EIDWS 106: Security
Identify who has Overall Authority of, & Controls Access to, a SCIF.
The SSO will be responsible for the operation of the SCIF & the security control & use of the SCIF. All SCI matters shall be referred to the SSO - The SSO is the principal advisor on the SCI security program in the command & is responsible to the commanding officer for the management & administration of the program.
State the Type of Investigation and How Often it is Updated for Access to Secret/Confidential.
The investigative basis for Secret/Confidential clearance eligibility is a favorably completed NACLC/ANACI & established based on ENTNAC's, NAC's or NACI's prior to NACLC or ANACI implementation remain valid. For Secret & Confidential clearance, the investigation is updated every 10 & 15 years, respectively.
State the Type of Investigation and How Often it is Updated for Access to Top Secret
The investigative basis for Top Secret clearance eligibility is a favorably completed SSBI, SSBI-PR or PPR. For those who have continuous assignment or access to Top Secret, critical sensitive positions, SCI, Presidential Support Activities, COSMIC Top Secret, LAA, PRP, IT-1 duties or SIOP-ESI, the SSBI must be updated every 5 years by a PR.
State the Type of Investigation and How Often it is Updated for Access to Sensitive Compartmentalized Information (SCI)
The investigative requirement for access to SCI is a favorably adjudicated SSBI. A SSBI-PR is required to be submitted every 5 years. The requirements for SCI access are established under Director of National Intelligence (DNI) authority. If an individual is indoctrinated for SCI access, the CO may not administratively lower the individual's security clearance below the TS level without approval of the DON CAF.
INFOSEC (Information Security)
The system of policies, procedures, & requirements established under the authority of E.O 12958, as Amended, to protect information that, if subjected to unauthorized disclosure, could reasonably be expected to cause damage to the national security.
PSP (Personnel Security Program)
To authorize initial & continued access to classified information and/or initial & continued assignment to sensitive duties to those persons whose loyalty, reliability & trustworthiness are such that entrusting them with classified information/assigning them to sensitive duties is clearly consistent with the interests of national security. Additionally, the PSP ensures that no final unfavorable personnel security determination will be made without compliance with all procedural requirements.
Identify the Use of SF-153 (COMSEC Material Report)
Used to document the Transfer, Inventory, Destruction, Hand Receipt or Other conditions of COMSEC material.
ATFP (Anti-Terrorism Force Protection)
- AT - defensive measures used to reduce the vulnerability of individuals & property to terrorist acts, to include limited response & containment by local military forces. - FP - actions taken to prevent/mitigate hostile actions against DoD personnel (to include family members), resources, facilities & critical information. Force protection doesn't include actions to defeat the enemy/protect against accidents, weather or disease
Discuss the Security Rules & Procedures for Magnetic & Electronic Media
- All such devices bearing classified information must be conspicuously marked with the highest level of classification stored on the device & any special control notices that apply to the information - As an exception, in the case of CD-ROMs, the label may be affixed to the sleeve or container in which the CD-ROM is stored.
State When Safe Combinations Should be Changed
- At least annually - Sooner if the combination has been compromised - Sooner if an individual who holds the combination transfers from the command/otherwise no longer requires it.
Define Security Violation
- Compromise of classified information to persons not authorized to receive it or a serious failure to comply with the provisions of security regulations & likely to result in a compromise. - Requires investigation
Identify the Use of SF-700 (Security Container Information)
- Contains vital information about the security container in which it is located. - This information includes location, container number, lock serial number, & contact information if the container is found open & unattended. - Cover page of this form is required to be posted on the inside of a container. The rest of the form (envelope) contains the safe combination (securely packaged) & is an accountable item which shall be stored in a separate container of equal/greater classification level.
INFOCON 5
- Describes a situation where there is no apparent hostile activity against computer networks - Operational performance of all information systems is monitored & password systems are used as a layer of protection.
INFOCON 4
- Describes an increased risk of attack. - Increasesed monitoring of all network activities is mandated, & all DoD end users must make sure their systems are secure. - Internet usage may be restricted to government sites only, & backing up files to removable media is ideal
Explain What is Meant by "Need to Know"
- Describes the restriction of data which is considered very sensitive. - Under need-to-know restrictions, even if one has all the necessary official approvals (such as a security clearance) to access certain information, one would not be given access to such information, or read into a clandestine operation, unless one has a specific need to know - Access to the information must be necessary for the conduct of one's official duties.
INFOCON 3
- Describes when a risk has been identified - Security review on important systems is a priority & the Computer Network Defense (CND) system's alertness is increased. - All unclassified dial-up connections are disconnected
INFOCON 2
- Describes when an attack has taken place but the CND system is not at its highest alertness. - Non-essential network may be taken offline & alternate methods of communication may be implemented.
INFOCON 1
- Describes when attacks are taking place & the CND system is at maximum alertness - Any compromised systems are isolated from the rest of the network.
Identify the Events that Should be Reported to the SSO
- Financial issues - Legal issues - U/A - Mental illness - Marriage to a foreign national - Anything that could question your character, integrity, physical and mental health needs to be reported.
Explain the DoD Escort Policy
- If you're an escort, you're required to stay with that individual/group you are escorting until they leave & ensure they stay out of secure spaces unless authorized. - As a matter of convenience & courtesy, flag officers, general officers & their civilian equivalents aren't required to sign visitor records/display ID badges when being escorted as visitors. The escort should be present at all times to avoid challenge & embarrassment & to ensure that necessary security controls are met. If visitor isn't being escorted all normal security procedures will apply.
Explain Why the US Navy Only Uses ".mil" Email Addresses on Government Systems
- Navy uses .MIL for it's e-mail addresses because the DoD has exclusive use of this domain.
List the Items Prohibited in a SCIF & the Security Risks Associated with Them
- Personally owned photographic, video & audio recording equipment - Personally owned computers & associated media.
Define Practices Dangerous to Security
- Practices which have the potential to jeopardize the security of COMSEC Material if allowed continuing - 2 types - Reportable - action must be reported outside of command - Non-Reportable - action must be reported to the CO
COMSEC (Communications Security)
- Protective measures taken to deny unauthorized persons information derived from telecommunications of the US Government concerning national security, & to ensure the authenticity of such telecommunications. - COMSEC includes crypto-security, emission security, transmission security & physical security of COMSEC material & COMSEC information.
State the Duties and Responsibilities of a CSM.
- Responsible for implementing the Information Security Program (ISP) & shall have direct access to the CO - Serve as the principal adviser & representative to the CO in matters pertaining to the classification, safeguarding, transmission, & destruction of classified information. - Develop a written command security instruction, to include provisions for safeguarding classified information during military ops or emergency situations - Ensure that personnel in the command who perform security duties are kept abreast of changes in policies & procedures & provide assistance in problem solving - Formulate, coordinate, & conduct the command security education program
List the Duties & Responsibilities of the SSO
- Serves as the focal point for the receipt, control & accountability of SCI & oversees SCI security functions for subordinate SCIFS; SSO will be a military commissioned officer, warrant officer or civilian (GS-9 or above) - Duties - Supervises the operation of the Special Security Office & administers the SCI security program to include SCI security oversight for the other local SCIF's under the organizational SCI security cognizance. - Maintains applicable SCI directives, regulations, manuals & guidelines to adequately discharge SSO duties & responsibilities. - Ensures all SCI is properly accounted for, controlled, transmitted, transported, packaged & safeguarded. Ensures all SCI is destroyed in authorized destruction facilities & in accordance with DoD 5105.25-M-1 - Ensures SCI is disseminated only to persons authorized access to the material & having an established need-to-know - Serves as the official channel for passing SCI access certification
Discuss How Long a CO Can Administratively Suspend Access Before DONCAF Revokes a Clearance
- The administrative withdrawal or downgrading of access isn't authorized when prompted by developed derogatory information. In these cases, the command may suspend the individual's access for cause, and must report the suspension and/or the derogatory information to DONCAF - A command report of suspension of access for cause will automatically result in the DONCAF suspension of the individual's security clearance eligibility - Commands & activities must report all suspensions to DONCAF no later than 10 working days from the date of the suspension action via JPAS
Discuss the Procedures for Sanitizing an Area
- The removal of classified information from the media/equipment such that data recovery using any known technique/analysis is prevented. - Sanitizing shall include the removal of data from the media, as well as the removal of all classified labels, markings, & activity logs. Properly sanitized media may be subsequently declassified upon observing the organization's respective verification & renew procedures.
Explain the Security Requirements for T-SCIF
- an accredited area used for actual/simulated war operations for a specific period of time - If available, permanent-type facilities will be used - Under field/combat conditions, a continuous 24-hour operation is mandatory. Every effort must be made to obtain the necessary support from the host command (e.g, security containers, vehicles, generators, fencing, guards, weapons, etc.) - vehicles, trailers, shelters, bunkers, tents or available structures to suit the mission maybe utilized if permanent-type facilities are not available. - Shall be located within the supported headquarters defensive perimeter & preferably, also within the TOC perimeter. - Be established & clearly marked using a physical barrier. - Emergency destruction & evacuation plans shall be kept current - SCI material shall be stored in lockable containers when not in use. - An access list shall be maintained & access restricted - The SSO, or designee, shall conduct an inspection of the vacated T-SCIF area to ensure SCI materials are not inadvertently left behind when the T-SCIF moves.
Explain & State the Purpose of Emergency Destruction Procedures
2 TYPES - Precautionary Destruction - hostile action is possilbe/probable & process is to destroy keying material & non-essential manuals in an effort to reduce the amount of material on hand - Complete Destruction - hostile action is imminent & all material must be destroyed in priority order CATEGORIES OF COMSEC THAT REQUIRE DESTRUCTION IN HOSTILE ENVIRONMENT - COMSEC keying material - COMSEC-related material
The Following Items are PROHIBITED UNLESS Approved the the Senior Officials in the Intelligence Community For Conduct of Official Duties
2-Way transmitting equipment Recording equipment. Associated media will be controlled. Test, measurement, and diagnostic equipment. - Due to Espionage, TEMPEST, & compromise of data concerns
Identify the Use of SF-312 (Classified Information Nondisclosure Agreement)
A contractual agreement between the US Government & a cleared employee that must be executed as a condition of access to classified information. By signing it, the cleared employee agrees never to disclose classified information to an unauthorized person even if the information has already been leaked.
Explain the Security Requirements for SCIF
Accreditation concerns (follow the SCIF Accreditation Checklist contained in Director of Central Intelligence Directive (DCID) 6/9): - Must be accredited by the SOIC - Must have a TEMPEST accreditation - Must have completed a Physical Security Inspection - Must have had a recent Security Assistance visit conducted - Space must be "hardened" & approved through the accreditation process. Physical Construction Concerns (follow Fixed Facility Checklist in DCID 6/9) - Floor plans - Diagrams of electrical communications - HVAC connections - Security equipment layout - All documentation pertaining to SCIF construction will be appropriately controlled & restricted on a need-to-know basis
Define the Classification Category CONFIDENTIAL
BLUE - Applied to information whose unauthorized disclosure could reasonably be expected to case damage to the national security.
Identify Who Can Be a CSM
COMMAND SECURITY MANAGER - Can be an Officer/civilian employee - GS-11 or above, with sufficient authority & staff to manage the program for the command. - Must be a US citizen - Must have been the subject of a favorably adjudicated SSBI completed within the previous 5 years.
Identify the Use of SF-703 (Top Secret Cover Sheet)
Cover sheets are placed on top of documents to clearly identify the classification level of the document & protect classified information from inadvertent disclosure.
State the Purpose of the DCS.
DEFENSE COURIER SERVICE - Is an established, staffed, maintained & operated international network of couriers & courier stations for the expeditious, cost-effective & secure transmission/transportation of qualified classified documents & material - In all instances, security of material shall be of paramount importance.
Explain and State the Responsibilities of DONCAF
Department of the Navy Central Adjudication Facility - A NCIS organization responsible for determining who within DoN is: - Eligible to hold a security clearance - Eligible to have access to SCI - Eligible to be assigned to sensitive duties. - The aggregate body of DoN personnel consists of Active duty & Reserve components of the Navy & Marine Corps, as well as civilians - Makes SCI eligibility determinations for select contractor personnel - Maintains an extensive database of its security decisions & provides overall operational support to the Navy's personnel security program.
Explain & State the Purpose of an EAP
EMERGENCY ACTION PLAN - Every command that holds classified COMSEC/Controlled Cryptographic Items (CCI) material must prepare & maintain a current, written emergency plan for safeguarding such material in the event of an emergency - Plans should over safeguard steps to take for natural disasters likely to occur in the commands local region
What is an FDO & State Their Responsibilities.
FOREIGN DISCLOSURE OFFICE - Military information is a national security asset which must be conserved & protected & may be shared with foreign representatives only when there is a clearly defined advantage to the US - It is US policy to avoid creating false impressions of its readiness to make defense articles, technologies, services, or information available. - Only designated foreign disclosure officers (FDOs) may approve the disclosure of classified & controlled unclassified military information to foreign representatives.
Identify the Use of SF-701 (Activity Security Checklist)
Filled out at the end of each day to ensure that classified materials are secured properly & allows for employee accountability in the event that irregularities are discovered.
Explain How, & in What Order, Material is Destroyed During Emergency Destruction
From top to bottom - Superseded keying material & secondary variables - TS primary keying material - SECRET, CONFIDENTIAL & UNCLASS primary keying material - Future (reserve on board) keying material for use one/two months in the future - Non-essential classified manuals - Maintenance manuals - Operating manuals - Administrative manuals
Define the Classification Category UNCLASSIFIED
GREEN - Applied to information whose unauthorized disclosure would reasonably be expected to cause no damage to the national security.
State the Purpose of the ICD System.
INTELLIGENCE COMMUNITY DIRECTIVES (ICDs) & subsidiary issuance shall serve as the principal means by which the DNI provides guidance, policy, & direction to the Intelligence Community.
Explain and State the Purpose of JPAS
JOINT PERSONNEL ADJUDICATION SYSTEM - Automated system of record for personnel security managment within the DoD, providing a means to record & document personnel security actions. - Facilitates PSP management for the DoD Central Adjudication Facilities (CAF's), for DoD security managers & SCI program managers - JPAS interfaces with the Defense Security Service (DSS) & the Office of Personnel Management (OPM) to provide Personnel Security Investigation (PSI) data & the various DoD personnel systems to include the DEERS & Defense Civilian Personnel Data System (DCPDS) to provide personnel identifying data. - Is the system of record of documenting the personnel security adjudicative & management process to include: - Position sensitivity determinations - PSI history & current status - Adjudicative eligibility determinations history & current status.
COMPUSEC (Computer Security)
Measures & controls that ensure confidentiality, integrity, & availability of the information processed & stored by a computer.
State Force Protection Levels
NORMAL - applies when a general global threat of possible terrorist activity exists & warrants a routine security posture; at minimum, access control will be conducted at all DoD installations & facilities. ALPHA - applies when there is an increased general threat of possible terrorist activity against personnel/facilities & the nature & extent of the threat are unpredictable; must be capable of being maintained indefinitely BRAVO - applies when increased/more predictable threat of terrorist activity exists; sustaining BRAVO measures for prolonged period may affect operational capability & military-civil relationships with local authorities CHARLIE - applies when an incident occurs/intelligence is received indicating some form of terrorist action/targeting against personnel or facilities is likely; prolonged implementation may create hardship & affect the activities of the unity & its personnel DELTA - applies in immediate area where terrorist attack has occurred/when intel has been received that terrorist action against a specific location/person is imminent; usually declared as a localized condition & not intended to be sustained for extended duration
State the THREATCON Recognition
NORMAL - no known threat indicated ALPHA - general threat of possible terrorist activity installations & personnel; the exact nature & extent are unpredictable, & circumstances don't justify full implementation of THREATCON BRAVO; implication of selected THREATCON BRAVO measures as a result of intelligence or as a deterrent may be necessary. BRAVO - increased & more predictable threat of terrorist action CHARLIE - incident has occurred or that intelligence has been received indicating that some form of terrorist action is imminent DELTA - a terrorist attack has occurred or that intelligence indicates that a terrorist action against a specific location is likely; normally, this THREATCON is declared as a localized warning.
Who Can Give the Order to Initiate Emergency Destruction
ONLY THE CO
Define the Classification Category TOP SECRET
ORANGE - Applied to information whose unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to the national security
Identify the Use of SF-702 (Security Container Check Sheet)
Provides a record of the names & times that persons have opened, closed & checked a particular container (safe) that holds classified information.
Explain What a RAM is.
RANDOM ANTI-TERRORISM MEASURE - Purpose is to identify a set of protective measures in addition to those in effect through the current FPCON, & implement those measures in such a way as to prevent patters of security to be observed by hostile forces. - Measure can be obtained from higher FPCONs or developed specifically for a particular RAM program - RAM programs change the security atmosphere surrounding a facility - RAM programs may include (but not limited to): - increased ID checks - random vehicle inspections - random bag/personnel inspections
Define the Classification Category SECRET
RED - Applied to information whose unauthorized disclosure could reasonably be expected to cause serious damage to the national security.
Explain Vault Re certification & Recurring Inspections.
Recurring inspections are required every 24 months - GSA approved security containers & vault doors must have GSA label on outside of the door or front of the control drawer (with combination lock). Label should have the words "GSA Approved Security Container" or "Vault Door". - The container/vault door must be inspected & re-certified by a person specifically trained & authorized by the GSA before it can be used to protect classified material. Upon completion of the inspection, "GSA Approved Re certified Security Container" label applied. If container fails inspection, it must be repaired per SECNAV M-5510.36 with Federal Standard 809
Identify What a SAER is and its Purpose.
SECURITY ACCESS ELIGIBILITY REPORT - Used when trying to get an SCI clearance but has to explain something in detail (Negative marks on a credit report) - Used when on has a SCI but has something negative comes up like unexpected debt or marriage to a foreign national
Define SCI
SENSITIVE COMPARTMENTED INFORMATION - Classified information concerning/derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director of Central Intelligence.
Identify SSO Navy
SPECIAL SECURITY OFFICER for the DON - Office of Naval Intelligence (ONI) code 05 (ONI-05 - Director, Security & Corporate Services) also designated as the Cognizant Security Authority (CSA) - SSO Navy responsible for implementing SCI security policy & procedures & performs Management & oversight of the Department's SCI security program.
State the Responsibilities of the TSCO
TOP SECRET CONTROL OFFICER - Reports directly to the Security Manager; must be an officer, senior NCO E-7/above, or a civilian employee, GS-7 or above & be a US citizen & have been the subject of a favorably adjudicated SSBI within the previous 5 years. - Maintain a system of accountability to record the receipt, reproduction, transfer, transmission, downgrading, declassification & destruction of command TS information, less SCI & other special types of classified information. - Ensure that inventories of TS information are conducted at least once annually
