Navy changes policy on contractors, encrypted communications

The U.S. Navy issued a new instruction Feb. 7 revising policy and expanding the procedures to allow authorizing release of communications security material to contractors.

Federal policy dictates that government cryptographic operations 'will ordinarily be conducted by the government.' This instruction modifies that guidance:

[W]hen there is a valid need and it is clearly in the best interest of the Navy and the government, cryptographic equipment keying material, related [communications security] information, and access to classified U.S. government traffic may be provided to U.S. contractors.

The instruction states that this exception may be applied when contractors are:
  • Installing, maintaining or operating transmission security-designated or cryptographic equipment;
  • Participating in designing, planning, producing, training, installing, maintaining, operating, integrating, modifying, testing, studying, or providing logistical support for communications security material or techniques; or
  • Electrically communicating classified national security information in a cryptographically secure manner, or unclassified national security-related information by communications security-protected means.

Contractors accorded this access must be U.S. citizens, they must hold a security clearance for the level of classification involved, and their access must be controlled on a 'strict need-to-know basis.'

Giving contractors access to cryptological equipment and information must be approved in advance by the commander of the Naval Network Warfare Command.

'Communications security material' refers to equipment, devices, documents, firmware and software that contain or describe cryptographic logic or other elements that perform communications security functions. Equipment designed to provide security to telecommunications by converting information into a form unintelligible to an unauthorized interceptor, and to reconstitute encrypted information, is included.

The full document, 'OPNAV Instruction 2221.SC,' was made available by the Federation of American Scientists.

Featured

  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.