security awareness training

171
Security Awareness Training A threat awareness briefing. A defensive security briefing. An overview of the security classification system. Employee reporting obligations and requirements. Security procedures and duties applicable to the employee's job.

Upload: kasi

Post on 12-Jan-2016

139 views

Category:

Documents


0 download

DESCRIPTION

Security Awareness Training. A threat awareness briefing. A defensive security briefing. An overview of the security classification system. Employee reporting obligations and requirements. Security procedures and duties applicable to the employee's job. Report to DISCO. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Security Awareness Training

Security Awareness Training• A threat awareness briefing.• A defensive security briefing.• An overview of the security

classification system.• Employee reporting obligations and

requirements.• Security procedures and duties

applicable to the employee's job.

Page 2: Security Awareness Training

Report to DISCO• Employees who do not want to perform on

classified work

• Refusal to sign SF 312

Page 3: Security Awareness Training

General Requirements• Standard practice procedures

– How FSO will direct and implement security procedures

• Upon FSO or CSA determination

Page 4: Security Awareness Training

1-207 Hotlines• Hotlines are available. However,

recommend that company officers have chance to handle situation

• Not to take place of investigations

• May be used to tip off

Defense HotlineThe PentagonWashington, DC 20301-1900(800) 424-9098

Page 5: Security Awareness Training

1-3 Reporting• Events that impact:

– FCL– PCL– Protection of classified information– Loss or compromise

• Contractors cleared employees on reporting channels with:– Federal agencies– FBI– CSA

Page 6: Security Awareness Training

1-3 Reporting (To FBI)• Reports to FBI

– Espionage– Sabotage– Terrorism– Subversive activities– Submit copy of written report to CSA

Page 7: Security Awareness Training

How to Report• Report to the FBI

• Follow up with written report

• Send copy to IS Rep with FBI approval

Page 8: Security Awareness Training

1-3 Reporting (To CSA)• Reports to CSA

– Adverse information– Suspicious contacts– Change in cleared employee status– Naturalization– Not desiring to work on classified contract

Be careful! Don’t spread rumors

Page 9: Security Awareness Training

Reports to CSA• Personnel Clearance Issues

• Facility Clearance Issues

• How do you report?– IS Rep – DISCO

Page 10: Security Awareness Training

DISCO

• Adverse Information• Changes in Cleared Employee Status• Citizenship by Naturalization• Employees Desiring Not to Perform on

Classified Work• Standard Form (SF) 312

Page 11: Security Awareness Training

Adverse Information Foreign influence Foreign preference Sexual behavior Personal conduct Financial considerations Alcohol consumption Drug involvement Emotional, mental, and personality disorders Criminal conduct Security violations Outside activities Misuse of information technology systems

Page 12: Security Awareness Training

1-3 Reporting (To CSA)• Reports to CSA

– Adverse information– Suspicious contacts– Change in cleared employee status– Naturalization– Not desiring to work on classified contract

Page 13: Security Awareness Training

1-3 Reporting (To CSA)• Reports to CSA

– Adverse information– Suspicious contacts– Change in cleared employee status– Naturalization– Not desiring to work on classified contract

Page 14: Security Awareness Training

1-3 Reporting (to CSA)• Reports to CSA

– Refusal to sign SF 312– Changes affecting FCL– Changes in storage capability– Inability to protect classified– Security equipment vulnerabilities– Unauthorized receipt of classified– Compromise information– Disposition of classified information– Foreign classified contracts

Page 15: Security Awareness Training

1-3 Reporting (to CSA)• Reports to CSA

– SF 312– Changes affecting FCL– Changes in storage capability– Inability to protect classified– Security equipment vulnerabilities– Unauthorized receipt of classified– Compromise information– Disposition of classified information– Foreign classified contracts

Page 16: Security Awareness Training

1-3 Reporting (to CSA)• Reports to CSA

– Refusal to sign SF 312– Changes affecting FCL– Changes in storage capability– Inability to protect classified– Security equipment vulnerabilities– Unauthorized receipt of classified– Compromise information– Disposition of classified information– Foreign classified contracts

Page 17: Security Awareness Training

1-303 Loss, Compromise or Suspected Compromise

• Report to CSA

• Considered lost if cannot be found– Conduct investigation– Report to CSA or command channels

Page 18: Security Awareness Training

1-303 Loss, Compromise or Suspected Compromise

Page 19: Security Awareness Training

1-303 Loss, Compromise or Suspected Compromise

Discover circumstances surrounding the reported loss, compromise or suspected compromise.

Page 20: Security Awareness Training

1-303 Loss, Compromise or Suspected Compromise

Loss, compromise or suspected compromise?Submit initial report

Page 21: Security Awareness Training

1-303 Loss, Compromise or Suspected Compromise

Investigation Done?Submit final•New information•Name and SSN of person responsible•Record of prior incidents•Corrective action•Reasons for conclusions

Page 22: Security Awareness Training

www.ispcert.com

Threat Awareness Briefing

Page 23: Security Awareness Training

www.ispcert.com

Why Our Information

Employee Responsibilities

Threat Awareness and Defensive Information

Methods of Contact

Countermeasures

Test

CONTENTS

Page 24: Security Awareness Training

www.ispcert.com

Why go through process of Research and Development

Let someone else pay for R&D

Possible military application

WHY OUR TECHNOLOGY?

Page 25: Security Awareness Training

www.ispcert.com

Research and development is an expensive endeavor. It is much cheaper to acquire technology through reverse engineering, requests for information or theft

It is illegal to provide any export to some countries. It is easier for them to think of creative methods of obtaining what they need.

Some products seem to have commercial application, but they may appeal to a dual use possibilities

WHY OUR TECHNOLOGY?

Page 26: Security Awareness Training

www.ispcert.com

Protect Proprietary, For Official Use Only and Sensitive Information

This information includes:Vendor pricespersonnel ratings medical recordscorporate financial investments and resourcestrade secret informationcorporate/government relationscorporate security vulnerabilitiesfinancial forecasts and budget information

EMPLOYEE RESPONSIBILITY

Page 27: Security Awareness Training

www.ispcert.com

Lock up in a drawer or cabinetRestrict emailing or faxingDevelop a destruction policyEveryone has a right to privacy, respect that rightProtect your business to the fullest

PROTECT PROPRIETARY, FOR OFFICIAL USE ONLY AND SENSITIVE INFORMATION

Page 28: Security Awareness Training

www.ispcert.com

Company Computer Security Safeguards Use computers for authorized business Establish and protect passwords Visit only authorized websites Use caution when downloading attachments Save all work Use classified systems for classified processing

EMPLOYEE RESPONSIBILITY

Page 29: Security Awareness Training

www.ispcert.com

Password should be at least six characters long. More stringent measures apply to classified processing systems Don’t share passwords or write them down

Use the internet for official company use

Download attachments if email comes from a reliable source

Save work regularly in case of loss

Follow procedures as established by the Information System Security Manager

COMPUTER SECURITY SAFEGUARDS

Page 30: Security Awareness Training

www.ispcert.com

The following may indicate that you could be targeted: Your access to active intelligence interest Overseas locations where foreign intelligence operates Located in the U.S. where foreign nationals can gain access to you Ethnic, racial, or religious background that may attract the attention

of a foreign intelligence operative

EMPLOYEE RESPONSIBILITY

Page 31: Security Awareness Training

www.ispcert.com

You have no control over whether or not you are targeted Your present situation may make you appear vulnerable, but it

doesn’t mean you will be targeted Also, you may be targeted even if your circumstances aren’t as

above-It’s out of your control You can control your actions and how you react to assessment and

recruiting efforts.

Most foreign contacts are perfectly legitimate and well meaning Be aware of situations out of the norm of regular business Notify your FSO of suspicious contacts

EMPLOYEE RESPONSIBILITY

Page 32: Security Awareness Training

www.ispcert.com

Foreign Threat Economic – theft of technology and commerce Classified information-solicitation for unauthorized

disclosure Intelligence-collection efforts

Conduct Risk Analysis Who is targeting What do they want How do they get it

THREAT AWARENESS AND DEFENSE

Page 33: Security Awareness Training

www.ispcert.com

Collection effortsElicitationEavesdroppingSurveillanceTheft Interception

THREAT AWARENESS AND DEFENSE

Page 34: Security Awareness Training

www.ispcert.com

Elicitation-Subtle form of questioning where conversation is directed to collect information. Differs from interrogation and may be hard to recognize

Example of Elicitation: in a recent case, Ben-Ami Kadish, a government employee, turned over secrets to Israel. His handler, who also handled a spy name Pollard, smoothly convinced him to turn over documents to while appealing to Kadish’s sensibilities toward Israel’s security. Kadish only received small gifts and private dinners

Eavesdropping-Listening in to get information

Surveillance-Watching target while remaining discreet

COLLECTION EFFORTS DEFINED

Page 35: Security Awareness Training

www.ispcert.com

Suspicious Activities

Requests for information outside of need to know

Unauthorized reproduction of materials

Unauthorized removal/destruction of materials

Unexplained affluence

Regular, unexplained foreign travel

Maintains long hours in spite of job dissatisfaction

Employees are required to report efforts by any individual to obtain illegal or unauthorized access to classified or sensitive information— This include proprietary information

INSIDER THREAT

                    

              Robert Philip Hanssen

Page 36: Security Awareness Training

www.ispcert.com

Very few news reports made of anyone breaking into a DoD contractor facility to crack or blow safes. Our threat stems from employee actions and how they respond to suspicious contacts.

Espionage of any type is a very draining process to the perpetrator. They are conflicted between loyalty, incentive and consequences.

Suspicious employee activities can take any form. It’s important to realize that these are just indicators and not confirmation. Your reporting is necessary to conduct an investigation or execute caution.

THE REAL THREAT-INSIDERS

Page 37: Security Awareness Training

www.ispcert.com

Fax Snail Mail E-mail Telephone Personal Contact

May seem innocent enough, but…. Legitimate business requests will come through appropriate channels

Personal Contact: Asks about project specifics, whether or not classified or proprietary details

Email address originated in a foreign country

METHODS OF CONTACT

Page 38: Security Awareness Training

www.ispcert.com

Remain non-committal if approached Report all suspicious activities to FSO Practice smart information systems security Escort visitors Pay attention to surroundings Secure building at the end of the day

COUNTERMEASURES

Page 39: Security Awareness Training

www.ispcert.com

Don’t agree or disagree to a suspicious request. If you agree, you may find yourself under investigation. If you say “no”, the suspicious person may go to another target. Remain non-committal and report as many details as possible.

Have a strong visit control policy. Know where visitors are and how to identify them. Practice access control.

Secure work areas at the end of the day: Lock safes close and lock doors clear desk and lock proprietary information in a file or desk

drawer.

COUNTERING COLLECTION EFFORTS

Page 40: Security Awareness Training

www.ispcert.com

DEFENSIVE SECURITY BRIEFING

Page 41: Security Awareness Training

www.ispcert.com

Employee Responsibilities While Traveling

Threat Awareness and Defensive Information

Methods of Contact

Countermeasures

Test

CONTENTS

This briefing is designed to prepare you the “cleared employee” for overseas travel. You have responsibilities to protect our employees, product, customers and those we do business with while you are traveling

Page 42: Security Awareness Training

www.ispcert.com

Notify FSO of travel plans

Ensure proper travel documentation

Protect export controlled technology and classified information

Visit the State Department website for up to datetravel information www.state.gov

EMPLOYEE RESPONSIBILITIES

Page 43: Security Awareness Training

www.ispcert.com

Notification to FSO includes travel plans for Canada, Mexico and Caribbean Countries

The state department website informs you of necessary travel documentation. Familiarize yourself with the site and use it to become an informed international traveler www.state.gov

Exports Compliance: Technical data can be transferred by reading a note, viewing a computer screen, conducting seminars and etc. Make sure you are authorized with a license and or TAA before discussing technical data that falls under exports compliance.

EMPLOYEE RESPONSIBILITIES

Page 44: Security Awareness Training

www.ispcert.com

Maintain professional bearing

Remain in contact with host

Travel with others when possible

Display wealth as little as possible

Learn customs and courtesies of host country

EMPLOYEE RESPONSIBILITIES

Page 45: Security Awareness Training

www.ispcert.com

EMPLOYEE RESPONSIBILITIES

Conduct yourselves as professionals at all times. Pretend you are travelling with the CEO (or title of highest ranking officer) as you represent the company

Stick with your host-They will ensure your safety and refer you to reputable establishments

Travel in a group to make yourself as unattractive target of opportunity

Page 46: Security Awareness Training

www.ispcert.com

Protect Privileged Information (Classified, Proprietary, For Official Use Only and Sensitive Information) While Traveling

This information includes:Carryon baggageLaptop computersConversations

EMPLOYEE RESPONSIBILITY

Page 47: Security Awareness Training

www.ispcert.com

Company employees should bring a sanitized computer while on travel. You can almost guarantee that you will be separated from your laptop at some point during customs checks. A sanitized computer provides no threat of exports violations or theft of economic or corporate data.

Keep all information that could lead to export violations or the release of proprietary data close at hand.

Company employees cannot transport classified material across international borders.

EMPLOYEE RESPONSIBILITY

Page 48: Security Awareness Training

www.ispcert.com

Foreign ThreatEconomic Classified informationIntelligence

Conduct Risk AnalysisWho is targetingWhat do they wantHow do they get it

THREAT AWARENESS AND DEFENSE

Page 49: Security Awareness Training

www.ispcert.com

Economic Threat– theft of technology and commerce. Foreign entities may target classified or company sensitive information to gain a competitive edge. This costs millions of dollars in damage to U.S. business

Intelligence Threat-Collection efforts against the U.S. to increase for government power and competitive edge.

THREAT AWARENESS AND DEFENSE

Page 50: Security Awareness Training

www.ispcert.com

When conducting analysis of threat ask the following questions: What do we have?

What is our technology, defense or economic product

What do they want? The product the foreign entity or government have the most to gain

How can they get it? Where are we vulnerable

What efforts can we take to prevent unauthorized disclosure? Training

Recognizing the threat How to react to the threat

Reporting How and what to report

THREAT AWARENESS AND DEFENSE

Page 51: Security Awareness Training

www.ispcert.com

Could you be a target overseas? Who are you and what will you do?

Science conventionAir showsBusiness meetings

Conduct Risk Analysis

Page 52: Security Awareness Training

www.ispcert.com

Will you be speaking? Are you approved for a certain subject? Watch for the cancellation and topic change

For example, suppose you are approved to speak on the topic of a radar’s effects on bird migration. The foreign host may inform you that the conference has changed and they need you to present the subject of the weather’s effects on a specific radar.

What business will you be conducting? Is it approved? Make sure to stay on target

For example, suppose you have approval to present a business opportunity for a teaming effort on your company’s refractor lenses for a foreign government’s telescope. The foreign entity brings the discussion to focus light beam intensity. Same product, different capabilities.

Conduct Risk Analysis

Page 53: Security Awareness Training

www.ispcert.com

Some factors that could increase the possibility Your access Overseas locations Ethnic, racial, or religious background

COULD YOU BE A TARGET

Page 54: Security Awareness Training

www.ispcert.com

Just as in real estate, location is important. Your position, responsibilities and geographic location are circumstantial and may increase your chances of being targeted for recruitment.

Also, your background may cause you to be vulnerable. Foreign operatives may play on your sympathy if you have ties to foreign countries. It is important to always report foreign relations to the FSO

It is important to note that all the above factors that increase the chances of a person selected or initial targeting and assessment are circumstances you have little or no control over.

Most foreign contacts are perfectly legitimate and well meaning. Your ability to recognize the few who are not will help you avoid problems. It will also help your security officer help others avoid problems.

COULD YOU BE A TARGET

Page 55: Security Awareness Training

www.ispcert.com

You have no control over whether or not you are targeted

Most foreign contacts are perfectly legitimate and well meaning

COULD YOU BE A TARGET

Page 56: Security Awareness Training

www.ispcert.com

Your present situation may cause you to look vulnerable, but it doesn’t mean you will be targeted. Also, you may be targeted even if your circumstances aren’t as above. It’s all out of your control. However, you can control your actions and how you react to assessment and recruiting efforts.

Your ability to recognize the few who are not will help you avoid problems. It will also help your security officer help others avoid problems.

COULD YOU BE A TARGET

Page 57: Security Awareness Training

www.ispcert.com

Who Could Target You?Third party spiesStudentsConvention AttendeesThe next table overAnyone

Conduct Risk Analysis

Page 58: Security Awareness Training

www.ispcert.com

When traveling overseas, things may not be the way they seem. Friendly encounters, business meetings, symposiums and etc could provide a fertile market for collection efforts.

Remain vigilant, but remember to obey laws and practice local customs and courtesies if they don’t violate ethics.

Report all suspicious contacts to security

Conduct Risk Analysis

Page 59: Security Awareness Training

www.ispcert.com

Collection effortsElicitation EavesdroppingSurveillanceTheft Interception

THREAT AWARENESS AND DEFENSE

Page 60: Security Awareness Training

www.ispcert.com

Elicitation-Subtle form of questioning where conversation is directed to collect information- It is a different method than direct questioning and is hard to recognize

Example of Elicitation can be found in the recent case of Ben-Ami Kadish, who gave secrets to Israel. His handler, who also handled a spy name Pollard, smoothly convinced him to turn over documents to help maintain the security of Israel. Kadish received small gifts and private dinners. http://www.washingtonpost.com/wp-dyn/content/article/2008/04/22/AR2008042202590.html?wpisrc=newsletter

Eavesdropping-Listening in to get information

Surveillance-Watching target unobserved

THREAT AWARENESS AND DEFENSE

Page 61: Security Awareness Training

www.ispcert.com

Today’s business puts many employees in contact with foreign entities. Some of these contacts can lead to elicitation Elicitation is different than direct recruitment

Subtle, but enough to obtain privileged information Listen to your gut; if the conversation feels wrong…

Change the topic and move onA reluctant prospect may not be pressed into service

A WORD ABOUT ELICITATION

Page 62: Security Awareness Training

www.ispcert.com

Economical need for information is strong Spies look and act like normal people Any traveler can be assessed Privileged information is damaging Report suspicious situations

KEEP YOUR EYES OPEN

Page 63: Security Awareness Training

www.ispcert.com

Organized Government Services Could:Follow you Sneak into your quartersTap your communications Arrange audio and video coverage Use guides and interpreters

WHAT’S THE WORSE THAT COULD HAPPEN?

Page 64: Security Awareness Training

www.ispcert.com

Security or foreign intelligence services are activeThey can and do review Visa requestsYou may be assessed

At the very least, these services may “debriefed” some of your foreign contacts

If you are of interest, the next step is Recruitment

WHAT’S THE WORSE THAT COULD HAPPEN?

Page 65: Security Awareness Training

www.ispcert.com

Remain non-committal if approached Report all suspicious activities to FSO Practice smart information systems security Escort visitors

COUNTERMEASURES

More than 140 countries actively target US information-Largest collection effort since the cold war

Page 66: Security Awareness Training

www.ispcert.com

Report to Security for a debriefing Bring any notes Be open and honest

WELCOME HOME

Page 67: Security Awareness Training

www.ispcert.com

THE SECURITY CLASSIFICATION SYSTEM

Page 68: Security Awareness Training

www.ispcert.com

CONTENTS

• Why the Security Classification System• How is information classified• How is classified information marked• Government and contractor responsibilities• Test

Page 69: Security Awareness Training

www.ispcert.com

How do classified items receive their designations? Who is responsible for assigning classification levels? What recourse do security managers have after discovering a

classification error? Can anything be assigned a classification level by anyone?

These are questions that come to the minds of many who safeguard or work with classified material. Although there is guidance to demonstrate proper control, accountability, documentation, storage, dissemination and destruction of classified material, many practitioners do not understand the fundamentals. Executive Order 13526 provides the history, disposition and future status of classified information.

CONTENTS

Page 70: Security Awareness Training

WHY ASSIGN CLASSIFICATION SYSTMS

“It has been estimated by some intelligence experts that Mr. Walker provided enough code-data information to alter significantly the balance of power between Russia and the United States” John Oconner, New York Times

For over 18 years John A. Walker, Jr. had sold secrets during and after his career in the Navy. Though entrusted with a security clearance and a “need-to know”, he did not demonstrate the trustworthiness of which his thorough background investigation deemed him worthy. When the opportunity revealed itself, he took advantage of his position and responsibilities to smuggle classified information to his Russian connections. During the investigation into his arrest, authorities discovered a complex spy ring consisting of family members and other recruited operatives. Walker had earned the trust and cooperation of his family to commit one of the most notorious of all cases of espionage. As a result of his crimes, he received a two life terms plus 10 year, his son received 25 years and the damage to the U.S. national security was tremendous.

Page 71: Security Awareness Training

www.ispcert.com

NISP is designed Safeguard classified information that has been or may be released to… “current, prospective, or former contractors, licensees, or grantees of United States agencies”. It is also designed to provide for the protection of classified material as outlined in EO 12356 and the Atomic Energy Act of 1954, as amended.

NATIONAL INDUSTRIAL SECURITY PROGRAM

Page 72: Security Awareness Training

www.ispcert.com

The NISPOM is the primary regulatory reference for performing industrial security

The Department of Defense consults with Secretary of Energy, the Nuclear Regulatory Commission and the Director of Central Intelligence to issue and maintain the NISPOM

It is up to the contractor and each agency work together to meet the NISPOM’s intent

NISPOM

The NISPOM provides restrictions, rules, guidelines and procedures for preventing unauthorized disclosure of classified material; it is the primary regulatory reference for performing industrial security.

Page 73: Security Awareness Training

www.ispcert.com

The Secretary of Energy and the Nuclear Regulatory Commission have the lead in detailing requirements for protecting classified information identified in the Atomic Energy Act of 1954

The Director of Central Intelligence will provide a section for intelligence sources and methods, to include Sensitive Compartmented Information (SCI) However, in this coordination each agency maintains its authority

The NISPOM applies to authorized users of classified information and equips those working on classified contracts with critical instruction on how to implement the NISP in their organizations It is up to the contractor and the oversight agency to work together to

provide accurate interpretation of the guidelines to the specific classified contract requirements.

NISPOM

Page 74: Security Awareness Training

www.ispcert.com

All agencies apply three factors to the concept of Risk Management

1. Damage to national security

2. Existing or anticipated threat to disclosure of information.

3. Short and long term costs of the requirements, restrictions, and other safeguards

NATIONAL INDUSTRIAL SECURITY PROGRAM

(NISPOM)

The second and third factors aren’t spelled out in the NISPOM, but are recognized as legitimate concerns to prevent the NISP from becoming a burden to industry

Page 75: Security Awareness Training

www.ispcert.com

The Secretary of Defense and the other identified agencies apply the concept of Risk Management while implementing the NISPOM

Astute Industrial Security managers develop risk management analysis to better interpret the risk and discover the potential impact. They will also develop solutions to reduce the risk and the predicted damage. The bottom line is to reduce the probability of unauthorized disclosure of classified information

NATIONAL INDUSTRIAL SECURITY PROGRAM

(NISPOM)

Page 76: Security Awareness Training

www.ispcert.com

Provides Classified National Security Information and delivers a cohesive method for designation classification

The Government has designed stringent policy to ensure thatclassified material is protected at the level necessary to prevent unauthorized disclosure.

EXECUTIVE ORDER 13526

Page 77: Security Awareness Training

www.ispcert.com

CONFIDENTIAL information could reasonably be expected cause damage

SECRET could reasonably be expected to cause serious damage

TOP SECRET could reasonably be expected to cause exceptionally grave damage to national security

THREE DESINGNATIONS FOR CLASSIFIED

Caution: Classified information should not be confused with the proprietary information sometimes referred to as company confidential or secret.

Page 78: Security Awareness Training

www.ispcert.com

Classifications are not assigned unless: An original classification authority (OCR) is

applying the classification level

The U.S. Government owns, is producing, or is controlling the information

Information meets one of eight categories

The OCR determines unauthorized disclosure could cause damage to national security to include transnational terrorism and they can identify or describe the damage.

CONDITIONS FOR CLASSIFICATION

Page 79: Security Awareness Training

www.ispcert.com

According to a report from the Chairman of the House National Security Subcommittee, 10% of secrets should have never been classified and that nearly 90% of classified information has been over-classified

A Defense Security Services report stated in 2003 nearly $6.5 billion was spent to classify information

To prevent such abuse, the Executive Order provides guidance to train and prevent classification authorities from arbitrarily assigned a classification level

CONDITIONS FOR CLASSIFICATION

Page 80: Security Awareness Training

www.ispcert.com

1. Military plans, weapons systems or operations The U.S. armed forces not only safeguards, but provides instructions for

protecting the specifics of their weapons and plans. If these strategies and operations were released to the wrong hands, the information would damage national security and adversely affect our ability to defend ourselves.

2. Foreign government information This knowledge includes what the U.S. Government may already know about

other governments. This gives the U.S. the advantage of knowing information that another country thinks is protected.

WHAT ARE THE EIGHT CATEGORIES

Page 81: Security Awareness Training

www.ispcert.com

3. Intelligence activities, sources, or methods or cryptology One can imagine what damage could take place if any intelligence gathering

sources, methods or activities were compromised. The suspecting adversary could become aware of the threat and cease their activity or design countermeasures designed to thwart future efforts.

WHAT ARE THE EIGHT CATEGORIES

Page 82: Security Awareness Training

www.ispcert.com

4. Foreign relations or activities of the United States including confidential sources

This information is specified U.S. foreign policy activities and sources friendly to U.S. efforts and U.S. organizations. Such is protected to ensure the safety of the relations and success of the activities. Compromise of any of the sources could cause damage to National Security as they are denied further access.

5. Scientific, technological, or economic matters relating to national security, including defense against transnational terrorism

Unauthorized access to national security-related U.S. scientific, technological, and economic data could compromise plans, production, and strategies and leave certain vulnerabilities.

WHAT ARE THE EIGHT CATEGORIES

Page 83: Security Awareness Training

www.ispcert.com

6. U.S. programs for safeguarding nuclear materials or facilities For nuclear activities, the Department of Energy and the Nuclear Regulation

Commission provide specific guidance to ensure the best protection. Vulnerabilities and strengths are assessed to ensure the best possible measures are in place to protect these items. Plans, strategies and programs are only effective if enforced AND access is limited.

WHAT ARE THE EIGHT CATEGORIES

Page 84: Security Awareness Training

www.ispcert.com

7. Vulnerabilities of systems, installations, infrastructures, projects, plans or protection services related to national security including terrorism

Security managers assess strengths and to ensure the best possible measures are in place to protect these items. Plans, strategies and programs are only effective if enforced AND access is limited. An adversary could use the programs to gain advantages, steal, damage or destroy systems, installations, infrastructures, projects, plans or protection services.

8. Weapons of Mass Destruction Information fitting this category is classified to prevent

unauthorized disclosure. Such unauthorized disclosure could make the U.S. vulnerable to adversaries to include transnational terrorists.

WHAT ARE THE EIGHT CATEGORIES

Page 85: Security Awareness Training

www.ispcert.com

Classified material should always display proper markings at all times

The classified information will have markings displayed in a specific manner based on the type of media (compact disk, cassette, book, map and etc.)

Furthermore, the classification should identify which pages, paragraphs and portions are classified and unclassified.

CLASSIFICATION MARKINGS

Page 86: Security Awareness Training

www.ispcert.com

EXAMPLES OF DOCUMENT MARKINGS

Overall Page Markings

Portion Marking

Classification Information

Notice that the document has a top and bottom marking at the highest level of classification on the page and appropriate levels of classification for the information in the paragraph.

Page 87: Security Awareness Training

www.ispcert.com

Limits to classificationA classification cannot be assigned to hide legal

violations, inefficiencies or mistakes

Nor can the classification authorities assigned to prevent embarrassment, prevent or restrict competition or delay the release of information that hasn’t previously required such a level of protection

LET’S CLASSIFY IT ALL JUST TO BE SURE

Users of Classified material have an obligation to challenge classification that violate any of the above

Page 88: Security Awareness Training

www.ispcert.com

Holders of classified information may discover that the classification level may be inappropriate or unnecessary. These holders have a duty to report their beliefs.

Such reports are to be handled with the agency authorities and reviewed for a decision.

The agency heads or senior officials also need to ensure there is no retribution for the report as well as notifying the individuals that they have a right to appeal the agency decisions to the Interagency Security Classification Appeals Panel.

CAN’T WE JUST CLASSIFY IT ALL JUST TO BE SURE

Users of Classified material have an obligation to challenge classification that violate any of the above

Page 89: Security Awareness Training

www.ispcert.com

Anyone desiring access to classified information must possess a security clearance and have “need to know”

Security clearances are issued after a favorable investigation and a determination is made.

CLEARANCE AND “NEED TO KNOW”

Page 90: Security Awareness Training

www.ispcert.com

Classified users are trained in proper safeguarding and sanctions imposed on those who fail to protect it from unauthorized disclosure

Each originating agency must provide instructions on the proper protection, use, storage, transmission and destruction of the information

WE ARE PROVIDED INSTRUCIONS OF USE

Page 91: Security Awareness Training

www.ispcert.com

DON’T BEGIN CLASSIFIED WORK WITHOUT DDFORM254-Provides instructions on

how, when and where to perform on a classified contract

SECURITY CLASSIFICATION GUIDE-Designed to notify what is classified and to what level. A security classification guide is assigned to each classified project.

WE ARE PROVIDED INSTRUCIONS OF USE

Page 92: Security Awareness Training

The NISP is created to protect classified information

Three factors are considered before implementing the NISPOM:

level of damage to national security existing or anticipate threat to disclosure long and short term costs

Presidential Executive Order 13526 delivers a cohesive method for designation classification, protecting and declassifying national security information

Classified material should always be marked with the correct level

SUMMARY

Page 93: Security Awareness Training

www.ispcert.com

• O’Connor, John, “TV View; American Spies In Pursuit Of The American Dream”, New York Times, NY, 1990 http://query.nytimes.com/gst/fullpage.html?res=9C0CE6DA133BF937A35751C0A966958260, Feb 4, 2008

• The President, Executive Order 12829—National Industrial Security Program (Federal Register, Jan 1993) pg. 3-2.

• The President, Executive Order 13292, Further Amendment to Executive Order 13526, As Amended, Classified National Security Information—National Industrial Security Program (Federal Register, Mar 2003) Sec. 1-2

• “Too Many Secrets: Overclassification As A Barrier To Critical Information Sharing”, (Hearing Before The Subcommittee On National Security, Emerging Threats And International Relations Of The Committee On Government Reform House Of Representatives One Hundred Eighth Congress Second Session August 24, 2004) Serial No. 108-263, Available Via The World Wide Web: Http://www.Gpo.Gov/Congress/House and Http://www.House.Gov/Reform.“Secrecy Report Card, Quantitative Indicators in Secrecy of the Federal Government”, (http://www.openthegovernment.org/otg/SRC2006.pdf, August 2004) .

REFERENCES

Page 94: Security Awareness Training

www.ispcert.com

MARKING CLASSIFIED MATERIAL

Page 95: Security Awareness Training

www.ispcert.com

Marking requirements

Test

CONTENTS

Page 96: Security Awareness Training

www.ispcert.com

A classification marking is a physical designation designed to notify and warn the holder that the information they are in possession of is classified and to what level of classification

WHAT IS A CLASSIFICATION MARKING

Page 97: Security Awareness Training

www.ispcert.com

Classification markings are require to be annotated on all forms and media of classified material:

Computers Disks Papers Magnetic tape Books

WHERE DO MARKINGS APPEAR?

Page 98: Security Awareness Training

www.ispcert.com

CONFIDENTIAL information could reasonably be expected cause damage

SECRET could reasonably be expected to cause serious damage

TOP SECRET could reasonably be expected to cause exceptionally grave damage to national security.

THREE DESINGNATIONS FOR CLASSIFIED

Caution: Classified information designated CONFIDENTIONAL should not be confused with the proprietary information sometimes referred to as company confidential.

Page 99: Security Awareness Training

www.ispcert.com

Must put reason for classification

Who classified the material (office or person)

Annotate date or event marking the duration of classification

Classified material should always display proper markings at all times

IDENTIFICATION MARKINGS

Page 100: Security Awareness Training

www.ispcert.com

Overall Marking-This is the highest level of classified information found in the classified document. This is place prominently on the top and bottom of the outside, front cover, the title page, first page and the back of the document. If it is not possible to stamp, write, type or mark otherwise, then a label can be attached.

Page marking-Mark the highest level of classified information contained on each internal page. If the page is UNCLASSIFIED, it can be marked as such. For efficiency or if contract specifies, each internal page can be marked with the overall document classification.

Component Marking-Attachments to letters, annexes or appendixes to documents could be used as a separate document. In that case, the component is marked as a separate document.

TYPES OF MARKINGS

Page 101: Security Awareness Training

www.ispcert.com

Portion Markings-Each part, section paragraph or other portion of a document has to be marked to appropriately identify the classification level. These markings are put at the end of the portion, or if there are no numbers or letters separating the portion they should be put at the beginning. (U, C, S, TS)

Subject and title markings-If at all practical assign unclassified titles or subjects to a document. If titles or subjects are classified, use the appropriate classification symbol after it.(U, C, S, TS)

TYPES OF MARKINGS

Page 102: Security Awareness Training

www.ispcert.com

Derivative classification means extracting, summarizing, or deriving classification from another source

FSO ensures contractor is training and has resources

Contractor ensures: Use of Security Classification Guide Mark derived copy with the same classification as original Challenge classification when necessary Carry over longest period of classification to the new document Maintain list of sources used to compile the derivative document

DERIVATIVE CLASSIFICATION RESPONSIBILITIES

Page 103: Security Awareness Training

www.ispcert.com

In many cases those performing on classified contracts may assemble, modify, or construct classified information, reports, hardware and etc. into a new product. In that case the new product is an item derived from different sources.

Both the contractor and the government have responsibilities. The Cognizant Security Agency provides the instruction and resources and the contractor complies.

DERIVATIVE CLASSIFICATION RESPONSIBILITIES

Page 104: Security Awareness Training

www.ispcert.com

The “Derived From” line connects the classified material incorporated in a new document with the source document or the security classification guide

The contractor annotates the reasoning or source of

the classification This authorization includes the security classification guide

listed on the DDForm254

“DERIVED FROM” LINE

Page 105: Security Awareness Training

www.ispcert.com

The “derived from” line continues the record of accountability for classified material

Those who create derivative documents are not acting as Original Classification Authorities and don’t need such appointment or authority

They only transfer original document information into a new document while keeping accountability

“DERIVED FROM” LINE

Page 106: Security Awareness Training

www.ispcert.com

Use the term “multiple sources” on the derivative document where more than one source document is used maintain records of the multiple sources

If the Contract Security Classification Specification (DD Form 254) is the sole source, put the date of the specification and the contract number in the “Derived From” line

“DERIVED FROM” LINE

Page 107: Security Awareness Training

www.ispcert.com

EXAMPLES OF DOCUMENT MARKINGS

Overall classification from source document

Paragraph from source to derived document

“Derived From” line based on information from source documents

Page 108: Security Awareness Training

www.ispcert.com

The “Declassify On” line provides declassification instructions and is referenced with:Contract Security Classification

Specification Security classification guideOr, carry forward the duration

instruction from the source document or classification guide (e.g., date or event).

“DECLASSIFY ON” LINE

“Declassify On” line notifies the contractor of declassification instructions

Page 109: Security Awareness Training

www.ispcert.com

These markings are no longer authorized“Declassify on:” could display one of the following:

X1-X8 Decl: OADR

Never mark RD or FRD with a “declassify on” line

“DECLASSIFY ON” LINE

Typically, classified information will maintain its status for 10 years. In the event national security sensitivity requires, this date can be set for 25 years in the future.

Page 110: Security Awareness Training

www.ispcert.com

“DECLASSIFY ON” LINE

• A “Declassify on” should be in accordance with Sec. 2001.12 of ISOO Directive No. 1:– A date or event less than 10 years from the date of the document;

or– A date 10 years from the date of the document; or – A date greater than 10 and less than 25 years from the date of the

document; or – A date 25 years from the date of the document.

Page 111: Security Awareness Training

www.ispcert.com

Use “Downgrade To” line when downgrading instructions are included in the Contract Security Classification Specification, classification guide or source document

“DOWNGRADE TO” LINE

For example:CLASSIFIED BY: Multiple SourcesDOWNGRADE TO (SECRET or CONFIDENTIAL) ON: XXXXXDECLASSIFY ON: XXXXX

Page 112: Security Awareness Training

www.ispcert.com

"DOWNGRADE TO" Line. Be sure to coordinate with the Government contracting agency BEFORE downgrading classified material.

Information that loses sensitivity based on time or event is downgraded or declassified. The action is taken based on formal notification or from the Contract Security Classification Guidance.

Contractors should consult with the GCA prior to taking downgrade or declassification action. Once approved, documentation and remarking should take place concurrently.

“DOWNGRADE TO” LINE

SECRET CONFIDENTIAL

Page 113: Security Awareness Training

www.ispcert.com

"CLASSIFIED BY" Line and "REASON CLASSIFIED" Line are used primarily on originally classified material

Some agencies may require that derivative classifiers put identify their office and reason for classification

“CLASSIFIED BY” LINE

For example:CLASSIFIED BY: Department 5

Office of Good WorksREASON CLASSIFIED: Section 2.1 Security Classification GuideDECLASSIFY ON: X-1

Page 114: Security Awareness Training

www.ispcert.com

Classified generated under previous executive orders need not be re-marked

Most contain proper portion markings, if not, carry over highest classification of source document

The originator, not contractor, is responsible for classification markings

PREVIOUS EXECUTIVE ORDERS

Page 115: Security Awareness Training

www.ispcert.com

Classification markings must be clear, no matter the mediaFiles, folders or groups of documents must be marked at highest

level withinEmail and other electronic messages have to be marked the

same as any documentMicroform is tiny, but the media has to be marked to be seen by

the unaided eye and within the microform documentTranslations of U.S. classified information is marked with U.S. as

country of origin and the classification in English and foreign language

SPECIAL TYPES OF MATERIAL

All media, regardless of form must be marked to the proper level to ensure that the classification of the item is clear to the holder.

Page 116: Security Awareness Training

www.ispcert.com

Transmittal documents are marked with the highest classification of the entire document packet and with notation of classification level once removed from document packet Must carry all classification markings of any classified document

TRANSMITTAL DOCUMENTS

If unclassified when removed put: Unclassified with separated from classified enclosures.

If classified with higher classification documents included put: CONFIDENTIAL or SECRET when separated from enclosures

Page 117: Security Awareness Training

www.ispcert.com

Information that is unclassified when alone and classified when compiled Mark with the highest level of classification Portion markings are not necessary

Unclassified material developed while working with classified information should be handled in a way to protect the classified material

Training material is marked to indicate that it is UNCLASSIFIED but is assigned a classification for training purposes only UNCLASSIFIED SAMPLE SECRET FOR TRAINING, OTHERWISE UNCLASSIFIED

OTHER CLASSIFICATION EVENTS

Page 118: Security Awareness Training

www.ispcert.com

Other material should be protected as classified even if it is not classified. The protection is to ensure that the classified portion is not disclosed without authorization, clearance and need to know. The above are few examples.

OTHER CLASSIFICATION EVENTS

Page 119: Security Awareness Training

Upgrade when there is message notifying to upgrade a classification. For example: SECRET to TOP SECRET Re-mark with new classifications Obliterate former classification markings Enter authority and reason for upgrade Notify other users

UPGRADING

Upgrading of classified information indicates added sensitivity and should be performed immediately and all users notified. New markings should be annotated and old markings obliterated

Page 120: Security Awareness Training

www.ispcert.com

If unmarked classified information is removed from facility: Determine clearance and authorized access of holders Assess whether or not control of item has been lost If recipients have clearance and need to know; notify of

classification If control has been lost, notify Cognizant Security Agency

INADVERTANT RELEASE

Page 121: Security Awareness Training

www.ispcert.com

Anytime classified material is inadvertently released, the FSO should conduct and assessment to determine the damage. If release of classified information happened where there were no classification markings provided assess whether or not authorized users had access.

If users were cleared with need to know, provide notification and re-mark. If there was unauthorized access or control was otherwise lost, notify the CSA.

INADVERTANT RELEASE

Page 122: Security Awareness Training

www.ispcert.com

Mark classified material to the highest level possible Indicate classification authority and reason for classification

Provide proper markings for compiled or derived classification

Determine marking requirements for special types of material

Perform downgrade and upgrade requirements

Provide instructions for inadvertent release

SUMMARY

Page 123: Security Awareness Training

www.ispcert.com

PERFORMING ON CLASSIFIED CONTRACTS

Page 124: Security Awareness Training

www.ispcert.com

The Facility Security Clearance

The FSO

The Personnel Security Clearance

Test

CONTENTS

What are an FSO’s Responsibilities? Who is responsible for requesting facility clearances? How are investigations conducted?

These are questions that come to the minds of many who practice management of classified material. It is important for all who work on a classified contract understand the requirements and qualifications for doing so.

Page 125: Security Awareness Training

www.ispcert.com

FCL’S are related to a contract

The FCL is a result of the government’s determination that a company is eligible to have access to classified information or the award of a classified contract (NISPOM 2-100)

Sponsored by government or prime contract

Additionally, if the company is to possess or store classified material, the CSA will have to determine and approve the FCL and the storage level for that company.

FACILITY SECURITY CLEARANCE

Page 126: Security Awareness Training

www.ispcert.com

This need for a clearance must be supported by a legitimate U.S. Government or foreign government requirement and the contact will be offered as having that need.

Basically, the Government will have classified work to assign to a competent defense contractor. As a result of the required work, the contractor will need to be eligible for a clearance. If the government requires a defense contractor to store and or work with classified material on site, then they will also be required to have a storage level assigned

FACILITY SECURITY CLEARANCE

Page 127: Security Awareness Training

www.ispcert.com

Qualifications for FCL

Structured as an entity as under the laws of the United States, the District of Columbia or Puerto Rico and have a physical location in the United States or her territories.

A reputation of good and ethical business practices

Neither the company nor key managers are barred from participating in U.S. Government contracts

Must not fall under Foreign Ownership Control Or Influence

FACILITY SECURITY CLEARANCE

Page 128: Security Awareness Training

www.ispcert.com

FCL Process

Government Contracting Authority approve, Cognitive Security Agency conducts evaluation

Company compiles list of Key Management Personnel

Assembles vital corporate documents

Prepares Department of Defense Security Agreement DD Form 441

Prepares FOCI Statement SF328

FACILITY SECURITY CLEARANCE

Page 129: Security Awareness Training

www.ispcert.com

A critical piece to the sponsorship program is for the CSA to have a good understanding of the company and their mission. Information needed includes: articles of incorporation, stock records, corporate by-laws, minutes, 10k and tax documentation.

The senior company officer, the FSO and other personnel as deemed necessary by the CSA will need a security clearance.

The other officers and board members may be excluded from the security clearance process if they will not have influence over cleared contractor decisions.

FACILITY SECURITY CLEARANCE

Page 130: Security Awareness Training

www.ispcert.com

The SF 328 is used by the contractor and the CSA to determine whether or not and to what limit the cleared contractor falls under Foreign Ownership Control and Influence. As with determining the amount of control a company officer or board member has over classified contracts, the same holds true of foreign entities a company may partner with.

FACILITY SECURITY CLEARANCE

Page 131: Security Awareness Training

www.ispcert.com

Contractor agrees to: Implement and enforce the security controls Verify that persons have need to know and clearance

The Government agrees to: Indicate the appropriate level of classification Agree not to over-classify Notify the cleared contractor of any changes in the classification Issue proper handling, storage and processing information

GOVERNMENT CONTRACTOR AGREEMENT

DD Form 441

Page 132: Security Awareness Training

www.ispcert.com

Appointed to direct and implement security procedures designed to protect classified information from unauthorized disclosure

Identified in DoD 5220.22-M (NISPOM)Security clearancesAccountability of classified information

Receipt of all transactionShipmentStorageAuthorized disclosureExports complianceVisit controlPhysical securityAudits and facility evaluations

THE FSO

Page 133: Security Awareness Training

www.ispcert.com

QualificationsCleared at the same level as the facility clearanceU.S. Citizen

THE FSO

This FSO has a tremendous scope of responsibility and takes on the role as the provider of security and the link between the government contractor, the cognizant security agency (CSA) and the federal government.

Page 134: Security Awareness Training

www.ispcert.com

A security clearance is the administrative determination that an employee is eligible from a national security basis for a security clearance

The final clearance is the result of a request by the contractor, investigation conducted by the CSA and determination made by a trained adjudicator

PERSONNEL SECURITY CLEARANCE

Page 135: Security Awareness Training

www.ispcert.com

The contractor and CSA have joint responsibilities

Contractor Submits request and supporting documents

CSA Determines the employee’s eligibility of access Notifies the cleared contractor whether or not the access has been

granted Designates a database for the administrative record and

accountability of the clearance status

PERSONNEL SECURITY CLEARANCE

Page 136: Security Awareness Training

www.ispcert.com

CSA will ensure the proper security clearance background investigation is conducted

Single Scope Background Investigation (SSBI) conducted for access to:

TOP SECRET Q Secret Compartmented Information

National Agency Check with Local Agency Check and Credit Check (NACLC) conducted for access to:

SECRET CONFIDENTIAL L

BACKGROUND INVESTIGATIONS

Page 137: Security Awareness Training

www.ispcert.com

Single Scope Background Investigation (SSBI) investigates information from Educational institutions during the past 3 years Residence during the past three years Law enforcement records during the past 10 years Financial records of the most recent seven years.

National Agency Check with Local Agency Check and Credit Check (NACLC) Search of the Federal Bureau of Investigation’s database Credit check – past seven years

Residence employment education law enforcement records of all locations listed on the SF 86

during the past five years.

BACKGROUND INVESTIGATIONS

Page 138: Security Awareness Training

www.ispcert.com

The results of the investigation demonstrate whether or not the subject is stable, trustworthy, reliable, of excellent character, judgment, and discretion; and of unquestioned loyalty to the United States. 

The determination is based on 13 investigation criteria:

1. Allegiance to the United States

2. Foreign preference

3. Foreign influence

4. Sexual behavior

5. Personal conduct

ADJUDICATION

Page 139: Security Awareness Training

www.ispcert.com

6. Financial considerations

7. Alcohol consumption

8. Drug involvement

9. Psychological conditions

10. Criminal conduct

11. Handling protected information

12. Outside activities

13. Use of Information Technology Systems

ADJUDICATION

Page 140: Security Awareness Training

www.ispcert.com

Subjects who fall under any of the above criteria will not automatically be denied a security clearance. Adjudicators will consider:

The nature, extent, and seriousness of the conduct The circumstances surrounding the conduct, to include

knowledgeable participation The frequency and recency of the conduct The individual’s age and maturity at the time of the conduct The voluntariness of participation The presence or absence of rehabilitation and other

pertinent behavioral changes The motivation for the conduct The potential for pressure, coercion, exploitation, or duress The likelihood of continuation or recurrence.

CONSIDERATIONS OF CRITERIA

Page 141: Security Awareness Training

www.ispcert.com

Subjects who fall under any of the above criteria will not automatically be denied a security clearance. There are situations where people have committed crimes, used drugs, sought professional counseling or other types of treatment. In some cases people who had abused alcohol attended rehabilitation, they were suffering emotional problems for a death or divorce, or the indicated incidences had transpired way back in their personal histories.

When considering a person for a clearance, the adjudicator will assess each case. It is important for the applicant to fill out the security clearancerequest information accurately and not where provided the specific incident and all that had transpired as a result. The adjudicator will only be able to rely on the information provided in the investigation and the applicant’s notes.

CONSIDERATIONS OF CRITERIA

Page 142: Security Awareness Training

www.ispcert.com

It is also important to note that cleared personnel will need to continue their demonstration of suitability after the security clearance is determined. They will also have to notify their security offices anytime they or another cleared employee violate any of the criteria.

At some point cleared employees will be reinvestigated according to their need of a security clearance and level. The incidents may call into question the issue of suitability. These self referrals will demonstrate trustworthiness and will help mitigate the incidents. If an investigator discovers the incident had occurred during the periods between investigations, the subject’s suitability may be called into question.

CONSIDERATIONS OF CRITERIA

Page 143: Security Awareness Training

www.ispcert.com

SAFEGUARDING CLASSIFIED INFORMATION

Page 144: Security Awareness Training

www.ispcert.com

General Requirements

Control and Accountability

Storage

Transmission

Disclosure

Reproduction

CONTENTS

Page 145: Security Awareness Training

www.ispcert.com

Contractors protect classified material under their control

Individuals protect classified information entrusted to them

GENERAL REQUIREMENTS

The FSO leads and implements the security program designed to protect classified information and prevent unauthorized disclosure

Page 146: Security Awareness Training

www.ispcert.com

Protect oral discussion Use secure devices Speak in closed meetings Ensure area is cleared for classified presentation

Classified conversations should only be conducted in authorized areas. Classified meetings are sponsored by the government and all outside visitors will need to file a visit authorization ahead of time. Ensure classified phone conversations take place in a cleared area on a secure line.

GENERAL REQUIREMENTS

Page 147: Security Awareness Training

www.ispcert.com

Complete end of day security checks Ensure classified is stored properly Checks are for last shift where classified material was removed from

storage

Security checks are necessary to ensure classified material has been returned to the authorized storage area and the classified storage has been properly secured. Checks are not necessary during 24hour operations.

GENERAL REQUIREMENTS

Page 148: Security Awareness Training

www.ispcert.com

Establish perimeter controls Deter and detect unauthorized removal or entry of classified Persons entering or exiting facility is subject to search

Develop emergency procedures Protect classified information in any emergency situation

GENERAL REQUIREMENTS

Page 149: Security Awareness Training

www.ispcert.com

Perimeter controls help prevent unauthorized entry or exit of classified material. All classified material is to be introduced and removed only through the security office. This discourages losing control of classified material and the resulting security violation.

All personnel entering and exiting a cleared facility are subject to random search. Notices of such searches should be posted.

Regardless of motivation, employees provide the largest security risk. Unauthorized introduction or removal of classified material is far too common.

Procedures should be in place to arrange for the accountability of classified during any emergency. Define emergency procedures for: tornado, flood, fire, hurricane or tragedy at campus or during courier operations

GENERAL REQUIREMENTS

Page 150: Security Awareness Training

www.ispcert.com

Classified material is on site for legal, U.S. Government purposes only. When contract expires, classified material must be returned to customer within two years or if approved for retention validated with final DD Form 254.

The FSO develops documenting and accounting procedure to ensure items are cataloged and retrievable within a reasonable amount of time.

CONTROL AND ACCOUNTABILITY

Page 151: Security Awareness Training

www.ispcert.com

Contractors designate TOP SECRET control officials to:ReceiveTransmitMaintain access and accountabilityConduct annual inventory

TOP SECRET has continuous transmittal receipt process to maintain accountability and prevent

loss or compromise.

CONTROL AND ACCOUNTABILITY

Page 152: Security Awareness Training

www.ispcert.com

Each TOP SECRET item must be numbered in series

Received classifiedCheck for tamperCheck for accuracy against receiptIf all good, sign and return receipt to sender

CONTROL AND ACCOUNTABILITY

Page 153: Security Awareness Training

www.ispcert.com

Maintain a continuous record for all documents transmitted from your site. This includes mail, courier, email, and etc. Each item of TOP SECRET material has to be catalogued and numbered in a series.

Those who receive classified material are responsible that they are receiving items as indicated on the receipt. They should inspect the package for evidence of tampering and compare the classified items with the receipt. The

classified item should have an unclassified title.

CONTROL AND ACCOUNTABILITY

Page 154: Security Awareness Training

www.ispcert.com

Account for all produced TOP SECRET when:A finished productRetained for over 30 days (notes, files, workbook, final)Transmitted outside of facility

Classified information not a finished product-No problemMark date createdMark classification levelAnnotate “Working Papers”

Working papers are to be marked as finished document when:

Over 30 days old for TOP SECRETOver 180 days for SECRET and CONFIDENTIALSent outside of facility

CONTROL AND ACCOUNTABILITY

Page 155: Security Awareness Training

www.ispcert.com

Re-cap: TOP SECRET material must also be accounted for when in an unfinished

state for over 30 days or transmitted outside of the facility. This process further reduces employee error and security violations.

SECRET and CONFIDENTIAL material should be brought into accountability 180 days after creation if in an unfinished state.

Regardless of stated, classified information should be accounted for prior to release from a facility.

CONTROL AND ACCOUNTABILITY

Page 156: Security Awareness Training

www.ispcert.com

TOP SECRET and SECRET is stored in GSA approved container, approved vault or approved closed area with supplemental controls

SECRET can also be stored as followed until Oct 1, 2012 Safe, steel file cabinet or safe type container with automatic lock

Requires supplemental protection after hour

Any steel cabinet with four sides, top, bottom and a rigid bar with approved locks

CONFIDENTIAL material doesn’t need supplemental controls

CLASSIFIED STORAGE

Page 157: Security Awareness Training

www.ispcert.com

Restricted areas are used when controlling access to classified material in a large area. There does not need to be physical barriers, but access control is necessary. Restricted areas are for temporary use of classified material and all classified material needs to be returned to the repository. Only used during working areas Used for unique size, mission or other issues Classified must be returned to proper storage when

complete Employees challenge all who enter to ensure

clearance and NTK

CLASSIFIED STORAGE

Page 158: Security Awareness Training

www.ispcert.com

Closed areas are a more permanent solution for the classified items that are difficult to store. These difficulties arise from size, bulk or unique mission requirements. FSO’s limit access and provide supplemental controls for anything SECRET or above in closed areas.

CLASSIFIED STORAGE

Page 159: Security Awareness Training

www.ispcert.com

Closed areas are used to store classified material that won’t fit into a GSA approved container Access is controlled Supplemental protection for SECRET and TOP SECRET Qualify structural integrity at required intervals CSA approves open shelf/bin storage of SECRET and

CONFIDENTIAL No open shelf or bin storage of TOP SECRET

CLASSIFIED STORAGE

Page 160: Security Awareness Training

www.ispcert.com

As with security clearances, keep the amount of authorized employees having knowledge of combinations to the minimum amount necessary.

Keep records of those who have the combination. Remind employees that the combinations are to be protected at the highest level of classified stored inside the container.

CLASSIFIED STORAGE

Page 161: Security Awareness Training

www.ispcert.com

Lock combinations given as few employees as necessary Keep a record of those knowledgeable Protect combinations at the highest level stored Only assign to those with clearance and NTK (not the locksmith)

Lock all approved containers when not under direct viewing of authorized persons

CLASSIFIED STORAGE

Page 162: Security Awareness Training

www.ispcert.com

Security containers should not be altered, painted or labeled with the security classification level of the contents

Change combinations upon initial use, change in status of authorized users, compromise or suspected compromise of container or combination, when safe is left open or when required by FSO or CSA

CLASSIFIED STORAGE

SECRET

Page 163: Security Awareness Training

www.ispcert.com

Control access and accountability to keys and locks and: Appoint a custodian Maintain register of lock

and keys Audit keys and locks

monthly Inventory keys upon

change of custody Keep keys on premises Rotate or change locks

annually

CLASSIFIED STORAGE

Page 164: Security Awareness Training

www.ispcert.com

Repairs to GSA approved containers shall be made by cleared or escorted personnel trained in approved methods. Repairs should be made with approved parts or approved cannibalized parts. Ensure certificate of repair is on file.

Access control can be used to limit access to closed areas DURING WORK HOURS. Must be approved by FSO and meet criteria in 5-313 and 5-314 of NISPOM

CLASSIFIED STORAGE

Page 165: Security Awareness Training

www.ispcert.com

Click on the correct answers

TEST

Page 166: Security Awareness Training

1. Company financial forecasts and budget information should be:

A. Locked in an office or desk

B. Given no special protection

C. Put on the company website

2. What forms of espionage are current threats to U.S. Companies

A. Economic

B. Corporate

C. Intelligence gathering

D. All the above

3. There is no need to report foreign correspondence as long as its not classified

A. True

B. False

4. Email contacts could be considered suspicious when they are addressed to:

A. Company

B. Department

C. Individual

D. All of the above

TEST-SELECT THE CORRECT ANSWER

Page 167: Security Awareness Training

www.ispcert.com

6. Which of the following are factors that may make you a target of espionage:A. Ethnic background B. Annual incomeC. Rental car

7. While traveling, you have control over all situations

A. True

B. False

8. All are examples of collection methods EXCEPT:

A. Elicitation

B. Surveillance

C. Currency exchange

D. Eavesdropping

9. All must be considered before the OCA can assign a classification marking EXCEPT

A. May cause damage to national security

B. Is owned by the Government

C. Displays nuclear vulnerabilities

D. Hide an nationally embarrassing situation

TEST-SELECT THE CORRECT ANSWER

Page 168: Security Awareness Training

10. Which of the following is the most correct countermeasure of a solicitation effort

A. Agree to provide then contact the authorities

B. Say “no” and then contact the authorities

C. Continue the conversation so as not to offend the host

D. Make attempts to change the subject

11. Most foreign contacts are well meaning and legitimate

A. True

B. False

12. All of the following are classifications EXCEPT:

A. TOP SECRET

B. CONFIDENTIAL

C. SECRET

D. FOR OFFICIAL USE ONLY

13. All of the following are conditions to be met before classifying an item except

A. Original Classification Authority is involved

B. U.S. Government owns it

C. Information could cause damage to national security

D. Information could cause embarrassment to the President

TEST-SELECT THE CORRECT ANSWER

Page 169: Security Awareness Training

www.ispcert.com

24. Unauthorized disclosure of items classified at the SECRET level could:A. Cause extremely serious damageB. Cause damageC. Cause extremely grave damageD. Cause serious damage

24. All of the following are criteria for evaluating suitability EXCEPT:

A. Alcohol use

B. Personal Conduct

C. Misuse of Technology

D. Abstinence

16. Everyone who works in a cleared facility must have a clearance

A. True

B. False

17. Single Scope Background Investigations are conducted for:

A. CONFIDENTIAL

B. L

C. SECRET

D. SCI

TEST-SELECT THE CORRECT ANSWER

Page 170: Security Awareness Training

www.ispcert.com

18. All of the following are methods of protecting classified conversations EXCEPT:A. Use secure phone linesB. Speak in a closed areaC. Whisper when in public areas

19. When should combinations be changed on GSA approved containers (Select Best Answer)?

A. Upon change in status of knowledgeable person

B. When safe is left unattended

C. Upon compromise of combination

D. All the above

20. Lock combinations should be changed by a training lock smith

A. True

B. False

TEST-SELECT THE CORRECT ANSWER

Page 171: Security Awareness Training

www.ispcert.com

CERTIFICATE