Page 1
R&S®ESRP
EMI Test Receiver
Instrument Security Procedures
(;ÙØØ2)
1175.7474.02 ─ 02
Instrument Security Procedures
Page 2
R&S®ESRP
Contents
Contents
1 Overview................................................................................................. 2
2 Instrument Models Covered..................................................................2
3 Security Terms and Definitions............................................................ 3
4 Types of Memory and Information Storage in the R&S ESRP........... 3
5 Instrument Declassification.................................................................. 6
6 Special Considerations for USB Ports.................................................7
1 Overview
In many cases, it is imperative that the R&S ESRP EMI Test Receivers are used in a
secured environment. Generally these highly secured environments do not allow any
test equipment to leave the area unless it can be proven that no user information
leaves with the test equipment. Security concerns can arise when devices need to
leave a secured area e.g. to be calibrated or serviced.
This document describes the types of memory and their usage in the R&S ESRP. It
provides a statement regarding the volatility of all memory types and specifies the
steps required to declassify an instrument through memory clearing or sanitization procedures. These sanitization procedures are designed for customers who need to meet
the requirements specified by the US Defense Security Service (DSS).
2 Instrument Models Covered
Table 2-1: EMI Test Receiver models
Product name Order number
R&S ESRP3 1316.4500.03
R&S ESRP7 1316.4500.07
2Instrument Security Procedures 1175.7474.02 ─ 02
Page 3
R&S®ESRP
Security Terms and Definitions
3 Security Terms and Definitions
Clearing
The term "clearing" is defined in Section 8-301a of DoD 5220.22-M, "National Industrial
Security Program Operating Manual (NISPOM)". Clearing is the process of eradicating
the data on media so that the data can no longer be retrieved using the standard interfaces on the instrument. Therefore, clearing is typically used when the instrument is to
remain in an environment with an acceptable level of protection.
Sanitization
The term "sanitization" is defined in Section 8-301b of DoD 5220.22-M, "National
Industrial Security Program Operating Manual (NISPOM)". Sanitization is the process
of removing or eradicating stored data so that the data cannot be recovered using any
known technology. Instrument sanitization is typically required when an instrument is
moved from a secure to a non-secure environment, such as when it is returned for service of calibration.
The memory sanitization procedures described in this document are designed for customers who need to meet the requirements specified by the US Defense Security Service (DSS). These requirements are specified in the "Clearing and Sanitization Matrix"
in Section 14.1.16 of the ISFO "Manual for the Certification and Accreditation of Classified Systems under the NISPOM".
Instrument declassification
The term "instrument declassification" refers to procedures that must be undertaken
before an instrument can be removed from a secure environment, for example when
the instrument is returned for calibration. Declassification procedures include memory
sanitization or memory removal, or both. The declassification procedures described in
this document are designed to meet the requirements specified in DoD 5220.22-M,
"National Industrial Security Program Operating Manual (NISPOM)", Chapter 8.
4 Types of Memory and Information Storage
in the R&S ESRP
The EMI Test Receiver contains various memory components.
The following table provides an overview of the memory components that are part of
your instrument. For a detailed description regarding type, size, usage and location,
refer to the subsequent sections.
3Instrument Security Procedures 1175.7474.02 ─ 02
Page 4
R&S®ESRP
Types of Memory and Information Storage in the R&S ESRP
Volatile Memory
Memory type Size Content Volatility User
data
SDRAM (CPU
board)
SDRAM/DDR3
(detector board)
EEPROM
(board assembly)
Flash (CPU
board)
Hard disk drive
(HDD)
(removable)
or or
Solid-state drive
(SSD)
(removable)
4 Gbyte Temporary information storage
for operating system and
instrument firmware
2 Gbyte Measurement data Volatile Yes Turn off instru-
32 kbyte up
to 1 Mbyte
512 kbyte BIOS Non-volatile No None required
8 Gbyte /
64 Gbyte
Hardware information:
●
Serial number
●
Product options
●
Calibration correction data
●
Operating system
●
Instrument firmware
●
Instrument states and setups
●
Limit lines and transducer
tables
●
Trace data
●
Measurement results and
screen images
Volatile Yes Turn off instru-
Non-volatile No None required
Non-volatile Yes Remove HDD
Sanitization
procedure
ment power
ment power
(no user data)
(no user data)
from instrument
Remove SDD
from instrument
4.1 Volatile Memory
The volatile memory in the instrument does not have battery backup. It loses its contents as soon as power is removed from the instrument. The volatile memory is not a
security concern.
Removing power from this memory meets the memory sanitization requirements specified in the "Clearing and Sanitization Matrix" in section 5.2.5.5.5 of the ISFO Process
Manual for the Certification and Accreditation of Classified Systems under the NISPOM.
SDRAM
The SDRAM on the CPU board has a size of 4 Gbyte and contains temporary information storage for operating system and instrument firmware. The SDRAM loses its memory as soon as power is removed.
Sanitization procedure: Turn off instrument power
SDRAM/DDR3
The SDRAM/DDR3 on the detector board has a size of 2 Gbyte and contains measurement data. It loses its memory as soon as power is removed.
Sanitization procedure: Turn off instrument power
4Instrument Security Procedures 1175.7474.02 ─ 02
Page 5
R&S®ESRP
Types of Memory and Information Storage in the R&S ESRP
Non-Volatile Memory
4.2 Non-Volatile Memory
The R&S ESRP contains various non-volatile memories. Out of these, only the removable hard disk drive / solid-state drive (HDD/SSD) contains user data. The HDD/SSD
can be physically removed from the R&S ESRP and left in the secure area.
All non-volatile memories of the R&S ESRP are not a security concern.
EEPROM
Each board assembly in the R&S ESRP EMI Test Receiver has one serial EEPROM
device with a size of 32 kbyte up to 1 Mbyte. The EEPROM contains information related to the installed hardware, such as board serial number, product options and calibration correction data. The EEPROM does not hold user data nor can the user access
the EEPROM storage.
Sanitization procedure: None required (no user data)
Flash
The CPU board of the R&S ESRP EMI Test Receiver has one 512 kbyte flash memory
device. It contains the BIOS. The flash memory does not hold user data nor can the
user access the flash memory.
Sanitization procedure: None required (no user data)
Hard disk drive (HDD) / solid-state drive (SSD)
The removable HDD/SSD is located on the rear of the R&S ESRP. Its size depends on
the model you have ordered.
The HDD/SSD is used to store:
●
Operating system
●
Instrument firmware and firmware options (measurement personalities) with option
license keys
●
Instrument states and setups
●
Trace data
●
Limit lines, transducer tables
●
Screen images
The HDD/SSD holds user data and is non-volatile. Hence, user data is not erased
when power is removed from the instrument.
The removable HDD/SSD can be removed from the EMI Test Receiver to make sure
that no user data is stored within the EMI Test Receiver. This can be done without
opening the instrument.
The R&S ESRP, equipped with the removable HDD/SSD, addresses the needs of customers working in highly sensitive areas.
Sanitization procedure: Remove HDD or SSD from instrument
5Instrument Security Procedures 1175.7474.02 ─ 02
Page 6
R&S®ESRP
Instrument Declassification
5 Instrument Declassification
Before you can remove the EMI Test Receiver from a secured area (for example to
perform service or calibration), all classified user data needs to be removed. You can
declassify the EMI Test Receiver as follows:
1. Turn off the EMI Test Receiver and disconnect the power plug. This will sanitize
the volatile memory.
2. To remove the HDD/SSD, perform the following steps:
a) Locate the HDD/SSD.
Figure 5-1: Location of the hard disk drive / solid-state drive
b) Unscrew the two knurled screws.
c) Remove the HDD/SSD on the rear panel of the R&S ESRP.
Following these steps removes all user data from the EMI Test Receiver. The EMI Test
Receiver can now leave the secured area.
These declassification procedures meet the needs of customers working in secured
areas.
Once the EMI Test Receiver is outside the secured area, installing a second non-classified removable HDD/SSD (without any user data) allows the EMI Test Receiver to
function properly for service or other needs.
Prior to re-entering the secured area, remove the non-classified removable HDD/SSD
(without the user data). When the R&S ESRP is back within the secured area, the original classified removable hard disk drive / solid-state drive can be reinstalled.
●
To hold classified user data in secure areas, use the removable hard disk drive /
solid-state dive which comes with the instrument.
●
To hold non-classified user data in non-secure areas, use a second removable
hard disk drive / solid-state drive (R&S ESRP-B18/-B19).
6Instrument Security Procedures 1175.7474.02 ─ 02
Page 7
R&S®ESRP
Special Considerations for USB Ports
Validity of instrument calibration after declassification
The calibration makes sure that measurements comply to government standards.
Rohde & Schwarz recommends that you follow the calibration cycle suggested for your
instrument.
The EEPROM is the only memory type used to hold permanent adjustment values
required to maintain the validity of the R&S ESRP’s calibration. Therefore, replacing
one removable HDD/SSD with another, does not affect the validity of the instrument’s
calibration.
After exchanging the removable HDD/SSD, perform a self-alignment once:
Note that the instrument has sufficient warm-up time before you perform the self-alignment.
1. Select the SETUP key.
2. Select the "Alignment" softkey.
3. Select "Start Self Alignment"
This function uses the high-stability internal reference generator to produce the temporary adjustment values. Using the permanent and temporary values, the necessary
adjustment information is then stored on the removable HDD/SSD. Rohde & Schwarz
recommends that you perform the self-alignment function once a week.
6 Special Considerations for USB Ports
USB ports can pose a security risk in high-security locations. Generally, this risk comes
from small USB pen drives, also known as memory sticks or key drives. They can be
easily concealed and can quickly read/write several Gbyte of data.
Disabling USB ports for writing user data
You can disable the write capability on the USB ports of the R&S ESRP R&S ESRP via
a utility software. This utility software is available on the R&S ESRP website http://
www.rohde-schwarz.com/product/esrp.html.
To disable the write capability, copy the utility software to the R&S ESRP and run it
once. After a reboot of the instrument, the write capability on any USB memory device
is disabled.
7Instrument Security Procedures 1175.7474.02 ─ 02
Page 8
R&S®ESRP
Special Considerations for USB Ports
© 2017 Rohde & Schwarz GmbH & Co. KG
Mühldorfstr. 15, 81671 München, Germany
Phone: +49 89 41 29 - 0
Fax: +49 89 41 29 12 164
Email: info@rohde-schwarz.com
Internet: www.rohde-schwarz.com
Subject to change – Data without tolerance limits is not binding.
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG.
Trade names are trademarks of their owners.
Throughout this manual, products from Rohde & Schwarz are indicated without the ® symbol , e.g.
R&S®ESPR is indicated as R&S ESPR.
8Instrument Security Procedures 1175.7474.02 ─ 02
Loading...