SAFEGUARDING CLASSIFIED INFORMATION
26
www.ispcert.com SAFEGUARDING CLASSIFIED INFORMATION
description
SAFEGUARDING CLASSIFIED INFORMATION. CONTENTS. General Requirements Control and Accountability Storage Transmission Disclosure Reproduction. GENERAL REQUIREMENTS. Contractors protect classified material under their control Individuals protect classified information entrusted to them. - PowerPoint PPT Presentation
Transcript of SAFEGUARDING CLASSIFIED INFORMATION
www.ispcert.com
SAFEGUARDING CLASSIFIED INFORMATION
www.ispcert.com
General RequirementsControl and AccountabilityStorageTransmissionDisclosureReproduction
CONTENTS
www.ispcert.com
Contractors protect classified material under their control
Individuals protect classified information entrusted to them
GENERAL REQUIREMENTS
The FSO leads and implements the security program designed to protect classified information and prevent unauthorized disclosure
www.ispcert.com
Protect oral discussion Use secure devices Speak in closed meetings Ensure area is cleared for classified presentation
Classified conversations should only be conducted in authorized areas. Classified meetings are sponsored by the government and all outside visitors will need to file a visit authorization ahead of time. Ensure classified phone conversations take place in a cleared area on a secure line.
GENERAL REQUIREMENTS
www.ispcert.com
Complete end of day security checks Ensure classified is stored properly Checks are for last shift where classified material was
removed from storage
Security checks are necessary to ensure classified material has been returned to the authorized storage area and the classified storage has been properly secured. Checks are not necessary during 24hour operations.
GENERAL REQUIREMENTS
www.ispcert.com
Establish perimeter controls Deter and detect unauthorized removal or entry of
classified Persons entering or exiting facility is subject to search
Develop emergency procedures Protect classified information in any emergency situation
GENERAL REQUIREMENTS
www.ispcert.com
Perimeter controls help prevent unauthorized entry or exit of classified material. All classified material is to be introduced and removed only through the security office. This discourages losing control of classified material and the resulting security violation.
All personnel entering and exiting a cleared facility are subject to random search. Notices of such searches should be posted.
Regardless of motivation, employees provide the largest security risk. Unauthorized introduction or removal of classified material is far too common.
Procedures should be in place to arrange for the accountability of classified during any emergency. Define emergency procedures for: tornado, flood, fire, hurricane or tragedy at campus or during courier operations
GENERAL REQUIREMENTS
www.ispcert.com
Classified material is on site for legal, U.S. Government purposes only. When contract expires, classified material must be returned to customer within two years or if approved for retention validated with final DD Form 254.
The FSO develops documenting and accounting procedure to ensure items are cataloged and retrievable within a reasonable amount of time.
CONTROL AND ACCOUNTABILITY
www.ispcert.com
Contractors designate TOP SECRET control officials to:ReceiveTransmitMaintain access and accountabilityConduct annual inventory
TOP SECRET has continuous transmittal receipt process to maintain accountability and prevent
loss or compromise.
CONTROL AND ACCOUNTABILITY
www.ispcert.com
Each TOP SECRET item must be numbered in series
Received classifiedCheck for tamperCheck for accuracy against receiptIf all good, sign and return receipt to sender
CONTROL AND ACCOUNTABILITY
www.ispcert.com
Maintain a continuous record for all documents transmitted from your site. This includes mail, courier, email, and etc. Each item of TOP SECRET material has to be catalogued and numbered in a series.
Those who receive classified material are responsible that they are receiving items as indicated on the receipt. They should inspect the package for evidence of tampering and compare the classified items with the receipt. The classified item should have an
unclassified title.
CONTROL AND ACCOUNTABILITY
www.ispcert.com
Account for all produced TOP SECRET when: A finished product Retained for over 30 days (notes, files, workbook,
final) Transmitted outside of facility
Classified information not a finished product-No problem Mark date created Mark classification level Annotate “Working Papers”
Working papers are to be marked as finished document when: Over 30 days old for TOP SECRET Over 180 days for SECRET and CONFIDENTIAL Sent outside of facility
CONTROL AND ACCOUNTABILITY
www.ispcert.com
Re-cap: TOP SECRET material must also be accounted for when in an
unfinished state for over 30 days or transmitted outside of the facility. This process further reduces employee error and security violations.
SECRET and CONFIDENTIAL material should be brought into accountability 180 days after creation if in an unfinished state.
Regardless of stated, classified information should be accounted for prior to release from a facility.
CONTROL AND ACCOUNTABILITY
www.ispcert.com
TOP SECRET and SECRET is stored in GSA approved container, approved vault or approved closed area with supplemental controls
SECRET can also be stored as followed until Oct 1, 2012 Safe, steel file cabinet or safe type container with
automatic lock Requires supplemental protection after hour
Any steel cabinet with four sides, top, bottom and a rigid bar with approved locks
CONFIDENTIAL material doesn’t need supplemental controls
CLASSIFIED STORAGE
www.ispcert.com
Restricted areas are used when controlling access to classified material in a large area. There does not need to be physical barriers, but access control is necessary. Restricted areas are for temporary use of classified material and all classified material needs to be returned to the repository. Only used during working areas Used for unique size, mission or other issues Classified must be returned to proper storage
when complete Employees challenge all who enter to ensure
clearance and NTK
CLASSIFIED STORAGE
www.ispcert.com
Closed areas are a more permanent solution for the classified items that are difficult to store. These difficulties arise from size, bulk or unique mission requirements. FSO’s limit access and provide supplemental controls for anything SECRET or above in closed areas.
CLASSIFIED STORAGE
www.ispcert.com
Closed areas are used to store classified material that won’t fit into a GSA approved container Access is controlled Supplemental protection for SECRET and TOP
SECRET Qualify structural integrity at required intervals CSA approves open shelf/bin storage of SECRET
and CONFIDENTIAL No open shelf or bin storage of TOP SECRET
CLASSIFIED STORAGE
www.ispcert.com
As with security clearances, keep the amount of authorized employees having knowledge of combinations to the minimum amount necessary.
Keep records of those who have the combination. Remind employees that the combinations are to be protected at the highest level of classified stored inside the container.
CLASSIFIED STORAGE
www.ispcert.com
Lock combinations given as few employees as necessary Keep a record of those knowledgeable Protect combinations at the highest level stored Only assign to those with clearance and NTK (not the
locksmith)
Lock all approved containers when not under direct viewing of authorized persons
CLASSIFIED STORAGE
www.ispcert.com
Security containers should not be altered, painted or labeled with the security classification level of the contents
Change combinations upon initial use, change in status of authorized users, compromise or suspected compromise of container or combination, when safe is left open or when required by FSO or CSA
CLASSIFIED STORAGE
SECRET
www.ispcert.com
Control access and accountability to keys and locks and: Appoint a custodian Maintain register of
lock and keys Audit keys and locks
monthly Inventory keys upon
change of custody Keep keys on
premises Rotate or change
locks annually
CLASSIFIED STORAGE
www.ispcert.com
Repairs to GSA approved containers shall be made by cleared or escorted personnel trained in approved methods. Repairs should be made with approved parts or approved cannibalized parts. Ensure certificate of repair is on file.
Access control can be used to limit access to closed areas DURING WORK HOURS. Must be approved by FSO and meet criteria in 5-313 and 5-314 of NISPOM
CLASSIFIED STORAGE
www.ispcert.com
Click on the correct answers
TEST
www.ispcert.com
1. All of the following are methods of protecting classified conversations EXCEPT:A. Use secure phone linesB. Speak in a closed areaC. Whisper when in public areas
2. When should combinations be changed on GSA approved containers?
A. Upon change in status of knowledgeable person
B. When safe is left unattended
C. Upon compromise of combination
D. All the above
3. Lock combinations should be changed by a training lock smith
A. True
B. False
4. All apply to Restricted areas EXCEPT:
A. Does not require physical boundaries
B. For permanent continuous use
C. Control access of personnel
D. For temporary use
TEST-SELECT THE CORRECT ANSWER
www.ispcert.com
5. What should one receiving classified material NOT do?A. Assign a classified titleB. Check for tamperC. Match receipt with contents
6. All of the following are duties of the TOP SECRET official EXCEPT:
A. Receive classified material
B. Execute company privacy policy
C. Conduct annual inventory
TEST-SELECT THE CORRECT ANSWER
www.ispcert.com
CERTIFICATE
