What are the phases of the Information Security Program (ISP)?
What is the purpose of the Information Security Program (ISP)?
Introduces the proper and effective way to:
-classify, protect and share information
-apply declassification instructions
-use authorized destruction methods
Information Security Policies
32 CFR 2; Parts 2001 and 2003 CNSI, Final Rule
DoDM 5200.01 v1-3
Name the two parts of National Security
First Step of Classification
Determine if materials are controlled by the U.S. Government and if disclosure of the information could cause damage to national security
Classification Levels and Definitions
Levels - Top Secret, Secret and Confidential
Unauthorized disclosure may cause...
Top Secret - exceptionally grave damage
Secret - serious damage
Confidential - damage
What is required for access to classified information?
1. National security eligibility
3. SF-312 Classified Information Nondisclosure Agreement
*Eligibility + Need-to-know + SF-312 = Authorized Access
What is Eligibility?
Determinations made by adjudicative authorities that examine a sufficient period of an individual’s life and background
What is Need-to-know?
- Determination that an individual needs access to classified in order to perform lawful and authorized governmental functions
- Determination made by an authorized holder of classified information (custodian)
What is an SF-312?
- Advises cleared employees of their responsibility to protect classified and the possible consequences of failure to protect
- Must be executed as a condition of access to classified information
Define Original Classification
Making an initial classification decision for government information
Who can make an original classification determination?
A designated Original Classification Authority (OCA)
Who can authorize an OCA?
Officials designated by the President *Authorized in writing
How are OCA duties delegated?
- OCA is delegated to a position, not an individual person!
- The person occupying the position that is granted OCA holds OCA authority
Of the categories in E.O. 13526, how many is each OCA responsible for?
Only one of the categories
What are the steps in the Original Classification Process?
1. Ensure information is official government information
2. Determine if information is eligible for classification
3. Determine if info could cause damage to national security
4. Assign level of classification
5. Determine how long the classification should last
6. Document the level of classification
7. Communicate decision
How does the OCA communicate classification decisions?
The SCG and properly marked source documents
Define Derivative Classification
The creation of new materials based on existing classification guidance
Who is responsible for derivatively classifying information?
All cleared personnel within the DoD
What are the responsibilities of Derivative Classifiers?
1. Respect the OCA’s initial classification
2. Apply required markings
3. Use authorized sources of classification guidance
4. Use caution when paraphrasing/restating classified information, as these can change the classification
5. Take steps to resolve doubts or conflicts about the classification/level/duration
Classification Concept: Contained In
- Derivative classifiers incorporate classified, word for word from an authorized source
- No additional interpretation or analysis is needed to determine the classification of that information
Classification Concept: Compilation
If compiled information reveals an additional association or relationship, but it is individually...
-Classified at a lower level
-May be classified
-Classified at a higher level
Classification Concept: Revealed By
Classification is deduced from interpretation or analysis via paraphrased or restated information
What are the basic rules of Portion Marking?
- Complete before banner markings
- Indicate highest level of classification in every portion
- Place at beginning of the portion
- Utilize abbreviations
What are the basics of Banner Marking?
- Highest level of classification of the overall document
- Determined by highest level of any one portion
- Top and bottom of each page
- Classification level spelled out in all capital letters
What information is in the Derivative Classification Authority Block?
Downgrade To (if applicable)
*Block is placed on the face of each classified document near the bottom
What is the purpose of the SCG?
- Provide derivative classification instructions
- Facilitate proper and uniform derivative classification
Who issues the SCG?
What basic information is provided in the SCG?
- Classification level for each element
- Reason for classification
- Duration of classification
- Applicable downgrading instructions
- Special control notices
- OCA contact information (front cover)
What are the four Authorized Storage Methods?
1. Authorized individual’s head
2. Authorized individual’s hands
3. GSA approved security container
4. Authorized information technology