Pursuant to a congressional request, GAO reviewed the Department of Defense's (DOD) and military services' adherence to national TEMPEST policy. TEMPEST refers to technical investigations and studies of compromising emanations from electronic data processing equipment. National security policy requires federal agencies to protect classified information from such emanations.
Recommendations for Executive Action
|Department of Defense||To minimize delay in implementing national security policy, the Secretary of Defense should promptly implement a new security policy, on an interim basis if necessary, and ensure that the services promulgate implementing instructions to the field in a timely manner.|
|Department of Defense||To minimize unnecessary TEMPEST-related expenditures, the Secretary of Defense should require all DOD components to conduct TEMPEST evaluations before implementing TEMPEST countermeasures. Such evaluations are also needed to ensure proper protection of classified information.|
|Department of Defense||To reduce varying requirements placed on industry and duplicative efforts on the part of the services, the Secretary of Defense should consider assigning to the Defense Investigative Service (DIS), or some other DOD component, the responsibility for ensuring that TEMPEST countermeasures are effectively implemented within industry. Implementation of this recommendation may require additional training for the designated component's staff.|