206 Flashcards
206.1 Define spillage:
- Data placed on an IT system possessing insufficient information security controls to protect the data at the required classification. Example: SECRET data put on UNCLAS PC.
206.2 Discuss the procedures for correcting spillage:
- Disconnect the affected IS or media from the network. Be sure to include all peripheral devices that may have been impacted (i.e., printers, Blackberries, etc.). Do no turn off the IS.
- Notify the Information System Security Manager (ISSM)
- Document/log all actions taken and gather any evidence such as printed material.
206.3 Define and discuss TPI requirements:
- TPI requires the participation of two people to provide a means of restricting access to sensitive material.
206.4 Define and provide examples of the following:
a. COMSEC incidents (divided into three categories, with example)
1. Cryptographic - Use of COMSEC keying material that is compromised, superseded, defective, or previously used and not authorized for reuse
2. Personnel - Defection, espionage, capture by enemy
3. Physical - loss of COMSEC material, unauthorized access to COMSEC material, COMSEC material found outside of required accountability or physical control, failure to maintain TPI
PRACTICES DANGEROUS TO SECURITY, while not reportable to the national level (NSA), are practices, which have the potential to jeopardize the security of COMSEC material, if allowed to perpetuate. Examples listed in EKMS 1B include:
b. Reportable Practices Dangerous to Security:
1. Physical material not destroyed but erroneously flagged and confirmed as destroyed within LCMS.
2. Unauthorized adjustment of preconfigured default password parameters on LMD.
3. Failure to return a Key Variable Generator (KVG), i.e. KG-83, KGX-93, or KP for recertification within 30 days of receipt of a replacement unit
c. Non-Reportable Practices Dangerous to Security
1. Improperly completed accounting reports
2. Physical COMSEC keying material transferred with status markings still intact.
3. Mailing, faxing or scanning/emailing (via non-secure fax) SF-153s, CMS-25s or other documents containing status information or marked as classified.
4. COMSEC material not listed on local element (LE) or user inventory when documentation exists at the account level to indicate the material is issued to the LE or user, as applicable.
5. Issue of keying material in hardcopy form marked/designated CRYPTO, without authorization, to a LE more than 30 days before its effective period.
6. Removal of keying material from its protective packaging prior to issue for use, or removing the protective packaging without authorization, as long as the removal was documented and there was no reason to suspect espionage.
7. Receipt of a package with a damaged outer wrapper, but an intact inner wrapper.
8. Activation of the anti-tamper mechanism on or unexplained zeroization of COMSEC equipment as long as no other indications of unauthorized access or penetration was present.
9. Failure to maintain OTAD/OTAR/OTAT logs.
10. Failure to perform LCMS backups or archives.
11. The discovery of non-COMSEC accountable material in LCMS.
12. Loss or finding of unclassified material as defined in Article 1015.
206.5 State how often ISIC COMSEC inspections are required:
- ISICs must conduct unannounced EKMS Inspections of their subordinate commands and units every 24 months.
206.6 State how often CMS Advise and Assistance visits are required:
- 18 months.
206.7 State how often a CO is required to conduct a CMS inspection:
- Quarterly spot checks.
206.8 State the purpose of the EKMS Manager:
- An individual designated in writing by the CO to manage COMSEC material issued to an EKMS account. The EKMS Manager is the CO’s primary advisor on matters concerning the security and handling of COMSEC material and the associated records, reports, and audits.
