Section Two: Classified Safeguarding and Handling Note: All classified markings contained within this presentation are for training purposes only. Non-Disclosure Agreement (SF-312) Your Personal Obligations • All personnel authorized to access Classified information must sign a Non-Disclosure Agreement (NDA) with the U.S. Government upon being granted access to classified information with {Company} – • The Security Department will inform you of your requirement to review and sign the NDA By signing this agreement you acknowledge that – A special trust has been placed in you – You are responsible to protect classified information from unauthorized disclosure – You have received your security indoctrination for handling classified information and notification of pre-publication review – This is a binding lifetime agreement, even when you no longer require a security clearance – There are serious consequences for not complying with the terms of this agreement which are punishable under Federal criminal statutes, including imprisonment and fines Classified Safeguarding and Handling Understanding “Need-to-Know” • Established when an individual has a requirement for access in order to perform an essential task or service to fulfill a classified contract or program • Access to classified information requires an appropriate security clearance level and “need-to-know” ‒ Possessing a clearance or working on the same project does not automatically grant individuals a need-to-know ‒ This principle also applies to information systems • It is your responsibility to verify need and clearance before allowing access to limit damage by adversaries – • Failure to do so can and has contributed greatly to espionage cases Confirmation can be obtained through your immediate supervisor or Security Department Classified Safeguarding and Handling General Guidelines Conversations • Classified information comes in all shapes and sizes to include, but is not limited to, the following: – Documents and presentations – Working papers – Emails – Faxes – Verbal conversations – Photographs – Meeting notes – Maps and sketches – Storage media – Equipment and machinery – Other materials Classified Safeguarding and Handling General Guidelines (cont.) • Control and accountability of classified material ‒ Accountable classified material includes TOP SECRET, NATO, COMSEC, and Special Access ‒ The proper functioning of the control process depends on the cooperation and acceptance of individual responsibility ‒ All classified received in or sent from {Company} must be recorded in a receipt and dispatch record system ‒ Facilities holding a TOP SECRET facility clearance must conduct an annual inventory and accounting for all classified materials ‒ Facilities should only maintain classified materials that are needed and have a valid classified contract (DD254) Conduct annual classified reduction exercises Reduce holdings during inspections and reviews Classified Safeguarding and Handling General Guidelines (cont.) • Classified information requires protection against unauthorized disclosure, therefore it must be – Properly marked, never left unattended, and protected accordingly – Accessed by individuals with a valid security clearance and need-to-know only The recipient must be informed of the information’s classification level Only disclose information related to the specific need or purpose – Shall be kept under constant observation by an authorized person or stored in an approved GSA security container Do not take classified material home, to a hotel, or any other uncleared location Do not discuss classified information in unauthorized open or public areas, such as reception areas, cafeterias, hallways, restrooms, etc. – When not in actual use, classified material shall be secured in a GSA-approved security container A locked room, desk or file cabinet is not an approved method of classified storage unless specifically authorized by Security Classified Safeguarding and Handling General Guidelines (cont.) • When working with classified material ‒ Workspace should be free of clutter ‒ Classified coversheets, folders, and labels must be used to ‒ • Screen from uncleared and unauthorized individuals Warn that the information or system is classified and must be protected accordingly Must only be processed on classified computers or other equipment approved by the government When no longer needed, classified material must be ‒ Classified Coversheets and Labels Destroyed by approved methods Degaussing Pulverizing Shredding When in doubt, contact the Security Department Classified Safeguarding and Handling General Guidelines (cont.) • Classified meetings or impromptu classified discussions – Must be conducted in a room with a locking device on the door – If the room has windows, it must have blinds that can be closed to shield from outside observation – Keep conversations at a low speaking volume so those outside cannot discern what is being discussed – A sign must be placed on the door stating: “CLASSIFIED MEETING – DO NOT ENTER” • Classified information can only be transmitted via secure communications methods ‒ Registered U.S. Mail (Secret and below) ‒ Classified Fax ‒ SIPRNet email account ‒ Secure Terminal Equipment (STE) ‒ Authorized Courier Classified Safeguarding and Handling (cont.) Hand-Carrying Classified Material • Hand-carrying classified material outside the {Company} facilities should only be used as a last resort ‒ Mailing or email via a SIPRNet account is preferred • When hand-carrying classified material externally ‒ Courier must have signed courier letter ‒ All material will be double-wrapped and addressed to the recipient Carry the material in an inconspicuous briefcase or other suitable carrying case ‒ When aboard commercial passenger aircraft, if challenged by airline personnel Present a copy of your courier authorization letter and government identification Inform the individual that classified material is being carried - they may inspect the package, but cannot open it ‒ The material cannot be publicly read, studied, displayed in any manner ‒ Reasonable precautions must be taken to avoid compromise Classified Safeguarding and Handling (cont.) Hand-Carrying Classified Material (cont.) • Only approved storage facilities can be used for temporary storage ‒ Vehicles, hotel safes or non-GSA approved containers cannot be used for storage ‒ If emergency storage is required, contact the Security Department ‒ If a location cannot be found, then the material must remain in your personal possession at all times or mailed using the United States Postal Service (Express or Registered mail, for secret and below) • Traveling within the continental United States ‒ If classified material is lost or possibly compromised, immediately contact the Security Department and the nearest FBI office (if required) • Local Travel ‒ If classified material is lost or possibly compromised, immediately contact the Security Department Classified Safeguarding and Handling (cont.) Classified Reproduction • • Reproduction of classified material must be essential to ‒ The performance of a contract ‒ Correspondence in connection with a contract ‒ The preparation of a bid, quotation, proposal to a User Agency of the U.S. Government or an authorized contractor ‒ The preparation of a patent application to be filed in the U.S. Patent Office Reproduction of classified material can only occur on approved equipment when ‒ The individual responsible for its security has provided approval ‒ The information is not classified higher than SECRET (unless specifically prohibited) ‒ The information is not COMSEC or Special Access information • Only the number of copies needed to meet operational requirements can be reproduced and must be destroyed when no longer needed • Persons using reproduction equipment must ensure that all material is retrieved when the job is completed Classified Safeguarding and Handling (cont.) Pre-publication Review • Employees cannot disclose classified or unclassified information to the public without prior review and approval per the DD Form 254 • Disclosing classified or unclassified information to the public includes: ‒ ‒ ‒ ‒ ‒ ‒ Articles submitted for technical journals and books Lectures and presentations made at symposiums Marketing literature prepared for general or specific purpose release Presentations at trade shows and job fairs Dissertations/theses developed in pursuit of advanced degrees Any other method of release to the public domain • As stated in the Non-Disclosure Agreement you signed upon being granted access to classified ‒ Failure to submit items for a release review may subject you to legal proceedings ‒ Individuals must forfeit any monetary gain received from the unauthorized publication to the government • Be advised that posting information to the Internet or responding to someone else’s post is considered publication! Classified Safeguarding and Handling (cont.) Pre-publication Review (cont.) • Disclosures of classified information in the public media, publications or other sources remains classified • When responding to classified information questions • ‒ Personnel should neither confirm nor deny information found in public sources ‒ Questions should be referred to the {Company} Security Department and/or Legal Department Individuals remain bound by the Non-Disclosure Agreement they signed when first granted access to classified information, even if it is intentionally or unintentionally released publicly Classified Safeguarding and Handling (cont.) Security Container Overview • Security containers should be locked when not in use – Open/Close signs or magnetic markers shall be used as reminders • All security containers must have a security record – The security record must be filled out each time the container is opened, closed, and at the end of the work day check – When locking up, spin the combination dial four complete revolutions in one direction and then four more in the opposite direction • • Store all classified documents in “classified” folders or marked with the classification of the material stored within Store all unclassified documents in manila folders labeled “unclassified” – Unclassified can be kept with classified material but must be distinguishable • Bind each document to avoid loose papers – Staple, paper clip and/or binder clip • Destroy or archive materials that are no longer used Classified Safeguarding and Handling (cont.) Security Container Overview (cont.) • Caveats are used to identify material that requires additional protective measures or access and handling restrictions • Classification markings are used in conjunction with any of the following caveats: • ‒ NATO ‒ COMSEC ‒ CNWDI ‒ FGI ‒ CRYPTO If there are any special caveats within your security container holdings: – You must obtain the appropriate special access briefings from the Security Department – Anyone with access to that security container also needs the appropriate special access briefings • Any access to the above requires special access briefings and in some cases a final clearance = Briefings required for SIPRNET access Classified Safeguarding and Handling (cont.) Closed Area Security Records and End-of-Day Checks • Closed Area Custodians and their alternate are equally responsible for the overall integrity of the Closed Area and must – – – Generate, update, and maintain a list of personnel authorized to access the Closed Area, verified by the Security Department Ensure that any modifications or physical changes to the Closed Area are coordinated in advance with the Security Department Ensure that an end-of-day check system is performed at the conclusion of normal business hours – • All personnel assigned to perform this function must be properly trained Ensure that “uncleared” visitors to the Closed Area are annotated on the visitor record if used and escorted at all times Under no circumstances may a Closed Area be left unlocked and unattended Classified Safeguarding and Handling (cont.) Closed Area Controls • {Company} maintains physical security controls for Closed Areas that must be adhered to by its employees and visitors: – Admittance is allowed to Closed Areas by employees that have a DoD security clearance, a need-to-know, and are on the access list – Uncleared visitors must be escorted at all times by approved personnel – All visitors must sign the visitor log, if used – Incoming visitor clearances may be forwarded via JPAS (SMO Code number) – Employees and visitors may not bring the following prohibited items into Closed Areas: Cell phones Personal electronic devices Magnetic media storage devices Recording or photographic devices Classified Safeguarding and Handling (cont.) Closed Area Security Records and End-of-Day Checks • CLOSED The following requirements must be met for all Closed Areas at the end of each business day – A Security Record must be in place and completed If the area has been opened, the following must be checked prior to securing to prevent a security incident: o All Security Containers o All office spaces and conference rooms o Desks, bookshelves, waste baskets, and whiteboards o STE (Secure Terminal Equipment) o Printers, Fax and classified copier machines o Classified AIS systems – End-of-Day Checks must be completed daily, even if the area was not opened All doors must be listed and checked, including nonentry doors Security containers located outside of Closed Areas must also be checked during end-of-day checks Classified Safeguarding and Handling (cont.) Closed Area Security Records and End-of-Day Checks Opening Procedures 1. Call Alarm Control 2. Unlock spin dial 3. Prox/enter PIN 4. Fill out OPEN log 5. Enter Area Closing Procedures 1. Conduct end-of-day check and fill out forms 2. Close the door 3. Spin the dial at least 5 times in one direction 4. Call Alarm Control 5. Fill out CLOSE log Classified Safeguarding and Handling (cont.) Combination and Pin Controls • • • An access list must be maintained of all individuals with access to security containers and closed areas Combinations and pin numbers to security containers or secure areas must be memorized If written down, they must be – Stored in a sealed envelope within an approved GSA security container Marked with the highest classification level (i.e., “Secret”) Sealed, initialed, and stamped with the date over seal – Each time combinations are accessed they must be Resealed, initialed, and stamped with a new date • Combinations shall be changed – – – – Upon initial issuance When persons knowing the number have been debriefed When the number is believed to have been compromised When deemed necessary by the Security Department Classified Safeguarding and Handling (cont.) Closed Area Security Records and End-of-Day Checks • Safeguarding Classified Information during an emergency ‒ Life Safety is First! Use your best judgment. ‒ If time permits secure classified material in appropriate container Engage the spin dial to the container and closed area ‒ If time does not permit: Small amount of classified - take it with you and keep it under your control at all times, do not leave the property Large amount of classified in a Closed Area - Last person out secure the Area Large amount of classified out in an open office area - If time allows, place in cabinet, desk, etc. (lock if possible) Notify Security As Soon As Possible