/A
Manual Part Number
AC6800-900002
Print Date
December 2017
Supersedes: February, 2014
Published in USA
Keysight Technologies Inc.
1400 Fountaingrove Parkway
Santa Rosa, CA 95403
Warranty
THE MATERIAL CONTAINED IN
THIS DOCUMENT IS PROVIDED
“AS IS,” AND IS SUBJECT TO
BEING CHANGED, WITHOUT
NOTICE, IN FUTURE EDITIONS.
FURTHER, TO THE MAXIMUM
EXTENT PERMITTED BY
APPLICABLE LAW, KEYSIGHT
DISCLAIMS ALL WARRANTIES,
EITHER EXPRESS OR IMPLIED
WITH REGARD TO THIS MANUAL
AND ANY INFORMATION
CONTAINED HEREIN, INCLUDING
BUT NOT LIMITED TO THE
IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE.
KEYSIGHT SHALL NOT BE LIABLE
FOR ERRORS OR FOR INCIDENTAL
OR CONSEQUENTIAL DAMAGES IN
CONNECTION WITH THE
FURNISHING, USE, OR
PERFORMANCE OF THIS
DOCUMENT OR ANY
INFORMATION CONTAINED
HEREIN. SHOULD KEYSIGHT AND
THE USER HAVE A SEPARATE
WRITTEN AGREEMENT WITH
WARRANTY TERMS COVERING
THE MATERIAL IN THIS
DOCUMENT THAT CONFLICT WITH
THESE TERMS, THE WARRANTY
TERMS IN THE SEPARATE
AGREEMENT WILL CONTROL.
Technology Licenses
The hardware and/or software
described in this document are
furnished under a license and may
be used or copied only in
accordance with the terms of such
license.
Restricted Rights Legend
If software is for use in the
performance of a U.S. Government
prime contract or subcontract,
Software is delivered and licensed
as “Commercial computer
software” as defined in DFAR
252.227-7014 (June 1995), or as
a “commercial item” as defined in
FAR 2.101(a) or as “Restricted
computer software” as defined in
FAR 52.227-19 (June 1987) or any
equivalent agency regulation or
contract clause. Use, duplication
or disclosure of Software is
subject to Keysight Technologies’
standard commercial license
terms, and non-DOD Departments
and Agencies of the U.S.
Government will receive no
greater than Restricted Rights as
defined in FAR 52.227-19(c)(1-2)
(June 1987). U.S. Government
users will receive no greater than
Limited Rights as defined in FAR
52.227-14 (June 1987) or DFAR
252.227-7015 (b)(2) (November
1995), as applicable in any
technical data.
Safety Notices
A CAUTION notice denotes a hazard.
It calls attention to an operating
procedure, practice, or the like that,
if not correctly performed or
adhered to, could result in damage
to the product or loss of important
data. Do not proceed beyond a
CAUTION notice until the indicated
conditions are fully understood and
met.
A WARNING notice denotes a
hazard. It calls attention to an
operating procedure, practice, or the
like that, if not correctly performed
or adhered to, could result in
personal injury or death. Do not
proceed beyond a WARNING notice
until the indicated conditions are
fully understood and met.
3
<Page intentionally left blank>
4
Table of Contents
Contacting Keysight Sales and Service Offices ............................................................................... 5
Products Covered by this Document ................................................................................................ 6
Security Terms and Definitions ......................................................................................................... 7
Instrument Memory ........................................................................................................................... 8
Summary of Memory Declassification Procedures ........................................................................ 10
User and Remote Interface Security Measures ............................................................................. 11
Administrative Password .......................................................................................................... 11
Remote Access Interfaces ........................................................................................................ 11
Controlling the front panel display ................................................................................... 11
Calibration regulation ............................................................................................................... 11
Firmware update regulation ..................................................................................................... 12
Procedure for Declassifying a Faulty Instrument ........................................................................... 13
References ....................................................................................................................................... 14
5
Contacting Keysight Sales and Service Offices
Assistance with test and measurement needs, and information on finding a local Keysight office, is
available on the Internet at:
http://www.keysight.com/find/assist
If you do not have access to the Internet, please contact your field engineer.
In any correspondence or telephone conversation, refer to the instrument by its model
number and full serial number. With this information, the Keysight representative can
determine whether your unit is still within its warranty period.
6
Products Covered by this Document
Product Family Name
Product Names
Model Numbers
AC6800 Series
AC Source
AC6801A, AC6802A, AC 6803A, AC6804A
AC6801B, AC6802B, AC 6803B, AC6804B
This document describes instrument security features and the steps to declassify an instrument
through memory clearing, sanitization or removal.
For additional information, go to:
http://www.keysight.com/find/security
Be sure that all information stored by the user in the instrument that needs to be saved is
properly backed up before attempting to clear any of the instrument memory. Keysight
Technologies cannot be held responsible for any lost files or data resulting from the
clearing of memory. Be sure to read this document entirely before proceeding with any file
deletion or memory clearing.
7
Security Terms and Definitions
Term
Definition
Clearing
As defined in Section 8-301a of DoD 5220.22-M, clearing is the process of eradicating the data
on media before reusing the media so that the data can no longer be retrieved using the standard
interfaces on the instrument. Clearing is typically used when the instrument is to remain in an
environment with an acceptable level of protection.
Instrument
Declassification
A term that refers to procedures that must be undertaken before an instrument can be removed
from a secure environment, such as is the case when the instrument is returned for calibration.
Declassification procedures include memory sanitization or memory removal, or both. Keysight
declassification procedures are designed to meet the requirements specified in DoD 5220.22-M,
Chapter 8.
Sanitization
As defined in Section 8-301b of DoD 5220.22-M, sanitization is the process of removing or
eradicating stored data so that the data cannot be recovered using any known technology.
Instrument sanitization is typically required when an instrument is moved from a secure to a nonsecure environment, such as when it is returned to the factory for calibration.
Keysight memory sanitization procedures are designed for customers who need to meet the
requirements specified by the US Defense Security Service (DSS). These requirements are
specified in the “Clearing and Sanitization Matrix” in Section 5.2.5.5.5 of the Error! Reference
source not found..
Secure Erase
Secure Erase is a term that is used to refer to either the clearing or sanitization features of
Keysight instruments.
8
Instrument Memory
This section contains information on the types of memory available in your instrument. It explains
the size of memory, how it is used, its location, volatility, and the sanitization procedure.
Table 1: Summary of instrument memory
Memory Type
and Size
Writable During Normal Operation? Data Retained When
Powered Off?
Purpose/ Contents
Data Input Method
Location in
Instrument and
Remarks
Sanitization
Procedure
On-Chip RAM
64 Kbytes
Yes
No
Used for hardware
processing
When the instrument
boots up, the firmware
automatically uploads
the DSP program,
which is embedded in
the Main Flash memory
as a part of instrument
firmware data.
CPU board U29
(TMS320VC5502)
(embedded in the
DSP chip)
Power cycle
Flash 1 Mbyte
Yes
Yes
Operating system,
instrument firmware
Factory install,
firmware update
CPU board U4
(STM32F427)
(embedded in the
DSP chip)
N/A
contains no
applicationspecific
information
SRAM
256 Kbytes
Yes
No
Temporary execution
data
By operating system or
instrument firmware
CPU board U4
(STM32F427)
(embedded in the
DSP chip)
Power cycle
EEPROM
1 Kbyte
Yes
Yes
Model Info
(1st 256-byte block)
Calibration Info
(2nd 256-byte block)
(3rd & 4th blocks are
unused)
Factory Install, or by
service personnel
CPU board U9
(BR24G08FVM)
N/A
contains no
applicationspecific
information
9
Memory Type
and Size
Writable During Normal Operation? Data Retained When
Powered Off?
Purpose/ Contents
Data Input Method
Location in
Instrument and
Remarks
Sanitization
Procedure
EEPROM
1 Kbyte
Yes
Yes
Recall Panel Info
(1st~3rd 256-byte
blocks)
User Preference Info
(4th 256-byte block)
User-saved data
(regardless of implicit
or explicit SAVE
operations
CPU board U10
(BR24G08FVM)
See "User
EEPROM #1
Sanitization”
10
Summary of Memory Declassification Procedures
This section explains how to clear, sanitize, and remove memory from your instrument, for all
classes of memory that are writeable during normal operation, and for which the clearing and
sanitization procedure is more than trivial, such as rebooting your instrument.
Read this entire document before using any sanitization procedure. Failure to do so may
necessitate returning the instrument to an Authorized Keysight Service Center for
firmware downloads and recalibration.
Table 2: User EEPROM #1 Clearing and Sanitization
Description and
purpose
This is the user's partition of internal storage that uses an EEPROM device. It contains user
preferences and instrument panel settings.
Size
1 Kbyte
Memory clearing
No.
Memory sanitization
On front panel, press System > Admin > Sanitize.
From a remote interface, send: SYSTem:SECuriry:IMMediate
This procedure clears all instrument memory except for instrument firmware, model info, and
calibration info. It then automatically reboots the instrument.
This routine writes all zeros to the entire EEPROM memory.
11
User and Remote Interface Security Measures
Administrative Password
To reset an instrument’s administrative password, follow the procedure in the AC6800A Operating
and Service Guide. This involves removing power and other connections to the instrument,
removing the instrument cover (requires tools), changing a switch position, and cycling power.
The password never expires.
This instrument does not track or report invalid password attempts, nor does it lock-out password
entry following a number of invalid password entries.
Remote Access Interfaces
The user is responsible for providing security for the I/O ports for remote access by controlling
physical access to the I/O ports. The I/O ports must be controlled because they provide access to
all user settings, user states and the display image. The I/O ports include USB, GPIB, and LAN.
1. The LAN port provides the following services, which can be selectively disabled:
a. VXI-11
b. Sockets
c. Telnet
d. Web instrument control
e. mDNS
f. HiSLIP
To disable LAN services:
On the front panel press [Menu] > System > LAN > Modify > Services.
To disable USB or GPIB:
On the front panel press [Menu] > System > Admin > IO.
Controlling the front panel display
The front panel display can be turned off from the remote interface by sending the command:
DISPlay OFF
The display is enabled when power is cycled.
Calibration regulation
The instrument requires a password to allow calibration. The instrument’s calibration count will
increment each time calibration data is saved.
12
Firmware update regulation
The user is allowed to update the instrument firmware. Follow the procedure in the AC6800A
Operating and Service Guide. Depending on the combination of old and new firmware versions,
user preference info and recall panel info may or may not be erased (not strictly sanitized), if the
new layout of user's data is different than the old version.
The instrument may be configured to require a password to allow updating the firmware.
On the front panel press [Menu] > System > Admin > Login and log in with the administrative
password.
Navigate to System > Admin > Update and check the box:
󠄀 Must log in as admin to allow firmware update
The instrument’s calibration count will increment with each successful update.
13
Procedure for Declassifying a Faulty Instrument
If the instrument is not functioning and you are unable to use the security functions, you must
physically remove the processor board from the insstrument. Refer to the operating and service
guide for disassembly instructions.
Once the processor board is removed:
1. Destroy the CPU board and send the instrument to a repair facility
or
2. Unsolder the two EEPROMs (U9 and U10) from the CPU board and destroy these chips.
Send the instrument and the removed CPU board to a repair facility
14
References
1.
DoD 5220.22-M, “National Industrial Security Program Operating Manual (NISPOM)”
United States Department of Defense. Revised February 28, 2006.
May be downloaded in Acrobat (PDF) format from:
http://www.dss.mil/isp/fac_clear/download_nispom.html
Loading...