1 / 37

Classified Data Handling

Classified Data Handling. By Francesco Scarimbolo. Outline. Purpose & Overall Authority Security Clearances - Authorization Security Training & Briefings Classification & Marking Safeguarding Classified Information Automated Access Control System. Purpose & Overall Authority.

mary-mullins
Download Presentation

Classified Data Handling

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Classified Data Handling By Francesco Scarimbolo

  2. Outline • Purpose & Overall Authority • Security Clearances - Authorization • Security Training & Briefings • Classification & Marking • Safeguarding Classified Information • Automated Access Control System

  3. Purpose & Overall Authority • Requirements, Restrictions and Safeguards to prevention unauthorized disclosure (Information Assurance Policy) • Controlled Disclosure from Government to Contractors • The President appointed Secretary of Defense – Executive Agent • The Director, Information Security Oversight Office Implements, Monitors and issues directives • Overall Authority – National Industrial Security Program (NISP) • Executive Order 12829, January 6 1993 • Executive Order 12958, April 17 1995 – Classified National Security Information

  4. Security Clearances - Authorization • Facility Clearances • Personal Clearances

  5. Facility Clearances- (FLC) Eligibility Requirements • Must need access to classified information for legitimate U.S. Gov. or foreign requirement • Must exist under the laws of any of the 50 states, in D.C., or Puerto Rico, and be located within the U.S. and its territorial areas or possessions • Must have a reputation for integrity and lawful conduct in business practices • Must not be in under foreign ownership, control, or influence, to the extent that granting FCL would be inconsistent with national interest

  6. Facility Clearances- (FLC) Eligible Requirements (Continued) • Facility Security Officer (FSO) must be a U.S. Citizen employee • Senior Management and the FSO must have a Personal Clearance (PLC) = FLC

  7. Personal Clearances • Single Scope Background Investigation (SSBI) – Required for Top Secret PCL • National Agency Check with Local Check and Credit Check – Required for Secret and Confidential PCL • Polygraph – Agency Dependent, coverage expanded upon surfacing concerns in effort to resolve the issues • Reciprocity – Previously granted PLC that meets or exceeds current clearance required provides basis without for further investigation unless significant information wasn’t known

  8. Personal Clearances (Continued) • Contractor Based Clearances – Not permitted after January 1, 2004 • Proof Of Citizenship • Birth Certificate for US born • Certificate of Naturalization • Certificate of Citizenship by INS • Birth abroad of a Citizen of US • Passport, Current or Expired

  9. Converting PLC to Industrial Clearance • Investigation meets standards for equivalent clearance • No More Than 24 Months pass since termination of last investigation • No evidence of adverse information exists since last investigation • Q access authorization can be converted to a Top Secret PLC • L access authorization can be converted to a Secret PLC

  10. Security Training & Briefings • FSO Training – Should be completed 1 year of appointment to position of FSO • Classified Information Nondisclosure Agreement – SF 312 • Initial Security Briefings • Threat Awareness Briefing • Defensive Security Briefing • Overview of security classification system • Employee reporting obligations and requirements • Security procedures and duties applicable to job function

  11. Classification & Marking • Top Secret, Secret, Confidential, Unclassified • Terms such as “Official Use only” or “Administratively Confidential” are not applicable to national security information • Original Classification • Falls within categories set by Executive Order 12958 • May cause damage to National Security by itself or with other information – Classification cannot be given otherwise • Must State Reason on front page • Must also set date for duration of classification if possible or marked with an exemption category of “X” • Viewer must have completed SF 312 and have “Need to Know” • Apply the markings as document is being created • Preliminary documents must be handled as destroyed as if it had a classification

  12. Derivative Classification Responsibilities • Manager at operational level where information is being produced or assembled determines classification • Employees are responsible for marking or challenging the classification when copying, extracting, reproducing, or translating a portion of or the totality of the document

  13. Challenging the Classification • Information is classified improperly or unnecessarily • Current security considerations justify downgrading or upgrading classification • Declassification is not automatically an approval for public disclosure • Security classification guidance is improper or inadequate

  14. Contractor Developed Information • Similar information previously identified as classified retain the associated level • Novel information the contractor believes should be classified, the contractor submits it to the appropriate agency that would have interest in it for classification determination

  15. Identification & Overall Markings • Name & Address of Facility responsible for preparation • Date of Preparation • Overall marking should be on the front cover & back cover (if applicable), top and bottom • Markings are done by stamped, printed, etched, written engraved, painted or affixed by a adhesive tag (except on documents)

  16. Page, Component, & Portion Marking • The top and bottom of the page is marked with the highest classification on that page • Components such as annex or an appendix can be given a one time classification marking of UNCLASSIFIED if it holds true for the entire component • Each portion, such as a paragraph shall be given the highest classification marking that exists within the portion with either a (TS) for Top Secret, (S) for Secret, (C) for Confidential and (U) for Unclassified

  17. Portion Marking (Continued) • Foreign government information is marked with abbreviation for that nation and appropriate classification (UK – C) • NATO documents receive a mark of “NATO” or “COSMIC” with the appropriate classification (NATO – TS), (COSMIC – S) • Illustrations get marked with no abbreviations directly next to the illustration • Impractical marking and all portions are at same level, the document can have an overall classification as long as there is a full explanation included

  18. Marking for Derivatively Classified Documents • Source of classification and declassification instructions need to be marked • The marking of “multiple sources” is acceptable • “Declassify on” may have the markings of the date to declassify, an X for unknown declassification date or “Original Agency’s Determination Required”

  19. “Downgrade To” and “Reason Classified” • The classification to downgrade to upon a certain date can be given in advance and is marked downgraded subsequently on storage containers • The reason of Classification may sometimes be necessary upon original Classification

  20. Marking Special Types of Material • Files, Folders or Groups of Document – Marked with highest classification when not stored • Messages – Electronically Transmitted – Need “Derived From” & some agencies require “Classified By” & “Reason Classified” • Microfilms – Unaided to the eye markings are necessary on container, Images shall also contain markings of classification so its properly disclosed upon printing • Translations – Only difference, U.S. must be indicated as country of origin

  21. Marking Transmittal Documents • Classified documents are noted with highest classification information • Unclassified documents that transmit classified data as an attachment get marked as “Unclassified when Separated from Classified Enclosures” • Classified Documents get marked similarly as follows “Secret when Separated from Enclosures”

  22. Upgrading and Automatic Downgrading • Appropriately upgraded material removes all indication of previous classification • Authority & date of upgrade is marked • Notification to all who obtained information is required for further correct dissemination • Automatic downgrading (such as based on date) remove all indication of previous classification with new classification • No further dissemination is necessary when it is automatic

  23. Miscellaneous Actions(Improperly handled Information) • Determine who has it (their clearance) and should they have it (the information’s discovered classification) • Determine who has control of information • Determine whether control has been lost • If recipients have the correct clearance – issue notices promptly of classified information • If not, report incident to Cognizant Security Agency (CSA) DoD – Incident Response for National Security Matters

  24. Safeguarding Classified Information • Safeguarding Oral Communication – prohibited: unsecured phone lines, public conversations, any other interception by unauthorized personnel • End of Day Security Checks – • At the close of each day – ensure all classified data is securely stored • At the end of each shift – ensure all classified data is securely stored except when facility is in 24 hour contiguous operation

  25. Perimeter Control(Physical Security) • Inspections must be done in random nature guided by legal advice • All individuals are subject to inspection • Must be done within facility grounds • Inspections are not necessary for highly personal – purse, wallet, clothing etc.

  26. External Receipt and Dispatch Records • The date of the material • The date of receipt or dispatch • The classification • An Unclassified description • Identify the activity that resulted in the retrieval of the material or to which the material was dispatched • Receipt and dispatch records are kept for 2 years

  27. Receiving Classified Material • Top Secret & Secret Classified data needs signature receipt • Confidential doesn’t, but if signature is required, it must be given • If tampering is detected (TS, S) – should be reported promptly to sender

  28. Generation of Classified Material • Classified working papers • Dated when created • Marked with classification • Marked with “working papers” • Destroyed when no longer needed • Classified as finished documents when • Transmitted out of facility • Retained for more than 180 days • Contractor produced Top Secret material – Record must be produced • Completed Document • Retained for 30 days • Transmitted Outside facility

  29. General Services Administration (GSA) • Top Secret material – Stored in GSA approved security container, approved vault or approved closed area • Secret Material – Stored similar to Top Secret without the GSA approval • In a safe, steel file cabinet, automatic locking, 4 sides welded, riveted, or bolted to indicate visible evidence of tampering (Until October 1, 2012)

  30. Restricted Areas • Necessary impractical or impossible to store otherwise due to unusual characteristic • Clearly defined perimeter – No barriers necessary • Personnel within the area are responsible for challenging all individuals who may lack proper authority

  31. Intrusion Detection Systems • Guard Patrol – 2 hours for Top Secret Material, 4 hours for Secret • GSA approved containers need no supplemental security if in an area deemed “with security-in-depth”

  32. Protection of Combinations • Record of Names with combinations maintained • All containers are locked if not under the direct supervision of an authorized person • Combination is dependent upon classification of contents, upgrade in classification destroys previous combinations

  33. Changing Combinations • Initial use of container • Termination of employee or clearance is withdrawn, suspended or revoked • Compromise of security container • Unlocked, Unattended

  34. Supervision of Keys • Key and lock custodian is appointed • Key and lock control register center • Key and lock audit every month • Keys inventoried with every change of custody • Keys and spare locks protected as classified • Locks and keys rotated at least once a year • Master Keys prohibited

  35. Automated Access Control System • Manufactures must meet these requirements • Chances of unauthorized access are no more than one in 10,000 • Chances of authorized access being rejected in no more than 1 in 1,000 • Locations of access and there storage must be protected • Tamper alarm protection is mandatory for Top Secret Closed Area

  36. Automated Access Control SystemContinued • Personal Identification • Identification can be obtained by ID with PIN badge or personal identity • ID Badge – must use embedded sensors, integrated circuits magnetic stripes etc • Fingerprint • Hand geometry • Handwriting • Retina • Voice Recognition

  37. Summary • Purpose & Overall Authority • Security Clearances - Authorization • Security Training & Briefings • Classification & Marking • Safeguarding Classified Information • Automated Access Control System

More Related