classified data handling
Skip this Video
Download Presentation
Classified Data Handling

Loading in 2 Seconds...

play fullscreen
1 / 37

Classified Data Handling - PowerPoint PPT Presentation

  • Uploaded on

Classified Data Handling. By Francesco Scarimbolo. Outline. Purpose & Overall Authority Security Clearances - Authorization Security Training & Briefings Classification & Marking Safeguarding Classified Information Automated Access Control System. Purpose & Overall Authority.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Classified Data Handling' - mary-mullins

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
classified data handling

Classified Data Handling

By Francesco Scarimbolo

  • Purpose & Overall Authority
  • Security Clearances - Authorization
  • Security Training & Briefings
  • Classification & Marking
  • Safeguarding Classified Information
  • Automated Access Control System
purpose overall authority
Purpose & Overall Authority
  • Requirements, Restrictions and Safeguards to prevention unauthorized disclosure (Information Assurance Policy)
  • Controlled Disclosure from Government to Contractors
  • The President appointed Secretary of Defense – Executive Agent
  • The Director, Information Security Oversight Office Implements, Monitors and issues directives
  • Overall Authority – National Industrial Security Program (NISP)
    • Executive Order 12829, January 6 1993
    • Executive Order 12958, April 17 1995 – Classified National Security Information
security clearances authorization
Security Clearances - Authorization
  • Facility Clearances
  • Personal Clearances
facility clearances flc eligibility requirements
Facility Clearances- (FLC) Eligibility Requirements
  • Must need access to classified information for legitimate U.S. Gov. or foreign requirement
  • Must exist under the laws of any of the 50 states, in D.C., or Puerto Rico, and be located within the U.S. and its territorial areas or possessions
  • Must have a reputation for integrity and lawful conduct in business practices
  • Must not be in under foreign ownership, control, or influence, to the extent that granting FCL would be inconsistent with national interest
facility clearances flc eligible requirements continued
Facility Clearances- (FLC) Eligible Requirements (Continued)
  • Facility Security Officer (FSO) must be a U.S. Citizen employee
  • Senior Management and the FSO must have a Personal Clearance (PLC) = FLC
personal clearances
Personal Clearances
  • Single Scope Background Investigation (SSBI) – Required for Top Secret PCL
  • National Agency Check with Local Check and Credit Check – Required for Secret and Confidential PCL
  • Polygraph – Agency Dependent, coverage expanded upon surfacing concerns in effort to resolve the issues
  • Reciprocity – Previously granted PLC that meets or exceeds current clearance required provides basis without for further investigation unless significant information wasn’t known
personal clearances continued
Personal Clearances (Continued)
  • Contractor Based Clearances – Not permitted after January 1, 2004
  • Proof Of Citizenship
    • Birth Certificate for US born
    • Certificate of Naturalization
    • Certificate of Citizenship by INS
    • Birth abroad of a Citizen of US
    • Passport, Current or Expired
converting plc to industrial clearance
Converting PLC to Industrial Clearance
  • Investigation meets standards for equivalent clearance
  • No More Than 24 Months pass since termination of last investigation
  • No evidence of adverse information exists since last investigation
  • Q access authorization can be converted to a Top Secret PLC
  • L access authorization can be converted to a Secret PLC
security training briefings
Security Training & Briefings
  • FSO Training – Should be completed 1 year of appointment to position of FSO
  • Classified Information Nondisclosure Agreement – SF 312
  • Initial Security Briefings
    • Threat Awareness Briefing
    • Defensive Security Briefing
    • Overview of security classification system
    • Employee reporting obligations and requirements
    • Security procedures and duties applicable to job function
classification marking
Classification & Marking
  • Top Secret, Secret, Confidential, Unclassified
  • Terms such as “Official Use only” or “Administratively Confidential” are not applicable to national security information
  • Original Classification
    • Falls within categories set by Executive Order 12958
    • May cause damage to National Security by itself or with other information – Classification cannot be given otherwise
    • Must State Reason on front page
    • Must also set date for duration of classification if possible or marked with an exemption category of “X”
    • Viewer must have completed SF 312 and have “Need to Know”
    • Apply the markings as document is being created
    • Preliminary documents must be handled as destroyed as if it had a classification
derivative classification responsibilities
Derivative Classification Responsibilities
  • Manager at operational level where information is being produced or assembled determines classification
  • Employees are responsible for marking or challenging the classification when copying, extracting, reproducing, or translating a portion of or the totality of the document
challenging the classification
Challenging the Classification
  • Information is classified improperly or unnecessarily
  • Current security considerations justify downgrading or upgrading classification
    • Declassification is not automatically an approval for public disclosure
  • Security classification guidance is improper or inadequate
contractor developed information
Contractor Developed Information
  • Similar information previously identified as classified retain the associated level
  • Novel information the contractor believes should be classified, the contractor submits it to the appropriate agency that would have interest in it for classification determination
identification overall markings
Identification & Overall Markings
  • Name & Address of Facility responsible for preparation
  • Date of Preparation
  • Overall marking should be on the front cover & back cover (if applicable), top and bottom
  • Markings are done by stamped, printed, etched, written engraved, painted or affixed by a adhesive tag (except on documents)
page component portion marking
Page, Component, & Portion Marking
  • The top and bottom of the page is marked with the highest classification on that page
  • Components such as annex or an appendix can be given a one time classification marking of UNCLASSIFIED if it holds true for the entire component
  • Each portion, such as a paragraph shall be given the highest classification marking that exists within the portion with either a (TS) for Top Secret, (S) for Secret, (C) for Confidential and (U) for Unclassified
portion marking continued
Portion Marking (Continued)
  • Foreign government information is marked with abbreviation for that nation and appropriate classification (UK – C)
  • NATO documents receive a mark of “NATO” or “COSMIC” with the appropriate classification (NATO – TS), (COSMIC – S)
  • Illustrations get marked with no abbreviations directly next to the illustration
  • Impractical marking and all portions are at same level, the document can have an overall classification as long as there is a full explanation included
marking for derivatively classified documents
Marking for Derivatively Classified Documents
  • Source of classification and declassification instructions need to be marked
  • The marking of “multiple sources” is acceptable
  • “Declassify on” may have the markings of the date to declassify, an X for unknown declassification date or “Original Agency’s Determination Required”
downgrade to and reason classified
“Downgrade To” and “Reason Classified”
  • The classification to downgrade to upon a certain date can be given in advance and is marked downgraded subsequently on storage containers
  • The reason of Classification may sometimes be necessary upon original Classification
marking special types of material
Marking Special Types of Material
  • Files, Folders or Groups of Document – Marked with highest classification when not stored
  • Messages – Electronically Transmitted – Need “Derived From” & some agencies require “Classified By” & “Reason Classified”
  • Microfilms – Unaided to the eye markings are necessary on container, Images shall also contain markings of classification so its properly disclosed upon printing
  • Translations – Only difference, U.S. must be indicated as country of origin
marking transmittal documents
Marking Transmittal Documents
  • Classified documents are noted with highest classification information
  • Unclassified documents that transmit classified data as an attachment get marked as “Unclassified when Separated from Classified Enclosures”
  • Classified Documents get marked similarly as follows “Secret when Separated from Enclosures”
upgrading and automatic downgrading
Upgrading and Automatic Downgrading
  • Appropriately upgraded material removes all indication of previous classification
  • Authority & date of upgrade is marked
  • Notification to all who obtained information is required for further correct dissemination
  • Automatic downgrading (such as based on date) remove all indication of previous classification with new classification
  • No further dissemination is necessary when it is automatic
miscellaneous actions improperly handled information
Miscellaneous Actions(Improperly handled Information)
  • Determine who has it (their clearance) and should they have it (the information’s discovered classification)
  • Determine who has control of information
  • Determine whether control has been lost
  • If recipients have the correct clearance – issue notices promptly of classified information
  • If not, report incident to Cognizant Security Agency (CSA) DoD – Incident Response for National Security Matters
safeguarding classified information
Safeguarding Classified Information
  • Safeguarding Oral Communication – prohibited: unsecured phone lines, public conversations, any other interception by unauthorized personnel
  • End of Day Security Checks –
    • At the close of each day – ensure all classified data is securely stored
    • At the end of each shift – ensure all classified data is securely stored except when facility is in 24 hour contiguous operation
perimeter control physical security
Perimeter Control(Physical Security)
  • Inspections must be done in random nature guided by legal advice
  • All individuals are subject to inspection
    • Must be done within facility grounds
    • Inspections are not necessary for highly personal – purse, wallet, clothing etc.
external receipt and dispatch records
External Receipt and Dispatch Records
  • The date of the material
  • The date of receipt or dispatch
  • The classification
  • An Unclassified description
  • Identify the activity that resulted in the retrieval of the material or to which the material was dispatched
  • Receipt and dispatch records are kept for 2 years
receiving classified material
Receiving Classified Material
  • Top Secret & Secret Classified data needs signature receipt
  • Confidential doesn’t, but if signature is required, it must be given
  • If tampering is detected (TS, S) – should be reported promptly to sender
generation of classified material
Generation of Classified Material
  • Classified working papers
    • Dated when created
    • Marked with classification
    • Marked with “working papers”
    • Destroyed when no longer needed
    • Classified as finished documents when
      • Transmitted out of facility
      • Retained for more than 180 days
  • Contractor produced Top Secret material – Record must be produced
    • Completed Document
    • Retained for 30 days
    • Transmitted Outside facility
general services administration gsa
General Services Administration (GSA)
  • Top Secret material – Stored in GSA approved security container, approved vault or approved closed area
  • Secret Material – Stored similar to Top Secret without the GSA approval
    • In a safe, steel file cabinet, automatic locking, 4 sides welded, riveted, or bolted to indicate visible evidence of tampering (Until October 1, 2012)
restricted areas
Restricted Areas
  • Necessary impractical or impossible to store otherwise due to unusual characteristic
  • Clearly defined perimeter – No barriers necessary
  • Personnel within the area are responsible for challenging all individuals who may lack proper authority
intrusion detection systems
Intrusion Detection Systems
  • Guard Patrol – 2 hours for Top Secret Material, 4 hours for Secret
  • GSA approved containers need no supplemental security if in an area deemed “with security-in-depth”
protection of combinations
Protection of Combinations
  • Record of Names with combinations maintained
  • All containers are locked if not under the direct supervision of an authorized person
  • Combination is dependent upon classification of contents, upgrade in classification destroys previous combinations
changing combinations
Changing Combinations
  • Initial use of container
  • Termination of employee or clearance is withdrawn, suspended or revoked
  • Compromise of security container
    • Unlocked, Unattended
supervision of keys
Supervision of Keys
  • Key and lock custodian is appointed
  • Key and lock control register center
  • Key and lock audit every month
  • Keys inventoried with every change of custody
  • Keys and spare locks protected as classified
  • Locks and keys rotated at least once a year
  • Master Keys prohibited
automated access control system
Automated Access Control System
  • Manufactures must meet these requirements
    • Chances of unauthorized access are no more than one in 10,000
    • Chances of authorized access being rejected in no more than 1 in 1,000
    • Locations of access and there storage must be protected
    • Tamper alarm protection is mandatory for Top Secret Closed Area
automated access control system continued
Automated Access Control SystemContinued
  • Personal Identification
    • Identification can be obtained by ID with PIN badge or personal identity
      • ID Badge – must use embedded sensors, integrated circuits magnetic stripes etc
      • Fingerprint
      • Hand geometry
      • Handwriting
      • Retina
      • Voice Recognition
  • Purpose & Overall Authority
  • Security Clearances - Authorization
  • Security Training & Briefings
  • Classification & Marking
  • Safeguarding Classified Information
  • Automated Access Control System