R&S®FSVA3000 / R&S®FSV3000
Signal and Spectrum Analyzer
Instrument Security Procedures
(;Ý0ï2)
1179009702
Version 01
Instrument Security Procedures
The following abbreviations are used throughout this manual: R&S®FSVA3000 is abbreviated as R&S FSVA. R&S®FSV3000 is
abbreviated as R&S FSV. R&S FSV/A refers to both the R&S FSV3000 and the R&S FSVA3000.
R&S®FSVA3000 / R&S®FSV3000
Contents
1 Overview................................................................................................. 3
2 Instrument Models Covered..................................................................4
3 Security Terms and Definitions............................................................ 4
4 Types of Memory and Information Storage in the R&S FSV/A.......... 5
5 Instrument Declassification.................................................................. 8
6 Functionality Outside the Secured Area............................................10
7 Validity of Instrument Calibration after Declassification..................10
8 Securing Self Alignment Data when Security Write Protection is
Enabled................................................................................................. 11
Contents
9 Secure User Mode................................................................................12
10 Special Considerations for USB Ports...............................................12
1 Overview
It is often imperative that R&S FSV/A Signal and Spectrum Analyzers are used in a
secured environment. Generally these highly secured environments do not allow any
test equipment to leave the area unless it can be proven that no user information
leaves with the test equipment. Security concerns can arise when devices need to
leave a secured area, e.g. to be calibrated or serviced.
This document describes the types of memory and their usage in the R&S FSV/A. It
provides a statement regarding the volatility of all memory types and specifies the
steps required to declassify an instrument through memory clearing or sanitization procedures. These sanitization procedures are designed for customers who need to meet
the requirements specified by the US Defense Security Service (DSS).
3Instrument Security Procedures 1179.0097.02 ─ 01
R&S®FSVA3000 / R&S®FSV3000
2 Instrument Models Covered
Product name Order number
Instrument Models Covered
R&S®FSV3004
R&S®FSV3007
R&S®FSV3013
R&S®FSV3030
R&S®FSV3044
R&S®FSVA3004
R&S®FSVA3007
R&S®FSVA3013
R&S®FSVA3030
R&S®FSVA3044
1330.5000.04
1330.5000.07
1330.5000.13
1330.5000.30
1330.5000.43
1330.5000.05
1330.5000.08
1330.5000.14
1330.5000.31
1330.5000.44
3 Security Terms and Definitions
Clearing
The term "clearing" is defined in Section 8-301a of DoD 5220.22-M, "National Industrial
Security Program Operating Manual (NISPOM)". Clearing is the process of eradicating
the data on media so that the data can no longer be retrieved using the standard interfaces on the instrument. Therefore, clearing is typically used when the instrument is to
remain in an environment with an acceptable level of protection.
Sanitization
The term "sanitization" is defined in Section 8-301b of DoD 5220.22-M, "National
Industrial Security Program Operating Manual (NISPOM)". Sanitization is the process
of removing or eradicating stored data so that the data cannot be recovered using any
known technology. Instrument sanitization is typically required when an instrument is
moved from a secure to a non-secure environment, such as when it is returned for service of calibration.
The memory sanitization procedures described in this document are designed for customers who need to meet the requirements specified by the US Defense Security Service (DSS). These requirements are specified in the "Clearing and Sanitization Matrix"
in Section 14.1.16 of the ISFO "Manual for the Certification and Accreditation of Classified Systems under the NISPOM".
4Instrument Security Procedures 1179.0097.02 ─ 01
R&S®FSVA3000 / R&S®FSV3000
Instrument declassification
The term "instrument declassification" refers to procedures that must be undertaken
before an instrument can be removed from a secure environment, for example when
the instrument is returned for calibration. Declassification procedures include memory
sanitization or memory removal, or both. The declassification procedures described in
this document are designed to meet the requirements specified in DoD 5220.22-M,
"National Industrial Security Program Operating Manual (NISPOM)", Chapter 8.
4 Types of Memory and Information Storage
in the R&S FSV/A
The R&S FSV/A Signal and Spectrum Analyzers contain various memory components.
The following table provides an overview of the memory components that are part of
your instrument. For further information, refer to the subsequent sections.
Types of Memory and Information Storage in the R&S FSV/A
Table 4-1: Information on memory types
Memory type Size Content Volatility User
Data
SDRAM
(CPU board)
SDRAM
(motherboard)
SDRAM
(option R&S FSV3B200/-B400)
EEPROM
(smart card)
Flash
(CPU board)
8 Gbyte (IPC11/1)
or
16 Gbyte (IPC11/4)
or
16 Gbyte (IPS14)
2 Gbyte Measurement data Volatile Yes Turn off instrument power
6 Gbyte
≤ 1 Mbyte
8 Mbyte (IPC11/1)
or
8 Mbyte (IPC11/4)
or
8 Mbyte (IPS14)
Temporary information storage for
operating system and instrument
firmware
Module-specific data:
●
Serial number
●
Product options
●
Board internal correction
data
BIOS Non-volatile No None required (no user
Volatile Yes Turn off instrument power
Non-volatile No None required (no user
Sanitization procedure
data)
data)
Flash
(frontend)
Flash
(microwave converter)
4 Mbyte
4 Mbyte
Module-specific data:
●
Serial number
●
Product options
●
Board internal correction
data
●
FPGA bitstream data
Non-volatile No None required (no user
data)
5Instrument Security Procedures 1179.0097.02 ─ 01
R&S®FSVA3000 / R&S®FSV3000
Types of Memory and Information Storage in the R&S FSV/A
Volatile Memory
Memory type Size Content Volatility User
Data
Flash
(motherboard)
Flash
(option R&S FSV3B200/-B400)
Flash
(option R&S FSV3B6)
32 Mbyte
64 Mbyte
4 Mbyte
●
IP address
●
MAC address
Non-volatile No None required (no user
Standard configuration without option R&S FSV3-B20 (removable hard drive)
Memory type Size Content Volatility User
Data
●
SSD (Solid-State
Drive type M.2 Sata)
(CPU board)
60 Gbyte
Operating system
●
Instrument firmware and
firmware options with license
keys
●
Instrument states and setups
●
Trace data
●
Limit lines, transducer tables
●
Screen images
Non-volatile Yes See "SSD Solid-State
Sanitization procedure
data)
Sanitization procedure
Drive (CPU board)"
on page 7
Configuration with option R&S FSV3-B20 (removable hard drive)
Memory type Size Content Volatility User
Data
●
CFAST memory card
(removable)
64 Gbyte
Operating system
●
Instrument firmware and
firmware options with license
keys
●
Instrument states and setups
●
Trace data
●
Limit lines, transducer tables
●
Screen images
Non-volatile Yes Remove CFAST memory
4.1 Volatile Memory
The volatile memory in the instrument does not have battery backup. It loses its contents when power is removed from the instrument. The volatile memory is not a security concern.
Removing power from this memory meets the memory sanitization requirements specified in the "Clearing and Sanitization Matrix" in Section 5.2.5.5.5 of the ISFO Process
Manual for the Certification and Accreditation of Classified Systems under the NISPOM.
Sanitization procedure
card, see "Removable
CFAST Memory Card
(R&S FSV3-B20, removable hard drive)"
on page 7
6Instrument Security Procedures 1179.0097.02 ─ 01
R&S®FSVA3000 / R&S®FSV3000
4.2 Non-Volatile Memory
The R&S FSV/A contains no user-accessible non-volatile memory, except for the internal SSD memory module and the removable CFAST memory card (option R&S FSV3B20, removable hard drive).
All other non-volatile memories of the R&S FSV/A are not a security concern.
SSD Solid-State Drive (CPU board)
(excludes CFAST memory card R&S FSV3-B20, removable hard drive)
The internal SSD memory module is located on the CPU board.
Basically, the SSD holds user data and is non-volatile. Hence, user data is not erased
when power is removed from the instrument.
Note: As you can equip the R&S FSV/A with the option R&S FSV3-K33 (security write
protection of solid state drive), the R&S FSV/A allows you to enable the Secure User
Mode. The sanitization procedure depends on the availability of this option:
●
If R&S FSV3-K33 is not available or Secure User Mode disabled (default setting
on the instrument):
The R&S FSV/A saves user data and instrument setups permanently on the SSD.
All data, including user data leaves the secure area with the instrument.
Sanitization procedure: Sanitizing is not possible without physically removing the
SSD.
●
If R&S FSV3-K33 is available with Secure User Mode enabled:
The R&S FSV/A redirects user data and instrument setups to the volatile memory
(SDRAM).
Sanitization procedure: Turn of instrument power.
Types of Memory and Information Storage in the R&S FSV/A
Non-Volatile Memory
See also Chapter 5, "Instrument Declassification", on page 8.
Removable CFAST Memory Card (R&S FSV3-B20, removable hard drive)
(excludes SSD)
Do not remove the CFAST memory card during operation as data can get lost.
●
If the CFAST memory card is inserted:
Note: As you can equip the R&S FSV/A with the option R&S FSV3-K33 (security
write protection of solid state drive), the R&S FSV/A allows you to enable the
Secure User Mode. The sanitization procedure depends on the availability of this
option:
– If R&S FSV3-K33 is not available or Secure User Mode disabled:
The CFAST memory card holds user data and is non-volatile. User data is not
erased when power is removed from the instrument.
Sanitization procedure: Remove the CFAST memory card from the instrument.
7Instrument Security Procedures 1179.0097.02 ─ 01
R&S®FSVA3000 / R&S®FSV3000
– If R&S FSV3-K33 is available with Secure User Mode enabled:
The R&S FSV/A redirects user data and instrument setups to the volatile memory (SDRAM).
Sanitization procedure: Turn of instrument power.
●
If the CFAST memory card is not inserted:
Without the CFAST memory card, holding the operating system etc., you cannot
work with the R&S FSV/A.
Sanitization procedure: None required.
See also Chapter 5, "Instrument Declassification", on page 8.
5 Instrument Declassification
Before you can remove the R&S FSV/A from a secured area (for example to perform
service or calibration), all classified user data needs to be removed.
Instrument Declassification
Overview for declassification of the R&S FSV/A depending on the configuration
The options R&S FSV3-B20 (removable hard drive) and R&S FSV3-K33 (security write
protection of solid state drive) determine the sanitization procedures for the
R&S FSV/A as shown in Figure 5-1.
Refer also to Types of Memory and Information Storage in the R&S FSV/A, Secure
User Mode, and chapter Protecting Data Using the Secure User Mode in the user man-
ual of the R&S FSV/A, see www.rohde-schwarz.com/manual/fsv3000/.
Figure 5-1 illustrates the different ways of data storage and sanitization procedures,
depending on the options the instrument is equipped with.
8Instrument Security Procedures 1179.0097.02 ─ 01
R&S®FSVA3000 / R&S®FSV3000
Instrument Declassification
Figure 5-1: Sanitizing overview: R&S FSV/A with and without R&S FSV3-B20 (removable hard drive)
and R&S FSV3-K33
You can declassify the R&S FSV/A as shown in the diagram.
These declassification procedures meet the needs of customers working in secured
areas.
9Instrument Security Procedures 1179.0097.02 ─ 01
R&S®FSVA3000 / R&S®FSV3000
6 Functionality Outside the Secured Area
To establish the functionality outside the secured area:
1. Configuration without option R&S FSV3-B20 (removable hard drive)
a) Turn on the R&S FSV/A.
The internal SSD memory module holds all instrument data for operation.
2. Configuration with option R&S FSV3-B20 (removable hard drive)
As the CFAST memory card holds the operating system, the R&S FSV/A cannot be
operated without a CFAST memory card. For servicing and calibration,
Rohde & Schwarz provides a separate removable CFAST memory card (option
R&S FSV3-B18). This CFAST memory card contains the operating system and
required instrument data.
To establish the functionality:
a) Insert a second CFAST memory card (R&S FSV3-B18).
This memory card enables the R&S FSV/A to start the operating system.
b) Turn on the R&S FSV/A.
Functionality Outside the Secured Area
The instrument is ready for use.
7 Validity of Instrument Calibration after
Declassification
Calibration makes sure that measurements comply to the specified characteristics.
Rohde & Schwarz recommends that you follow the calibration cycle suggested for your
instrument.
The R&S FSV/A uses two different sets of alignment data.
Factory alignment data
These data are saved on EEPROMs. Therefore, replacing one removable CFAST
memory card with another card does not affect the availability of the factory alignment
data.
User action: none required.
Self alignment data
These data are saved on the CFAST memory card or the SSD.
User action: In the following cases, user action is required:
●
When the CFAST memory card was replaced, the self alignment has to be run
once.
10Instrument Security Procedures 1179.0097.02 ─ 01
R&S®FSVA3000 / R&S®FSV3000
●
When option R&S FSV3-K33 (security write protection) is enabled, the self alignment data cannot be written to the SSD or CFAST card.
In this case, two solutions are possible:
– Run a self alignment always after powering on the instrument. The self align-
ment data will not be stored on the instrument permanently.
– Temporarily disable the R&S FSV3-K33, security write protection, as described
in Securing Self Alignment Data when Security Write Protection is Enabled
8 Securing Self Alignment Data when Secur-
ity Write Protection is Enabled
When the security write protection (R&S FSV3-K33) is enabled, the R&S FSV/A redirects the self alignment data to the volatile memory (SDRAM). The SDRAM memory
loses its data when you power off the instrument.
Securing Self Alignment Data when Security Write Protection is
Enabled
Note that the instrument has sufficient warm-up time before you perform the self-alignment.
To make sure, that no self alignment data get lost, keep closely to the instructions:
1. Deactivate the write protection of the SSD or the CFAST memory card to allow the
alignment data to be saved on the card. The write protection is disabled by deactivating the secure user mode (requires administrator login):
Note: If you do not remove the write protection before, the self alignment data get
lost when you power off the instrument. As a result, the measurement values can
deviate later on.
a) Select [SETUP] > "System Configuration".
b) In the "Config" tab, select "Secure User Mode > Off".
This change does not take effect until you have restarted the instrument.
c) Reboot the R&S FSV/A.
2. Perform the self-alignment:
a) Select [SETUP].
b) Select the "Alignment" softkey.
c) Select "Start Self Alignment" button.
Once the system correction values have been calculated successfully, the
R&S FSV/A prompts a message.
The R&S FSV/A saves the self-alignment data on the SSD or the CFAST memory
card .
To reactivate the secure user mode:
1. Select [SETUP] > "System Configuration".
11Instrument Security Procedures 1179.0097.02 ─ 01
R&S®FSVA3000 / R&S®FSV3000
2. In the "Config" tab, select "Secure User Mode > On".
3. Reboot the R&S FSV/A to accept the change.
9 Secure User Mode
(R&S FSV3-K33, Security Write Protection)
If users must not obtain knowledge of other user's data, the optional secure user mode
is available. If enabled, the SSD is write-protected so that no information can be written
to its memory permanently. Data that the R&S FSV/A normally saves on the SSD is
redirected to volatile memory instead, which is not a security concern.
Data that is saved in volatile memory can be accessed just as in normal operation.
When the instrument’s power is removed, all data in this memory is cleared. Thus, in
secure user mode, the R&S FSV/A always starts in a defined, fixed state when turned
on.
Secure User Mode
10 Special Considerations for USB Ports
USB ports can pose a security risk in high-security locations. Generally, this risk comes
from small USB pen drives, also known as memory sticks or key drives. They can be
easily concealed and can quickly read/write several Gbyte of data.
Disabling USB ports for writing user data
You can disable the write capability on the USB ports of the R&S FSV/A with a software utility.
If your R&S FSV/A is equipped with option R&S FSV3-B33 (USB mass memory write
protection), the software utility is already installed on the instrument.
Without option R&S FSV3-B33, Rohde & Schwarz provides the software utility on the
R&S FSV/A website attached to this document, see (https://www.rohde-schwarz.com/
manual/fsv3000/ and www.rohde-schwarz.com/manual/fsva3000.html).
Proceed as follows:
1. Download the software utility.
2. Copy the software utility to the R&S FSV/A.
3. Run it once.
After a reboot of the instrument, the write capability on any USB memory device is disabled.
12Instrument Security Procedures 1179.0097.02 ─ 01
R&S®FSVA3000 / R&S®FSV3000
Special Considerations for USB Ports
© 2019 Rohde & Schwarz GmbH & Co. KG
Mühldorfstr. 15, 81671 München, Germany
Phone: +49 89 41 29 - 0
Fax: +49 89 41 29 12 164
Email: info@rohde-schwarz.com
Internet: www.rohde-schwarz.com
Subject to change – Data without tolerance limits is not binding.
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG.
Trade names are trademarks of the owners.
13Instrument Security Procedures 1179.0097.02 ─ 01
Loading...