All Areas I Flashcards
Indicators of insider threats
- Failure to report overseas travel or contact with foreign nationals
- Seeking to gain higher clearance or expand access outside the job scope
- Engaging in classified conversations without a need to know
- Working hours inconsistent with job assignm
Elements that
should be considered in
identifying Critical Program
Information
Elements which if compromised could:
- cause significant degradation in mission effectiveness,
- shorten the expected combat-effective life of the system
- reduce technological advantage
- significantly alter program direction; or
- enable an adversa
asset, threat, vulnerability, risk, countermeasures
Elements that a
security professional should
consider when assessing and
managing risks to DoD assets
The three categories of
Special Access Programs
acquisition, intelligence, and operations and support
Three different types
of threats to classified
information
Insider Threat, Foreign Intelligence Entities (FIE) and Cybersecurity Threat
The concept of an insider threat
An employee who may represent a threat to
national security. These threats encompass potential espionage, violent acts against the Government or the nation, and unauthorized disclosure of classified information, including the vast amounts of classified da
The purpose of the
Foreign Visitor Program
To track and approve access by a foreign entity to information that is classified; and to approve access by a foreign entity to information that is unclassified, related to a U.S. Government contract, or plant visits covered by ITAR.
Special Access
Program
A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level.
Enhanced security requirements for protecting Special Access Program (SAP) information
Within Personnel Security:
� Access Rosters;
� Billet Structures (if required);
� Indoctrination Agreement;
� Clearance based on an appropriate investigation completed within the last 5
years;
� Individual must materially contribute to the program in addi
Responsibilities of the Government SAP Security Officer/Contractor Program
Security Officer (GSSO/
CPSO)
From Revision 1 Department of Defense Overprint to the National
Industrial Security Program Operating Manual Supplement - 1 April
2004:
� Possess a personnel clearance and Program access at least equal to
the highest level of Program classified information
The four Cognizant Security Agencies (CSAs)
Department of Defense
DoD), Director of National Intelligence (DNI), Department of Energy (DoE), and the Nuclear Regulatory Commission (NRC
Cognizant Security Agencies (CSA)s’ role in the National Industrial Security Program (NISP).
Establish an industrial security program to safeguard classified information under its
jurisdiction.
Critical Program Information
in DoD
- U.S. capability elements that contribute to the warfighter’s advantage throughout the
life cycle, which if compromised or subject
to unauthorized disclosure, decrease the advantage. - Elements or components of a Research, Development, and Acquisition
Primary authorities governing foreign disclosure of classified military information
- Arms Export Control Act
- National Security Decision Memorandum 119
- National Disclosure Policy-1
- International Traffic in Arms Regulation (ITAR)
- E.O.s 12829, 13526
- Bilateral Security Agreements
- DoD 5220.22-M, “NISPOM,
The purpose of the DD Form 254
Convey security requirements, classification guidance and provide handling procedures for classified material received and/or generated on a classified contract.
Factors for determining
whether U.S. companies are under Foreign Ownership, Control or Influence
(FOCI)
1. Record of economic and government espionage against the U.S. targets 2. Record of enforcement/engagement in unauthorized technology transfer 3. Type and sensitivity of the information that shall be accessed 4. The source, nature and extent of FOCI 5. R
The purpose and the function of the Militarily Critical Technologies List (MCTL).
- Serves as a technical reference for the development and implementation of DoD technology, security policies on international transfers of
defense-related goods, services, and technologies as administered by the Director, Defense Technology Security
Adm
Security Infraction
This event cannot reasonably be expected to and does not result in the loss, compromise, or suspected compromise of classified information
DoD Manual 5200.01, Volumes 1-4
The manual that governs the DoD Information Security Program
E.O. 13526
The executive order that governs the DoD Information Security Program
32 CFR Parts 2001 & 2003,
“Classified National Security
Information; Final Rule
The Information Security Oversight Office (ISOO) document that governs the DoD Information Security Program
Security Violation
An event that results in or could be expected to result in the loss or compromise of
classified information
Unauthorized Disclosure
Communication or physical
transfer of classified or controlled unclassified information to an unauthorized recipien
SSBI
Initial investigation for military, contractors, and civilians: � Special-Sensitive positions � Critical-Sensitive positions1 � LAA � Top Secret clearance eligibility � IT-I duties
ANACI
Initial investigation for civilians:
� Noncritical-Sensitive positions2
� Confidential and Secret clearance eligibility
� IT-II duties
NACLC
Initial National Agency Check with Law and Credit for military and contractors:
� Secret or Confidential clearance eligibility
� All military accessions and appointments
� IT-II duties
� IT-III duties (military only)
NACI
National Agency Check with Inquiries for civilians and contractors:
� Non-Sensitive positions
� Low Risk
� HSPD-12 Credentialing
NAC
The fingerprint check portion of a PSI
The purpose of due process in
Personnel Security Program (PSP)
Ensures fairness by providing the
subject the opportunity to appeal an
unfavorable adjudicative determination
The key procedures for initiating
Personnel Security Investigations (PSIs)
- Validate the need for an investigation
- Initiate e-QIP
- Review Personnel Security Questionnaire (PSQ) for completeness
- Submit electronically to OPM
DoD position sensitivity types
and their investigative requirements.
- Critical Sensitive
- Non-Critical Sensitive
- Non-Sensitive
Investigative requirement for a Critical- Sensitive position
SSBI, SSBI-PR, or PPR
Investigative requirement for a Non-Critical Sensitive position
ANACI or NACLC
Investigative requirement for a Non-Sensitive position
NACI
The term when current security clearance eligibility determination is rescinded
Revocation
The term when an initial request for security clearance eligibility is not granted
Denial
SOR
Statement of Reasons
What is the purpose of the Statement of Reasons (SOR)?
The purpose of the SOR is to provide a comprehensive and detailed written explanation of why a preliminary unfavorable adjudicative determination was made.
The 13 Adjudicative Guidelines
- Allegiance to the United States
- Foreign Influence
- Foreign Preference
- Sexual Behavior
- Personal Conduct
- Financial Considerations
- Alcohol Consumption
- Drug Involvement
- Psychological Conditions
- Criminal Conduct
- Handling Prote
Three different types of approved classified
material storage areas.
- GSA-approved storage containers
- Vaults (including modular vaults)
- Open storage area (secure rooms, to include SCIFs and bulk storage areas)
Construction requirements for vault doors
- Constructed of metal
- Hung on non-removable hinge pins or with
interlocking leaves. - Equipped with a GSA-approved combination lock.
- Emergency egress hardware (deadbolt or metal bar extending across width of door).
The purpose of intrusion detection systems
To detect unauthorized penetration into a secured area
The purpose of perimeter barriers
To define the physical limits of an installation, activity, or area, restrict, channel, impede access, or shield activities within the installation from immediate and direct observation
The purpose of an Antiterrorism Program
Protect DoD personnel, their families, installations, facilities, information, and other material resources from terrorist acts
Force Protection Condition levels
Normal, Alpha, Bravo, Charlie, Delta
The concept of security-in-depth
Layered and complementary security controls sufficient to deter, detect, and document unauthorized entry and movement within an installation or facility.
e-QIP
The system Mr. Smith needs to access when he needs to update his personal information on his Personnel Security Questionnaire for his re-investigation
Personnel Security Investigation
The first phase of the security clearance process
JCAVS
A security manager uses this system to communicate with the DoD CAF
JAMS
This sub-system (used by adjudicators) and JCAVS make up the JPAS system
JPAS
A DoD system of record for personnel security clearance information
Scattered Castles
Intelligence Community (IC) Personnel Security Database that verifies personnel security access and visit certifications.
Personnel Security Investigation (PSI)
The DoD uses this as the standard for the uniform collection of relevant and important background information about an individual.
PSIs are used to determine the eligibility of an individual for ___________ to classified information.
Access
PSIs are used to determine the eligibility of an individual for ___________ or retention to the armed forces.
Acceptance
PSIs are used to determine the eligibility of an individual for ___________ or retention to sensitive duties.
Assignment
True or False: The DoD CAF is the only authority who can grant an interim clearance.
False
DoD CAF responsibilities
- Making adjudicative decisions
- The DoD CAF is a repository for investigative records
- Initiating special investigations
- The DoD CAF adjudicate by applying the whole person concept
Duties that have a great impact on National Security
Designation of Sensitive Duties
This is used to monitor employees for new information or changes that could affect their status.
Continuous Evaluation
This is part of the Continuous Evaluation Program (CEP). It is done at certain intervals based on duties or access.
Reinvestigation
True or False: Special access requirements are designed to provide an additional layer of security to some of our nation’s most valuable assets.
True
True or False: There is no difference between a threat and a vulnerability.
False. Threats and vulnerabilities are related but distinct. Threats to national security exploit vulnerabilities.
The Executive Order (E.O.) that establishes a uniform Personnel Security Program
E.O. 12968
Implements and maintains the DoD personnel security policies and procedures
DoD 5200.2-R
Defines the Adjudicative Guidelines
USD(I) Memorandum, August 30, 2006
This is a system of records of fraud investigations
DCII
This is a system of records of PSIs conducted by OPM
SII
This refers to when adjudicators must ensure that an investigation meets the minimum timeframe and element requirements before reviewing the investigation.
Scope
During due process, military and civilian personnel may request an in-person appearance before this individual.
Administrative Judge
Administers due process for contractor personnel.
DOHA
This board makes the final appeal determination for all personnel
PSAB/Appeal Board
This briefing is given when an individual’s employment is terminated, clearance eligibility is withdrawn, or if the individual will be absent from duty for 60 days or more. It is also given to those who have been inadvertently exposed to classified inform
Termination Briefing
This briefing that applies to cleared personnel who plan to travel in or through foreign countries, or attend meetings attended by representatives of other countries.
Foreign Travel Briefing
This briefing is presented annually to personnel who have access to classified information or assignment to sensitive duties.
Refresher Briefing
What SAPs aim to achieve
- Protect technological breakthroughs
- Cover exploitation of adversary vulnerabilities
- Protect sensitive operational plans
- Reduce intelligence on U.S. capabilities
This communicates how the SAP is acknowledged and protected.
Protection Level
This protection level describes a SAP whose existence may be openly recognized. Its purpose may be identified. However, the details of the program (including its technologies, materials, and techniques) are classified as dictated by their vulnerability to
Acknowledged
This protection level describes a SAP whose existence and purpose are protected. The details, technologies, materials, and techniques are classified as dictated by their vulnerability to exploitation and the risk of compromise. The program funding is ofte
Unacknowledged
SAP Lifecycle
- Establishment (is extra protection warranted?)
- Management and Administration (continued need? processed followed?)
- Apportionment (proper measures in place? approval received)
- Disestablishment (program no longer needed?)
Component-level SAP Central Offices
Exist for each military component, the Joint Chiefs of Staff, Defense Advanced Research Projects Agency (DARPA), and Missile Defense Agency (MDA)
Special Access Program Oversight Committee (SAPOC)
The final SAP approving body chaired by the Deputy Secretary of Defense
Senior Review Group (SRG)
This group ensures there are no duplicative efforts across SAPs
DoD SAP legislative liaison that notifies Congress of SAP approval
DoD Special Access Central Office (SAPCO)
Congressional committees granted SAP access
Authorization, Appropriations, and Intelligence Congressional
Exercise oversight authority for the specific SAP category under their purview.
OSD-level SAP Central Offices
PIE-FAO
People, information, equipment, facilities, activities, and operations
This person is responsible for the installation’s antiterrorism program
Antiterrorism Officer
Responsible for providing valuable information on the capabilities, intentions, and threats of adversaries
CI Support
This person analyzes threats to assets and their vulnerabilities
OPSEC Officer
This person is charged with management, implementation, and direction of all physical security programs
Security Officer
Must be integrated into our intelligence gathering process so that they can be part of coordinating emergency responses and criminal incidents on a Federal installation
Law Enforcement
Security is geared towards protecting an entire area of the installation or facility
Area Security
Determination based on an asset’s importance to national security and effect of loss
Criticality
The intention and the capability of an adversary to undertake detrimental actions
Threat
Security focused on the resource itself
Point Security
Effective Protective Barriers
- Steel barriers
- Chain link fence
- Barbed wire
Purpose of protective barriers
- Establishing boundaries
- Protecting the facility
- Stopping observation
The establishment of a restricted area improves security by ______________ and providing additional layers of security.
Controlling access
True or False: Site lighting is used to enable guard force personnel to observe activities inside or outside the installation
True
True or False: Standby lighting is used when regular lighting is not available
False
Using these assists in security; however, there must always be back-up communication systems in addition to these
Two-way radio
This device sends a signal through wires when it has been triggered
Intrusion Detection Systems
This system has a camera that captures a visual image, converts the image to a video signal, and transmits the image to a remote location
Closed Circuit Televisions (CCTV)
This system allows one to be identified by their eye, handprint, or fingerprint
Automated access control systems
