106 Security
106.28 Discuss each of the following, giving their definition and the purpose of each: COMSEC, INFOSEC, COMPUSEC
1. COMSEC - Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients. The field includes cryptosecurity, transmission security, emission security, traffic-flow security, and physical security of COMSEC equipment. 2. INFOSEC - Information Security is the practice of protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. 3. COMPUSEC - Computer Security (also known as cybersecurity) is information security as applied to computers and networks. The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction. Computer security also includes protection from unplanned events and natural disasters.
106.36 Discuss how long a Commanding Officer can administratively suspend access before DONCAF revokes a clearance.
90 Days DONCAF does not automatically revoke a clearance after a 90 day local suspension. After 90 days the CO has to make a decision to give access back or report to DONCAF in JPAS the suspension, at which time a SAER with eligibility recommendation needs to be completed. DONCAF is the only authority to grant access back once this action is taken.
106.3 Explain what is meant by 'need to know'.
A determination by an authorized holder of classified information that access to specific classified material in their possession is required by another person to perform a specific and authorized function to carry out a national task. Knowledge, possession of, or access to classified information is not provided to any individual solely by virtue of the individual's office, rank, position, or clearance eligibility.
106.16 Explain and state the purpose of an EAP.
A plan for the protection of classified information in case of a natural disaster or civil disturbance. This plan may be prepared in conjunction with the command's disaster preparedness plan. Emergency plans provide for the protection of classified information in a way that will minimize the risk of personal injury or loss of life.
106.38 Discuss the security rules and procedures for magnetic and electronic media.
All such devices bearing classified information must be conspicuously marked with the highest level of classification stored on the device and any special control notices that apply to the information.
106.11 State the purpose of the DCS.
Defense Courier Service - establishes, staffs, operates, and maintains an international network of couriers and courier stations for expeditious, cost effective, and secure transmission of qualified classified documents and material.
106.35 Explain and state the responsibilities of DONCAF.
Department of the Navy Central Adjudication Facility (DONCAF) - responsible for determining who within the Department of the Navy is eligible to hold a security clearance, to have access to Sensitive Compartmented Information (SCI), or to be assigned to sensitive duties.
106.10 State the responsibilities of the DDA.
Designated Disclosure Authority (DDA) - appointed at each such command, agency, or staff element to oversee foreign disclosure activities. The DDA has the authority and responsibility to control disclosures of CMI and CUI to foreign governments and international organizations and their representatives or persons sponsored by them.
106.39 Explain why the U.S. Navy only uses ".mil" email addresses on government systems.
DoD has exclusive use of the .mil top-level domain (TLD). Provides for increased security.
106.27 Discuss the procedures for sanitizing an area.
Equipment - two-step process that includes removing data from the media and removing all classified labels, markings, and activity logs. Spaces - removing all classified material from view (placing in vaults, drawers, etc.) in order to not be visible by un-cleared personnel.
106.19 Explain how, and in what order, material is destroyed during Emergency Destruction.
How - any reasonable means available (burning, shredding, smashing, degaussing magnets, jettison, etc). Desctruction Order: Priority One - All cryptographic equipment and documents. Priority Two - All operational SCI codeword material which might divulge targets and successes, documents dealing with US SCI activities and documents concerning compartmented projects and other sensitive intelligence materials and all TOP SECRET collateral. Priority Three - Less sensitive administrative SCI material and collateral classified material not included above.
106.37 State the levels of INFOCON and what each signifies.
INFOCON 5: describes a situation where there is no apparent hostile activity against computer networks. Operational performance of all information systems is monitored, and password systems are used as a layer of protection. INFOCON 4: describes an increased risk of attack. Increased monitoring of all network activities is mandated, and all Department of Defense end users must be restricted to government sites only, and backing up files to removable media is ideal. INFOCON 3: describes when a risk has been identified. Security review on important systems is a priority, and the Computer Network Defense system's alertness is increased. All unclassified dial-up connections are disconnected. INFOCON 2: describes when an attack has taken place but the Computer Network Defense system is not at its highest alertness. Non-essential networks may be taken offline, and alternate methods of communication may implemented. INFOCON 1: describes when attacks are taking place and the Computer Network Defense system is at maximum alertness. Any compromised systems are isolated from the rest of the network.
106.29 State the purpose of the ICD system.
Intelligence Community Directives (ICDs) - the principle means by which the DNI provides guidance, policy, and direction to the Intelligence Community.
106.6 Identify the events that should be reported to the SSO.
Involvement in activities or sympathetic association with persons which/who unlawfully practice or advocate the overthrow or alteration of the United States Government by unconstitutional means. Foreign influence concerns/close personal association with foreign nationals. Foreign citizenship or foreign monetary interests. Sexual behavior that is criminal or reflects a lack of judgment of discretion. Unwillingness to comply with rules and regulations or to cooperate with the security processing. Unexplained affluence or excessive indebtedness. Alcohol abuse. Illegal or improper drug use/involvement. Apparent mental or emotional disorder(s). Criminal conduct. Noncompliance with security requirements. Engagement in outside activities which could cause a conflict of interest. Misuse of information technology systems. Change in marital status.
106.32 Identify who can be a CSM.
Must be an officer or civilian employee (GS-11 or higher), a US Citizen, and completed an SSBI.
106.21 List the items prohibited in a SCIF and the security risks associated with them.
Personally owned photographic, video, and audio recording equipment. Personally owned computers and associated media.
106.17 Explain and state the purpose of Emergency Destruction Procedures.
Prevent un-cleared personnel from access to classified material in case of emergency such as fire, natural disaster, civil disturbance, terrorist activities, or enemy attack.
106.15 Define the following terms:
Random Antiterrorism Measures (RAM) - the random implementation of higher FPCON measures in consideration of the local terrorist capabilities. Random use of other physical security measures should be used to supplement FPCON measures. Personnel Security Program (PSP): Physical Security - Physical protections established to secure a SCIF from unauthorized entry. Includes ensuring wall thickness, vaults, combination locks, alarms, entry/exit inspections, safes, etc. meet specifications. Personnel Security: Measures taken to ensure personnel have proper clearance levels, are properly indoctrinated, instructed, and trained to protect classified material. ATFP (Antiterrorism/Force Protection) - preventive measures taken to mitigate hostile actions in specific areas or against a specific population, usually military personnel, resources, facilities, and critical information. In the US military those protected by FP include, family members and chaplains.
106.33 State the duties and responsibilities of a CSM.
Responsible for administration of a command's information and personnel security programs. Maintains liaison with SSO IRT investigations, SCI access, eligibility evaluation, policy and procedure changes. Ensures security threats, compromises, and other violations are reported, recorded, and investigated when necessary. Develops visitor control procedures and disclosure of classified information to foreign nationals. Develops EAP and personnel security procedures. Serves as the CO's advisor and direct representative in matters of security of classified information.
106.31 List the duties and responsibilities of the SSO.
Responsible for maintaining the security of SCI material and providing advice to the CO or OIC on the related matters of the SSO program.
106.5 Identify what a SAER is and its purpose.
SAER (Security Access Eligibility Report) - used to report to DONCAF any information which might affect an individual's continued eligibility for access to SCI.
106.24 Explain vault recertification and recurring inspections.
SCI security officials will conduct self-inspections of their SCIFs at least annually. Other inspections shall be based on threat, physical modifications, sensitivity of programs, and past security performance. Inspections may occur at any time, announced or unannounced. The completed fixed facility checklist will be reviewed during the inspection to ensure continued compliance.
106.23 Explain the security requirements for the following:
SCIF - SCI Facility: Permanent, Guards, Secure entryways, Fence T-SCIF - Tactical SCI Facility: Temporary, Guards (if applicable), Fence (if applicable), Secure entryway
106.8 Identify the use of the following forms:
SF700 - Security Container Information used to record safe and door lock combinations. SF701 - Activity Security Checklist used at the end of the day to ensure classified materials are secured properly and provides accountability. SF702 - Security Container Checklist records names and times personnel have opened, closed or checked containers holding classified information. SF703 - Top Secret Cover Sheet used as a cover sheet for TS documents. SF153 - COMSEC Material Report used for acquisition/transfer/destruction of COMSEC material. SF312 - Classified Information Nondisclosure Agreement is a contractual agreement between the U.S. Government and a cleared employee that must be executed as a condition of access to classified information. By signing the SF-312, the cleared employee agrees never to disclose classified information to an unauthorized person.
106.22 Define the difference between a security violation and a practice dangerous to security.
Security Violation - a compromise of classified information to persons not authorized to receive it or a serious failure to comply with security regulations and is likely to result in compromise. Deliberate or accidental exposure of SCI resulting from loss, theft, or capture. Must be reported immediately. Practice Dangerous to Security - a failure to comply with security regulations causing a potential compromise of classified information. A courier carrying classified documents stopping at a public establishment to conduct personal business. Failing to change security container combinations as required. Not required to be reported.
106.20 Define SCI.
Sensitive Compartmented Information (SCI): Classified information concerning or derived from sensitive intelligence sources, methods, or analytical processes. All SCI must be handled within formal access control systems established by the Director of National Intelligence.
106.14 State the THREATCON recognition and Force Protection levels and discuss what each represents.
THREATCON/FP Alpha - General readiness. THREATCON/FP Bravo - Somewhat predictable threat. Increased security measures. Can be maintained for weeks or months. THREATCON/FP Charlie - Known Terrorist threat made. Can be maintained for short periods. THREATCON/FP Delta - Specific target known and declared, or terrorist event has occurred. Can only be maintained for a limited time.
106.7 Identify who has overall authority of, and controls access to, a SCIF.
The Commanding Officer
106.30 Identify Special Security Office (SSO) Navy.
The Director, Security and Corporate Services (ONI-5) acting as Special Security Officer for the DON (SSO Navy) has been designated as the Cognizant Security Authority (CSA). As CSA, SSO Navy is responsible for implementing SCI security policy and procedures and performs management and oversight of the Department's SCI security program.
106.34 Explain and state the purpose of JPAS.
The Joint Personnel Adjudication System (JPAS) - the official personnel security clearance database management system for the Department of Defense. JPAS automates both core and CAF-unique functionality and provides "real-time" information regarding clearance, access and investigative status to authorized DoD security personnel and other interfacing organizations.
106.18 State who can give the order to initiate Emergency Destruction.
The highest ranking person on station.
106.26 Explain the DoD escort policy.
The movement of all visitors shall be controlled to ensure that access to classified information is deliberate and consistent with the purpose of the visit. Non-SCI indoctrinated personnel entering a SCIF must be continuously escorted by an indoctrinated employee who is familiar with the security procedures of that SCIF.
106.1 Discuss the purpose of personnel security.
The objective of the Personnel Security Program (PSP) is to authorize initial and continued access to classified information and/or initial and continued assignment to sensitive duties to those persons whose loyalty, reliability and trustworthiness are such that entrusting them with classified information or assigning them to sensitive duties is clearly consistent with the interests of national security. Additionally, the PSP ensures that no final unfavorable personnel security determination will be made without compliance with all procedural requirements.
106.25 Discuss the need for access lists, required documentation logs, and two-person integrity.
To ensure only properly authorized personnel access the classified material, annotate when documents were accessed for accountability, and to ensure material remains uncompromised during transit.
106.4 State the type of investigation and how often it is updated for access to the following classification levels:
Top Secret - Single Scope Background Investigation (SSBI) every 5 years. Secret - National Agency Check with Local Agency and Credit Checks (NACLC) every 10 years. Confidential - National Agency Check with Local Agency and Credit Checks (NACLC) every 15 years. SCI - Pre-nomination Interview.
106.2 Define the following classification categories, how they differ, and the color codes used to identify each one.
Top Secret - the orange classification level applied to information whose unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to national security. Secret - the red classification level applied to information whose unauthorized disclosure could reasonably be expected to cause serious damage to national security Confidential - the blue classification level applied to information whose unauthorized disclosure could reasonably be expected to cause damage to national security. Unclassified - the green classification level applied to information generally available to anyone.
106.13 State the responsibilities of the TSCO.
Top Secret Control Officer - maintains a system of accountability (e.g., registry) to record the receipt, reproduction, transfer, transmission, downgrading, declassification and destruction of command Top Secret information, less SCI, and other special types of classified information. Ensures that inventories of Top Secret information are conducted at least once annually, or more frequently when circumstances warrant.
106.9 State when safe combinations should be changed.
When the combination lock is first installed/used. When compromised or believed to be compromised. Whenever deemed necessary.
106.12 Describe the procedures for preparing hard copy classified material for transportation via:
a. DCS - Per Reference, the DoD components and contractors, to the maximum extent possible, shall use the USTRANSCOM's Courier network to transport material requiring escort. Double wrapped with prescribed opaque material. Properly marked classification and address. The minimum size is an 8" x 11" flat envelope. Single items will not normally exceed 150 pounds. All seams will be reinforced with the prescribed tape-gummed Kraft paper tape. b. Hand Carry Use a classified material cover sheet, file folder, or other covering to prevent inadvertent disclosure when hand carrying classified information within the command. Double-wrap the classified information when hand carrying outside the command. A locked briefcase may serve as the outer cover, except when hand carrying aboard commercial aircraft. The Security manager shall provide written authorization to all individuals escorting or hand carrying classified information.
