COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

Transcription

1 BY ORDER OF THE COMMANDER MINOT AFB MINOT AIR FORCE BASE INSTRUCTION MARCH 2017 Security Enterprise SECURITY ENTERPRISE COMPLIANCE WITH THIS PUBLICATION IS MANDATORY ACCESSIBILITY: Publications and forms are available on the e-publishing website at for downloading or ordering. RELEASABILITY: There are no releasability restrictions on this publication. OPR: 5 BW/IP Certified by: 5 BW/CV (Colonel David Ballew) Pages: 99 This publication implements AFPD 16-14, AFI , AFI , AFI and AFI It provides the basis for implementing AF instructions to execute Security Enterprise (SE) portions of the Information Protection (IP) program and the Insider Threat Program (INTP) of the AF SE. This publication provides protective standards for sensitive information, regardless of the domain, classification or category of the information. It applies to all military, civilian and government contractor personnel assigned to Minot Air Force Base (MAFB) 5th Bomb Wing and 91st Missile Wing units. It also establishes the local policies and responsibilities for the oversight, management, and execution of the MAFB Information Protection Program and is directive in nature. Compliance is mandatory for all personnel and the terms must, shall, and will denote mandatory actions in this instruction. The terms should or may indicate preferred, but non-mandatory actions. Failure to comply with the publication is punishable as a violation of Article 92, Uniform Code of Military Justice (UCMJ). This instruction implements guidance and requirements prescribed in the directives: DoD Directive , Management of Defense Security Enterprise, 24 Apr 13; DoDI , DoD Information Security Program and Protection of Sensitive Compartmented Information, 09 Oct 08, IC1 13 Jun 11; DoD Manual , Information Security Program, Volumes 1, 2, 3 and 4, 24 Feb 12; DoD R, Personnel Security Program, Jan 87, Change 3, 23 Feb 96; DoDI , Personnel Security Program, 21 Mar 14; DoDM , Industrial Security Program/NISPOM, 4 Dec 85, Change 1 28 Mar 13; AFPD 16-14, Security Enterprise Governance, 24 Jul 14; AFI , Information Security Program Management, 29 May 15; AFI , Industrial Security Program Management, 26 Aug 15; AFI , Personnel Security Program Management, 27 Jan 05; and applicable AFGSC Supplements. It also consolidates selected SE and IP policy from DoDI , Cyber Security, 14 Mar 14; DoDM

2 2 MINOTAFBI MARCH , V1, DoD ID Cards, 23 Jan 14; AFPD 10-7, Information Operations, 04 Aug 14; AFPD 33-3, Information Management, 08 Sep 11; AFPD 35-1, Public Affairs Management;28 Sep 12. The more traditional (security forces-based) security programs are governed under the local 31-series publications/requirements. Compliance with this instruction requires the collection and maintenance of information protected by the Privacy Act of 1974 authorized by Title 50 United States Code 797. For Official Use Only and/or Privacy Act statements are required by AFI , The Air Force Privacy Act Program. Systems of Records, F031 AF APO, Documentation for Identification and Entry Authority, apply. Maintain records created as a result of published processes prescribed IAW AFMAN , Management of Records, and dispose of records IAW the AF Records Disposition Schedule (RDS), available from the Air Force Portal at the AF Records Information Management System (AFRIMS) link. Contact supporting records managers as required. Refer recommended changes and questions about this publication to the Office of Primary Responsibility (OPR). Chapter 1 THE AF SECURITY ENTERPRISE (AF SE) PROGRAM OVERVIEW Purpose Responsibilities Chapter 2 THE INSTALLATION SECURITY ADVISORY GROUP (ISAG) ISAG Concept ISAG Charter ISAG Objective ISAG Goals ISAG Leadership ISAG Meetings ISAG Member Roles And Responsibilities Table 2.1. ISAG Voting Members Table 2.2. ISAG Advisory Members Chapter 3 INFORMATION SECURITY (INFOSEC) PROGRAM Policy And Program Management INFOSEC Related Programs

3 MINOTAFBI MARCH Chapter 4 PERSONNEL SECURITY Policy And Program Management Duties And Responsibilities JPAS Processing Security Clearances Security Information Files (SIFs) Issuing Clearances And Granting Access Annual UMD Review Network Access Suspension MAFB Visit Request/Servicing Plan Chapter 5 INDUSTRIAL SECURITY PROGRAM Policy and Program Management Duties And Responsibilities Employee Notification Reporting Classified Security Incidents Trustworthiness Determinations Contractor Release of Information Chapter 6 CYBER SECURITY General Information Information Processing Equipment Used With Sensitive Data Marking AIS Equipment/Media Cellphones and Electronic Devices in Classified Processing Areas Documenting System Access Data Spillage and Classified Mobile Devices FIGURE Potential Classified Message Incident (CMI) Process Flow 44 Chapter 7 SPECIAL INFORMATION PROGRAMS (SIPS) General Guidelines Inspection Requirements

4 4 MINOTAFBI MARCH The Personnel Reliability Program (PRP) The Restricted/Formerly Restricted Data (RD/FRD) Program Critical Nuclear Weapons Design Information (CNWDI) Program North Atlantic Treaty Organization (NATO) Program Communications Security (COMSEC) Program Sensitive Compartmented Information (SCI) Program Installation Nuclear Command And Control Extremely Sensitive Information (NC2-ESI) Program Management (INPM) Presidential Support Activities (YANKEE WHITE) Other Special Access Programs Chapter 8 CLASSIFYING, MARKING AND DECLASSIFYING INFORMATION Original Classification Derivative Classification Marking Classified Information Marking Controlled Unclassified Information (CUI) Declassifying, Downgrading or Regrading Information Classification Challenges Chapter 9 TRANSMISSION/TRANSPORTATION OF SENSITIVE INFORMATION General Policy Training Standards Preparation For Shipment Escorting/Hand Carrying Classified Chapter 10 SAFEGUARDING SENSITIVE INFORMATION General Policy Figure Work Order Submission Flow Standards Granting Access to Classified Classified Aboard Aircraft

5 MINOTAFBI MARCH Local Instructions Closed Storage of Classified Open Storage (OS) of Classified Certifying Open Discussion (OD) Areas Certifying SIP OS/OD Areas Disposition and Destruction of Classified and CUI Alternative/Compensatory Control Measures Chapter 11 INFORMATION PROTECTION EDUCATION AND TRAINING General Requirements Conducting Unit IP Training Derivative Training Combining Related Security Disciplines with IP Training IP Office Training Responsibilities The USM Recognition Program Chapter 12 SECURITY INCIDENTS General Information Conducting Incidents Reports Incidents with Electronic Devices in Classified Processing Areas Classified Information System Incidents Closing Incidents Chapter 13 INSIDER THREAT PROGRAM Purpose InTP Governance InTP Objectives Responsibilities Chapter 14 COMMON ACCESS CARD (CAC) FOR UNCLEARED PERSONNEL Policy And Program Management Duties and Responsibilities Requirements for PSI

6 6 MINOTAFBI MARCH Volunteer Logical Access Credential (VoLAC) Program Network Access Suspension.: Attachment 1 GLOSSARY OF REFERENCES AND SUPPORTING INFORMATION 79 Attachment 2 SAMPLE MEMORANDUM FOR APPOINTMENT OF SECURITY MANAGER 85 Attachment 3 SAMPLE APPOINTMENT LETTER 87 Attachment 4 VOLAC CHECKLIST 88 Attachment 5 CHECKLIST FOR USE OF COPIERS/SCANNERS WITH SENSITIVE INFORMATION 89 Attachment 6 CHECKLIST FOR CLASSIFIED MESSAGE INCIDENTS (CMI)/DATA SPILLAGES 91 Attachment 7 SIPRNET USER TRAINING 94 Attachment 8 CAC ISSUE FOR UNCLEARED PERSONNEL 96 Attachment 9 SPECIAL SECURITY AREA REVIEW CHECKLIST 98 Attachment 10 DISTRIBUTION LISTING 99

7 MINOTAFBI MARCH Chapter 1 THE AF SECURITY ENTERPRISE (AF SE) PROGRAM OVERVIEW 1.1. Purpose. The Secretary of the AF (SAF) established the AF SE concept with the publication of AFPD 16-14, Security Enterprise Governance, 24 Jul 14; AFI , Insider Threat Program Management, 05 Aug 14; AFI , Air Force Information Security Program, 29 May 15 and AFI , Air Force Industrial Security Program, 26 Aug 15. It also includes the information found in AFI , 27 Jan 16 (to be replaced by AFI ). The AF SE concept establishes responsibilities for oversight, management and execution of AF SE, which includes the Information Protection (IP) portfolio and Insider under SAF/AAZ. Implementation of AFPD requires interagency cooperation between IP and more traditional security functions. The AF SE implements this cooperation through an executive council which is reflected at Minot AFB through the Installation Security Advisory Group (ISAG) for IP-related issues and the Integrated Defense Council (IDC) for traditional Security Forces-related items. Each of these councils has representatives on the other council (e.g., IP has a seat on the IDC, and the 5 SFS and 91 SFG have security representatives on the ISAG.) The IP Portfolio. Three specific functional areas encompass the IP Portfolio: Information Security (INFOSEC), Personnel Security (PS) and Industrial Security (INDSEC). The IP Office (IPO) also manages the AF SE Insider Threat Program. The goal of IP operations is to provide consolidated guidance for IP concerns across the AF SE using a converged organizational approach to provide an integrated risk-management structure to ensure information essential to successful operations is effectively protected and available to the war-fighter when needed The IP Concept. The IP concept is based on four key pillars which consist of PS, physical security, information technology and security policy. The key to the IP program is the ability of the IP Office (IPO) to act as a single focal point for senior leaders on AF SErelated issues. This may include forwarding a traditional security issue to the IDC POC for consideration. The IPO is the sole focal point on matters pertaining to AF sensitive information, regardless of classification, category or the medium, with the exception of special access information, which will be referred to the MAFB Special Security Officer (SSO). The MAFB IPO reports directly to the 5 BW/CV through the Chief, IP (CIP). Another key aspect of the IP concept is the establishment MAFB Installation Security Advisory Group (ISAG). The ISAG is an independent executive committee which reviews, coordinates and establishes policy for the MAFB IP Programs. The ISAG is chaired by the CIP and membership is addressed below. The ISAG Chairman has a seat on the installation s Integrated Defense Council, which acts as the installation s traditional security meeting group and may brief items of interest to this group Insider Threat Program. This portion of the AF SE is a joint effort which is coordinated by IP. Duties and responsibilities are considered incorporated in the following paragraphs, and program specific requirements are discussed at chapter 13 of this instruction Operations Security (OPSEC) Program. The OPSEC program is incorporated into the IP program at Minot AFB.

8 8 MINOTAFBI MARCH Program oversight is provided by IP office personnel during the IP portion of CCIPs using SAF and MAJCOM Management Information Communicator Toolkit (MICT) communicators Training requirements for OPSEC coordinators, unit member and, as needed, for other unit specialties, are incorporated into IP initial and annual training The 5 BW is the host unit for the OPSEC program and also accomplishes oversight and training for the 91 MW and tenant units USMs act as the unit OPSEC coordinator at MAFB Responsibilities. All unit commanders, staff agency chiefs, security managers and supervisors will ensure personnel assigned to their units who work with or around sensitive information (classified or controlled unclassified information (CUI) are properly trained and comply with requirements, regardless of whether they have daily access to the information or not. The basic requirements are established in DoD 5200-series and further defined by AF and MAJCOM subordinate instructions th Bomb Wing Commander. The commander acts as the component head defined in DoDM , Volumes 1-4, paragraphs 2.a., AFI , paragraph /2.4 and Defense Security Executive discussed in DoD Directive The commander also implements and enforces the AF Security Enterprise to de-conflict and coordinate security related functions and the installation IP Program to ensure information deemed sensitive and/or vital to national security DoDM and AFI 16-series instructions. The Chief, Information Protection (CIP) and IPO staff implement IP for the commander IAW AFI , th Bomb Wing Vice Commander. The Vice Commander is delegated all duties levied on the Wing Commander in AFI paragraphs 2.4. These duties are further delegated, with the exception of direct oversight for the IP Office, to the CIP CIP Duties. The CIP is the Wing Commander's primary focal point for all IP-related matters and executes duties which include: Acting as the delegated authority for certification and approval of Open Storage (OS) areas used to store collateral classified. Unit commanders request risk assessment surveys of proposed OS areas in writing before use and prior to CIP certification. Areas not formally certified will not be used for OS of classified Acting as the delegated authority for certification and approval of secure discussion facilities used for collateral classified, also known as Open Discussion (OD) areas Acting as Chairman of the MAFB ISAG, on behalf of the 5 BW/CV Ensuring the IPO staff accomplishes duties outlined below, as required, to support MAFB IP operations Maintaining and updating this instruction and ensuring it covers all items as required in AFI Ensuring an IP representative is present at IDC meetings to address or provide briefings, as needed, on IP-related matters discussed.

9 MINOTAFBI MARCH Ensuring personnel filling IP office billets are trained, as applicable, IAW provisions outlined in AFI Providing oversight, guidance and technical assistance on IP-related matters to senior leaders and IP-related security personnel, as needed Providing oversight to ensure required unit IP self-assessments are accomplished IAW AFI and local requirements; tracked and administered in MICT Developing local IP MICT checklists and/or communicators. If local checklists or communicators are created, they will be reviewed by AFGSC/IP prior to having them loaded into the MAFB MICT database Where possible, unit IP conducted self-assessments will be integrated into the local commander s inspection program (CCIP) inspection schedules determined by the 5 BW/IG and 91 MW/IG Preparing the annual Senior Agency Official (SAO)/Information Security Oversight Office (ISOO) self-inspection report for the Wing Commander s review/signature, prior to submitting to MAJCOM/IP for inclusion in their annual SAF report Commander/Staff Agency Chief Responsibilities. Commanders/Staff Agency Chiefs (referred to as commanders throughout the rest of this document) will establish, sustain and resource the necessary elements of the IP program for their unit. This includes ensuring unitlevel education, training and awareness, is provided to assigned personnel; and that USMs are provided opportunities to attend professional training programs. They will also comply with this instruction and the DoD/AF basic directives in regards to implementing specific portions of the IP program in their unit. Contractors will not be assigned duties as a USM for government agencies. Additionally: Ensure a primary and assistant USM are designated, in writing, with a copy of the letter forwarded to 5 BW/IP. The USM assigned will, as a minimum: Have a clearance equal to the highest level of classified stored by the unit. Even if a unit does not store classified, the USM must have a secret clearance to access JPAS. Do not consider personnel for USM duties if they have or are pending derogatory action (local or AFCAF) or if they have no or outdated investigations. The basic requirement for access to the Joint Personnel Adjudication System (JPAS) is at least secret eligibility access The primary USM must meet the grade requirements outlined in DoDM , V1, Enclosure 2, 8.b. Assistant USMs do not need to meet the grade criteria. If a group USM concept is used to meet the grade requirement, the subordinate assistant security managers will report to the primary group USM, IAW AFI , Have organizational placement within the unit to ensure they have free access to the commander to discuss IP and/or Security Enterprise-related matters. The USM must be able to interact with unit leadership to discuss extremely sensitive personal information on unit members in the course of their duties. If suitability

10 10 MINOTAFBI MARCH 2017 issues arise after appointment, USMs must be removed from duties until such issues are resolved Consider establishing a dedicated unit manning document (UMD) billet for USM duties and assigning it as a primary duty. This will provide continuity for the unit and allow the individual to adequately and professionally execute and implement the IP Program for the commander. This is especially important if the USM will be handling multiple security related duties such as Resources Protection, Flight Line Protection, Personnel Reliability Program (PRP), etc. or any combination of these duties Must use the Security Specialist Performance Document (PD) and code the position as 0080 if 50% or more of included duties are security-related. This does not preclude including other duties in the PD Ensure the USM completes all required training within time lines stipulated in this instruction. Failure to complete required training is grounds for removal from USM-related duties. Also ensure the duties are listed as a critical duty on job descriptions, PDs, and reflected as critical in performance reports IAW AFI , Use procedures outlined in AFI and DoDM , V1, Enclosure 2, 8.c. for appointing/training assistant security managers. Assistants, also called alternates, will be trained to the same standard as the USM and their duties reflected as critical on performance reports. Failure to complete required training is grounds for removal from USM-related duties Use procedures outlined in AFI and DoDM , V1, Enclosure 2, 6.e.(2) if security assistants are appointed. They must be appointed in writing and are intended to perform duties of clerical nature, to assist the USM. The members must complete training identified in this instruction or they will be removed from the security assistant duties Act as the unit Operations Security (OPSEC) coordinator. All required OPSEC training is included in the USM initial training Publish an operating instruction (OI) which addresses unit specific IP requirements. The OI will include the unit's IP training plan, special area security procedures (e.g., entry and access control procedures for open storage/discussion areas) and unit specific special access program requirements (e.g., COMSEC, PRP, RD/CNWDI, et. al.). It is acceptable for the unit to include requirements from other security disciplines, provided all mandatory IP guidance is present. For example, a unit could have one combined security OI detailing requirements from both physical security (AFI ) and IP (16-14XX series). Finally, the USM must ensure the OI is in compliance with AFI , Publications and Forms Management, Table Units which have multiple subordinate units (e.g. a group) may publish one OI which covers all their subordinate units, even if they maintain separate unit IP programs.

11 MINOTAFBI MARCH The OI template provided by 5 BW/IP should be used to ensure all mandatory HHQ and local MICT communicator/checklist items are addressed. In addition, a copy of the OI must be forwarded to the IPO once signed by the commander Ensure the OI requires other unit agencies (e.g., PRP managers, First Sergeants, supervisors, etc.) to notify USMs if derogatory information on unit members arises so USMs can properly advise commanders and/or complete mandatory security information file actions Notify the IP Office at least 30 days prior, if possible, to beginning any substantial renovation, remodeling or substantial work in certified open storage/discussion areas. Note: Failure to notify the IPO could result in decertification of the area Ensure the unit reports corrective actions and recommendations to unit IP assessment findings as completed and required by the IPO Appoint an individual in writing (other than the primary/assistant USMs, such as a USM from a different organization) to conduct the required semiannual self-assessment as outlined in AFI , Ensure the assessor uses, at a minimum, the guiding IP AFIs and DoD instructions, MICT IP communicators, and approved local MICT checklists to conduct the assessment. It s highly recommended USMs from outside organizations are used to conduct the unit semiannual self-assessment; if necessary, coordinate with 5 BW/IP for assistance in identifying an outside organization USM to conduct the assessment Ensure civilian/military USMs and other personnel with primary duties in creation/handling of classified information reflect the duties as critical elements in performance reports. As a minimum, add the duties as a critical element, item, or assessment item on performance documents. This requirement applies to security professionals (i.e., USMs) as well as personnel where an integral part of their job is handling classified information as (e.g., derivative classifiers, container custodians, etc.) {REF: AFI , } Ensure personnel are given access to collateral classified based on the access requirements shown on the UMD. Additionally: Access will be granted only if the member has been determined to be trustworthy (i.e., in-scope PSI) and access is necessary for performance of official duties (need-to-know) Members will NOT be indoctrinated in JPAS for any access level until the required training outlined in AFI and this instruction is completed Consider a security information file (SIF) on members, IAW AFI , anytime derogatory information brings a member s trustworthiness, loyalty, or honesty into question Allow access to special access material based on the specific rules for the program.

12 12 MINOTAFBI MARCH If applicable, establish and maintain a Top Secret Control Program (TSCP) IAW DoDM , Volume 1. If the unit has a TSCP the USM and assistants must be authorized TS access. Failure to comply with this requirement is a violation of DoDM , Volume 1, Enclosure 2, 8.b(2)(c) & (d). This is required to allow the USM to properly administer and provide oversight for the Information Security portion of the IP program Designate a TS Control Officer (TSCO) to manage and account for TS materials and TS Control Assistants (TSCA) as needed, to assist the TSCO. If the commander does not appoint a TSCO and TSCA, the USM and Assistant USM will act as the TSCO/TSCA Utilize the AFGSC TSCO Handbook and DoDM , Volume 1 to establish local written TSCO/TSCA procedures and incorporate them into the unit s local IP operating instruction Tenant Units. Tenant units are included in the MAFB IP program and will comply with this instruction unless the unit commander (or equivalent) formally declines participation in all or part of the MAFB IP program. If a tenant unit commander declines participation, it will be documented in writing and maintained in the IPO unit folder and should be reviewed annually IP Office Duties. The IPO staff provides oversight for the IP program and will: Conduct activities IAW DoDM , V1-4, AFI and implementing guidance (see references), as supplemented. This may include: Developing required training, as needed. This may include assisting USMs with development of unit specific localized unit training or other IP-related training Monitoring the security incident program, to include providing trend and risk mitigation analysis to USMs and senior leaders (through the CIP) Conducting annual program reviews (PRs) of unit IP programs. The PRs are conducted IAW AFI , Chapter 10 to ensure oversight and to validate compliance. The PRs may be conducted as a part of the applicable wing s CCIP program, when the IG schedule allows, but will be conducted at least annually to obtain required data for the annual SAO/ISOO self-inspection report. The SAF/AAZ MICT IP communicators and checklists will be the primary source for PRs. If local MICT checklists are created, they will be reviewed and approved by the MAJCOM IP prior to implementation Conducting technical assistance or staff visits are conducted, as requested by the unit commander. The focus of these types of visits will be to help units identify/correct any IP-related issues/deficiencies Coordinating initial risk assessment surveys, certification and recertification surveys of open storage or open discussion (OS/OD) areas. Initial risk assessment surveys are requested in writing to the CIP by the requesting commander. Specific requirements are found at and 10.8 of this instruction.

13 MINOTAFBI MARCH Maintaining a unit folder for each unit/agency participating in the Minot IP program, IAW AFI , as supplemented. Items such as initial/certification surveys, appointment letters, etc. will be maintained in this folder Provided required oversight of items noted during annual program reviews/inspections or special program reviews (SPRs). This may include coordinating corrective actions between IP-related functional experts; verifying corrective actions are complete; and/or providing technical assistance to USMs in developing/implementing corrective actions. As a minimum, the IPO should monitor status of the items identified during annual program reviews/inspections to validate closure actions. Items identified during MAFB IG CCIPs will also be tracked/managed in IGEMS Scheduling and conducting a formal USM meeting at least semiannually. The purpose for this meeting is to disseminate HHQ and local information/changes and elicit feedback on current local issues If an agency combines multiple security disciplines under one manager the unit may request a combined assessment. For example, if the same individual is both the unit Resource Protection (RP) and USM then the 5 BW/IP and the 5 SFS/RP program managers may conduct one combined annual assessment with two separate reports USM Duties. The USM is responsible for implementing their unit's IP Program (to include OPSEC) on-behalf of the commander and is the liaison between the unit and the IP Office. Additionally they will: Act as the primary managers of JPAS within their organizations. The USMs are the sole focal point for in/out-processing and updating JPAS for assigned unit personnel Monitor and act on Personnel Security Investigations (PSIs) or access notifications from JPAS and/or the IPO If the unit has a TS Control Account the USM must be eligible for indoctrination to TS Ensure all required administrative actions for the IP program are completed such as updates to appointment letters; coordinating unit OIs, monitoring IP training, selfassessments, etc. They are the primary focal point for IP-related tasks or suspense items Ensure IP self-assessments (SAs) are scheduled and conducted in a timely manner, including the formal written report from the inspector to the unit commander and forwarding a copy to 5 BW/IP. Additionally: The unit may use the 5 BW/IP annual IP program review as one of the semi-annual SAs Self-assessments will not be conducted by the USM or assistant. Commanders should consider requesting a USM from another agency complete the self-assessment.

14 14 MINOTAFBI MARCH The SA reports will follow the IPO IP program review report format. The SA should be conducted as indicated on the 5 BW/IP annual assessment schedule. Any findings noted during the SA will be noted in MICT Post sufficient numbers of the "Your Unit Security Manager Is." signs throughout the unit to ensure unit personnel are aware of the appointed USMs. A generic template is provided by 5 BW/IP, but any format may be used so long as it provides the required information. Signs should include primary, assistant and contact information. In any case, the USM will ensure unit members are aware how to contact the USM if IP questions arise Disseminate information received from the IPO to the unit commander and/or assigned unit personnel, as required. The USM should consider using newsletters, e- mails, briefings at commander's calls, etc., to disseminate this type of information Provide assistance to the IPO staff, as required, to collect data for local or HHQ taskings on IP issues (e.g., collection of AF Form 311 data, tracking security incidents, unit specific taskings, etc.) If managing a combined program, the USM must ensure appropriate agencies receive the correct copies of appointment letters and/or documents required by the specific program (e.g., do not send 5 SFS RP manager information needed only by IPO staff) Notify the 5 LRS classified receiver listing (LO5) monitors anytime an individual from their unit listed on the LO5 is removed from access to classified. This may include PCS, establishment of a Security Information File (SIF) or if the individual has access and eligibility to classified removed. Failure to make this notification may result in a classified security incident being declared If an individual's security eligibility and/or access to classified are suspended or removed as a result of SIF or a downward directed DoD CAF derogatory notification the USM must take specific actions to ensure the unescorted entry privilege to restricted areas is evaluated. Specific unit procedures will be included in the unit IP operating instruction, but as a minimum: When an individual is authorized access to 5 BW restricted areas, the USM will immediately confiscate (i.e., take physical control of) the restricted area badge. If the unit commander determines unescorted entry to restricted areas is no longer authorized the USM will take the badge to 5 SFS Pass and ID to be properly destroyed If the individual has access to 91 MW restricted areas, the USM will contact KCCC and ensure the AFGSC Form 245 is marked to indicate unescorted entry to the missile complex is no longer authorized. If the USM fails to complete these actions it may result in a classified security incident If a member who has had their clearance or access to classified suspended or revoked, requires entry after losing unescorted entry privileges for restricted areas, follow established procedures for escorted entry.

15 MINOTAFBI MARCH Advise the commander on Air Force Information System responsibilities any time eligibility to classified has been suspended, denied, or as outlined in para 4.8. below Immediately report classified security incidents to the IPO and coordinate inquiries with the IPO Attend USM meetings as directed by the IPO Individual Responsibilities. Each individual authorized access to any type of sensitive information (i.e., classified and/or controlled unclassified information), regardless of the format (i.e., electronic, hardcopy, etc.), is responsible to comply with this instruction and the applicable DoD/AF basic directives, as supplemented. All personnel are personally and individually responsible for properly protecting classified information and CUI under their custody and control. Personnel (including assigned contractor personnel) must understand ANY sensitive information may be of value to our adversaries and must be properly protected. To protect sensitive information personnel must: Comply with handling, marking, and access control for sensitive information entrusted to their care. This requires changing the mindset of "only classified" is important. It includes understanding requirements to safeguard/control CUI such as FOUO, Privacy Act, OPSEC, etc Verify sensitive information under their control is properly protected when not under positive control. Positive control means "full-spectrum" security and may be as simple as locking a computer before leaving for lunch (for FOUO) or as complicated as accessing and re-securing an alarmed area where classified information is stored Never "cut" corners when handling sensitive information, regardless of classification, category or type. Information collected by perpetrators of identity theft is often unclassified and our adversaries often use CUI as a primary source to find out about classified operations Remember, even though OPSEC information is not considered classified and may not even be categorized as FOUO, it requires special handling Be constantly alert to detect and report unauthorized attempts to access sensitive information at any level Make notifications immediately if sensitive information is found improperly guarded or appears to have been improperly accessed. The USM is the primary contact for IP-related classified security incidents. The USM will forward the notification to the appropriate authority, depending on the category and type of information involved. If the USM is not available, report incidents as noted below: If any type of classified information is found improperly stored, accessed or marked, immediately secure it and report the incident to your USM, commander or supervisor. In all cases, the USM must be notified. If the incident occurs after normal duty hours, secure the information in an approved storage container/area and report it the next duty day. The same requirements apply, regardless of the type of information, i.e., hardcopy, electronic media, etc.

16 16 MINOTAFBI MARCH If DoD Unclassified Controlled Nuclear Information (DoD UCNI) is found improperly stored, handled, accessed or is sent transmitted improperly over NIPRNET (i.e., not encrypted/digitally signed) use the procedures noted in para If For Official Use Only (FOUO) information is found improperly secured, is improperly accessed by unauthorized individuals, or improperly transmitted over NIPRNET (i.e., not encrypted/digitally signed) contact 5 CS/SCXR (MAFB Freedom of Information Act Program Manager) at for specific actions to take Open Storage/Discussion (OS/OD) or Classified Processing Areas. Agencies with OS or OD facilities are responsible to follow the procedures outlined in Chapter 10, paragraphs and 10.8 of this instruction to ensure their facilities meet certification requirements Container Custodian. Designated custodians have the primary responsibility of verifying the container is authorized for storage and adequately safeguarding classified information. The custodian will: Be designated in writing for a specific container by the commander/chief or USM of the unit owning the container. This may be accomplished by noting the individual on a consolidated container listing Maintain the container IAW responsibilities outlined in DoDM , Volume 3 and AFI ; to include completion of the Optional Form 89 and other required security forms Maintain and update a record of authorized individuals having access to the container combination IAW DoDM , Volume Ensure classified material secured in the container, regardless of the media, is properly stored, marked and handled IAW DoDM , Volume 2, AFI and MAJCOM supplements Ensure the required clean out day is conducted. Any information not needed for specific mission requirements is to be destroyed by appropriate means during the cleanout day.

17 MINOTAFBI MARCH Chapter 2 THE INSTALLATION SECURITY ADVISORY GROUP (ISAG) 2.1. ISAG Concept. The MAFB ISAG works in conjunction with the MAFB IDC to provide senior level awareness of AF SE issues and is the local equivalent of the DoD Security Enterprise Executive Committee discussed in DoDD The ISAG specifically ensures compliance with SAF and MAJCOM IP policy, oversight, and training requirements by providing realistic courses of action to MAFB senior leaders on emerging threats and policy changes and feedback to MAJCOM on AF SE issues identified at the installation level. The ISAG is a cross-functional forum which brings experts from multiple AF SE-related disciplines together to resolve issues which cross traditional boundaries. This may include (but is not limited to) Cyber Security, Communications Security (COMSEC), Freedom of Information Act (FOIA), Personnel Reliability Program (PRP), special access programs (SAPs), Information Security (INFOSEC), Computer Security (COMPUSEC), Personnel Security (PS), Industrial Security (INDUS), and various other agencies. Other functional areas may be incorporated into the ISAG as deemed necessary by the 5 BW/CV or ISAG Chairman ISAG Charter. The ISAG is chartered by the 5 BW Commander, as outlined in this chapter, to operate as an independent, executive level group whose primary mission is to ensure the critical information used to accomplish the MAFB mission is available to the war fighter when needed. The group coordinates and oversees IP-related security enterprise policy issues in direct support of the MAFB Wing Commanders. Oversight is provided by the 5 BW/CV through the CIP. This may include requiring members to conduct necessary research and staffing of packages prior to submission to senior leaders for action. The ISAG is separate from, but may work in conjunction with, other established groups such as the MAFB IDC, Force Protection Working Group (FPWG) or other formal groups ISAG Objective. The primary objective of the MAFB ISAG is to better protect sensitive information by focusing and streamlining oversight and coordination of AF SE policies. The medium used to relay the information (e.g., electronic media, hardcopy, etc.) and the type of the information, (e.g., classified, unclassified, equipment items, special access program, etc.) is considered during the risk management phase but does not exempt it from the IP process. The CIP coordinates with the MAJCOM functional expert on HHQ issues, as required, and receives technical support from the ISAG members, as needed ISAG Goals. The group's overarching goal is to ensure information is available to the war fighter when needed. In today's information rich environment, this may require the group to engage in cross-functional meetings with non-ip functions. This is especially true as AF SE issues often crossover into areas outside the basic IP regulations. For example, if a unit has a mission critical Nuclear Command and Control (NC2) command post, which falls under DoD M nuclear security, the same area may also be a certified open discussion and open storage area for classified material and require the use of classified computers. In this case, in addition to the obvious INFOSEC and Cyber Security disciplines, planners must ensure nuclear security experts are included in decisions affecting the area to comply with NC2 physical security standards. This type of scenario requires close and early cooperation between IP, nuclear, operational, and other AF SE disciplines. The ISAG promotes a nontraditional, multi-

18 18 MINOTAFBI MARCH 2017 functional approach, often termed as an enterprise approach and is the cornerstone of the AF SE concept ISAG Leadership. The 5 BW/CV provides oversight and additional direction, as needed, for the MAFB ISAG. The CIP is Chairman of the ISAG and is delegated to act for the 5 BW/CV during these meetings. Commander appointed members represent and may act on behalf of their respective commander when in attendance ISAG Documentation. The CIP will ensure the CV and senior leaders receive the ISAG meeting minutes for review. If items require commander action, the CIP will forward ISAG recommendations to the appropriate commander(s) through their ISAG representative. Senior leaders may be briefed on ISAG action items, recommendations or updates via , through existing meeting forums or by electronic staffing, as needed. A member of the 5 BW/IP Office acts as secretary/recorder for the group ISAG Structure. The ISAG consists of voting and advisory (nonvoting) members, as noted in this instruction. Including new members (voting or advisory) or changing advisory member voting status (temporarily or permanently) to enhance the group's capabilities may be accomplished by a majority vote of voting members. The voting members listed in Table 2.1. may not be removed unless authorized by the 5 BW/CV. General administrative procedures and specific responsibilities for planning/follow-up of ISAG meetings are outlined below ISAG Meetings. The ISAG should meet quarterly, but may meet more or less frequently, as determined by the CIP or 5 BW/CV. Voting members are essential and at least two thirds of voting members must be present to establish a voting quorum for a meeting. Scheduled meetings will be conducted in-person and absent voting or non-voting members will be noted in the meeting minutes. Effective operation of the ISAG is directly affected by members receiving information in a timely fashion. The chairman will maintain the group membership/distribution lists for all appointed members. Unit commanders are responsible to ensure the IPO is notified of any changes to unit representatives Documenting Meetings/Actions. The Chairman will distribute and track open ISAG action items and ensure meeting minutes are provided members and senior leaders Working Groups. Subordinate working groups (WGs) may be formed as needed from voting, nonvoting and/or technical experts. They will meet as necessary and provide updates to the Chairman, as determined by their charter, until they are disbanded Voting. Voting may be accomplished during ISAG meetings or completed via . Meeting announcements, agendas and any required supporting material should be provided, as possible, to members prior to the meeting using the ISAG distribution list. Advisory members may be temporarily designated as voting members if the ISAG voting membership determines an issue directly affects their functional area of expertise ISAG Member Roles And Responsibilities. Commanders provide inputs to the ISAG through their appointed voting or advisory members. Members are appointed in writing to represent and act on behalf of their commander during ISAG meetings. Specific ISAG member roles are defined below:

19 MINOTAFBI MARCH The ISAG Chairman. The Chairman presides over meetings, provides leadership and guidance during meetings and ensures meetings properly address IP integration, requirements, prioritization, and HHQ requirements. The CIP acts as chairman at meetings, if the Vice Commander is not present. Additionally the Chairman: Develops and publishes meeting schedules, coordinate agendas, and notify members of meetings. When a formal forum is needed, Robert's Rules of Order should be used for conduct Ensures all ISAG responsibilities are executed. This may include requiring assigned members to assist in creation, coordination, prioritization, assessment, and monitoring the status of any identified IP-related issue Prepares, coordinates, and arranges presentation of ISAG recommendations and requirements to the 5 BW/CV and/or other senior leaders as new IP requirements are identified Assigns, manages and tracks open ISAG-related action items (e.g., assign tracking numbers, OPR and OCR, and suspense dates) Coordinates with senior leaders, ISAG members, steering groups, and WGs, as needed Coordinates, approves and tracks any ISAG interagency correspondence (e.g., action items, HHQ updates/data calls, local tracking of items, etc.) Coordinates, manages, publishes and approves ISAG-related information or administrative items, such as meeting minutes, public awareness articles, etc Coordinates with and provides oversight for ISAG subordinate WGs The ISAG Recorder. The Recorder will be an IPO staff member and provides administrative support and assistance to the Chairman for ISAG-related paperwork, meetings, activities, etc Voting Members. Voting members are kept to a minimum to enhance progress regarding resolving group issues. The agencies listed in Table 2.1. below must have a representative appointed in writing by the owning commander. These AF SE subject-matter experts are empowered to vote on the appointing commander's behalf, in regards to AF SErelated issues, during ISAG meetings. Where possible, one POC is listed for agencies which have multiple AF SE-related disciplines. The representative is responsible to ensure proper unit representation is provided if a matter falls outside their primary field of technical expertise. Additional duties of the voting members include, but are not limited to: Providing administrative and or technical support to the Chairman on AF SErelated actions. This may include producing, proofing or staffing correspondence; giving presentations and/or assisting to identify solutions for IP projects in their field of expertise Providing expert technical opinions on AF SE issues/requirements to help identify, prioritize and solve issues when new IP requirements are established or when vulnerabilities are noted. Support may be required verbally and/or in a written format.

20 20 MINOTAFBI MARCH Monitoring their area of functional expertise to identify new AF SE requirements. Any new requirements will be forwarded to the Chairman along with ideas for potential solutions or implementation strategies. Valid items will be added to the ISAG agenda for discussion or action, as appropriate. The initiating member is responsible to research issues, provide basic facts on the topic and suggestions for a course of action, prior to proposing agenda items Participating on designated WGs to identify/resolve new or existing AF SE requirements, as directed by the Chairman. This may include developing briefings on the topic for leaders Providing agenda items, validating new AF SE requirements and assisting with any resolution of noted issues. The member proposing an agenda item is responsible to provide research and references for an item, to the Chairman, prior to the meeting Accomplishing assigned action items within the established timeframes Identifying and providing specific functional experts for OPR/OCR actions. Table 2.1. ISAG Voting Members Chief, IP (Chairman) Special Security Office (SSO)/5 BW Nuclear Command and Control (NC2) Program Manager (NPM) (one 5 OG representative) Personnel Security Information Security (Recorder) Cyber Security (one 5 CS representative) Advanced Programs (5 BW/AP) Advisory Members. Advisory members include those shown at Table 2.2. They participate in meetings and provide support when their specific functional expertise is needed. Their duties are basically identical to the voting membership with the exception of voting. Table 2.2. ISAG Advisory Members Physical/Nuclear Security (5 SFS/S5R) Base Architect (5 CES) 5 BW/Industrial Security and Installation OPSEC/MILDEC Program Manager 91 MW NPM/CNWDI/RD/FRD (one 91 OG representative) AFOSI Representative Installation PRP Manager (5 BW/PRP) 5 MDG Representative 91 SFG Representative Public Affairs Representative (5 BW/PA) Installation NPM (5 BW/CP) 91 MXG Representative 5 MXG Representative 5 FSS Representative CNWDI/RD/FRD Representative (705 MUNS)

21 MINOTAFBI MARCH Chapter 3 INFORMATION SECURITY (INFOSEC) PROGRAM 3.1. Policy And Program Management. This chapter establishes guidance for protection of classified information and outlines the responsibilities of MAFB personnel in relation to complying with the Information Security (INFOSEC) Program as outlined in DoD and AFI governing directives. The MAFB INFOSEC program is a part of the overall AF SE and IP Program and applies to all assigned units, to include tenant units, as required under support agreements between the tenant unit and 5 BW Policy. These policies/philosophies apply to protecting classified information and controlled unclassified information under the purview of relevant statutes, regulations and directives Program Management. Unit INFOSEC programs are an integral part of the overall unit IP Program and will be managed IAW Executive Order (EO) 13526, DoD/AF implementing guidelines and supplements and this instruction. Commanders will consider corrective actions and sanctions as outlined in the basic guidance if individuals are found to have willfully or negligently violated rules of conduct in regards to controlling access, protecting, handling, safeguarding or transmitting material addressed under IP guidance IAW DoDM Volume 1 and AFI , The CIP provides oversight for the INFOSEC program through 5 BW/IPI, which is the primary focal point for IP issues at MAFB. The INFOSEC office is the primary AF SE activity coordinator for the CIP. The office coordinates and schedules joint IP program reviews; coordinates IP participation in MAFB IG CCIP inspections; is the primary IP training coordinator; develops local courseware; and conducts instruction, as needed. This office also coordinates all mandatory unit actions in regards to deficiencies identified during unit IP program reviews, MAFB CCIPs, classified security incidents and results of HHQ inspections The CIP ensures INFOSEC programs are established, executed and requirements are identified and addressed by the IPO staff for MAFB commanders through USMs Specific oversight functions of the INFOSEC program are described below in the duties and responsibilities sections of the identified INFOSEC related programs INFOSEC Related Programs. The 5 BW/IPI office is the primary focal point for INFOSEC items discussed in Chapters 8 thru 12 below. The specific information in the chapters cover special requirements associated with sensitive information (classified or unclassified) to include marking, transmitting, safeguarding, training and monitoring of classified security incidents. These items are addressed in separate chapters to help clarify specific responsibilities, but are all integral parts of the INFOSEC and overall MAFB AF SE and IP Programs.

22 22 MINOTAFBI MARCH 2017 Chapter 4 PERSONNEL SECURITY 4.1. Policy And Program Management. This chapter establishes guidance for completion of personnel security investigations (PSIs) and processing personnel to meet clearance eligibility needs. The MAFB Personnel Security (PS) program applies to all assigned members, including civilians employees, active duty/guard/reserve military and contractors Criteria for Application of Security Standards. The criteria for determining eligibility for security clearance are listed in DoD R, Chapter 2. All commanders must apply the criteria for security standards when granting access to classified information Program Management. The MAFB PS program is managed by 5 BW PS Office IAW DoDM , V1-4 Information Security Program, DoD R, DoD Personnel Security Program, AF guidelines, as supplemented, and this instruction Duties And Responsibilities. The CIP implements the MAFB PS program on behalf of the 5 BW Commander through the PS Office (5 BW/IPP). Tenant units must comply with MAFB PS Program requirements to receive support from 5 BW/IPP Commander and Staff Agency Chief Responsibilities. Commanders and Staff Agency Chiefs implement the PS portion of the IP program for their units through the USM. This includes completion of required self-assessments (SAs), preparation for SAs and monitoring unit personnel for compliance and continuing evaluation IAW AFI , Chapter Servicing Security Activity. The senior PS Specialist assigned to the IPO acts as the Servicing Security Activity and oversees MAFB PS activities on behalf of the CIP Authorized Requestor. The IPO is the only authorized requester for MAFB personnel requesting PSI updates from Office of Personnel Management. Specific actions and responsibility are outlined in AFI A2.2. Some tenant units may perform this function for their personnel, in this case the IPO is absolved of the responsibility Unit members will not contact the IPO directly on PSI issues. The USM is the sole focal point for PSI requests made to the IPO and must forward requests IAW established procedures to 5 BW/IPP The USM submits personnel for initial or periodic review PSIs based on the UMD security access requirement (SAR) codes. Specific details of scopes/types of PSIs are listed in DoD R, Appendix B. In the case of civilian employees hired where a UMD SAR code does not yet exist for the job, the position description (PD) on file with the civilian personnel office (CPO) may be used to determine authorized access levels until the UMD is updated. If there is a conflict between the UMD and PD, the UMD takes precedence Civilian Personnel Office (CPO) and Nonappropriated Funds (NAF) Responsibilities. The 5 FSS USM acts as the initial point of contact between 5 BW/IPP and CPO/NAF. The 5 FSS USM will validate clearance information prior to any CPO/NAF PSI request being submitted.

23 MINOTAFBI MARCH Individual Responsibilities. Each member must complete paperwork associated with a PSI within established timelines. See paragraph below for required actions for failure to comply with PSI timelines at paragraph or to meet the Electronic Questionnaires for Investigations Processing (e-qip) establishment letter suspense. Each individual is also responsible to immediately report potentially derogatory information on themselves/coworkers to supervisory personnel JPAS Unit JPAS Managers. The USMs are the unit's sole focal point for managing JPAS. The USM will be granted level 6 and level 7 JPAS access and must maintain their unit's JPAS account IAW AFI , as supplemented, and as outlined in this instruction Personnel Security Management Network (PSM-net). The USM is responsible for ensuring unit personnel are in/out-processed using the unit PSM-net and accomplishing all PS actions as outlined in AFI , as supplemented, and this instruction. This includes: Using the closed investigation date indicated in JPAS to determine when their personnel must be submitted for periodic review (PR) investigations Updating, monitoring, and acting on JPAS notifications for personnel assigned to the unit, to include in/outprocessing in JPAS Recording and removing applicable accesses using the indoctrinate link, to include all applicable special access programs, as required by guidance. The commander must ensure the USM is notified on all position changes, military and civilian, to ensure proper access is uploaded in JPAS. Failure to maintain proper access in JPAS may result in a classified security incident being declared and/or jeopardize national security information Annotating completion of the Nondisclosure Agreement (NdA), also known as a Standard Form 312, using the indoctrinate link Sending, receiving, and managing visit notifications as required Maintaining and updating the JPAS Eligibility and Access Report at least monthly. This report may require more frequent updating during high PCS times or upcoming exercises. It may NOT be used to grant access to classified information unless JPAS is nonfunctional Control of JPAS Hard Copy Documents. Hard copy JPAS products will NOT be released to other personnel/agencies to verify clearance data. The JPAS is a real-time system and hard copy printouts defeat the purpose of the system s real-time actions. If an agency needs to verify personal clearance data they may request level 7 JPAS access which allows this capability Processing Security Clearances. The e-qip system is used to submit, track and process security clearances initial or periodic reviews. The USM is the focal point e-qip and accomplishes all actions IAW AFI , as supplemented, and this instruction. These duties include ensuring the timely submission of e-qip account requests and considering circumstances such TDYs, deployments, etc. See paragraph below for e-qip time lines.

24 24 MINOTAFBI MARCH Eligibility for Investigation. Personnel must have at least 1 year retainability to be submitted for a security investigation Periodic reviews (PRs) are submitted if a member has had a PSI completed in the past. Submit PRs through the 5 BW/IPP to the Office of Personnel Management (OPM) 60 days from investigation closeout date. Time lines are as follows: 4-years, 10- months timeframe for a Top Secret or a Secret PRP positions; and at 9-years, 10-months for Secret positions. The PR dates are always based on the closed investigation date indicated in JPAS Non-US citizens will not be submitted for PSIs allowing access to classified. The exception is for non-us citizens serving in the US military. These members will be submitted for a military Secret PSI. The USM must ensure the individuals are not indoctrinated to Secret access and take steps to prevent assignment of duties requiring classified access Submit civilian employees for the following investigations Civilian employees who require a suitability background investigation (position description of nonsensitive and SAR Code 8 on the UMD) will be submitted for a TIER 1 or TIER 2 investigation, whichever is required. If the new employee is a prior military member with a National Agency Check, Local Agency Check and Credit Check (NACLC), they MUST be submitted for the required TIER 1 or TIER 2, based on required access Civilian employees requiring access to Secret (positions description of noncritical sensitive and SAR Code 7 on the UMD) require a TIER 3 PSI. Prior service members with a NACLC must be submitted for a TIER 3 PSI before being eligible for interim access to Secret material as a civilian employee. Individuals with a Tier 3 or Tier 3R investigation are valid if within scope and no more than 24 months of break in service. (Note: JPAS will not reflect interim security due to the existence of an adjudicated secret. The AF Form 2583 will be the source document for interim access.) Civilian employees who require access to Top Secret (position description of Critical Sensitive and SAR code 5) will be submitted for an SSBI or TIER 5, unless they have a previous in-scope SSBI or TIER 5, provided there was not a break in-service greater than 24 months Former military members, with a break in service of less than 2-years, who have an SSBI less than 10 years old, do not need a TIER 2 (for noncritical/nonsensitive) or TIER 3 (noncritical/sensitive) to be submitted, as the previous SSBI meets the required TIER PSI PSI Forms/Documentation. The USM is responsible to ensure required forms and documentation are properly accomplished for PSI requests submitted The AF Form 2583 will be completed prior to requesting an individual e-qip account being created by 5 BW/IPP The 5 BW/IPP will annotate the AF Form 2583 the date the investigation was forwarded to an investigative agency. This date is very important for PRP

25 MINOTAFBI MARCH investigations to show that the investigation was submitted to the investigative agency by an authorized submitting agency prior to the 5-year investigation close out anniversary The USM will maintain the AF Form 2583 to track investigation status in JPAS. Once the PSI is submitted the USM checks JPAS SII link to see when the investigation is received at OPM. Once the investigation is received the next steps are critical: If the case goes Scheduled the investigation is considered OPEN and the USM will file the AF Form 2583 until final adjudication by AFCAF If the case goes Unacceptable or Discontinued the USM must contact 5 BW/IPP immediately for further instructions The 5 BW/IPP is the focal point for the DoD CAF priority tracking program The USM is responsible to ensure completion of the following actions of any required NdAs and/or SF Form 2587, Termination of Security Access. Follow procedures outlined in DoDM / R and AFI for completing and maintaining these forms. Examples are available on the USM "L" drive maintained by the IPO Managing e-qip Time lines. Once an e-qip account is created for a member being submitted for a PSI, they must complete their actions within the specified time lines or the account will terminate. Use the following guidelines when reestablishing accounts which have terminated. The 5 BW/IPP office may work with USMs outside these guidelines if there are verifiable reasons on why the member did not complete the required actions The first time an account is requested, the USM makes the request to 5 BW/IPP If account terminates without coordination with 5 BW/IPP it will only be reopened at the unit commander's request The second time an account is terminated the 5 BW/IPP office will notify the commander a security information file (SIF) should be considered under the Adjudicative Guideline of "Personal Conduct" for failing to complete and/or provide required security background check information. The account will not be reopened unless the unit commander determines the member had plausible reasons for the failure to complete the required actions The third time the account terminates the 5 BW/IPP will notify the first O-6 in the member's chain of the need to consider a SIF for violating the guideline four consecutive times Interim Clearances. The USM coordinates interim clearances through 5 BW/IPP prior to the commander considering the request. Interim clearances are accomplished IAW AFI and AFI AFGSCSUP using the following guidelines: The USM provides the PS Office with available information and the PS Office ensures requirements are met and forwards derogatory information to the commander for consideration. After reviewing the information the commander may grant interim access. If interim access is granted the USM updates it in JPAS and maintains the original AF

26 26 MINOTAFBI MARCH 2017 Form The 5 BW/IPP keeps a copy of the AF Form 2583 until final adjudication is received from AFCAF If a civilian employee has a prior military NACLC the USM will not be able to update the interim access in JPAS. In these instances the USM still completes all interim Secret paperwork and must keep it on file until the required ANACI is complete for the member The USM coordinates any needed "Waiver of Pre-Appointment Investigative Requirements" through the unit commander if civilian employees need interim access Security Information Files (SIFs). Assigned unit personnel will continuously monitor themselves and others in the unit and report any potentially derogatory information to the USM. The USM will review any information received against the 13-adjudicative guidelines in DoD R Appendix 8 and forward it to the commander to determine if establishment of a SIF is required. Each individual is also responsible to report any potentially derogatory information to their supervisor and/or commander as soon as possible after the event Commander SIF Actions. When notified of potentially derogatory information the commander will determine whether or not a SIF is established IAW the 13 adjudicative guidelines. Commanders determine whether or not to establish a SIF on a case by case basis, normally within 20 days of receipt of unfavorable information The 20-day timeframe may be extended up to 45 days, by 5 BW/IPP, if the commander has sufficient reason to doubt the validity of unfavorable information Coordination and consultation with 5 BW/IPP, the SSO (for Sensitive Compartmented Information (SCI) access) and/or program security officer (for SAP access) and legal representatives is recommended. Failure to contact these offices could result in a situation where the affected individual is denied due process Commanders will establish mandatory internal notification procedures to ensure the USM is notified anytime potentially derogatory information is identified on a unit member. This is required so the USM may advise the commander whether the information violates any of the adjudicative guidelines in DoD R. Failure to provide the USM with this information may result in the commander failing to comply with the mandatory SIF time lines. If there are questions on whether the material meets an adjudicative guideline, the USM will contact 5 BW/IPP for technical guidance and/or assistance. Additional examples of when to consider SIF establishment and mitigating circumstances are outlined in AFI Chapter If a SIF is established it will be processed by the USM IAW DOD R, AFI and this instruction Abuse or misuse of a government issued credit card or assigned spending accounts requires an immediate SIF determination by the individual's commander IAW AFI , Chapter 8. The applicable unit program coordinator will notify the commander and USM of any members suspected of charge card abuse or misuse Refusal by an individual to sign the NdA requires a SIF be immediately established.

27 MINOTAFBI MARCH The USM will ensure an AF Form 2587 is completed anytime a SIF results in suspension of access to classified information The unit will establish written procedures outlining how/when unit leadership reports derogatory information (as outlined in DoD R, appendix 8) to the USM. This will be included in the unit's IP OI and should include guidelines on what constitutes PS derogatory information action to take for first sergeants, unit senior leaders and supervisors to report this information. Additionally, procedures should include access, as needed, to personnel records (e.g., PIF, UPRG, etc.) needed to determine eligibility and reliability for access to classified information. It is acceptable for the procedures to require the USM to go through a focal point for the information (e.g., First Sergeant) The USM must notify 5 BW/IPP when an individual with a SIF is projected to PCS, PCA or go TDY. The unit commander should provide 5 BW/IPP a memorandum at least 10 days prior to the member's departure. It is critical for the USM to forward a copy of the official orders as soon as they are published so the SIF can be forwarded to the gaining base. This allows the gaining USM to review the SIF contents with the gaining commander Counterintelligence (CI) Reporting. Security professionals at Minot AFB will share potentially derogatory information discovered with each other and with the lead Minot CI agency (AFOSI Det 813). The CI agency will share information with the 5 BW PS office, if sharing the information does not violate the integrity of an on-going investigation The PS office will notify the CI agency when potentially derogatory information is discovered on members through the adjudicative process The INFOSEC office will notify the CI agency when a security incident report indicates the member results in release or mishandling of classified or sensitive information to unauthorized recipients. Security incident reports will also be made available to the CI agency, as needed, upon request If the CI agency takes action on SIF notifications provided by the PS office they should provide a case number, which is required by the DoD CAF The CI agency will ensure commanders are aware of the need to consider a SIF for actions which result in investigation. This may be accomplished by including the SIF requirement on the checklist used to brief commanders Issuing Clearances And Granting Access Identifying Access Levels for Positions. Commanders determine the level of access necessary for each military and civilian position based on the mission needs. The commander reflects these decisions on the UMD by ensuring position numbers carry the appropriate SAR Civilian positions also have a position sensitivity identified on their PD which must match the SAR code on the UMD. The USM must work closely with supervisors when position descriptions are created to ensure the proper PS code is reflected on the PD. If there is conflict between the UMD and PD, the UMD takes precedence until the conflict is resolved.

28 28 MINOTAFBI MARCH Access may never exceed the SAR code for the position. For example, if a unit member has Top Secret eligibility but is assigned to a UMD position allowing only Secret level access they may only be granted Secret access. Additionally, reinvestigations for the individual will be based on the current UMD SAR code of Secret not the previous eligibility of Top Secret Temporary Backfill Hire GS-Civilians Access to Classified. This process is often called double-billeting and may be used to backfill military positions which are deployed for an extended period (i.e., 4-months or more). Use the following procedures to authorize backfill positions for access to classified: A PD must be created for the position. Ensure the proper access terms are used for position sensitivity, i.e., noncritical sensitive for Secret and critical-sensitive for Top Secret. After the PD is created, the requesting commander will identify any positions requiring access to classified in writing to 5 BW/IPP. The letter must include a copy of the PD and justification for the request (e.g., position is temporary hire to backfill for position #XXXXXX which is deployed with an expected return date of XX XXX XX. The specific position number from the UMD must be used and will determine the access level (IAW SAR code on UMD) The 5 BW/IPP office will post a copy of this letter in the unit folder for the affected unit and forward a copy to the Manpower and the Civilian Personnel Offices Access is authorized ONLY if the employee already has a current and valid investigation for the SAR code on the UMD position code noted in the request letter This procedures does not authorize the temp-hires to be submitted for clearances unless the backfill will be for at least 1 year. The DoD and AF authorize investigations only when personnel will be hired for 1 year or more Exercise caution using this procedure and remember civilian employees require an TIER 2 (not a NACLC) for access to Secret. Former military members with NACLC Secret clearances do not meet the TIER 2 requirements and may not be eligible for interim Secret or granted access to Secret material unless submitted for the appropriate investigation Annual UMD Review. Commanders will conduct an annual review of the UMD in May of each year IAW AFI requirements. The USM is the focal point for this review and will inform 5 BW/IPP when it has been completed. Special attention will be given to eliminating unnecessary Top Secret billets Determining Top Secret Access Levels. Commander should use the following considerations when deciding whether a position requires TS access: Does the position require TS access? Is there a valid mission need for the position to have access to TS information and what is the mission impact if access to TS is downgraded to only Secret? Can the mission still be accomplished? What is the frequency of access to TS for the position? Specifically, when was last time the position needed access to TS information?

29 MINOTAFBI MARCH Requesting SAR Code 5 (TS) Upgrades. Commanders will make TS change requests on the UMD SAR code using the following procedures. These procedures apply only for those packages submitted by 5 BW/IP to AFGSC for review/approval Change requests for TS are initiated by the owning unit commander to the AFGSC/CV Packages will be routed from the owning commander to the following agencies, as a minimum, using the order noted: 5 BW/IP, 5 FSS/FSM, owning wing commander Once required reviews are conducted, the package will be sent to AFGSC CV by AFGSC IP via TMT for processing Members will not be indoctrinated in JPAS for Top Secret access until the approved ACR is verified as showing on the UMD Network Access Suspension. Access to an AF Information System (IS) is a privilege and continued access is contingent on personnel actions, changes in need to know, or operational necessity. If the user's security clearance is suspended, denied or revoked, suspend access to all classified IS. The unit Cyber Security Liaison (CSL) coordinates with the organization commander and determines if unclassified network access can be maintained Classified Systems. If the system is classified and a member's eligibility for access to classified is suspended, denied, or revoked the individual s access to the classified system is immediately suspended Unclassified Systems. If the system is unclassified and a member's eligibility for access to classified is suspended, denied, or revoked the CSL will immediately take actions to suspend the individual s access to unclassified systems Reinstatement of Access to Unclassified Systems. If a member's eligibility for access to classified is suspended, denied, or revoked and the individual s commander wishes to restore access to unclassified systems, the commander may make a recommendation to the Information System Owner for access reinstatement. See AFMAN for more information Reinstatement of Access to Unclassified System with Privileged Access. If the system is unclassified, but the user had a "privileged level" of access and eligibility is suspended, denied or revoked, then suspend privileged access immediately. In this case, commanders need to make a separate recommendation for user to be reinstated to the "privileged level" of access. Justification follows the same rules as for reinstating unclassified system access MAFB Visit Request/Servicing Plan. When distinguished visitors, inspection teams or other groups are scheduled to visit Minot AFB, and will need access to classified information, use the following procedures to ensure they can gain access to classified Inspection Teams. The unit security manager responsible for the organization being inspected will ensure the inspectors are serviced in JPAS for the duration of the visit using the procedures noted in paragraph below. Use the following guidelines to determine which USM is responsible If the inspection is wing-wide the 5 SFS and/or the 91 SFG USM, as applicable, will service the team members.

30 30 MINOTAFBI MARCH If the inspection is unit-specific (e.g., one specific squadron or group being inspected), the USM for the inspected agency will service the team members Special Visits. If a special speaker or event requires mass briefings of classified, the USM for the unit sponsoring the event is responsible for ensuring personnel attending send a visit request for the event. The sponsoring USM will use the procedures in paragraph below to service personnel attending Servicing Visitors in JPAS. The following procedures will be used for events where an EAL or access roster is required to verify personnel are authorized access to classified. Examples include visiting inspectors or personnel from one MAFB unit receiving an informational briefing on another unit s mission, such as 5 BW personnel receiving briefings on 91 MW classified operations or Minot AFB personnel attending a classified Sandia Labs briefing sponsored by Minot AFB unit. In these cases the designated USM will: Ensure the visitors or briefing attendees are aware of the need to send a JPAS visit request (VR) to the designated USM s SMO code Find and accept the visit request in JPAS and verify the individual is indoctrinated AND meets minimum requirements outlined on the inspection EAL or the event access list. A checklist is available from 5 BW/IP on how to complete this action. If issues are noted; DO NOT accept the visit and contact the event sponsor. Examples of issues include: The individual s investigation is LESS than the briefing level The individual is NOT indoctrinated at the proper level for the proposed access (e.g., indoctrinated to secret, but EAL or access list indicates TS needed) The individual does NOT show completion of the SF Form 312, Non- Disclosure Agreement in JPAS The EAL or access list show the member needs special access, but the member is not indoctrinated for the access, e.g., NATO, RD, CNWDI, etc If the member meets the investigation requirements, service them ONLY for the duration of the visit or event. This will automatically remove them from your PSM net once the visit is completed The USM will sign the EAL or access list indicating the personnel on the list are cleared (properly indoctrinated and investigated in JPAS) and have a valid need-to-know (based on the visit request) for access indicated on the list The USM will check JPAS daily until the event is complete to validate no derogatory is received on serviced personnel. If derogatory is flagged in JPAS the USM will: Contact the appropriate POC and have them update the EAL or access list showing the individual is no longer authorized classified access The POC for inspections is the applicable wing IG and the POC for other events is the unit POC. These POCs are required to immediately notify their servicing Security Forces agency if EALs are involved.

31 MINOTAFBI MARCH Immediately notify the applicable wing IG if they note suspension or revocation actions in JPAS. The IG will then notify the servicing Security Forces agency and the IG team leader.

32 32 MINOTAFBI MARCH 2017 Chapter 5 INDUSTRIAL SECURITY PROGRAM 5.1. Policy and Program Management. This chapter establishes guidance for implementing the National Industrial Security Program and outlines the responsibilities of MAFB personnel in relation integrating contractors into the IP program. The MAFB IP program applies to all assigned units, to include tenant units, as required under support agreements between the tenant unit and 5 BW Policy. It is AF policy to identify what access industry will have access to information/sensitive resources (regardless of classification, sensitivity, physical form, media or characteristics) which must be protected against compromise and/or loss while entrusted to industry in the performance of classified contracts. The valid need-to-know (NTK) requirement is established in the DD Form 254 and JPAS Visit Request and the completion of a Visitor Group Security Agreement (VGSA) verifies the contractor is in compliance with all local access requirements. [Reference DoD R, Chapter 1 and AFI Chapter 2] Program Management. This program is managed IAW DoD and AF implementing guidelines, as supplemented, and this instruction. The 5 BW/IP Industrial Security Program is managed by 5 BW/INDUS Scope. The security polices, requirements and procedures identified in this chapter apply to all AF personnel and any on-base DoD contractors performing services at MAFB under the terms of properly executed and DD Form 254 and associated VGSA or similar document as determined appropriate by the installation commander Access to classified/sensitive material will be denied if it is not clear whether the required contractor has the required investigation; if it is unclear whether the required DD Form 254 has been completed; and/or if a VGSA has not been accomplished AFI , DOD m Duties And Responsibilities The 5th Bomb Wing Commander. The 5 BW/CC responsibilities are outlined in AFI , , , and 2.4. (inclusive) The CIP is designated to oversee and administer the Industrial Security Program on the behalf of the installation commander CIP Duties. The CIP implements the MAFB Industrial program on behalf of the 5 BW Commander. The CIP's responsibilities are outlined in AFI , 2.5. (inclusive) The 5 BW Industrial Security Specialist oversees and administers the Industrial Security Program on behalf of the CIP, IAW AFI , paragraph 2.6. (inclusive) Minot AFB Contracting Officers. The contracting officer responsibilities are outlined in AFI , 2.7. and include the following: Negotiate contractual agreements, blanket purchase agreement (BPA), modifications, changes, revisions with all contractors assigned to Minot AFB.

33 MINOTAFBI MARCH Notify IPO anytime an initial review of an agency s proposed statement of work (SOW) or performance work statement (PWS) indicates a job will require a contractor to have access to classified material. This must be accomplished prior to the award of a contract Other Agencies. Any agency other than 5 CONS which solicits contracts at MAFB, such as Nonappropriated Funds (NAF), Army Air Force Exchange Services (AAFES) and Army Corps of Engineers will notify the IPO if the initial review of the contract appears to require the contractor/company to need access to the installation, classified or CUI material. The will ensure the performance work statement (PWS) addresses the fact the contractor must meet the background check requirements outlined in HSPD Management Officials. These individuals are normally the chief executive officers of the company. Management Officials will: Appoint, in writing, a primary and assistant security officer for each on-base integrated visitor group (VG) and provide a copy of the appointment letter to the USM and 5 BW/IP within 30 days after performance date On-Base Security Representatives. Designated by management officials to handle routine security needs and they act as liaisons between the company and the local IPO On-base security representative duties include the following actions: Provide 5 BW/INDUS with a current copy of the Statement of Works or Performance Work Statement Provide a current JPAS Visit Request (VR) including all contract-related VRs to MPGSFDH55. Note: if the contractor does not have JPAS access, a hard-copy VR may be submitted, but must meet all requirements in AFI paragraph and this instruction The on-base security representative will ensure the VR is updated any time there is a change in employees' status, e.g., removal from employment, name change, clearance status changes, etc Ensure all employees receive proper IP training Ensure all employees are indoctrinated into JPAS for the level of access to classified stated on the DD Form 254 or by position and are debriefed, as required Conduct an annual review of the VGSA with the USM and 5 BW/IPI (Industrial) Commander/Staff Agency Chief Duties. Commanders/Staff Agency Chiefs will ensure assigned personnel comply with this instruction and the DoD/AF basic directives when allowing contractors access to classified USM Duties. Each MAFB USM is responsible for complying with the DoD and AFI basic directives, as supplemented. If new classified contracts are being planned, the USM will ensure the IPO staff is notified Establish a VGSA with each cleared contractor within their unit. This VGSA will be routed to 5 BW/IPI for a technical review prior to distribution.

34 34 MINOTAFBI MARCH Maintain an Industrial Tab in the USM handbook, establishing industrial security files for any assigned contactor IAW with this instruction. If the unit has no industrial program an MFR should be placed in this Tab stating the unit has no industrial contracts. The 5 BW/IP office will validate there are no contractors during the annual program review Include VGs in the units IP program. This includes making them a part of unit self-assessments, ensuring required IP training is completed prior to allowing access and including them in the unit IP operating instruction Employee Notification. Management officials and/or security representatives will ensure the following actions are taken when employee changes occur Contractor Actions. The on-site representative will provide the name, social security number and clearance status of any new employees to 5 BW/INDUS and the USM when hired Employee Termination. When an employee is terminated from the contractor's employment the following actions will be taken: Termination of Contract/Employment. The onsite representative will accomplish required termination briefings, including the AF Form A copy of the AF Form 2587 will be provided to the USM. The USM is responsible for this action if the contractor is a one-person shop or has no on-site security representation Gaining New Contract Employees. The USM will in-process the new contractor employee into their JPAS PSM network as "servicing" to ensure any clearance eligibility changes/notifications are received and advise the IPO when complete so they can also inprocess the new contractor to servicing status. In addition, the USM will: Verify the contractor has the correct investigation for the level of access specified in the DD Form 254 before allowing access to classified/sensitive material Outprocess any terminated employee in JPAS and notify the IPO staff of the change so they can accomplish the same action Notify container custodians where the contractor had access of the change. They must complete an inventory of classified and other needed actions, e.g., change of combinations, etc Reporting Classified Security Incidents. All contractor employees will comply with reporting requirements outlined in DoDM , Volume 3, Enclosure 6, paragraph 5.k, AFI Chapter 9 and Chapter 12 of this instruction. The contractor employee will notify the USM who will follow the procedures outlined in this instruction. Any classified security incident resulting in a violation, potential or actual compromise will be reported to the MAFB Chief of the Contracting Office Trustworthiness Determinations. If a contractor requires unescorted access to a restricted/controlled area or to the Air Force Network (AFNET), the USM will process the required security paperwork IAW AFI paragraph Uncleared Contractor Investigations. Use the procedures noted in Chapter 14 of this instruction to process uncleared contractor investigations.

35 MINOTAFBI MARCH Contractor Release of Information. Contractor s requests for public release of information will be IAW AFI paragraphs Contractors who receive requests for release of public information will follow the requirements outlined on block 12 of the DD Form 254 and/or the VGSA.

36 36 MINOTAFBI MARCH 2017 Chapter 6 CYBER SECURITY 6.1. General Information. Information, regardless of its format, will be protected IAW guidelines established in DoDM , Volume 2 and Information Processing Equipment Used With Sensitive Data. Refer to DoDM , Volume 2, Enclosure 3, 18 and Volume 3, Enclosure 3, 17. and AFI as supplemented for specifics on equipment such as fax machines, copiers, scanners, automated information systems (AIS), etc., used with sensitive data such as classified or CUI Copiers Used for CUI. The primary concern for copiers used with CUI is whether or not they retain images on the internal hard drive after the unit is powered down. The unit Cyber Security Liaison (CSL) must verify that the copier meets the volatile memory requirements in DoDM , V3, E2, 14 inclusive Any copier leased through Defense Automation Printing Service (DAPS) has volatile memory and does not maintain an image of information after powered down. These copiers can be turned over to the contractor after they have been powered down If units purchase copiers/scanners or lease a copier through an agency other than DAPS they are responsible to ensure the hard drive for the copier is purged or removed prior to releasing the copier to ANY other agency even another base agency. In this case the unit may contact Wing Cyber Security Office (WCO) for the necessary steps to clear the device. This may include removing and destroying the hard drive Failure to complete the purge of a copier/scanner without volatile memory may result in a violation of the Privacy Act and/or improper release of FOUO information and violations may subject to prosecution for violation of the Privacy Act Copiers/Scanners Used for Classified. Copy machines/scanners approved for classified must possess volatile memory (loses data when powered down). They must be approved, in writing, by the commander and certified by the USM to determine if it meets the minimum standards. In addition, the commander approval letter will be maintained in the USM Handbook. The USM will use the checklist at Attachment 5, developed by the WCO and 5 BW/IP, to help make this determination. The following steps must also be taken: The commander's approval letter will be posted by the copier. It will include clearing instructions, e.g., minimum number of blanks needed to purge latent images, if any Copiers/scanners approved for classified use must also be clearly identified with a sign stating "authorized for classified use If both classified and unclassified copy machines/scanners are collocated in an area, each device will be clearly identified as either approved or not approved for classified use If the copier/scanner is networked, it must be marked and protected IAW AIS marking and protection standards discussed in paragraph 6.3. below.

37 MINOTAFBI MARCH Use of Nonstandard Devices. Commanders will coordinate the use any nonstandard processing equipment (e.g., hand-held data devices, flash memory, USB port devices, et. al.) through the WCO prior to purchase or use with classified information. Further guidance can be found in AFMAN Digital Senders. Digital Senders are considered a Multi-Function Device (MFD) and are authorized for use with CUI on the NIPRNET only if they have the required CAC enabled security and are properly configured IAW the guidance in the Sharing Peripherals Across the Network (SPAN) Security Technical Installation Guide (STIG) and AFMAN If MFDs retain data, and if used with CUI, must be properly handled when retired from service the same as a copier used with CUI (e.g., hard drive wiped or destroyed) The use of MFDs is not authorized on the SIPRNET at MAFB Digital Senders must have an appropriate classification label (such as SF710 or SF707) and DD Form 2056 consent to monitoring label Collaborative Computer Systems. This term refers to any information system that allows a group to share voice, text or video in order to conduct meetings or exchange information. The use of cameras or microphones in areas where classified information is processed (electronically or hardcopy) is not authorized unless the following considerations are addressed The computer used is a SIPRNET computer and all personnel in the vicinity of the session are cleared at the appropriate level and have a valid need-to-know Under no circumstances will cameras/microphones be used on an uncleared system where classified conversations/operations are on-going Use of collaborative systems on NIPRNET computers is authorized for text transmission in classified areas, provided the sender does not transmit classified information over the uncleared computer In areas where classified and unclassified systems are collocated, but where the classified systems are not used on a daily basis, collaborative computer equipment may be authorized, but only if the user provides specific written procedures to the WCO and 5 BW/IP office outlining procedures used to ensure the equipment is not used during classified operations. These procedures would need to include some type of checklist detailing verification that all camera/microphones have been disconnected and secured prior to start of classified operations Unclassified laptops with non-removable collaborative microphones/cameras will not be permitted in classified areas End-of-Day Checks for Classified Copiers, Scanners and Printers. If any of these devices are approved for use with classified systems, but not located in an approved classified storage area they must protected as classified until purged using the below procedures. Also ensure the device is added to the area s SF Form 701, End-of-Day Security Check Sheet and provide specific written procedures for end-of-day/purging are posted on or near the device. The written procedures will require:

38 38 MINOTAFBI MARCH The device to be under the control of a cleared/authorized individual until purged Three blank pages be printed/run through the device to ensure no latent images remain The device be powered off when not in use to ensure the memory is cleared The device be added to the SF Form 701 and checked at the end-of-day and checked for physical copies of information at the end-of-day and after each use Marking AIS Equipment/Media. The minimum markings required for AIS equipment/media used for classified and/or CUI are found DoDM , Volume 2 and will be applied as explained in Chapter 8 below Cellphones and Electronic Devices in Classified Processing Areas. Unauthorized devices pose a particular to threat to sensitive information due their small size and the inherent risk they present to national security information. Any unauthorized government or personal electronic device found in a classified processing area is subject to the posted installation search and seizure guidelines. If an offender will not voluntarily release the device, contact security forces and request a patrol to apprehend the offender and confiscate the device. Its disposition (returned or destroyed) will be determined as a part of the classified security incident inquiry process and/or criminal investigation Classified Processing Area. A classified processing area (CPA) is defined as an area within 3 meters of equipment which processes classified information. Some examples include SIPRNET computers, aircraft prepared for flight, secure telephone equipment (STE), or VIPR Any device which can transmit or record (audio, video, wireless) is prohibited within 3 meters of classified equipment or in areas where classified operations or discussions routinely occur. Examples of classified processing areas include approved open discussion/storage (OD/OS) areas, classified storage vaults, controlled areas, restricted areas, or areas where classified information systems or computers are used If the area is an office environment where SIPRNET or a secure telephone is used only infrequently, it is the authorized/cleared user s responsibility to properly secure the area by verifying these types of devices are removed before classified equipment is used or before a classified conversation is started A security incident WILL be declared if a personal device capable of visual capture (digital or otherwise) and/or audio recording capability and/or a wireless broadcast/reception capability is found within the prohibited 3-meters zone (of classified processing equipment) or within areas where classified operations or discussions are being conducted. If a CPA is active only during specific times (e.g., SIPR terminal with TACLANE but not keyed with CIK) no incident is required In cases involving personal devices in SIPR areas, the inquiry official must determine, with advice from JA, IP, Cyber Security and organizational SMEs, whether a classified spillage to the personal device occurred or if the device represented only a transitory threat.

39 MINOTAFBI MARCH If the IO determines spillage of classified occurred to a personal device, it is possible the device may not be returned to the individual and may be sent to the NSA to be destroyed due to various factors found in DoDI , Cyber Security (14 Mar 14) which include but are not limited to: lack of approved clearing procedure, the inability to clear the device sufficiently to return it to unrestricted public use, etc If the device was introduced into a TS or Special Program processing area, it is possible the device may not be returned due to the increased risk associated with the material involved When a classified security incident involving an unauthorized device is declared, the item will be confiscated and treated as classified until the classified security incident inquiry is complete; or until it is verified the device does not contain classified information. Individuals observing the incident will attempt to secure the device from the offender after they report the incident The USM and/or CSL will review the device contents with a subject matter expert knowledgeable of the classified information in the area affected to verify whether classified information is on the device If an individual refuses to allow the device to be reviewed, contact law enforcement and have them apprehend the offender. In this case, the device will be confiscated by security forces and treated as evidence until the matter is resolved by the inquiry official, SF Investigations or OSI If the device is a government issued item (e.g., cell-phone/two-way radio) and the breach of the zone was momentary and performed in the course of duties (e.g., SF responding to unauthorized aircraft run) it is not considered a violation and need not be reported In no case will personal electronic or data devices falling into this category be authorized in areas which process classified material Video capable cell phones (government or personal) are prohibited in any area processing classified. It is the responsibility of each individual with access to classified to ensure these devices are removed from areas prior to classified work being accomplished Transmitting devices (e.g., cell-phones, 2-way radios, personal data assistants (PDAs) and similar devices) will be removed from areas where classified briefings will be conducted. If a valid mission requirement requires a government issued device to remain in the area during the briefing, specific procedures will be established to ensure it is not inadvertently used to transmit classified. As a minimum, it should be placed in the power "off" position When a government owned cellular telephone is an operational necessity, separate it 5 meters from RED equipment. Personally owned cellular phones are forbidden within classified processing areas and must be maintained at least 3 meters in all directions from any classified processing device unless exposure is brief, as permitted by AFSSI 7702, e.g., member passing by in hallway.

40 40 MINOTAFBI MARCH When a government owned cellular telephone is an operational necessity, and if it does not have a camera/audio record capability, separate it 3 meters from RED equipment. The device MUST be on the TEMPEST certification for the facility to be authorized in the area. Personally owned cellular phones are forbidden within classified processing areas Hand-held radio transceivers used with intra-base radios and land-mobile radios deserve special consideration because of their unique operational applications. A person may carry these devices into a classified processing area if this requirement was previously identified during the TEMPEST assessment and approved on the TEMPEST survey. If the person carrying such a device works in the facility, either turn off the device and use the telephone or separate it 2 meters from classified processors; no transmissions are allowed Government issued Electronic Flight Bag (EFB) program devices (i.e., ipads) are treated the same as government cell phones discussed in paragraph above. They are NOT authorized in classified processing areas unless addressed in the area TEMPEST survey, however; they may transit a hallway in the off position. They are also authorized for use on aircraft and may be carried in "off" mode through the flight line areas Store e-device surrendered or confiscated as a part of an inquiry as classified until verified as clear of classified as noted above If there is reasonable doubt about why the device was in the area, whether it came within 3-meters of a classified processing system or if classified operations were on-going, immediately notify your USM of the situation In this case, ensure the device is treated as noted above until your USM directs otherwise If the USM verifies a device did not come within 3 meters of classified systems, no incident will be declared. If this cannot be established, or if the device was within 3 meters, an incident is declared Establishing Unit Procedures. Units which control classified processing areas, open storage (OS) or open discussion (OD) areas will establish unit procedures in the IP OI to ensure personnel are aware of requirements. These procedures should include: Clearly identifying areas where these devices are prohibited and an example list of prohibited items. Some examples of prohibited devices include: flash memory devices, ipads (including Electronic Flight Bag ipads), PDAs, MP3 players (which may record, transmit and/or be used as flash drives), cell-phones (with or without cameras), etc Units must clearly post visual aids at entrances to any area where these types of devices are prohibited. Areas that are temporary classified processing areas will post a visual aid when classified processing is in progress Clearly identifying any devices authorized for use in these types of areas. Units must ensure the owning area personnel and security forces (if applicable) are provided

41 MINOTAFBI MARCH with a copy of the approval letter (from applicable agency) and a description of the device If the devices are authorized for use in MAFB common restricted/controlled areas the unit should provide a copy of the approval letter to 5 SFS/S5 so it may be included in the Integrated Defense Plan as an approved item Training Requirements. Unit security managers will identify positions in the unit where personnel work in or are authorized access to MAFB classified processing areas. This includes areas where classified equipment is routinely used or where classified operations routinely occur (e.g., flight line, Network Control Center (NCC), etc.). Unit training will be tailored for unit needs and incorporated into the IP Initial and annual refresher training. This training will include the procedures outlined in this chapter and Chapter This requirement may also be met by adding the information into OJT-type training which is conducted provided the USM verifies it is sufficiently covered in the lesson plan and that the training formally tracked in some type of database This training is in addition to the mandatory Advanced Distributed Learning Service (ADLS) Protecting Sensitive Information Training The USM will validate derivative, classified marking, NATO (all outlined in paragraph , Chapter 11) and SIPRNET training provided by the WCO (see Attachment 7) has been completed before signing the AF Form See paragraph below for additional guidance The user acknowledges understanding of the SIPRNET training by signing the WCO training letter used to provide/document the WCO training Any time a TACLANE and a CIK are in the same location and outside approved storage they are considered classified. This requires users to ensure positive control (i.e., visual AND physical) of the TACLANE and CIK (see Attachment 7). Failure to maintain positive control is a classified security incident Documenting System Access. Use the AF Form 2875 to document system access requests. Specifically: Processing AF Form 2875s. These forms are processed to grant users specific permission levels on a specified IT system. Each unit will designate the agency which will act as repository for these forms when they are processed for access to local IT systems. Follow the form s instructions and the following steps Unit Security Manager Actions. Completion of the AF Form 2875 does NOT relieve the USM of the need to complete and process the AF Form The USM will: Verify clearance level meets the minimum for the designated IT level. IT Level III requires a TIER 1 or higher investigation. IT Level II requires a TIER 3 investigation and IT Level I requires a TIER If SIPRNET access is being granted, annotate block 27 with following statement, The USM signature below verifies initial cleared, derivative, marking, NATO and Wing CSO SIPRNET training were accomplished and the member was added to the unit's derivative classifier letter and is indoctrinated to NATO access in JPAS.

42 42 MINOTAFBI MARCH Failure by the USM to properly validate training or to properly indoctrinate members to NATO in JPAS will result in a security incident and may result in negative derogatory actions on the USM Cyber Security Liaison Actions. The CSL will ensure the AF Form 2875 and the WCO training form is properly filed until the member leaves the unit The IT Level Designation. The IT Level III box (Item 28c) will be checked unless another level of access is required. If elevated permissions are required the user/csl generating the form must provide specific rationale in Part II, item 13 (Justification for Access) on why the elevated permission is required. Contact the Wing Cyber Security for an explanation of the permission levels The USM will ensure the IT Level Designation block is set to III, unless otherwise specified in the justification block (i.e., block 13). If there is a question on what level is required, the user will contact Wing Cyber Security for clarification Data Spillage and Classified Message Incidents (CMI). The 5 BW/CC is the declaration authority at MAFB for initiating sanitization during a potential data spillage or CMI. This authority is delegated to the 5 CS Commander. The Wing Cyber Security Office (WCO), in concert with the IPO and unit Commander will brief the declaration authority of any suspected incidents General Information. A data spillage occurs when data enters an information system for which it is not accredited to process. A CMI is a data spillage where the information was passed via . The details of any classified spillage are classified until the affected systems are cleared. Ensure notifications are made via secure communications. All computers suspected of being involved in a CMI will be treated as classified as soon as the incident is declared. They will not be sanitized until the declaration authority makes an official declaration Computers involved in an incident, or suspected of having been used to send or receive classified will be secured at the appropriate level for the classification of the material involved Notifications. When a potential data spillage is reported (i.e., classified information sent over unapproved computers or electronic devices) the USM reporting the incident will notify their unit Commander, the unit CSL, the communications focal point (CFP) (via their secure line at ) and the IPO (NLT the next duty day). If the unit CSL is notified, they will notify the USM. The CFP will ensure the WCO is notified If a classified message is received from another base over an unauthorized system, 5 BW/IPI will notify the originating base's IP office of the incident. It is the responsibility of the originating base's IP office to ensure the required inquiry and any needed sanitization at their location is conducted. The affected Minot AFB machines/devices will be handled using above described methods, as needed Determinations. The unit commander will verify the information in question is classified before the declaration authority is notified. A valid security classification guide (SCG) is considered an original classification authority (OCA) determination.

43 MINOTAFBI MARCH The 5 BW/IP and WCO offices will advise the declaration authority of the OCA determination to determine the classification before the sanitization operation is initiated Communication Focal Point. Once classification is verified with the OCA or an approved SCG, the CFP will immediately lock affected tier 2 and below users accounts The account lockouts may be accomplished prior to the official CMI declaration as a precautionary measure. Sanitization may begin once the classification is verified Tier 1 user accounts (MAJCOM CC, etc.) will not be disabled without HHQ approval The user accounts of individuals causing the potential CMI will not be reactivated until IA training is re-accomplished. Additional requirements for account reinstatement will be IAW USCYBERCOM policy The CFP will track sanitization of systems until actions are completed Classified Security Incident Actions. Once a potential spillage is suspected, use the procedures shown at figure 6.1 and in Chapter Classified Mobile Devices. These types of devices include mobile phones, laptops and other IT devices. The fact these devices can be easily moved requires they be specifically addressed. They generally fall into two categories; home station use or contingency use Home Station Use. If the device is intended for use at home station it MUST receive a TEMPEST approval BEFORE being used. This approval will establish the room for use as a CPA and users must comply placement of items IAW the submitted room layout map, which is a part of the approval package Contingency Use. If the device is intended for use during contingencies(e.g., used in a tactical or deployed environment such as field deployment or bare-base environment ) it will be operated IAW AFSSI 7702, Attachment 2. Additionally, if in an actual contingency environment, users must comply with TEMPEST rules, where possible If the device is used at the home station during deployment or contingency exercises conducted to prepare for actual contingency actions, the Wing Cyber Security Office may provide a temporary certification for the device. This temporary certification is valid only during timeframe of the intended exercise, and only if the time frame is 60 days or less. For example, establishment of a simulated bare base, a major accident response exercise or use of the APA during generations User Responsibilities. It is the user s responsibility to ensure classified mobile IT devices are approved for use. If you are not sure; DO NOT USE THE DEVICE. Contact the Wing Cyber Security Office for clarification. Misuse of a classified mobile device may result in a classified security incident.

44 44 MINOTAFBI MARCH 2017 FIGURE 6.1. Potential Classified Message Incident (CMI) Process Flow

45 MINOTAFBI MARCH Chapter 7 SPECIAL INFORMATION PROGRAMS (SIPS) 7.1. General Guidelines. The general guidelines for SIPs at MAFB are detailed in this chapter and consist of programs designated as SAPs IAW DoD R, C3.5. Additional specific actions may be directed by the basic references for SAP management found in DoD Directive , DoDM , Volumes 1, 2, 3 and Joint Air Force Army Navy (JAFAN) manuals, as well as program-specific guides, manuals and applicable DoD instructions. If a conflict between the guidance for collateral classified information (standard Confidential, Secret and Top Secret) occurs, the guidelines for the SIP will take precedence, unless the collateral requirements are more restrictive Defining SIPs. The guidance in DoD R, C3.5. lists the following programs as SAPs: COMSEC, NATO, Restricted Data (RD) and Critical Nuclear Weapon Design Information (CNWDI) and Nuclear Command and Control (NC2). DoDM , Volume 1 Glossary, SAP is defined as "A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level." In an effort to reduce confusion between these SAPs and more traditional SAPs, we have termed these programs SIPs, but still comply with all DoD R requirements. For the purposes of the remainder of this chapter, the terms SIP and SAP are interchangeable General Information. Classified information designated as SIP will be handled, transmitted, marked, protected using at least the minimum standards for collateral information. If SIP requirements are more stringent, the SIP standards will be applied Units With SIP Material. Unit commanders holding SIP material (e.g., NC2, RD, CNWDI, etc.) will ensure a MAFB focal point is appointed. If it is unclear which agency should be the MAFB focal point, e.g., more than one agency has the material, and there is no HHQ guidance, the ISAG will discuss the issue and forward a recommendation to the 5 BW and/or 91 MW commander (as applicable) on which agency should be the primary focal point Inspection Requirements. Most of these programs have their own dedicated review process and 5 BW/IP is absolved of annual review responsibility for MAFB SIPs, unless stipulated otherwise in this instruction. Technical assistance may be provided to the local Program Security Manager (PSM), if requested, but access to SIP information will not be granted when technical support is provided Documentation. Where possible, the SIP PSM should consider conducting joint program reviews with 5 BW/IP during the unit's annual IP program review General Information. The PSM for the SIP will ensure the 5 BW/IP is provided a current appointment letter. The PSM will also ensure SAP classified information or material, as a minimum, meets basic classification, declassification and marking requirements outlined in EO and DoDM , Volume 2. [REF: DoDM , Volume 2, E3.12.d.] Access and Need-to-Know. Access and need-to-know are critical to SIPs because these controls are only used when exceptional security measures are required. The level of

46 46 MINOTAFBI MARCH 2017 control is based on threat and/or vulnerability (e.g., sensitivity or value of the information). Each of the programs identified below have some type of associated special access controls and/or protection requirements which requires them to be considered as a SAP. [REF: DoD R, C3.5. DoDM , Volume 1, E ] Reporting. Most of the programs listed below are not reported to Congress as they do not involve acquisition or intelligence funds and protect only purely military operations. Unless specifically required by SIP rules, these activities are reported to leadership and Congress in the context of military operations. The following reviews should be accomplished by the PSM, if SAP rules do not require more stringent inspections Annual Inspection. Each special program has a designated program manager, at either the MAJCOM or Installation level. If there is a question on whether annual inspections are required, contact the appropriate program manager The 5 BW/IPI may not assist in this area, unless the PSM requests assistance. If 5 BW/IP assists, access to program material will not be granted if prohibited by program rules If IP Office assistance is requested, the local PSM must, as a minimum, make a written request to the IPO and provide an applicable checklists to be used during the review The IP Office will not provide inspection assistance for local PSMs of those SIPs reported to congress, unless a request is received from the HHQ Special Security Officer (SSO) program manager MAJCOM Focal Points. Each of the programs listed below has an AF and MAJCOM level functional expert to coordinate requests and review potential program issues. If you have concerns or questions on a specific program contact the MAFB program manager for assistance or clarification The Personnel Reliability Program (PRP). This program is governed under DoD R and AFMAN and no specific local program guidance has been established. The 5 BW/CC appoints the 5 BW/PRP office to act as the MAFB focal point. [REF: DoD R, C3.5.1.] 7.4. The Restricted/Formerly Restricted Data (RD/FRD) Program. Access and dissemination of RD and FRD information is governed under the Department of Energy (DoE) IAW the Atomic Energy Act of 1954, DoD Instruction , and AFI Program Management. Each wing commander will designate a Restricted Data (RD) Management Official (program manager) to disseminate directives, classification guides, (as needed), and ensure personnel with access are trained IAW AFI The 5 BW/CC designates the 705 MUNS/CC as the 5 BW focal point for CNWDI and the 91 MW/CC designates 91 OSS/CC as the 91 MW focal point. This responsibility may be delegated, in writing, to another SME within the unit and a copy of the delegation letter must be provided to 5 BW/IP Ensure RD/FRD is stored, marked, protected and destroyed in the same manner as collateral material of equivalent level. A copy of the each unit s RD certification procedures will be forwarded to the 5 BW IP Office to be included in the unit folder.

47 MINOTAFBI MARCH There are no special access requirements for FRD and the holder must ensure anyone accessing the material has a clearance equal to the equivalent collateral level RD Indoctrination. RD access requests are recorded on AF Form 2583, Request for Personnel Security Action, IAW AFI , paragraph 8.7. Keep the AF Form 2583 in unit files for duration of the individual s access to RD and dispose of IAW RDS Accessing Restricted Data. Access/dissemination of RD is controlled IAW DoDI and AFI Due to the sensitivity of RD a strict adherence to the "need-toknow" principles will be followed. Each unit holding or with members requiring routine access to RD must establish specific unit procedures Electronic Transmission of RD/FRD. There are special requirements for transmitting this material. The electronic transmission of Secret level FRD/RD material is authorized over SIPRNET, only if the sender verifies the receiver has a valid need-to-know the information. The use of distribution groups is not authorized when sending over SIPRNET Debriefing from RD. Procedures for ensuring access is terminated when no longer needed for official duties. Record debriefing of RD access using AF Form 2587, Security Termination Statement. Maintain the AF Form 2587 IAW RDS Unauthorized Access to RD. If there is reasonable doubt on whether a member is properly indoctrinated for RD access, a security incident will be declared Critical Nuclear Weapons Design Information (CNWDI) Program. This program is governed by DoD Directive and AFI and is tied directly to the RD program Program Management. The Wing RD program manager will act as the CNWDI program manager. Members may not be indoctrinated to CNWDI in JPAS without first being indoctrinated into RD. Each commander/staff agency chief having members requiring CNWDI access will establish specific written procedures to ensure only members who have a valid and official need are indoctrinated to RD and CNWDI CNWDI Indoctrination. CNWDI access requests are recorded on AF Form 2583, Request for Personnel Security Action, IAW AFI , paragraph 8.8. Keep the AF Form 2583 in unit files for duration of the individual s access to CNWDI and dispose of IAW RDS Debriefing from CNWDI. Record debriefing of CNWDI access using AF Form 2587, Security Termination Statement. Maintain the AF Form 2587 IAW RDS Transmission of CNWDI. Ensure CNWDI is transmitted IAW current program requirements. Contact the appointed Wing RD program manager for questions on transmitting CNWDI Unauthorized Access to CNWDI. If there is reasonable doubt on whether a member is properly indoctrinated for RD/CNWDI access, a security incident will be declared Temporary RD or CNWDI Access. If temporary access is required for a TDY, conference or other official reason, the RECEIVING location should accomplish indoctrination and debriefing. If the receiving location cannot accomplish the indoctrination or fails to accomplish the debriefing, the USM will use the following procedures:

48 48 MINOTAFBI MARCH Process an access request letter through the appropriate certification authority which clearly states the reason the access is required and the duration. The letter will be maintained until the member returns from trip. This method may also be used when all members of unit are in a career-field where access may be needed, but an official need does not exist on a daily basis Upon return from the TDY location (or completion of the local task) the owning USM will debrief the member using the AF Form 2587 and remove the RD and/or CNWDI access in JPAS. Maintain paperwork IAW RDS In-bound TDY personnel coming to MAFB who need RD/CNWDI access should be announced on a visit request in JPAS and indoctrinated prior to arrival. If access is granted at MAFB the sponsoring wing RD program manager accomplishes all actions including the temporary access letter training, administrative paperwork (i.e., AF Forms 2583 and 2587), indoctrination and debriefing. All paperwork for the individual is maintained IAW RDS North Atlantic Treaty Organization (NATO) Program. Security requirements for NATO material is governed by United States Security Authority (USSAN) Instruction I-07 and AFI In addition, NATO material will be marked and controlled IAW DoDM , Volume 2. Care must be taken to protect foreign government information at the equivalent of its US level, except as specified in DoDM , Volume 3, Appendix to Enclosure 4. or as required by treaties or international agreements. All MAFB NATO is COMSEC related material and reviewed under that program's rules. The following procedures also apply for COMSECrelated NATO at MAFB NATO Sub-Registry and Processing. There is no NATO sub-registry associated with NATO at MAFB as it is COMSEC material and controlled IAW that program's access rules. If non-comsec material is received at MAFB, a NATO sub-registry must be established and a specific NATO program coordinator designated Communications Security (COMSEC) Program. The focal point for this program is 5 CS/SCXSC, COMSEC Account It is governed by both AFKAG-1 and AFI , Volume 2, Communications Security (COMSEC) User Requirements. Security classification and declassification policies in DoDM apply to COMSEC information in the same manner as other classified information. DoDM , Volume 1, Enclosures 3 and 5 prescribes special procedures for cryptologic information Sensitive Compartmented Information (SCI) Program. This program is managed by the MAFB SSO and governed by applicable Director of Central Intelligence Directives (DCID), Intelligence Community Directives (ICD) and DoD M-1. Security classification/declassification policies in from DoDM apply to SCI in the same manner as other classified information. Special access and physical security controls are required for SCI Local IP Office Support. The SCI program is supported by HHQ SSOs and not reviewed as a part of the MAFB IP program. The IP Office provides informal technical support to local PSMs but, per instruction from AFGSC IP may not provide formal surveys or official program support (e.g., facility surveys, security incident support, etc.) unless a written request is received by the AFGSC SSO.

49 MINOTAFBI MARCH Pre-access requirements for SCI. The following actions will be accomplished prior to individuals being granted access to SCI Squadron CC will complete and sign the SCI Access Request form using the template provided by the MAFB SSO An AF Form 2583, properly routed thru 5 SFS/S5R, must be completed using the MAFB SSO template No action to grant access will occur until all required forms are completed and received by the SSO All forms must be accomplished at least 60 days prior to requested access date Installation Nuclear Command And Control Extremely Sensitive Information (NC2- ESI) Program Management (INPM) General Information. Due to MAFB having dual wings, the host wing (5 BW) provides an Installation NC2-ESI Program Manager (INPM) to manage the NC2-ESI program IAW CJCSI B and AFI The Chief, Minot Command Post, is designated as the primary INPM and may delegate NC2-ESI Program Manager (NPM) responsibilities within the Command Post (CP). If delegated, the member must be at least an E-6/O-3 or above and have an appropriate clearance and access levels. The INPM provides oversight for the 5 BW and 91 MW Wing NPM (WNPMs). The 5 OG USM is the 5 BW WNPM and also acts as the assistant INPM. The 91 OSS/OSK is the designated 91 MW WNPM. The IPO provides annual management oversight for the INPM program, normally during the unit's scheduled IP PR The INPM Responsibilities. The INPM will: Oversee the NPM program to include NC2-ESI management, safeguarding and access requirements IAW CJCSI B and AFI Standardize access briefings and training materials for all personnel granted NC2-ESI access. The training plan/materials will include; identifying applicable classification guides for the material and special access control requirements associated with the material. The training plan will be coordinated through 5 BW/IPI. [REF: AFI , AFGSC Sup 1, paragraph 7.3.] Conduct and document, in writing, an annual assessment of the installation NC2- ESI program routed to the 5 BW and 91 MW commanders with a courtesy copy to the CIP after wing commander reviews Act as Installation OPR for consolidating, coordinating and forwarding HHQ directed tasks related to NC2-ESI materials and program management Coordinate a self-assessment of the INPM plan in addition to the annual program review conducted by 5 BW/IP Develop and distribute NC2-ESI program management checklists to unit NPMs Coordinate, as required, with 5 BW/IP for technical assistance (e.g. NC2-ESI material classified security incidents, screening questionnaire yes answers not previously adjudicated prior to granting official review, etc.).

50 50 MINOTAFBI MARCH Commander Responsibilities. The 5 BW and 91 MW must appoint WNPMs in writing for units with administrative responsibilities for the program or with access to NC2- ESI Material. Responsibilities include: Designating, in writing, a WNPM who will be responsible for completing any required training and administrative actions as detailed in WNPM responsibilities below Completing procedures IAW AFI and AFI anytime a loss or compromise of NC2-ESI material is suspected/confirmed BW and 91 MW WNPMs Responsibilities. The WNPMs will: Oversee their respective NC2-ESI programs, as directed by the INPM Ensure required administrative actions are completed IAW checklist provided by the INPM for units under their administrative control Consolidate and forward the granting officials roster to the INPM NLT 10 January and 10 July each CY Consolidate and forward the NC2-ESI access list rosters to the INPM NLT the last duty day of each CY quarter Meet access requirements and be properly indoctrinated for access to NC2 materials Complete all actions required to allow assigned unit personnel access to NC2 material. This includes indoctrination, debriefing, self-assessments, etc The WNPMs will develop any specific local unit procedures needed for safeguarding materials. These procedures will be established in writing and should be included in the unit's IP operating instruction Unit Security Manager Responsibilities. The USM does not require access or indoctrination to NC2-ESI material when indoctrinating personnel. For units with personnel indoctrinated to NC2, but which do not control NC2 material the USM will: Oversee completion of any required administrative actions (e.g. indoctrination, training, debriefing, questionnaire, etc.) Consolidate and forward any required NC2 program management material to their respective WNPM, as required If there are any issues with answers to questions on the NC2 questionnaire the USM will contact 5 BW/IP (PS Section) for assistance on determining actions required Control Procedures. All NC2-ESI material will be classified and marked as Top Secret with the appropriate NC2-ESI indicator. Any NC2-ESI hard copy documents will be separated from other classified material by guide cards, file folders, or separate drawers of multi-drawer security containers Security classification and declassification policies of DoDM apply to NC2 material in the same manner as other classified information.

51 MINOTAFBI MARCH All specific investigative requirements must be met prior to individuals being granted access to NC2 material. [REF: DoD R, C3.5.3.] Presidential Support Activities (YANKEE WHITE). Although there are no positions assigned for this at MAFB, members may need to complete investigative requirements prior to being accepted for some assignments. The 5 BW/IPP is the focal point for investigative actions concerning this program at MAFB. It is governed by DoD Directive and has special investigative requirements. [REF: DoD R, C3.5.4.] Other Special Access Programs. Ensure any access to SAPs not covered in this section is documented in JPAS, or as required by the specific SAP instructions. Additional guidance can be found in DoD Directive O Local IP Office Support. The SAP programs not discussed in this section are supported by a HHQ program manager and are not reviewed as a part of the MAFB IP program. The IP Office does not provide technical support to local PSMs of these programs (such as formal surveys, security incidents or official program support). The 5 BW/IP office will not provide support for these programs unless a written request is received by the HHQ program manager.

52 52 MINOTAFBI MARCH 2017 Chapter 8 CLASSIFYING, MARKING AND DECLASSIFYING INFORMATION 8.1. Original Classification. There are no authorized Original Classification Authority (OCAs) at MAFB. Any required OCA decisions must be submitted to the appropriate Numbered Air Force. Unit security managers can provide more information on this topic, if required Derivative Classification. The following requirements must be considered when making derivative classification decisions Generating Derivatively Classified Documents. Derivative classifiers must be specifically trained and receive refresher training at least once every 2 years, IAW EO 13526, Part 2, Sec (inclusive) and DoDM , Volume 3, Enclosure 5, 3.c Specific training requirements are outlined in Chapter 11, paragraph of this instruction. Derivative classification is extremely important to ensure classified information is provided the proper level of protection Derivative classifiers are responsible to ensure the proper markings are applied to all portions of the document and must understand failure to properly mark a derivative document may constitute a security incident Derivative classifiers must be appointed in writing by the unit commander or Staff Agency Chief. Unit security managers will maintain a compiled listing of identified and trained derivative classifiers for the unit and provide a copy to 5 BW/IP for posting in the unit folder The USM will verify members gaining access to SIPRNET have completed required training and annotate the DD Form 2875, block 27, with the statement, also shown at paragraph "The USM signature below verifies initial cleared, derivative, marking, NATO and WCO SIPRNET training were all accomplished and the member was added to the unit's derivative classifier letter and is indoctrinated to NATO access in JPAS and completion of AF Form 2583." 8.3. Marking Classified Information. Custodians of classified are required to verify original or derivatively classifiers have complied with the guidelines for marking found in the basic instructions Marking Requirements. Specific marking requirements can be found in DoDM , Volume 2 and 4 and AFI , Chapter Marking Classified Information Transmitted Via Classified Systems. Information sent/received via approved secure communications systems must be properly marked. If not properly marked when received, the receiver will notify the sender of the problem and request any missing markings. Refusal to provide mandatory markings may be considered a security incident. The sender is responsible for providing the markings, and for any security incident generated by failure to comply Printing Classified from Electronic Systems. Ensure documents generated from approved electronic media systems are marked as required, regardless of whether they were marked appropriately when received. It is the holder's responsibility to ensure classified

53 MINOTAFBI MARCH under their control is properly marked. instructions. See DoDM , Volume 2 for specific Special Control and Similar Notices. See DoDM , Volume 2 for instructions on special notices for restricted data, formerly restricted data and other types of information Marking Special Types of Materials. When marking automated information systems, audiovisual media, hardware, products, etc., use the guidelines described in DoDM , Volume Marking Foreign Government Information in DoD Documents. Use the guidelines described in DoDM , Volume 2. to control/mark this information Marking Blank Pages in Multi-page Classified Documents. If a document contains blank pages, they must contain banner markings (i.e., top/bottom) using one of the marking conventions outlined in DoDM , Volume Marking Controlled Unclassified Information (CUI). Follow the guidelines in DoDM , Volume 4, when handling, processing and marking controlled unclassified information. Some specific considerations include: Transmitting, Marking and Storing DoD UCNI. This information requires special handling and protection. Specific guidance is be found in DoDM ,Volume 2 and 4 and DoD Directive It also has special handling/storage requirements for physical and electronic storage. Several items of interest include: It may be ed over NIPRNET provided the sender verifies those receiving have a valid need and that it is encrypted and digitally signed Use the general marking rules from below when ing DoD UCNI. Replace For Official Use Only with DoD Unclassified Nuclear Information and replace the parenthetical "FOUO" with "DCNI" and use the expanded statement from DoD Directive (if releasing outside DoD channels) Rules for FOUO information and Privacy Act Data. Specific rules for this type of CUI are found in DoDM , Volume 4. Information which meets the Privacy Act Data requirements is automatically protected as FOUO When ing FOUO information do not use "blanket" Privacy Act or FOUO notifications. It is the responsibility of the originator/writer of the document/ to determine whether the information qualifies for FOUO status and to ensure markings are applied as required IAW DoDM , Volume 4, Enclosure 3, 2.b.(1). Only information which meets the FOI Act exemptions may be labeled as FOUO, and the sender must make it clear which information in a document is actually FOUO, as outlined in DoDM , Volume The proper marking format to use when ing this information is contained in DoDM , Volume 4, Enclosure 3. Proper formatting is required for the message and attachments to include front cover, first page, beginning of the text, as applicable. For s requiring the Privacy Act statement, refer to AFI , Para A brief review of marking FOUO is outlined below. BEFORE the subject line place "(FOUO)"

54 54 MINOTAFBI MARCH 2017 BEFORE other information/data (not at the end of the or in the signature block), place "For Official Use Only. If only the attachment to the is FOUO, specify that in this line, i.e., "The attachment to this is FOUO." The writer must also identify which paragraphs contain the FOUO information by placing (FOUO) before the affected paragraph An exception to both of these rules is when information is ed outside DoD channels. Then you would apply the expanded statement and rules below: BEFORE the subject line place "(FOUO)". BEFORE any other portion of the message: "This document contains information that may be exempt from mandatory disclosure under the Freedom of Information Act." It is acceptable to use the expanded statement in an /hardcopy document, even if not going outside DoD channels provided the or document contains FOUO information IAW AFI , , do not send Privacy Act information to distribution lists or group addresses unless each member has an official need to know the personal information and are authorized to receive the information All s sent over NIPRNET must be digitally signed and encrypted when they contain FOUO and Privacy Act Information Marking Material With DoD UCNI and FOUO. In unclassified documents, if a page contains both types of material on the same page, the banner will be marked as DoD UCNI//FOUO and each paragraph will be parenthetically marked with the specific type of information contained. Use the marking convention required in DoDM , Volume 2 when using CUI in a classified document Declassifying, Downgrading or Regrading Information. Use the guidelines in DoDM , Volume 2 and AFI , Chapter 3 to declassify, downgrade or upgrade classified information Classification Challenges. The holder of an improperly marked classified or unclassified document shall contact the document's originator to obtain correct markings. If personnel feel a document needs a higher or lower classification or should be declassified it is the individual's responsibility to challenge the classification using procedures in DoDM , Volume Mismarked Information. If information is received without proper markings, always attempt to resolve the situation at the lowest level possible. First contact the sender to verify the markings. If this does not work, ask your USM to contact the agency's USM. If this does not work, your USM should contact the 5 BW/IP office for additional assistance Handling/Storing Challenged Information. If there is doubt on the validity of classification authority or level for material, or it is not possible to verify what level information should be protected at, protect the information at the highest suspected level until clarification is received.

55 MINOTAFBI MARCH Chapter 9 TRANSMISSION/TRANSPORTATION OF SENSITIVE INFORMATION 9.1. General Policy. The DoD/AF general policy on transporting/transmitting classified or CUI is it should be sent electronically or through the US Postal Service unless there are no other options Guidance. Use the procedures outlined in DoDM , Volume 3, Enclosure 4 when transporting or transmitting classified material. When transmitting CUI use the rules outlined in DoDM , Volume 4, Enclosure Procedures. Each unit must establish local procedures for sending and receiving classified information Use the unit IP OI to address specific actions to take when receiving first class, certified or registered mail. These types of packages may contain classified and must be protected (at a minimum) as Secret material until received by the designated office When transmitting/transporting specialized program information such as COMSEC, NATO, SAPs etc. remember collateral classified rules apply in addition to any program requirements. If a conflict occurs use the stricter of the two standards Remember information which originates outside the DoD may not be released to other Agencies/Departments except as established by the Secretary of Defense (SECDEF) Training. Commanders/Staff Agency Chiefs are responsible for ensuring personnel tasked to send and/or receive sensitive information (classified or unclassified) are properly identified and trained. As a minimum units will establish procedures and training in their unit IP OI to ensure personnel are aware of requirements Some examples of those requiring training include, secretaries, administrative assistants, receptionists and/or other personnel routinely performing administrative duties where sensitive information or US mail is sent or received The procedures/training should include actions to take when classified or CUI is received or sent and procedures for receipt and protection of first class, registered or certified mail, which may contain classified information Standards. Each category of information has specific standards for transporting or transmitting. The following should be considered when transmitting/transporting sensitive information (classified or unclassified) Transporting/Transmitting US Collateral Classified. Use only the methods outlined in DoDM , Volume 3, Enclosure 4. when considering how to transport/transmit US collateral classified material Transmission of Classified to Foreign Governments. Use only the methods outlined in DoDM , Volume 3, Enclosure 6 when considering how to transport/transmit classified material to foreign governments.

56 56 MINOTAFBI MARCH Controlled Unclassified Information. Ensure the appropriate standard from DoDM , Volume 4 and AF standards are applied before sending any unclassified sensitive information. See paragraph 8.4. (inclusive) of this instruction for additional guidance Improper Electronic Transmission of Information. If information is sent inappropriately over a computer, fax, electronic data device or other electronic means follow the procedures outlined in and Preparation For Shipment. When preparing classified material for shipment consider the following Packaging. Comply with the requirements outlined in DoDM , Volume 3, Enclosure 4 when packaging classified material for shipment/transport In the case of bulky items or equipment, the outer cover may be a tarp or similar opaque covering to prevent the item from being viewed. The shell of an equipment item (i.e., aircraft part or laptop) may act as the "inner wrapper" provided it does not allow classified information or components to be viewed As a minimum, items not being mailed, but being shipped or moved as part of a daily operational missions (on or off base) will utilize an inner and an outer cover Any material outside approved storage will be kept under personal observation and positive control of an authorized individual. Material will under no circumstances be left unattended while in transport. For example, member may not leave material "locked" in a vehicle, hotel safe or take material to a personal residence Escorting/Hand Carrying Classified. Comply with the requirements outlined in DoDM , Volume 3, Enclosure 4 when authorizing individuals to hand carry classified material via government, personal, or commercial transportation Use of Couriers. The commander or staff agency chief possessing the classified determines whether hand carrying classified is authorized (based on risk assessment outlined in DoDM , Volume 3, Enclosure 4). See paragraph 9.3. above for additional information Do not assign a courier for classified unless there is no other way to transport/transmit the information (i.e., can it be mailed or sent via secure communication methods) Couriers are not required for on-base transport. Supervisors will ensure any member selected for conducting on-base transportation is briefed on safeguarding responsibilities, cleared for access, aware of packaging requirements and proceed directly to the duty location Personally owned vehicles (POVs) may be used for on-base transport, if a government vehicle is not available Those acting as formal couriers (e.g., transporting between installations) may use POVs, if they are authorized this mode on travel orders, or if the POV is needed to travel to and from the mode authorized on the travel orders.

57 MINOTAFBI MARCH Associated Documentation. Comply with the requirements in DoDM , Volume 3 and AFI when preparing documentation for couriers of classified material The owning commander will use a courier letter to authorize couriers to transport classified. The DD Form 2501, Courier Authorization Card will not be issued at MAFB Courier letters are NOT required for on-base transport. Supervisors may designate personnel for on-base transport Traveling on Commercial Aircraft with Classified. Use the guidelines in DoDM , Volume 3, if a courier must travel on commercial aircraft. Failure to follow these procedures may result in airport officials denying access to the flight or examining the classified package. If airport security officials open the classified package it must be reported as a security incident On-base Transport. Transfer/transport of classified from location to location on MAFB or between MAFB and the Missile Field is considered an "on-base" transport. Units will use the following procedures when conducting on-base transport If moving material between collocated and adjoining offices (e.g., within a secure area or where the member does not have to leave the building), as a minimum, use a cover sheet If transporting between physically separated facilities/areas, package material as outlined in DoDM , Volume 3, Enclosure 4, Sections 9-10 and this instruction.

58 58 MINOTAFBI MARCH 2017 Chapter 10 SAFEGUARDING SENSITIVE INFORMATION General Policy. It is AF policy each individual granted access to sensitive information (classified or unclassified) is responsible to safeguard material under their care from unauthorized access. This includes complying with special requirements associated with the material under their control. Classified material must be stored in an approved storage container/area when not under personal observation/control of an authorized person The USM will submit the special security area review checklist (Attachment 9) with each work order. This will allow the 5 CES Customer Service section to identify areas where there are special security needs Any work order identified with security concerns will be forwarded to the 5 CES ISAG member (i.e., the 5 CES security review official) who will ensure project details are forwarded to the security subject matter expert (SME) (i.e., 5 SFS, 5 CS, 5 BW/IP, etc.) The 5 CES security review official will liaison between security SME and the 5 CES engineering section to ensure any needed security reports are completed for the project before it goes to the Work-order Review Board (WRB) The work order will indicate to use the security report and the engineering section will ensure any plans reflect the requirements outlined in the report The engineering section forwards the initial design plans to the security reviewer who will coordinate with the security SME to ensure incorporation of security requirements The below diagram provides the flow for CE construction work orders and the plans developed to implement any required construction.

59 MINOTAFBI MARCH Figure Work Order Submission Flow Standards. Specific guidelines for safeguarding classified information can be found in DoDM , Volume 3, Enclosures 2 and General Requirements. See DoDM , Volume 3, Enclosures 2 and 3, for specific safeguarding requirements during duty and non-duty hours Local Unit Requirements. The USM must ensure the unit INFOSEC OI addresses local considerations for emergency planning actions of classified information during contingency situations to include material maintained in and/or checked out of approved storage Access Control Measures. The IP checklists and OI template provided by 5 BW/IPI will be used by USMs to ensure their unit's IP OI addresses items required in AFI , Chapter 2. If units do not have a certain capability (e.g., classified faxes, copiers, etc.) consider stating this in the OI and providing the reader an agency which does have the capability. Regardless of capabilities, ensure all items required by AFI are addressed The unit OI will address what actions the unit agencies take when receiving first class, certified or registered mail. These types of packages may contain classified and must be protected (at a minimum) as Secret material until received by the designated office Granting Access to Classified. Each member controlling classified must comply with requirements in AFI , Chapter 2 before allowing personnel access to classified Indoctrination to JPAS. The USM is responsible for ensuring unit members requiring access to classified are trained IAW AFI , Chapter 2 prior to indoctrinating them in JPAS.

60 60 MINOTAFBI MARCH The USM is responsible for ensuring unit personnel's NdAs and non-sci Indoctrination are current in JPAS Do not allow access to classified information until these actions are completed If an individual refuses to sign the NdA a security information file (SIF) will be established and a derogatory incident noted in JPAS IAW AFI , chapter Verifying Clearances. Verify individual clearances, whether the individual is permanent party, visitor, or an inspector, using JPAS. The JPAS is real-time and may change on a daily basis. This is why use of Entry Authority Lists is not authorized to verify clearances The USM may validate a roster of personnel for access on a daily basis for conferences or other large gatherings, provided attendees are in the USM's PSM-net as "servicing." Classified Aboard Aircraft. See AFI , (as supplemented) for specific rules concerning storage of classified aboard aircraft. The security force may conduct required checks if notified by the aircrew classified is present and the aircraft is sealed Local Instructions. See AFI , for specific instructions on administrative controls on classified. Additionally: Internal Controls. Commanders will establish written internal control procedures and establish how classified material is receipted when transferred between agencies. The use of the AF Form 310 is highly encouraged Combinations to Security Containers. Custodians of a security container containing classified will comply with the circumstances outlined in DoDM , Volume 3, Enclosure 3, Section 11 and should consider changing container combinations annually Consolidated Container Listings. Security managers will provide to 5 BW/IP a memorandum listing the location and primary/alternate custodians of all unit containers and OS/OD areas. The IPO staff will post this information in the unit s folder Use of Forms. Any area where classified is stored or where routine classified briefings or operations occur will use the SF Form 701, End-of-Day Security Checklist. For security containers, and additionally, if open/closed storage of classified is authorized, the SF Form 700, Security Container Information, and the SF Form 702, Container Check Sheet will be used. Security container maintenance will be documented on the Optional Form Closed Storage of Classified. Only approved storage containers (IAW DoDM , Volume 3, Enclosure 3 and AFI , chapter 5) will be used to store classified information. Use the guidelines and procedures below to certify and approve OS areas General Storage of Classified. Store classified material IAW rules outlined in DoDM , Volume 3 Enclosure 3 and AFI During working hours ensure rules outlined in DoDM ,Volume 3, Enclosure 3 are followed Courtesy Storage. If an agency stores classified in a container controlled by another agency, the two agencies should have a memorandum outlining the arrangement which, as a minimum, addresses routine protection, accessing, and emergency destruction of the classified.

61 MINOTAFBI MARCH The agency providing storage is only responsible for physical security and all other administrative control/accountability requirements are the responsibility of the owning agency Measures must be taken to ensure the material is not tampered with; for example, sealing packages, or utilizing containers with separate locking drawers Temporary "in transit" Storage of Classified. Units may need to temporarily store classified if it is received after duty hours and cannot be stored within unit containers. In this case they may contact the agencies listed below to request temporary storage. Do not attempt to drop off the material without prior coordination. Any material delivered must be reclaimed immediately the next day or once a unit custodian has been contacted to take authorized control of the material Base Operations is designated as the repository for overnight storage of classified material up to Secret. The base command post will serve as the repository for Top Secret material. Both locations will develop procedures for the receipt of transitory classified material The Defense Force Commander will ensure installation entry controllers are aware of the repository locations. The 5 FSS/CC will ensure lodging personnel are aware of the repository locations Modifying Approved GSA Containers. In accordance to the Federal Standard, any modification (e.g., welding, drilling, etc.) to a GSA container will cause it to be decertified. If unauthorized work is suspected, contact the 5 BW/IP Office, as they are responsible for assessing discrepancies reported by security managers or assistants and determining if a GSA approved technician is needed to fix the security container or vault door IAW AFI , A certified GSA locksmith should perform maintenance on classified security containers. The IPO staff maintains a list of available certified local individuals. Any unauthorized work may cause the container to be taken out of service for use with classified Any modifications, work or maintenance conducted on the container will be documented on the Optional Form 89, Maintenance Record for Security Containers/Vault Doors (replaces Air Force Technical Order (AFTO) Form 36, Maintenance Record for Security Type Equipment). Maintain all records of security container and vault door maintenance, repairs, and inspections while the container is in use. Continue to maintain the old AFTO Form 36 as a historical record of maintenance for the security containers or vaults Special Purpose Security Containers. Approved security containers do not need to be secured to the facility unless they are special purpose containers (i.e., light-weight onedrawer mobility safes or special purpose 2-drawer safes). Special purpose containers may be identified by the size/shape and the fact they may have factory-made bolt holes to allow them to be secured to a facility floor. Modifying these containers in any way (e.g., welding struts, etc.) will cause it to be decertified for use with classified.

62 62 MINOTAFBI MARCH Open Storage (OS) of Classified. Classified material will not be stored outside an approved security container unless maintained in an OS area certified as meeting standards by the CIP. Open Storage areas will not be approved for convenience and require intrusion detection systems, with the exception of facilities approved after Oct 95. Pre-Oct 95 facilities may be used without IDS, if approved by SAO, until 01 Oct 13. Commanders must notify the CIP, in writing, of any new OS area requirements and of any proposed changes to existing OS areas; 14.prior to changes being made. The USM will ensure the unit consolidated container listing includes all approved OS areas Initial and Recertification Surveys. The IPO staff must conduct a survey and provide a report listing corrective actions before any area will be considered for OS certification. If an existing area has been substantially modified a recertification survey is required. Substantial modification may include any changes which alter the layout of the interior (e.g., moving furniture) or physical integrity of the facility perimeter (e.g., removal of doors, walls, windows and/or adding new vents, pipes etc.). Areas will not be certified by the CIP until corrective actions noted in the IPO report have been corrected. Corrective actions will be provided with references and be recommendations for fixes The IPO staff will verify corrective actions have been completed based on the report provided. The CIP will provide an initial certification or recertification letter if the facility meets standards. Facilities which do not meet standards will not be certified, or if being recertified, will be decertified until all corrective actions are accomplished In some circumstances, temporary compensatory measures may be available until mandatory actions noted in the initial or certification surveys are complete. These types of measures are intended as short-term (i.e., 30 days or less) An OS area is not automatically a controlled area. Controlled area designation decisions are made under the Resource Protection (RP) program rules in AFI The unit must develop specific written entry and circulation controls for the OS area. These procedures may be included in an already existing unit OI Intrusion Detection Systems. Utilize the Protection Level 4 alarmed area rules found in Integrated Defense Plan for OS areas; with the following exceptions: If alarms fail on a secret OS area the owner/user will either post a cleared individual in the facility or may have a cleared member conduct 4-hour checks of the facility (requires entry and walk through) IAW DoDM , Volume 3, Enclosure 3, Section 3.a If alarms fail on a TS OS facility, the owner user must post a cleared individual in the facility. Checks of all vulnerable areas (e.g., doors, windows, vents, etc.) should be conducted at least once every two hours until alarms are restored The rules for SIP facilities may require the user to post a cleared individual Physical Security Checklist. The 5 BW/IPI checklists will be used to conduct OS and/or OD surveys, as applicable. The checklist is derived from the Appendix to Enclosure 3, Volume 3, DoDM , AFI , as supplemented. It is provided to USMs upon request.

63 MINOTAFBI MARCH Certification/Recertification of OS Areas. The CIP will certify new areas and, if necessary, recertify existing areas where substantial changes have been made. Areas will not be used for OS of classified until the appropriate survey is conducted and any identified discrepancies have been corrected. Specific requirements are detailed below Commanders will ensure areas are not used for OS of classified unless properly certified by the CIP as meeting standards The CIP will certify OS areas based on compliance with DoD and AF requirements, as noted in the physical security survey conducted by 5 BW/IPI & 5 CES/CECNA Keep a copy of all historical documents related to the OS area's certification or recertification in the OS area, in the USM's program binder and in the unit's IP folder maintained by 5 BW/IPI The unit commander, through the USM, will notify the IP Office of any "substantial" renovation, remodeling work proposed for approved unit OS areas. The notification must be given prior to modifications, preferably 30-days prior, to allow sufficient time for the IPO to determine whether a formal security survey is required. In any case, the notification will include a detailed risk mitigation plan for classified material/operations affected by the work Certifying Open Discussion (OD) Areas. Commanders must notify the CIP, in writing, of any new proposed OD area requirements and of any changes to existing OD areas. An OD does NOT authorize classified material to be stored in the area, classified must be stored in approved containers. The general rules noted in above apply to OD areas. The USM will ensure all approved unit OD areas are reflected on the unit consolidated container listing Discussing Classified Information. Classified information shall be transmitted IAW DoDM , Volume 3, Enclosure 4. This means approved secure communications and approved for specified classification level of the information. When considering classified meetings or conferences, the unit security manager of the sponsoring agency must ensure compliance with all security provisions outlined in DoDM , Volume 3, Enclosure 2, Section 16 and AFI , as supplemented. Unit members sponsoring a classified conference/meeting will work with the USM to ensure all necessary actions are taken In-office discussions of classified do not require the checklist from the AFGSC Supplement to be used, however; personnel must ensure all participants in the conversation are properly cleared and have a valid need-to-know and that any classified conversation cannot be overheard by uncleared/unauthorized individuals Certified OD Areas. The CIP is the certification authority for approving/disapproving OD areas. Areas will be certified based on the initial justification from the request letter and completion of corrective actions noted in the physical security survey conducted by 5 BW/IPI and 5 CES/CECNA. These areas will not be approved for convenience Commanders will ensure no OD areas are approved for use prior to the area being certified by the CIP.

64 64 MINOTAFBI MARCH A copy of the OD area certification letter will be kept in the OD area, in the USM's binder, and in the unit's IP folder maintained by 5 BW/IPI Units will develop specific written entry and circulation controls for the OD area which may be included in an already existing unit OI Use the guidelines in DoDM , Volume 3, Enclosure 2, Section 16 for conducting off-base conferences Alarms are not required for any OD unless a specific threat is identified by the security survey team Certifying SIP OS/OD Areas. If a physical security review of a SAP area is conducted by the SAP oversight agency it is sufficient for the collateral OS certification. The IPO does not conduct surveys on these areas unless a request is made the MAJCOM PM. If physical security survey support is requested, the IPO will work with the local Program Security Manager to ensure the report does not become classified Disposition and Destruction of Classified and CUI. Follow the guidelines in DoDM , Volume 3, Enclosure 3 and AFI , as supplemented when making decisions to retain and/or destroy classified material Central Destruction Facility. There is no MAFB central destruction facility for classified or CUI. Agencies must procure approved destruction equipment using the guidelines in DoDM , Volume Information Technology Related Materials. The National Security Agency (NSA) may assist with destruction of some classified electronic media (e.g., hard drives, etc.). Contact your USM for specific requirements to arrange for destruction of classified electronic media The primary functional expert and POC for units requiring NSA destruction capabilities is the USM. The USM will ensure unit members comply with any and all mailing and preparation requirements specified by NSA and will ensure all packages comply prior to allowing the package to be mailed Destruction of CUI. Units must ensure all CUI is properly disposed of to prevent unauthorized access. The AFGSC policy is that all CUI will be sufficiently shredded to prevent reconstruction Annual Classified Cleanout Day. The annual classified cleanout date for MAFB is to be completed on or before 15 Feb of each year. The USM will ensure agencies are complying with this requirement during semiannual self-assessments. It is acceptable to complete this action over an extended period or prior to the 15 Feb deadline The IPO staff will review compliance with retention/destruction rules for classified during annual unit inspections/reviews Alternative/Compensatory Control Measures. AF prohibits use of these measures.

65 MINOTAFBI MARCH Chapter 11 INFORMATION PROTECTION EDUCATION AND TRAINING General Requirements. The mandatory IP training requirements are outlined in DoDM , Volume 3, Enclosure 5 and AFI , Chapter 6. There are distinct types of mandatory IP training described below: initial orientation training, annual refresher training and continuing training Conducting Unit IP Training. The unit commander s IP education and training program is implemented through their USMs. The USM is the point of contact for training matters relating to IP training and must have access to unit members training documentation to validate requirements are completed. The MAFB IP training discussed below also includes requirements for the Insider Threat Program (InTP) training (AFI ) and CUI (DoDM , Volume 4) Initial IP Training. There are two types of "initial" IP training to consider. The cleared training applies to members with access to classified information and the uncleared applies to those with no access to classified. The requirements for the training are outlined in DoDM , Volumes 3/4, AFI , 6.2 and AFI Both categories have initial, continuous and refresher training requirement At MAFB the "cleared" initial training is satisfied by completing the ADLS DoD IAA Cyber Awareness Challenge training, the ADLS Protecting Sensitive Information training (formerly Security Administration) and reviewing the locally developed IPO training slides which include INTP, NATO, CUI and continuous evaluation training material. Additional training is required for derivative classifiers (e.g., have access to SIPRNET or develop classified plans) The USM must document completion of initial cleared training in JPAS under the non-sci indoctrination date AFTER verifying completion of required ADLS courses and review of the IPO slides. There is no need to keep initial training documentation after the date is recorded in JPAS The "uncleared" initial training applies to civilian or contractor personnel who are not authorized access to classified (e.g., a GS employee in a UMD SAR code 8 position). The training consists of completing the ADLS training noted above and a review of "just" the CUI portion of the IPO slides. It is acceptable to have these personnel review all the IPO slides The IPO slides portion of this training may be accomplished as a one-on-one briefing, via (using read receipts) or as a mass briefing, e.g., given during commander's call or other training venues Annual IP Security Refresher and Continuing Security Education Training. This requirement is fulfilled using the same method as outlined for initial training. Continuing education/annual refresher training may be combined by providing unit members the IPO slide briefing on a semiannual (or more frequent) basis. If this is done, it fulfills the minimum continuing education training requirement, to include CUI refresher training.

66 66 MINOTAFBI MARCH The unit must address the method/plan for tracking of continuous and annual refresher training in the unit IP operating instruction (OI) If the 5 BW/IP slides are used to fulfill both continuous and annual refresher training the USM, as a minimum, must be able to show how/when the training is distributed to unit personnel and that personnel completed the training. The USM must also check periodically (recommended at least quarterly) with the unit training manager to ensure unit members have completed the required ADLS training If the unit accomplishes continuous education training using a method other than the IPO slides the training plan must also be documented in the unit IP OI and reviewed by the IPO Contractors with access to classified/cui must be integrated into the unit IP training program. Although the USM is responsible for ensuring assigned contractors comply with IP training requirements; the actual training may be conducted by the contractor, USM, or other training personnel Additional IP-related Training. If the unit commander determines additional IP training is required (e.g., unit has alarms, controlled area, etc.) those requirements must also be addressed in the unit IP OI, and the USM must ensure the lesson plan is reviewed by the IPO Pre-Deployment Training. The USM will ensure pre-deployment enhanced security training is conducted prior to personnel deploying in support of operational contingencies IAW DoDM , Volume 3, Enclosure 5, 4. As a minimum, members will receive refresher training on how to handle/protect US collateral in an environment where foreign allies are present; requirements for use of NATO material; handling/protecting foreign government information; and rules for sharing US information with allies Documenting/Tracking IP Training. Initial IP training should be completed within 90 days of arrival for both cleared and uncleared personnel; but MUST be completed prior to access to classified or CUI (in the case of uncleared personnel). The USM must be able to provide proof showing when training was accomplished by specific individuals, to include date completed. Also: Record initial IP training for cleared personnel in the "non-sci Indoctrination" section of the JPAS ONLY after all required training is completed Computer based tracking systems, sign-in rosters from commander's calls/roll call training or read receipts are acceptable methods of tracking local IP training, such as annual refresher/continuous education or initial completion of training by uncleared personnel Derivative Training. The IPO provides oversight for this training, but unit commanders identify unit derivative classifiers IAW DoDM , V3 and AFI This is done by submitting a derivative classifier listing to the CIP with a copy maintained in the USM binder. Derivative classifiers must complete the training noted below prior to being appointed (i.e. being added to the unit letter). Failure to complete refresher training will result in the member being removed from the unit derivative letter. The USM will maintain copies of training records and provide them upon request.

67 MINOTAFBI MARCH Appointing Derivative Classifiers. Commanders will not add derivative classifiers to the unit consolidated letter until the USM validates the required training is complete. These letters are used to ensure only authorized and properly trained personnel make derivative decisions. Any unit specific procedures concerning derivative classification will be outlined in the unit s IP operating instruction Initial Derivative Classifier Training: Consists of completing the Defense Security Service (DSS) Derivative Classification and Marking Classified Information web based courses located at which meets the requirements outlined in of DoDM , Volume 3, Enclosure Refresher Derivative Classifier Training. Once every two years derivative classifiers will accomplish the initial or derivative refresher training provided on the DSS site. The IPO staff provides oversight on this by validating the training currency of the unit s derivative classifiers during annual reviews. The Marking Classified Information course is a one-time requirement and is not required for the derivative refresher training SIPRNET Access. All SIPRNET users are inherently derivative classifiers and the USM will validate required training is completed prior to completing Block 27 of the AF Form 2875 and to ensure all SIPRNET users complete NATO training and are indoctrinated to NATO in JPAS Combining Related Security Disciplines with IP Training. Annual IP training may be combined with other related security disciplines, such as Sensitive Compartmented Information (SCI), alarm operations, controlled area, Operations Security (OPSEC), Force Protection, etc Responsibilities for Combined Training. Although combining these types of training with IP training may be useful, the IPO staff and USMs are not responsible for developing, conducting or tracking any of non-ip training Review of Material. If a combined security approach is used, the USM must ensure all IP slides are still presented for refresher/continuing training to meet the minimum objectives outlined in DoDM , Volume 3, Enclosure 5, DoD R and AFI Deviations will be reviewed by the IPO IP Office Training Responsibilities. The IPO staff provides oversight and assists units, as requested, in developing localized training. Additionally: USM Training. As outlined in DoDM , V1 and V3, USMs are security professionals when performing their duties. Commanders should consider setting aside funding for USMs to attend in-residence DSS courses specifically designed for security professionals. As a minimum, USMs will complete the designated on line DSS courses identified by 5 BW/IP (listed on IP training tracker) within 60 days of appointment and then the initial USM course conducted by the IPO. The USM training includes any training needed to act as CUI managers One-on-One Training. One-on-one training from the IPO staff may be requested by the unit commander, however; due to amount of time required to conduct the class for one person, this option is only used during extraordinary situations and is approved by the CIP on a case-by-case basis

68 68 MINOTAFBI MARCH Documentation of USM Training. All USMs receive a certificate of completion from the IPO staff upon completion of initial USM training. A copy of this certificate will also be maintained by the IPO. The USM is responsible for ensuring this training is documented in the appropriate records (e.g., AF Form 1098, posting a copy in their records, etc.) Unqualified USMs. Failure of the USM to accomplish the required DSS courses will result in the CIP sending the unit commander an unqualified for USM duty notification. If the USM fails to qualify for duty, the unit commander will replace the USM with a new USM Other Specialized Training. The IPO is available to assist units in developing unit specific localized IP training plans, on request. The USM will ensure the IPO coordinates on any localized IP training plans (e.g., container custodian training, derivative training, etc.) The USM Recognition Program. The IPO staff uses the following procedures to recognize USMs who consistently exceed standards USM of the Month. The IPO staff selects the USM with the least PSI submission errors for the USM of the Month. If multiple USMs tie for the least PSI errors, other factors are considered to break the tie (i.e., least PR finds, assistance rendered etc.) USM of the Quarter/Year. The USM of the quarter is selected from the monthly winners and the annual winner is selected from quarterly winners. The criteria for quarterly/annual winners is the same as monthly winners, but includes any data over the period under consideration (e.g., quarter/year).

69 MINOTAFBI MARCH Chapter 12 SECURITY INCIDENTS General Information. At MAFB, IP security incidents are termed Classified Security Incidents to reduce confusion with Security Forces term Security Incidents which deal with potentially unauthorized actions in controlled or restricted areas. All personnel will comply with DoDM , Volume 3, Enclosure 6 and AFI , Chapter 7 when accomplishing requirements for actual/potential compromises of classified information. If possible, report classified security incidents using secure communications. As a minimum, encrypt NIPRNET e- mails used to notify IP of an incident Conducting Incidents Reports. The commander or staff agency chief having control of the individual(s) involved will act as the appointing official (AO) for the inquiry or investigating official (IO). If the individual who would normally act as the appointing official is involved in the incident, the next level of command will act as the AO. The report goes directly from the IO to the CIP and will not to be routed through unit channels prior to CIP/JA review Time Limits. The AO will ensure the IO is appointed within 2-duty days of the notification. The required briefings by IP and the 5 BW Legal Office (JA) should also be completed within this timeframe The initial suspense will be established by the IP Office and will be within 10 duty days of the incident being reported The CIP may grant up to a 10-day extension, on a case-by-case basis. If the IO is prevented or delayed from accomplishing the report for an extended period (e.g., 5 or more consecutive days) the AO should consider reassigning the inquiry to a new official Report Format. The IO will use the report format provided by 5 BW/IPI when completing IO reports. Failure to use this format will result in the report being rejected. Mark and handle on the IO report, at a minimum, as FOUO Statements. Formal statements (i.e., AF Form 1168, Statement of Suspect, Witness, Complainant) are not mandatory for inquiries, but will be used if report is part of an investigation When conducting an inquiry, the IO may quote personnel within the body of the IO report, and collect statements using a memorandum format via or using the AF Form COMSEC Related Incidents. When a security incident involves COMSEC material, the USM will ensure both 5 CS/SCXSC and 5 BW/IPI are notified. The circumstances and specific information surrounding the incident may be classified, so report these incidents via secure means Termination of one portion of a joint COMSEC/IP incident does not automatically terminate the other portion. For example, an incident may be deemed as not a COMSEC incident, but still be treated as an IP classified security incident (and vice versa).

70 70 MINOTAFBI MARCH Inquiry/Investigating Officials. Use AFI , para as a guideline for selecting inquiry or investigating officials (IOs). Specifically: The IO must be objective and unbiased, and not in the direct chain of command of those being investigated The IO must be of sufficient experience, maturity and have sound judgement and not be less in rank or grade than the person(s) involved with the incident In order to meet the intent of above, as a minimum, IOs must be an officer, MSgt, GS-9 or above Incidents with Electronic Devices in Classified Processing Areas. Electronics in classified processing areas represent an extraordinary threat to security, see paragraph 6.4. of this instruction for specific actions Classified Information System Incidents. If classified information is improperly transmitted over unapproved systems, follow the procedures outlined in paragraph 6.6 of this instruction Closing Incidents. The AO will close incidents with a memorandum validating corrective actions have been completed or stating they non-concur with the findings Actions if an AO Non-Concurs. An appointing official may challenge all or part of the findings/conclusions, but must provide specific reasons in the memorandum. In no case will the IO be required to revise their findings If the non-concur is reviewed by the CIP and 5 BW/JA and they continue to support the IO's findings/conclusions, the report will be returned to the AO for reconsideration of the original findings If the AO still non-concurs a second review will be completed with the entire package being reviewed by the next level of command for final resolution.

71 MINOTAFBI MARCH Chapter 13 INSIDER THREAT PROGRAM Purpose. This Air Force Insider Threat Program (InTP) is implemented through this instruction, as a part of the overall AF SE, IAW AFPD and AFI It is: The InTP Concept. The InTP is implemented through and managed in conjunction with the AF SE program. InTP requirements are integrated into existing programs and specific training is provided for portions of AF SE through IP annual training and including specific InTP and continuous evaluation topics. The InTP program ensures: AF personnel are continuously evaluated using enhanced technical capabilities to monitor and audit user activity on information systems Leveraging the AF SE portfolios associated with Information, Industrial, and Personnel Security to improve existing installation insider threat detection and taking actions to mitigate noted deficiencies By integrating and standardizing processes and procedures across the AF SE to help detect, mitigate and respond to insider threats, while ensuring civil liberties and privacy rights are safeguarded InTP Governance. The key directives for the InTP are DoDI , AFPD and AFI which require an AF Insider Threat Working Group (InTWG) be established. This function is primarily accomplished by the AT Working Group (ATWG) through the MAFB Intelligence Fusion Cell (IFC). If specific InTP deliberation is needed the IFC will notify either the ATWG managers or ISAG chairman and request the group be formed under their charters. The MAFB ISAG and ATWG coordinate with MAFB Intelligence Community (IC) via the assigned members to ensure policy items are addressed InTP Objectives. In general, the InTWG functions of identifying strategic goals, approving program implementations, integrating policy and procedures, and developing prioritized resource recommendations is accomplished through the normal course of the ATWG and ISAG meetings then forwarded to leadership for approval. The overarching goal of the MAFB InTP is to mitigate the threat represented by insiders through the following objectives: Network monitoring and auditing. This InTP function is accomplished through mandated AF Cyber Security actions. Emerging cyber-threats and risks are also discussed in the ISAG and forwarded to affected agencies, as needed Information Sharing. The MAFB InTP community of SMEs includes, but is not limited to; AFOSI, Force Protection, Security Forces Investigations, Cyber Security, the IFC members and the IPO Physical Security. This objective is accomplished through on-site reviews conducted by IP, Resource Protection and the Wing Cyber Security Office. The goal is to prevent physical access to information. The executive groups provide any needed local guidance in their publications and MAFB commanders ensure mandated security controls are in place and verify unit members routinely use them to protect assets (i.e., information, people and/or equipment).

72 72 MINOTAFBI MARCH Training and Awareness. This objective is accomplished by incorporating InTP principles into already existing security training (e.g., IP initial/refresher training) to ensure all members are trained and aware of insider threat principles and reporting responsibilities Insider Threat Reporting and Response. This goal is met through existing reporting procedures and the noted training. Response to specifically identified threats will be assessed by the IFC, who will forward information to agencies affected or which need to take specific actions (e.g., AFOSI CI, Personnel Security, unit commanders, etc.) Responsibilities. The responsibilities and duties of the MAFB InTP program are outlined in the guidance of the various insider threat agencies. The IPO responsibilities are essentially the same as those outlined in chapter 1 of this instruction. Additionally: Oversight. The 5 BW/CV has general oversight for the MAFB InTP and executes this oversight through this instruction to ensure the following actions: Development of policy and checklists to provide needed compliance and management oversight for the MAFB InTP. This is accomplished primarily through this instruction Identifying and coordinating recommend courses of actions to senior leaders, as needed. This will be accomplished through the Integrated Defense Council (IDC) or the ISAG, as necessary. The IFC will forward any needed guidance changes to the appropriate executive group Coordinating and integrating needed local policy changes which result from changes to the DoD or AF InTP. This is done through the appropriate executive group Written procedures are established, as needed. This instruction serves as the base for the written guidance, however; specific agencies may need to develop agency specific guidance on insider threat response IDC. The IDC is responsible for most traditional security responses to identified insider threat risks. Where the threat is primarily to information assets or crosses multiple functional organizations, the IDC should refer the issue to the ISAG Installation Security Advisory Group. The ISAG is a cross-functional security group which is responsible for non-traditional security issues to information assets. They require notification of potential derogatory information discovered as the result of insider threat reviews to be sent to the personnel security office to ensure commanders are notified of the need to review members for security information files (SIFs) Intelligence Fusion Cell. This group is the primary agency which receives insider threat warning information. The AFOSI CI section is the primary action agency for the IFC. When information is received by members of the IFC they will: Ensure appropriate CI agencies are notified. Other security agencies will be notified, as authorized, once active investigations are concluded. Ensure the personnel security office is notified when final reports of investigations are sent to commanders to ensure proper SIF notifications are also provided Ensure notifications are made in a timely manner to potentially impacted security agencies to ensure danger from insider activity is mitigated. These notifications

73 MINOTAFBI MARCH are primarily accomplished through the MAFB IFC, with AFOSI CI acting as the lead for determining whether information may be released Ensure information reviewed is forwarded to appropriate security agencies to ensure all mitigation actions needed are accomplished. If AFOSI CI or 5 SFS Investigations are notified of unauthorized or criminal activity involving classified information, they will notify personnel security, so long as the notification does not jeopardize any on-going investigation. Additionally, once on-going investigations are completed, they will notify personnel security when the commander receives the report.

74 74 MINOTAFBI MARCH 2017 Chapter 14 COMMON ACCESS CARD (CAC) FOR UNCLEARED PERSONNEL Policy And Program Management. This chapter establishes guidance for issuance of a CAC to uncleared contractor or volunteer personnel in accordance with HSPD-12, DoDM , V1, DoDI and DoD R and implements the Trusted Associate Sponsorship System (TASS). The 5 BW Commander appoints the 5 MSG/CC as the Service Point of Contact (SPOC) to manage and oversee the TASS process. This responsibility may be delegated no lower than the 5 MSG/CD Duties and Responsibilities. The SPOC implements the MAFB TASS program on behalf of the 5 BW Commander through the TASS Security Manager (TASM). Tenant units must comply with MAFB TASS program requirements or 5 FSS will deny the issue of a CAC to the uncleared personnel SPOC. The SPOC provides the guidance required in DoDM , V1 through this instruction. Issuance of a CAC to uncleared contractors is requested, documented and tracked through TASS The SPOC will ensure the appropriate MICT/CCIP checklist is loaded against their MICT/CCIP program to ensure the compliance during self and IG assessments The SPOC appoints 5 CONS to provide a primary and at least one assistant TASM from 5 CONS, in writing, to manage TASS TASM. The TASM manages and monitors requests and issuance of CACs through TASS. They are also responsible to ensure unit trusted associates (TAs) are properly identified and trained IAW DoDM , V1. The training material provided by the DoD TASS program manager will be used to comply with any required training The primary TASM will ensure the appropriate MICT/CCIP checklist is loaded against their MICT/CCIP program to ensure the compliance during self and IG assessments The TASM will maintain a continuity book which has copies of the noted checklists, a listing of all current TAs (contact information, training completion dates), TA appointment letters and copies of SPOC and TASM training certificates TAs. Unit commander requiring contractor support will appoint a primary TA, in writing, with a copy of the appointment letter provided to the TASM. The commander should consider appointing at least one assistant, but must do so if the primary TA s uncleared contractor population is 90 or more. The TA is the most critical part to the TASS program and it is imperative for them to be fully trained and comply with all duties noted below. The commander and unit TA will ensure the appropriate MICT/CCIP checklist is loaded against their MICT/CCIP program to ensure the compliance during self and IG assessments Commanders are highly encouraged to use their the unit security managers (USM) to act as TAs. This is due to the fact USMs are already familiar with PSI requirements and have access to the Joint Personnel Adjudication System (JPAS), which

75 MINOTAFBI MARCH can show if an individual already has a cleared PSI, alleviating the need to submit a new PSI. The TA will use the checklist at Attachment 8 as a guide to help when requesting PSIs for contractors If the TA is not the USM, the TA MUST specifically verify with the USM whether or not an applicant already has a suitable PSI for CAC issuance If a contractor must be submitted for a PSI, the TA will ensure the USM makes the needed e-qip request. DO NOT approve the individual for a CAC in TASS until the USM confirms the NACI is returned as favorable. If an interim CAC is needed, see paragraph for requirements The Primary TA will maintain a continuity book which has copies of the noted checklists, a list of all current contractors issued CACs, a copy of their commander appointment letter, copies of completed Contractor CAC Issue Checklist for current contractors and a copy of the TA training certificate for themselves and any assistant TAs Failure to properly execute TA duties/responsibilities may be considered abuse of computer systems and/or purposeful violation of security requirements and may result in loss of access to the network and/or classified information Actions Required by the TA. The unit TA will ensure the following actions are accomplished in regards to their unit TASS program: Validate the contractor has a requirement for CAC issue against the PWS and run the checklist at attachment 8 to ensure all actions are accomplished Verify contractor has continued affiliation every 180 days Ensure contractor CACs are revoked in TASS upon termination of affiliation of the contractor or contract Retrieve CACs upon contractor or contract termination Human Resource (HR) Offices. The HR for MAFB resides in the Civilian Personnel Office (CPO) and Nonappropriated Funds (NAF). They will use the already established procedures outlined in chapter 4 above for submitting, monitoring and tracking uncleared federal government employees Requirements for PSI. Anyone requiring long-term (6 months or more) access to the installation, an installation facility or the local area network (LAN) is required to have, as a minimum, a NACI. This includes APF, NAF, contractors or volunteers (who require installation entry or LAN access). If there is a conflict between this instruction and a 31-series AFI, the AFI will take precedence Other PSIs. If an individual does not require LAN access, and already has a valid form of identification for installation entry (e.g., Dependent ID card), they do NOT require the NACI The MAFB 5 BW/IP Personnel Security (PS) office will process e-qips for any needed PSIs. See Chapter 4 for requirements.

76 76 MINOTAFBI MARCH The system of record for uncleared access PSIs is the Central Verification System (CVS). The JPAS may be used to validate whether a member has a previous cleared PSI, but is not used to track uncleared cases and does not show status of uncleared PSIs Issuing Interim CACs. An interim CAC may be approved by the sponsoring unit commander prior to completion of the NACI ONLY if the FBI fingerprint check has been returned to OPM without derogatory information If the TA is not the USM, the TA will contact the USM if they need assistance in determining status of the NACI or to get an update on the FBI fingerprint checks for consideration of an interim CAC. They will NOT make direct contact to 5 BW/IP, AFGSC/IP, AF, DoD or OPM directly Volunteer Logical Access Credential (VoLAC) Program Policy and Program Management. The VoLAC card has a DoD Public Key Infrastructure (PKI) chip which allows access government computers/networks through a PKI reader. The Airman and Family Readiness Center (5 FSS/AFRC) is the owning agency for this program and will ensure any required program changes are properly coordinated through all affected supporting agencies (i.e., 5 BW/IP, 5 CS and 5 FSS). The VoLAC program intended is solely for permitting authorized volunteers access to DoD computers/networks. It is not: A CAC and does not display a photograph; does not convey benefits, entitlements or privileges Intended to be used in lieu of a CAC to grant entry to the installation or facilities Issued to allow access from non-dod or home computers; other methods are available if this type of access is needed Eligibility for VoLAC. The basic instructions in DoDI clearly outline when these cards may be issued and is used to determine eligibility. Some examples include, but are not limited to medical related services, family support, child care, morale, welfare and recreation, retired activities, student/medical interns. The sponsoring agency makes the initial determination and requests access through the AFRC representative. The key determining factor is whether the individual needs access to government computers to perform duties. Once it is determined a volunteer needs access use the following criteria to issue the volunteer a VoLAC card Verify the volunteer is a US citizen and sponsored by a MAFB agency. If either of these criteria cannot be met, the individual may not participate in the VoLAC program The volunteer must complete a DD Form 2793, Volunteer Agreement for Appropriated Fund Activities and Nonappropriated Fund Instrumentalities. If the volunteer fails to complete the form, they may not participate in the VoLAC program. Note: Interns are not required to complete a DD Form The volunteer must agree to the submission of a NACI background check and have a favorable FBI National Criminal Fingerprint History check completed prior to

77 MINOTAFBI MARCH computer/network access being granted. This includes allowing a photograph and fingerprints being stored in Defense Enrollment Eligibility Reporting System (DEERS). Any derogatory information uncovered or an unfavorable NACI may result in rejection from the VoLAC program and loss of computer access, if already granted The Sponsoring agency requests VoLAC for volunteers through the A&FRC. The A&FRC verifies computer access is required to perform duties The sponsoring unit TASS TA will complete the TASS actions so the volunteer may be enrolled in the DEERS Once the required background check and TASS application are complete, the volunteer will be entered into the Real-time Automated Personnel Identification System (RAPIDS) by the 5 FSS RAPIDS office Duties and Responsibilities. The PKI credentials will be confirmed and updated using TASS. The agencies listed below are responsible for the actions noted The A&FRC is the primary action office for the VoLAC program and is responsible for: Verifying volunteer eligibility IAW DoDI and assisting the sponsoring unit in developing a PD outlining duties to be performed. Ensuring completion of the DD Form 2793, if required The sponsoring commander appoints a unit point of contact to develop a PD for the duties to be performed. The PD should be clear on the need for network access The unit network administrator will process the request for network access once the CVS system is updated The USM will verify security clearance information in JPAS and initiate any required background investigations as noted in paragraph above. The USM is responsible to verify NACI has been submitted through JPAS and to monitor JPAS for system updates The 5 BW/IPP office will create/review/submit NACI investigation through e-qip account when the unit request is made, verify FBI Fingerprint Background check is Favorable through CASPR and monitor JPAS for system updates The Unit TASS TA will update the TASS application, perform reverification and subsequent termination, when required. The TA will return credential to a RAPIDS ID Card issuance facility for disposition The 5 FSS RAPIDS issuance facility will verify record is in DEERS, as required, including capture photo and fingerprints and issue the actual VoLAC card A VoLAC may not be retained for personal reasons upon expiration or when affiliation of volunteer has been terminated. It is government property and must be returned to the government when no longer required.

78 78 MINOTAFBI MARCH Network Access Suspension.: See chapter 4.8. for actions to take if network access must be suspended. MATTHEW R. BROOKS, Colonel, USAF Commander, 5th Bomb Wing

79 MINOTAFBI MARCH References Attachment 1 GLOSSARY OF REFERENCES AND SUPPORTING INFORMATION DoD Directive , Management of Defense Security Enterprise, 24 April 2013 DoDI , DoD Information Security Program and Protection of Sensitive Compartmented Information, 9 October 2008, IC1 13 Jun 2011 DoDI , Personnel Security Program, 21 March 2014 DoDI , Cyber Security, 14 March 2014 DoDM , V1, DoD ID Cards, 23 January 2014; DoDM , Volumes 1-4, DOD Information Security Program Regulation, 24 February 2012 DoDM , Industrial Security Program/NISPOM, 4 Dec 85, Change 1 28 March 2013 DoD R, Personnel Security Program, 1 January 1987, Change 3, 23 February 1996 DoD Directive , Security of DOD Installations and Resources, 25 April 1991 AFPD 10-7, Information Operations, 4 August 2014 AFPD 16-14, Security Enterprise Governance, 24 July 2014 AFPD 33-3, Information Management, 8 September 2011; AFPD 35-1, Public Affairs Management;28 September AFI , Information Security Program, 29 May 2016 AFI , Industrial Security Program, 26 August 2015 AFI , Personnel Security Program, 27 January 2005 AFI , Child and Youth Programs, 2 March 2016 AFI , The Air Force Inspection System, 21 April 2015 Prescribed Forms None Adopted Forms AF Form 2583, Request for Personnel Security Action AF Form 2587, Security Termination Statement DD Form 254, Department of Defense Contract Security Classification Specification Optional Form 89, Maintenance Record for Security Containers/Vault Doors SF 311, Agency Security Classification Management Program Data SF 312, Classified Information Nondisclosure Agreement

80 80 MINOTAFBI MARCH 2017 SF 700, Security Container information SF 701, Activity Security Checklist SF 702, Security Container Check Sheet Abbreviations and Acronyms: AAFES Army Air Force Exchange Services AFB Air Force Base AFMAN Air Force Manual AFNET Air Force Network AFOSI Air Force Office of Special Investigations AFI Air Force Instruction AFRIMS AF Records Information Management System AF SE AF Security Enterprise AFTO Air Force Technical Order AIS Automated Information Systems AO Appointing Official ASM Assistant Security Manager ATWG AT Working Group AWOL Absent Without Leave BPA Blanket Purchase Agreement CAC Common Access Card CCIP Commander s Inspection Program CE Civil Engineering CFP Communications Focal Point CI Counterintelligence CIK Crypto Ignition Key CIP Chief, Information Protection CMI Classified Message Incident CNWDI Critical Nuclear Weapons Design Information COMSEC Communications Security COMPUSEC Computer Security CP Command Post CPA Classified Processing Area

81 MINOTAFBI MARCH CPO Civilian Personnel Office CSL Cyber Security Liaison CUI Controlled Unclassified Information CVS Clearance Verification System DAPS Defense Automation Printing Service DCID Director of Central Intelligence Directives DEERS Defense Enrollment Eligibility Reporting System DoE Department of Energy DoD Department of Defense DoDI Department of Defense Instruction DSS Defense Security Service EAL Entry Authority List EFB Electronic Flight Bag EO Executive Order e-qip Electronic Questionnaires for Investigations Processing FOIA Freedom of Information Act FOUO For Official Use Only FPWG Force Protection Working Group FRC Family Readiness Center FRD Formerly Restricted Data HHQ Higher Headquarters HR Human Resource IAW In Accordance With IC Intelligence Community ICD Intelligence Community Directives ID Identification IDC Integrated Defense Council IFC Intelligence Fusion Cell IG Inspector General INDSEC Industrial Security INFOSEC Information Security INPM Installation NC2-ESI Program Manager

82 82 MINOTAFBI MARCH 2017 InTP Insider Threat Program InTWG Insider Threat Working Group IO Inquiry/Investigating Official IP Information Protection IPO Information Protection Office IS Information System ISAG Installation Security Advisory Group ISOO Information Security Oversight Office JA Legal Office JPAS Joint Personnel Adjudication System KCCC Keys and Codes Control Center NTK need-to-know LAN Local Area Network LO5 Classified Receiver Listing MAFB Minot Air Force Base MAJCOM Major Command MICT Management Information Communicator Toolkit MFD Multi-Function Device MRC Missile Response Cell MSC Missile Security Control NACI National Agency Check with Written Inquires NACLC National Agency Check, Local Agency Check and Credit Check NAF Nonappropriated Funds NATO North Atlantic Treaty Organization NC2 Nuclear Command and Control NCC Network Control Center NdA Non-disclosure Agreement NLT Not Later Than NPM NC2 Program Manager NSA National Security Agency OCA Original Classification Authority OD Open Discussion

83 MINOTAFBI MARCH OI Operating Instruction OPM Office of Personnel Management OPR Office of Primary Responsibility OPSEC Operations Security OS Open Storage PD Performance Document PDA Personal Data Assistants PKI Key Infrastructure POV Personally Owned Vehicle PRP Personnel Reliability Program PR Program Review PS Personnel Security PSI Personnel Security Investigations PSM Program Security Manager PSM-net Personnel Security Management Network PWS Performance Work Statement RAPIDS Real-time Automated Personnel Identification System RD Restricted Data RDS Records Disposition Schedule RP Resource Protection SA Self-assessment SAO Senior Agency Official SAR Security Access Requirement SAP Special Access Program SCI Sensitive Compartmented Information SCG Security Classification Guide SECDEF Secretary of Defense SIF Security Information File SIPRNet Secure Internet Protocol Network SIP Special Information Program SM Security Manager SME Subject Matter Expert

84 84 MINOTAFBI MARCH 2017 SOW Statement of Work SPAN Sharing Peripherals Across the Network SPOC Service Point of Contact STIG Security Technical Installation Guide SPR Special Program Review SF Security Forces SSAN Social Security Account Number SSO Special Security Officer STE Secure Telephone Equipment TA Trusted Associate TASM TASS Security Manager TASS Trusted Associate Sponsorship System TDY Temporary Duty TS Top Secret TSCA Top Secret Control Assistant TSCO Top Secret Control Officer TSCP Top Secret Control Program UCNI Unclassified Controlled Nuclear Information UMD Unit Manning Document US United States USM Unit Security Manager USAF United States Air Force VG Visitor Group VGSA Visitor Group Security Agreement VoLAC Volunteer Logical Access Credential VR Visit Request WCO Wing Cyber Security Office WG Working Group WNPM Wing NPM WRB Work-order Review Board

85 MINOTAFBI MARCH Attachment 2 SAMPLE MEMORANDUM FOR APPOINTMENT OF SECURITY MANAGER A2.1. Sample Memorandum For Appointment Of Security Manager

86 86 MINOTAFBI MARCH 2017

87 MINOTAFBI MARCH A3.1. Sample Appointment Letter Attachment 3 SAMPLE APPOINTMENT LETTER