Classified data handling
Download
1 / 37

Classified Data Handling - PowerPoint PPT Presentation


  • 186 Views
  • Uploaded on

Classified Data Handling. By Francesco Scarimbolo. Outline. Purpose & Overall Authority Security Clearances - Authorization Security Training & Briefings Classification & Marking Safeguarding Classified Information Automated Access Control System. Purpose & Overall Authority.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Classified Data Handling' - mary-mullins


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Classified data handling

Classified Data Handling

By Francesco Scarimbolo


Outline
Outline

  • Purpose & Overall Authority

  • Security Clearances - Authorization

  • Security Training & Briefings

  • Classification & Marking

  • Safeguarding Classified Information

  • Automated Access Control System


Purpose overall authority
Purpose & Overall Authority

  • Requirements, Restrictions and Safeguards to prevention unauthorized disclosure (Information Assurance Policy)

  • Controlled Disclosure from Government to Contractors

  • The President appointed Secretary of Defense – Executive Agent

  • The Director, Information Security Oversight Office Implements, Monitors and issues directives

  • Overall Authority – National Industrial Security Program (NISP)

    • Executive Order 12829, January 6 1993

    • Executive Order 12958, April 17 1995 – Classified National Security Information


Security clearances authorization
Security Clearances - Authorization

  • Facility Clearances

  • Personal Clearances


Facility clearances flc eligibility requirements
Facility Clearances- (FLC) Eligibility Requirements

  • Must need access to classified information for legitimate U.S. Gov. or foreign requirement

  • Must exist under the laws of any of the 50 states, in D.C., or Puerto Rico, and be located within the U.S. and its territorial areas or possessions

  • Must have a reputation for integrity and lawful conduct in business practices

  • Must not be in under foreign ownership, control, or influence, to the extent that granting FCL would be inconsistent with national interest


Facility clearances flc eligible requirements continued
Facility Clearances- (FLC) Eligible Requirements (Continued)

  • Facility Security Officer (FSO) must be a U.S. Citizen employee

  • Senior Management and the FSO must have a Personal Clearance (PLC) = FLC


Personal clearances
Personal Clearances

  • Single Scope Background Investigation (SSBI) – Required for Top Secret PCL

  • National Agency Check with Local Check and Credit Check – Required for Secret and Confidential PCL

  • Polygraph – Agency Dependent, coverage expanded upon surfacing concerns in effort to resolve the issues

  • Reciprocity – Previously granted PLC that meets or exceeds current clearance required provides basis without for further investigation unless significant information wasn’t known


Personal clearances continued
Personal Clearances (Continued)

  • Contractor Based Clearances – Not permitted after January 1, 2004

  • Proof Of Citizenship

    • Birth Certificate for US born

    • Certificate of Naturalization

    • Certificate of Citizenship by INS

    • Birth abroad of a Citizen of US

    • Passport, Current or Expired


Converting plc to industrial clearance
Converting PLC to Industrial Clearance

  • Investigation meets standards for equivalent clearance

  • No More Than 24 Months pass since termination of last investigation

  • No evidence of adverse information exists since last investigation

  • Q access authorization can be converted to a Top Secret PLC

  • L access authorization can be converted to a Secret PLC


Security training briefings
Security Training & Briefings

  • FSO Training – Should be completed 1 year of appointment to position of FSO

  • Classified Information Nondisclosure Agreement – SF 312

  • Initial Security Briefings

    • Threat Awareness Briefing

    • Defensive Security Briefing

    • Overview of security classification system

    • Employee reporting obligations and requirements

    • Security procedures and duties applicable to job function


Classification marking
Classification & Marking

  • Top Secret, Secret, Confidential, Unclassified

  • Terms such as “Official Use only” or “Administratively Confidential” are not applicable to national security information

  • Original Classification

    • Falls within categories set by Executive Order 12958

    • May cause damage to National Security by itself or with other information – Classification cannot be given otherwise

    • Must State Reason on front page

    • Must also set date for duration of classification if possible or marked with an exemption category of “X”

    • Viewer must have completed SF 312 and have “Need to Know”

    • Apply the markings as document is being created

    • Preliminary documents must be handled as destroyed as if it had a classification


Derivative classification responsibilities
Derivative Classification Responsibilities

  • Manager at operational level where information is being produced or assembled determines classification

  • Employees are responsible for marking or challenging the classification when copying, extracting, reproducing, or translating a portion of or the totality of the document


Challenging the classification
Challenging the Classification

  • Information is classified improperly or unnecessarily

  • Current security considerations justify downgrading or upgrading classification

    • Declassification is not automatically an approval for public disclosure

  • Security classification guidance is improper or inadequate


Contractor developed information
Contractor Developed Information

  • Similar information previously identified as classified retain the associated level

  • Novel information the contractor believes should be classified, the contractor submits it to the appropriate agency that would have interest in it for classification determination


Identification overall markings
Identification & Overall Markings

  • Name & Address of Facility responsible for preparation

  • Date of Preparation

  • Overall marking should be on the front cover & back cover (if applicable), top and bottom

  • Markings are done by stamped, printed, etched, written engraved, painted or affixed by a adhesive tag (except on documents)


Page component portion marking
Page, Component, & Portion Marking

  • The top and bottom of the page is marked with the highest classification on that page

  • Components such as annex or an appendix can be given a one time classification marking of UNCLASSIFIED if it holds true for the entire component

  • Each portion, such as a paragraph shall be given the highest classification marking that exists within the portion with either a (TS) for Top Secret, (S) for Secret, (C) for Confidential and (U) for Unclassified


Portion marking continued
Portion Marking (Continued)

  • Foreign government information is marked with abbreviation for that nation and appropriate classification (UK – C)

  • NATO documents receive a mark of “NATO” or “COSMIC” with the appropriate classification (NATO – TS), (COSMIC – S)

  • Illustrations get marked with no abbreviations directly next to the illustration

  • Impractical marking and all portions are at same level, the document can have an overall classification as long as there is a full explanation included


Marking for derivatively classified documents
Marking for Derivatively Classified Documents

  • Source of classification and declassification instructions need to be marked

  • The marking of “multiple sources” is acceptable

  • “Declassify on” may have the markings of the date to declassify, an X for unknown declassification date or “Original Agency’s Determination Required”


Downgrade to and reason classified
“Downgrade To” and “Reason Classified”

  • The classification to downgrade to upon a certain date can be given in advance and is marked downgraded subsequently on storage containers

  • The reason of Classification may sometimes be necessary upon original Classification


Marking special types of material
Marking Special Types of Material

  • Files, Folders or Groups of Document – Marked with highest classification when not stored

  • Messages – Electronically Transmitted – Need “Derived From” & some agencies require “Classified By” & “Reason Classified”

  • Microfilms – Unaided to the eye markings are necessary on container, Images shall also contain markings of classification so its properly disclosed upon printing

  • Translations – Only difference, U.S. must be indicated as country of origin


Marking transmittal documents
Marking Transmittal Documents

  • Classified documents are noted with highest classification information

  • Unclassified documents that transmit classified data as an attachment get marked as “Unclassified when Separated from Classified Enclosures”

  • Classified Documents get marked similarly as follows “Secret when Separated from Enclosures”


Upgrading and automatic downgrading
Upgrading and Automatic Downgrading

  • Appropriately upgraded material removes all indication of previous classification

  • Authority & date of upgrade is marked

  • Notification to all who obtained information is required for further correct dissemination

  • Automatic downgrading (such as based on date) remove all indication of previous classification with new classification

  • No further dissemination is necessary when it is automatic


Miscellaneous actions improperly handled information
Miscellaneous Actions(Improperly handled Information)

  • Determine who has it (their clearance) and should they have it (the information’s discovered classification)

  • Determine who has control of information

  • Determine whether control has been lost

  • If recipients have the correct clearance – issue notices promptly of classified information

  • If not, report incident to Cognizant Security Agency (CSA) DoD – Incident Response for National Security Matters


Safeguarding classified information
Safeguarding Classified Information

  • Safeguarding Oral Communication – prohibited: unsecured phone lines, public conversations, any other interception by unauthorized personnel

  • End of Day Security Checks –

    • At the close of each day – ensure all classified data is securely stored

    • At the end of each shift – ensure all classified data is securely stored except when facility is in 24 hour contiguous operation


Perimeter control physical security
Perimeter Control(Physical Security)

  • Inspections must be done in random nature guided by legal advice

  • All individuals are subject to inspection

    • Must be done within facility grounds

    • Inspections are not necessary for highly personal – purse, wallet, clothing etc.


External receipt and dispatch records
External Receipt and Dispatch Records

  • The date of the material

  • The date of receipt or dispatch

  • The classification

  • An Unclassified description

  • Identify the activity that resulted in the retrieval of the material or to which the material was dispatched

  • Receipt and dispatch records are kept for 2 years


Receiving classified material
Receiving Classified Material

  • Top Secret & Secret Classified data needs signature receipt

  • Confidential doesn’t, but if signature is required, it must be given

  • If tampering is detected (TS, S) – should be reported promptly to sender


Generation of classified material
Generation of Classified Material

  • Classified working papers

    • Dated when created

    • Marked with classification

    • Marked with “working papers”

    • Destroyed when no longer needed

    • Classified as finished documents when

      • Transmitted out of facility

      • Retained for more than 180 days

  • Contractor produced Top Secret material – Record must be produced

    • Completed Document

    • Retained for 30 days

    • Transmitted Outside facility


General services administration gsa
General Services Administration (GSA)

  • Top Secret material – Stored in GSA approved security container, approved vault or approved closed area

  • Secret Material – Stored similar to Top Secret without the GSA approval

    • In a safe, steel file cabinet, automatic locking, 4 sides welded, riveted, or bolted to indicate visible evidence of tampering (Until October 1, 2012)


Restricted areas
Restricted Areas

  • Necessary impractical or impossible to store otherwise due to unusual characteristic

  • Clearly defined perimeter – No barriers necessary

  • Personnel within the area are responsible for challenging all individuals who may lack proper authority


Intrusion detection systems
Intrusion Detection Systems

  • Guard Patrol – 2 hours for Top Secret Material, 4 hours for Secret

  • GSA approved containers need no supplemental security if in an area deemed “with security-in-depth”


Protection of combinations
Protection of Combinations

  • Record of Names with combinations maintained

  • All containers are locked if not under the direct supervision of an authorized person

  • Combination is dependent upon classification of contents, upgrade in classification destroys previous combinations


Changing combinations
Changing Combinations

  • Initial use of container

  • Termination of employee or clearance is withdrawn, suspended or revoked

  • Compromise of security container

    • Unlocked, Unattended


Supervision of keys
Supervision of Keys

  • Key and lock custodian is appointed

  • Key and lock control register center

  • Key and lock audit every month

  • Keys inventoried with every change of custody

  • Keys and spare locks protected as classified

  • Locks and keys rotated at least once a year

  • Master Keys prohibited


Automated access control system
Automated Access Control System

  • Manufactures must meet these requirements

    • Chances of unauthorized access are no more than one in 10,000

    • Chances of authorized access being rejected in no more than 1 in 1,000

    • Locations of access and there storage must be protected

    • Tamper alarm protection is mandatory for Top Secret Closed Area


Automated access control system continued
Automated Access Control SystemContinued

  • Personal Identification

    • Identification can be obtained by ID with PIN badge or personal identity

      • ID Badge – must use embedded sensors, integrated circuits magnetic stripes etc

      • Fingerprint

      • Hand geometry

      • Handwriting

      • Retina

      • Voice Recognition


Summary
Summary

  • Purpose & Overall Authority

  • Security Clearances - Authorization

  • Security Training & Briefings

  • Classification & Marking

  • Safeguarding Classified Information

  • Automated Access Control System