R&S FPL1000 Spectrum Analyzer Instrument Security Procedures
1 Overview
Securing important information is crucial in many applications. Generally, highly secured environments do not allow any test equipment to leave the area unless it can be proven that no user information leaves with the test equipment, e.g. to be calibrated.
Regarding sanitization, the principal concern is ensuring that data is not unintentionally released [1].
This document provides a statement regarding the volatility of the memory types used and specifies the steps required to sanitize an instrument. The procedures in this document follow "NIST Special Publication 800-88: Guidelines for Media Sanitization" [1]. In addition, recommendations are provided to safeguard information on the R&S FPL1000.
References
See the following literature for further information.
2 Instrument Models Covered
The following references are cited in this document:
- [1] Kissel Richard L. [et al.] Guidelines for Media Sanitization = Special Publication (NIST SP) = NIST SP - 800-88 Rev 1. - Gaithersburg: [s.n.], December 17, 2014.
- [2] National Industrial Security Program Authorization Office Defense Security Service (DSS) Assessment and Authorization Process Manual (DAAPM). - May 6, 2019.
- [3] ACSC Australian Cyber Security Centre Australian Government Information Security Manual, January 2020.
Table 2-1: Spectrum Analyzer Models
| Spectrum Analyzer | Model Number |
| R&S FPL1003 | 1304.0004K03 |
| R&S FPL1007 | 1304.0004K07 |
| R&S FPL1014 | 1304.0004K14 |
| R&S FPL1026 | 1304.0004K26 |
3 Security Terms and Definitions
Terms defined in Guidelines for Media Sanitization, NIST Special Publication 800-88 [1]:
- Sanitization: "Media sanitization refers to a process that renders access to target data on the media infeasible for a given level of effort."
- Clear: "Clear applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple non-invasive data recovery techniques; typically applied through the standard Read and Write commands to the storage device, such as by rewriting with a new value or using a menu option to reset the device to the factory state (where rewriting is not supported)."
- Purge: "Purge applies physical or logical techniques that render Target Data recovery infeasible using state of the art laboratory techniques."
- Destroy: "Destroy renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data."
4 Statement of Volatility
Control of Media
Another option to secure sensitive information is to keep physical media within the classified area, see [1], paragraph 4.4.
Volatile Memory
"Memory components that do not retain data after removal of all electrical power sources, and when reinserted into a similarly configured system, are considered volatile memory components." [2]
The volatile memory in the instrument does not have battery backup. It loses its contents when power is removed from the instrument.
If the instrument is battery operated, e.g. handhelds, it retains data in the volatile memory as long as the battery is installed.
Typical examples are RAM, e.g. SDRAM.
Non-Volatile Memory
"Components that retain data when all power sources are discontinued are non-volatile memory components." [2]. In the context of this document, non-volatile memory components are non-user accessible internal memory types, e.g. EEPROM, Flash, etc.
Media
Media are types of non-volatile memory components. In the context of this document, media are user-accessible and retain data when you turn off power. Media types are Hard Disk Drives (HDD), Solid State Drives (SSD), Memory Cards, e.g. SD, microSD, CFast, etc., USB removable media, e.g. Pen Drives, Memory Sticks, Thumb Drives, etc. and similar technologies.
The R&S FPL1000 contains various memory components. See the subsequent sections for a detailed description regarding type, size, usage and location.
Notes on Memory Sizes
Due to the continuous development of memory components, the listed values of memory sizes may not represent the current, but the minimal configuration.
Table 4-1: Types of Volatile Memory
| Memory Type | Location | Size | Content / Function | User Modifiable |
| SDRAM | PC board | 4 GByte or 8 GByte | Temporary information storage for operating system and instrument firmware | Yes |
Table 4-2: Types of Non-Volatile Memory
| Memory Type | Location | Size | Content / Function | User Modifiable |
| EEPROM | PC board | 1 kByte |
| No |
| Front panel | 2 kByte | Hardware information | No | |
| Smart card (front panel) | ≤1 MByte |
| No | |
| Flash | PC board | 8 MByte | BIOS | No |
| Motherboard | 32 MByte |
| No | |
| Spectrum Analysis board | 512 kByte |
| No | |
| Reference board | 1 MByte |
| No | |
| Additional Interface board (R&S FPL1-B5) | 32 MByte |
| No | |
| GPIB board (R&S FPL1-B10) | 4 MByte | FPGA configuration | No |
Table 4-3: Types of Media Memory Modules
| Memory Type | Location | Size | Content / Function | User Modifiable |
| SSD | PC board | ≥ 32 GByte |
| Yes |
5 Instrument Sanitization Procedure
5.1 Volatile Memory
You can purge the volatile memory by following the procedure below. The sanitizing procedure complies to the definition of NIST [1], see "Terms defined in Guidelines for Media Sanitization" on page 3.
To turn off and remove power
- Turn off the R&S FPL1000.
- Disconnect the power plug.
- Remove the battery.
Leave the instrument powered off at least for ten minutes to make sure that all volatile memory modules lose their contents, see [3].
5.2 Non-Volatile Memory
The non-volatile memories do not contain user data. Therefore no sanitization procedure is required.
5.3 Media
To remove the classified solid-state drive at the rear of the instrument
Risk of losing data and becoming unusable
The media memory holds the operating system. Removing the SSD makes the instrument unusable. We recommend that you keep a second non-classified SSD for use outside the secured area (option R&S FPL1-B19). Do not remove the SSD during operation. You can damage the instrument and lose data.
- Turn off the R&S FPL1000 and disconnect the power plug.
- Locate the SSD.
The rear panel of the R&S FPL1000 features various connectors. These include the AC power input, multiple USB ports, a LAN port, a DVI port, Trigger In, Ref. Out, and Rel. In.
- Unscrew the two knurled screws.
- Remove the solid-state drive from the R&S FPL1000.
- Keep the solid-state drive under organizational control.
6 Operability Outside the Secured Area
As the solid-state drive holds the operating system, the R&S FPL1000 cannot be operated without the solid-state drive.
For servicing and calibration, Rohde & Schwarz provides a separate solid-state drive (option R&S FPL1-B19). This solid-state drive contains the operating system and required instrument data.
To use the instrument outside the secured area:
- Insert the second solid-state drive. This solid-state drive enables the R&S FPL1000 to start the operating system.
- Turn on the R&S FPL1000.
- Perform a self-alignment as described in Chapter 7, "Validity of instrument calibration after sanitization", on page 9.
The instrument is ready for use.
7 Validity of Instrument Calibration After Sanitization
The EEPROM is the only memory type used to hold permanent adjustment values required to maintain the validity of the R&S FPL1000's calibration. Therefore, the sanitizing procedure does not affect the validity of the instrument's calibration.
After exchanging the removable SSD, perform a self-alignment once:
[i] Make sure that the instrument has sufficient warm-up time before you perform the self-alignment.
- Select the [SETUP] key.
- Select the "Alignment" softkey.
- Select "Start Self Alignment"
This function uses the high-stability internal reference generator to produce the temporary adjustment values. Using the permanent and temporary values, the necessary adjustment information is then stored on the removable SSD.
8 Special Security Features
This section leads you to the information on how to use the security features to protect the R&S FPL1000 from unauthorized access of classified information saved or displayed in the instrument.
The user manual is provided for download on the product page at www.rohde-schwarz.com/manual/FPL1000.
8.1 Considerations for USB Interfaces
USB ports can pose a security risk in high-security locations. Generally, this risk comes from small USB pen drives, also known as memory sticks or key drives. They can be easily concealed and can quickly read/write several Gbyte of data.
You can disable the write capability on the USB ports of the R&S FPL1000 via a utility software. This utility software is available on the R&S FPL1000 website https://www.rohde-schwarz.com/manual/r-s-fpl1000-instrument-security-procedures-manuals-gb1_78701-478976.html.
To disable the write capability, copy the utility software to the R&S FPL1000 and run it once. After a reboot of the instrument, the write capability to any USB memory device is disabled.
Glossary
- CFast
- Compact Fast - compact flash mass memory device.
- DRAM
- Dynamic Random Access Memory.
- HDD
- Hard disk drive.
- microSD
- Micro Solid-state Drive - memory card.
- SD
- Solid-state drive - memory card.
- SSD
- ATA Solid-state drives (including PATA, SATA, eSATA, mSATA,...).
Copyright and Contact Information
© 2022 Rohde & Schwarz GmbH & Co. KG
Mühldorfstr. 15, 81671 München, Germany
Phone: +49 89 4129-0
Email: info@rohde-schwarz.com
Internet: www.rohde-schwarz.com
Subject to change - data without tolerance limits is not binding.
R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG.
Trade names are trademarks of the owners.
mailto:info@rohde-schwarz.com
Industry-leading technology company | Rohde & Schwarz
