180 likes | 479 Views
Department of Homeland Security Office of Security Administrative Security Division For Official Use Only (FOUO) MD 11042.1. Meegan Kriley, Security Specialist. June 1, 2005. Administrative Security Division. Our Responsibilities Mission
E N D
Department of Homeland SecurityOffice of SecurityAdministrative Security DivisionFor Official Use Only (FOUO)MD 11042.1 Meegan Kriley, Security Specialist June 1, 2005
Administrative Security Division Our Responsibilities Mission • To safeguard information and assets vital to the security and integrity of the homeland. Vision • To establish and maintain a vital, robust, credible, and proactive program for the administration and management of programs associated with the protection of classifiedand sensitive but unclassified information.
Classified Confidential (C) Secret (S) Top Secret (TS) Sensitive But Unclassified (SBU) For Official Use Only (FOUO) Sensitive Security Information (SSI) Protected Critical Infrastructure Information (PCII) Administrative Security Division
Examples: For Official Use Only (FOUO) - DHSMD 11042.1 Sensitive Security Information (SSI) – 49 USC 40119 Protected Critical Infrastructure Information (PCII/CII) – 6 USC 131(3) Law Enforcement Sensitive (LES) Other Similar Terms Used For Information That Is Considered Sensitive, But Does Not Meet E.O. 12958, As Amended, Standards For Classification Privacy Act Information Sensitive But Unclassified Information (SBU)
Definition (from MD 11042.1): Used within DHS to identify unclassified information of a sensitive nature, not otherwise categorized by statute or regulation, the unauthorized disclosure of which could adversely impact a person’s privacy or welfare, the conduct of Federal program, or other programs or operations essential to the national interest. Information impacting the National Security of the United States and classified Confidential, Secret, or Top Secret under Executive Order 12958, “Classified National Security Information,’ as amended, or its predecessor or successor orders, is not to be considered FOUO. For Official Use Only (FOUO)
Exempt under FOIA Exempt under Privacy Act Protected by treaty, statute or other agreement Could be sold for profit Would result in physical risk to personnel It is internal systems data Data revealing the security posture of a system Reveals security vulnerabilities Indicates intentions or capabilities of operations Overly revealing of developing or current technology Marked in a similar manner from another department or agency For Official Use Only (FOUO)Designation Categories (11)
Categories: Any DHS employee, detailee, or contractor, can mark information falling within one or more of the categories’ as FOUO. Without Categories: Officials occupying supervisory or managerial positions are authorized to designate other information, not listed and originating under their jurisdiction, as FOUO. For Official Use Only (FOUO)Designation Authority
Information marked FOUO will retain its designation until determined otherwise by the originator. Duration markings are not required. FOUO marking does not automatically exempt information from release under FOIA. For Official Use Only (FOUO)Duration
Mark bottom of ALL document pages: “FOR OFFICIAL USE ONLY” FOUO Cover Sheet Front Page, Back Page, individual pages Portion markings are not required if there is no classified information in the document Optional: WARNING: This document is FOR OFFICIAL USE ONLY (FOUO). It is to be controlled, stored, handled, transmitted, distributed, and disposed of in accordance with DHS policy relating to FOUO Information. For Official Use Only (FOUO)Marking Department of Homeland Security FOR OFFICIAL USE ONLY The attached materials contain Department of Homeland Security Information that is “For Official Use Only.” The attached materials will be handled and safeguarded in accordance with DHS management directives governing protection and dissemination of such information. MD11042.1
When unattended, FOUO information will be stored in a locked filing cabinet, locked desk drawer, a locked overhead storage compartment such as systems furniture credenza, or a similar locked compartment. Information can also be stored in a room or area that has sufficient physical access control measures to afford adequate protection and prevent unauthorized access by members of the public, visitors, or other persons without a need-to-know, such as a locked room or an area where access is controlled by a guard, cipher lock, or card reader. For Official Use Only (FOUO)Handling / Storage
No clearance is needed for access; however, there has to be a ‘need to know’. Stored in a locked drawer or file, unless otherwise protected from unauthorized access. Not stored with classified unless there is a correlation. Mailed First Class Mail with the U.S. Postal Service, or a commercial delivery service such as DHL. For Official Use Only (FOUO)Handling / Transmittal
Use of secure phone and faxes for transmittal although not required, is encouraged. FOUO transmitted over email should be protected by encryption. When encryption is impractical or unavailable transmit over regular email channels. FOUO should not be posted to public websites. For Official Use Only (FOUO)Handling / Transmittal
Hard copy FOUO materials will be destroyed by shredding, burning, pulping, or pulverizing, sufficient to assure destruction beyond recognition & reconstruction. After destruction, materials may be disposed of with normal waste. Electronic storage media shall be sanitized appropriately by overwriting or degaussing. After destruction, materials may be disposed of with normal waste. For Official Use Only (FOUO)Destruction
Incidents on DHS IT systems will be reported to the organizational element’s Computer Security Incident Response Center. Suspicious or inappropriate requests for information shall be reported to the DHS Office of Security. At the originator’s request, an inquiry will be conducted by the local security official or other designee to determine the cause and affect of the incident and, if any, the appropriate administrative or disciplinary actions. For Official Use Only (FOUO)Incident Reporting
For Official Use Only (FOUO)Example SECRET FIRST PAGE and INTERNAL PAGES – Mark “FOR OFFICIAL USE ONLY” TITLE PAGE For Official Use Only (FOUO) Classification of Information 1 SAMPLE DEPARTMENT Of HOMELAND SECURITY June 1, 2005 Training Class CONFIDENTIAL 2 Classification of Information Information designated as FOUO will be sufficiently marked so that persons having access to it are aware of its sensitivity and protection requirements. 3 SECRET OFFICIAL USE ONLY FOR OFFICIAL USE ONLY FOR OFFICIALUSE ONLY FOR OFFICIAL USE ONLY FRONT COVER, TITLE PAGE, and OUTSIDE BACK COVER – Mark the bottom “FOR OFFICIAL USE ONLY” FOR OFFICIAL USE ONLY For Official Use Only FOR OFFICIAL USE ONLY
What is the term used within DHS to identify unclassified information of a sensitive nature, not otherwise categorized by statute or regulation? For Official Use Only (FOUO) Who can mark information FOUO? ANY DHS employee, detailee, or contractor can mark information falling within one or more of the categories cited How can FOUO materials be transmitted? U.S. Postal Service First Class, DHL, or inter-office mail Where can you find answers regarding questions on DHS FOUO? MD 11042.1 DHS Office of Security – Administrative Security Division QUIZ
DHS Office of Security Customer Service Center(202) 692-4432AdministrativeSecurity@dhs.gov(202) 358-1426meegan.kriley@dhs.gov