General Questions Flashcards
Information Security
To promote the proper and effective way to classify, protect, and downgrade official information requiring protection in the interest of national security
Also promotes declassification of information no longer requiring protection
1940
1st information security executive order
EO 8381
EO 13526
2009
Current executive order on information security
Prescribes a uniform system for classifying, safeguarding, and declassifying national security information
Promotes declassification and public access to information as soon as national security considerations permit
Established National Declassification Center
Greater openness and transparency
Stronger OCA and derivative classifier training requirements
Derivative classifiers identified by name
Self-inspection programs to review samples of original and derivatively classified documents
Declassification exemptions of 50 and 75 years
ISOO
Information Security Oversight Office
Responsible for overseeing and managing the information security program under the guidance of the National Security Council (NSC)
NSC provides overall policy direction
ISOO is the operating arm
Annual report to the president about each agency’s security classification program, analysis and reports
SF-311
Agency Security Classification Management Program Data
USD(I)
Under Secretary of Defense for Intelligence
Has the primary responsibility for providing guidance, oversight, and approval authority of policies and procedures that govern the DoD Information Security Program
Guidance on Classification Management - marking, handling and protection
ISOO 32 CFR Parts 2001 and 2003
Classified National Security Information Final Rule
Provides guidance to all government agencies on classification, downgrading, declassification, and safeguarding of classified national security information
Information Security Program and Protection of Sensitive Compartmented Information
Establishes the basic information security policies for the DoD and provides a high-level framework for DoD implementation of national policy on classified national security information
Authorizes the publication of DoDM 5200.01 Vol 1-4, the DoD Information Security Program
DoD Instruction 5200.01
Handbook for Writing Security Classification Guidance
Provides detailed information on how to develop security classification guidance
DoD 5200-1.H
Requires protection form unauthorized disclosure
To be eligible - must be official government information that is owned by, produced by, produced for, or under the strict control of the US government
Classified Information
3 Levels of Classification
TS - grave damage to national security
S - serious damage to national security
C - damage to national security
Determination that information requires protection in the interest of national security
Either original or derivative
Classification
An initial determination that information requires protection against unauthorized disclosure in the interest of national security
Original Classification
OCA
Original Classification Authority
Request for OCA contains mission justification and position title
Delegated in writing by the president to the occupant of the position, not to an individual by name, not able to delegate further unless “acting”
Specifies the highest level of the OCA can classify a piece of information and their jurisdiction
Must go through training prior to exercising their authority and at least 1x a year
A demonstrable and continuing need for such authority at least 2x a year
6 steps to OCA decision process
Gov’t Info - Determine if the information is official government information or has it already been classified by another OCA
Eligibility - determine if the information is eligible for classification (not a smokescreen)
Impact/harm - determine if potential for damage to national security if release occurs
Designation - assign a level of classification
Duration - determine duration of classification
Guidance - communicate decision via SCG or properly marked source document
SCG
Security Classification Guide
A document issued by a OCA that provides derivative classification instructions
Describes the elements of information that must be protected as well as the level and duration of classification
SCG Format
General instructions Overall efforts Performance and capabilities Specifications Critical elements Vulnerabilities and weaknesses Administrative data Hardware
CPI
Critical Program Information
Includes both classified military information and controlled unclassified information
Needs to be protected from unauthorized or inadvertent destruction, transfer, alteration, or loss
Compromise of critical program information can significantly alter program direction, shorten combat effective life of the system, or require additional research, development, test, and evaluation resources to counter impact of its loss
DoD 5200.39
Compilation
Combining elements of information that are individually unclassified may be classified if the compiled information reveals an additional association or relationship that qualifies for classification under DoD policy
OCAs designate when and what types of information are classified through compilation
Explain the basis for classification by compilation on the face of the document or in the text
Mark each portion individually according to its classified content
The process of using existing classified information to create new material and marking that newly developed material consistent with the classification markings that apply to the source information
The incorporating, paraphrasing, restating, or generating in new form any information that is already classified
Not an authority, an assumed responsibility
Does not include duplication or reproduction of existing classified information
Must receive training at least once every 2 years
Derivative Classification
5 Requirements of Derivative Classification
Observe and respect the OCA’s original classification determination
Apply required markings
Use only authorized sources (SCG and source documents)
Use caution when paraphrasing - required knowledge of subject
Take steps to resolve doubts
Authorized Sources
SCG, properly marked source documents, DD254
When there is a conflict, the SCG takes precedence
Extracting
When information is taken directly from an authorized classification guidance source and is stated verbatim in a new or different document