US Department of Commerce

US Department of Commerce PowerPoint PPT Presentation


  • 136 Views
  • Uploaded on
  • Presentation posted in: General

Your Eastern Regional Security Office. Regional Security Officer - Carroll Ward (757) 441-3431 Asst. Regional Security Officer - Pamela Royster Security Specialist (757) 441-3415 Off

Download Presentation

US Department of Commerce

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


1. Welcome to the US Department of Commerce National Security Information Briefing. The reason that you are here today is because you hold a security clearance and will have access to National Security Information (more commonly known as classified information). From this briefing, you should learn four things: 1) How information becomes classified. 2) The procedures in place which are designed to protect classified information from disclosure to unauthorized personnel. 3) Why these procedures are in place (it is easy to tell someone what to do, but it is better if the person knows why he/she is doing it for maximum effectiveness). 4) The Office of Security and your security officers are here to help you. If you ever have any concerns or questions related to security, please do not hesitate to call or stop by our office.Welcome to the US Department of Commerce National Security Information Briefing. The reason that you are here today is because you hold a security clearance and will have access to National Security Information (more commonly known as classified information). From this briefing, you should learn four things: 1) How information becomes classified. 2) The procedures in place which are designed to protect classified information from disclosure to unauthorized personnel. 3) Why these procedures are in place (it is easy to tell someone what to do, but it is better if the person knows why he/she is doing it for maximum effectiveness). 4) The Office of Security and your security officers are here to help you. If you ever have any concerns or questions related to security, please do not hesitate to call or stop by our office.

2. Your Eastern Regional Security Office Regional Security Officer - Carroll Ward (757) 441-3431 Asst. Regional Security Officer - Pamela Royster Security Specialist (757) 441-3415 Office Fax (757) 441-3422

3. Security Clearance A security clearance is a determination of trust, which makes you eligible for access to classified information Not permanent; expires when you leave your position As I mentioned, you all hold a security clearance, but do we even know what that means? As this slide shows, a security clearance is a determination by the US Government, that you will properly protect classified information. It is based on some type of a background investigation. The type of investigation depends upon what level of clearance you have. Note that the security clearance makes you eligible for access to classified information. Having a clearance does not mean you can look at any and all classified materials. Your security clearance is granted by the Department of Commerce, Office of Security, and is valid only for the time in which you occupy your present position. You see, your security clearance belongs with your position, not you. When you leave your position, your security clearance will be cancelled. It is very easy to get it back, all you need is a justification and maybe an updated investigation. Holding a security clearance within this Department is certainly a privilege. Only 20% of Commerce employees hold a security clearance. For those of you with a Top Secret clearance, only about 2% of our employees have access to that level information. As I mentioned, you all hold a security clearance, but do we even know what that means? As this slide shows, a security clearance is a determination by the US Government, that you will properly protect classified information. It is based on some type of a background investigation. The type of investigation depends upon what level of clearance you have. Note that the security clearance makes you eligible for access to classified information. Having a clearance does not mean you can look at any and all classified materials. Your security clearance is granted by the Department of Commerce, Office of Security, and is valid only for the time in which you occupy your present position. You see, your security clearance belongs with your position, not you. When you leave your position, your security clearance will be cancelled. It is very easy to get it back, all you need is a justification and maybe an updated investigation. Holding a security clearance within this Department is certainly a privilege. Only 20% of Commerce employees hold a security clearance. For those of you with a Top Secret clearance, only about 2% of our employees have access to that level information.

4. Requirements for holding a security clearance Attending a briefing designed to teach you proper procedures for handling and protecting classified information, with refresher briefings every year. Signing a Non-Disclosure Agreement (SF-312). Everyone who holds a security clearance must do two things: 1) Attend a security briefing (like this one) in which you learn how to properly handle and protect classified information. The briefing must cover topics such as how to identify classified information, how to create and properly mark a classified document, and hoe to store, transmit, reproduce, and destroy classified information. Every two years, you will have the pleasure of coming back to listen to me (or whoever is here) again. The reason for the refresher is that things change; rules and regulations are revised and we want to make sure everyone is up-to-date with the most current information. 2) Everyone here must sign a Non-Disclosure Agreement. Let’s look at the second half of this slide first... Everyone who holds a security clearance must do two things: 1) Attend a security briefing (like this one) in which you learn how to properly handle and protect classified information. The briefing must cover topics such as how to identify classified information, how to create and properly mark a classified document, and hoe to store, transmit, reproduce, and destroy classified information. Every two years, you will have the pleasure of coming back to listen to me (or whoever is here) again. The reason for the refresher is that things change; rules and regulations are revised and we want to make sure everyone is up-to-date with the most current information. 2) Everyone here must sign a Non-Disclosure Agreement. Let’s look at the second half of this slide first...

5. Non-Disclosure Agreement (SF-312) Legally binding Agreement between you and the US Government. Understanding of damage which could occur from unauthorized disclosure. Agree to pre-publication review. Classified information is property of the US Government. The Non-Disclosure Agreement is a very important document which you have all signed. Is there anyone here who has not signed a Standard Form 312? Some of you who have held clearances for a while may have signed the SF-189, which says essentially the same thing. Both are legally binding documents, between you and the United States Government, in which you agree to NEVER disclose classified information to an unauthorized person. This could happen accidentally e.g. you leave your safe unlocked and someone gets in it, or you could do it deliberately e.g. giving classified information to someone you know does not have a clearance. What is important is that by signing this Agreement, you state that you will protect classified information. By signing the Agreement, you understand that improper disclosure of classified information could cause damage to the national security. You agree to submit information for “pre-publication review.” This means that if you are releasing information to the public, in any form (verbal, written, video or other media), and you feel that the information may be classified, even remotely, it is your responsibility to bring the information to the attention of the Department for review before it can be released. The Department will perform a classification review and tell you whether or not you can release it. The key is that it is your responsibility to make that initial determination. You are being entrusted with this information and must protect it from improper disclosure. You understand that classified information is property of the US Government. Any classified materials you may have in your office will remain in your office when you leave. You may not make copies to take with you. The Non-Disclosure Agreement is a very important document which you have all signed. Is there anyone here who has not signed a Standard Form 312? Some of you who have held clearances for a while may have signed the SF-189, which says essentially the same thing. Both are legally binding documents, between you and the United States Government, in which you agree to NEVER disclose classified information to an unauthorized person. This could happen accidentally e.g. you leave your safe unlocked and someone gets in it, or you could do it deliberately e.g. giving classified information to someone you know does not have a clearance. What is important is that by signing this Agreement, you state that you will protect classified information. By signing the Agreement, you understand that improper disclosure of classified information could cause damage to the national security. You agree to submit information for “pre-publication review.” This means that if you are releasing information to the public, in any form (verbal, written, video or other media), and you feel that the information may be classified, even remotely, it is your responsibility to bring the information to the attention of the Department for review before it can be released. The Department will perform a classification review and tell you whether or not you can release it. The key is that it is your responsibility to make that initial determination. You are being entrusted with this information and must protect it from improper disclosure. You understand that classified information is property of the US Government. Any classified materials you may have in your office will remain in your office when you leave. You may not make copies to take with you.

6. SF-312 cont... Possible repercussions should you improperly disclose classified information: Benefits, royalties etc. are forfeited Loss of security clearance Termination of employment Criminal prosecution Since classified information is property of the US Government, if you do improperly disclose it, there are several actions which the Government could take: 1) Any benefits, royalties, enumerations you may receive would then become property of the US Government. 2) You could lose your security clearance thereby stopping you from having access to classified information in the future. 3) You could be terminated from your position within the Department. 4) If it is a particularly horrible act, the Government could follow up with criminal prosecution under Title 18, USC. The very last portion of this Agreement states that you have signed it freely and without hesitation. I will ask again, is there anyone here who has not signed a Non-disclosure Agreement? Is there anyone here who does not agree with the terms of the SF-312? Since classified information is property of the US Government, if you do improperly disclose it, there are several actions which the Government could take: 1) Any benefits, royalties, enumerations you may receive would then become property of the US Government. 2) You could lose your security clearance thereby stopping you from having access to classified information in the future. 3) You could be terminated from your position within the Department. 4) If it is a particularly horrible act, the Government could follow up with criminal prosecution under Title 18, USC. The very last portion of this Agreement states that you have signed it freely and without hesitation. I will ask again, is there anyone here who has not signed a Non-disclosure Agreement? Is there anyone here who does not agree with the terms of the SF-312?

7. National Security Information Official information which relates to the national defense or foreign relations of the United States, which has been deemed requiring protection from unauthorized disclosure. We have been talking about national security information (or classified information) for a little while now. We should probably tell you what it is. National Security information is that which relates to the national security or foreign relations of the United States. This is not just any information though. We see articles on the national defense or foreign relations of the US in newspapers everyday. Classified information is special, because it has been deemed needing protection from unauthorized disclosure. In order to protect it, we have created some special procedures for marking, handling, transmitting it.We have been talking about national security information (or classified information) for a little while now. We should probably tell you what it is. National Security information is that which relates to the national security or foreign relations of the United States. This is not just any information though. We see articles on the national defense or foreign relations of the US in newspapers everyday. Classified information is special, because it has been deemed needing protection from unauthorized disclosure. In order to protect it, we have created some special procedures for marking, handling, transmitting it.

8. National Security Information cont... Three levels: Confidential- Damage Secret- Grave damage Top Secret- Exceptionally grave damage There are three levels of classified information, and ONLY three levels. They are: Confidential, Secret and Top Secret. The categories next to the indicate what would happen to the national security if this information was improperly disclosed. Confidential is the lowest level. It is also the most common type of classified we have within the Department. Improper disclosure of Confidential information could cause damage to the national security. Secret information, if improperly disclosed, could cause serious damage to the national security. Top Secret information is the highest level, improper disclosure of which could cause exceptionally grave damage to the national security. Again, these are the only forms of classified information. There are other types of information in our Department which we should also protect, but they are not classified.There are three levels of classified information, and ONLY three levels. They are: Confidential, Secret and Top Secret. The categories next to the indicate what would happen to the national security if this information was improperly disclosed. Confidential is the lowest level. It is also the most common type of classified we have within the Department. Improper disclosure of Confidential information could cause damage to the national security. Secret information, if improperly disclosed, could cause serious damage to the national security. Top Secret information is the highest level, improper disclosure of which could cause exceptionally grave damage to the national security. Again, these are the only forms of classified information. There are other types of information in our Department which we should also protect, but they are not classified.

9. Other types of Information For Official Use Only (FOUO) Privacy Act Information Proprietary Information Limited Official Use (LOU)/Sensitive But Unclassified (SBU) All of these types of information must be protected but they do not meet the standards for being classified. For Official Use Only information is US Government information which is sensitive enough to be used only in an official capacity. It is not information which should be released to the public, but it also does not have to be protected as stringently as classified. Privacy Act information is relevant to each of us. This relates to information which contains personal details about us e.g. our social security numbers, dates of birth etc. If this information were to be improperly released it would not damage the national security, but it certainly could wreak havoc in our personal lives. Proprietary information is information which is given to us by private companies (primarily) and they have entrusted us with protecting it. If the information were to be improperly disclosed, it would not damage the national security, but it could put that company out of business. Sensitive but Unclassified (SBU) is a State Department administrative marking. It was previously called Limited Official Use information or LOU. Again, all of these types of information are NOT classified, but they must still be protected. If you are working on a project using very sensitive proprietary information, why not think about using a secure phone to discuss it. If you have details on an important trade negotiation, why not send them via secure fax? It won’t hurt if you do, and you’ll be giving that information an extra level of protection. If you see other types of information out there, ask your security officer for help. All of these types of information must be protected but they do not meet the standards for being classified. For Official Use Only information is US Government information which is sensitive enough to be used only in an official capacity. It is not information which should be released to the public, but it also does not have to be protected as stringently as classified. Privacy Act information is relevant to each of us. This relates to information which contains personal details about us e.g. our social security numbers, dates of birth etc. If this information were to be improperly released it would not damage the national security, but it certainly could wreak havoc in our personal lives. Proprietary information is information which is given to us by private companies (primarily) and they have entrusted us with protecting it. If the information were to be improperly disclosed, it would not damage the national security, but it could put that company out of business. Sensitive but Unclassified (SBU) is a State Department administrative marking. It was previously called Limited Official Use information or LOU. Again, all of these types of information are NOT classified, but they must still be protected. If you are working on a project using very sensitive proprietary information, why not think about using a secure phone to discuss it. If you have details on an important trade negotiation, why not send them via secure fax? It won’t hurt if you do, and you’ll be giving that information an extra level of protection. If you see other types of information out there, ask your security officer for help.

10. The Threat Why must we protect classified information? Cold war is over The battle continues: a fight for economic superiority Weapons are computers, not tanks Intelligence needs are economic as well as military So far we have defined classified information, and told you that you must protect it. But what are you protecting it from? If this briefing were being held in the mid-1980’s or before, the answer would be easy. Our enemies were clearly defined; the Soviet Union was the enemy, and the threat was the Russian “Red Horde” coming across the Fulda Gap in Europe to invade the Western world. With the destruction of the Berlin Wall and the collapse of the Soviet Union, things have changed. The focus of the entire world has changed. No longer are we looking to protect ourselves from a military invasion. Rather we a striving to be the leader in the new, global marketplace. Don’t be fooled though, there is still a “war” going on out there. There is a constant battle to maintain economic superiority in the world. The weapons are computers, the battlefield is the entire globe and the Commerce Department is on the front line. During the cold war, the focus for intelligence gathering was military information, and the Commerce Department was not considered to be a real player in the intelligence community. But this has changed; intelligence needs are focused on economic issues, and the Department is considered now to be an essential piece of the national security puzzle. Classified information is our best weapon, as it allows us to maintain a marked advantage over our adversaries. But exactly who are we protecting this information from?So far we have defined classified information, and told you that you must protect it. But what are you protecting it from? If this briefing were being held in the mid-1980’s or before, the answer would be easy. Our enemies were clearly defined; the Soviet Union was the enemy, and the threat was the Russian “Red Horde” coming across the Fulda Gap in Europe to invade the Western world. With the destruction of the Berlin Wall and the collapse of the Soviet Union, things have changed. The focus of the entire world has changed. No longer are we looking to protect ourselves from a military invasion. Rather we a striving to be the leader in the new, global marketplace. Don’t be fooled though, there is still a “war” going on out there. There is a constant battle to maintain economic superiority in the world. The weapons are computers, the battlefield is the entire globe and the Commerce Department is on the front line. During the cold war, the focus for intelligence gathering was military information, and the Commerce Department was not considered to be a real player in the intelligence community. But this has changed; intelligence needs are focused on economic issues, and the Department is considered now to be an essential piece of the national security puzzle. Classified information is our best weapon, as it allows us to maintain a marked advantage over our adversaries. But exactly who are we protecting this information from?

11. The Threat cont... Who is trying to collect our classified information? Present adversaries who are conducting intelligence activates against us Former adversaries who continue to conduct intelligence activities which threaten our national interest Allies who may engage in intelligence activity which is damaging to our national interest There are actually more people out there that we must protect classified information from than we might think. First of all we have our adversaries; those countries we consider to be our enemies. There are not many of them left since the Soviet Union collapsed. In fact it would be difficult to add them up on two hands. Some of our adversaries might include countries such as Iran, Iraq, China, North Korea and others. These are countries that are actively collecting intelligence because they feel, as we might also feel about them, that the U.S. is a threat to their national security. We also have countries out there who used to be our enemies, but who are now our friends. Take a look at just about all of the Soviet Union. The United States has relations with all of those former communist countries, and they look to the U.S. for economic assistance as they strive to develop their economies. Their focus for intelligence collection used to be almost entirely on military issues, but they do not have the ability or the money to launch any invasive military campaigns anymore. Now their focus is economic development. They will try to collect information which they can use to benefit themselves. Much of what they are looking for is what the U.S. thinks about them, and how much and what type of economic assistance will the U.S. give them. Lastly, it is quite surprising to report that we must also watch out for those countries we have long considered to be our allies, such as Japan, Israel, France, South Africa. All of these countries have thriving economies, but they want more. You see, the U.S. has long enjoyed a position as being the leader in the global marketplace. Each of these countries is in competition with the U.S. for that leadership position. Certainly they are our military allies, and do not attempt to collect military information, but they are our economic competitors, and will do their best to collect any information which they can use to benefit their on economies and their standing in the global market place. Note: Cite recent examples if possible e.g. French bugging Air France, Israeli's stealing proprietary information.There are actually more people out there that we must protect classified information from than we might think. First of all we have our adversaries; those countries we consider to be our enemies. There are not many of them left since the Soviet Union collapsed. In fact it would be difficult to add them up on two hands. Some of our adversaries might include countries such as Iran, Iraq, China, North Korea and others. These are countries that are actively collecting intelligence because they feel, as we might also feel about them, that the U.S. is a threat to their national security. We also have countries out there who used to be our enemies, but who are now our friends. Take a look at just about all of the Soviet Union. The United States has relations with all of those former communist countries, and they look to the U.S. for economic assistance as they strive to develop their economies. Their focus for intelligence collection used to be almost entirely on military issues, but they do not have the ability or the money to launch any invasive military campaigns anymore. Now their focus is economic development. They will try to collect information which they can use to benefit themselves. Much of what they are looking for is what the U.S. thinks about them, and how much and what type of economic assistance will the U.S. give them. Lastly, it is quite surprising to report that we must also watch out for those countries we have long considered to be our allies, such as Japan, Israel, France, South Africa. All of these countries have thriving economies, but they want more. You see, the U.S. has long enjoyed a position as being the leader in the global marketplace. Each of these countries is in competition with the U.S. for that leadership position. Certainly they are our military allies, and do not attempt to collect military information, but they are our economic competitors, and will do their best to collect any information which they can use to benefit their on economies and their standing in the global market place. Note: Cite recent examples if possible e.g. French bugging Air France, Israeli's stealing proprietary information.

12. “Countries don’t have friends, they have interests” deGaulle This quote could not be more relevant to what I am trying to say. We have many friends out there, we have some enemies, but no matter how we consider them, they are interested in their own preservation, their own development. They will look wherever they can to find information which may help them. One of the best places to look, the United States. We are on top because we have the ability to collect and use information. They want that information. Information we have in this Department. Information you have beed entrusted to protect. What types of information might they be looking for...This quote could not be more relevant to what I am trying to say. We have many friends out there, we have some enemies, but no matter how we consider them, they are interested in their own preservation, their own development. They will look wherever they can to find information which may help them. One of the best places to look, the United States. We are on top because we have the ability to collect and use information. They want that information. Information we have in this Department. Information you have beed entrusted to protect. What types of information might they be looking for...

13. National Security Threat List (NSTL) U.S. Critical Technologies U.S. industrial proprietary economic information and technology. U.S. intelligence and foreign affairs information. Economic Espionage Terrorism Information relating to defense establishments. Proliferation of special weapons of mass destruction Foreign intelligence activity in the U.S. Perception management and active measures activities. Within the intelligence community, we used to have what were known as designated countries. If you held a security clearance and you traveled to one of these designated countries, you had to report that travel. Or, if you met a person from one of the designated countries, you had to report that contact. Does anyone remember having to do this? Well, the days of designated counties are gone; we no longer have a list. We still have some reporting requirements, and we’ll talk about those later in the travel portion of this briefing, but the designated country list is gone. What the FBI has done is create the National Security Threat List (NSTL), and said that if any country tries to colect these types of information, the issue will be addressed. We never used to be suspicious if an ally tried to collect information, but as we saw in the previous slide, that has changed. There are no countries above supicion now, espceially if they try to collect information from the NSTL. Let’s take a look at the NSTL, and see how many of the items relate to the Commerce Department. I think we’ll find that our small Department hold a large amount of information which is very important to our national security. Note that this information may not always be classified, that’s very important, as collecting of large amounts of unclassified information can be as damaging as smaller portions of classified information. NSTL: 1) Critical technologies: These involve many types of information, including development of materials, manufacturing improvements, information and communications, biotechnology and life sciences, aeronautics and surface transportation technologies and energy and environmental developments. Does our Department handle this information? We sure do...how about NIST, NTIA, PTO, BXA and ITA? 2) U.S. Industrial proprietary economic information: our Department has a significant amount of this information as we work very closely with industry. They rely on us to protect their proprietary information, as loss of it could jeopardize their companies, and possible impact the national security. 3) U.S. intelligence and foreign affairs information: we have plenty of this stuff too, as the Commerce Department is deeply involved in trade negotiations which have a great impact on our nationa’s ability to remain the powerhouse in the global marketplace. (ITA/BXA/OS/OGC) 4) Information on defense establishments...the Department is very much involved in the process and military installations are turned over to civilian communities, a process which, if done improperly, could hurt or destroy many of our small communities.5) Information relating to special weapons of mass destruction...do you think those weapons are tested and patented? probably so, and probably done by the Commerce Department (NIST/PTO). I am sure that if you looked hard enough, you could apply the others as well. The key point here is that our Department does handle a great deal of very sensitive information, much of which is important to our national security; information we must protect whether it is classified or not. Within the intelligence community, we used to have what were known as designated countries. If you held a security clearance and you traveled to one of these designated countries, you had to report that travel. Or, if you met a person from one of the designated countries, you had to report that contact. Does anyone remember having to do this? Well, the days of designated counties are gone; we no longer have a list. We still have some reporting requirements, and we’ll talk about those later in the travel portion of this briefing, but the designated country list is gone. What the FBI has done is create the National Security Threat List (NSTL), and said that if any country tries to colect these types of information, the issue will be addressed. We never used to be suspicious if an ally tried to collect information, but as we saw in the previous slide, that has changed. There are no countries above supicion now, espceially if they try to collect information from the NSTL. Let’s take a look at the NSTL, and see how many of the items relate to the Commerce Department. I think we’ll find that our small Department hold a large amount of information which is very important to our national security. Note that this information may not always be classified, that’s very important, as collecting of large amounts of unclassified information can be as damaging as smaller portions of classified information. NSTL: 1) Critical technologies: These involve many types of information, including development of materials, manufacturing improvements, information and communications, biotechnology and life sciences, aeronautics and surface transportation technologies and energy and environmental developments. Does our Department handle this information? We sure do...how about NIST, NTIA, PTO, BXA and ITA? 2) U.S. Industrial proprietary economic information: our Department has a significant amount of this information as we work very closely with industry. They rely on us to protect their proprietary information, as loss of it could jeopardize their companies, and possible impact the national security. 3) U.S. intelligence and foreign affairs information: we have plenty of this stuff too, as the Commerce Department is deeply involved in trade negotiations which have a great impact on our nationa’s ability to remain the powerhouse in the global marketplace. (ITA/BXA/OS/OGC) 4) Information on defense establishments...the Department is very much involved in the process and military installations are turned over to civilian communities, a process which, if done improperly, could hurt or destroy many of our small communities.5) Information relating to special weapons of mass destruction...do you think those weapons are tested and patented? probably so, and probably done by the Commerce Department (NIST/PTO). I am sure that if you looked hard enough, you could apply the others as well. The key point here is that our Department does handle a great deal of very sensitive information, much of which is important to our national security; information we must protect whether it is classified or not.

14. The Threat cont... Don’t forget the insider! Counterintelligence is the responsibility of every Commerce employee. Report suspicious activities to your security officer or the Office of Security immediately. There is one last peice of the threat which we don’t like to talk about, but we must. That is the insider, the person who is providing our classified information to another entity. We should never expect to see spies walking the halls of the Commerce Department. When was the last time you heard of the KGB digging a tunnel into the Pentagon? It does not happen. Unfortunatley, what does happen is that Americans volunteer to provide foreign countries with our classified information. That’s right, I said volunteer. The majority of Americans who have been convicted of espionage were not recruited by foreign governments, they volunteered their services. Counterintelligence is not about sneaking around the hallways at night looking for spies. It’s about keeping your eyes open for suspicious activities e.g. someone making copies of classified information for no reason; someone putting classified in a brieifcase to take home, people who are overly inquisitve in information they don’t have need to know. If you have any suspicions, talk to your security officer. Mr. Ames, Mr. Walker and others would not have gotten as far as they did if their co-workers had been alert and reported their suspicious activites to a security officer. There is one last peice of the threat which we don’t like to talk about, but we must. That is the insider, the person who is providing our classified information to another entity. We should never expect to see spies walking the halls of the Commerce Department. When was the last time you heard of the KGB digging a tunnel into the Pentagon? It does not happen. Unfortunatley, what does happen is that Americans volunteer to provide foreign countries with our classified information. That’s right, I said volunteer. The majority of Americans who have been convicted of espionage were not recruited by foreign governments, they volunteered their services. Counterintelligence is not about sneaking around the hallways at night looking for spies. It’s about keeping your eyes open for suspicious activities e.g. someone making copies of classified information for no reason; someone putting classified in a brieifcase to take home, people who are overly inquisitve in information they don’t have need to know. If you have any suspicions, talk to your security officer. Mr. Ames, Mr. Walker and others would not have gotten as far as they did if their co-workers had been alert and reported their suspicious activites to a security officer.

15. Classification of Information How does information become classified? Original classification: initial determination that information, in the interest of national security, needs protection. Derivative classification: incorporating, paraphrasing, restating or generating in new form, information that is already classified. We have now seen what classified information is and why it needs to be protected, but how does information become classified in the first place? There are two ways: Original and derivative classification. Original classification occurs when you have raw data; information you have developed, that you feel may be classified. This can onle be done by an ORIGINAL CLASSIFICATION AUTHORITY, of which there are _____ within this Department. Derivative classification occurs when you use information which was previously classified by another source. You use it by incorporating, paraphrasing, restating or regenerating in a new form information that is already classified. This is the most common form of classification done within the Commerce Department. Let’s take a quick look at each of these so we better understand the difference.We have now seen what classified information is and why it needs to be protected, but how does information become classified in the first place? There are two ways: Original and derivative classification. Original classification occurs when you have raw data; information you have developed, that you feel may be classified. This can onle be done by an ORIGINAL CLASSIFICATION AUTHORITY, of which there are _____ within this Department. Derivative classification occurs when you use information which was previously classified by another source. You use it by incorporating, paraphrasing, restating or regenerating in a new form information that is already classified. This is the most common form of classification done within the Commerce Department. Let’s take a quick look at each of these so we better understand the difference.

16. Original Classification Performed by Original Classification Authority. Information must fall into one of the following categories: Military plans, weapons systems or operations Foreign government information Intelligence activities, sources or methods As I mentioned earlier, original classification can only be done by an Orginal Classification Authority. These Authorities are designated in writing by the Secretary of Commerce. There are only ______ of them in the Department; a relatively small number when you consider there are over 30,000 people within Commerce. The Classification Authority must make an initial determination as to whether or not information is classified. To do this, he sees if the information falls into one of the following categories: 1) Military plans, weapons systems or operations. 2) Foreign government information: If another government gives us their classified information, we must protect it as we would our own classified. 3) Intelligence activities, sources and methods: This is critical as many of us do not know why some documents are classified. We may think that the information in a documents should not be classified, but there is more to the picture that we may realize. Documents are sometimes classified, not so much because of what is written on the paper, but because of the source or method tht is used to collect the information. Either they don’t know we have the ability to collect that information, or they do not know we are focusing on that specific source. Some other categories are...As I mentioned earlier, original classification can only be done by an Orginal Classification Authority. These Authorities are designated in writing by the Secretary of Commerce. There are only ______ of them in the Department; a relatively small number when you consider there are over 30,000 people within Commerce. The Classification Authority must make an initial determination as to whether or not information is classified. To do this, he sees if the information falls into one of the following categories: 1) Military plans, weapons systems or operations. 2) Foreign government information: If another government gives us their classified information, we must protect it as we would our own classified. 3) Intelligence activities, sources and methods: This is critical as many of us do not know why some documents are classified. We may think that the information in a documents should not be classified, but there is more to the picture that we may realize. Documents are sometimes classified, not so much because of what is written on the paper, but because of the source or method tht is used to collect the information. Either they don’t know we have the ability to collect that information, or they do not know we are focusing on that specific source. Some other categories are...

17. Classification categories cont... Cryptology Foreign relations or activities of the U.S. Scientific, technological or economic matters Programs for safeguarding nuclear materials or facilities Vulnerabilities or capabilities of systems, installations, projects or plans Other information requiring protection 4) Cryptology 5) Foreign relations or activities of the United States. This category is very important to the Commerce Department, as the majority of the classified information we have relates to relations or activities of the United States. Remember, our business is commerce and trade. Trade involves other countries. We want to know what they are going to say BEFORE they get us to the negotiation table. Also, we do not want them to know what we’ll be saying. 6) Scientific, technological or economic information. I challenge anyone in this room to show me a bureau within this Department tht does not deal with this type of information. 7) Programs for safeguarding nuclear materials or facilities. If anyone in this room is aware of any nuclear devices within the Department, please contact your security officer immediately. 8) Vulnerabilities or capabilities of systems, installations, projects or plans. 9) Other categories of information which the classification authority might deem needing protection from unauthorized disclosure. 4) Cryptology 5) Foreign relations or activities of the United States. This category is very important to the Commerce Department, as the majority of the classified information we have relates to relations or activities of the United States. Remember, our business is commerce and trade. Trade involves other countries. We want to know what they are going to say BEFORE they get us to the negotiation table. Also, we do not want them to know what we’ll be saying. 6) Scientific, technological or economic information. I challenge anyone in this room to show me a bureau within this Department tht does not deal with this type of information. 7) Programs for safeguarding nuclear materials or facilities. If anyone in this room is aware of any nuclear devices within the Department, please contact your security officer immediately. 8) Vulnerabilities or capabilities of systems, installations, projects or plans. 9) Other categories of information which the classification authority might deem needing protection from unauthorized disclosure.

18. Thou shalt not classify information: To conceal a violation of law, inefficiency or administrative error. To prevent embarrassment to a person, organization or agency. To restrain competition. To prevent or delay the release of information that does not require protection in the interests of national security. We have just seen the types of information that should be classified in the interest of national security. Now we’ll look at some types of information which it is illegal to classify. 1) You cannot classify information to conceal a violation of law, inefficiency or administrative error. 2) You can not classify information to prevent embarrassment to a person, organization or agency. 3) You can not classify information to restrain competition e.g.. you can not give information to IBM and then classify to prevent its being released to Hewlett Packard. 4) You can not classify information to prevent its release. Good examples of this are the Privacy Act of 1974 and the Freedom of Information Act (FOIA). If information is available to the public under these pieces of legislation, it can not be classified to prevent such a release. Additionally, information which has been previously de-classified and released to the public can not be reclassified. We have just seen the types of information that should be classified in the interest of national security. Now we’ll look at some types of information which it is illegal to classify. 1) You cannot classify information to conceal a violation of law, inefficiency or administrative error. 2) You can not classify information to prevent embarrassment to a person, organization or agency. 3) You can not classify information to restrain competition e.g.. you can not give information to IBM and then classify to prevent its being released to Hewlett Packard. 4) You can not classify information to prevent its release. Good examples of this are the Privacy Act of 1974 and the Freedom of Information Act (FOIA). If information is available to the public under these pieces of legislation, it can not be classified to prevent such a release. Additionally, information which has been previously de-classified and released to the public can not be reclassified.

19. Declassification Document will be marked for automatic declassification in ten years unless: The Classification Authority identifies a date or event which occurs before the 10 year anniversary of the document or, The document is exempt from automatic declassification at 10 years under E.O. 13526. Additional reviews will be conducted at 10 and 5 year intervals. All classified documents will be declassified at 25 years (with few exceptions). A very important part of classifying information is determining when it will be declassified. Under E.O. 13526, classified information will be reviewed several times in order to ensure that information is not classified “indefinitely,” as it was under the marking OADR (Originating Agency’s Determination Required). OADR was done away with under E.O. 13526. The first step in the process is when the document is created. The Original Classification Authority will look at the information at determine a date or event within ten years at which time the information may be declassified. If the original Classification Authority can not make this determination, the document will be marked for automatic declassification at 10 years from the date it was created, unless the document meets very strict exemption criteria identifed under E.O. 13526 e.g. If the document is exempt, it will be reviewed again at 10 and 5 year intervals respectively, with automatic declassification of all classified documents at 25 years. Of course, there are exceptions, but these documents must be reviewed by the Secretary of Commerce to ensure that classification is still waranted in the interest of national security. That was a very quick look at original classification, where the initial determination is made to classify a document, and a decision is made as to when the document will be declassified. As you can see, being an Original Classification Authority involves a great deal of responsibility, as the decisions you make will affect the ability of the American public to gain access to information. Now let’s take a look at derivative classification, which is more common within the Department.A very important part of classifying information is determining when it will be declassified. Under E.O. 13526, classified information will be reviewed several times in order to ensure that information is not classified “indefinitely,” as it was under the marking OADR (Originating Agency’s Determination Required). OADR was done away with under E.O. 13526. The first step in the process is when the document is created. The Original Classification Authority will look at the information at determine a date or event within ten years at which time the information may be declassified. If the original Classification Authority can not make this determination, the document will be marked for automatic declassification at 10 years from the date it was created, unless the document meets very strict exemption criteria identifed under E.O. 13526 e.g. If the document is exempt, it will be reviewed again at 10 and 5 year intervals respectively, with automatic declassification of all classified documents at 25 years. Of course, there are exceptions, but these documents must be reviewed by the Secretary of Commerce to ensure that classification is still waranted in the interest of national security. That was a very quick look at original classification, where the initial determination is made to classify a document, and a decision is made as to when the document will be declassified. As you can see, being an Original Classification Authority involves a great deal of responsibility, as the decisions you make will affect the ability of the American public to gain access to information. Now let’s take a look at derivative classification, which is more common within the Department.

20. Derivative Classification Classification guide: Each classification authority should have a classification guide. Used by personnel who create classified documents, but are not OCA’s. Guides should be reviewed every 5 years. Remember that derivative classification involves the incorporating, paraphrasing, restating or generating in new form, information that is already classified. We’ll start off with classification guides. Classification guides are just that: guides for someone creating a classified document. It tells you what types of information should be classified and at what levels. You would use a classification guide if you were working on a document and you said to yourself “This information is very sensitive, I wonder if it is classified?” With that in mind, you would pick up a classification guide and look up the information you are working with. The guide will help you determine whether or not the information is classified, and if so, at what level. You would then mark and protect the information accordingly. Note that classification guides are created by Original Classification Authorities. If you use one, and determine that information is classified, it is classified under the authority of that OCA, not you, as you used the classification guide. Does the classification authority for your area have a classification guide? Check with your supervisor or your security officer for more information. Remember that derivative classification involves the incorporating, paraphrasing, restating or generating in new form, information that is already classified. We’ll start off with classification guides. Classification guides are just that: guides for someone creating a classified document. It tells you what types of information should be classified and at what levels. You would use a classification guide if you were working on a document and you said to yourself “This information is very sensitive, I wonder if it is classified?” With that in mind, you would pick up a classification guide and look up the information you are working with. The guide will help you determine whether or not the information is classified, and if so, at what level. You would then mark and protect the information accordingly. Note that classification guides are created by Original Classification Authorities. If you use one, and determine that information is classified, it is classified under the authority of that OCA, not you, as you used the classification guide. Does the classification authority for your area have a classification guide? Check with your supervisor or your security officer for more information.

21. Derivative classification cont... When incorporating, paraphrasing etc. classified information, be sure to: Observe and respect original classification markings. Carry forward all classification markings. Carry forward declassification instructions (using longest period). List all sources. The most common form of classification within this Department is deriviative classification using information, which has already been classified e.g. you receive a classified document from the Department of Defense and you create a classified document of your own using that information. When doing so, there are some basic rules you must follow: 1) You must observe and respect original classification markings and decisions. This means that you can not change the classification of the document if you disagree with it. Only the classification authority who created that document can do that. 2) You must carry forward all classification markings. If it has additional caveats e.g. NOFORN, your document must also have the caveats. 3) You must carry forward all declassification instructions using the one which is farthest in the future e.g. if you use two documents, one with a declassification date of June 8, 2001, and another with a declassification date of 11 May, 2004, the declassification date of your document would be 11 May, 2004. This allows maximum protection for all of the information in your document. 4) If you do use more that one document as a derivative source, there is one more step to follow: list all sources, a bibliography of sorts. The list will be attached to the file copy of your document. The reason for this is if someone asks you a questions about the classification of something in the document, you can easily refer to the source document for more information. The most common form of classification within this Department is deriviative classification using information, which has already been classified e.g. you receive a classified document from the Department of Defense and you create a classified document of your own using that information. When doing so, there are some basic rules you must follow: 1) You must observe and respect original classification markings and decisions. This means that you can not change the classification of the document if you disagree with it. Only the classification authority who created that document can do that. 2) You must carry forward all classification markings. If it has additional caveats e.g. NOFORN, your document must also have the caveats. 3) You must carry forward all declassification instructions using the one which is farthest in the future e.g. if you use two documents, one with a declassification date of June 8, 2001, and another with a declassification date of 11 May, 2004, the declassification date of your document would be 11 May, 2004. This allows maximum protection for all of the information in your document. 4) If you do use more that one document as a derivative source, there is one more step to follow: list all sources, a bibliography of sorts. The list will be attached to the file copy of your document. The reason for this is if someone asks you a questions about the classification of something in the document, you can easily refer to the source document for more information.

22. Marking Classified Documents Clearly identify the document and all pieces of information as being classified (or not). Use the following markings: Portion Overall classification Classification/declassification instructions Now that we have identified our classified information, and are busy preparing our classified document, it is critical that we properly mark the document. The reason we mark classified documents is to make it plainly obvious to whoever is using the information that it is classified and at what level. You see, if you create a document, you know what on that document is classified, and what’s not. But the person who receives it will not. You must be sure to be very specific in telling him/her what information must be protected. Failing to do so could result in an improper disclosure. You want to mark various portions of your document, starting with each paragraph/sub-paragraph. If you don’t mark each paragraph/sub-paragraph, how will anyone know what pieces of the document are classified and which are not. If the paragraph is not marked, an assumption must be made that the information is classified, and must be protected accordingly. You would mark each paragraph/sub-paragraph with what is known as a portion marking; a letter which denotes the classification of the information in that paragraph e.g. (C) for Confidential, (S) for Secret, (TS) for Top Secret and, just as important, (U) for unclassified. Subjects and titles must be marked in much the same way, using portion markings. If you are creating the subject or title, always choose something unclassified. This will help later on e.g. if you have a classified title and you place it on your accountability register, your register is now classified and another must be created to account for it. Illustrations should also be marked, as illustrations are often made to stand alone without any type of narrative or data around them. If you have a 200 page Top Secret document which is summarized into one ilustration on the last page, and that illustration is not marked, it could get separated from the document and perhaps released if it is not identified as being classified. By releasing that illustration, you have done as much damage as if you had released that entire 200 page document. Here is an example...Now that we have identified our classified information, and are busy preparing our classified document, it is critical that we properly mark the document. The reason we mark classified documents is to make it plainly obvious to whoever is using the information that it is classified and at what level. You see, if you create a document, you know what on that document is classified, and what’s not. But the person who receives it will not. You must be sure to be very specific in telling him/her what information must be protected. Failing to do so could result in an improper disclosure. You want to mark various portions of your document, starting with each paragraph/sub-paragraph. If you don’t mark each paragraph/sub-paragraph, how will anyone know what pieces of the document are classified and which are not. If the paragraph is not marked, an assumption must be made that the information is classified, and must be protected accordingly. You would mark each paragraph/sub-paragraph with what is known as a portion marking; a letter which denotes the classification of the information in that paragraph e.g. (C) for Confidential, (S) for Secret, (TS) for Top Secret and, just as important, (U) for unclassified. Subjects and titles must be marked in much the same way, using portion markings. If you are creating the subject or title, always choose something unclassified. This will help later on e.g. if you have a classified title and you place it on your accountability register, your register is now classified and another must be created to account for it. Illustrations should also be marked, as illustrations are often made to stand alone without any type of narrative or data around them. If you have a 200 page Top Secret document which is summarized into one ilustration on the last page, and that illustration is not marked, it could get separated from the document and perhaps released if it is not identified as being classified. By releasing that illustration, you have done as much damage as if you had released that entire 200 page document. Here is an example...

23. Marking cont... Portion markings: Title and/or subject should be unclassified Paragraphs and sub-paragraphs must be marked Don’t forget un- classified areas! Illustrations are important as well Let’s take a look at an example of using portion markings. Note that the title is marked as unclassified. Remember we said that ttiles and subjects should always be unclassified. Each of the papragraphs and subparagraphs are marked properly...or are they? One of the papragraphs is not marked. Would anyone here like to guess the classification of that information? Probably not. Since it is not marked, we would have to go back to the creator of the document and ask him/her. Our illustration is properly marked as being Secret. I don’t know if you can read the slide or not, but the illustration reflects information from the second paragraph; that’s why it is classified and must be marked and protected. Now that we have completed the first step in marking; portion markings, lets move on to the next: overall classification markings.Let’s take a look at an example of using portion markings. Note that the title is marked as unclassified. Remember we said that ttiles and subjects should always be unclassified. Each of the papragraphs and subparagraphs are marked properly...or are they? One of the papragraphs is not marked. Would anyone here like to guess the classification of that information? Probably not. Since it is not marked, we would have to go back to the creator of the document and ask him/her. Our illustration is properly marked as being Secret. I don’t know if you can read the slide or not, but the illustration reflects information from the second paragraph; that’s why it is classified and must be marked and protected. Now that we have completed the first step in marking; portion markings, lets move on to the next: overall classification markings.

24. Marking cont... Overall classification markings. Determined by the highest portion marking Top and bottom of every page Use a larger print and a different color to make it stand out The overall classification of the document is determined by the highest classification of the portions e.g. if the highest classification of the portions is Secret, the overall classification of the document will be Secret. The document should be marked on the cover, title page, last page and back cover with the overall classification of the document. You have the option of marking each page either with the overall classification of the document, or with the highest classification of the information on that page e.g. if a page in a Secret document has no classified information on it, you could mark that page, top and bottom, as Unclassified. You should also mark the cover page, and the back side of the last page with the overall classification of the document. You always want to make this marking stand out, as it should be the most prominent on the page. The overall classification should be in a larger print, e.g. one or two fonts if you are using a computer. Do not use the same print for the overall classification as you would for the text of the document. It will not stand out, even if you try to put it in bold or underline it. Remember, you want to make it plainly obvious to whoever is working with that document that it is classified. Now that we have the portions and the overall classification of our document properly marked what’s next? Now we’ll put on the important information that allowed us to get this far. The overall classification of the document is determined by the highest classification of the portions e.g. if the highest classification of the portions is Secret, the overall classification of the document will be Secret. The document should be marked on the cover, title page, last page and back cover with the overall classification of the document. You have the option of marking each page either with the overall classification of the document, or with the highest classification of the information on that page e.g. if a page in a Secret document has no classified information on it, you could mark that page, top and bottom, as Unclassified. You should also mark the cover page, and the back side of the last page with the overall classification of the document. You always want to make this marking stand out, as it should be the most prominent on the page. The overall classification should be in a larger print, e.g. one or two fonts if you are using a computer. Do not use the same print for the overall classification as you would for the text of the document. It will not stand out, even if you try to put it in bold or underline it. Remember, you want to make it plainly obvious to whoever is working with that document that it is classified. Now that we have the portions and the overall classification of our document properly marked what’s next? Now we’ll put on the important information that allowed us to get this far.

25. Marking cont... (Original Classification) Classified By: Bottom right corner of the first page or cover Identifies the OCA Be specific e.g. Classified By: USTR report on Trade Sanctions against Aruba, dated 9/12/95. Classification Authority cannot classify higher than authority. On the bottom right hand corner of the first page or cover of every classified documents, there should be two or three very important lines. The first of these is Classified By. This tells you who the classification authority for the document was. If you have any questions related to the classification of the document, the person you would want to ask is the classification authority, as he/she is the only person authorized to answer questions about information he/she has classified. The Classified By line should be very specific. It should list the person by name and position is possible. If, for some reason, names are not possible, then a number or code assigned to that person would suffice e.g. Classified By: George Smith, Director, Office of Trade Development or Classified By: T115, Office of Trade Development. If you are performing derivative classification, remember that all classification instructions must be carried over. So does the classification authority. If you are using only one classified document as a source, then simply transfer the information from the original document’s Classified By line. If you are using more that 1 source document, then place “multiple sources” in the Classified By line. The multiple sources should be noted in the list of source documents you are keeping with your file copy.On the bottom right hand corner of the first page or cover of every classified documents, there should be two or three very important lines. The first of these is Classified By. This tells you who the classification authority for the document was. If you have any questions related to the classification of the document, the person you would want to ask is the classification authority, as he/she is the only person authorized to answer questions about information he/she has classified. The Classified By line should be very specific. It should list the person by name and position is possible. If, for some reason, names are not possible, then a number or code assigned to that person would suffice e.g. Classified By: George Smith, Director, Office of Trade Development or Classified By: T115, Office of Trade Development. If you are performing derivative classification, remember that all classification instructions must be carried over. So does the classification authority. If you are using only one classified document as a source, then simply transfer the information from the original document’s Classified By line. If you are using more that 1 source document, then place “multiple sources” in the Classified By line. The multiple sources should be noted in the list of source documents you are keeping with your file copy.

26. Marking cont... Reason for Classification: Must list the relevant portion of E.O. 13526 e.g. Reason for Classification: Section 1.5(d), E.O. 13526 (or foreign relations of the U.S.) The second important line, found on the bottom right hand corner of the first page or the cover of every classified document is “Reason for Classification.” This is required ONLY for original classification. If you are performing derivative classification, this line is NOT required. To complete the line, simlply identify the relevant portion of Section 1.5, E.O. 13526 which explains why your document is classified. An example would be Reason for Classification: Section 1.5(d), E.O. 13526. If you prefer, you can write out the explanation: Reason for Classification: Foreign relations or activities of the U.S. Again, this line is not required for derivative classification.The second important line, found on the bottom right hand corner of the first page or the cover of every classified document is “Reason for Classification.” This is required ONLY for original classification. If you are performing derivative classification, this line is NOT required. To complete the line, simlply identify the relevant portion of Section 1.5, E.O. 13526 which explains why your document is classified. An example would be Reason for Classification: Section 1.5(d), E.O. 13526. If you prefer, you can write out the explanation: Reason for Classification: Foreign relations or activities of the U.S. Again, this line is not required for derivative classification.

27. Marking cont... Declassify On: Instructs the user when the information may be declassified. Note the 10 year rule Exceptions must be listed from E.O. 13526 OADR no longer valid. Cite the date the OADR document was created The last of the important lines found on the bottom right hand corner of the first page or cover of every classified document is “Declassify On.” This is probably the most important of the three, becuase it tells the reader when the document may be declassifed, and the information released. If you are creating an original document, you must identify a date or event within 10 years from the time the document was created, at which point the document may be automatically declassified. If you cannot identify a date or event, the document should be marked with a date which is exactly 10 years from the day the document was created. e.g. I create a document on 3 November, 1996. My Declassify On line must read 2 November, 2006 (or sooner). Of course there are exceptions to the ten year rule, but not many. If your document should not be automatically declassified at the 10 year point, you must identify the relevant portion of Section 1.6, E.O. 13526 which relates to your document. An example might be: Declassify On: X4. This would mean the document will be exempt from automatic declassification at the 10 year point becuase it meets the criteria of Section 1.6 (4), E.O. 13526. As we mentioned earlier, if you are performing derivative classification, you must carry over the declassification instructions as well. If you have more that one date or event, you should use the declassification instruction which is farthest in the future. For example, if I have two documents as sources, which have instructions for declassification on 13 April, 2005 and 8 June, 2002, my “Declassy On” line should read: Declassify On: 13 April, 2005. There is one declassification instruction on documents which is no longer valid: OADR. OADR stands for : Originating Agency’s Determination Required. Essentially it means: I have no idea when this document should be declassified, nor do I care to give it any thought. If you ahve any questions about it, give me a call and we’ll discuss it. For years it was the most popular declassification instruction, and the most useless. If you are performing derivative classification using a source document marked; Declassify On: OADR, you must list the following on your document: Declassify On: Original document marked OADR, originated 25 July, 1997. This will allow someone to calculate the ten year point when the information may be declassified. An important note here: Unless it is specifically instructed in the document, you cannot declassify any information without the approval of the classification authority. Just because it it over 10 years onl and marked OADR does not mean you can declassify it. Check with the classification authority before doing declassifying or releasing information. The last of the important lines found on the bottom right hand corner of the first page or cover of every classified document is “Declassify On.” This is probably the most important of the three, becuase it tells the reader when the document may be declassifed, and the information released. If you are creating an original document, you must identify a date or event within 10 years from the time the document was created, at which point the document may be automatically declassified. If you cannot identify a date or event, the document should be marked with a date which is exactly 10 years from the day the document was created. e.g. I create a document on 3 November, 1996. My Declassify On line must read 2 November, 2006 (or sooner). Of course there are exceptions to the ten year rule, but not many. If your document should not be automatically declassified at the 10 year point, you must identify the relevant portion of Section 1.6, E.O. 13526 which relates to your document. An example might be: Declassify On: X4. This would mean the document will be exempt from automatic declassification at the 10 year point becuase it meets the criteria of Section 1.6 (4), E.O. 13526. As we mentioned earlier, if you are performing derivative classification, you must carry over the declassification instructions as well. If you have more that one date or event, you should use the declassification instruction which is farthest in the future. For example, if I have two documents as sources, which have instructions for declassification on 13 April, 2005 and 8 June, 2002, my “Declassy On” line should read: Declassify On: 13 April, 2005. There is one declassification instruction on documents which is no longer valid: OADR. OADR stands for : Originating Agency’s Determination Required. Essentially it means: I have no idea when this document should be declassified, nor do I care to give it any thought. If you ahve any questions about it, give me a call and we’ll discuss it. For years it was the most popular declassification instruction, and the most useless. If you are performing derivative classification using a source document marked; Declassify On: OADR, you must list the following on your document: Declassify On: Original document marked OADR, originated 25 July, 1997. This will allow someone to calculate the ten year point when the information may be declassified. An important note here: Unless it is specifically instructed in the document, you cannot declassify any information without the approval of the classification authority. Just because it it over 10 years onl and marked OADR does not mean you can declassify it. Check with the classification authority before doing declassifying or releasing information.

28. Marking cont... (Derivative) Derived From: Identifies the source document Used for derivative classification only If more than one, list “Multiple Sources” “Declassify On” remains; watch for OADR For derivative classification, you do not use the “classified by” or “reason for classification” lines. Instead, you use a “Derived From” line. On this line, you would place the title and date of the classification guidance you used e.g. source document or classification guide. If you use more than one source, then the line should read “Multiple Sources,” and as with the original classification documents, a list of source documents should be maintained with the file copy. The “Declassify On” line would remain, like the original classification documents. You would simply take the declassification instructions from the source document and transfer them over. If you have more than one source, the “Declassissify On” line should reflect the longest duration of the sources e.g. if one source is declassify on 2 Nov 1998 and another is 5 Apr 2005, the declassification instruction should be 5 Apr 2005. If a source document was marked OADR for declassification, your document should show the following: a) That the source document was marked OADR. b) The date or origin of the MOST RECENT source document This will permit the determination of when the classified information is 25 years old and, if permanently valuable, subject to automatic declassification. This type of marking (derivative) is the most common within Commerce. If you have any questions about classification instructions, see your security officer. For derivative classification, you do not use the “classified by” or “reason for classification” lines. Instead, you use a “Derived From” line. On this line, you would place the title and date of the classification guidance you used e.g. source document or classification guide. If you use more than one source, then the line should read “Multiple Sources,” and as with the original classification documents, a list of source documents should be maintained with the file copy. The “Declassify On” line would remain, like the original classification documents. You would simply take the declassification instructions from the source document and transfer them over. If you have more than one source, the “Declassissify On” line should reflect the longest duration of the sources e.g. if one source is declassify on 2 Nov 1998 and another is 5 Apr 2005, the declassification instruction should be 5 Apr 2005. If a source document was marked OADR for declassification, your document should show the following: a) That the source document was marked OADR. b) The date or origin of the MOST RECENT source document This will permit the determination of when the classified information is 25 years old and, if permanently valuable, subject to automatic declassification. This type of marking (derivative) is the most common within Commerce. If you have any questions about classification instructions, see your security officer.

29. Marking cont... Congratulations! Your classified document is now properly marked: Portions Overall classification Classification instructions Congratulations, you now have a properly marked classified document. Check yourself by looking at the document and seeing if there are any pieces of it where you are unsure of the classification. If so, MARK IT! Remember that when you use derivative classification, you must transfer over all markings and classification instructions to your document. Also remember that for derivative classification documents, the “Reason for Classification” line is not required. Now anyone working with this document will not have any trouble identifying which information is classified or unclassified. The last part of marking involves special handling. When working with classified documents, you may see some of the following:Congratulations, you now have a properly marked classified document. Check yourself by looking at the document and seeing if there are any pieces of it where you are unsure of the classification. If so, MARK IT! Remember that when you use derivative classification, you must transfer over all markings and classification instructions to your document. Also remember that for derivative classification documents, the “Reason for Classification” line is not required. Now anyone working with this document will not have any trouble identifying which information is classified or unclassified. The last part of marking involves special handling. When working with classified documents, you may see some of the following:

30. Other markings you might see... NOFORN-not releasable to foreign nationals NOCONTRACT-not releasable to contractors ORCON-Originator controlled WINTEL-Warning, intelligence sources or methods involved Restricted Data/Formerly Restricted Data Handle via ________ channels only This document unclassified when classified attachments are removed. These caveats are special handling instructions, designed to limt access to the classified document. Some are still used, some are being, or have been, phased out. But we will still see them as we work with new and older classified documents. Let’s take a look at some of the more common ones: NOFORN: This means not releasable to foreign nationals. NOCONTRACT: Not releasable to contractors. ORCON: Originator controlled. If you would like to do something with this document e.g. distribute it outside of your department or amke additional copies, you must contact the originator for permission. WINTEL: Warning, intelligence sources or methods involved. PROPIN: Proprietary information invilved. Restricted Data/Formerly Restricted Data: Department of Energy marking for information related to research, development or use of sensitive nuclear materials. Handle via _______ Channels only: This refers to SCI information, the most sensitive information we have within the Department. If you ever see a document marked handle via (COMINT or TALENT KEYHOLE) channel only, report it to your security officer immediately. This document unclassified when classified attachments are removed.These caveats are special handling instructions, designed to limt access to the classified document. Some are still used, some are being, or have been, phased out. But we will still see them as we work with new and older classified documents. Let’s take a look at some of the more common ones: NOFORN: This means not releasable to foreign nationals. NOCONTRACT: Not releasable to contractors. ORCON: Originator controlled. If you would like to do something with this document e.g. distribute it outside of your department or amke additional copies, you must contact the originator for permission. WINTEL: Warning, intelligence sources or methods involved. PROPIN: Proprietary information invilved. Restricted Data/Formerly Restricted Data: Department of Energy marking for information related to research, development or use of sensitive nuclear materials. Handle via _______ Channels only: This refers to SCI information, the most sensitive information we have within the Department. If you ever see a document marked handle via (COMINT or TALENT KEYHOLE) channel only, report it to your security officer immediately. This document unclassified when classified attachments are removed.

31. One more point on marking: Don’t forget: Use cover sheets Mark other classified items, e.g. Floppy disks Folders/binders Videos,tapes Slides One last thing we must mention before we leave the marking portion of this briefing. We must remember to always use cover sheets whenever a classified document is out of the safe. Cover sheets serve several purposes, such as: if you have a classified document on your desk and someone walks by, they won’t be able to read it because it is protected by the cover sheet. Secondly, if you have a classified document on your desk among other unclassified papers, it will certainly stand out with the bright cover sheet. We should also be sure to mark other items which could hold classified information such as floppy disks, folders and binders, videos or audio tapes or slides if we are doing a classified presentation. Remember, the idea is to make it plainly obviois to whoever has the item that it is classified. Mark it propelry so there’ll be no doubt. We have stickers to mark floppy disks, and we can use stamps or cover sheets to mark other products. That was quite a bit of information on marking classified information, but it is very important. Often times information is improperly disclosed becasue someone did not know it was classified; did not know because it was not properly marked. Now let’s move on to a different topic: Protecting classified information.One last thing we must mention before we leave the marking portion of this briefing. We must remember to always use cover sheets whenever a classified document is out of the safe. Cover sheets serve several purposes, such as: if you have a classified document on your desk and someone walks by, they won’t be able to read it because it is protected by the cover sheet. Secondly, if you have a classified document on your desk among other unclassified papers, it will certainly stand out with the bright cover sheet. We should also be sure to mark other items which could hold classified information such as floppy disks, folders and binders, videos or audio tapes or slides if we are doing a classified presentation. Remember, the idea is to make it plainly obviois to whoever has the item that it is classified. Mark it propelry so there’ll be no doubt. We have stickers to mark floppy disks, and we can use stamps or cover sheets to mark other products. That was quite a bit of information on marking classified information, but it is very important. Often times information is improperly disclosed becasue someone did not know it was classified; did not know because it was not properly marked. Now let’s move on to a different topic: Protecting classified information.

32. Protecting classified information Accountability Storage Control and access Transmission Reproduction Destruction In order to properly protect classified information, we must do each of the following: 1) Account for it-if you were to lose a classified document, would you know it? 2) Storage- make sure it is stored in an approved area so unauthorized persons can not get to it. 3) Control- you are responsible for controlling your classified information. 4) Transmission-how to get classified information from one place to another. 5) Reproduction-do you need copies? If so, how do we make them? 6) Destruction- how do we get rid of this stuff so we don’t have to protect it anymore?In order to properly protect classified information, we must do each of the following: 1) Account for it-if you were to lose a classified document, would you know it? 2) Storage- make sure it is stored in an approved area so unauthorized persons can not get to it. 3) Control- you are responsible for controlling your classified information. 4) Transmission-how to get classified information from one place to another. 5) Reproduction-do you need copies? If so, how do we make them? 6) Destruction- how do we get rid of this stuff so we don’t have to protect it anymore?

33. Accountability Required for Secret and Top Secret information CD Form 481 Be able to identify: Who What When Where How Annual inventory of classified holdings Accountability is required for Secret and Top Secret information only. There is no requirement to account for Confidential information, although we strongly recommend that you do. We have created the CD Form 481 to use as a register. You do not have to use it; you can create your own if you like. Some people like to creat a register on their computers which is fine as well. REMEMBER, you should not have any classified titles or subjects on the register, otherwise your register is classified itself and you’ll have to create another just to account for it. To properly account for classified information, you should know the following: WHO- Who created that classified document? WHAT- What is the subject or title of the document? WHEN- When was the document created and when did you receive it? WHERE- Where is the document RIGHT NOW? If it was destroyed, then HOW was it destoyed and by whom? Create a number system within your office which will allow you to more easily account for the information. How do you check you accountability system? One quick was is to go into a safe (or two), and pull out a few classified documents. See if you can trace them back to the register. Then do the opposite, look in your register and pick two or three documents. Can you locate them within your office? If you can do both, your system is probably ok. If not, take a look at improving it. You should conduct an annual inventory of all classified holdings within your office. If you don’t, your classified holdings will quickly grow, and most of it will be old and not needed. If you have Top Secret materials in your office, check with your security officer for additional accountability and control requirements.Accountability is required for Secret and Top Secret information only. There is no requirement to account for Confidential information, although we strongly recommend that you do. We have created the CD Form 481 to use as a register. You do not have to use it; you can create your own if you like. Some people like to creat a register on their computers which is fine as well. REMEMBER, you should not have any classified titles or subjects on the register, otherwise your register is classified itself and you’ll have to create another just to account for it. To properly account for classified information, you should know the following: WHO- Who created that classified document? WHAT- What is the subject or title of the document? WHEN- When was the document created and when did you receive it? WHERE- Where is the document RIGHT NOW? If it was destroyed, then HOW was it destoyed and by whom? Create a number system within your office which will allow you to more easily account for the information. How do you check you accountability system? One quick was is to go into a safe (or two), and pull out a few classified documents. See if you can trace them back to the register. Then do the opposite, look in your register and pick two or three documents. Can you locate them within your office? If you can do both, your system is probably ok. If not, take a look at improving it. You should conduct an annual inventory of all classified holdings within your office. If you don’t, your classified holdings will quickly grow, and most of it will be old and not needed. If you have Top Secret materials in your office, check with your security officer for additional accountability and control requirements.

34. Storage Sensitive information, e.g. FOUO, Privacy Act data, proprietary information etc: Under 1 level of lock, e.g. locked desk or file cabinet. Where is the only place you can store classified information? Now we’ll discuss storage of classified and sensitive information. Sensitive information, which would include FOUO, Privacy Act data or proprietary information, must be strored under 1 level of lock. This means you can store it in your desk if your desk locks, or you can strore it in a file cabinet if the file cabinet locks. We do not recomment that you take sensitive information home with you, and the probability of it being improperly disclosed owuld increase outside of the office. How about classified information and SBU? (Remember SBU? It’s that State Department adminsitartive marking that is not classified, but must be protected a Confidential). Where is the ONLY place you canstore classified information? Can you store it in your desk if it locks? (Answer: No) Can you store it in your desk if the desk lock and the door to your office is locked? (Answer: No)Now we’ll discuss storage of classified and sensitive information. Sensitive information, which would include FOUO, Privacy Act data or proprietary information, must be strored under 1 level of lock. This means you can store it in your desk if your desk locks, or you can strore it in a file cabinet if the file cabinet locks. We do not recomment that you take sensitive information home with you, and the probability of it being improperly disclosed owuld increase outside of the office. How about classified information and SBU? (Remember SBU? It’s that State Department adminsitartive marking that is not classified, but must be protected a Confidential). Where is the ONLY place you canstore classified information? Can you store it in your desk if it locks? (Answer: No) Can you store it in your desk if the desk lock and the door to your office is locked? (Answer: No)

35. Storage cont... Classified information must be stored in a GSA approved security container (a safe). Note the additional items: SF-700 SF-702 Open/closed sign The ONLY place you can store classified information is within a GSA approved security container; more commonly known as a safe.How do you know if a safe is GSA approved? Simple, just look at the top drawer. On the left side there should be a metal stamp which says: “GSA Approved security container. There are still some offices within the Department which have bar-lock containers. These are the file cabinets with the large metal bar going down the front, with a hevy padlock on top. These are still approved for up to Secret information, but only if they are already in use. They are being phased out, so you can not start using one. Note the additional items on the safe: The SF-700 (name) is stored on the inside of the locking drawer. It serves several purposes: First, it is an emergency notification roster, listing the home addresses and phone numbers of people to be contacted in the event something happens to the container e.g. it is found open and unattended. The second part of the form detaches. This is where the locksmith will write down your combination. This should be the only time your combination is writtendown. You should then store this portion of the SF-700 in another safe. You can keep it in a safe in your office or, better yet, give it to your security officer for safekeeping. The SF-700 will be classified, and we’ll discuss why in a few seconds, so be sure to properly mark it and store it in a safe. The SF-702 (Security Container Check Sheet) identifies who opned, closed or checked the safe. It should be filled out every time you open or lock the safe. This would be considered equivelant to logging in and out of your computer. If you were to find a container open, you could look to see who the last person to open it was. Once filled in completely, the SF-702’s should be kept for 1 year. The last item is the open/closed sign. Like it sounds, it simply tells you if the container is open or locked at a glance. This is a good reminder if you are passing by and the open sign catches your eye...it would remind you to lock the safe. Remember that classified information must be stored in a safe, unless you have positive control over it e.g. you see it or it is in your hands. You can not take it home with you, or take it on travel outside of the local area.The ONLY place you can store classified information is within a GSA approved security container; more commonly known as a safe.How do you know if a safe is GSA approved? Simple, just look at the top drawer. On the left side there should be a metal stamp which says: “GSA Approved security container. There are still some offices within the Department which have bar-lock containers. These are the file cabinets with the large metal bar going down the front, with a hevy padlock on top. These are still approved for up to Secret information, but only if they are already in use. They are being phased out, so you can not start using one. Note the additional items on the safe: The SF-700 (name) is stored on the inside of the locking drawer. It serves several purposes: First, it is an emergency notification roster, listing the home addresses and phone numbers of people to be contacted in the event something happens to the container e.g. it is found open and unattended. The second part of the form detaches. This is where the locksmith will write down your combination. This should be the only time your combination is writtendown. You should then store this portion of the SF-700 in another safe. You can keep it in a safe in your office or, better yet, give it to your security officer for safekeeping. The SF-700 will be classified, and we’ll discuss why in a few seconds, so be sure to properly mark it and store it in a safe. The SF-702 (Security Container Check Sheet) identifies who opned, closed or checked the safe. It should be filled out every time you open or lock the safe. This would be considered equivelant to logging in and out of your computer. If you were to find a container open, you could look to see who the last person to open it was. Once filled in completely, the SF-702’s should be kept for 1 year. The last item is the open/closed sign. Like it sounds, it simply tells you if the container is open or locked at a glance. This is a good reminder if you are passing by and the open sign catches your eye...it would remind you to lock the safe. Remember that classified information must be stored in a safe, unless you have positive control over it e.g. you see it or it is in your hands. You can not take it home with you, or take it on travel outside of the local area.

36. Storage cont... Combinations: Are classified at the level of information in the container Should always be memorized; never write them down Don’t share your combination with anyone who does not NEED it Don’t use birth dates or other give-aways Remember that your combinations are classified at the level of the information in the container. This is because having the combination will allow you access to the information in the safe. Again, don’t forget to properly mark and store your SF-700 when the locksmith changes your combination. You should never write down your combination for two reasons: 1) If someone finds it they can get into your safe and have access to your classified information. 2) Your combination is classified; if you write it down then the paper your wrote it on would be classified and must be marked and stored properly. Some offices have all of the combinations to the safes written down on one sheet of paper. The Office of Security does not recommend this, because if that sheet were compromised, potentially all of the containers would be as well. If your office does have such a sheet, make sure it is properly marked, placed in a sealed envelope (that was you can tell if someone had access to it), and store it in a safe. Again, this is not recommended. You should never give out the combination to your safe, even to a friend. Only the people who have a need for regular access to the safe should have the combination. When creating your combination, don’t use a set of numbers which anyone could guess, like your birthdate, or one of your kids’ birthday. Think of an original set of numbers and memorize them. Don’t worry, if you ever forget the combo, someone has that SF-700 stored away if you need to look at it. Remember that your combinations are classified at the level of the information in the container. This is because having the combination will allow you access to the information in the safe. Again, don’t forget to properly mark and store your SF-700 when the locksmith changes your combination. You should never write down your combination for two reasons: 1) If someone finds it they can get into your safe and have access to your classified information. 2) Your combination is classified; if you write it down then the paper your wrote it on would be classified and must be marked and stored properly. Some offices have all of the combinations to the safes written down on one sheet of paper. The Office of Security does not recommend this, because if that sheet were compromised, potentially all of the containers would be as well. If your office does have such a sheet, make sure it is properly marked, placed in a sealed envelope (that was you can tell if someone had access to it), and store it in a safe. Again, this is not recommended. You should never give out the combination to your safe, even to a friend. Only the people who have a need for regular access to the safe should have the combination. When creating your combination, don’t use a set of numbers which anyone could guess, like your birthdate, or one of your kids’ birthday. Think of an original set of numbers and memorize them. Don’t worry, if you ever forget the combo, someone has that SF-700 stored away if you need to look at it.

37. Storage cont... Combinations must be changed if: The container is found open and unattended Someone who has the combination leaves or no longer needs access to the container If you feel the combination has been compromised When the container is placed into or taken out of service There are several times when you must change your combination: If you ever find the container open and unattended, you want to change the combination. If someone who has the combination leaves, you want to change the combination, or if that person does not need access to the container anymore (e.g. new job, no longer needs classified information), you want to change the combination. If you feel that the combination has been compromised, you want to change the combination. If the container is placed into or taken out of service, you want to change the combination. It does not hurt to change your combination periodically e.g. annually or bi-annually, even if none of the above occur. It’s not required, but recommended. How do you get a hold of a locksmith? Contact your security officer of course.There are several times when you must change your combination: If you ever find the container open and unattended, you want to change the combination. If someone who has the combination leaves, you want to change the combination, or if that person does not need access to the container anymore (e.g. new job, no longer needs classified information), you want to change the combination. If you feel that the combination has been compromised, you want to change the combination. If the container is placed into or taken out of service, you want to change the combination. It does not hurt to change your combination periodically e.g. annually or bi-annually, even if none of the above occur. It’s not required, but recommended. How do you get a hold of a locksmith? Contact your security officer of course.

38. Control and Access You are responsible for protecting and controlling classified information (SF-312). You must limit access to authorized persons. Verify: Identification Clearance Need-to-know Now that you have been entrusted with national security information, you must remember your responsibilities in protecting and controlling it. In that SF-312 you signed, you agreed to never improperly disclose classified information. The SF-312 also said that you could only give classified information to authorized persons. In order to make sure someone is authorized to receive classified information, you must have three things: 1) Identification: Know who you are dealing with. if you don’t know the person, and you’ll be discussing classified, don’t be afraid to ask for a picture identification. Verification of identification is expected within the intelligence community. You’d look worse if you gave the classified information to the wrong person. 2) Clearance: Always verify that person has a security clearance AND that the security clearance is at the level of the information you’ll be working with. If you are working on Secret information, the person must have at least a Secret clearance. If you are ever unsure about someone’s security clearance, ask your security officer for help. Never ask the person you are working with what level of clearance he/she has. 3) The last thing you’ll need to verify that a person is authorized to receive classified information is a need-to-know. This is defined as having to have information in order to properly perform your official duties. Even though you and I might both have Secret security clearances, I don’t have a need-to-know what you are doing in your office. If you are ever unsure about someone’s need-to-know, check with your immediate supervisor (not your security officer). Note that rank or position do not infer a security clearance or a nee-to-know. When in doubt, check it out. Remember, you signed that SF-312 and agreed to protect classified information.Now that you have been entrusted with national security information, you must remember your responsibilities in protecting and controlling it. In that SF-312 you signed, you agreed to never improperly disclose classified information. The SF-312 also said that you could only give classified information to authorized persons. In order to make sure someone is authorized to receive classified information, you must have three things: 1) Identification: Know who you are dealing with. if you don’t know the person, and you’ll be discussing classified, don’t be afraid to ask for a picture identification. Verification of identification is expected within the intelligence community. You’d look worse if you gave the classified information to the wrong person. 2) Clearance: Always verify that person has a security clearance AND that the security clearance is at the level of the information you’ll be working with. If you are working on Secret information, the person must have at least a Secret clearance. If you are ever unsure about someone’s security clearance, ask your security officer for help. Never ask the person you are working with what level of clearance he/she has. 3) The last thing you’ll need to verify that a person is authorized to receive classified information is a need-to-know. This is defined as having to have information in order to properly perform your official duties. Even though you and I might both have Secret security clearances, I don’t have a need-to-know what you are doing in your office. If you are ever unsure about someone’s need-to-know, check with your immediate supervisor (not your security officer). Note that rank or position do not infer a security clearance or a nee-to-know. When in doubt, check it out. Remember, you signed that SF-312 and agreed to protect classified information.

39. Leaks Most leaks result from: Casual conversations and interviews Don’t discuss sensitive or classified information outside of the office Be careful of who is in range to overhear Open sources Publication does not infer declassification Check with the Classification Authority to be sure Did you know that most leaks result from casual conversations or interviews. How about this scenario? You’re talking with some friends about the work you’re doing in your office. The conversation gets quite involved, and before you know it, you’re discussing classified information. You think: “Oh, it’s ok, they all have clearances;” but do they have a need-to-know? Do the need that information in order to properly perform their offical functions? Even when discussing sensitive information, that need-to-know applies. If it is sensitive or classified information, keep it in the office; don’t discuss it with friends, especially in social environment e.g. restauraunt. You never know who’s listening. Open sources materials, like magazines and newspapers can also be places where classified information is leaked. Just because you see (what you believe to be) classified information in an open source, that does not mean it has been declassified. Often intelligence agencies will not act on information until it has been confirmed. If you acknowledge that classified information published in an open source is accurate, you have just confirmed it for the other side. If you are unsure abou the status of classified information, check with the classification authority or your supervisor.Did you know that most leaks result from casual conversations or interviews. How about this scenario? You’re talking with some friends about the work you’re doing in your office. The conversation gets quite involved, and before you know it, you’re discussing classified information. You think: “Oh, it’s ok, they all have clearances;” but do they have a need-to-know? Do the need that information in order to properly perform their offical functions? Even when discussing sensitive information, that need-to-know applies. If it is sensitive or classified information, keep it in the office; don’t discuss it with friends, especially in social environment e.g. restauraunt. You never know who’s listening. Open sources materials, like magazines and newspapers can also be places where classified information is leaked. Just because you see (what you believe to be) classified information in an open source, that does not mean it has been declassified. Often intelligence agencies will not act on information until it has been confirmed. If you acknowledge that classified information published in an open source is accurate, you have just confirmed it for the other side. If you are unsure abou the status of classified information, check with the classification authority or your supervisor.

40. Transmission Two critical pieces of transmitting classified information: Sender and receiver Methods: Telephone/fax Hand carry Approved courier Mail Electronically (computer/modem) We’ve just seen how to make sure that someone is authorized to receive classified information, now let’s see how we can get it to them. In order for you to transmit classified information, you must have 2 things: a sender and a receiver. If I’m not sending it, there’s no transmission. If there is nobody to receive it, then the transmission is never completed, and compromise of the information is possible. Here’s an example: I want to give you a classified document. I walk to your office, but you are not there. I leave the document on your desk, unattended. Am I transmiting classified information? (Answer: No) I am committing a security violation...I am committing a blatant security violation because I am leaving classified information unattended in an unsecure area. Once you have both a sender and a receiver, there are several ways you can send classified information e.g. telephone, fax, hand-carry it, use an approved courier, US Postal Service or via some electronic means e.g. a computer/modem. Let’s take a look at each of these and see how we can use these transmission devices.We’ve just seen how to make sure that someone is authorized to receive classified information, now let’s see how we can get it to them. In order for you to transmit classified information, you must have 2 things: a sender and a receiver. If I’m not sending it, there’s no transmission. If there is nobody to receive it, then the transmission is never completed, and compromise of the information is possible. Here’s an example: I want to give you a classified document. I walk to your office, but you are not there. I leave the document on your desk, unattended. Am I transmiting classified information? (Answer: No) I am committing a security violation...I am committing a blatant security violation because I am leaving classified information unattended in an unsecure area. Once you have both a sender and a receiver, there are several ways you can send classified information e.g. telephone, fax, hand-carry it, use an approved courier, US Postal Service or via some electronic means e.g. a computer/modem. Let’s take a look at each of these and see how we can use these transmission devices.

41. Transmission cont... Telephones and facsimile machines: Always use a secure (STU-III) phone or fax Standard phones and fax machines are easily intercepted Cellular phones are NOT secure Is there a secure phone in your office? If not, where is the nearest one? Do you know how to use one? Probably the most common method of transmitting classified information is via telephone or fax machine. You should never use a standard telephone to discuss classified information, or use a standard fax machine to send it. Always use a secure phone (also known as a STU-III) or secure fax to send classified information. We have several of these devices in the Department. A secure phone and fax will encrypt the information, and make it impossible for our adversaries to intercept the transmission. remember, if you use a secure phone or fax, make sure you use it properly, as a STU-III is nothing more that a regular phone if you do not use the encryption device. Cellular phones are one of the most unsecure communication devices in the world. You can intercept cellular calls using a standard police scanner. You should never discuss classified information over a cellular phone. Are our adversaries listening to us. You can bet they are, and they have all of the phone numbers of our important offices as well. How do you ask? Well, most of our telephone directories are unclassified aren’t they? How hard would it be to get a copy of a Commerce phone book? Not hard at all. Where is the nearest secure phone to your office? If you don’t know, ask your security officer. If you have never used a secure phone, ask your security officer for a demonstration.Within HCHB, the Telecommunications Center (room 6840) has a secure phone and fax available 24 hours a day, 7 days a week. For sensitive information, why not use a secure phone or fax?Probably the most common method of transmitting classified information is via telephone or fax machine. You should never use a standard telephone to discuss classified information, or use a standard fax machine to send it. Always use a secure phone (also known as a STU-III) or secure fax to send classified information. We have several of these devices in the Department. A secure phone and fax will encrypt the information, and make it impossible for our adversaries to intercept the transmission. remember, if you use a secure phone or fax, make sure you use it properly, as a STU-III is nothing more that a regular phone if you do not use the encryption device. Cellular phones are one of the most unsecure communication devices in the world. You can intercept cellular calls using a standard police scanner. You should never discuss classified information over a cellular phone. Are our adversaries listening to us. You can bet they are, and they have all of the phone numbers of our important offices as well. How do you ask? Well, most of our telephone directories are unclassified aren’t they? How hard would it be to get a copy of a Commerce phone book? Not hard at all. Where is the nearest secure phone to your office? If you don’t know, ask your security officer. If you have never used a secure phone, ask your security officer for a demonstration.Within HCHB, the Telecommunications Center (room 6840) has a secure phone and fax available 24 hours a day, 7 days a week. For sensitive information, why not use a secure phone or fax?

42. Transmission cont... Double wrapping: Must be done to prepare a classified document for transmission for hand-carrying, courier or US Postal Service Affords two layers of protection for the classified information Protects against damage and inadvertant disclosure Use opaque envelopes/paper Don’t forget to use a receipt Before we can go into discussing how to transmit classified information by other means e.g. hand carrying, approved courier or US Postal Service, we must first look at how the information must be prepared. The procedure we will use is called “double wrapping.” We call it double wrapping because all we are doing in placing two layers of protection between the classified information and the individuals who will be handling it. Double wrapping does two things: 1) It protects the classified information from damage due to faulty processing equipment e.g. much of the mail system is automated, and mail often gets caught in the machines and damaged. 2) It protects the information from inadvertant disclosure should the wrong person open the package. Hopefully, once the person sees the inner wrapping, he/she will stop there and not open the next...HOPEFULLY! One thing we always want to remember is to use a receipt whenever we are giving someone classified information. This will help us if we ever need to locate a document, ot something comes up missing. We will look at the procedure for preparing a classified document to go out, but double wrapping can apply to any size classified package e.g. boxes, crates etc. Let’s look at the first step...Before we can go into discussing how to transmit classified information by other means e.g. hand carrying, approved courier or US Postal Service, we must first look at how the information must be prepared. The procedure we will use is called “double wrapping.” We call it double wrapping because all we are doing in placing two layers of protection between the classified information and the individuals who will be handling it. Double wrapping does two things: 1) It protects the classified information from damage due to faulty processing equipment e.g. much of the mail system is automated, and mail often gets caught in the machines and damaged. 2) It protects the information from inadvertant disclosure should the wrong person open the package. Hopefully, once the person sees the inner wrapping, he/she will stop there and not open the next...HOPEFULLY! One thing we always want to remember is to use a receipt whenever we are giving someone classified information. This will help us if we ever need to locate a document, ot something comes up missing. We will look at the procedure for preparing a classified document to go out, but double wrapping can apply to any size classified package e.g. boxes, crates etc. Let’s look at the first step...

43. Transmission cont... Inner wrapping: Full address of recipient Be very specific e.g. room number Full return address Classification markings Top and bottom, front and back Place information and receipt inside and seal. The first step is to prepare the inner wrapping. On this wrapping you will write the full address of the recipient, being as specific as you can. Be sure to include room numbers and the name of the person you want to receive the information. Secondly, you want to put your full return address, again being as specific as possible. If the information cannot be delivered, you want to make sure it can get back to you. Next you’ll mark the wrapping, top and bottom, front and back, with the overall classification of the information. Attach your receipt to the information and place it inside the inner wrapping. Seal the inner wrapping with some heavy tape. Now let’s work on the outer wrapping. The first step is to prepare the inner wrapping. On this wrapping you will write the full address of the recipient, being as specific as you can. Be sure to include room numbers and the name of the person you want to receive the information. Secondly, you want to put your full return address, again being as specific as possible. If the information cannot be delivered, you want to make sure it can get back to you. Next you’ll mark the wrapping, top and bottom, front and back, with the overall classification of the information. Attach your receipt to the information and place it inside the inner wrapping. Seal the inner wrapping with some heavy tape. Now let’s work on the outer wrapping.

44. Transmission cont... Outer wrapping: Full address of receiver Full return address NO classification markings Recommend: If undeliverable return to sender

45. Transmission cont... How do we send classified information? Top Secret: See your security officer for assistance Secret and Confidential: Hand-carry Approved courier US Postal Service Now that you have double wrapped your classified document, it is ready to be transmitted. Now let’s look and how we can do this. For Top Secret information, you should contact your security officer for assistance. The methods for transmitting Top Secret materials are more restrictive than for Secret and Confiedential. We ask that you inform your security officer of your situation, and he/she will make arrangements for the Top Secret information to be transmitted for you. There are several ways we can transmit Secret and Confidential information; hand-carrying, using an APPROVED courier service or sending via the US Postal service. Let’s take a quick look at each of these:Now that you have double wrapped your classified document, it is ready to be transmitted. Now let’s look and how we can do this. For Top Secret information, you should contact your security officer for assistance. The methods for transmitting Top Secret materials are more restrictive than for Secret and Confiedential. We ask that you inform your security officer of your situation, and he/she will make arrangements for the Top Secret information to be transmitted for you. There are several ways we can transmit Secret and Confidential information; hand-carrying, using an APPROVED courier service or sending via the US Postal service. Let’s take a quick look at each of these:

46. Transmission cont... Hand-carrying classified information (Secret and Confidential): Courier authorization Local area only Cannot use aircraft Cannot stay overnight without proper storage Check with security officer before you go When we talk about hand-carrying classified information, we mean going outside of your building. If you only need to bring a classified document to another office in your building, simply put a cover sheet on it and walk it over there. Don’t forget: before you drop it off with someone, verify Identification, clearance and need-to-know! In order to hand-carry Secret or Confidential information, you must have “courier authorization.” This means that you have received a briefing on what to do in the event of an emergency or other unexpected occurrence. After the briefing, you will be issued a courier card, which shows that you are allowed to carry classified information, usually up to Secret level. The courier briefings and courier cards are available from your security officer or the Office of Security. Note that the courier cards authorize you to hand carry classified information in the local area e.g. driving to the Pentagon or elsewhere in the local commuting area. If you need to get classified information to a location outside of the lcoal area, contact your security officer for assistance, or use one of the methods we’ll discuss in a few moments. You cannot board a commercial aircraft with classified information, even within the United States. Also, you cannot stay overnight someplace with classified information unless you locate a place with proper storage capability. Reminder question: Where is the only place you can store classified information? Answer: In a GSA approved security container (a safe). Hotel safes do not meet the standard. Car trunks do not meet the standard. Locked briefcases placed in car trunks do not meet the standard. When we talk about hand-carrying classified information, we mean going outside of your building. If you only need to bring a classified document to another office in your building, simply put a cover sheet on it and walk it over there. Don’t forget: before you drop it off with someone, verify Identification, clearance and need-to-know! In order to hand-carry Secret or Confidential information, you must have “courier authorization.” This means that you have received a briefing on what to do in the event of an emergency or other unexpected occurrence. After the briefing, you will be issued a courier card, which shows that you are allowed to carry classified information, usually up to Secret level. The courier briefings and courier cards are available from your security officer or the Office of Security. Note that the courier cards authorize you to hand carry classified information in the local area e.g. driving to the Pentagon or elsewhere in the local commuting area. If you need to get classified information to a location outside of the lcoal area, contact your security officer for assistance, or use one of the methods we’ll discuss in a few moments. You cannot board a commercial aircraft with classified information, even within the United States. Also, you cannot stay overnight someplace with classified information unless you locate a place with proper storage capability. Reminder question: Where is the only place you can store classified information? Answer: In a GSA approved security container (a safe). Hotel safes do not meet the standard. Car trunks do not meet the standard. Locked briefcases placed in car trunks do not meet the standard.

47. Transmission cont... Authorized couriers: Must be a US Government agency courier: No FedEx, UPS, Airborne Express, etc. Departmental couriers: Check with your security officer before you give classified to a Commerce courier. Not all are authorize to carry classified To sned classified information via courier, you must ensure that it is an approved courier. The general rule for finding an approved courier, is that they must be from a US Government agency, and approved for classified. If you need help finding one, contact your security officer for assistance. Large private courier companies e.g. FedEx are not approved for classified information. Nor are the local courier companies e.g. bicycle couries who frequent the Department. If you are sending something within Commerce, some of the Bureaus have couriers who are authorized to carry classified. Before you give classified to a courier within the Department, check with your security officer to verify they are approved. Again, if you want to use a courier, and are not sure if they are approved, contact your security officer for assistance.To sned classified information via courier, you must ensure that it is an approved courier. The general rule for finding an approved courier, is that they must be from a US Government agency, and approved for classified. If you need help finding one, contact your security officer for assistance. Large private courier companies e.g. FedEx are not approved for classified information. Nor are the local courier companies e.g. bicycle couries who frequent the Department. If you are sending something within Commerce, some of the Bureaus have couriers who are authorized to carry classified. Before you give classified to a courier within the Department, check with your security officer to verify they are approved. Again, if you want to use a courier, and are not sure if they are approved, contact your security officer for assistance.

48. Transmission cont... US Postal Service: Only within the continental US Always use “Return receipt requested” Secret: Registered Confidential: Certified Express First Class For sending classified information to locations outside of your local area, the best way is to use the US Postal Service. This method is NOT approved for Top Secret information. This method is only valid within the continental United States. Do not send classified information to overseas addresses, even within US territories. When sending information through the post office, we always want to do three things: 1) Double check our addresses on the envelopes to ensure they are accurate and very precise. 2) Make sure we put “If undeliverable, return to sender” on the outer wrapping so if the package does run into problems, the post office will know what to do with it (send it back). 3) Aways send classified information using “return receipt requested.” This is the green form you fill out that will come back to you when the post office delivers the package. With this form, if your receiver says he/she did not receive the package, hopefully you’ll be able to tell them who signed for it. For Secret information, we can use registered mail. Don’t forget to double wrap of course. For Confidential information, we have several options: Certified, Express, or First class mail. Again, we always want to be sure to double wrap, check our addresses, put “if undeliverable return to sender” on the envelope and ask for “return receipt.” Well, now your classified information is ready to go. If these methods don’t work for you e.g. immediate need or recipient is overseas, contact your security officer for assistance. There are other methods we can use e.g. secure fax or diplomatic pouch. Any questions or conerns about transmitting classified information should go to your security officer.For sending classified information to locations outside of your local area, the best way is to use the US Postal Service. This method is NOT approved for Top Secret information. This method is only valid within the continental United States. Do not send classified information to overseas addresses, even within US territories. When sending information through the post office, we always want to do three things: 1) Double check our addresses on the envelopes to ensure they are accurate and very precise. 2) Make sure we put “If undeliverable, return to sender” on the outer wrapping so if the package does run into problems, the post office will know what to do with it (send it back). 3) Aways send classified information using “return receipt requested.” This is the green form you fill out that will come back to you when the post office delivers the package. With this form, if your receiver says he/she did not receive the package, hopefully you’ll be able to tell them who signed for it. For Secret information, we can use registered mail. Don’t forget to double wrap of course. For Confidential information, we have several options: Certified, Express, or First class mail. Again, we always want to be sure to double wrap, check our addresses, put “if undeliverable return to sender” on the envelope and ask for “return receipt.” Well, now your classified information is ready to go. If these methods don’t work for you e.g. immediate need or recipient is overseas, contact your security officer for assistance. There are other methods we can use e.g. secure fax or diplomatic pouch. Any questions or conerns about transmitting classified information should go to your security officer.

49. Transmission cont... Other types of information: FOUO, proprietary, Privacy Act, LOU/SBU data: No special handling required, but recommended for additional protection Use secure phone/fax for overseas transmissions For transmitting other types of information which are not classified, here is what is needed. Information marked as FOUO, Privacy Act, LOU/SBU or proprietary data do not require any special handling. You can use a standard telephone or fax to send it, and can mail it anyway you like, or use any courier service you like. But always keep in the back of your mind that the special handling procedures are available if you need them. Why not use a secure phone or fax to send very sensitive information, even though it’s not classified. As mentioned previously, it will do nothing more to the material other than adding an addditional level of protection. If you are sending these types of information overseas, I strongly encourage you to use some of the procedures for classified information e.g. secure phone or fax, and unclassified information which is sensitive can be just as valuable to our competitors. For transmitting other types of information which are not classified, here is what is needed. Information marked as FOUO, Privacy Act, LOU/SBU or proprietary data do not require any special handling. You can use a standard telephone or fax to send it, and can mail it anyway you like, or use any courier service you like. But always keep in the back of your mind that the special handling procedures are available if you need them. Why not use a secure phone or fax to send very sensitive information, even though it’s not classified. As mentioned previously, it will do nothing more to the material other than adding an addditional level of protection. If you are sending these types of information overseas, I strongly encourage you to use some of the procedures for classified information e.g. secure phone or fax, and unclassified information which is sensitive can be just as valuable to our competitors.

50. Computer Security Do not process classified information on your computer unless: You have contacted your Information Technology (IT) representative Your computer has: A removeable hard drive Is in a stand-alone configuration (no modem/network etc) One area that we were not even concerned with 15 years ago was computer security. The network within Commerce is not secure. You should NOT process and classified information of the computers in your office. Of course, we understand that there are times when you have to work with classified information. If this need arises, contact your bureau’s Information Technology (IT) person right away and ask for assistance. What you’ll need is a special type of computer; one that has a removeable hard drive. This means you can take out the hard drive when it is not in use, and secure it in a safe like any other classified document. The computer must also be in a stand-alone configuration, which means it is not connected to a modem, network or any other type of communication device. The reason for this is that if you can “reach out and touch” people via your modem or network connections, they can come back and do the same to you, often without your knowledge. One area that we were not even concerned with 15 years ago was computer security. The network within Commerce is not secure. You should NOT process and classified information of the computers in your office. Of course, we understand that there are times when you have to work with classified information. If this need arises, contact your bureau’s Information Technology (IT) person right away and ask for assistance. What you’ll need is a special type of computer; one that has a removeable hard drive. This means you can take out the hard drive when it is not in use, and secure it in a safe like any other classified document. The computer must also be in a stand-alone configuration, which means it is not connected to a modem, network or any other type of communication device. The reason for this is that if you can “reach out and touch” people via your modem or network connections, they can come back and do the same to you, often without your knowledge.

51. Computer Security cont... Please do not: Process classified on floppy disks, cd roms, etc. Connect your computer to the Internet without telling your IT representative Try to hide/disguise classified information Contact your IT representative or your security officer if you have classified on your computer When using your computers, please do not process classified information on floppy disks, cd roms or other types of media. With the newer systems, shadow copies are automatically sent to your hard drive where they can be retrieved e.g. timed back-ups go to your hard-drive or network. In WordPerfect, every time you hit save or spell-check or print, a shadow copy is created, and you’ll probably never know it’s there. The Internet is one of the most, if not THE most powerful information tools available in the world. Unfortunately, it is also one of the most dangerous. As we mentioned before, if you can reach out and touch others, they can reach in and touch you back. They can do it without your even knowing it. Please do not connect yourself to the internet without first contacting your IT representative to ensure that some sort of a “firewall” is in place. This will help to protect you from unauthorized personnel “hacking” into your system. It won’t guarantee your safety from invasion, but it will help. If you do have classified information on your computer, please tell someone. They can come and sanitize your computer and hopefully solve the problem. Do not try to hide or disguise information by deleting it or changing file names or other tricks, because once the information is on your computer, it is there permanently. Someone can find that information; someone who may not be authorized to receive it. When using your computers, please do not process classified information on floppy disks, cd roms or other types of media. With the newer systems, shadow copies are automatically sent to your hard drive where they can be retrieved e.g. timed back-ups go to your hard-drive or network. In WordPerfect, every time you hit save or spell-check or print, a shadow copy is created, and you’ll probably never know it’s there. The Internet is one of the most, if not THE most powerful information tools available in the world. Unfortunately, it is also one of the most dangerous. As we mentioned before, if you can reach out and touch others, they can reach in and touch you back. They can do it without your even knowing it. Please do not connect yourself to the internet without first contacting your IT representative to ensure that some sort of a “firewall” is in place. This will help to protect you from unauthorized personnel “hacking” into your system. It won’t guarantee your safety from invasion, but it will help. If you do have classified information on your computer, please tell someone. They can come and sanitize your computer and hopefully solve the problem. Do not try to hide or disguise information by deleting it or changing file names or other tricks, because once the information is on your computer, it is there permanently. Someone can find that information; someone who may not be authorized to receive it.

52. Computer Security cont... Please do: Treat classified disks as you would any other classified item: accountability, marking, storage, transmission, destruction, etc. Protect your password like a combination, e.g. don’t write it down or give it out Watch what you’re putting on the network! Sanitize equipment before it is surplused Don’t forget that disks with classified information on them must be treated like any other classified information. It must be properly accounted for, marked, stored, transmitted and/or destroyed. If you think about it, a classified disk is nothing more than an automated document. A computer is nothing more than a high tech container. If the container is not approved for storing classified, it should not have any inside it. Would you give out the combination to your safe? Of course not, and you should not give out your password either. Remember when we said to create combinations that are not easy to guess e.g. don’t use birth dates? Well, the same applies to the password for your computer. Use a combination of numbers and letters, and don’t use easy words. We should be careful with what we process on the networks, especially the e-mail. Remember, the e-mail is a public document. Anyone who wants a copy of your e-mails would only have to submit a Freedom of Information Act request to get them. Managers, when you are getting rid of your old computers, be sure to check that the hard drives have been sanitized or removed. You never know who might end up with them.Don’t forget that disks with classified information on them must be treated like any other classified information. It must be properly accounted for, marked, stored, transmitted and/or destroyed. If you think about it, a classified disk is nothing more than an automated document. A computer is nothing more than a high tech container. If the container is not approved for storing classified, it should not have any inside it. Would you give out the combination to your safe? Of course not, and you should not give out your password either. Remember when we said to create combinations that are not easy to guess e.g. don’t use birth dates? Well, the same applies to the password for your computer. Use a combination of numbers and letters, and don’t use easy words. We should be careful with what we process on the networks, especially the e-mail. Remember, the e-mail is a public document. Anyone who wants a copy of your e-mails would only have to submit a Freedom of Information Act request to get them. Managers, when you are getting rid of your old computers, be sure to check that the hard drives have been sanitized or removed. You never know who might end up with them.

53. Reproduction Various ways to reproduce classified information: Paper (photocopier) Electronically (copying data files) Other means, e.g. making copies of videos, cassettes, etc. Use only equipment approved for that purpose Don’t forget to account for copies Now we’ll touch on the subject of reproducing classified information. This is something we want to do only as necessary. Please do not make copies of classified information just for distribution. There are many ways we can make copies of classified information. We could simply throw a classified document on a photocopier, or we could copy group of files to another disk. Or other means like making copies of cassette or video tapes which include classified information. Before you make those copies, are there any special handling instructions on the informetion? How about ORCON; Originator Controlled...can we make copies of this information without checking with the originator first. To make copies of Top Secret materials, please contact your security officer first. If you do make copies, be sure to account for all Secret and Top Secret materials. Also, if copies don’t come out as we want, those bad copies are still classified and must be treated as calsssified waste. Now we’ll touch on the subject of reproducing classified information. This is something we want to do only as necessary. Please do not make copies of classified information just for distribution. There are many ways we can make copies of classified information. We could simply throw a classified document on a photocopier, or we could copy group of files to another disk. Or other means like making copies of cassette or video tapes which include classified information. Before you make those copies, are there any special handling instructions on the informetion? How about ORCON; Originator Controlled...can we make copies of this information without checking with the originator first. To make copies of Top Secret materials, please contact your security officer first. If you do make copies, be sure to account for all Secret and Top Secret materials. Also, if copies don’t come out as we want, those bad copies are still classified and must be treated as calsssified waste.

54. Reproduction cont... Approved photocopiers: Are in controlled environments Do not have memories Are sanitized after classified copies are made Are serviced by cleared service personnel OR service personnel are monitored while repairs are done Contact your security officer if your copier jams while working with classified You should only make copies of classified information on machines accredited (or approved) for doing so. How do you know if a copier is approved? Admittedly, most of the copiers within the Department have not been looked at specifically for the purpose of accrediting them for classified information. This responsibility does not fall under the Office of Security. With this in mind, here’s what you should look for if you need to make copies: 1) The machine should not be in a public area e.g. copy centers which are open to anyone, or in a hallway in your office where anyone passing by can use it. The copier should be in a separate area, preferably its own room, where access to the machine is controlled. It does not have to be in a vault. 2) The copier cannot have any type of a memory. if the copier was to memorize classified information, the entire copier would then have to be secured. 3) Anyone working on the copier must have a security clearance OR be watched carefully while work is being done. Special attention should be made if any paper or significant parts of the copier are removed e.g. the drum or roller. 4) Sanitize the copier each time you reproduce classified information. Use the sheet handed out in your packets. The reason for this is that copiers can maintain latent images of documents previously copied; up to five copies back. By sanitizing the drum or roller, you are removing any such images. If the copier jams or you have some other problems with it while making copies of classified information. Please don’t curse the machine and look for another. Stand by the machine and contact your security officer and a repairman immediately. Again, only make copies of classified information if you absolutely have to...remember that need-to-know principle; does everyone really need a copy of this information? You should only make copies of classified information on machines accredited (or approved) for doing so. How do you know if a copier is approved? Admittedly, most of the copiers within the Department have not been looked at specifically for the purpose of accrediting them for classified information. This responsibility does not fall under the Office of Security. With this in mind, here’s what you should look for if you need to make copies: 1) The machine should not be in a public area e.g. copy centers which are open to anyone, or in a hallway in your office where anyone passing by can use it. The copier should be in a separate area, preferably its own room, where access to the machine is controlled. It does not have to be in a vault. 2) The copier cannot have any type of a memory. if the copier was to memorize classified information, the entire copier would then have to be secured. 3) Anyone working on the copier must have a security clearance OR be watched carefully while work is being done. Special attention should be made if any paper or significant parts of the copier are removed e.g. the drum or roller. 4) Sanitize the copier each time you reproduce classified information. Use the sheet handed out in your packets. The reason for this is that copiers can maintain latent images of documents previously copied; up to five copies back. By sanitizing the drum or roller, you are removing any such images. If the copier jams or you have some other problems with it while making copies of classified information. Please don’t curse the machine and look for another. Stand by the machine and contact your security officer and a repairman immediately. Again, only make copies of classified information if you absolutely have to...remember that need-to-know principle; does everyone really need a copy of this information?

55. Destruction Use “burn bags” to collect classified waste Protect them as any classified information Waste includes: paper, floppy disks, typewriter or printer ribbons, carbon paper, etc. Methods: Burning (at an approved facility) Shredding (cross cut) So far we have created, marked, accounted for and stored classified information. But what do we do with it when we no longer have a need for it? The answer is we destroy it. Since we have been protecting this information for so long, we can’t simply throw it in the trash. We are prtoecting thisminformation right to the end. Within the Commerce Department, we use “burn bags” to collect classified waste. We call them burn bags, but what the really are are classified waste bags. Remember, that if there is classified waste in a bag, we must protect it like any other type of classified information. It can not be left out overnight; it must be stored in a safe. When destroying classified materials, don’t forget to update your registers to note that the information has been destroyed. Classified waste can come in many forms. Most commonly it is paper; classified documents which are no longer needed, or copies that did not turn out right which we don’t want. It can also be in the form of floppy disks, or ribbons from tyepwriters or printers, or some of might still use carbon papers. Anywhere you have classified information can one day be classified waste, and we must destroy it properly. There are only two methods approved for destroying classified waste within this Department: 1) Burning: Not in your office, please. use only a facility designed to incinerate waste products. 2) Shredding: Using a cross-cut shredder. We used to use the strip cut shredders, but they are no longer authorized for classified materials. It must be a cross-cut shredder (dimensions are 1/2” by 1/32” if anyone asks). How about sensitive information, how do we get rid of that?So far we have created, marked, accounted for and stored classified information. But what do we do with it when we no longer have a need for it? The answer is we destroy it. Since we have been protecting this information for so long, we can’t simply throw it in the trash. We are prtoecting thisminformation right to the end. Within the Commerce Department, we use “burn bags” to collect classified waste. We call them burn bags, but what the really are are classified waste bags. Remember, that if there is classified waste in a bag, we must protect it like any other type of classified information. It can not be left out overnight; it must be stored in a safe. When destroying classified materials, don’t forget to update your registers to note that the information has been destroyed. Classified waste can come in many forms. Most commonly it is paper; classified documents which are no longer needed, or copies that did not turn out right which we don’t want. It can also be in the form of floppy disks, or ribbons from tyepwriters or printers, or some of might still use carbon papers. Anywhere you have classified information can one day be classified waste, and we must destroy it properly. There are only two methods approved for destroying classified waste within this Department: 1) Burning: Not in your office, please. use only a facility designed to incinerate waste products. 2) Shredding: Using a cross-cut shredder. We used to use the strip cut shredders, but they are no longer authorized for classified materials. It must be a cross-cut shredder (dimensions are 1/2” by 1/32” if anyone asks). How about sensitive information, how do we get rid of that?

56. Destruction cont... Other types of information, e.g. FOUO, Privacy Act, proprietary data, SBU/LOU: SBU/LOU should be shredded using cross-cut Other types: At a minimum, tear them up Shred if possible What if it was your personal information? There is no requirement for you to burn or shred FOUO, Privacy Act or proprietary information, but if you just throw it in the trash, you never know where it is going to end up. At a minimum, you should tear it up into small pieces; maybe spread the peices among several trash bags. Better yet, why not use a strip shredder if your office has one? Even better, see it you can send the more sensitive stuff with the classified waste. That will guarantee a safe end to the materials.There is no requirement for you to burn or shred FOUO, Privacy Act or proprietary information, but if you just throw it in the trash, you never know where it is going to end up. At a minimum, you should tear it up into small pieces; maybe spread the peices among several trash bags. Better yet, why not use a strip shredder if your office has one? Even better, see it you can send the more sensitive stuff with the classified waste. That will guarantee a safe end to the materials.

57. Destruction cont... Herbert C. Hoover building procedures: Burn bags: Paper only please; no staples, paper clips, plastic clips, binders, rubber bands, etc. Bring to room B509 Call X3220 for pick-ups or hours for the burn room GSA stock number for burn bags: 262 7363 Within the HCHB, we ask that you follow the following procedures for getting rid of your burn bags: 1) Please, only paper materials in the burn bags. No staples, or other metal or plastics can be included, as they will damage the destruction devise. The bags should be sealed with tape, not staples. Destruction of other materials should be coordinated through your security offcier. Note: you can do things like take floppy disks out of their plastic sleeves and shred them, or take ribbons out of the plastci case and put them in the burn bag. What cancerns us is anyhting that might damage the blades on the machine. You can bring the bags down to room B509 where they will take them from you for destruction. If you have alot of material, you can cann X3220 and OSY will pick uo your classified waste. This is also the number to call for the hours of the burn room. The last thing is the GSA stock number for burn bags. It is : They can be ordered like any other GSA catalogue items.Within the HCHB, we ask that you follow the following procedures for getting rid of your burn bags: 1) Please, only paper materials in the burn bags. No staples, or other metal or plastics can be included, as they will damage the destruction devise. The bags should be sealed with tape, not staples. Destruction of other materials should be coordinated through your security offcier. Note: you can do things like take floppy disks out of their plastic sleeves and shred them, or take ribbons out of the plastci case and put them in the burn bag. What cancerns us is anyhting that might damage the blades on the machine. You can bring the bags down to room B509 where they will take them from you for destruction. If you have alot of material, you can cann X3220 and OSY will pick uo your classified waste. This is also the number to call for the hours of the burn room. The last thing is the GSA stock number for burn bags. It is : They can be ordered like any other GSA catalogue items.

58. Travel Contact your security officer for a thorough travel briefing before you go Do not bring classified information Limit sensitive information Sanitize laptops; put information on disk Notify US Embassy: Regional Security Officer (RSO) POC for all security needs while overseas Embassy is the only secure area Many of us in this room will be required to travel as part of our duties. Some of this travel may be overseas. If you do go overseas, stop by and see your security officer a few days before you go. Your security officer will be able to give you up to date information from the State Department on the country that you’ll be visiting, information you might not get from news advisories etc. Even if you are a seasoned traveller, it does not hurt to get a refresher briefing before each trip. Things can change quite rapidly, and you want to be up on the latest information before you go. This service is available to you also for personal trvael as well. If you go on travel, you may not carry classified information. The reason for this is: Where is the first stop when you get off of a plane overseas? Answer: Customs. And there is nothing you can do if the customs agents want to look through your belongings. If you do need classified information while, overseas, we can get it to you via cable, secure phone or fax, or using a diplomatic pouch. Contact your security officer for assistance. For the same reason, you should limit the amount of sensitive information you take with you. You never want to let sensitive information out of your possession. Always keep it with you. Try not to take laptop computers overseas, because they are so vulnerable to compromise. Customs authorities may take the computer and give it back to you, but they will probably take all of the information from it. If you must take a laptop, sanitize it first, and place all sensitive information on floppy disks. Keep the disks on your person; never leave them unattended as we mentioned before. If you’ll be working with the US embassy overseas, of course you want to contact them ahead of time to notify them of your visit. Note that the US Embassy is the only place you can consider secure. You should not hold discussions involving classified or very sensitive information outside of the embassy. If you have any security problems while overseas, you’ll want to contact the Regional Security Officer (RSO) in the mbassy you’re visiting. He can help you with local travel advisories, secure areas to discuss classified or sensitive information, assist in getting you classified materials and many other things. Many of us in this room will be required to travel as part of our duties. Some of this travel may be overseas. If you do go overseas, stop by and see your security officer a few days before you go. Your security officer will be able to give you up to date information from the State Department on the country that you’ll be visiting, information you might not get from news advisories etc. Even if you are a seasoned traveller, it does not hurt to get a refresher briefing before each trip. Things can change quite rapidly, and you want to be up on the latest information before you go. This service is available to you also for personal trvael as well. If you go on travel, you may not carry classified information. The reason for this is: Where is the first stop when you get off of a plane overseas? Answer: Customs. And there is nothing you can do if the customs agents want to look through your belongings. If you do need classified information while, overseas, we can get it to you via cable, secure phone or fax, or using a diplomatic pouch. Contact your security officer for assistance. For the same reason, you should limit the amount of sensitive information you take with you. You never want to let sensitive information out of your possession. Always keep it with you. Try not to take laptop computers overseas, because they are so vulnerable to compromise. Customs authorities may take the computer and give it back to you, but they will probably take all of the information from it. If you must take a laptop, sanitize it first, and place all sensitive information on floppy disks. Keep the disks on your person; never leave them unattended as we mentioned before. If you’ll be working with the US embassy overseas, of course you want to contact them ahead of time to notify them of your visit. Note that the US Embassy is the only place you can consider secure. You should not hold discussions involving classified or very sensitive information outside of the embassy. If you have any security problems while overseas, you’ll want to contact the Regional Security Officer (RSO) in the mbassy you’re visiting. He can help you with local travel advisories, secure areas to discuss classified or sensitive information, assist in getting you classified materials and many other things.

59. Travel cont... Reporting requirements: Foreign nationals who: Request classified information Want more information than they need-to-know Act suspiciously Harassments and provocations Report all incidents to the RSO or your security officer immediately As we mentioned earlier, you are no longer required to report travel to designated countries, as the designated country list is gone. You should report contact with foriegn nationals if: 1) They ask you for classified or very sensitive information 2) They ask for information above and beyond what is required to do the job. 3) They act suspiciously. You also want to report any harrassments or provocations. A harrassment is when they are putting you into a situation where you will be bothered, stressed or confronted. A good example of this is going through customs: If they hold you up for no reason, and you feel it is because a0 you are an American, b) you are a government employee or c) They might be interested in information you have, you want to report this. A provocation means they are trying to get you into a situation you might regret later on. Such as offering you a gift they know you are not allowed to receive, or giving you a package to deliver for them in the United States, or using the lovely young lady or handsome young man to get you in a compromising situation. If you ever feel you are harrassed or provoked, or you feel that foreign nationals are looking for information report it immediately. If you are on your way overseas, or already overseas, contact the RSO. If you are on your way back, report it to the Office of Security as soon as you get back. As we mentioned earlier, you are no longer required to report travel to designated countries, as the designated country list is gone. You should report contact with foriegn nationals if: 1) They ask you for classified or very sensitive information 2) They ask for information above and beyond what is required to do the job. 3) They act suspiciously. You also want to report any harrassments or provocations. A harrassment is when they are putting you into a situation where you will be bothered, stressed or confronted. A good example of this is going through customs: If they hold you up for no reason, and you feel it is because a0 you are an American, b) you are a government employee or c) They might be interested in information you have, you want to report this. A provocation means they are trying to get you into a situation you might regret later on. Such as offering you a gift they know you are not allowed to receive, or giving you a package to deliver for them in the United States, or using the lovely young lady or handsome young man to get you in a compromising situation. If you ever feel you are harrassed or provoked, or you feel that foreign nationals are looking for information report it immediately. If you are on your way overseas, or already overseas, contact the RSO. If you are on your way back, report it to the Office of Security as soon as you get back.

60. Your Security Officer Your security officer is there to help you; call or stop by if you have any questions or concerns Who is your security officer? Report to your security officer: Security violations Loss or compromise of classified information Security incidents or problems A few closing notes... Your security officer or security representative is there to help you with any security related questions or concerns. Please do not hesitate to call. If you prefer, feel free to call the Office of Security, and we will do whatever we can to help you. If you even see a security violation, you want to report it to your security officer as soon as possible. We have found that most people commit violations becau se they don’t understand the regulations. By making your security officer aware of that, we can help educate people; making them aware of waht is needed for an effective security program. If you should lose any classified materials, or you feel classified information has been compromised, you should report it to your security officer immediately. We want to know what was lost or compromised so we can avoid any further damage. Holding off on the reporting will only increase the amount of damage done. If you have any problems or concerns related to security, again, please call your security officer of the Office of Security right away. A few closing notes... Your security officer or security representative is there to help you with any security related questions or concerns. Please do not hesitate to call. If you prefer, feel free to call the Office of Security, and we will do whatever we can to help you. If you even see a security violation, you want to report it to your security officer as soon as possible. We have found that most people commit violations becau se they don’t understand the regulations. By making your security officer aware of that, we can help educate people; making them aware of waht is needed for an effective security program. If you should lose any classified materials, or you feel classified information has been compromised, you should report it to your security officer immediately. We want to know what was lost or compromised so we can avoid any further damage. Holding off on the reporting will only increase the amount of damage done. If you have any problems or concerns related to security, again, please call your security officer of the Office of Security right away.

61. End-of-Day Security Checks First line of defense against after-hours intrusions. Helps to: Protect classified information Protect your personal property Check: Safes Windows, doors Are they closed and locked? The last item we’ll discuss is the last thing you should do every day before you go home: End of day security checks. This is the first line of defense for not only protecting classified information, but also protecting your personal property. We have found that thieves look for easy prey. If you leave valuables out and unattended, they’ll surely disappear. If you leave classified information unattended, there’ll probably be a compromise. Your office should have a policy for end-of-day security checks. Each day, a person should be designated to check safes, windows, door to see that they are closed and locked. PS: How do you check a safe? Pull on the handle and turn the dial. You can do your own end-of-day checks before you leave by checking your desk or work area for classified materials, making sure your safe is locked, and that no valuables are left out. When you go out the door, check that it clases and locks behind you. Again, this simple, quick check will protect both your personal property and classified information. Think about it, when you leave home every day, don’t you make sure the house is secure before you go? Shouldn’t you do the same when you leave the office (Your second home)?The last item we’ll discuss is the last thing you should do every day before you go home: End of day security checks. This is the first line of defense for not only protecting classified information, but also protecting your personal property. We have found that thieves look for easy prey. If you leave valuables out and unattended, they’ll surely disappear. If you leave classified information unattended, there’ll probably be a compromise. Your office should have a policy for end-of-day security checks. Each day, a person should be designated to check safes, windows, door to see that they are closed and locked. PS: How do you check a safe? Pull on the handle and turn the dial. You can do your own end-of-day checks before you leave by checking your desk or work area for classified materials, making sure your safe is locked, and that no valuables are left out. When you go out the door, check that it clases and locks behind you. Again, this simple, quick check will protect both your personal property and classified information. Think about it, when you leave home every day, don’t you make sure the house is secure before you go? Shouldn’t you do the same when you leave the office (Your second home)?

62. Finally... Who is responsible for security in the Department of Commerce? Finally, I know you are all full of security information and can’t wait to get back to your offices to spread the word, but I have one last question for you: Who is responsible for security in the Department of Commerce? Is it the Secretary? Is it the Director of Security? IS it your security officer?Finally, I know you are all full of security information and can’t wait to get back to your offices to spread the word, but I have one last question for you: Who is responsible for security in the Department of Commerce? Is it the Secretary? Is it the Director of Security? IS it your security officer?

63. Finally... Who is responsible for security in the Department of Commerce? You are...I am...we all are. Security is everyone’s responsibility, and we must all work together for an effective security program to work That ends our briefing. Are there any questions?You are...I am...we all are. Security is everyone’s responsibility, and we must all work together for an effective security program to work That ends our briefing. Are there any questions?

  • Login