106 Security Flashcards
Identify the directives that govern personnel security
EO 12968 EO 10450 DoD 5200.2-R SCI Security Manual DON ISP
Classification Categories
Top Secret - Orange “exceptionally grave damage”
Secret- Red “serious damage”
Confidential- Blue “damage”
Unclassified- Green “or, relating to, or being official matter not requiring the application of security safeguards
“Need To Know”
a determination that an individual requires access to specific classified info in the performance of lawful and authorized government functions and duties
Type of Investigation depending on clearance level
Top Secret- SSBI. Valid for 5 years
Secret- NACLC. Valid for 5 years
Confidential- NACLC. Valid for 5 years
SCI- SSBI. Valid for 5 years
SAER
Security Access Eligibility Report- get adjudication process started
Identify who has overall authority of, and controls access to, a SCIF
The Commanding Officer
SF-700
Stores combos
SF-701
End of Day Check
SF-702
Open/Close log
SF-703
TS Cover Sheet
SF-153
COMSEC Material Report
SF-312
Classified Information Nondisclosure Agreement
When should safe combos be changed
- combo is compromised
- transfer of personnel
- change of command/EKMS manager
- At least once every 2 years
What is an FDO and state their responsibilities
Foreign Disclosure Officer- military info is a national security asset which must be conserved and protected and which may be shared with foreign representatives only when there is a clearly defined advantage to the US
Purpose of DCS
Defense Courier Service - organized under DoD directive 5200.33, shall establish, staff, maintain, and operate an international network of couriers and courier stations for the expeditious, cost-effective and secure transmission of qualified classified documents and material
Responsibilities of the TSCO
Top Secret Control Officer- CO designates in writing. Responsible for maintaining a system of accountability
THREATCON Levels
THREATCON Level 1 - Low, basic network posture
THREATCON Level 2- Medium, increased alertness
THREATCON Level 3 - High, known threat
THREATCON Level 4 - Extreme, full alert
FPCON Levels
FPCON Normal - no current terrorist activity
FPCON ALPHA- small and general terrorist activity that is not predictable
FPCON BRAVO- somewhat predictable terrorist threat
FPCON CHARLIE- instance occurs or when intel reports that there is terrorist activity imminent
FPCON DELTA- a terrorist attack is taking place or has just occurred
What is RAM
Random Antiterrorism Measures- to maximize the effectiveness and determine value, RAM should be implemented without a set pattern, either in terms of the measures selected, time, place, or other variables
What is an EAP
Emergency Action Plan- every command that holds classified COMSEC or CCI material must prepare and maintain a current, written emergency plan for safeguarding such material in the event of an emergency
Purpose of Emergency Destruction Procedures
Commands located outside of CONUS and deployable commands, planning must consider both natural disasters and hostile actions and must also include EDPs
Who can give the order to initiate Emergency Destruction
Commanding Officer
How and n what order is material destroyed during Emergency Destruction
- Superseded keying material
- Primary keying material
- Reserve on Board keying material
- Highest classification first
- all approved methods of destruction should be used
Define SCI
Sensitive Compartmented Information- methods of handling certain types of classified information that relate to specific national-security topics or programs whose existence may not be publically acknowledged, or the sensitive nature which requires special handling
Items prohibited in a SCIF
Cell phones, cameras, removable media, flash media
Security Violation
any failure to comply with the regulations for the protection and security of classified material
Practice dangerous to security
practices which have the potential to jeopardize the security of COMSEC Material, should they continue
Vault recertification and recurring inspections
SCI security officials will conduct self-inspections at least annually
Access List
Provides an approved list of personnel that have been granted access and the need-to-know
Visitors log
Are to keep a paper trail of who has accessed the spaces that are not on the access list
TPI
keep positive control and safeguard classified material
DoD escort policy
If you are an escort, you are required to stay with that individual or group you are escorting until they leave
Sanitizing an area
You have to announce un-cleared person, then wait until all the computer screens, paperwork, and all other classified material is put away
COMSEC
Communications Security- protective measures taken to deny unauthorized persons information derived from telecommunications of the US Govt concerning national security, and to ensure the authority of such telecommunications
INFOSEC
Information Security- protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction
COMPUSEC
Computer Security- measures and controls that ensure confidentiality, integrity, and availability of the information processed and stored by a computer
PSP
Physical Security-the availability and adequacy of physical security protection capabilities at the individual buildings and other locations when COMSEC material is held
ATFP
Anti-terrorism Force Protection- Defensive measures used to reduce the vulnerability of individuals and property to terrorist acts
Purpose of the ICD system
Intelligence Community Directives are the principal means by which the DNI provides guidance, policy, and direction to the Intelligence Community
SSO Navy
The Director, Security and Corporate Services is SSO Navy and is designated as the CSA
Duties and responsibilities of the SSO
-appointed in writing, principle advisor on the SCI security program in the command and responsible to the CO for management and admin of the program
Who can be CSM
Command Security Manager- may be assigned full-time, part-time, or as a collateral duty and must be a military Officer or a civilian employee GS 11 or above, with sufficient authority and staff to manage the program for the command
Duties and responsibilities of CSM
Responsible for admin of the command’s information and personnel security programs
Purpose of JPAS
Joint Personnel Adjudication System- DoD system that uses the web to connect security personnel around the world with a database managed by DoD Agency Central Adjudication Facilities
DONCAF
Department of the Navy Central Adjudication Facility- A NCIS org, responsible for determining who within the DoN is eligible to hold a security clearance, to have access to SCI, or to be assigned to sensitive duties
How long can a CO administratively suspend access before DONCAF revokes a clearance
90 days
Levels of INFOCON
INFOCON 5- no apparent hostile activity against computer networks
INFOCON 4- increased risk of attack
INFOCON 3-when a risk has been identified
INFOCON 2- when an attack has taken place but the CND system is not at its highest alertness
INFOCON 1- when attacks are taking place and the CND system is at max alertness
Why the USN only uses “.mil” email addresses on government systems
DoD has exclusive use of the .mil domain. Provides increased security
