Introduction: Why Two Frameworks?
Organizations handling classified national-security information face threats from two distinct physical phenomena: unauthorized physical access to transmission lines, and unintentional electromagnetic emanation from equipment. The US government addresses these through separate, complementary frameworks—the Protected Distribution System (PDS) for the former, and TEMPEST for the latter. Although often mentioned in the same breath, conflating them leads to compliance gaps and misconfigured infrastructure. This guide clarifies each framework's scope, governing standards, and practical implementation considerations relevant to network-infrastructure and data-center deployments.
Protected Distribution Systems (PDS)
Definition and Purpose
A Protected Distribution System is a wireline or fiber-optic telecommunications system equipped with physical and electromagnetic safeguards that, when properly implemented, permit the transmission of unencrypted classified national-security information. The defining characteristic is that PDS controls substitute for—or supplement—cryptographic protection by making unauthorized physical access to the transmission medium extremely difficult to achieve without detection.
Governing Standard: CNSSI No. 7003
The current governing authority is CNSSI No. 7003 (2015), published by the Committee on National Security Systems (CNSS). This document superseded the earlier NSTISSI No. 7003 (1996), which is now only of historical relevance. Security professionals and procurement officers must reference CNSSI No. 7003 as the operative standard; citing the 1996 predecessor in a current compliance context is incorrect.
PDS Categories
CNSSI No. 7003 defines two primary categories of PDS, each suited to different threat environments and installation contexts:
- Hardened Distribution System: Employs rigid conduit, continuous welded steel carrier pipe, or equivalent hardened enclosures that physically resist penetration. Appropriate where a high-threat environment demands maximum deterrence.
- Simple/Alarmed Carrier PDS: Uses a carrier conduit or enclosure instrumented with detection technology that raises an alert upon any attempt to access, cut, or tamper with the inner transmission medium. This category balances cost and security for facilities where continuous electronic monitoring is operationally feasible.
Compliance Obligations Under CNSSI No. 7003
CNSSI No. 7003 requires Periodic Visual Inspections (PVI) and regular testing of the protective mechanisms. Manual PVI processes are labor-intensive and introduce human error; automation is increasingly preferred in high-classification facilities. Heather Technologies partners with CyberSecure IPS, whose Alarmed Carrier PDS solution embeds specialized optical fibers within the conduit infrastructure. These fibers sense acoustic vibration signatures consistent with intrusion attempts and feed data to a centralized monitoring platform that automates PVI documentation and compliance testing aligned with CNSSI No. 7003 requirements. This approach reduces staffing burden while providing a continuous, auditable detection record rather than point-in-time snapshots.
TEMPEST: Emanations Security
Definition and Scope
TEMPEST is the US government code name (and now a widely adopted industry term) for the study and control of unintentional intelligence-bearing electromagnetic, acoustic, and electrical emanations produced by information-processing equipment. Where PDS secures the cable, TEMPEST addresses what leaks through the air or through unintended conductive paths from the equipment itself—processors, displays, keyboards, power lines, and network hardware all produce measurable emanations that, under the right conditions, can be exploited to reconstruct processed data.
Why TEMPEST Is Separate from PDS
This distinction has concrete engineering consequences. A facility could deploy a fully compliant CNSSI No. 7003 PDS protecting its fiber runs and still be vulnerable to TEMPEST exploitation of nearby processing equipment—and vice versa. The two frameworks address non-overlapping attack surfaces:
- PDS threat model: An adversary physically accesses or taps the transmission medium.
- TEMPEST threat model: An adversary intercepts radiated or conducted signals emanating from equipment without any physical contact with the system.
A comprehensive classified-facility design requires both layers to be assessed and implemented independently, then reviewed together to ensure no residual gap exists at their boundary conditions—for example, where a PDS-protected cable terminates at a non-TEMPEST-qualified device.
TEMPEST in Infrastructure Planning
For data-center and network-infrastructure deployments, TEMPEST considerations influence equipment selection (zoning and shielding ratings), physical layout (separation distances between classified and unclassified processing zones), and power distribution design. Power lines are a well-documented conducted-emanation path; power distribution architecture choices therefore carry TEMPEST implications in addition to electrical and operational considerations.
Intersection with Modern Power Distribution
Emerging power technologies such as Fault-Managed Power (FMP)—governed by NEC Article 726 (Class 4 Fault-Managed Power Systems, introduced in the 2023 NEC)—are reshaping data-center and edge infrastructure. Class 4 systems transmit energy in monitored packets; a detected fault such as a short circuit, cable break, or human contact causes the source to shut off within milliseconds, making the circuit touch-safe. Equipment must be listed to UL 1400-1, with Class 4 cables listed to UL 1400-2. Because NEC Article 726 relaxes many of the conduit and wiring-method requirements found in NEC Chapter 3, FMP installations present a different physical-protection profile than conventional conduit-based power runs.
In classified environments, this creates a design consideration at the intersection of PDS and TEMPEST planning: the reduced conduit density of an FMP installation may affect both the physical-access deterrence assumptions embedded in a PDS design and the conducted-emanation shielding assumptions relevant to TEMPEST. Facility security officers and infrastructure architects should evaluate FMP deployments against both frameworks before accepting the installation as compliant. Heather Technologies works with DCPacket (Titan Platform) and VoltServer to deliver FMP solutions and can support pre-deployment security consultations for sensitive facilities.
Practical Summary for Infrastructure Teams
| Attribute | PDS | TEMPEST |
|---|---|---|
| Threat addressed | Physical access / tapping of transmission medium | Electromagnetic / conducted emanation interception |
| Governing standard | CNSSI No. 7003 (2015) | Government-classified technical standards (NSA/CSS) |
| Primary control | Hardened or alarmed carrier conduit / enclosure | Shielding, zoning, separation, equipment qualification |
| Encrypted traffic required? | No—PDS permits unencrypted classified traffic | Encryption does not eliminate emanation risk |
| Inspection requirement | Periodic Visual Inspection per CNSSI No. 7003 | Periodic testing per applicable TEMPEST program |
Conclusion
PDS and TEMPEST are not interchangeable—they are complementary disciplines that together form a complete physical-layer security posture for classified environments. CNSSI No. 7003 defines the current PDS compliance framework; TEMPEST governs emanation control through a separate body of government technical standards. Infrastructure teams deploying or upgrading classified facilities must treat both frameworks as mandatory, independent design inputs. Heather Technologies offers purpose-built solutions across both domains, including CyberSecure IPS alarmed-carrier PDS monitoring and FMP power infrastructure, supported by expert guidance for compliance-sensitive deployments.