Rohde Schwarz NGA100 User Manual

Page 1
R&S®NGA100 Power Supply Instrument Security Procedures
5601889002 Version 01
Page 2
This document describes the types of memory and their usage in the R&S®NGA100 Power Supply.
© 2021 Rohde & Schwarz GmbH & Co. KG
Mühldorfstr. 15, 81671 München, Germany
Phone: +49 89 41 29 - 0
Email: info@rohde-schwarz.com
Internet: www.rohde-schwarz.com
Subject to change – data without tolerance limits is not binding.
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG.
Trade names are trademarks of the owners.
5601.8890.02 | Version 01 | R&S®NGA100
Throughout this document, products from Rohde & Schwarz are indicated without the ® symbol , e.g. R&S®NGA100 is indicated as
R&S NGA100.
Page 3
R&S®NGA100
4.1 Volatile Memory.............................................................................................................9
4.2 Non-Volatile Memory.....................................................................................................9
4.3 Media............................................................................................................................ 10
5.1 Volatile Memory........................................................................................................... 11

Contents

Contents
1 Overview................................................................................................. 5
2 Instrument Models Covered..................................................................6
3 Security Terms and Definitions............................................................ 7
4 Statement of Volatility............................................................................9
5 Instrument Sanitization Procedure.....................................................11
5.2 Non-volatile Memory................................................................................................... 11
6 Validity of Instrument Calibration after Sanitization.........................12
Glossary: Terminology for Instrument Security Procedures...........13
Index......................................................................................................14
3Instrument Security Procedures 5601.8890.02 ─ 01
Page 4
R&S®NGA100
Contents
4Instrument Security Procedures 5601.8890.02 ─ 01
Page 5
R&S®NGA100

1 Overview

Overview
Securing important information is crucial in many applications.
In many cases, it is imperative that the R&S NGA100 instruments are used in a secured environment. Generally, highly secured environments do not allow any test equipment to leave the area unless it can be proven that no user information leaves with the test equipment, e.g. to be calibrated.
"Regarding sanitization, the principal concern is ensuring that data is not unintention­ally released" [1].
This document provides a statement regarding the volatility of the memory types used and specifies the steps required to sanitize an instrument.
The procedures in this document follow "NIST Special Publication 800-88: Guidelines for Media Sanitization" [1].
In addition, recommendations are provided to safeguard information on the R&S NGA100.
References
See the following literature for further information.
[1] Kissel Richard L. [et al.] Guidelines for Media Sanitization = Special Publication (NIST SP) =
NIST SP - 800-88 Rev 1. - Gaithersburg : [s.n.], December 17, 2014.
[2] National Industrial Security Program Authorization Office Defense Security Service (DSS)
Assessment and Authorization Process Manual (DAAPM). - May 6, 2019.
[3] ACSC Australian Cyber Security Centre Australian Government Information Security Manual,
January 2020.
5Instrument Security Procedures 5601.8890.02 ─ 01
Page 6
R&S®NGA100

2 Instrument Models Covered

Instrument Models Covered
Table 2-1: R&S NGA100 models
Product name Order number
NGA101 5601.8002.02
NGA102 5601.8002.04
NGA141 5601.8002.03
NGA142 5601.8002.05
6Instrument Security Procedures 5601.8890.02 ─ 01
Page 7
R&S®NGA100

3 Security Terms and Definitions

Security Terms and Definitions
Terms defined in Guidelines for Media Sanitization
NIST Special Publication 800-88 [1]
Sanitization
"Media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort."
Clear
"Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typi­cally applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported)."
Purge
"Purge applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory techniques."
Destroy
"Destroy renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data."
Control of media
Another option is to keep physical media holding sensitive information within the classi­fied area, see [1], paragraph 4.4.
Volatile memory
"Memory components that do not retain data after removal of all electrical power sour­ces, and when reinserted into a similarly configured system, are considered volatile memory components." [2]
The volatile memory in the instrument does not have battery backup. It loses its con­tents when power is removed from the instrument.
If the instrument is battery operated, e.g. handhelds, it retains data in the volatile mem­ory as long as the battery is installed.
Typical examples are RAM, e.g. SDRAM.
Non-volatile memory
"Components that retain data when all power sources are discontinued are non-volatile memory components." [2].
In the context of this document, non-volatile memory components are non-user acces­sible internal memory types, e.g. EEPROM, Flash, etc.
7Instrument Security Procedures 5601.8890.02 ─ 01
Page 8
R&S®NGA100
Security Terms and Definitions
Media
Media are types of non-volatile memory components. Media are user-accessible and retain data when you turn off power.
In the context of this document, media types are Hard Disk Drives (HDD), Solid State Drives (SSD), Memory Cards, e.g. SD, microSD, CFast, etc., USB removable media, e.g. Pen Drives, Memory Sticks, Thumb Drives, etc. and similar technologies.
8Instrument Security Procedures 5601.8890.02 ─ 01
Page 9
R&S®NGA100

4 Statement of Volatility

The R&S NGA100 contains various memory components. See the subsequent sec­tions for a detailed description regarding type, size, usage and location.
Notes on memory sizes
Due to the continuous development of memory components, the listed values of mem­ory sizes may not represent the current, but the minimal configuration.

4.1 Volatile Memory

Volatile memory modules are considered as non-accessible internal memory devices, as described in Security Terms and Definitions > Volatile Memory. It requires power to retain data and when the power is turned off, all data is erased.
Table 4-1: Types of volatile memory
Statement of Volatility
Non-Volatile Memory
Memory type Location Size Content User
data
DDR2 SDRAM
MPU Internal SRAM
MCU Internal SRAM
PSoC Internal SRAM
Front Controller 2 x 512 Mbit Operating instructions, user and pro-
gram data
Front Controller 128 kbyte Operating instructions, user and pro-
gram data
Mainboard 4 kbyte Channel operating data No Power Off
Front Controller 1 kbyte PSoC operating data No Power Off
Yes Power Off
Yes Power Off

4.2 Non-Volatile Memory

Non-volatile memory modules are considered as non-accessible internal memory devi­ces, as described in Security Terms and Definitions > Non-volatile Memory. It does not require power to maintain the stored data.
Table 4-2: Types of non-volatile memory
Memory type Location Size Content User
data
Sanitization procedure
Sanitization procedure
NAND Front Controller 1 x 2 Gbit Board and device IDs, instrument
firmware, calibration data, instrument settings, state and user data
MPU Internal ROM
MCU Flash Mainboard 32 + 4 kbyte Channel control firmware No None required (no user
Front Controller 160 kbyte Boot loader No None required (no user
Yes See Instrument Sanitiza-
tion Procedure
data)
data)
9Instrument Security Procedures 5601.8890.02 ─ 01
Page 10
R&S®NGA100
Statement of Volatility
Media
Memory type Location Size Content User
MCU EEPROM
PSoC Flash Front Controller 16 kbyte Firmware for instrument peripherals No None required (no user
Mainboard 1 kbyte Channel calibration data No None required (no user
Sanitization procedure
data
data)
data)

4.3 Media

Media are considered as non-volatile memory devices, as described in Security Terms
and Definitions > Media.
Table 4-3: Types of media memory modules
Memory type Location Size Content User
USB Front panel n.a. n.a. Yes Remove memory device
Sanitization procedure
data
and keep it under organi­zational control. See
Instrument Sanitization Procedure
10Instrument Security Procedures 5601.8890.02 ─ 01
Page 11
R&S®NGA100

5 Instrument Sanitization Procedure

5.1 Volatile Memory

5.2 Non-volatile Memory

Instrument Sanitization Procedure
Non-volatile Memory
Removing power
► Turn off the R&S NGA100.
Leave the instrument powered off at least for 10 minutes to make sure that all vola­tile memory modules lose their contents, see [3].
The Flash does not lose its contents when power is removed. It can contain user data.
Sanitizing the non-volatile memory
The Flash is cleared by executing the sanitizing procedure provided on the instrument. The sanitizing procedure complies to the definition of NIST [1], see "Terms defined in
Guidelines for Media Sanitization" on page 7.
NOTICE! Risk of losing data. The sanitization procedure clears all user data and
1. resets the instrument.
Back up all data you want to keep.
2. Remove all media:
a) Disconnect USB mass memory.
3. Keep the media memory devices under organizational control.
NOTICE! Risk of instrument damage when interrupting the sanitizing procedure.
4. Do not turn off or disconnect the R&S NGA100 from the mains while the sanitizing procedure is running. Wait until the instrument confirms the completed sanitizing.
To activate the sanitizing procedure, press the [Menu] key on the front panel of the R&S NGA100.
5. Select "Device" > "Reset" menu item.
6. Select "Yes" to proceed when prompted to reset all settings to factory defaults.
7. Wait for the "Device reset" message to appear at the top left corner of the screen.
All user data will be removed and factory default settings restored.
11Instrument Security Procedures 5601.8890.02 ─ 01
Page 12
R&S®NGA100
6 Validity of Instrument Calibration after Sani-

Validity of Instrument Calibration after Sanitization

tization
The validity of the R&S NGA100 power supply's calibration is maintained throughout the sanitization.
12Instrument Security Procedures 5601.8890.02 ─ 01
Page 13
R&S®NGA100

Glossary: Terminology for Instrument Security Procedures

Glossary: Terminology for Instrument Secur­ity Procedures
C
CFast: Compact Fast - compact flash mass memory device.
D
DRAM: Dynamic Random Access Memory.
H
HDD: Hard disk drive.
M
microSD: Micro Solid State Drive - memory card.
S
SD: Solid-state Drive - memory card.
SSD: ATA Solid State Drives (including PATA, SATA, eSATA, mSATA,...).
13Instrument Security Procedures 5601.8890.02 ─ 01
Page 14
R&S®NGA100

Index

Index
C
Calibration validity
Instrument sanitization ................................................ 12
Clear .................................................................................... 7
Control of media .................................................................. 7
D
Destroy ................................................................................ 7
G
Guideline definition .............................................................. 7
I
Instrument models ............................................................... 6
Instrument sanitization
Calibration validity ....................................................... 12
Non-volatile memory ................................................... 11
Volatile memory ...........................................................11
Instrument sanitization procedure
Volatile memory ...........................................................11
L
Literature
see References ............................................................. 5
M
S
Sanitization .......................................................................... 7
Sanitization procedure
Remove power ............................................................ 11
Sanitize internal memory ................................................... 11
Statement of volatility .......................................................... 9
T
Terms and definitions .......................................................... 7
Clear ............................................................................. 7
Control of media ........................................................... 7
Destroy ......................................................................... 7
Media ............................................................................ 8
Non-volatile memory ..................................................... 7
Purge ............................................................................ 7
Sanitization ................................................................... 7
Volatile memory ............................................................ 7
V
Volatile memory
Instrument sanitization ................................................ 11
Memory types ............................................................... 9
Terms and definitions .................................................... 7
Media
Memory types ............................................................. 10
Remove ....................................................................... 11
Terms and definitions .................................................... 8
Memory types ...................................................................... 9
Media .......................................................................... 10
Non-volatile memory ..................................................... 9
Volatile memory ............................................................ 9
N
NIST .................................................................................... 5
Non-volatile memory
Instrument sanitization ................................................ 11
Memory types ............................................................... 9
Sanitization procedure ................................................ 11
Terms and definitions .................................................... 7
O
Overview ............................................................................. 5
P
Purge ................................................................................... 7
R
References .......................................................................... 5
Remove power
Sanitization procedure ................................................ 11
14Instrument Security Procedures 5601.8890.02 ─ 01
Loading...