106 Security Flashcards
What is the purpose of personnel security?
To authorize initial and continued access to classified information
Define TOP SECRET and the color code to identify it
Could cause EXCEPTIONALLY GRAVE damage to national security / ORANGE
Define SECRET and the color code to identify it
Could cause SERIOUS DAMAGE damage to national security / RED
Define CONFIDENTIAL and the color code to identify it
Could cause DAMAGE to national security / BLUE
Define UNCLASSIFIED and the color code to identify it
Technically not a classification level, but is used for documents that do not have a classification listed / GREEN
Explain “Need to know”
Access to specific classified info in order to perform or assist in a lawful and authorized governmental function
What type of investigation and how often is an update for access for a Top Secret/SCI needed?
SSBI every 5 years
What type of investigation and how often is an update for access for a Secret clearance needed?
National Agency Check with Local Agency & Credit Checks (NACLC) every 10 years
What type of investigation and how often is an update for access for a Confidential clearance needed?
National Agency Check with Local Agency & Credit Checks (NACLC) every 15 years
What is a SAER and its purpose?
SAER: Security Access Eligibility Report; used to report to DONCAF any info that might affect someone’s continued eligibility for access to SCI
i.e. Married a foreign National, etc.
Identify the events that should be reported to the SSO
- Unexplained affluence or excessive indebtedness
- Alcohol abuse
- Illegal or improper drug use/involvement
- Apparent mental or emotional disorder(s)
- Criminal conduct
- Personal conduct
- Non compliance with security regulations
- Misuse of technology systems
- Foreign influence/close and personal association with foreign nationals
- Foreign citizenship or foreign monetary interest
- Unofficial foreign travel
- Sexual behavior that is criminal or reflects a lack of judgement or discretion
- Involvement in activities or sympathetic association with persons which/who unlawfully practice or advocate overthrow or alteration of the U.S. Gov’t by unconstitutional means
Who has overall authority of and controls access to a SCIF?
CO
Identify the use of the following forms:
- SF700
- SF701
- SF702
- SF703
- SF153
- SF312
- SF700: Security container envelope; used to record safe and door lock combos
- SF701: Activity security checklist; used at end of day to ensure classified materials are secured properly and provides for accountability. Retained for at least 90 days
- SF702: Security container cheeksheet (container open/closure form)
- SF703: TOP SECRET coversheet
- SF153: COMSEC Material Report; acquisition/transfer of secure communications devices
- SF312: Classified Information Nondisclosure Agreement (DD 1847-1 SCI Nondisclosure agreement); contractual agreement with the gov’t and a cleared employee that must be executed as a condition of access to classified info
When should safe combinations be changed?
- When lock is initially placed
- Person that no longer requires access knows code
- Combination compromise
- Combination is out of service
- Maintenance was performed on lock
- When designated by the CSA/SIO or owner of safe
What are the responsibilities of a FDO?
FDO: Foreign Disclosure Official; approves disclosure to foreign representatives.
State the purpose of the DCS?
Defense Courier Service; provides safe transport of sensitive/classified material
Describe the procedures for preparing hard copy classified material for transportation via DCS and Hand carry
DCS: DOUBLE WRAPPED; No classification markings on outside wrapping
Hand carry: double-wrap classified info when carrying outside the command (a locked briefcase will serve)
What are the responsibilities of the TSCO?
TSCO: Top Secret Control Officer; responsible for safe keeping/storage of TS material within a command
State the THREATCON recognitions and Force Protection levels and what they represent
- Alpha: General readiness (Increased general threat of possible terrorist activity)
- Bravo: Somewhat predictable threat (Increased or more predictable threat of terrorist activity)
- Charlie: Known terrorist threat made (Incident occurs)
- Delta: Specific target known and declared or terrorist event has occurred (Applies to immediate area where terrorist attack has occurred)
Explain what a RAM is
Random Anti-terrorism Measure: random implementation of higher FPCON measures
What is an EAP and its purpose?
EAP: Emergency Action Plan; protection of classified info that minimizes risk of personal injury or loss of life
- SCI destroyed first
- Who destroys what and where
How and in what order is material destroyed during Emergency Destruction?
- All material/equipment shall be destroyed by any means available: burning, shredding, smashing, jettison, etc.
- Priority 1: All cryptographic equipment and documents
- Priority 2: All operational SCI codeword material which might divulge targets and successes, documents dealing with US SCI activities and documents, TOP SECRET material, and other sensitive material
- Priority 3: Less sensitive SCI material and collateral material not included above (everything else)
Define SCI
Sensitive Compartmented Information
List the items prohibited in a SCIF
- Personally owned photographic, video, and audio recoding equipment
- Personally owned computers and associated media
- Any items that pose a risk of disclosure or transport of classified information
- Explosives and/or weapons
Describe the difference between a security violation and a practice dangerous to security
Security violation: A compromise of classified information
Practice dangerous to security: A failure to comply with security regulations
Explain the security requirements for the following:
- SCIF
- T-SCIF
- SCIF: An accredited area where SCI may be stored/used
- T-SCIF: Accredited area used for a limited time to meet tactical, emergency, or immediate operational requirements
Explain vault recertification and recurring inspections
Vault recertification and recurring inspections are conducted to ensure SCIFs are meeting ICD 705 standards
Discuss the need for access list, required documentation logs, and two-person integrity
To ensure only properly authorized personnel access the classified material, annotate when documents were accessed for accountability, and to ensure material remains uncompromised during transit
What is the DoD escort policy?
- Movement of all visitors shall be controlled to ensure that access to classified info is deliberate and consistent with the purpose of the visit
- All persons must be escorted by qualified and cleared personnel throughout their visit
Discuss the procedures for sanitizing an area
Two-step process:
- Removing data from media & removing all classified labels, markings & activity logs
- Removing all classified material from view, so its not visible to uncleared persons
Discuss each of the following:
- COMSEC
- INFORMATIONSEC
- COMPUSEC
- COMSEC: Communications Security (protecting our Communications)
- INFORMATIONSEC: Information Security (ensuring info is not compromised)
- COMPUSEC: Computer Security (ensuring our computers are secure)
State the purpose of the ICD system
ICD: Intelligence Community Directives; The principle means by which the DNI provides guidance, policy, and direction to the IC
Identify SSO Navy
Director, Security and Corporate Services (ONI-5); overseas SSO operations (for the DON)
List the duties/responsibilities of the SSO
Responsible for maintaining the security of SCI material
Who can be a CSM (Command Security Manager)?
- Must be an officer or civilian employee (GS-11 or higher)
- U.S. Citizen
- Completed SSBI; (favorably adjudicated w/in past 5 years prior to assignment)
What are the duties/responsibilities of the CSM?
Responsible for the administration of the command’s info and personnel security programs; (not related to SCI, SAPs or IT programs)
Explain JPAS and its purpose
JPAS: Joint Personnel Adjudication System; Provides “real-time” information regarding clearance, access, eligibility and investigative status to authorized DoD security personnel
Explain DONCAF and its purpose
DONCAF: Dept of Navy Central Adjudication Facility; Responsible for determining who in the DON is eligible to hold a security clearance, to have access to SCI, or to be assigned to sensitive duties
State the levels of INFOCON and what they signify
INFOCON 1: Attacks are taking place; Computer Network Defense system is at maximum alertness
INFOCON 2: Attack has taken place but system isn’t at its highest alertness
INFOCON 3: Risk has been identified
INFOCON 4: Increased risk of attack on computer networks
INFOCON 5: no apparent hostile activity
How long can a Commanding Officer administratively suspend access before DONCAF revokes a clearance?
90 days
Discuss the security rules/procedures for magnetic and electronic media
Must be conspicuously marked with highest level of classification
Why does the U.S. Navy only used “.mil” email addresses on gov’t systems
DoD has exclusive use of “.mil” domain to provide increased security
