7C Flashcards
___ is a subset of the Air Force Security Enterprise.
IP
What does IP stand for?
Information Protection
Information Protection consists of a set of three core security disciplines:
Personnel Security, Industrial Security, and Information Security
Information Protection consists of a set of three core security disciplines (Personnel Security, Industrial Security, and
Information Security) used to:
- Determine military, civilian, and contractor personnel’s eligibility to access classified information or occupy a sensitive position (Personnel Security).
- Ensure the protection of classified information and controlled unclassified information (CUI) released or disclosed to industry in connection with classified contracts (Industrial Security).
- Protect classified information and CUI that, if subject to unauthorized disclosure, could reasonably be expected to cause damage to national security (Information Security).
_____ is a core security discipline within IP that is designed to identify and protect classified national security information and CUI in accordance with DoD policy issuances.
Information Security (INFOSEC)
Cryptographic systems of signals that contain sensitive or classified plain-text information. This carries what color signals?
Red Signals
Cryptographic systems of signals that carry encrypted
information, or cipher-text. This carries what color signals?
Black Signals
Red/Black Separation continues to be relevant for ____ cabling systems.
copper-based
The following describes which core security principle?
Determines military, civilian, contractor eligibility to access classified.
Personnel Security
The following describes which core security principle?
Protects classified/controlled unclassified information (CUI) released to contractors.
Industrial Security
The following describes which core security principle?
Protects classified/controlled unclassified information (CUI).
Information Security
Since 1967, the ___ ___ ___ ___ has provided the public the right to request access to records from any federal agency.
Freedom of Information Act (FOIA)
It is often described as the law that keeps citizens in the know about their government.
FOIA
Federal agencies are required to disclose any information requested under the FOIA unless it falls under one of ___ exemptions which protect interests such as personal privacy, national security, and law enforcement.
nine
The following describes which FOIA exemption?
Information that is currently and properly classified.
Exemption 1
The following describes which FOIA exemption?
Information that pertains solely to the internal rules and practices of the agency that, if released, would allow circumvention of an agency rule, policy, or statute, thereby impeding the agency in the conduct of its mission
Exemption 2
The following describes which FOIA exemption?
Information specifically exempted by a statute establishing criteria
for withholding. The language of the statute must clearly state that the information will not be disclosed.
Exemption 3
The following describes which FOIA exemption?
Information such as trade secrets and commercial or financial information obtained from a company on a privileged or confidential basis that, if released, would result in competitive harm to the company, impair the Government’s ability to obtain like information in the future, or impair the Government’s interest in compliance with
program effectiveness.
Exemption 4
The following describes which FOIA exemption?
Inter- or intra-agency memorandums or letters containing information considered privileged in civil litigation. The most common privilege is the deliberative process privilege, which concerns documents that are part of the decision-making process
and contain subjective evaluations, opinions, and recommendations. Other common privileges are the attorney-client and attorney work product privileges.
Exemption 5
The following describes which FOIA exemption?
Information, the release of which would reasonably be expected to
constitute a clearly unwarranted invasion of the personal privacy of individuals.
Exemption 6
The following describes which FOIA exemption?
Records or information compiled for law enforcement purposes that meet certain criteria.
Exemption 7
The following describes which FOIA exemption?
Certain records of agencies responsible for supervision of financial
institutions.
Exemption 8
The following describes which FOIA exemption?
Geological and geophysical information (including maps) concerning
wells.
Exemption 9
Information that is currently and properly classified shall be withheld from mandatory release in accordance with FOIA Exemption _.
Exemption 1
The marking “__ __ __ __” (FOUO) is applied to information that can reasonably be expected to qualify for exemption under one or more of FOIA Exemptions 2 through 9
FOR OFFICIAL USE ONLY
Information must be ____ to be designated FOUO
unclassified
What does CUI stand for?
Controlled Unclassified Information
Certain types of unclassified information require access and
distribution controls and protective measures to keep it secure.
CUI
DoDI ______, Controlled Unclassified Information provides guidance
on the various types of CUI and their associated markings.
DoDI 5200.48
CUI is government created or owned information that requires safeguarding or dissemination controls consistent with applicable laws, regulations, and government wide policies. CUI __ __ classified information.
is not
CUI is a ____ (not a classification) applied to unclassified information that was exempt from mandatory release to the public under the FOIA.
designation
A common example of information that is considered CUI is a ___ ___, which is a list of personnel assigned to a unit or flight that has their telephone numbers and addresses on it for cases of emergency.
The ___ ___ can be designated CUI because it qualifies under Exemption 6 of the FOIA, because the release of it would reasonably be expected to constitute a clearly unwarranted invasion of the personal privacy of individuals under the Privacy Act of 1974.
recall roster
DoD legacy material will not be required to be ___ or ___ while it remains under DoD control or is accessed online and downloaded for use within the DoD.
re-marked or redacted
However, any such document or new derivative document must be marked as CUI if the information qualifies as CUI and the document
is being…?
shared outside DoD
DoD legacy marked information stored on a DoD access-controlled
website or database does not need to be remarked as ___, even if other agencies and contractors are granted access to such websites or databases.
CUI
For Official Use Only (FOUO) is a ___ ___ used to indicate sensitivity based on agency policy or practice.
legacy marking
All FOUO information was CUI, but not all CUI was ____.
FOUO
FOUO was applied by the Department of Defense to unclassified information when disclosure to the public of that record, or portion thereof, would reasonably be expected to cause ___ ___ to an interest protected by one or more of FOIA Exemptions 2 through 9.
foreseeable harm
Information that has been determined to qualify for CUI status shall be indicated by markings. Markings are to be applied at the time documents are ____ to properly protect the information.
created
______ prescribes the management, access, handling, and denial of access to records within a system of records.
The Privacy Act of 1974
An official system of records is a ___ ___ (hard copy and/or digital) that is authorized by law or Executive Order and controlled by an Air Force or lower-level directive that is needed to carry out an Air Force mission or function.
file system
Any information that has a ___ ___ ___ of a citizen or alien and is in an official system of records is granted protection under the Privacy Act.
Social Security Number
The Privacy Act of 1984 and AFI 33-332, The Air Force Civil Liberties Program prescribe management of ____ information stored within _____ record systems, also known as Personally Identifiable
Information (PII).
personal
official
The Air Force Privacy and Civil Liberties Program is designed to prevent widespread distribution of personal records. The program, implemented through AFI ______, sets guidelines for collecting,
safeguarding, maintaining, using, accessing, amending, and disseminating personal information kept in an Air Force system of records.
AFI 33-332
___ ___ is information that has been determined to require protection against unauthorized disclosure in the interest of national defense.
Classified Information
In this context, ___ ___ means the defense of the United States or foreign relations of the United States
national security
What are the three collateral classification levels?
Top Secret
Secret
Confidential
Classification levels of information is based upon the amount of ____ it could reasonably cause to national security if released to unauthorized persons.
damage
There are three types of classification for classified information:
Original, Tentative, and Derivative
The following describes which classification for classified information?
Everyone doesn’t possess authority to classify a piece of information. For something to be marked and protected as classified, it must first be given an ___ ___. Secretary of the Air Force (SECAF) delegates ___ ___ authority (OCA) to Air Force officials. No other Air Force OCA has delegation or designation authority.
Original Classification
The following describes which classification for classified information?
All Air Force personnel (military, civilian, and on-site contractors) with access to classified information systems are considered derivative classifiers and any other person designated by the commander or
director.
Derivative Classification
Top Secret damage to National Security =
Exceptionally Grave
Secret damage to National Security =
Serious
Confidential damage to National Security =
Some
The proper marking of a classified document, to include e-mail, is the specific responsibility of the ____ (original or derivative classifier).
author
Derivative classifiers must receive initial training and refresher training every…?
2 years
Derivative classifiers must receive initial training and refresher training every…?
2 years
Weapons or sensitive items such as funds, jewels, precious metals, or drugs shall not be stored in the same container used to safeguard…?
classified information
The ___ ___ ___ establishes and publishes standards and specifications for storage devices.
General Services Administration (GSA)
Top Secret: Must be stored in a GSA security container approved for Top Secret level. The container shall be subject to continuous protection by guard or duty personnel or be protected by an intrusion detection system with personnel responding to the alarm within __ minutes.
15 minutes
Hand carrying classified material poses a risk and should be done as a ___ ___ in critical situations.
last resort
Derivative classifiers must receive initial training and refresher training every…?
2 years
Derivative classifiers must receive initial training and refresher training every…?
2 years
Derivative classifiers must receive initial training and refresher training every…?
2 years
