Tektronix MDO3012,MDO3014,MDO3022,MDO3024,MDO3032,MDO3034,MDO3052,MDO3054,MDO3102,MDO3104, MDO3000 Series Oscilloscope Declassification and Security Instructions
MDO3000 Series Declassification and Security Instructions i
Table of Contents
ii MDO3000 Series Declassification and Security Instructions
Preface
This document helps customers with data security concerns to sanitize or remove
memory devices from the Tektronix MDO3000 Series Mixed Domain
Oscilloscopes.
These products have data storage (memory) devices and data output devices.
These instructions tell how to clear or sanitize the memory devices and disable
the data output devices. The instructions also tell how to declassify an instrument
that is not functioning.
Instrument code and calibration settings reside in nonvolatile flash memory.
Instrument setups and reference waveforms may also be stored in flash memory
or on USB drives connected to the instrument.
If you have any questions, contact the Tektronix Technical Support Center at
www.tektronix.com/support.
Reference
The procedures in this document are written to meet the requirements specified
in:
■
NISPOM, DoD 5220.22–M, Chapter 8
■
ISFO Process Manual for Certification & Accreditation of Classified Systems
under NISPOM
Products
The following Tektronix products are covered by this document:
■
MDO3012
■
MDO3014
■
MDO3022
■
MDO3024
■
MDO3032
■
MDO3034
■
MDO3052
■
MDO3054
■
MDO3102
■
MDO3104
Required documents
To perform the procedures in this document, you might need access to the
MDO3000 series manuals listed below. These manuals are available on the
Tektronix Web site at www.tektronix.com/downloads.
■
MDO3000 Series Service Manual (Tektronix part number, 077-0981-xx)
■
MDO3000 Series Technical Reference Manual (Tektronix part number,
077-0979-xx)
MDO3000 Series Declassification and Security Instructions iii
Preface
Terms used in this document
The following terms may be used in this document:
■
Clear. This removes data on media/memory before reusing it in a secured
area. All reusable memory is cleared to deny access to previously stored
information by standard means of access.
■
Erase. This is equivalent to clear.
■
Instrument Declassification. A term that refers to procedures that must be
undertaken before an instrument can be removed from a secure environment.
Declassification procedures include memory sanitization and memory
removal, and sometimes both.
■
Media storage/data export device. Any of several devices that can be used
to store or export data from the instrument, such as a USB port.
■
Nonvolatile memory. Data is retained when the instrument is powered off.
■
Power off. Some instruments have a “Standby” mode, in which power is still
supplied to the instrument. For the purpose of clearing data, putting the
instrument in Standby mode does not qualify as powering off. For these
products, you will need to either press a rear-panel OFF switch or remove the
power source from the instrument.
■
Remove. This is a physical means to clear the data by removing the memory
device from the instrument. Instructions are available in the product Service
Manual.
■
Sanitize. This eradicates the data from media/memory so that the data cannot
be recovered by other means or technology. This is typically used when the
device will be moved (temporarily or permanently) from a secured area to a
non-secured area.
■
Scrub. This is equivalent to sanitize.
■
User Accessible. User is able to directly retrieve the memory device
contents.
■
User-modifiable. User can write to the memory device during normal
instrument operation, using the instrument interface or remote control.
■
Volatile memory. Data is lost when the instrument is powered off.
iv MDO3000 Series Declassification and Security Instructions
Preface
Device terms
The following terms are used with the memory devices in this document:
■
User data. Describes the type of information stored in the device. Refers to
waveforms or other measurement data representing signals connected to the
instrument by users.
■
User settings. Describes the type of information stored in the device. Refers
to instrument settings that can be changed by the user.
■
Both. Describes the type of information stored in the device. It means that
both user data and user settings are stored in the device.
■
None. Describes the type of information stored in the device. It means that
neither user data nor user settings are stored in the device.
■
Directly. Describes how data is modified. It means that the user can modify
the data.
■
Indirectly. Describes how data is modified. It means that the instrument
system resources modify the data and that the user cannot modify the data.
MDO3000 Series Declassification and Security Instructions v
Preface
vi MDO3000 Series Declassification and Security Instructions
Memory devices
The following sections list the volatile and nonvolatile memory devices in the
standard instrument and listed options.
Volatile memory devices
DDR3
Type and size1 GB standard
FunctionHolds active analog acquisition data
Type of user information
stored
Backed up by battery?No
Method of modificationIndirectly
Data input methodFirmware operations
LocationMain board
User accessibleNo
To clearRemove power from the instrument for at least 20 seconds.
Process to sanitizeRemove power from the instrument for at least 20 seconds.
User data
SDRAM
Type and sizeSDRAM 128 GB (standard)
FunctionHolds active digital acquisition data
Type of user information
stored
Backed up by battery?No
Method of modificationIndirectly
Data input methodFirmware operations
LocationMain board
User accessibleNo
To clearRemove power from the instrument for at least 20 seconds.
Process to sanitizeRemove power from the instrument for at least 20 seconds.
SDRAM
Type and sizeSDRAM 32 MB (standard)
FunctionASIC execution memory
Type of user information
stored
Backed up by battery?No
Method of modificationindirectly
Data input methodFirmware operations
User data
User data and settings
MDO3000 Series Declassification and Security Instructions 1
Memory devices Volatile memory devices (cont.)
LocationMain board
User accessibleNo
To clearRemove power from the instrument for at least 20 seconds.
Process to sanitizeRemove power from the instrument for at least 20 seconds.
DDR3
Type and sizeDDR3 1 GB (standard)
FunctionMicroprocessor system memory
Type of user information
stored
Backed up by battery?No
Method of modificationDirectly
Data input methodWritten by processor system
LocationMain board
User accessibleNo
To clearRemove power from the instrument for at least 20 seconds.
Process to sanitizeRemove power from the instrument for at least 20 seconds.
User data and settings
SRAM
Type and sizeSRAM 125 kB (standard)
FunctionArbitrary waveform storage
Type of user information
stored
Backed up by battery?No
Method of modificationIndirectly
Data input methodFirmware operations
LocationIO board
User accessibleNo
To clearRemove power from the instrument for at least 20 seconds.
Process to sanitizeRemove power from the instrument for at least 20 seconds.
User data
2 MDO3000 Series Declassification and Security Instructions
Memory devices
Nonvolatile memory devices
Flash 128 MB
Type and sizeFlash 128 MB
FunctionHolds instrument calibration data, serial number, option key, instrument operating system and
application software. Also holds all user-storable data, such as waveforms, measurement results,
and instrument settings.
Type of user information
stored
Method of modificationIndirectly
Data input methodFirmware operations, user input
LocationMain board
User accessibleNo
To clearNot applicable for calibration constants.
Process to sanitizeNot applicable for calibration constants.
User data, user settings
Use the procedure Use TekSecure to erase memory contents to erase reference waveforms and
instrument setups. Then use the procedure Disable the LAN port and clear the LAN Eithernet
settings to disable the LAN ethernet and to clear information, such as IP addresses.
Use the procedure Use TekSecure to erase memory contents to erase reference waveforms and
instrument setups. Then use the procedure Disable the LAN port and clear the LAN Eithernet
settings to disable the LAN ethernet and to clear information, such as IP addresses.
Serial real-time clock
Type and sizeSerial real-time clock
FunctionReal-time clock with battery backup
Type of user information
stored
Method of modificationIndirectly
Data input methodNot applicable
LocationMain board
User accessibleNot applicable
To clearNot applicable, no user data
Process to sanitizeNot applicable, no user data
EEPROM
Type and sizeEEPROM 1 Kbit
FunctionHolds signal generator calibration data
Type of user information
stored
Method of modificationIndirectly
Data input methodNot applicable
LocationIO board
User accessibleNot applicable
Time/date
None
MDO3000 Series Declassification and Security Instructions 3
Memory devices Nonvolatile memory devices (cont.)
To clearNot applicable, no user data
Process to sanitizeNot applicable, no user data
EEPROM
Type and sizeEEPROM 1 Kbit
FunctionApplication module firmware
Type of user information
stored
Method of modificationNot applicable
Data input methodNot applicable
LocationMDO3000 application modules
User accessibleNot applicable
To clearNot applicable, no user data
Process to sanitizeNot applicable, no user data
None
Media and data export devices
Two USB host portsSupports removable USB flash drive
FunctionUser storage of reference waveforms, screen images, and instrument setups
Method of modificationDirectly
Data input methodUser writeable
LocationOne USB host port on the front of the instrument
On USB host port on the rear of the instrument
Files can be deleted or over-written on the oscilloscope or on a PC. USB flash drive can be
removed or destroyed.
User accessibleYes
Process to disableThe USB host port cannot be disabled with MDO3000 Series instruments without the MDO3SEC
option.
If your instrument has the MDO3SEC option, perform the procedure Use the MDO3SEC option to
disable all IO ports to disable the two USB host ports.
USB device port
FunctionSupports remote control and data transfer to a PC.
Method of modificationDirectly
Data input methodRemote control via USBTMC
LocationUSB device port on rear of the instrument
User accessibleYes
4 MDO3000 Series Declassification and Security Instructions
Media and data export devices (cont.) Memory devices
Process to disable (for
instruments with the
MDO3SEC option)
Process to disable (for
instruments without the
MDO3SEC option)
LAN Ethernet connector
FunctionTransfer data
Method of modificationDirectly
Data input methodNot applicable
LocationCAT5 connector on rear of the instrument
User accessibleYes
Process to disable (for
instruments with the
MDO3SEC option)
Process to disable (for
instruments without the
MDO3SEC option)
Perform the procedure Use the MDO3SEC option to disable all I/O ports to disable the device
ports.
Perform the procedure Disable the USB device port to disable the USB device port.
Perform the procedure Use the MDO3SEC option to disable all I/O ports to disable the device
ports.
Perform the procedure Disable the LAN port and clear the LAN Ethernet settings to disable the
Ethernet port.
MDO3000 Series Declassification and Security Instructions 5
Memory devices Media and data export devices (cont.)
6 MDO3000 Series Declassification and Security Instructions
Clear and sanitize procedures
NOTE. Sanitizing or clearing the instrument cannot be reversed. But the
instrument application software and calibration information is left unchanged
after the sanitizing or clearing operations. There is no need for a postsanitization or clear procedure for the MDO3000 Series of instruments. The
instrument can begin normal use and function immediately after the sanitizing or
clearing procedures.
Disable the USB device port
Complete the following steps to disable the USB device.
1. Remove any USB cable or device from the USB device port on the rear of
the instrument.
2. Push the front-panel Utility button.
3. Push the Utility Page lower-bezel button and use the Multipurpose a knobto select I/O.
4. Push the USB lower-bezel button.
5. Push the Disabled (Off Bus) side-bezel button to disable the USB device
port.
The USB device port is now disabled and no longer allows traffic in or out of the
port.
Use the MDO3SEC option to disable all I/O ports
If your instrument has the MDO3SEC option installed, use the following
procedure to turn off all of the I/O ports.
1. Push the front-panel Utility button.
2. Push the Utility Page lower-bezel button and use the Multipurpose a knobto select Security.
3. Push the Security Password lower-bezel button.
4. Use the Multipurpose knob to enter a password.
5. Push the I/O Ports lower-bezel button.
To disable all USB and Ethernet ports on the oscilloscope, push the OK
Disable All Ports on the side-bezel button.
6. Push the Menu Off front-panel button to close the dialog box.
7. Power off the oscilloscope, and then power it back on to complete the
process.
MDO3000 Series Declassification and Security Instructions 7
Clear and sanitize procedures
To reset the instrument RAM, do the following:
1. Power off the instrument for at least 20 seconds.
2. Power on the instrument.
Disable the LAN port and clear the LAN Ethernet settings
To disable the LAN port and clear LAN Ethernet settings, such as IP addresses,
complete the steps in this procedure.
CAUTION. This procedure clears network connectivity information. Record all of
the settings before clearing them.
1. Remove the network cable from the LAN port on the rear of the instrument.
2. Push the front-panel Default Setup button.
3. Push the front-panel Utility button.
4. Push the Utility Page lower-bezel button and use the Multipurpose a knobto select I/O.
5. Push the Network Configuration lower-bezel button.
6. Push the Manual side-bezel button. Wait for this operation to complete.
7. Push the Set IP Address Manually side-bezel button.
8. Push the ↑ or ↓ arrow side-bezel button to position the cursor on the
Instrument IP Address field.
9. Push the Clear lower-bezel button.
10. Push the ↓ arrow side-bezel button to position the cursor on the Gateway IP
Address field.
11. Push the Clear lower-bezel button.
12. Push the ↓ arrow side-bezel button to position the cursor on the Subnet
Mask field.
13. Push the Clear lower-bezel button.
14. Push the ↓ arrow side-bezel button to position the cursor on the DNS IP
Address field.
15. Push the Clear lower-bezel button.
16. Push the OK Accept side-bezel button.
17. Push the Ethernet and LXI lower-bezel button.
18. Push the –more- 1 of 2 side bezel button to get to the second page of side
bezel menus.
19. Push the Change Names side-bezel button.
8 MDO3000 Series Declassification and Security Instructions
Clear and sanitize procedures
20. Push the ↑ or ↓ arrow side-bezel button to position the cursor on the
Hostname field.
21. Push the Clear lower-bezel button.
22. Push the ↓ arrow side-bezel button to position the cursor on the Domain
Name field.
23. Push the Clear lower-bezel button.
24. Push the ↓ arrow side-bezel button to position the cursor on the Service
Name field.
25. Push the Clear lower-bezel button.
26. Push the OK Accept side-bezel button.
27. Push the Change e*Scope and LXI Password side-bezel button.
28. Push the Clear lower-bezel button.
29. Push the OK Accept side-bezel button.
The LAN system is disabled and no longer allows data traffic in or out. The
relevant LAN Ethernet settings are also cleared.
Enable the USB device port
Complete the following steps to enable the USB device.
1. Push the front panel Default Setup button.
2. Push the front-panel Utility button.
3. Push the Utility Page lower-bezel button and use the Multipurpose a knobto select I/O.
4. Push the USB lower-bezel button.
5. Push the Connect to Computer or Connect to PictBridge Printer side-
bezel button to enable the USB device port.
MDO3000 Series Declassification and Security Instructions 9
Clear and sanitize procedures
Use the MDO3SEC option to enable the IO ports
If your instrument has the MDO3SEC option installed, use the following
procedure to turn on all of the I/O ports.
1. Push the front-panel Utility button.
2. Push the Utility Page lower-bezel button and use the Multipurpose a knobto select Security.
3. Push the Security Password lower-bezel button.
4. Use the Multipurpose knob to enter a password.
5. Push the I/O Ports lower-bezel button.
To disable all USB and Ethernet ports on the oscilloscope, push the OK
Enable All Ports on the side-bezel button.
6. Push the Menu Off front-panel button to close the dialog box.
7. Power off the oscilloscope, and then power it back on to complete the
process.
Enable the LAN port and set the LAN Ethernet settings
To Enable the LAN port and set the LAN Ethernet settings, such as IP addresses,
complete the steps in this procedure.
1. Push the front panel Default Setup button.
2. Push the front-panel Utility button.
3. Push the Utility Page lower-bezel button and use the Multipurpose a knobto select I/O.
4. Push the Network Configuration lower bezel button.
5. Push the Manual side bezel button. Wait for this operation to complete.
6. Push the Set IP Address Manually side bezel button.
7. Push the ↑ or ↓ arrow side-bezel button to position the cursor on the
Instrument IP Address field.
8. Enter the relevant field data using the lower bezel buttons and Multipurpose
a knob.
9. Push the ↓ arrow side-bezel button to position the cursor on the Gateway IP
Address field.
10. Enter the relevant field data using the lower bezel buttons and Multipurpose
a knob.
11. Push the ↓ arrow side-bezel button to position the cursor on the Subnet
Mask field.
12. Enter the relevant field data using the lower bezel buttons and Multipurpose
a knob.
10 MDO3000 Series Declassification and Security Instructions
Clear and sanitize procedures
13. Push the ↓ arrow side-bezel button to position the cursor on the DNS IP
Address field.
14. Enter the relevant field data using the lower bezel buttons and Multipurpose
a knob.
15. Push the OK Accept side-bezel button.
16. Push the Ethernet and LXI lower-bezel button.
17. Push the –more- 1 of 2 side bezel button to get to the second page of side
bezel menus.
18. Push the Change Names side-bezel button.
19. Push the ↑ or ↓ arrow side-bezel button to position the cursor on the
Hostname field.
20. Enter the relevant field data using the lower bezel buttons and Multipurpose
a knob.
21. Push the ↓ arrow side-bezel button to position the cursor on the Domain
Name field.
22. Enter the relevant field data using the lower bezel buttons and Multipurpose
a knob.
23. Push the ↓ arrow side-bezel button to position the cursor on the Service
Name field.
24. Enter the relevant field data using the lower bezel buttons and Multipurpose
a knob.
25. Push the OK Accept side-bezel button.
26. Push the Change e*Scope and LXI Password side-bezel button.
27. Enter the relevant field data using the lower bezel buttons and Multipurpose
a knob.
28. Push the OK Accept side-bezel button.
MDO3000 Series Declassification and Security Instructions 11
Clear and sanitize procedures
12 MDO3000 Series Declassification and Security Instructions
Built-in security features
When to use TekSecure
™
Use the TekSecure function to erase setup and reference waveform data stored in
internal flash memory. Using TekSecure will not affect the calibration of the
instrument because the calibration constants are stored on the Acquisition board,
completely separate from any acquisition data. This allows complete erasure or
removal of any secure data without affecting the oscilloscope calibration. It also
allows the oscilloscope to be calibrated in a non-secure site and then used in a
secure site with the need for recalibration.
The MDO3000 Series oscilloscopes have two USB host ports: one on the front
panel and one on the rear panel. Any USB flash devices can be removed and
stored or destroyed.
The TekSecure function does the following:
■
Replaces all waveforms in all reference memories with null sample values
■
Replaces the current front-panel setup and all stored setups with the default
setup values
■
Calculates the checksums of all reference waveform memory and setup
memory locations to verify successful completion of waveform and setup
erasure
■
Displays a dialog indicating whether the secure erase was successful or
unsuccessful
NOTE. TekSecure does not erase or change factory calibration constants or
Ethernet settings.
MDO3000 Series Declassification and Security Instructions 13
Built-in security features
Use TekSecure to erase memory contents
To use TekSecure, do the following:
1. Push the front-panel Utility button.
2. Push the Utility Page lower-bezel button and use the Multipurpose a knobto select Security.
3. Push the TekSecure Erase Memory lower-bezel button.
4. Push the OK Erase Setup and Ref Memory side-bezel button. Wait for the
“TekSecure operation complete” dialog box to display.
5. Push the Menu Off front-panel button to close the dialog box.
6. Power off the oscilloscope, and then power it back on to complete the
process.
To reset the instrument RAM, do the following:
1. Power off the instrument for at least 20 seconds.
2. Power on the instrument.
14 MDO3000 Series Declassification and Security Instructions
Clear or sanitize a non-functional instrument
Use the following procedures to clear or sanitize a non-functional instrument.
Acquisition board
Only qualified personnel should perform service procedures. Read the General
Safety Summary and the Service Safety Summary in the MDO3000 SeriesService Manual (Tektronix part number, 077-0981-xx) before performing any
service procedures.
Remove the Acquisition board and return the product to Tektronix. A new
Acquisition board will be installed and the instrument will be repaired and
adjusted as necessary.
For removal instructions, refer to the MDO3000 Series Service Manual available
on the Tektronix Web site at www.tektronix.com/manuals.
After removing the Acquisition board, refer to your company's internal policies
regarding handling or disposal of the board.
USB flash drive
Charges
Remove the USB flash drive and return the instrument to Tektronix for repair.
After removing the USB flash drive, refer to your company's internal policies
regarding handling or disposal of the flash drive.
Replacement of any missing hardware will be charged according to the rate at the
time of replacement.
MDO3000 Series Declassification and Security Instructions 15
Clear or sanitize a non-functional instrument
16 MDO3000 Series Declassification and Security Instructions
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.