106 Security - Fleet Weather Center, Norfolk, VA
advertisement
Enlisted Information Dominance Warfare Specialist (EIDWS) Common Core 106 SECURITY Fleet Weather Center Norfolk 1 EIDWS Common Core 106 SECURITY • Objectives: – Discuss the directives that govern personnel security – Define and discuss the classification categories – Explain “need to know” – Identify the different types of security investigation – Indentify SAER – Define SSO and events that are reported to the SRO – Define and discuss a SCIF – Identify and discuss the various forms used in security procedures – Discuss safe combinations – Define the purpose of the DCS – Explain the various procedures for the transportation of classified material – Explain the TSCO – Define and discuss THREATCON and Force Protection – Explain RAM – Define EAP Fleet Weather Center Norfolk 2 EIDWS Common Core 106 SECURITY • Objectives (cont): – Explain EMD – Define SCI – Explain vault recertification and recurring inspections – Discuss access lists, 2 person integrity and documentations logs – Explain the DoD escort policy – Define and discuss COMSEC, INFOSEC, COMPUSEC, PSP and ATFP – Explain the purpose of the ICD system – Identify and discuss the SSO – Identify and discuss the CSM – Define and discuss JPAS – Define and discuss DONCAF – Define and discuss INFOCON and its levels – Discuss the procedures for magnetic and electronic media Fleet Weather Center Norfolk 3 EIDWS Common Core 106 SECURITY • References: • SECNAVINST M-5510.30 Series • DoD 5105.21-M-1 • http://www.archives.gov/isoo/security-forms/ • DoD 5200.33 Series • SECNAVINST M-5510.36 Series • OPNAVINST 3300.53 Series • EKMS 1A • ICPG 705.5 • ICPG 705.2 • ICD 2005-1 • http://www.navysecurity.navy.mil • SD 527-1 • Joint DoDIIS/Cryptologic SCI Information Systems Security Standards • DODI 8410.01 Series • NAVY FOREIGN DISCLOSURE MANUAL • SECNAVINST 3300.3 Series • SECNAVINST 5239.3 series • ACP-122E Fleet Weather Center Norfolk 4 EIDWS Common Core 106 SECURITY • Identify the directives that govern personnel security: – 1. DoD 5105.21-M-1 – 2. SECNAV M-5510-30 – 3. DCID 6/4 and 6/9 – 4. JOINTDODISS Fleet Weather Center Norfolk 5 EIDWS Common Core 106 SECURITY • Define the following classification categories, how they differ, and the color codes used to idenify each one : • a. TOP SECRET - Classification level applied to information whose unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to the national security. Color Code is Orange. • b. SECRET- Classification level applied to information whose unauthorized disclosure could reasonably be expected to cause serious damage to the national security. Color Code is Red. • c. CONFIDENTIAL –Classification level applied to information whose unauthorized disclosure could reasonably be expected to cause damage to the national security. Color Code is Blue. • d. UNCLASSIFIED – Classification level applied to information whose unauthorized disclosure could reasonably be expected to cause little to no damage to the national security. Color Code is Green. Fleet Weather Center Norfolk 6 EIDWS Common Core 106 SECURITY • Explain what is meant by „need to know‟: • Access to classified information is not authorized by the favorable conclusion of a clearance eligibility determination. Access is only permitted to eligible individuals after determining that the individual has a “need-to-know.” – a. Need-to-know is a determination that an individual requires access to specific classified information in the performance of (or assist in the performance of) lawful and authorized government functions and duties. – b. Need-to-know is one of two information points that must be determined by every authorized holder of classified information prior to relinquishing that classified information to a prospective recipient. • 1.) The authorized holder of classified information must determine that the intended recipient has security clearance eligibility established at (or above) the level of access required. • 2.) The authorized holder must determine that the prospective recipient needs-to-know that information in order to perform lawful and authorized government functions. • 3.) These determinations must be based on reliable information, obtained formally or informally, from chain of command supervisors, security managers, or other sources in a position to know the prospective recipients security clearance eligibility and/or duties and organizational functions in relation to the specified classified information intended for release. – c. Need-to-know is a preventative measure to identify and deter unauthorized access. • 1.) Knowledge, possession of, or access to classified information is not provided to any individual solely by virtue of the individual’s office, rank, or position. • 2.) Although access can only be authorized for individuals with established security clearance eligibility at or above the level of classified information required, having security clearance eligibility DOES NOT equate to need-to-know. – d. Classified discussions are prohibited in public areas; hallways, cafeterias, elevators, rest rooms or smoking areas because the discussion may be overheard by persons who do not have a need-to-know. (Individuals are obliged to report violations of the need-to-know principle to their security manager.) – e. Need-to-know requires a level of personal responsibility that is challenging, particularly since it conflicts with human nature and the desire to share information with co-workers and colleagues. It is therefore critical to frequently focus on need-to-know requirements during security education briefings and refresher training. Fleet Weather Center Norfolk 7 EIDWS Common Core 106 SECURITY • State the type of investigation and how often it is updated for access to the following classification levels: • a. Top Secret - The investigative basis for Top Secret clearance eligibility is a favorably completed SSBI, SSBI-PR or PPR. For those who have continuous assignment or access to Top Secret, critical sensitive positions, SCI, Presidential Support Activities, COSMIC Top Secret, LAA, PRP, IT-1 duties or SIOP-ESI, the SSBI must be updated every five years by a PR. • b. Secret/Confidential - The investigative basis for a Secret clearance eligibility is a favorably completed NACLC or ANACI. Clearance eligibility established based on ENTNAC's, NAC's or NACI's prior to NACLC or ANACI implementation remain valid. For a Secret Clearance, the investigation is updated every 10 and 15-years, respectively. • c. Confidential - The investigative basis for a Confidential clearance eligibility is a favorably completed NACLC or ANACI. Clearance eligibility established based on ENTNAC's, NAC's or NACI's prior to NACLC or ANACI implementation remain valid. For a Confidential clearance, the investigation is updated every 10 and 15-years, respectively. • d. SCI - The investigative requirement for access to SCI is a favorably adjudicated SSBI. A SSBI-PR is required to be submitted every five years. The requirements for SCI access are established under Director of National Intelligence (DNI) authority (reference (d) applies). When military personnel are ordered to billets requiring SCI access, the transfer orders will identify the requirement. The losing command's Security Manager/SSO must ensure the required investigative requests are submitted promptly prior to transfer. If an individual is indoctrinated for SCI access, the commanding officer may not administratively lower the individual's security clearance below the Top Secret level without approval of the DON CAF. Fleet Weather Center Norfolk 8 EIDWS Common Core 106 SECURITY • Idenitfy what a SAER is and its purpose: • Security Access Eligibility Report - Used to identify an incident or any change in eligibility if an employee is still eligible for the security clearance. Fleet Weather Center Norfolk 9 EIDWS Common Core 106 SECURITY • Identify the events that should be reported to the SSO: • The following events should be reported to the Special Security Officer (SSO): • 1. Involvement in activities or sympathetic association with persons which/who unlawfully practice or advocate the overflow or alteration of the United States Government by unconstitutional means. • 2. Foreign influence concerns/close personal association with foreign nationals, Foreign citizenships, or foreign monetary interests. • 3. Sexual behavior that is criminal or reflects a lack of judgment or discretion • 4. Unwillingness to comply with rules and regulations or to cooperate with security processing • 5. Change of Marital Status or Marriage/Cohabitation with a foreign national. Fleet Weather Center Norfolk 10 EIDWS Common Core 106 SECURITY • Identify who has overall authority of, and controls access to, a SCIF: • The Special Security Officer (SSO) will be responsible for the operation of the Sensitive Compartmented Information Facility (SCIF) and the security control and use of the SCIF. All SCI matters shall be referred to the SSO. Fleet Weather Center Norfolk 11 EIDWS Common Core 106 SECURITY • Identify the use of the following forms: • a. SF 700 – Security Container Information; this form contains vital information about the security container in which it is located. This information includes location, container number, lock serial number, and contact information if the container is found open and unattended. • b. SF 701 – Activity Security Checklist; this form is a checklist that is filled out at the end of each day to insure that classified materials are secured properly and allows for employee accountability in the event that irregularities are discovered. • c. SF 702 – Security Container Check Sheet; this form provides a record of the names and times that persons have opened, closed and checked a particular container that holds classified information. • d. SF 703 – Top Secret Cover Sheet (Orange); this form is used as a cover sheet for Top Secret documents. • e. SF 153 – COMSEC Material Report; this form is not listed in the reference provided, however it can be found in the GSA Forms library: http://www.gsa.gov/portal/forms/download/468A17F7987B41AE85256D41004B4F0A – according to GSA, it is no longer in available for order through their archives; last revision was Sept 1988 • f. SF 312 – Classified Information Nondisclosure Agreement; this form provides is a contractual agreement between the U.S. Government and a cleared employee that must be executed as a condition of access to classified information. By signing the SF-312, the cleared employee agrees never to disclose classified information to an unauthorized person. Fleet Weather Center Norfolk 12 EIDWS Common Core 106 SECURITY • State when safe combinations should be changed: • Combinations will be changed when one of the following occurs: • a. When first placed in use • b. When an individual knowing the combination no longer requires access unless other sufficient controls (e.g., security in-depth) exist to prevent access to the lock; • c. When subjected to compromise • d. When taken out of service. Built-in combination locks will then be reset to the standard combination 50-25-50; combination padlocks will be reset to the standard combination 10-20-30 Fleet Weather Center Norfolk 13 EIDWS Common Core 106 SECURITY • What is a FDO and state their responsibilites: • Foreign Disclosure Officer. • This individual will process all foreign visit requests to the command. The FDO is also responsible for any foreign disclosure of information to foreign nationals. Fleet Weather Center Norfolk 14 EIDWS Common Core 106 SECURITY • State the purpose of the DCS: • The Defense Courier Service (DCS) is a Joint Command and direct reporting unit (DRU) under the Commander in Chief United States Transportation Command (CINCTRANS). The DCS establishes, staffs, operates, and maintains an international network of couriers and courier stations for the expeditious, cost effective, and secure transmission of qualified classified documents and material. • The Defense Courier Service (DCS) is established under the United States Transportation Command (USTRANSCOM), and is a global courier network for the expeditious, cost-effective, and secure distribution of highly classified and sensitive material. Operational control of global courier activities is exercised through USTRANSCOM's Defense Courier Division (TCJ3-C). The division oversees and synchronizes activity of 18 courier stations worldwide to service over six thousand accounts. Major accounts include the White House, the Department of Defense, the State Department, other federal agencies, authorized government contractors, and allied nations. • The DCS directly supports the President, Unified and Specified COCOMs, joint military operations, the Joint Chiefs of Staff, National Security Agency, Central Intelligence Agency, U.S. allies, State Department, and other federal agencies. • -The DCS was formerly the Armed Forces Courier Service (ARFCOS) but was reorganized and renamed in 1985 after the Walker spy case. Fleet Weather Center Norfolk 15 EIDWS Common Core 106 SECURITY • Describe the procedures for preparing hard copy classified material for transportation via: • a. DCS - the following procedures must be followed: – 1. No item entering the DCS shall weigh over 300 pounds, or exceed dimensions 45 1/2" X 26" X 22", except those items for which the physical structure prohibits breakdown into smaller units. The minimum size of a "flat" (envelope) entered into the DCS shall meet the standard 8 1/2" X 11" in size; small boxes and/or packages shall have a minimum total dimension of 26"; e.g., girth (twice its width plus twice the height) added to the length. Requests for exception to weight or size restrictions shall be submitted to the servicing DCS station, in advance. – 2. Items shall be addressed with the standardized DCS two-line address; the Army/AirPost Office, the Fleet Post Office, and the street addresses shall not be used. – 3. Envelopes, labels, or tags with visible "postage and fees paid" indicia shall not be used. – 4. Security classification markings, special security caveats, and other extraneous markings must not appear on the outer wrapper. – 5. Nickname and/or special project markings previously approved by the DCS must be placed on the outer wrapper. – 6. Detailed information on wrappings, marking, and preparing material for movement is available from the servicing DCS station. – 7. Packaging Material • Generally, all packaging materials are permissible if they afford contents with concealment and protection, preclude physical and/or visual access, are sturdy, and pose no hazard to handlers. Use of metal strapping is specifically prohibited. For assistance and clarification, customers should contact their servicing DCS station. • U.S. Postal Service bags, pouches, or sacks shall not be used for DCS material. • DoS bags, pouches, or sacks shall not be used for non-DoS material, except in specific, previously coordinated situations. Fleet Weather Center Norfolk 16 EIDWS Common Core 106 SECURITY • Describe the procedures for preparing hard copy classified material for transportation via: • b. Handcarry - the following procedures must be followed: – 1. Prepare classified information for shipment by packaging and sealing it with tape which will retain the impression of any postal stamp, in ways that minimize risk of accidental exposure or undetected deliberate compromise. Classified information shall be packaged so that classified text is not in direct contact with the inner envelope or \container. – 2. Enclose classified information transported outside the command in two opaque, sealed covers (e.g., envelopes, wrappings, or containers) durable enough to conceal and protect it from inadvertent exposure or tampering. The following exceptions apply: • If the classified information is an internal component of a packageable item of equipment, the outside shell or body may be considered as the inner cover provided it does not reveal any classified information. • If the classified information is an inaccessible internal component of a bulky item of equipment, the outside or body of the item may be considered a sufficient cover provided observation does not reveal classified information. • If the classified information is an item of equipment that is not reasonably packageable and the shell or body is classified, it shall be concealed with an opaque covering that conceals all classified features. • Specialized shipping containers, including closed cargo transporters, may be considered the outer wrapping or cover when used. • Refer to the appropriate reference in paragraph 9-5 of SECNAV M-5510.36 preparation of special types of classified and controlled unclassified information for transmission or transportation. Fleet Weather Center Norfolk 17 EIDWS Common Core 106 SECURITY • State the responisbilites of the TSCO: • The commanding officer shall designate, in writing, a command TOP SECRET CONTROL OFFICER (TSCO) for commands handling Top Secret information. Top Secret Control Assistants (TSCA) may be assigned as needed (see paragraph 2-4.3 of SECNAV M-5510.36). The TSCO reports directly to the security manager or the security manager may serve concurrently as the TSCO. The TSCO shall: • a. Maintain a system of accountability (e.g., registry) to record the receipt, reproduction, transfer, transmission, downgrading, declassification and destruction of command Top Secret information, less SCI and other special types of classified information. • b. Ensure that inventories of Top Secret information are conducted at least once annually, or more frequently when circumstances warrant (see chapter 7, paragraph 7-3 of SECNAV M-5510.36). As an exception, repositories, libraries, or activities that store large volumes of classified documents may limit their annual inventory to that which access has been given in the past 12 months, and 10 percent of the remaining inventory. Fleet Weather Center Norfolk 18 EIDWS Common Core 106 SECURITY • State the THREATCON recognition and Force Protection levels and discuss what each represents: – a. FPCON NORMAL describes a situation or no current terrorist activity. The only security forces needed are enough to stop the everyday criminal, most likely civilian police forces. – b. FPCON ALPHA describes a situation where there is a small and general terrorist activity that is not predictable. However, agencies will inform personnel that there is a possible threat and standard security procedure review is conducted. – c. FPCON BRAVO describes a situation with somewhat predictable terrorist threat. Security measures taken by agency personnel may affect the activities of local law enforcement and the general public. – d. FPCON CHARLIE describes a situation when an instance occurs or when intelligence reports that there is terrorist activity imminent. e. FPCON DELTA describes a situation when a terrorist attack is taking place or has just occurred. FPCON DELTA usually occurs only in the areas that are most vulnerable to or have been attacked. Fleet Weather Center Norfolk 19 EIDWS Common Core 106 SECURITY • Explain what a RAM is: • Random Antiterrorism Measures. – To maximize the effectiveness and deterrence value, RAM should be implemented without a set pattern, either in terms of the measure selected, time, place, or other variables. RAM, at a minimum, shall consist of the random implementation of higher FPCON measures in consideration of the local terrorist capabilities. Random use of other physical security measures should be used to supplement FPCON measures. Fleet Weather Center Norfolk 20 EIDWS Common Core 106 SECURITY • Explain and state the purpose of an EAP: • An Emergency Action Plan (EAP) is utilized when anticipating natural disasters. All activities located within the U.S and its territories that hold classified COMSEC or CCI material will maintain an up-to-date, written Emergency Action Plan for the protection of COMSEC material appropriate for natural disasters likely to occur in their region of the country (e.g., hurricanes in the South, tornados and floods in the mid-West, wild fires in the West, etc.). In addition, all activities located within the U.S and its territories will have conducted an initial written risk assessment and must maintain an up-to-date copy of the risk determination document that assesses the potential for hostile actions against their facilities (such as terrorist attack, rioting, or civil uprising). Based on the sensitivity of the operations, or the facility, the cognizant security official will either certify that the review has determined no need for the Emergency Plan to consider hostile actions, or, if it is determined that a potential risk exists, develop EDPs for inclusion in their Emergency Plan. Fleet Weather Center Norfolk 21 EIDWS Common Core 106 SECURITY • Explain and state the purpose of Emergency Destruction Procedures: • An Emergency Destruction Procedures (EDP) is utilized when anticipating a hostile action. Planning for hostile actions must concentrate on procedures to safely evacuate or securely destroy the COMSEC material, to include providing for the proper type and a sufficient number of destruction devices to carry out emergency destruction. Planning for hostile action shall also include the necessary training for all individuals who might perform emergency destruction. By contrast, planning for natural disasters should be directed toward maintaining security control over the material until the situation stabilizes, taking into account the possible loss of normal physical security protection that might occur during and after a natural disaster. The operating routines for COMSEC facilities should be structured so as to minimize the number and complexity of actions that must be taken during emergencies to protect COMSEC material. – 1. Only the minimum amount of COMSEC material should be held at any one time; i.e., routine destruction should be conducted frequently and excess COMSEC material disposed of in accordance with department or agency directives. COMSEC requirements should be reviewed at least annually to validate need for material on hand. – 2. COMSEC material should be stored and inventoried in ways that will facilitate emergency evacuation or destruction. Fleet Weather Center Norfolk 22 EIDWS Common Core 106 SECURITY • State who can give the order to initiate Emergency Destruction: • The Commanding Officer/OIC or official responsible for safeguarding COMSEC material. Fleet Weather Center Norfolk 23 EIDWS Common Core 106 SECURITY • Explain how, and in what order, material is destroyed during Emergency Destruction: • Material will be identified for emergency destruction/removal following the general guidelines listed below: – 1. Priority One: All cryptographic equipment and documents – 2. Priority Two: All operational SCI codeword material which might divulge targets and successes, documents dealing with U.S. SCI activities and documents concerning compartmented projects and other sensitive intelligence materials and TOP SECRET collateral. – 3. Priority Three: Less sensitive administrative SCI material and collateral classified material not included above. Fleet Weather Center Norfolk 24 EIDWS Common Core 106 SECURITY • Define SCI: • Sensitive Compartmented Information - Classified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director of Central Intelligence. Fleet Weather Center Norfolk 25 EIDWS Common Core 106 SECURITY • List the items prohibited in a SCIF and the security risks associated with them: • No devices that transmits, receives, records or stores data is authorized into a SCIF without prior approval (i.e CO or SSO or ISSM). Also, no photography in or around a SCIF without CO approval. The ISSM must approve ALL IT software prior to its use in a SCIF. Fleet Weather Center Norfolk 26 EIDWS Common Core 106 SECURITY • Define the difference between a security violation and a practice dangerous to security: • Fleet Weather Center Norfolk 27 EIDWS Common Core 106 SECURITY • Explain the secuirty requirements for the following: Fleet Weather Center Norfolk 28 EIDWS Common Core 106 SECURITY • Explain vault recertification and recurring inspections: • The container or vault door must be inspected and recertified by a person specifically trained and authorized by the GSA before it can be used to protect classified material. Upon completion of the inspection, a “GSA Approved Recertified Security Container” label will be applied and the container/vault door is then considered authorized for storage/protection of classified material. If the container fails inspection, it must be repaired in accordance with Federal Standard 809, “Federal Standard Neutralization and Repair of GSA-Approved Security containers,” before the recertification label can be applied. Fleet Weather Center Norfolk 29 EIDWS Common Core 106 SECURITY • Discuss the need for access lists, required documenation logs, and two-person integrity: • Access Lists are lists that specify who or what is allowed to access the object or place of interest. This applies to personnel who do not have to sign in when they enter a space. Per NCTAMSLANTINST 5510.1C, Access Lists must always be kept up to date and posted in the applicable space. Visitors who are not part of the command are required to sign the visitor’s log in the specific space that they are visiting. Fleet Weather Center Norfolk 30 EIDWS Common Core 106 SECURITY • Explain the DoD escort policy: • If an escort is required for the visitor, a military, civilian or a cleared contractor assigned to the command being visited may be assigned escort duties. • As a matter of convenience and courtesy, flag officers, general officers and their civilian equivalents are not required to sign visitor records or display identification badges when being escorted as visitors. Identification of these senior visitors by escorts will normally be sufficient. The escort should be present at all times to avoid challenge and embarrassment and to ensure that necessary security controls are met. If the visitor is not being escorted, all normal security procedures will apply. Fleet Weather Center Norfolk 31 EIDWS Common Core 106 SECURITY • Discuss the procedures for sanitizing an area: • The removal of information from the media or equipment such that data recovery using any known technique or analysis is prevented. Sanitizing shall include the removal of data from the media, as well as the removal of all classified labels, markings, and activity logs. Properly sanitized media may be subsequently declassified upon observing the organization’s respective verification and review procedures Fleet Weather Center Norfolk 32 EIDWS Common Core 106 SECURITY • Discuss each of the following, giving their definition and the purpose of each: • a. COMSEC - Communications Security (COMSEC) material is that material used to protect U.S. Government transmissions, communications, and the processing of classified or sensitive unclassified information related to national security from unauthorized persons and that material used to ensure the authenticity of such communications. – The protection of vital and sensitive information moving over government communications systems is crucial to the effective conduct of the government and specifically to the planning and execution of military operations. To this end, a system has been established to distribute, control, and safeguard COMSEC material. This system, which consists of production facilities, COMSEC Central Offices of Records (CORs), distribution facilities (i.e., depots), and EKMS accounts, is known collectively as the CMCS. The CMCS, as currently established, will continue to function until such time as the Electronic Key Management System (EKMS) is fully implemented. – COMSEC material is managed in EKMS/COMSEC accounts throughout the federal government to include departments and civil agencies as well as the civilian sector supporting the federal government. • b. INFOSEC – (covered later in this training) • c. COMPUSEC - Computer Security (COMPUSEC) is the protection of computing systems against threats to confidentiality, integrity, availability, and accountability. It must address the threats to electronic transactions and files. The context of computer security is always changing, due to rapidly changing technology, decentralization, networking, privacy issues, and the potential for fraud and abuse. • d. PSP - The objective of the Personnel Security Program (PSP) is to authorize initial and continued access to classified information and/or initial and continued assignment to sensitive duties to those persons whose loyalty, reliability and trustworthiness are such that entrusting them with classified information or assigning them to sensitive duties is clearly consistent with the interests of national security. Additionally, the PSP ensures that no final unfavorable personnel security determination will be made without compliance with all procedural requirements. • e. ATFP - Fleet Weather Center Norfolk • 33 EIDWS Common Core 106 SECURITY • State the purpose of the ICD systems: • Intelligence Community Directive. The Director of National Intelligence (DNI) established Intelligence Community Directives (ICDs) as the principal means by which the DNI provides guidance, policy, and direction to the Intelligence Community. Fleet Weather Center Norfolk 34 EIDWS Common Core 106 SECURITY • Idenitfy SSO Navy: • The Director, Security and Corporate Services (ONI-05) as Special Security Officer for the DON (SSO Navy) has been designated as the Cognizant Security Authority (CSA). As CSA, SSO Navy is responsible for implementing SCI security policy and procedures and performs management and oversight of the Department’s SCI security program. Fleet Weather Center Norfolk 35 EIDWS Common Core 106 SECURITY • List the duties and responsibilites of the SSO: • Commands in the DON accredited for and authorized to receive, process and store SCI will designate a Special Security Officer (SSO). The SSO is the principal advisor on the SCI security program in the command and is responsible to the commanding officer for the management and administration of the program. SCI security program responsibilities are detailed in reference (d). The SSO will be afforded direct access to the commanding officer to ensure effective management of the command's SCI security program. The SSO will be responsible for the operation of the Sensitive Compartmented Information Facility (SCIF) and the security control and use of the SCIF. All SCI matters shall be referred to the SSO. – a. The SSO and a subordinate SSO will be appointed, in writing, and each will be a U.S. citizen and either a commissioned officer or a civilian employee GS-9 or above, and must meet Director, Central Intelligence Directive (DCID) 6/4, "Personnel Security Standards and Procedures Governing Eligibility for Access to Sensitive Compartmented Information (SCI)" (NOTAL)standards. The same grade limitations apply to assistant SSOs. The security manager cannot function as the SSO unless authorized by the Director, ONI or Commander, NETWARCOM (IOD). – b. Although the SSO administers the SCI program independent of the security manager, the security manager must account for all clearance and access determinations made on members of the command. There is great need for cooperation and coordination between the SSO and security manager, especially for personnel security matters. For individuals who are SCI eligible, the security manager and the SSO must keep one another advised of any changes in status regarding clearance and access and of information developed that may affect eligibility. The security manager and SSO must also advise each other of changes in SCI and command security program policies and procedures as they may impact on the overall command security posture. Fleet Weather Center Norfolk 36 EIDWS Common Core 106 SECURITY • Idenitfy who can be a CSM: • The command security manager may be assigned full-time, part-time or as a collateral duty and must be an officer or a civilian employee, GS-11 or above, with sufficient authority and staff to manage the program for the command. The security manager must be a U.S. citizen and have been the subject of a favorably adjudicated Single Scope Background Investigation (SSBI) completed within five years prior to assignment. • The security manager shall be identified by name on command organizational charts, telephone listings, rosters, or other media. Reference (c) recommends that the security manager report to the commanding officer on functional security matters and to the executive officer for administration of the ISP Fleet Weather Center Norfolk 37 EIDWS Common Core 106 SECURITY • State the duties and responsibilites of a CSM: • The security manager is responsible for implementing the ISP and shall have direct access to the commanding officer. Some tasks may be assigned to a number of command personnel and may even be assigned to persons senior to the security manager. Nevertheless, the security manager shall remain cognizant of all command information, personnel, and industrial security functions and ensure that the security program is coordinated and inclusive of all requirements in this policy manual. The security manager shall: – a. Serve as the principal advisor and representative to the commanding officer in matters pertaining to the classification, safeguarding, transmission, and destruction of classified information. – b. Develop a written command security instruction (see exhibit 2A in SECNAV M-5510.36), to include provisions for safeguarding classified information during military operations or emergency situations. – c. Ensure that personnel in the command who perform security duties are kept abreast of changes in policies and procedures, and provide assistance in problem solving. – d. Formulate, coordinate, and conduct the command security education program. – e. Ensure that threats to security and other security violations are reported, recorded, and when necessary investigated. Ensure that incidents described in chapter 12 of SECNAV M-5510.36 are immediately referred to the nearest NCIS office. – f. Ensure that all security violations or incidents involving the possible compromise of classified information, to include those involving information technology (IT) systems, are investigated and reported in accordance with chapter 12 of SECNAV M-5510.36. Coordinate after-incident responses involving classified information processed on IT systems with the command Information Assurance Manager (IAM). Fleet Weather Center Norfolk 38 EIDWS Common Core 106 SECURITY • State the duties and responsibilites of a CSM (cont): – g. Coordinate the preparation and maintenance of security classification guides under the command's cognizance. – h. Maintain liaison with the command Public Affairs Officer (PAO) to ensure that proposed press releases and information intended for public release are subjected to a security review (see chapter 8 of SECNAV M-5510.36). – i. Coordinate with other command officials regarding security measures for the classification, safeguarding, transmission and destruction of classified information. – j. Develop security measures and procedures regarding visitors who require access to classified information. – k. Ensure that classified information is secured and controlled areas are sanitized when a visitor is not authorized access. – l. Implement and interpret, as needed, regulations governing the disclosure of classified information to foreign governments. – m. Ensure compliance with the requirements of SECNAV M-5510.36 when access to classified information is provided at the command to cleared contractors in connection with a classified contract. – n. Ensure that access to classified information is limited to appropriately cleared personnel with a need-to-know per reference (b) of SECNAV M-5510.36. Fleet Weather Center Norfolk 39 EIDWS Common Core 106 SECURITY • Explain and state the purpose of JPAS: • The Joint Personnel Adjudication System (JPAS) is a DoD system that uses NIPRNET to connect all DoD security personnel around the world with their Central Adjudication Facility (CAF). The JPAS web site runs on a secured port with secured socket layer (SSL) 128-bit encryption. • JPAS is the Department of Defense (DoD) personnel security clearance and access database. It facilitates personnel security program management for the Department of Defense Central Adjudication Facilities, for DoD security managers, and Sensitive Compartment Information (SCI) program managers. • JPAS interfaces with the Defense Security Service (DSS) and the Office of Personnel Management (OPM) to populate personnel security investigation data and the personnel systems, Defense Enrollment Eligibility Reporting System (DEERS) and Defense Civilian Personnel Data System (DCPDS), to populate identifying data. • JPAS is the system of record for personnel security adjudication, clearance and verification and history. Fleet Weather Center Norfolk 40 EIDWS Common Core 106 SECURITY • Explain and state the purpose of JPAS (cont): • JPAS has two applications. The Joint Adjudication Management System (JAMS) and the Joint Clearance and Access Verification System (JCAVS). – 1. JAMS is the application which supports central adjudication facilities personnel and provides capabilities and data such as case management/ distribution, adjudication history, due process history, revocations and denial action information, and will have the ability to electronically access personnel security investigative reports from either the DSS or the OPM. JCAVS is the application which supports command security personnel and provides capabilities and data such as local access record capabilities, debriefings, incident file reports and eligibility data, SAP access information and security management reports. – 2. Department of the Navy (DON) commands are required to use JCAVS exclusively to record all access determinations which includes temporary access, upgrades, downgrades, and suspensions. Commands must document interim security clearance determinations, execution of Nondisclosure Agreements (SF-189, SF-189A or SF-312), and personal attestations and use JCAVS to submit continuous evaluation reports, pass visit requests, determine security clearance and Sensitive Compartmented Information (SCI) access eligibility, determine status of requested personnel security investigation (PSI), record PSI submission dates and request DON CAF determinations, record all access determinations, JCAVS users will be responsible for changes to an individual’s access within the JCAVS. The minimum investigative standards required for access to JCAVS can be found in chapter 3-1. The minimum security clearance eligibility for access to JCAVS can be found in chapter 3-1. Data will be permanently retained within JPAS but it will not always be displayed. Data pertaining to individuals that retire or separate from the DON will be visibly retained for 24 months. However, if no action occurs on the individual record for twenty-four months, the record will be purged from display and archived. General Officer and Senior Executive Service employee data will be visibly retained indefinitely. Fleet Weather Center Norfolk 41 EIDWS Common Core 106 SECURITY • Explain and state the responsibilites of DONCAF: • The Department of the Navy Central Adjudication Facility (DONCAF), is a Naval Criminal Investigative Service (NCIS) organization, and is responsible for determining who within the Department of the Navy is eligible to hold a security clearance, to have access to Sensitive Compartmented Information (SCI), or to be assigned to sensitive duties. The aggregate body of DON personnel consists of Active Duty and Reserve components of the United States Navy and Marine Corps, as well as civilians and contractors. In addition, DONCAF makes SCI eligibility determinations for select contractor personnel. Collateral clearance determinations for contractor personnel are established by DISCO (Defense Industrial Service Clearance Office). • DONCAF also maintains an extensive database of its security decisions and provides overall operational support to the Navy’s personnel security program. • Adjudication is the review and consideration of all available information to ensure an individual’s loyalty, reliability, and trustworthiness are such that entrusting an individual with national security information or assigning an individual to sensitive duties is clearly in the best interest of national security. Our mission is to provide excellent customer service, accurate and timely adjudication, and implement innovative strategies for the DON Personnel Security Program. Fleet Weather Center Norfolk 42 EIDWS Common Core 106 SECURITY • Discuss how long a CO can administratively suspend access before DONCAF revokes a clearance: • SCI access suspension is a temporary measure designed to safeguard sensitive classified information or facilities. Suspension of SCI access will not exceed 90 days without the express consent of the SOIC or designee. Forward follow-up and final reports of investigation to the cognizant SOIC(Senior Official of the Intelligence Community) CAF (Central Adjudication Facility). Fleet Weather Center Norfolk 43 EIDWS Common Core 106 SECURITY • State the levels of INFOCON and what each signifies: • The Information Operations Condition (INFOCON) system provides a framework within which the Commander USSTRATCOM (CDRUSSTRATCOM), regional commanders, service chiefs, base/post/camp/station/vessel commanders, or agency directors can increase the measurable readiness of their networks to match operational priorities. • The INFOCONs mirror Defense Conditions (DEFCON) defined in CJCSM 3402.1B, (S) Alert System of the Chairman of the Joint Chiefs of Staff (U), and are a uniform system of five progressive readiness conditions - INFOCON 5, INFOCON 4, INFOCON 3, INFOCON 2, and INFOCON 1. (There is no direct correlation between INFOCON and DEFCON levels, though commanders should consider changes in INFOCON when DEFCON changes.) • INFOCON 5 is normal readiness and INFOCON 1 is maximum readiness. Each level represents an increasing level of network readiness based on tradeoffs in resource balancing (e.g., downtime versus level of assured confidence regarding malicious activity) that every commander must make. The INFOCONs are supplemented by Tailored Readiness Options (TRO), which are applied in order to respond to specific intrusion characteristics or activities, directed by CDRUSSTRATCOM or commanders. • INFOCON procedures focus on proactively establishing and re-establishing a secure baseline based on a periodic, operational rhythm. This cycle varies, based on perceived operational needs, from bringing systems back to a secure baseline every 180 days at INFOCON 5, to restoring that secure baseline every 15 days at INFOCON 1. • The definitions of each INFOCON are as follows: – – – – – INFOCON 5 - Normal Readiness Procedures INFOCON 4 - Increased Military Vigilance Procedures INFOCON 3 - Enhanced Readiness Procedures INFOCON 2 - Greater Readiness Procedures INFOCON 1 - Maximum Readiness Procedures Fleet Weather Center Norfolk 44 EIDWS Common Core 106 SECURITY • Discuss the secuirty rules and procedures for magnetic and electronic media: • a. Magnetic Media - For clarification, Magnetic storage media is considered to be any component of a system which, by design, is capable of retaining information without power. • The procedures contained below meet the minimum security requirements for the clearing, sanitizing, releasing, and disposal of magnetic media as well as guidance for other types of information storage media. These procedures will be followed when it becomes necessary to release magnetic media, regardless of classification, from Sensitive Compartmented Information (SCI) channels. Media that has ever contained SCI, other intelligence information, or Restricted Data cannot be sanitized by overwriting; such media must be degaussed before release. • Review of Terms. To better understand the procedures contained herein, it should be understood that overwriting, clearing, purging, degaussing, and sanitizing are not synonymous with declassification. The following are definitions: – 1. Clearing. Clearing is the process of removing information from a system or the media to facilitate continued use and to preclude the AIS system from recovering previously stored data. In general, laboratory techniques allow the retrieval of information that has been cleared, but normal operations do not allow such retrieval. Clearing can be accomplished by overwriting or degaussing. – 2. Sanitizing (Also Purging). Sanitizing is the process of removing information from the media or equipment such that data recovery using any known technique or analysis is prevented. Sanitizing shall include the removal of data from the media, as well as the removal of all classified labels, markings, and activity logs. In general, laboratory techniques cannot retrieve data that has been sanitized/purged. Sanitizing may be accomplished by degaussing. – 3. Destruction. Destruction is the process of physically damaging media so that it is not usable and there is no known method of retrieving the data. – 4. Declassification. Declassification is an administrative process used to determine whether media no longer requires protection as classified information. The procedures for declassifying media require Designated Approving Authority (DAA) Representative (Rep) or Service Certifying Organization (SCO) approval. Fleet Weather Center Norfolk 45 EIDWS Common Core 106 SECURITY • Discuss the secuirty rules and procedures for magnetic and electronic media (cont): • b. Electronic Media - A portable electronic device is a generic term used to describe the myriad of small electronic items that are widely available. The rapid growth in technological capabilities of portable electronic devices/portable computing devices (PEDs/PCDs) has led to concerns about their portability into and out of Sensitive Compartmented Information Facilities (SCIFs). PEDs include cellular telephones, two way pagers, palm sized computing devices, two-way radios, audio/video/data recording, playback features, personal digital assistants, palm tops, laptops, notebooks, data diaries, and watches with communications software and synchronization hardware, that may be used to telecommunicate. These devices must be closely monitored to ensure effective control and protection of all information on our IS. • The use of PEDs in a SCI environment presents a high degree of risk for the compromise of classified or sensitive information. PEDs will only be used to fulfill mission requirements. Additionally, very specific handling procedures must be developed and made available to the user of the PED. The Agency in charge of any given SCIF is the authority for the procedures to move PEDs in or out of their facilities. Specific requirements/procedures are: • All of the following requirements must be satisfied prior to approving the use of portable electronic devices: – 1. Personal PEDs • Personal PEDs, hardware/software associated with them, and media are prohibited from entering/exiting a SCIF unless authorized by the Agency granting SCIF accreditation. • Personal PEDs are prohibited from operating within a SCIF unless authorized by the agency granting SCIF accreditation. If approved, the owner of these devices and his/her supervisor must sign a statement acknowledging that they understand and will adhere to the restrictions identified below. • Connection of a Personal PED to any IS within a SCIF is prohibited. • PEDs with wireless, Radio Frequency (RF), Infrared (IR) technology, microphones, or recording capability will not be used unless these capabilities are turned off or physically disabled. Fleet Weather Center Norfolk 46 EIDWS Common Core 106 SECURITY • Discuss the secuirty rules and procedures for magnetic and electronic media (cont): – 2. Government Owned PEDs • Government PEDs, hardware/software associated with them, and media must be controlled when entering/exiting a SCIF. • Government PEDs are prohibited from operating within a SCIF unless authorized and accredited by the agency granting the SCIF accreditation. As part of the accreditation requirements, the user of these devices and his/her supervisor must sign a statement acknowledging that they understand and will adhere to the restrictions identified below. • Connection of a Government PED to any IS within a SCIF must be approved by the ISSM in writing. • PEDs with wireless, Radio Frequency (RF), Infrared (IR) technology, microphones, or recording capability will not be used unless these capabilities are turned off or physically disabled. • Specified PEDs (i.e. Laptop Computers) may be used to process classified information. In addition, these PEDs may be granted approval to connect to ISs on a case-by-case basis in writing by the ISSM. Specified PEDs approved to process classified information must meet minimum technical security requirements. • If approved, the PED and associated media must be transported and stored in a manner that affords security sufficient to preclude compromise of information, sabotage, theft, or tampering. Procedures for handling the PED in a SCIF must be available and provided to the user. Fleet Weather Center Norfolk 47 EIDWS Common Core 106 SECURITY • Explain why the U.S. Navy only uses “.mil” email addresses on government systems: • In the Domain Name System (DNS) naming of computers, there is a hierarchy of names. There is a set of “top-level domain names” (TLDs). These are the generic TLDs and the two letter country codes from International Organization for Standardization (ISO) Standard Number 3166 (Reference (e) of DoD Instruction 8410.01). The Internet Assigned Numbers Authority (IANA) provides a list of the generic TLDs that presently includes twenty domains and descriptions. – A hierarchy of names usually exists under each TLD. For example, .MIL is a TLD, .OSD.MIL is a Second Level Domain (SLD) and TRICARE.OSD.MIL is a Third Level Domain (not usually referred to with an acronym). – Each of the generic TLDs was created for a general category of organizations. The country code domains (e.g., FR, NL, KR, US) are each organized by an administrator for that country. – All generic TLDs are international in nature, with the exception of two (.MIL and .GOV) that are restricted to use by entities in the United States. Descriptions for each follow: • a.) .GOV – Agencies of the U.S. Federal government have exclusive use of this domain. State and local agencies use the .US country domain. (See paragraph 4.h. of DoD Instruction 8410.01) DoD Components do not generally qualify for use of this domain. • b.) .MIL – The U.S. Department of Defense has exclusive use of this domain. Fleet Weather Center Norfolk 48 EIDWS Common Core 106 SECURITY QUESTIONS? Fleet Weather Center Norfolk 49
