Classified Safeguarding and Handling - NCMS

advertisement
Section Two:
Classified Safeguarding and Handling
Note: All classified markings contained within this presentation are for training purposes only.
Non-Disclosure Agreement (SF-312)
Your Personal Obligations
•
All personnel authorized to access Classified information
must sign a Non-Disclosure Agreement (NDA) with the U.S.
Government upon being granted access to classified
information with {Company}
–
•
The Security Department will inform you of your requirement
to review and sign the NDA
By signing this agreement you acknowledge that
–
A special trust has been placed in you
–
You are responsible to protect classified information from
unauthorized disclosure
–
You have received your security indoctrination for handling
classified information and notification of pre-publication review
–
This is a binding lifetime agreement, even when you no longer
require a security clearance
–
There are serious consequences for not complying with the
terms of this agreement which are punishable under Federal
criminal statutes, including imprisonment and fines
Classified Safeguarding and Handling
Understanding “Need-to-Know”
•
Established when an individual has a requirement for
access in order to perform an essential task or service to
fulfill a classified contract or program
•
Access to classified information requires an appropriate
security clearance level and “need-to-know”
‒ Possessing a clearance or working on the same project does
not automatically grant individuals a need-to-know
‒ This principle also applies to information systems
•
It is your responsibility to verify need and clearance
before allowing access to limit damage by adversaries
–
•
Failure to do so can and has contributed greatly to
espionage cases
Confirmation can be obtained through your immediate
supervisor or Security Department
Classified Safeguarding and Handling
General Guidelines
Conversations
• Classified information comes in all shapes and sizes
to include, but is not limited to, the following:
– Documents and presentations
– Working papers
– Emails
– Faxes
– Verbal conversations
– Photographs
– Meeting notes
– Maps and sketches
– Storage media
– Equipment and machinery
– Other materials
Classified Safeguarding and Handling
General Guidelines (cont.)
• Control and accountability of classified material
‒ Accountable classified material includes TOP SECRET, NATO,
COMSEC, and Special Access
‒ The proper functioning of the control process depends on
the cooperation and acceptance of individual responsibility
‒ All classified received in or sent from {Company} must be
recorded in a receipt and dispatch record system
‒ Facilities holding a TOP SECRET facility clearance must
conduct an annual inventory and accounting for all classified
materials
‒ Facilities should only maintain classified materials that are
needed and have a valid classified contract (DD254)

Conduct annual classified reduction exercises

Reduce holdings during inspections and reviews
Classified Safeguarding and Handling
General Guidelines (cont.)
• Classified information requires protection against unauthorized
disclosure, therefore it must be
– Properly marked, never left unattended, and protected accordingly
– Accessed by individuals with a valid security clearance and need-to-know only

The recipient must be informed of the information’s classification level

Only disclose information related to the specific need or purpose
– Shall be kept under constant observation by an authorized person or stored in
an approved GSA security container

Do not take classified material home, to a hotel, or any other uncleared location

Do not discuss classified information in unauthorized open or public areas, such as
reception areas, cafeterias, hallways, restrooms, etc.
– When not in actual use, classified material shall be secured in a GSA-approved
security container

A locked room, desk or file cabinet is not an approved method of classified storage
unless specifically authorized by Security
Classified Safeguarding and Handling
General Guidelines (cont.)
•
When working with classified material
‒
Workspace should be free of clutter
‒
Classified coversheets, folders, and labels must be used to
‒
•
Screen from uncleared and unauthorized individuals

Warn that the information or system is classified and must be protected
accordingly
Must only be processed on classified computers or other equipment
approved by the government
When no longer needed, classified material must be
‒
Classified
Coversheets and
Labels

Destroyed by approved methods

Degaussing

Pulverizing

Shredding

When in doubt, contact the Security Department
Classified Safeguarding and Handling
General Guidelines (cont.)
• Classified meetings or impromptu classified discussions
– Must be conducted in a room with a locking device on the door
– If the room has windows, it must have blinds that can be closed to
shield from outside observation
– Keep conversations at a low speaking volume so those outside cannot
discern what is being discussed
– A sign must be placed on the door stating: “CLASSIFIED MEETING –
DO NOT ENTER”
• Classified information can only be transmitted via secure
communications methods
‒
Registered U.S. Mail (Secret and below)
‒
Classified Fax
‒
SIPRNet email account
‒
Secure Terminal Equipment (STE)
‒
Authorized Courier
Classified Safeguarding and Handling (cont.)
Hand-Carrying Classified Material
• Hand-carrying classified material outside the {Company}
facilities should only be used as a last resort
‒ Mailing or email via a SIPRNet account is preferred
• When hand-carrying classified material externally
‒ Courier must have signed courier letter
‒ All material will be double-wrapped and addressed to the recipient

Carry the material in an inconspicuous briefcase or other suitable carrying
case
‒ When aboard commercial passenger aircraft, if challenged by airline
personnel

Present a copy of your courier authorization letter and government
identification

Inform the individual that classified material is being carried - they may
inspect the package, but cannot open it
‒ The material cannot be publicly read, studied, displayed in any
manner
‒ Reasonable precautions must be taken to avoid compromise
Classified Safeguarding and Handling (cont.)
Hand-Carrying Classified Material (cont.)
• Only approved storage facilities can be used for temporary
storage
‒ Vehicles, hotel safes or non-GSA approved containers cannot be
used for storage
‒ If emergency storage is required, contact the Security Department
‒ If a location cannot be found, then the material must remain in
your personal possession at all times or mailed using the United
States Postal Service (Express or Registered mail, for secret and
below)
• Traveling within the continental United States
‒ If classified material is lost or possibly compromised, immediately
contact the Security Department and the nearest FBI office (if
required)
• Local Travel
‒ If classified material is lost or possibly compromised, immediately
contact the Security Department
Classified Safeguarding and Handling (cont.)
Classified Reproduction
•
•
Reproduction of classified material must be essential to
‒
The performance of a contract
‒
Correspondence in connection with a contract
‒
The preparation of a bid, quotation, proposal to a User Agency of the U.S.
Government or an authorized contractor
‒
The preparation of a patent application to be filed in the U.S. Patent Office
Reproduction of classified material can only occur on approved
equipment when
‒
The individual responsible for its security has provided approval
‒
The information is not classified higher than SECRET (unless specifically
prohibited)
‒
The information is not COMSEC or Special Access information
•
Only the number of copies needed to meet operational requirements can
be reproduced and must be destroyed when no longer needed
•
Persons using reproduction equipment must ensure that all material is
retrieved when the job is completed
Classified Safeguarding and Handling (cont.)
Pre-publication Review
• Employees cannot disclose classified or unclassified information to
the public without prior review and approval per the DD Form 254
• Disclosing classified or unclassified information to the public
includes:
‒
‒
‒
‒
‒
‒
Articles submitted for technical journals and books
Lectures and presentations made at symposiums
Marketing literature prepared for general or specific purpose release
Presentations at trade shows and job fairs
Dissertations/theses developed in pursuit of advanced degrees
Any other method of release to the public domain
• As stated in the Non-Disclosure Agreement you signed upon being
granted access to classified
‒ Failure to submit items for a release review may subject you to legal
proceedings
‒ Individuals must forfeit any monetary gain received from the
unauthorized publication to the government
• Be advised that posting information to the Internet or responding
to someone else’s post is considered publication!
Classified Safeguarding and Handling (cont.)
Pre-publication Review (cont.)
•
Disclosures of classified information in the public
media, publications or other sources remains
classified
•
When responding to classified information
questions
•
‒
Personnel should neither confirm nor deny
information found in public sources
‒
Questions should be referred to the {Company}
Security Department and/or Legal Department
Individuals remain bound by the Non-Disclosure
Agreement they signed when first granted access
to classified information, even if it is intentionally
or unintentionally released publicly
Classified Safeguarding and Handling (cont.)
Security Container Overview
•
Security containers should be locked when not in use
– Open/Close signs or magnetic markers shall be used as reminders
•
All security containers must have a security record
– The security record must be filled out each time the container is
opened, closed, and at the end of the work day check
– When locking up, spin the combination dial four complete revolutions
in one direction and then four more in the opposite direction
•
•
Store all classified documents in “classified” folders or marked
with the classification of the material stored within
Store all unclassified documents in manila folders labeled
“unclassified”
– Unclassified can be kept with classified material but must be
distinguishable
•
Bind each document to avoid loose papers
– Staple, paper clip and/or binder clip
•
Destroy or archive materials that are no longer used
Classified Safeguarding and Handling (cont.)
Security Container Overview (cont.)
•
Caveats are used to identify material that requires additional
protective measures or access and handling restrictions
•
Classification markings are used in conjunction with any of the
following caveats:
•
‒ NATO
‒ COMSEC
‒ CNWDI
‒ FGI
‒ CRYPTO
If there are any special caveats within your security container
holdings:
– You must obtain the appropriate special access briefings from the
Security Department
– Anyone with access to that security container also needs the
appropriate special access briefings
•
Any access to the above requires special access briefings and in
some cases a final clearance
= Briefings required for SIPRNET access
Classified Safeguarding and Handling (cont.)
Closed Area Security Records and End-of-Day Checks
•
Closed Area Custodians and their alternate are equally
responsible for the overall integrity of the Closed Area
and must
–
–
–
Generate, update, and maintain a list of personnel
authorized to access the Closed Area, verified by the
Security Department
Ensure that any modifications or physical changes to the
Closed Area are coordinated in advance with the Security
Department
Ensure that an end-of-day check system is performed at the
conclusion of normal business hours

–
•
All personnel assigned to perform this function must be
properly trained
Ensure that “uncleared” visitors to the Closed Area are
annotated on the visitor record if used and escorted at all
times
Under no circumstances may a Closed Area be left
unlocked and unattended
Classified Safeguarding and Handling (cont.)
Closed Area Controls
• {Company} maintains physical security controls for Closed
Areas that must be adhered to by its employees and visitors:
– Admittance is allowed to Closed Areas by employees that have a
DoD security clearance, a need-to-know, and are on the access list
– Uncleared visitors must be escorted at all times by approved
personnel
– All visitors must sign the visitor log, if used
– Incoming visitor clearances may be forwarded via JPAS (SMO Code
number)
– Employees and visitors may not bring the following prohibited
items into Closed Areas:
 Cell phones
 Personal electronic devices
 Magnetic media storage devices
 Recording or photographic devices
Classified Safeguarding and Handling (cont.)
Closed Area Security Records and End-of-Day Checks
•
CLOSED
The following requirements must be met for all Closed
Areas at the end of each business day
– A Security Record must be in place and completed
 If the area has been opened, the following must be
checked prior to securing to prevent a security
incident:
o All Security Containers
o All office spaces and conference rooms
o Desks, bookshelves, waste baskets, and
whiteboards
o STE (Secure Terminal Equipment)
o Printers, Fax and classified copier machines
o Classified AIS systems
– End-of-Day Checks must be completed daily, even if the
area was not opened
 All doors must be listed and checked, including nonentry doors
 Security containers located outside of Closed Areas
must also be checked during end-of-day checks
Classified Safeguarding and Handling (cont.)
Closed Area Security Records and End-of-Day Checks
Opening Procedures
1. Call Alarm Control
2. Unlock spin dial
3. Prox/enter PIN
4. Fill out OPEN log
5. Enter Area
Closing Procedures
1. Conduct end-of-day check
and fill out forms
2. Close the door
3. Spin the dial at least 5 times
in one direction
4. Call Alarm Control
5. Fill out CLOSE log
Classified Safeguarding and Handling (cont.)
Combination and Pin Controls
•
•
•
An access list must be maintained of all individuals with
access to security containers and closed areas
Combinations and pin numbers to security containers or
secure areas must be memorized
If written down, they must be
– Stored in a sealed envelope within an approved GSA security
container
 Marked with the highest classification level (i.e., “Secret”)
 Sealed, initialed, and stamped with the date over seal
– Each time combinations are accessed they must be
 Resealed, initialed, and stamped with a new date
•
Combinations shall be changed
–
–
–
–
Upon initial issuance
When persons knowing the number have been debriefed
When the number is believed to have been compromised
When deemed necessary by the Security Department
Classified Safeguarding and Handling (cont.)
Closed Area Security Records and End-of-Day Checks
•
Safeguarding Classified Information during an
emergency
‒ Life Safety is First! Use your best judgment.
‒ If time permits secure classified material in appropriate
container
 Engage the spin dial to the container and closed area
‒ If time does not permit:
 Small amount of classified - take it with you and keep it
under your control at all times, do not leave the property
 Large amount of classified in a Closed Area - Last person
out secure the Area
 Large amount of classified out in an open office area - If
time allows, place in cabinet, desk, etc. (lock if possible)
 Notify Security As Soon As Possible
Download