Encryption Requirements

The P25 stakeholder community had frequently raised the issue of manufacturers continually providing non-P25 standard encryption algorithms that ultimately would cause interoperability issues with neighboring agencies who were using P25 standard AES 256 encryption. The key concern was the potential impact non-standard encryption has on interoperability. To sum it up, when first responders from different jurisdictions use subscribers from different vendors but are not using the standards-based and P25 CAP approved AES 256 encryption, it is very possible successful and secure communications will not occur, thereby inhibiting interoperability. However, if a subscriber unit would provide the standards-based encryption (AES 256) at a minimum in addition to non-standards based encryption, users can then always use standards-based encryption during a mutual aid scenario or situations where users have different subscriber vendors/models and have a need to operate in an encrypted mode. P25 CAP sought to reach the point where the end user, who is seeking encryption, could be assured that the subscriber unit includes user access to that AES 256 encryption algorithm.

DHS OIC, with permission from each manufacturer, is making the correspondence received available. The manufacturers’ correspondence explains, in each manufacturer’s own words, the process each manufacturer is using to bring its equipment into compliance with the Encryption Requirements CAB and the process each manufacturers’ customers would follow to ensure the equipment they are going to purchase or have already purchased would be or would be made P25 CAP Compliant.