Tektronix DPO77002SX, DPO75902SX, DPO75002SX, DPO71604SX, DPO71304SX Declassification and Security Instructions
DPO70000SX Series
Declassification and Security
Instructions
*P077104202*
077-1042-02
DPO70000SX Series
Declassification and Security
Instructions
Warning
The servicing instructions are for use by qualified personnel only. To avoid
personal injury, do not perform any servicing unless you are qualified to do
so. Refer to all safety summaries prior to performing service.
www.tek.com
077-1042-02
Copyright © Tektronix. All rights reserved. Licensed software products are owned by Tektronix or its subsidiaries or suppliers, and are
protected by national copyright laws and international treaty provisions. Tektronix products are covered by U.S. and foreign patents, issued
and pending. Information in this publication supersedes that in all previously published material. Specifications and price change privileges
reserved.
TEKTRONIX and TEK are registered trademarks of Tektronix, Inc.
Contacting Tektronix
Tektronix, Inc.
14150 SW Karl Braun Drive
P.O. Box 500
Beaverton, OR 97077
USA
For product information, sales, service, and technical support:
■
In North America, call 1-800-833-9200.
■
Worldwide, visit www.tek.com to find contacts in your area.
Table of Contents
Preface ................................................................................................................................................................ iii
Clear and sanitize procedures
Memory devices ............................................................................................................................................. 1
Terminology .............................................................................................................................................. 1
Media and data export devices ...................................................................................................................... 3
Clearing solid state disk drives ................................................................................................................. 4
Removing a removable solid state drive .................................................................................................. 4
Disabling USB capability .......................................................................................................................... 4
To disable LAN ethernet connectivity using the BIOS .............................................................................. 5
Removable solid state drive ........................................................................................................................... 5
PC ram size .................................................................................................................................................... 6
Troubleshooting
How to clear or sanitize a Non-Functional instrument .................................................................................... 7
Solid state drive ........................................................................................................................................ 7
External memory devices ......................................................................................................................... 7
Charges .................................................................................................................................................... 7
How to recover from clearing or removing the instrument memory ............................................................... 7
Change log
DPO70000SX Series Declassification and Security Instructions i
Table of Contents
ii DPO70000SX Series Declassification and Security Instructions
Preface
This document helps customers with data security concerns to sanitize or remove memory devices from their instrument.
This series of instruments contains an open architecture PC with removable mass storage. You can order additional removable
mass storage devices to swap in and out of the instrument as needed for security reasons.
These products have data storage (memory) devices and data export interfaces (USB ports, Ethernet, and eSATA). These
instructions describe how to clear or sanitize the memory devices and disable the data output interfaces. The instructions also
describe how to declassify an instrument that is not functioning.
Reference
The procedures in this document are written to meet the requirements specified in:
■
NISPOM, DoD 5220.22–M, Chapter 8
■
ISFO Process Manual for Certification & Accreditation of Classified Systems under NISPOM
Products
The following Tektronix products are covered by this document:
■
DPO77002SX
Terms
■
DPO75902SX
■
DPO75002SX
■
DPO73304SX
■
DPO72304SX
■
DPO71604SX
■
DPO71304SX
The following terms may be used in this document:
■
Clear. This eradicates data on media/memory before reusing it in a secured area. All reusable memory is cleared to deny
access to previously stored information by standard means of access.
■
Erase. This is equivalent to clear.
■
Media. Storage/data export device. A device that is used to store or export data from the instrument, such as a USB port/
USB flash drive.
■
Sanitize. This removes the data from media/memory so that the data cannot be recovered using any known technology.
This is typically used when the device will be moved (temporarily or permanently) from a secured area to a nonsecured
area.
■
Scrub. This is equivalent to sanitize.
■
Remove. This is a physical means to clear the data by removing the memory device from the instrument. Instructions are
available in the product service manual.
■
User Accessible. User is able to directly retrieve the memory device contents.
DPO70000SX Series Declassification and Security Instructions iii
Preface
■
User-Modifiable. The memory device can be written to by the user during normal instrument operation, using the
instrument user interface or remote control.
■
Volatile memory. Data is lost when the instrument is powered off.
■
Nonvolatile memory. Data is retained when the instrument is powered off.
■
Power off. Some instruments have a “Standby” mode, in which power is still supplied to the instrument. For the purpose of
clearing data, putting the instrument in Standby mode does not qualify as powering off. For these products, you must either
press a rear-panel OFF switch or remove the power source from the instrument.
■
Instrument Declassification. A term that refers to procedures that must be undertaken before an instrument can be
removed from a secure environment. Declassification procedures include memory sanitization and memory removal, and
sometimes both.
iv DPO70000SX Series Declassification and Security Instructions
Clear and sanitize procedures
Memory devices
The following tables list the volatile and nonvolatile memory devices in the instrument.
Terminology
The following terms are used in the tables in this section:
■
User data – Describes the type of information stored in the device. Refers to waveforms or other measurement data
representing signals connected to the instrument by users.
■
User settings – Describes the type of information stored in the device. Refers to instrument settings that can be changed by
the user.
■
Both – Describes the type of information stored in the device. It means that both user data and user settings are stored in
the device.
■
None – Describes the type of information stored in the device. It means that neither user data or user settings are stored in
the device.
■
Directly – Describes how data is modified. It means that the user can modify the data.
■
Indirectly – Describes how data is modified. It means that the instrument system resources modify the data and that the user
cannot modify the data.
Table 1: Volatile memory devices
Type and
minimum
size
SDRAM,
512M X
16 up to
1024M X
64 bits
PC RAM PC
ram size on
page 6
SDRAM,
512M X
16 bits up to
1024M X
16 bits
Function Type of
user info
stored
Acquisition
memory for
holding and
processing
waveforms,
and
processor
system
RAM
PC
motherboar
d
Acquisition
memory for
holding and
processing
digital
waveforms
User data No Indirectly Written by
User data No Indirectly Written by
User data No Indirectly Written by
Backed-up
by battery
Method of
modification
Data input
method
processor
system and
ASICs
processor
system
processor
system
Location User
accessible
Analog
acquisition
board
PC
motherboar
d or COM-E
module
Digital
acquisition
board
Yes Remove
Yes Remove
Yes Remove
To clear To sanitize
Remove
power from
the
instrument
for at least
20 seconds
power from
the
instrument
for at least
20 seconds
power from
the
instrument
for at least
20 seconds
power from
the
instrument
for at least
20 seconds
Remove
power from
the
instrument
for at least
20 seconds
Remove
power from
the
instrument
for at least
20 seconds
DPO70000SX Series Declassification and Security Instructions 1
Clear and sanitize procedures
Table 2: Nonvolatile memory devices
Type and
minimum
size
Removable
hard drive
Removable
solid state
drive on
page 5
EEPROM,
4096 bits
EEPROM,
1024 bits
SPI Flash
2 Megabits
Function Type of user
info stored
Holds all userstorable data
(waveforms
and
instrument
settings)
PCI/PCIe
local bus
settings
PCI/PCIe
bridge
settings
Option key,
event log,
serial number,
and model
number
User data and
user settings
None User cannot
None User cannot
None Directly Programmed
Method of
modification
Directly and
indirectly
modify
modify
Data input
method
Windows UI
and
TekScope UI
Programmed
at factory
Programmed
at factory
at factory.
Option keys
can be input
by the user
Location User
accessible
Rear panel Yes Removable
Acquisition
board
Acquisition
board
Acquisition
board
No Not
No Not
Yes Not
To clear To sanitize
solid state
drive on
page 5
applicable,
does not
contain user
data or
setting.
Clearing
would disable
instrument
functionality.
applicable,
does not
contain user
data or
setting.
Clearing
would disable
instrument
functionality.
applicable,
does not
contain user
data or
settings.
Clearing
would disable
instrument
functionality
Removable
solid state
drive on
page 5
Not
applicable,
does not
contain user
data or
settings.
Sanitizing
would disable
instrument
functionality
Not
applicable,
does not
contain user
data or
settings.
Sanitizing
would disable
instrument
functionality
Not
applicable,
does not
contain user
data or
settings.
Sanitizing
would disable
instrument
functionality.
2 DPO70000SX Series Declassification and Security Instructions
Clear and sanitize procedures
Type and
minimum
size
NVRAM,
16 Megabits
NVRAM,
4 Megabytes
Function Type of user
info stored
Calibration
data
Motherboard
BIOS and
BIOS settings
None User cannot
None Directly BIOS UI. User
Method of
modification
modify
Data input
method
Programmed
at factory
can change
BIOS settings.
Location User
accessible
Acquisition
board
PC
motherboard
No Not
Yes Not
To clear To sanitize
Not
applicable,
does not
contain user
data or
settings.
Clearing
would disable
instrument
functionality
applicable,
does not
contain user
data or
settings.
Clearing
would disable
instrument
functionality
applicable,
does not
contain user
data or
settings.
Sanitizing
would disable
instrument
functionality
Not
applicable,
does not
contain user
data or
settings.
Sanitizing
would disable
instrument
functionality
Media and data export devices
The following table lists the data export devices in the instrument.
Table 3: Media and Data export devices
Type and
minimum size
USB port Supports
Ethernet User storage of
Function Method of
modification
Directly Directly by system
removable USB
flash drive. User
storage of
reference
waveforms, screen
images, and
instrument setups
Directly System resources Ethernet port on
reference
waveforms, screen
images, and
instrument setups
and installation of
software
Data input
method
resources
Location User accessible To disable
USB host ports on
front or rear of
instrument
rear of instrument
Yes Remove all USB
memory devices.
USB devices can
be formatted,
stored in a secure
area, or destroyed.
USB ports can be
disabled. Disabling
USB capability on
page 4
Yes Disconnect from
Network cable.
Ethernet port can
be disabled. To
disable LAN
ethernet
connectivity using
the BIOS on
page 5
DPO70000SX Series Declassification and Security Instructions 3
Clear and sanitize procedures
Clearing solid state disk drives
NOTE. The following procedure covers only Tektronix installed software.
If your organization's security protocols allow the use of software to purge or clear solid state drives, you can use commercial
software to erase free space on the drive before sending the instrument out for upgrades or repair. Follow the instructions that
come with the software to be sure that the erasure of sensitive data from the drive complies with your organization's security
protocols.
On solid state drives, the drive and the operating system work together to reallocate sectors on the drive to even out the wear of
the storage cells. Make sure that software you use to purge or clear a solid state drive is approved for solid state drives.
CAUTION. Before clearing the drive to meet security requirements, be sure that an OS-restore disk and product software restore
disk are available and that you have the procedures needed to restore the OS and product software.
Sequence for clearing secure data from a drive:
1. Erase all files with the following extensions:
■
*.png; *.bmp;*.pcx, *.tif, *.jpg – These file types can be screenshots that can contain valuable information.
■
*.msk, *.set, *.wfm, *.csv, *.txt, *.dat – These file types can contain data exported from the instrument (setup,
waveforms, measurement results).
2. Acquire several full memory-length acquisitions of noise (no signal attached to the input).
3. Close the TekScope application and erase the free space on the hard disk using commercial software.
Removing a removable solid state drive
For detailed information on removing parts from the instrument, see the DPO70000SX Series Service Manual, Tektronix part
number 077-1041-xx.
WARNING. Before doing this procedure, disconnect the power cord from the line voltage source. Failure to do so could cause
serious injury or death.
CAUTION. To avoid damaging the drive, perform the following procedure in a static-safe environment with proper electro-static
discharge controls in place.
DPO70000SX series instruments.
1. Loosen the thumbscrews on the removable drive panel.
2. Pull the removable drive out from the instrument.
Disabling USB capability
The following instructions describe how to disable the built-in USB capability. Using the BIOS disables the devices for DOS and
Windows programs, while the Windows Device Manager disables the devices for Windows programs. These procedures disable
USB to prevent its use.
NOTE. If you disable the USB and LAN in the following procedures, you cannot write new firmware to the hard drive. To do so,
you must enable one of these items.
4 DPO70000SX Series Declassification and Security Instructions
Clear and sanitize procedures
To disable USB using the BIOS.
1. Press Delete during instrument Boot Up to go to the BIOS configuration menu.
2. Go to Chipset\PCH-IO Configuration.
3. Go to USB Configuration.
4. Set USB Ports Per-Port to Enabled.
5. Set all ports to Disabled. (To continue using the touchscreen, leave port 9 enabled.)
6. Hit Esc twice to return to the main BIOS configuration menu.
7. Go to Security > Administrator Password. Press Enter.
8. Specify a password. You will be asked to confirm the password by entering it again. Note the password, and store it in a
safe place for future use.
9. Exit Saving Changes by pressing F4, and selecting Yes.
To disable LAN ethernet connectivity using the BIOS
1. Press Delete during instrument Boot Up to go to the BIOS configuration menu.
2. Go to Advanced BIOS Settings\Chipset Settings\PCH-IO Configuration.
3. Set both LAN1 Controller and LAN2 Controller to Disabled.
4. Press Esc once to return to the main BIOS configuration menu.
NOTE. If you do not use a BIOS password, the LAN can be reactivated by any user.
5. Press F4, and select OK to save changes and exit. The LAN system will be disabled and will no longer allow data traffic in
or out.
Removable solid state drive
All user-storable data is stored on the removable drive. Sanitize or replace the drive in a manner that meets local and any other
security requirements that you have.
NOTE. To see the size of the drive, refer to the (C:) local disk properties window.
NOTE. Be sure that you create OS Restore media before scrubbing the hard drive/solid state drive or moving the instrument into
a secure area.
After the drive is sanitized or replaced, the operating system and instrument software can be reinstalled. Following reinstallation
of the operating system and product software, you must run the Signal Path Compensation (SPC) procedure in the Utilities menu
after a 20-minute warm-up period. This returns the instrument solid state drive to the initial state shipped from the factory.
Scrubbing the drive will not affect calibration of the instrument, since the factory calibration constants are stored on the
acquisition board, entirely separate from any acquisition data or user files. You can completely erase or remove any secure data
without affecting the calibration of the instrument. You can also calibrate the instrument in a nonsecure site, and then use the
instrument in a secure area without recalibration.
DPO70000SX Series Declassification and Security Instructions 5
Clear and sanitize procedures
PC ram size
To see the size of the PC RAM in the instrument, refer to the General tab of the Windows System Properties dialog box.
6 DPO70000SX Series Declassification and Security Instructions
Troubleshooting
How to clear or sanitize a Non-Functional instrument
If your instrument is not functioning, you may proceed as follows:
Solid state drive
Remove the drive and return the product to Tektronix. A new drive will be installed and the instrument will be repaired and
adjusted as necessary. Alternatively you may use the Removable Solid State Drive procedure before returning the product to
Tektronix. Removable solid state drive on page 5
For removal instructions, refer to the instrument service manual, available on the Tektronix Web site at www.tektronix.com/
manuals.
External memory devices
Remove any attached USB flash drive or external hard drives from the instrument before returning the instrument to Tektronix for
repair.
Refer to your company’s internal policies regarding handling or disposal of the external memory device.
Charges
Replacement of any missing hardware will be charged according to the rate at the time of replacement.
How to recover from clearing or removing the instrument memory
After the hard drive/solid state drive is sanitized, the operating system and instrument software must be reinstalled.
DPO70000SX Series Declassification and Security Instructions 7
Troubleshooting
8 DPO70000SX Series Declassification and Security Instructions
Change log
Document part
number
-02 June 18, 2019 Added DPO71604SX and DPO71604SX models to
-
-
-
-
-
Revision date Change description
document.
DPO70000SX Series Declassification and Security Instructions 9
Change log
10 DPO70000SX Series Declassification and Security Instructions
Loading...