Balancing Requirements

Similar documents
Q-53 Security Training: Transmitting and Transporting Classified Information, Part I

From: Commanding Officer/Leader, United States Navy Band

August Initial Security Briefing Job Aid

Defense Security Service DELIVER! A Pamphlet On. How to Transmit and Transport Your Classified Materials. Prepared by

SECURITY OF CLASSIFIED MATERIALS W130119XQ STUDENT HANDOUT

COMMUNICATIONS SECURITY MONITORING OF NAVY TELECOMMUNICATIONS AND INFORMATION TECHNOLOGY SYSTEMS

SECURITY OF CLASSIFIED MATERIALS B STUDENT HANDOUT

Procedural Guidance for Conducting DoD Classified Conferences

TECHNICAL SURVEILLANCE COUNTERMEASURES PROGRAM

Subj: CHIEF OF NAVAL AIR TRAINING ANTITERRORISM PLAN

Revised Mar Standard Practice Procedures For Security Services. George Mason University 4400 University Drive, MSN 6D4, Fairfax, Virginia 22030

United States District Court

GAO INDUSTRIAL SECURITY. DOD Cannot Provide Adequate Assurances That Its Oversight Ensures the Protection of Classified Information

805A-36A-6162 Ensure the Physical Security Compliance of a Disbursing Office Status: Approved

Subj: DEPARTMENT OF THE NAVY (DON) INFORMATION SECURITY PROGRAM (ISP) INSTRUCTION

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, DC

Department of Defense DIRECTIVE

cc FORRESTAL DRIVE

Overview of Physical Security and Protective Measures

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

Subj: COMMUNICATIONS SECURITY (COMSEC) MONITORING OF NAVY TELECOMMUNICATIONS AND AUTOMATED INFORMATION SYSTEMS (AIS)

CHANGES TO THE NAVY DIRECTIVES PROGRAM FOR ECHELON 2 DIRECTIVES CONTROL POINTS AND MANAGERS

Industrial Security Program

Self-Inspection Handbook for NISP Contractors

Student Guide - DSS Annual Security Awareness Training

il~l IL 20 I I11 AD-A February 20, DIRECTIVE Department of Defense

DEPARTMENT OF DEFENSE MANUAL V3_AIR FORCE MANUAL16-703V3 BY ORDER OF THE SECRETARY OF THE AIR FORCE 31 DECEMBER. Operations Support

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

PRIVACY IMPACT ASSESSMENT (PIA) For the

Department of Defense DIRECTIVE

Export-Controlled Technology at Contractor, University, and Federally Funded Research and Development Center Facilities (D )

School Safety Audit Checklist

Course No. S-3C-001 Exercise Guide Lesson Topic 8.2 ASSIGNMENT SHEET 8.2. Security Incidents Team Exercise

Department of Defense INSTRUCTION

Department of the Army TRADOC Memorandum Headquarters, United States Army Training and Doctrine Command Fort Eustis, Virginia

INTELLIGENCE COMMUNITY STANDARD NUMBER 705-1

BY ORDER OF THE SECRETARY OF THE AIR FORCE AIR FORCE HEADQUARTERS OPERATING INSTRUCTION APRIL Security

PRIVACY IMPACT ASSESSMENT (PIA) For the

Department of Defense DIRECTIVE

Initial Security Briefing

FLORIDA DEPARTMENT OF JUVENILE JUSTICE POLICIES AND PROCEDURES

DEPARTMENT OF THE NAVY INSIDER THREAT PROGRAM. (1) References (2) DON Insider Threat Program Senior Executive Board (DON ITP SEB) (3) Responsibilities

United States Department of Agriculture. Office of the Chief Information Officer DN

This publication is available digitally on the AFDPO WWW site at:

This regulation explains general procedures for handling tests in Civil Air Patrol (CAP).

Overview of Electronic Security Systems

City of Waterbury Safety & Security Assessment

Safety and Security. Last Updated: November Begin

NATO SECURITY INDOCTRINATION

SYNOPSIS of an INDUSTRIAL SECURITY MANUAL

Commanding Officer, Marine Corps Air Station, Cherry Point Distribution List

Question Distractors References Linked Competency

Department of Homeland Security Management Directives System MD Number: Issue Date: 06/29/2004 PORTABLE ELECTRONIC DEVICES IN SCI FACILITIES

DEPARTMENT OF THE NAVY UNITED STA TES NAVAL ACADEMY 121 BLAKE ROAD ANNAPOLIS, MARYLAND

APPENDIX N. GENERIC DOCUMENT TEMPLATE, DISTRIBUTION STATEMENTS AND DOCUMENT DATA SHEET and THE IMPORTANCE OF MARKING DOCUMENTS

REPORT ON COST ESTIMATES FOR SECURITY CLASSIFICATION ACTIVITIES FOR 2005

Recommendations Table

DETAILED INSPECTION CHECKLIST

Duties of a Principal

Planning Terrorism Counteraction ANTITERRORISM

HIPAA Training

ADMINISTRATIVE INSTRUCTION

Naval Security Enterprise Newsletter

Student Guide: Controlled Unclassified Information

OPNAVINST J DNS-H Mar

PRIVACY IMPACT ASSESSMENT (PIA) For the

Student Guide Course: Original Classification

OVERLOOK SYSTEMS TECHNOLOGIES, INC. Standard Practice Procedure

Department of Defense DIRECTIVE. DoD Executive Agent (EA) for the DoD Cyber Crime Center (DC3)

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

PREPARATION OF A DD FORM 254 FOR SUBCONTRACTING. Cal Stewart ISP

For Security Professionals in the Combat Environment. October 2012

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, D,C,

COMPLIANCE AND IMPLEMENTATION OF THE TREATY ON OPEN SKIES

Question Distractors References Linked Competency

PRIVACY IMPACT ASSESSMENT (PIA) For the

Identification and Protection of Unclassified Controlled Nuclear Information

Attachment J NAVSEA Combined Post Orders and SOP. Table of Contents

INFORMATION ASSURANCE DIRECTORATE

REPORT DOCUMENTATION PAGE 1. AGENCY USE ONLY 2. REPORT DATE 3. REPORT TYPE & DATE (leave blank)

The DD254 & You (SBIR)

Department of Defense INSTRUCTION. SUBJECT: Security of Unclassified DoD Information on Non-DoD Information Systems

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

STATEMENT OF WORK FOR OIL WATER SEPARATOR CLEANING AT VARIOUS LOCATIONS ON SCOTT AFB (SAFB) 01 OCT SEP 17 GENERAL REQUIREMENTS

SUMMARY FOR CONFORMING CHANGE #1 TO DoDM , National Industrial Security Program Operating Manual (NISPOM)

Adopted: MSBA/MASA Model Policy 806 Orig Revised: Rev CRISIS MANAGEMENT POLICY

PHILADLEPHIA POLICE DEPARTMENT DIRECTIVE 4.6

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

HEALTH AND SAFETY PROGRAM 103 PLANT ENTRY REQUIREMENTS

PRIVACY IMPACT ASSESSMENT (PIA) For the. Navy Standard Integrated Personnel System (NSIPS)

WIRBinar. How to Survive an FDA Inspection. Upcoming Trainings: Contact Us: (360)

SUBJECT: Directive-Type Memorandum (DTM) Law Enforcement Reporting of Suspicious Activity

Student Guide: North Atlantic Treaty Organization

State of North Carolina Department of Correction Division of Prisons

MERIT PROMOTION OPPORTUNITY ANNOUNCEMENT Announcement # MP Title, Series, Ship Communications Officer WM

UNITED STATES MARINE CORPS INFORMATION AND PERSONNEL SECURITY PROGRAM MANUAL (SHORT TITLE: MARINE CORPS IPSP)

Security Management Plan

Guest Relations for Students

Management of Assaultive Behavior Workplace Violence in the Hospital

Encl: (1) References (2) Department of the Navy Security Enterprise Governance (3) Senior Director for Security (4) Definitions (5) Responsibilities

Transcription:

REFERENCES LESSON TOPIC 5.5 Safeguarding SECNAV M-5510.36, Chapters 7 and 10 OPNAVINST 5530.14E, Physical Security and Loss Prevention SECNAVINST 5430.107, Mission and Functions of the Naval Criminal Investigative Service SECNAVINST 3850.4, DON Technical Surveillance Countermeasures (TSCM) Program LESSON A. Basic Policy (ISP 7-1) 1. Classified information will be processed: In secure facilities; on accredited IT systems; and under conditions which prevent unauthorized persons from gaining access to it to include properly security it when not under direct control of cleared individual 2. Commands must carefully balance need for operational efficiency and cost of exceeding minimum security requirements (see figure 5.5-1) Balancing Requirements Exceeding Minimum Security Requirements Cost Command Mission Available Manpower Operating Efficiency Figure 5.5-1 Balancing requirements 12-9 5-5-1

3. Ensure that controlled unclassified information (CUI) is safeguarded from unauthorized access by the public. Take measures to protect IT systems which store, process, and transmit such information from unauthorized access 4. Classified information is the property of the U.S. government and not personal property 5. Responsibilities for safeguarding - Anyone in possession of classified information must safeguard it at all times and secure it when not in use or under direct supervision of authorized persons - Custodian Responsibilities: Ensure no unauthorized persons gain access, need-to-know established before releasing, obtain command approval before removing from designated area, and ensure removal is in performance of official duties and under conditions providing required protection 6. Safeguarding U.S. classified information in foreign countries Safeguard at a U.S.: (ISP 7-14) a. Military installation or where U.S. enjoys extraterritorial status (e.g. embassy/consulate) b. Government activity located in a building: - Used exclusively by U.S. government tenants, provided it is under 24-hour control by U.S. government personnel, or - Not used exclusively by U.S. government tenants nor under host government control, provided classified information is stored in GSA-approved security containers and under 24 hour control by U.S. government personnel, or - Not used exclusively by U.S. government tenants but which is under host government control, provided classified information is secured in GSA-approved security containers which are further secured in a locked room or area to which only U.S. personnel have access NOTE: To extent possible separate U.S. classified information determined releasable to the host government from that not authorized for release. 12-9 5-5-2

Foreign personnel shall be escorted in areas where U.S. non-releasable classified information is handled or stored B. Care of Working Spaces 1. Buildings and spaces - Must have the security measures necessary to prevent unauthorized persons from viewing or hearing classified information 2. Measures which can be used for buildings: Trim shrubbery outside ground-floor offices; Install grills/bars/screens on ground-floor (below 18 ) windows and other openings; Use window coverings (opaque windows) 3. Conference rooms and other areas designated for classified discussions a. For Top Secret and other designated classified discussion areas, request Technical Surveillance Countermeasures (TSCM) support from NCIS. Once TSCM is complete: (SECNAVINST 3850.4) - Ensure continuous access control to space once it has been surveyed - Require escorts for uncleared personnel who need admission - Monitor telephones, office intercommunications, public address systems, or other equipment, which has not been checked by a TSCM technician in the space. b. TSCMs are not normally supplied to ships or aircraft due to the low technical security vulnerability and threat c. Because most commands do not have TSCMs, the security manager needs to: - Check room periodically for listening devices - Allow no cell phones, personal radios, TVs, or recording devices in classified discussion areas - Monitor activities of uncleared personnel (e.g., maintenance people) - Report any attempts or suspected attempts of penetration to NCIS d. Keep extraneous information (e.g., unclassified 12-9 5-5-3

papers, printouts, publications) off the top of security containers to prevent inadvertent intermingling with classified information C. Restricted Areas (OPNAVINST 5530.14E, Chapter 2) 1. A command with areas of varying security importance may require different protective measures, depending on: Mission; Volume of material; Type of equipment used to process classified information; Sensitivity of information used; Environment 2. Purpose - An effective method to restrict access and control movement. Requirement for all levels: (OPNAVINST 5530.14E) a. Designated in writing by Commanding Officer b. Post Restricted Area warning signs at normal points of ingress/egress (If located in a foreign country, the warning signs will be in English and the local language) c. Clearly defined perimeter d. Admission only to people with appropriate authorization and others controlled by escort e. A personnel identification and control system f. Entry and departure controlled - An electronic control system may be used - Use of access controls (e.g., mechanical pushbutton combination locks) allows authorized movement, while detecting and delaying unauthorized movement of personnel and information - If a computer access control or logging system is used, it must be safeguarded against tampering. g. Secured during non-working hours and checks made for signs of unauthorized entry 3. Level 2 additional requirements - After duty hours all personnel must be logged in and out 12-9 5-5-4

- When secured check at least twice per 8-hour shift or if adequately equipped with an operational IDS, check once per 8-hour shift 4. Level 3 additional requirements: a. Access list b. Entry and departure log: - During normal hours - Visitors logged in/out - After hours - All personnel logged in/out D. ID Cards and Badges (OPNAVINST 5530.14E) 1. Purpose a. Control physical access to an area for security purposes. - Color or symbol coding can help identify level of holder's security access, or indicate special nature of his authorization to enter a Restricted Area - Do not use the words Top Secret, Secret, or Confidential or their abbreviations b. Alert other personnel in the area to the presence of unauthorized persons, because such persons are not wearing a badge or are wearing a questionable badge. 2. NCIS Special Agent credentials are acceptable ID for purposes of controlling access through Top Secret. NOTE: NCIS agents cannot surrender credentials; if surrender is required for badging purposes, other acceptable ID will be exchanged (SECNAVINST 5430.107) 3. Rules for coded ID cards or badges - Echelon 2 commands will approve adequacy of security badges and their manner of use by their subordinate activities. - Badges should have expiration dates and serial numbers; strict control and accountability required (All new acquisitions of security badge-related components will comply with OPNAVINST 5530.14E) 12-9 5-5-5

- Design to minimize tampering or unauthorized use E. Personnel Administrative Inspections (OPNAVINST 5530.14E) 1. Required in Restricted Areas 2. Purpose - To deter and detect unauthorized introduction or removal of government material 3. Method and frequency at Commanding Officer s discretion. To be effective inspections should be conducted frequently. (Better to frequently conduct random inspections of a few people at any one time than to inspect a lot of people only infrequently) - Not interfere unduly with performance of duties or ingress/egress of employees/visitors 4. Persons should be advised in advance (Properly worded sign to this effect prominently displayed in front of entry point will suffice). 5. Instruct inspection personnel: - To inspect only what is necessary and what to do when it appears classified information is being removed or brought in without authorization - Command authorization (e.g., authorization letter, visit request, DD 2501, Courier authorization Card, travel order) is required for the removal of classified material F. Care During Working Hours (ISP 7-9) 1. Protect classified information when removed from storage - Keep under constant surveillance by an authorized person and use a coversheet, Standard Forms 703 (TS), 704 (Secret), 705 (Confidential) when removed from secure storage 2. Removable computer media - In a mixed working environment (classified and unclassified) mark removable media with a SF 706 (TS), 707 (Secret), 708 (Confidential), 709, 710 (Unclassified), 711, or 712 (SCI), as applicable (If unable to use SF stickers can write on the classification) 12-9 5-5-6

- In a totally unclassified working environment, SF labels are not required 3. Do not discuss classified information in unauthorized areas or when unauthorized persons can overhear 4. Protect drafts, notes, CDs etc. G. Security Checks at End of Working Day (ISP 7-10) 1. Commanding Officers shall establish procedures for end of the day security checks 2. Use the SF 701, Activity Security Checklist (see Student CD for form), to ensure all areas which process classified information are properly secured. Post the SF 701 near exit. (Can be annotated to add additional command check off items (e.g., coffee pot off)) 3. Use the 702, Security Container Check Sheet to record that vaults, secure rooms, and security containers have been properly secured - Each time a container, vault, or secure room is opened and closed - At the end of the day (second check) (Attach SF 702 to the container) (When securing, rotate dial of mechanical combination locks at least 4 times in same direction; check each drawer by depressing latch and pulling on drawer. Rotate the dial of the XO series locks at least one turn in each direction. (If the dial is only a quick twist, it is possible to open most locks merely by turning the dial back to its opening position) (ISP 10-14) 4. Ensure the SF 701 and 702 reflect after hours, weekend or holiday activity in secure areas (Security managers should check records regularly to ensure proper use) 5. The SF 701 and 702 may be destroyed 30 days after the last entry unless they are used to support an ongoing investigation. 12-9 5-5-7

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback