EncryptionEncryption requirements to change P25 CAP approved equipment list

Published 28 March 2017

On Monday announced a change in the Project 25 Compliance Assessment Program (P25 CAP) listing of grant-eligible radio equipment for first responders. In order to be fully compliant with all P25 CAP requirements, radio equipment that requires encryption must use Advanced Encryption Standard (AES) 256. Equipment that uses proprietary or other non-standard encryption capabilities without also providing the standard encryption (AES 256) capability does not meet the requirement specified in the Project 25 Compliance Assessment Program Encryption Requirements Compliance Assessment Bulletin (CAB).

The U.S. Department of Homeland Security on Monday announced a change in the Project 25 Compliance Assessment Program (P25 CAP) listing of grant-eligible radio equipment for first responders. In order to be fully compliant with all P25 CAP requirements, radio equipment that requires encryption must use Advanced Encryption Standard (AES) 256. Equipment that uses proprietary or other non-standard encryption capabilities without also providing the standard encryption (AES 256) capability does not meet the requirement specified in the Project 25 Compliance Assessment Program Encryption Requirements Compliance Assessment Bulletin (CAB).

Interoperability is a critical issue for first responders, said DHS Acting Under Secretary for Science and Technology Dr. Robert Griffin. “The problem posed by using variant, non-standard encryption capabilities exacerbates the interoperability challenge.”

S&T notes that the P25 stakeholder community had frequently raised the issue of manufacturers providing non-P25 standard encryption algorithms that ultimately would cause interoperability issues with neighboring agencies who were using other encryption. When first responders from different jurisdictions are using equipment from different manufacturers that had different encryption capabilities, successful and secure communications between them could be severely impacted. If standards-based encryption (AES 256) capabilities were included, even in addition to proprietary encryption, users had the option to use the AES 256 during a mutual aid scenario or situations where users have different devices and need to operate in an encrypted mode.

“Previously, encryption standards were not part of the initial P25 compliance requirements,” said P25 CAP Program Manager Sridhar Kowdley. “However, the proliferation of proprietary and non-standard encryption capabilities has made it necessary to ensure that a standard form of encryption is available for responders. The end users need to have clarity on what they are buying when investing in radio equipment. Not everyone needs encryption capabilities, but for those that do, they need to be able to communicate with others in an encrypted mode using the same standards-based encryption.”

The P25 CAP Advisory Panel has been reviewing this issue for many months and identified AES 256 encryption as the approved published encryption standard with the broadest support across all levels of law enforcement.

S&T says that as a result, visitors to the Approved (Grant-Eligible) Equipment List on the P25 CAP web page will now notice the following two additional categories and descriptions:

1. Fully Compliant with all P25 CAP requirements
This list indicates equipment that is fully compliant with all P25 CAP requirements. This equipment can be supplied without any installed encryption algorithms or with optional Advanced Encryption Standard (AES) 256 encryption capability. This may be in addition to a non-standard encryption capability, but AES 256 encryption must be included if any is installed at all.

2. Non-compliant with 2016 P25 CAP Encryption CAB requirements
This list includes equipment has been tested to the P25 CAP requirements but are not compliant with the P25 CAP Encryption CAB.

“You may have been fully compliant against the 2010 CABs and saw your equipment on the Approved Equipment List,” Kowdley tells the radio equipment manufacturing community. “With the introduction of the Encryption Requirements CAB, you must now be compliant with the 2010 CABs and the Encryption Requirements CAB to have ‘fully compliant’ status on the Approved Equipment List. Additionally, we encourage all users who procure P25 equipment to go to our website and take note of the changes to the Approved lists.