th
NOVEMBER 2005
DISTRIBUTION STATEMENT
DISTRIBUTION STATEMENT: Distribution authorized to U.S. Government Agencies only. This document contains operational and security planning information.
DESTRUCTION NOTICE
Destroy by shredding.
FOR OFFICIAL USE ONLY
TABLE OF CONTENTS
COMMANDER’S LETTER
SECTION I: GENERAL INFORMATION
SECTION II: THE SENSITIVE AREAS OF THE COMMAND
AND ESSENTIAL ELEMENTS OF FRIENDLY INFORMATION
SECTION III: DESCRIPTION OF THE THREAT
SECTION IV: RSS, 11 th ACR OPSEC VULNERABILITIES
SECTION V: RSS, 11 th ACR OPSEC MEASURES
FOR OFFICIAL USE ONLY
2
3
4
7
11
14
16
DEPARTMENT OF THE ARMY
HEADQUARTERS, REGIMENTAL SUPPORT SQUADRON
11TH ARMORED CAVALRY REGIMENT
FORT IRWIN, CALIFORNIA 92310-5073
REPLY TO
ATTENTION OF
AFZJ-ACS-CO 20 October 2005
MEMORANDUM FOR Regimental Support Squadron, 11 th ACR
SUBJECT: Operations Security
1. Operations Security is a necessary element in our daily operations to maintain our resources and capabilities. Our Army is faced with an adversary that we cannot see, an adversary that is intent on frustrating our ability to perform our mission. It is the responsibility of every Soldier to follow operations security measures in order to prevent the adversary from meeting that goal.
2. The RSS, 11 th ACR Operations Security Plan outlines steps we must take as a unit to protect our critical information. This is information that, if compromised, could be used against our Soldiers, our families, or our mission. Every Soldier in the unit must understand what information he or she is responsible for protecting, and what steps to take if they make contact with someone trying to gain that information. The Essential
Elements of Friendly Information will be disseminated to the lowest level to ensure this understanding.
3. The Operations Security program is designed to protect our unit from threats we may not see or predict. Following the guidance in this plan is paramount to the success of our mission.
4. The point of contact for this plan is the RSS S2 at x7029.
JOE L. DOE
LTC, TC
Commanding
FOR OFFICIAL USE ONLY
3
SECTION I
GENERAL INFORMATION
1. PURPOSE. The purpose of this plan is to provide policy and guidance for Operations
Security (OPSEC) within the RSS. OPSEC is an integral part of all activities, tests, exercises and rotations at the NTC and Fort Irwin and is necessary to protect our critical interests and maintain mission integrity.
2. MISSION. The mission of the RSS, 11 th ACR is to provide combat support/combat service support to the 11 th ACR and NTC Opposing Force and conduct deployment, survivability, and MOS sustainment training in order to ensure success of the Regiment,
OPFOR, and Squadron.
3. DEFINITION OF OPSEC. OPSEC is a process of identifying critical information and subsequently analyzing friendly actions to:
a. Identify those actions that can be observed by adversarial intelligence systems.
b. Determine indicators adversarial intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries.
c. Select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversarial exploitation.
4. OPSEC CONCEPT.
a. Many activities incident to normal daily functioning will convey information and indicators to adversaries in spite of routine security measures to protect classified information. Information available from detectable friendly activities, when combined with other information held by an adversary, will shape the adversary's perceptions of friendly intentions, military capabilities, actions, and possible weaknesses, all of which will provide answers to adversarial intelligence questions.
b. An OPSEC vulnerability exists when OPSEC indicators of critical information are collectable by adversarial collection systems, the collected information can be processed, and the adversary has time to react in a way harmful to the United States.
Capabilities used to obtain information from accessible activities generally depend on target cooperation. For example, passive sensors depend on our emitting signals; observation depends on our observable and discernible actions; the detection of predictable actions depends on our acting in stereotypical ways; and open source material depends on information appearing or being released into the public media.
FOR OFFICIAL USE ONLY
4
c. The key aim of OPSEC is to ensure mission effectiveness. Actions that may be implemented include the use of jamming, obscurant weather, camouflage, environmental conditions, covers, or military deception to influence adversarial perceptions and conclusions (e.g., cover operations to explain observable activities, diversions to draw collection and analytical interest elsewhere, conditions causing activities to be ignored, multiple impressions to confuse interpretation of information).
Countering adversarial C2 and protecting friendly C2 are functions of OPSEC.
5. RESPONSIBILITIES.
a. The Commanding General of the National Training Center is responsible for the
OPSEC of the installation. In implementing OPSEC at the NTC, the Installation Force
Protection/Antiterrorism Officer is designated as the Installation OPSEC Officer. The
Installation OPSEC Officer has the responsibility for developing and implementing the
Installation OPSEC Program.
b. The RSS OPSEC Officer will ensure that:
(1) An OPSEC Officer is designated in writing to direct and implement the OPSEC
Program. The OPSEC Officer may be a Commissioned Officer (CPT or above), a
Warrant Officer (CW2 or above), a Noncommissioned Officer (SFC or above), or a civilian (GS-9 or above).
(2) They are scheduled for attendance at RSS training events.
(3) They establish an internal document review policy for the organization to ensure distribution statements and FOR OFFICIAL USE ONLY handling markings are applied IAW command policy.
(4) All assigned personnel are aware of the NTC and RSS Essential Elements of
Friendly Information.
c. All personnel in the RSS) are responsible for complying with established OPSEC and security practices for protecting classified, unclassified, and Controlled Unclassified
Information (CUI) which she/he has been exposed to. All personnel should:
(1) Be aware of the intelligence collection threat.
(2) Know command EEFIs.
(3) Ensure co-workers are aware of the intelligence collection threats and EEFIs.
(4) Know where to obtain OPSEC guidance.
FOR OFFICIAL USE ONLY
5
(5) Be aware that OPSEC training is mandatory and will be initiated upon an individual's entry into government service/ employment by the supervisor, and be continuous and progressive throughout his/her career.
6. TRAINING.
a. Every individual should be able to answer the following questions:
(1) What is OPSEC?
(2) Why is OPSEC important to my organization?
(3) Why is OPSEC important to me?
(4) How can I contribute to the OPSEC program?
b. All personnel will receive orientation training within the first 90 days of arrival to the unit. This training will focus on:
(1) The local intelligence threat.
(2) How adversaries aggressively seek information on military capabilities, intentions, and plans.
(3) How OPSEC complements traditional security programs to maintain essential secrecy of military capabilities, intentions, and plans.
(4) Specific guidance on the EEFI to protect and OPSEC measures to prevent inadvertent disclosure.
c. All personnel will receive annual refresher training in OPSEC measures and EEFI.
d. OPSEC officers will complete the 40-hour OPSEC course provided by DA prior to assuming duties.
FOR OFFICIAL USE ONLY
6
SECTION II
THE SENSITIVE AREAS OF THE COMMAND AND
ESSENTIAL ELEMENTS OF FRIENDLY INFORMATION (EEFI)
1. SENSITIVE AREAS. Because of the highly visible mission of the 11 th ACR (R) the following facilities/areas are considered or could become sensitive, due to the fact that they could be lucrative sources of information.
a. Headquarters Offices. These areas are considered excellent targets for adversary exploitation because they are centers of information about intentions, current activities, status of capabilities and vulnerabilities. b. Communications facilities, TOC’s, and CP's during exercises, testing, mobilization, etc.
c. Arms, ammunition, and explosive storage areas.
d. Classified material storage sites.
e. Automated Information Systems (AIS) and word processing activities including computer systems that store or process classified and Controlled Unclassified
Information (CUI).
f. Offices, conference and planning rooms where classified and CUI is discussed, generated, displayed and used.
g. Intelligence and security offices.
h. Trash bins and dumpsters.
2. CRITICAL INFORMATION. This information, if disclosed to an adversary, could result in compromise of our personnel or mission.
a. Deployment/redeployment dates and times.
b. NTC rotation schedules, including individual Soldier schedules in the field.
c. Rotational unit arrival and departure times.
d. Holiday, comp days, and max leave dates.
e. Rotational training objectives specific to the rotational unit.
FOR OFFICIAL USE ONLY
7
f. Unit strength and composition of any unit.
g. Times and locations of large formations or activities, especially those that include family members.
h. Roles of Soldiers in the field during rotational training; design of training.
i. TTPs/SOPs that outline procedures used in the unit.
j. Access rosters, FRG lists, personnel rosters, and any information about our
Soldiers or family members.
2. ESSENTIAL ELEMENTS OF FRIENDLY INFORMATION (EEFI).
a. EEFI are "Key questions likely to be asked by adversary officials and intelligence systems about specific friendly intentions, capabilities and activities, so they can obtain answers critical to their operational effectiveness." We must not answer the adversaries' questions as this provides them intelligence indicators that identify friendly intentions, capabilities and activities.
b. For Official Use Only (FOUO) Information. This sensitive unclassified category involves information that must meet the Freedom of Information Act (FOIA) exemption criteria as specified in AR 25-55 w/change 1. Assignment of material to this category requires a case-by-case determination at the time of origination. Information that is not classified, but requires or should be withheld from public disclosure IAW AR 25-55 w/Chg 1, is For Official Use Only, and therefore sensitive information and will be handled and marked accordingly. The following are exemptions to the FOIA that must be handled as FOUO. A complete list can be found in AR 25-55 chapter 3.
(1) Documents relating solely to the internal personnel rules and practices of the unit (e.g. orders, SOPs, and administrative documents such as sick call hours).
(2) Financial information received in confidence (e.g. bids, contracts, and proposals with non-DoD agencies).
(3) Internal recommendations pertaining to the decision-making process (e.g.
AARs, staff evaluations, and budget plans).
(4) Information in personnel and medical files.
c. The command EEFI (Critical Information) listed herein are to be protected by all personnel assigned or working for this command. This does not mean that the EEFI stated here are classified, or that this list is in itself classified. It is the answers to the questions that must be protected in some manner. Prior to public release (this includes
FOR OFFICIAL USE ONLY
8
disposal as unclassified trash), information that concerns the command EEFI will be reviewed by the designated OPSEC POC.
3. COMMAND EEFI.
a. The RSS EEFI are:
(1) How are units trained during rotations?
(2) What are the specifics of the redeployment of 11 th ACR units?
(3) When are Soldiers in the field and for how long?
(4) Where are rosters listing personnel information including family member phone numbers and addresses and personal data kept?
(5) When and where are major functions, including organizational days, formations, and special training?
b. The NTC and Fort Irwin EEFI are:
(1) What are the capabilities or weaknesses of a directorates, units or agencies support to Fort Irwin and what are the capabilities, vulnerabilities or weaknesses of any maneuver unit assigned, attached or on rotation here (e.g. AARs, trends, tactics/techniques and procedures (TTPs), etc)?
(2) What are totals, locations and occupants of sensitive positions?
(3) Is there any derogatory information on people that could be used by a Foreign
Intelligence Service?
(4) Are there down range unit locations listed anywhere?
(5) Are there critical personnel shortages or unit strengths listed anywhere?
(6) Are there critical equipment shortages or significant down time listed anywhere?
(7) Where and how are ongoing plans and operations stored and are people briefed about their sensitivity?
(8) Are Automated Information Systems capabilities, vulnerabilities or weaknesses listed anywhere?
FOR OFFICIAL USE ONLY
9
(9) Is there special training occurring in your unit or during a rotation (examples are mountain, airborne, linguistic, or other unique or unusual training)?
(10) Who handles and how is information disseminated about VIP or Distinguished visit or identities or itineraries?
(11) How is information about New Equipment receipt, capabilities, vulnerabilities or weaknesses handled and Weapons and systems capabilities, vulnerabilities or weaknesses?
(12) How is information about Security measures used by the installation at the different Force Protection Condition Levels handled and disseminated?
(13) How are recall rosters of directorates, units, staffs and agencies handled and disseminated?
(14) How are maps showing sensitive locations (i.e. HQs, HRTs, MEVA’s etc.) handled and disseminated?
FOR OFFICIAL USE ONLY
10
SECTION III
DESCRIPTION OF THE THREAT
1. COLLECTION THREAT. It has been determined that the collection capabilities facing the U.S. Army and the National Training Center and Fort Irwin are multi-disciplined and pervasive. The adversary is often portrayed as a sinister individual secretly photographing classified documents taken from a safe at night. This type of activity constitutes a mere fraction of the current foreign multidiscipline approach to intelligence collection. Foreign i ntelligence services’ collection efforts may apply only one method of collection or any combination of methods. Generally, multidiscipline collection capability is divided into the four categories listed.
2. HUMAN INTELLIGENCE (HUMINT) THREAT. As its name implies, the source of
HUMINT is people. HUMINT is the collection of information for intelligence purposes through the use of and by human sources. It is commonly gathered either covertly by espionage agents with placement and access, or overtly through information readily available to the general public. Intelligence services assign a high priority to the acquisition of scientific, technical, economic and military systems information, research and development of DOD military technology, and industrial techniques and processes as they relate to military and strategic capabilities. HUMINT is also used to verify and expand on intelligence gathered through other sources. HUMINT threats against the
RSS include:
a. FOREIGN INTELLIGENCE SERVICES. Intelligence agents are assigned to illegally collect information, either through personal infiltration into an organization or through a knowledgeable or unwitting intermediary with access to the desired information. The unwitting intermediary could be anyone who becomes careless in protecting classified or sensitive unclassified information, or who forgets the vital nature of routine data as a result of continuous exposure to classified and sensitive unclassified information.
b. OPEN SOURCE. Intelligence collection services satisfy the majority of their intelligence collection requirements through the systematic analysis of open source literature. Here at Fort Irwin these sources could include The High Desert Warrior and
PAO news releases. Individual Soldiers may also contribute to this threat by posting sensitive or CUI on the Internet. It is estimated that over 80 percent of the information desired by foreign intelligence collectors within the United States can be gleaned from open sources.
c. TERRORISM. A terrorist threat assessment of the NTC must consider both domestic and international elements. Subsequently, the potential collection threat to the command is significantly increased by virtue of the continuous media interest in training at the NTC. No known terrorist threat has been identified which specifically targets the
FOR OFFICIAL USE ONLY
11
NTC, personnel or tenant units. However, there have been identified threat groups operating in Southern California. See G2 and/or CID personnel for the most recent information on such groups.
d. TECHNOLOGY TRANSFER. Technology with military application has been identified as a high-priority target for all foreign intelligence collection organizations. In their efforts to satisfy their collection requirements, foreign intelligence agents target
U.S. Government and military organizations, the Defense Contracting industry, and the academic community to gain information about military technological capability.
3. SIGNALS INTELLIGENCE (SIGINT) THREAT. SIGINT is collected by intercepting electronic signals emanating from telecommunications facilities or non-communicative devices emitting an electronic signal.
a. COMINT is information derived from the study of intercepted electromagnetic communications. Prime sources of valuable COMINT include clear voice, nonencrypted telephones and radio communications, and web access (including email traffic). Major Foreign Intelligence Services (FIS), using various intercept platforms, have a worldwide COMINT capability, which is growing in importance and use.
b. ELINT is technical or intelligence information derived from non-communication electromagnetic radiations, such as those emitted by radars.
c. FISINT is derived from the intercept and analysis of communication between pieces of equipment. An example of FISINT would be information obtained from the intercept of electronic communications between a missile and its ground-based guidance system. SIGINT collectors which pose a threat include fixed ground collection platforms within the Continental U.S. (CONUS); interception of emitters; e.g., telemetry, radar, and other emissions that can be intercepted by satellite, aircraft, or ground-based collectors; interception of site voice communication; interception of microwave transmissions of Defense Switched Network (DSN), local, and long-distance telephone calls, and email traffic on the web.
4. IMAGERY INTELLIGENCE (IMINT) THREAT. IMINT is a valuable collection means and includes data obtained by photographic, infrared, or radar imagery equipment.
IMINT can be collected through cameras mounted on space vehicles, overhead aircraft, or by individuals on land. IMINT provides foreign intelligence agencies an extremely valuable collection tool at the research and development, test ranges, and the exercise and training centers. Targets of IMINT collection include test facilities, training ranges
(such as those here at Fort Irwin), industrial complexes, personnel and material. This method of collection is valuable because it can inform analysts of areas requiring further examination by more exacting methods of intelligence collection.
FOR OFFICIAL USE ONLY
12
5. MEASUREMENTS AND SIGNATURES INTELLIGENCE (MASINT). MASINT is scientific and technical intelligence obtained by quantitative and qualitative analysis of data derived from technical sensors for the purpose of identifying any distinctive features associated with the source, emitter, or sender and to facilitate subsequent identification or measurement. MASINT includes all technical intelligence except
SIGINT, and overhead imagery. The eight primary disciplines of MASINT are Infrared,
Seismic, Radar, Laser, Effluent, Nuclear, Optical and Unintentional Radiations.
MASINT collection may be conducted by HUMINT intelligence assets using portable collection sensors as well as air and space borne collection sensors.
FOR OFFICIAL USE ONLY
13
SECTION IV
RSS, 11 th ACR OPSEC VULNERABILITIES
1. OPSEC vulnerabilities provide the most lucrative source of information normally targeted by adversary collection operations. The following are potential vulnerabilities to adversarial collection within the unit.
a. Failure of command personnel to ensure that classified or sensitive unclassified information is furnished or disclosed only to authorized persons.
b. Failure to provide a security review for classified information and controlled unclassified information resulting in inadvertent disclosure of the information.
c. Assignment of un-cleared personnel to duties that may provide the opportunity for access to classified or controlled unclassified information.
d. Failure to maintain proper security at classified or sensitive meetings, conferences, and planning sessions.
e. Failure of exercise and test planners to specify in exercise and training those protective measures necessary to safeguard the methods, doctrine, tactics, and capabilities being exercised.
f. Documents published and distributed without required OPSEC reviews.
g. Documents generated but not reviewed and marked For Official Use Only (FOUO).
h. Improper disposal of sensitive, unclassified information.
i. Failure of managers to enforce compliance with OPSEC guidance and security policy.
j. Failure to maintain or enforce access controls for designated restricted areas (team rooms, squad areas, planning rooms).
k. Failure to maintain strict key and lock accountability to facilities that contain unit information.
l. Failure to follow procedures for test and maintenance of intrusion detection systems.
m. Failure to follow established procedures in the control and movement of vehicles entering or leaving restricted areas.
FOR OFFICIAL USE ONLY
14
n. Failure to use authorized locking devices in accordance with the sensitivity of the item/information being protected.
o. Individuals processing classified and sensitive unclassified data on AIS equipment that has not been approved or accredited for such operations.
p. Computer systems being used at home for Government work without accreditation, or authorization.
q. Unauthorized persons may obtain access to unit AIS systems through monitoring remote dial-in-access. Threat increases through the use of static passwords.
r. Failure to downgrade or declassify AIS systems prior to admitting maintenance personnel without the proper security clearance into the AIS facility requiring maintenance, and providing qualified escort to accompany and observe all repairs/ maintenance. Failure to properly clear or purge hard drives prior to AIS turn-in to a property book officer.
s. Failure to properly secure computer facilities during non-operational hours.
t. Discussing sensitive or CUI over the telephone or in a public area subject to intercept.
u. Soldiers do not positively identify personnel requesting information as having a need-to-know.
v. Throwing documents in the trash that contain personal, training, or mission-related information.
w. Taking work-related material home or leaving such documents visible in a car.
FOR OFFICIAL USE ONLY
15
SECTION V
RSS, 11 th ACR OPSEC MEASURES
1. OPSEC MEASURES. Operations security measures outlined in this section have been instituted to eliminate, reduce, or counter the possible vulnerabilities enumerated in Section IV. The actual measure or measures, in most cases, will in fact be normal security, protective, or procedural actions that are conducted by various other disciplines.
2. INFORMATION SECURITY. Information can be compromised in a variety of ways.
Our conversations at work and off the job must not pertain to subjects that our listeners have no need to know. Security procedures include using only approved storage containers, double-checking offices prior to departure, and ensuring the need-to-know of all personnel entering the area. OPSEC reminders and EEFI will be posted in work areas and near telephones and computers. Shredders will be used to destroy FOUO or
CUI and will be readily available in troop orderly rooms and major work areas. Leaders are encouraged to enforce a “no-homework standard”; work-related documents should not be taken home at the end of the duty day.
a. CLASSIFICATION MANAGEMENT. The overall classification of the document must equal the highest classification of any page or pages therein. The security requirements for classified documents are prescribed in AR 380-5.
b. STORAGE OF CLASSIFIED MATERIAL OR HARDWARE. Classified material shall be stored in approved security cabinets or containers. Storage in security containers not in compliance with security standards will generate additional requirements in terms of supplemental controls. There is no facility in the 11 th ACR authorized for open storage of classified information.
3. AUTOMATED INFORMATION SYSTEMS (AIS) and FACILITIES SECURITY.
Information Systems Security strives to deny availability of data that could be used to expand unauthorized access to automated information systems. It confounds intelligence preparation of a network architecture or system structure by limiting access privileges. ISSOs will set account and user rights policies to control password uniqueness, aging, lockouts, and universal rights to objects.
4. PERSONNEL SECURITY AND VISITOR CONTROL.
a. When a visit involves access to classified information or access to secure areas, the proponent of the visit or the office concerned will be responsible for controlling access to such information consistent with the security clearance and purpose (need-toknow) of the visit. Access to classified defense information will not be permitted until identification and security clearance are positively established. In no case will visitors be
FOR OFFICIAL USE ONLY
16
granted access to information classified higher than that indicated on the approval of the specific visit.
d. Uncleared personnel supporting command operations will not be assigned to duties which may provide them access to classified information until a security clearance is granted and a need-to-know is established.
5. CLASSIFIED MEETINGS AND CONFERENCES. Meetings, briefings, and conferences should be held only in locations authorized for classified discussions. The location should meet the U.S. Army sound attenuation requirements for normal-voice frequency. The only location in the 11 th ACR authorized for classified meetings is the
S2 Vault, Building 185.
a. The location selected will be provided a physical security sweep at least one hour prior to the start of the meeting. Doors to the room will remain locked after the sweep until a cleared person in charge of the meeting opens the room for purposes of conducting the meeting.
b. The individual responsible for arranging the meeting is also responsible for the security of the meeting. The responsible individual will:
(1) Notify attendants of security limitations imposed on disclosure of classified information.
(2) Ensure that each person attending classified portions of meetings has appropriate access authorization and need to know.
(3) Ensure adequate storage facilities are available when required.
(4) Ensure that any notes taken during the meeting are properly classified and marked and that arrangements have been made for proper transmission of the notes back to the employees' organizations. If this is not feasible, ensure that no notes are taken.
(5) Monitor the meeting to ensure that discussions are limited to the level authorized.
(6) Identify the level of classification of the meeting at both the beginning and the end of the meeting.
6. PROCEDURES TO PROTECT FOR OFFICIAL USE ONLY (FOUO) INFORMATION.
a. FOUO CONSIDERATIONS. This category of information must be excluded from public release; information can be excluded or marked FOR OFFICIAL USE ONLY if it
FOR OFFICIAL USE ONLY
17
is OPSEC sensitive and is CUI. To qualify as FOUO, information must fall under one or more of the exemption categories of records specified in AR 25-55 W/Chg 1.
b. Handling. Access to FOR OFFICIAL USE ONLY material will be limited to those employees who need the material to do their job.
c. FOUO material will be handled in a way to preclude its disclosure to the general public and to limit its circulation. FOUO material should not be left unattended when removed from storage.
d. Marking.
(1) The marking FOR OFFICIAL USE ONLY will be stamped or marked in bold letters near the bottom of those pages which contain FOUO information. "FOUO", in abbreviated form, will NOT be used as a marking.
(2) In classified documents, pages containing classified information shall be marked with the applicable security classification, but NOT with the FOR OFFICIAL
USE ONLY marking. Those pages which contain FOUO Information but which do not contain classified information shall be marked FOR OFFICIAL USE ONLY.
(3) FOUO markings on pages printed on automatic data processing (ADP) equipment may be applied by the equipment provided the first page and front and back covers are marked as required in (2), above.
(4) When FOUO material is transmitted by a cover letter or other document which does not contain FOUO or classified information, the cover letter or other document shall be marked as in (2), above. The following marking shall also be applied: "This marking is canceled when separated from the material bearing a protective marking."
e. STORAGE. FOUO material will be stored in the most secure manner available.
When available storage containers used for classified material are not fully utilized, then
FOUO will be stored in these containers to the extent possible. If such containers are not available, FOUO may be stored in unlocked files, desks, or similar items if normal internal building security is provided after business hours. If normal internal building security is not provided after business hours, FOUO will be stored in locked rooms, desks, etc. If in doubt - lock it up!
f. ELECTRONIC TRANSMISSION. FOUO information will be transmitted on government networks only. Special care will be taken when communicating with FRGs to protect sensitive information and preclude unauthorized use of FOUO information.
FOR OFFICIAL USE ONLY
18
g. DESTRUCTION. FOUO material marked with distribution statements shall be destroyed in a manner that will preclude reconstruction of the document or reconstitution of the information.
h. FOUO INFORMATION TO CONTRACTORS. If FOUO information is provided to a contractor, specific notification of the requirements for protection of such information must be provided to the contractor as a contractual requirement on the DD Form 254
(DOD Contract Security Classification Specification).
i. FOUO OPSEC REVIEWS. OPSEC Officers will conduct required OPSEC reviews with coordination and final release authority by the Public Affairs Office and the
Installation OPSEC Officer. The OPSEC review will center on the command EEFI and unit specific EEFI. This will ensure procedures are followed to preclude release of classified or sensitive unclassified information into the public domain. OPSEC Officers must have current security classification guides, OPSEC guides, command EEFI, and be knowledgeable of all the sensitive aspects of their organization. Any questions, inconsistencies, or unusual situations, should be resolved with G2 for resolution.
7. DISTRIBUTION STATEMENTS ON TECHNICAL/OPERATIONAL DOCUMENTS.
The majority of information produced by and for the command is technical or operational in nature, as defined in AR 25-30. Distribution statements are not classification markings, they establish the limitations on the distribution of various types or categories of technical and operational information and data. Technical/operational documents classified FOUO and unacceptable for general public release will have a distribution statement. The word “Distribution” will be placed at the left margin on the second line below the “OFFICIAL” section. Distribution information or letter-code designations will be placed on the next line, beginning at the left margin.
8. PHYSICAL SECURITY. Physical security includes the use of security guards, restricted areas, perimeter barriers, protective lighting, surveillance systems, secure containers, intrusion detection systems, and access control systems.
a. All offices that contain sensitive unclassified information as identified in Section II will be secured during non-business hours against surreptitious entry. Key control procedures will be established to control access to these areas.
b. Facilities, buildings, and areas having external trash bins and/or participating in the paper recycle program will have in writing a method of ensuring that sensitive unclassified information is not placed in these receptacles for disposal.
FOR OFFICIAL USE ONLY
19