Initial security briefing
Download
1 / 37

Initial Security Briefing - PowerPoint PPT Presentation


  • 200 Views
  • Uploaded on

Initial Security Briefing. Introduction.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Initial Security Briefing' - aletta


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Introduction
Introduction

As a cleared facility under contract with the federal government, the protection of sensitive government information (both classified and controlled unclassified), is the responsibility of every employee of {Company Name}, regardless of how it was obtained or what form it takes.

Our vigilance is imperative in the protection and control of this information. Under Executive Order (EO) 13526 and DoD Directives anyone with access to these resources has an obligation to protect it. The very nature of our work dictates that we lead the way in sound security practices.

This is an obligation that can be satisfied only if each employee accepts personal responsibility for knowing, understanding, and adhering to the regulations and procedures set forth in the {Company Name} Security Procedures and in this Initial Security Briefing.


Required security training
Required Security Training

  • As a cleared employee, you are required to receive on-going security training and various security awareness information to include but not limited to:

    • Initial Security Briefing

    • Security Orientation

    • Annual Security Refresher Briefing

    • Termination Debriefing

    • Security newsletters

    • Memorandums

    • Pamphlets and guides

    • Periodic bulletins

    • Computer-based courses


Non disclosure agreement sf 312
Non-Disclosure Agreement (SF-312)

Non-disclosure

responsibilities

  • All personnel authorized to access Classified information must sign a Non-Disclosure Agreement (NDA) with the U.S. Government upon being granted access to classified information at {Company Name}

  • By signing this agreement you acknowledge:

    • A special trust has been placed with you

    • You are responsible to protect classified information from unauthorized disclosure

    • You have received your security indoctrination for handling classified information and notification of pre-publication review

    • This is a binding lifetime agreement, even when you no longer require a security clearance

    • There are serious consequences for not complying with the terms of this agreement which are punishable under Federal criminal statutes, including imprisonment and fines


Guiding directives
Guiding Directives

  • NISPOM: National Industrial Security Program Operating Manual

    • The principle document governing U.S. industry in carrying out contracts within the U.S. Government Industrial Security Program

    • {Company Name} is responsible for complying with the requirements of the NISPOM in order to bid on or be awarded a contract involving classified government information

    • All U.S. classified contracts must be accompanied by a DD Form 254, Contract Security Classification Specification

    • This form becomes part of the contractual documents and identifies what level of classified information is required to accomplish the contract goals


Understanding need to know
Understanding Need-to-Know

  • Established when an individual has a requirement for access in order to perform an essential task or service to fulfill a classified contract or program

  • Access to classified information requires an appropriate security clearance level and “need-to-know”

    • Possessing a clearance or working on the same project does not automatically grant individuals a need-to-know

  • This principle also applies to information systems

  • It is your responsibility to verify need and clearance before allowing access to limit adversary damage

    • Failure to do so can and has contributed greatly to espionage cases

  • Confirmation can be obtained through your immediate supervisor or the Security Department


Classified information defined
Classified Information Defined

  • Sensitive unclassified information in the process of a classification determination must be handled as classified

  • Classified Information is defined as any information, including oral communications, if improperly disclosed could be detrimental to national security

  • Information that may be classified:

    • Military plans, weapons, systems or operations

    • Foreign Government Information

    • Intelligence Activities

    • Cryptology

    • Foreign Relations or Activities of the U.S.

    • Scientific, Technological, or Economic Matters

    • Programs for Safeguarding Nuclear material and/or Facilities

    • Vulnerabilities or Capabilities of Systems, Installations, Projects, or Plans

    • Weapons of mass destruction


Classified information defined cont
Classified Information Defined (cont.)

Conversations

Sample

  • Classified information comes in all shapes and sizes to include, but is not limited to, the following:

    • Documents and presentations

    • Working papers

    • Emails

    • Conversations

    • Faxes

    • Photographs

    • Meeting notes

    • Maps and sketches

    • Storage media

    • Equipment and machinery

    • Other materials


Classification categories and levels
Classification Categories and Levels

COMPARTMENTED PROGRAMS

SENSITIVE

COMPARTMENTED

INFORMATION

COLLATERAL

INFORMATION

UNCLASSIFIED

INFORMATION

SPECIAL ACCESS

INFORMATION

CONF

SECRET

TOP

SECRET

SAR

(USAF)

SAP

(ARMY)

SAP

(NAVY)

SCI

(MILITARY)

SCI

(INTELLIGENCE

AGENCIES)

  • Public

  • Domain

  • Non

  • Public

  • Domain

  • CNWDI

  • NATO

  • COMSEC

ACKNOWLEDGED /

UNACKNOWLEDGED

ACKNOWLEDGED /

UNACKNOWLEDGED

  • ACQUISITION

  • INTELLIGENCE

  • OPERATIONS

  • INTELLIGENCE SOURCES AND METHODS


Classification categories and levels cont
Classification Categories and Levels (cont.)

CONFIDENTIAL (C) – Requires PROTECTION, unauthorized disclosure could be expected to cause Damage to our national security

SECRET (S) – Requires a SUBSTANTIAL DEGREE OF PROTECTION, unauthorized disclosure could be expected to cause Serious Damage to our national security

TOP SECRET (TS) – Requires the HIGHEST DEGREE OF PROTECTION, unauthorized disclosure could be expected to cause Exceptionally Grave Damage to our national security


Classification categories and levels cont1
Classification Categories and Levels (cont.)

  • Classification markings can also be used in conjunction with any of the following caveats:

    • North Atlantic Treaty Organization (NATO) information

    • Foreign Government Information (FGI)

    • Intelligence Information

    • Critical Nuclear Weapons Design Information (CNWDI)

    • Restricted Data (RD)

    • Formerly Restricted Data (FRD)

    • Communications Security (COMSEC) and Cryptography (CRYPTO)

    • Special Caveat information requires additional access restrictions and/or handling


Determination of classifications
Determination of Classifications

  • Executive Order 13526 and its predecessors establishes a formal system for classification, declassification and safeguarding of U.S. classified information

    • Original classification - U.S. Government only

      • All classified material is the property of the U.S. Government and it determines what is classified and at what level

    • Derivative classification - Industry

      • Utilized by contractors who incorporate, paraphrase, restate, or newly generate classified information from existing classified material by using the following for derivative classification guidance

        • Source Document, Security Classification Guide (SCG), and Contract Security Classification Specifications (DD Form 254)

      • Derivative classifiers

        • Are responsible for the protection and integrity of classified information

        • Must possess expertise regarding the subject matter of the classified information, as well as classification management and marking techniques

        • Must obtain classification training prior to derivatively classifying and receive semiannual training thereafter


Marking classified material
Marking Classified Material

SECRET

Secretary of Defense

1000 Defense Pentagon

Washington, DC 20301

(U) Unclassified For Instructional

Use Only

1 December 2012

Sample

Classified by: SECDEF

Reason: 1.4(c)

Downgrade to: CONFIDENTIAL on 20151231

Declassify on: 20180930

Warning notices and release statements as appropriate

SECRET

Markings by

original classification authority

  • Classification markings

    • Identify the exact information that requires protection

    • Indicate the level of classification assigned to the information

    • Provide guidance on downgrading and declassification

    • Give information on the source(s), reasons for classification, identify the office of origin and document originator applying the classification marking

    • Provide guidance on information sharing, and warn of special access, control, or safeguarding requirements

    • Assist with investigations into potential or actual compromise


Marking classified material1
Marking Classified Material

  • Overall classification marking centered on

    • TOP and BOTTOM of each page

    • FRONT and BACK of entire document

    • Include Dissemination control

SECRET

Company Name and Mailing Address

ABC Company

123 Anywhere Street

Anywhere, USA 12345

  • Portion Markings

  • (TS) for Top Secret

  • (S) for Secret

  • (C) for Confidential

  • (U) for Unclassified

Unclassified Subject/Title Marking

(U) Unclassified For Instructional

Use Only

1 December 2012

Date of Creation

Sample

Contract Number (for public release purposes)

Prime Contract ABC-123-4567-89

Classification Authority Block

Classified line is now a requirement on derivative documents. (If derived from multiple sources, a bibliography or reference page must be included)

Classified by: John Doe, Director (OCA Name and position title)

Derived from: DoD SCG 128

Downgrade to: CONFIDENTIAL on 20151231

Declassify on: 20180930

Declassification Instructions. The date of declassification must be displayed using the following numeric format (20151231)

Warning Notices

Warning notices and release statements as appropriate

SECRET

Markings for derivative classified material

The following basic markings must appear on all classified material:



Marking classified material cont1

SECRET

(U) AN/SPY Satellite

T & C Results

10 June 2005

Classified by: John Doe, Director

Derived from: SCG 128, dtd 20040114

Declassify on: 20150610

SECRET

Marking Classified Material (cont.)

Derived From: Multiple Sources

SECRET

Bibliography

ABC Company

123 Anywhere Street

Anywhere, USA 12345

AN/SPY Satellite

T&C Results dated 6/10/05

Classified by: John Doe, Director

Derived from: SCG 128, dtd 20040114

Declassify on: 20150610

Sample

Sample

Optical Imagery dated 19971002

Classified by SECDEF

Reason: 1.4 (a)

Declassify on: X3

(U) Unclassified For Instructional

Use Only

1 December 2012

Sample

  • The multiple sources list must be included with or annotated on the derived document (not just the original file copy). If the document has a bibliography or reference list, this may be used as the sources list. It must be annotated to distinguished as the sources of classification from other references.

SECRET

Prime Contract ABC-123-4567-89

(U) Optical Imagery

Classified by: John Doe, Director (OCA Name and position title)

Derived from: Multiple Sources

Declassify on: Source marked X3, date of source 19971002

Distribution authorized to the DoD and DoD Contractors only.

Sample

2 October 1997

Classified by: SECDEF

Reason: 1.4(a)

Declassify on: X3

SECRET

SECRET


Marking classified material cont2
Marking Classified Material (cont.)

Upon Creation

After 180 Days

SECRET

SECRET

ABC Company

123 Anywhere Street

Anywhere, USA 12345

(U) Unclassified For Instructional Use Only

1 December 2012

Working Papers Created 3/1/2012

Working Papers must always be annotated with the term “Working Papers” and the date of creation, marked with overall classification, and safeguarded in accordance with overall classification.

Once either 180 days (for SECRET) or 30 days (for TOP SECRET) has been reached, or sooner if being released by the originator outside the facility, documents must be accounted for, controlled, and marked in a manner prescribed for a finished document.

Individual pieces of related Working Papers, should be fastened together for ease of tracking.

If more than one SCG is used in generation, it is a good idea to indicate this on the Working Papers.

(U) Working Papers must always be annotated with the term “Working Papers” and the date of creation, marked with overall classification, and safeguarded in accordance with overall classification.

(S) Once either 180 days (for SECRET) or 30 days (for TOP SECRET) has been reached, or sooner if being released by the originator outside the facility, documents must be accounted for, controlled, and marked in a manner prescribed for a finished document.

(C) Individual pieces of related Working Papers, should be fastened together for ease of tracking.

(U) If more than one SCG is used in generation, it is a good idea to indicate this on the Working Papers.

Sample

Sample

Classified by: Name and position title

Derived From: SCG DOD 33, dated 3 March 2004

Declassify on: Source marked X3, date of source 20040303

SECRET

SECRET

You are responsible for tracking, properly storing, and protecting your working papers!


Marking classified material cont3
Marking Classified Material (cont.)

Hardware, software, computers, and equipment must reflect the highest level of classification contained therein. Standard labels should be used for all levels of classification.

SECRET

(U)_____________________________________

SECRET

Name and Address of Originating Agency

Classified by:

Derived from:

Declassify on:

SECRET

(Hardware or Equipment Tag)

SECRET

SECRET


Control and accountability
Control and Accountability

  • Control and accountability of classified material

    • Accountable classified material includes TOP SECRET, NATO, COMSEC, and Special Access

    • The proper functioning of the control process depends on the cooperation and acceptance of individual responsibility

    • All classified received in or sent from {Company} must be recorded in a receipt and dispatch record system

    • Facilities holding a TOP SECRET facility clearance must conduct an annual inventory and accounting for all classified materials

    • Facilities should only maintain classified materials that are needed and have a valid classified contract (DD254)

      • Conduct annual classified reduction exercises

      • Reduce holdings during inspections and reviews


Safeguarding and handling
Safeguarding and Handling

  • Classified information requires protection against unauthorized disclosure, therefore it must be

    • Properly marked, never left unattended, and protected accordingly

    • Accessed by individuals with a valid security clearance and need-to-know only

      • The recipient must be informed of the information’s classification level

      • Only disclose information related to the specific need or purpose

    • Shall be kept under constant observation by an authorized person or stored in an approved GSA security container

      • Do not take classified material home, to a hotel, or any other uncleared location

      • Do not discuss classified information in unauthorized open or public areas, such as reception areas, cafeterias, hallways, restrooms, etc.

    • When not in actual use, classified material shall be secured in a GSA-approved security container

      • A locked room, desk or file cabinet is not an approved method of classified storage unless specifically authorized by Security


Safeguarding and handling cont
Safeguarding and Handling (cont.)

  • When working with classified material

    • Workspace should be free of clutter

    • Classified coversheets, folders, and labels must be used to

      • Screen from uncleared and unauthorized individuals

      • Warn that the information or system is classified and must be protected accordingly

    • Must only be processed on classified computers or other equipment approved by the government

  • When no longer needed, classified material must be

    • Destroyed by approved methods

      • Degaussing

      • Pulverizing

      • Shredding

      • When in doubt, contact the Security Department

Classified

Coversheets and Labels


Safeguarding and handling cont1

CLASSIFIED MEETING

DO NOT ENTER!

Safeguarding and Handling (cont.)

  • Classified meetings or impromptu classified discussions

    • Must be conducted in a room with a locking device on the door

    • If the room has windows, it must have blinds that can be closed to shield from outside observation

    • Keep conversations at a low speaking volume so those outside cannot discern what is being discussed

    • A sign must be placed on the door stating: “CLASSIFIED MEETING – DO NOT ENTER”

    • Classified information can only be transmitted via secure communications methods

    • Registered U.S. Mail (Secret and below)

    • Classified Fax

    • SIPRNet email account

    • Secure Terminal Equipment (STE)

    • Authorized Courier


Hand carrying classified material
Hand-Carrying Classified Material

  • Hand-carrying classified material outside the {Company} facilities should only be used as a last resort

    • Mailing or email via a SIPRNet account is preferred

  • When hand-carrying classified material externally

    • Courier must have signed courier letter

    • All material will be double-wrapped and addressed to the recipient

      • Carry the material in an inconspicuous briefcase or other suitable carrying case

    • When aboard commercial passenger aircraft, if challenged by airline personnel

      • Present a copy of your courier authorization letter and government identification

      • Inform the individual that classified material is being carried - they may inspect the package, but cannot open it

    • The material cannot be publicly read, studied, displayed in any manner

    • Reasonable precautions must be taken to avoid compromise


Hand carrying classified material cont
Hand-Carrying Classified Material (cont.)

  • Only approved storage facilities can be used for temporary storage

    • Vehicles, hotel safes or non-GSA approved containers cannot be used for storage

    • If emergency storage is required, contact the Security Department

    • If a location cannot be found, then the material must remain in your personal possession at all times or mailed using the United States Postal Service (Express or Registered mail, for secret and below)

  • Traveling within the continental United States

    • If classified material is lost or possibly compromised, immediately contact the Security Department and the nearest FBI office (if required)

  • Local Travel

    • If classified material is lost or possibly compromised, immediately contact the Security Department


Reproduction of classified material
Reproduction of Classified Material

  • Reproduction of classified material must be essential to

    • The performance of a contract

    • Correspondence in connection with a contract

    • The preparation of a bid, quotation, proposal to a User Agency of the U.S. Government or an authorized contractor

    • The preparation of a patent application to be filed in the U.S. Patent Office

  • Reproduction of classified material can only occur on approved equipment when

    • The individual responsible for its security has provided approval

    • The information is not classified higher than SECRET (unless specifically prohibited)

    • The information is not COMSEC or Special Access information

  • Only the number of copies needed to meet operational requirements can be reproduced and must be destroyed when no longer needed

  • Persons using reproduction equipment must ensure that all material is retrieved when the job is completed


Closed areas security controls
Closed Areas Security Controls

  • {Company} maintains physical security controls for Closed Areas that must be adhered to by its employees and visitors:

    • Admittance is allowed to Closed Areas by employees that have a DoD security clearance, a need-to-know, and are on the access list

    • Uncleared visitors must be escorted at all times by approved personnel

    • All visitors must sign the visitor log, if used

    • Incoming visitor clearances may be forwarded via JPAS (SMO Code number)

    • Employees and visitors may not bring the following prohibited items into Closed Areas:

      • Cell phones

      • Personal electronic devices

      • Magnetic media storage devices

      • Recording or photographic devices


Closed areas security controls1

CLOSED

Closed Areas Security Controls

  • The following requirements must be met for all Closed Areas at the end of each business day

    • A Security Record must be in place and completed

      • If the area has been opened, the following must be checked prior to securing to prevent a security incident:

        • All Security Containers

        • All office spaces and conference rooms

        • Desks, bookshelves, waste baskets, and whiteboards

        • STE (Secure Terminal Equipment)

        • Printers, Fax and classified copier machines

        • Classified AIS systems

    • End-of-Day Checks must be completed daily, even if the area was not opened

      • All doors must be listed and checked, including non-entry doors

      • Security containers located outside of Closed Areas must also be checked during end-of-day checks


Security container controls
Security Container Controls

  • Security containers should be locked when not in use

    • Open/Close signs or magnetic markers shall be used as reminders

  • All security containers must have a security record

    • The security record must be filled out each time the container is opened, closed, and at the end of the work day check

    • When locking up, spin the combination dial four complete revolutions in one direction and then four more in the opposite direction

  • Store all classified documents in “classified” folders or marked with the classification of the material stored within

  • Store all unclassified documents in manila folders labeled “unclassified”

    • Unclassified can be kept with classified material but must be distinguishable

  • Bind each document to avoid loose papers

    • Staple, paper clip and/or binder clip

  • Destroy or archive materials that are no longer used


Access controls identification badges
Access Controls – Identification Badges

  • The {Company} Identification Badge indicates the level of an individual’s DoD security clearance (if any)

    • Color-coded to designate your clearance level

    • Verify authorized access of those entering the facility behind you

    • Your badge must be worn at all times above the waist (and visible) while on the premises

    • Everyone must prox their badge prior to entering the facility (No tailgating)

    • Stop and question employees/visitors who are not wearing a identification badge, or contact Security

      • No one is exempt from wearing a badge at any time while in the building

    • Your badge shall only be used as {Company} identification only

    • Remove your badge and store it in a secure location when you leave the property

    • Report any loss, forgotten or damaged identification badges immediately to the Security Department

      • A temporary or replacement badge will be provided

      • Lost badges will be immediately deactivated


Access controls cleared visitors
Access Controls - Cleared Visitors

  • Pre-register and provide advance notice to the Security Department of the anticipated visitors

  • Security Administrator or designee will verify receipt and level of accesses

  • Escorts must

    • Appropriately sanitize (as necessary) the area to be visited prior to allowing entrance

    • If visiting Secure Areas, the escort must sign visitors in and out of the visitors log, if used

    • Ensure all visitors are only allowed access to areas and information consistent with their level of access and need-to-know

    • If applicable, ensure all visitor badges are returned at the end of the visit


Access controls uncleared visitors
Access Controls - Uncleared Visitors

  • Pre-register and provide advance notice to the Security Department of the anticipated visitors

  • Security Administrator or designee will verify need for access

  • Escorts must

    • Be knowledgeable of the visitor’s need for access (i.e., maintenance, etc.)

    • Sanitize the visit path and destination prior to allowing entrance

    • If visiting secure areas, the escort must

      • Sign visitors in and out of the visitors log

      • Notify staff in the area that an unclassified visitor is in the area

    • Only share information that is on the public domain

    • Maintain shoulder-to-shoulder escort for the entire visit

    • If applicable, ensure all visitor badges are returned at the end of the visit


Access controls classified visits
Access Controls - Classified Visits

  • {Company} personnel who need to visit other facilities within the U.S. for official classified business must

    • Submit a Request for Classified Visit electronic form to the Security Department at least five days prior to the visit

      • This must be completed for all classified visits

      • The Technical POC and Security POC cannot be the same, must be active employees, and subcontractors cannot be listed as a POC

    • Non contractual and special meetings/conferences require the endorsement of the Contracting Officer – requires additional lead time

    • If your VAR is submitted less than 48 hours prior to the visit, the requestor must contact the Security Department

    • Notifications pertaining to the visit will be handled via email only

  • Employees are not authorized to hand-carry their Visit Authorization Letter (VAL) to the facility being visited

    • Coordination of classified visits are handled by the Security Department

    • The acceptance of the visit is at the discretion of the facility

  • A 45-day lead time is required for all classified visits to foreign countries


Security incidents
Security Incidents

  • To maintain its security posture and meet its security obligations to the U.S. Government, {Company} retains the right to take immediate action to prevent the loss or compromise of classified or sensitive information

  • Once individual culpability for a security violation or deviation is determined through investigation, the Security Department management will assess the implications of the event for the individual and the {Company} security posture

  • {Company} has a graduated scale of administrative sanctions that will be taken for failing to adhere to established security rules and regulations


Security incidents cont
Security Incidents (cont.)

  • Reporting individual culpability to the Department of Defense

    • {Company} is required to identify the culpable party(s) to a security violation where there is an issue of the individual’s future reliability

  • Determination to forward a culpability report occurs when one or more of the following factors are revealed:

    • The violation involved a disregard of security requirements, gross negligence in the handling of classified information, or a pattern of negligence or carelessness even though the incident was not deliberate

  • Security Violations are costly, but can be prevented by ensuring all individuals remain aware of their security responsibilities

    • Ignorance will not excuse you from disciplinary action or criminal prosecution


Reporting requirements
Reporting Requirements

  • You must report the following:

    • Security violations or deviations

    • Loss, compromise, suspected loss or compromise of classified or sensitive information, or theft of {Company} equipment

    • System viruses, unusual system anomalies

    • Suspicious activity

    • Foreign or suspicious contacts

    • Contacts with U.S. persons representing a foreign interest

    • Foreign Influence

    • Foreign travel (TS, SCI, SAP)

    • Concerns regarding safety and security

    • Concerns regarding workplace violence

    • Incidents impacting {Company} systems security or classified contaminations

    • Lost or stolen identification badges

    • Adverse Information


Individual responsibility
Individual Responsibility

  • As a cleared employee of {Company} you are responsible for:

    • Becoming familiar with security policies and procedures pertaining to your assigned duties and reporting responsibilities

      • Reports based solely on rumor or innuendo should not be made

    • Notifying your Security Department of personal changes that could affect your security clearance

    • Notifying your Security Department and scheduling a debriefing when you leave the {Company} or your duties change such that you no longer need a security clearance and/or access


Summary
Summary

Security

Take Aways

  • As stated in the non-disclosure agreement you signed at the start of your employment, a special trust has been placed in you to protect sensitive and classified information

    • A security clearance is a privilege, not a right

    • When you accept the privilege of access to classified information, you are also accepting the responsibilities that accompanies this privilege

    • This is a lifelong responsibility

  • To assist you in understanding your individual responsibilities, contact the Security Department, attend security education events, complete all required security courses, and read the security policies, U.S. Codes, and other security related materials


ad