How can a CRI be sent to a NSS Subscriber when re-registering or re-issuing a NSS token?

The correct method for sending a Certificate Revocation Information (CRI) to a National Security System (NSS) Subscriber during the re-registration or re-issuance of an NSS token is through a signed and encrypted S/MIME message on SIPRNet.

Using S/MIME (Secure/Multipurpose Internet Mail Extensions) ensures that the information is both secure and authentic. S/MIME enables the use of digital signatures to confirm the identity of the sender and encryption to protect the contents of the message from unauthorized access. This is particularly crucial in military and government contexts where information security is paramount. The SIPRNet (Secret Internet Protocol Router Network) is specifically designed for classified information transmission, reinforcing the need for confidentiality and integrity in communications related to national security.

Other methods, like regular email, lack the security parameters required for sensitive information, making them unsuitable. Faxing can introduce various risks, including interception and lack of verification protocols. A phone call does not provide an adequate paper trail or the necessary security assurances for handling sensitive data. Thus, the choice of sending CRI through a signed and encrypted S/MIME message on SIPRNet aligns with the stringent security protocols required by PKI procedures in the military.