What are the names of the policies that provide guidance for the DOD Information Security Program?
- E.O 13526
- 32 CFR 2, parts 2001 and 2003, CNSI Final Rule
- DODM 5200.01 VOL 1-4
- DODI 5230.09
- DODI 5230.29
What is the responisbility of the Information Security Oversight Office, or ISOO?
To oversee and manage the information security program, under the guidance of the National Security Council
What is the responsibility of the National Security Council (NSC)?
- To provide the overall policy direction for the informatin security program.
- It assists the President in develping and issuing National Security Policies, and it guides and directs the implementation and application of the Executive Order.
- The NSC exervises its guidance primarily through the ISOO
What is the USD(I) and their responsibility?
The Under Secretary of Defense for Intelligence has the primary responsibility for providing guidance, oversight, and approval authority of policies and procedures that govoern the DoD ISP (by issuing the DoD Instruction 5200.01)
The three levels of classified information are designated by what exectuive order?
What are the 5 requirements for dreivatie classification?
1. Observe and respect the OCAs original class determination
2. Apply the required markings
3. Only use authorized sources
4. Use caution when paraphrasing
5. Always take the appropriate steps to resolve any doubts you have
What are the 4 tpes of Declassification systems?
What is a scheduled declassification?
Instructions consist of either a date or event for declassification.
What is automatic declassification?
Classified records that have been determined to have permanent historical value, will be automaticall declassified on December 31st of the year that is 25 years from data of its original classification.
There are 9 categories of Information that may be classified beyond 25 years. You can easily identify this information by the yse of 25X instruction for declassificaiton. The exemptions are annotated as 25X with the category nymber following the X, for example, 25X9.
What is Mandatory Declassification Review, or MDR?
It is another method of declassifiying information based on requesting a review of information to see if classification is still necessary.
What is Systematic Declassification?
A program to review classified records after a certain age.
What are the options an OCA has when determining declassification?
- Specific Date
- Specific Event
- 50X1-HUM Exception
What type of information does not provide declassification instructions?
- Restricted Data
- Formerly Restriced Data
What are the purposes of the SF 701 and SF 702?
The SF 701, or the Activity Security Checklist, is used to record your End of Day Checks.
The SF 702, or the Security Container Check Sheet, is used to record the opening and closing of your security container.
What does the term Information System refer to?
Refers to a set of Information Resources organized for the collection, storage, processing, maintenance, use, sharing, dissemination, dispoistion, display, or transmission of information.
What is COMSEC?
Communication Security, COMSEC, is defined as the protection resultinf from all measured designed to deny unauthorized persons, information of value that might be derived from the possession and study of telecommunications, and to ensure the authenticity of such communications.
COMSEC includes crypto security, emission security, transmission security, and physical security of COMSEC material and information.
How is classified information prepared for transmission?
Classified material needs to be prepared for shipment, packaged, and sealed in ways that minimize risk of accidental exposure and facilitates detection of tampering.
Requirments to hand carry classified information
1. Should be done as a last resort
2. Written authorization is required
3. Courier must be briefed.
What must be included in the Courier Brief?
- Couriers liability for the materials.
- Material cannon be left unattended
- Should not be opened en route (unless customs)
- No public discussion
- Follow an authorized travel route and schedule
- In case of ER, protect classified materials
- All travel documents must be valid and current.
When can SECRET information be sent via USPS?
Only when it is the most effective means considering security, time, cost, and accountability.
List 3 approved methods for destroying classified material
- Chemical Decomposition
- Mutilation to preclude recognition
Which agency creates the desctruction standard that DoD users?
What is NATO?
The North Atlantic Treaty Organization is an alliance of 28 countries from North America and Europe, committed to fulfilling the goals of the North Atlantic Treaty signed on April 4, 1949.
The United States is a member of NATO, and as such, has access to NATO Classified documents.
NATO classified information, or documents prepared by for NATO and NATO member nation documents that have been released into the NATO security system, and that bear a NATO classification marking, needs to be safeguarded and marked in compliance with the United States Security Authority for NATO or USSAN.
List 3 FOIA exemption categories
1. National Defense
2. DoD personnel practices
4. Trade Secrets
6. Personal and Private
7. Law Enforcement
8. Regulation of financial institutions
9. Well location
What is FOIA?
The Freedom of Information Act recognizes the need to withhold certain types of information from public release and, therefor, establises guidance and framwework for evaluating information for release to the public.
The FOIA provides that, for information to be exempt from mandatory release, it must first fit into one of nine qualifying categories and there must be a legitimate Government purpose served by withholding it.
What is STIP?
STIP stands for the DoD Scientific and Technical Information Program.
STIP is not a control marking.
STIP was established to improve and enhance the acqusition of data sources to prevent redundant research to dissemniate technical information efficiently to prevent the loss of technical information to U.S. adversaries and competitors and last, but no less important, STIP was established to aid the transfer of technical information to qualified researchers in U.S. Industry and government agencies.
List 5 common briefings
2. Indoctrination (access to special types of class data, such as SCI/G/H, etc.)
3. Annual Refresher
7. Non-Disclosure Briefing (unathorized access)
8. Foreign Travel Briefing
9. Attestation (SAP briefing)
10. Antiterrorism/Force Protection (AT/FP)
What must an intitial breifing accomplish?
Define classified information and CUI
Explain the importance of protecting such information
Provide a basic understanding of security policies and principles.
Notify personel of their responsibilities within the security program
Inform them of the administrative, civil, and/or criminal sanctions that can be applied when appropriate
Provide individual enough information to ensure the proper protection of classified information and CUI in their possesion, including actions to be taken if such information is discovered unseured, a security vulnerability is noted, or a person has been seeking unathorized acccess to such information
Inform personnel of the need for re view of ALL unclassified DoD information prior to its release to the public.
What must a debriefing accomplish?
Emphasizes an individuals continued responsiblity to protect classfied information to which they have had access.
Instructions for reporting any unathorized attempt to gain access to such information
Advised on the prohibition against retaining matrial once they depart the organization
Reminded of the potential civil and criminal penalties for the failure to fulfill their continuing security responsibilities.
In what circumstance is a foreign travel briefing required?
For individuals with SCI/SAP access
Attendance at meetings where foreign nationals are likely to be present.