The documents which relate specifically to TEMPEST and Electromagnetic Security (EMS) are based on NATO and EU TEMPEST and EMS standards.
IA Implementation Guide No 14 - TEMPEST & Electromagnetic Security
Gives practical guidance in support of our Good Practice Guide (GPG) No 14 and the Document and Information Publications policy for testers (specifically SDIP-27 and SDIP-29) produced by the NATO Military Committee Communication and Information Systems Security and Evaluation Agency (SECAN). IG14 interprets SDIP-27 for UK national use. The current copy is issue 3 of September 2018.
Good Practice Guide No 14 - Electromagnetic Security
Enables security professionals and IA practitioners to manage emissions security. It will assist anyone involved in managing risks and accrediting ICT systems as well as those involved in their design and installation. The current copy is issue 2.3 of September 2016.
GPG14 supports the HMG Security Policy Framework which states that Departments and Agencies must follow specific government procedures to manage the risk posed by eavesdropping and electromagnetic emanations.
GPG14 is supported by Implementation Guide (IG) 14.
IA Busy Reader’s Guide No 17 - TEMPEST & Electromagnetic Security
BRG17 aims to help readers achieve a more pragmatic approach to managing risks associated with electromagnetic vulnerabilities. It clarifies risk management considerations for electromagnetic vulnerabilities and how these support technical risk assessment and treatment processes outlined in the supplement to HMG IA Standard Nos 1 & 2 (Supplement), Technical Risk Assessment and Risk Treatment. You should be aware that while you may continue to use this guidance we no longer support it and has been replaced with new guidance.
We are also authorised to issue NATO TEMPEST documents on behalf of SECAN, and EU TEMPEST documents on behalf of the IAO. These include SDIP-27/2 (published March 2016) and SDIP-29/2 (published March 2015) as well as IASG-07-03 and IASG-07-01.
NATO and UK policy documents are available. Contact the NCSC Enquiries team and ask for the EM Security release application form.