General Questions Flashcards

1
Q

Information Security

A

To promote the proper and effective way to classify, protect, and downgrade official information requiring protection in the interest of national security
Also promotes declassification of information no longer requiring protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

1940

1st information security executive order

A

EO 8381

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

EO 13526

A

2009
Current executive order on information security
Prescribes a uniform system for classifying, safeguarding, and declassifying national security information
Promotes declassification and public access to information as soon as national security considerations permit
Established National Declassification Center
Greater openness and transparency
Stronger OCA and derivative classifier training requirements
Derivative classifiers identified by name
Self-inspection programs to review samples of original and derivatively classified documents
Declassification exemptions of 50 and 75 years

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ISOO

A

Information Security Oversight Office
Responsible for overseeing and managing the information security program under the guidance of the National Security Council (NSC)
NSC provides overall policy direction
ISOO is the operating arm
Annual report to the president about each agency’s security classification program, analysis and reports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SF-311

A

Agency Security Classification Management Program Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

USD(I)

A

Under Secretary of Defense for Intelligence
Has the primary responsibility for providing guidance, oversight, and approval authority of policies and procedures that govern the DoD Information Security Program
Guidance on Classification Management - marking, handling and protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ISOO 32 CFR Parts 2001 and 2003

A

Classified National Security Information Final Rule
Provides guidance to all government agencies on classification, downgrading, declassification, and safeguarding of classified national security information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Information Security Program and Protection of Sensitive Compartmented Information
Establishes the basic information security policies for the DoD and provides a high-level framework for DoD implementation of national policy on classified national security information
Authorizes the publication of DoDM 5200.01 Vol 1-4, the DoD Information Security Program

A

DoD Instruction 5200.01

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Handbook for Writing Security Classification Guidance

Provides detailed information on how to develop security classification guidance

A

DoD 5200-1.H

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Requires protection form unauthorized disclosure
To be eligible - must be official government information that is owned by, produced by, produced for, or under the strict control of the US government

A

Classified Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

3 Levels of Classification

A

TS - grave damage to national security
S - serious damage to national security
C - damage to national security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Determination that information requires protection in the interest of national security
Either original or derivative

A

Classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An initial determination that information requires protection against unauthorized disclosure in the interest of national security

A

Original Classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

OCA

A

Original Classification Authority
Request for OCA contains mission justification and position title
Delegated in writing by the president to the occupant of the position, not to an individual by name, not able to delegate further unless “acting”
Specifies the highest level of the OCA can classify a piece of information and their jurisdiction
Must go through training prior to exercising their authority and at least 1x a year
A demonstrable and continuing need for such authority at least 2x a year

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

6 steps to OCA decision process

A

Gov’t Info - Determine if the information is official government information or has it already been classified by another OCA
Eligibility - determine if the information is eligible for classification (not a smokescreen)
Impact/harm - determine if potential for damage to national security if release occurs
Designation - assign a level of classification
Duration - determine duration of classification
Guidance - communicate decision via SCG or properly marked source document

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SCG

A

Security Classification Guide
A document issued by a OCA that provides derivative classification instructions
Describes the elements of information that must be protected as well as the level and duration of classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

SCG Format

A
General instructions
Overall efforts
Performance and capabilities
Specifications
Critical elements
Vulnerabilities and weaknesses
Administrative data
Hardware
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

CPI

A

Critical Program Information
Includes both classified military information and controlled unclassified information
Needs to be protected from unauthorized or inadvertent destruction, transfer, alteration, or loss
Compromise of critical program information can significantly alter program direction, shorten combat effective life of the system, or require additional research, development, test, and evaluation resources to counter impact of its loss
DoD 5200.39

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Compilation

A

Combining elements of information that are individually unclassified may be classified if the compiled information reveals an additional association or relationship that qualifies for classification under DoD policy
OCAs designate when and what types of information are classified through compilation
Explain the basis for classification by compilation on the face of the document or in the text
Mark each portion individually according to its classified content

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The process of using existing classified information to create new material and marking that newly developed material consistent with the classification markings that apply to the source information
The incorporating, paraphrasing, restating, or generating in new form any information that is already classified
Not an authority, an assumed responsibility
Does not include duplication or reproduction of existing classified information
Must receive training at least once every 2 years

A

Derivative Classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

5 Requirements of Derivative Classification

A

Observe and respect the OCA’s original classification determination
Apply required markings
Use only authorized sources (SCG and source documents)
Use caution when paraphrasing - required knowledge of subject
Take steps to resolve doubts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Authorized Sources

A

SCG, properly marked source documents, DD254

When there is a conflict, the SCG takes precedence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Extracting

A

When information is taken directly from an authorized classification guidance source and is stated verbatim in a new or different document

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Paraphrasing/restating

A

When information is taken from an authorized source and is re-worded in a new of different document
Be careful to ensure that the classification has not been changed

25
Q

Generating

A

When information is taken from an authorized source and generated into another form or medium, such as a video, DVD, or CD

26
Q

Contained in

A

Applied when derivative classifiers incorporate classified information from an authorized source into a new document, and no additional interpretation or analysis is needed to determine the classification of that information

27
Q

Revealed by

A

Applies when derivative classifiers incorporate classified information from an authorized source into a new document that is not clearly or explicitly stated in the source document but a reader can deduce the classified information from the new document by performing some level of additional interpretation or analysis

28
Q

Declassification

A

The authorized change in the status of information from classified to unclassified
Instructions are placed on the front of a document and usually appear as declassify on and the date or declassify on and the event
Instructions not applied to RD (determined by DOE) or FRD (detered by DOE and DoD)

29
Q

4 Declassification Systems

A

Scheduled - instructions assigned by the OCA are followed by date or event
Automatic - set up through EO 13526; applies to records that have “historical value” under Title 44 of US Code; Dec 31st of year 25 years from original classification; 9 categories of exceptions
Mandatory - the declassification system where the public can ask for classified information to be reviewed for declassification and public release
Systematic - permanently valuable classified records are reviewed for declassification after they reach a specific age; information exempted from automatic declassification is reviewed for possible declassification

30
Q

Declassification Exceptions

A

Information marked 25X, 50X, 75X + exemption category
50X HUM - no date of declassification - reveals human intelligence source
50X2 WMD - no date of declassification - reveals design of weapons of mass destruction

31
Q

SF-312

A

Classified Information Non-Disclosure Agreement
Contractual agreement between the US Gov’t and cleared employee that must be executed as a condition of access
Agreement to never disclose classified information to an unauthorized person (clearance, NTK, SF-312)

32
Q

SF-701

A

Activity Security Checklist

Verify you didn’t leave classified materials unsecure as well as ensure the area is safe and secure

33
Q

SF-702

A

Security Container Check Sheet

Used to record opening and closing of container

34
Q

SF-703

A

Coversheet for TS

35
Q

SF-704

A

Coversheet for S

36
Q

SF-705

A

Coversheet for C

37
Q

DD Form 2501

A

Courier Authorization Card

38
Q

Unauthorized Disclosure could…

A

Inhibit our national defense capabilities

Adversely affect our foreign relations

39
Q

DoD Component Requirements

A

Agencies add their own requirements to ensure security measures are effective for their unique missions
Designate a Senior Agency Official to oversee the program
Appoint a Security Manager for education and training

40
Q

ISCAP

A

Interagency Security Classifications Appeals Panel
Established by EO 12958
Receives guidance from EO 13526
Provides public and users of the classification system with a forum for further review of classification decisions
Classification challenges
Exceptions from Automatic Declassification “File Exemption Series”
Mandatory Declassification Review Appeals
Inform Decisions

41
Q

Custodian

A

Someone who is in possession of and charged with safeguarding classified information
Required to verify clearance eligibility, access level, NTK and SF-312 completed before providing to another person

42
Q

Knowing, willful, or negligent action that could reasonably be expected to result in an unauthorized disclosure of classified information
Knowing, willful, or negligent action to classify or continue to classify information contrary to the EO 13526
Knowing, willful, or negligent action to create or continue a SAP contrary EO 13526

A

Security Violation

43
Q

Involves failure to comply with EO 13526 which cannot reasonably be expected to an does not result in loss, suspected compromise, or actual compromise of classified information

A

Security Infraction

44
Q

Incident Reporting

A

Incidents that result in significant consequence or may become public must be promptly reported to the OUSD(I)
Espionage
Unauthorized disclosure to public media
Involving creation or continuation of a SAP against regulation
Defense operations that could cause harm to national security

45
Q

COMSEC

A

Crypto, emission, transmission, physical security
Protect telecommunications
Deny unauthorized persons information of value
Ensure the authenticity of communication
National Security Telecommunication and Information Systems Security Instruction (NSTISSI) No. 4001

46
Q

Transportation/Mailing

A

DoDM 5200.01 V3
TS - face to face, cryptographic, or courier
S - USPS registered mail, USPS express mail authorized only when it is the most effective means considering security, time, cost, and accountability
C - USPS certified mail, ESPS first class mail. DCS (Defense Courier Service), USPS registered mail

47
Q

Inner Mailing Wrapping

A

Address to official gov’t activity or contractor
Complete return address to your office
Conspicuously marked with the highest level of classified information
Include applicable special markings “RD”
Sealed to minimize possibility of access without leaving evidence of tampering

48
Q

Outer Mailing Wrapping

A

Insert inner envelope within outer and seal to minimize possibility of access without leaving evidence of tampering
Address to an official gov’t or DoD contractor
DO NOT address to individual’s name on inner wrapping
Put your office’s full return address
DO NOT put any markings or notations on the outer envelope to indicate contents are classified

49
Q

Handcarrying

A

Must be done by an appropriately cleared gov’t or contractor employee
Written authorization always required
Letter of authorization if traveling on commercial airline
Written statement (DD Form 2501) if another mode of transportation
Material should be double wrapped - briefcase is outer layer if locked
Items may be opened en route as a last resort if required by customs or police but must be opened out of sight of the general public

50
Q

Authorized Destruction

A

Burning, shredding, pulverizing, disintegration, pulping, melting, chemical decomposition, mutilation
NSA maintains listing of evaluated destruction and degaussing products that have been tested and meet performance requiremetns
Shredders cross-cut capability 1mm x 5mm

51
Q

Atomic Energy Information

A

Control markings that have RD or FRD marked in accordance with the Atomic Energy Act of 1954 as amended

52
Q

SCI

A

Sensitive Compartmented Information
Classified information derived from intelligence sources methods
Handled in accordance with formal access control systems established by the Director of National Intelligence

53
Q

SAP

A

Special Access Program
Established in accordance with DoDM 5200.01 Information Security Program
Only created when absolutely necessary to protect nation’s most sensitive and critical information or when required by statues
DoD program or activity employing enhanced security measures exceeding those normally required for information at the same classification level
May only be approved by the Secretary of Defense or the Deputy Secretary of Defense

54
Q

NATO

A

Alliance of 28 countries since 1949

Marked and safeguarded in accordance with the US Security Authority for NATO or USSAN

55
Q

Patent Secrecy Act

A

Secretary of Defense may determine that discourse of an invention by granting of a patent would be detrimental to national security
Subject to special secrecy order

56
Q

FOIA

A

Freedom of Information Act
To be exempt from mandatory release, it must fit into one of the qualifying categories and there must be a legitimate gov’t purpose to withhold it
FOUO is a designation that applies to Unclassified that may be exempt from mandatory release

57
Q

FOIA Exemptions

A

Exemption 1: Information that is classified to protect national security.
Exemption 2: Information related solely to the internal personnel rules and practices of an agency.
Exemption 3: Information that is prohibited from disclosure by another federal law.
Exemption 4: Trade secrets or commercial or financial information that is confidential or privileged.
Exemption 5: Privileged communications within or between agencies, including: Deliberative Process Privilege, Attorney-Work Product Privilege, Attorney-Client Privilege
Exemption 6: Information that, if disclosed, would invade another individual’s personal privacy.
Exemption 7: Information compiled for law enforcement purposes that:
7(A). Could reasonably be expected to interfere with enforcement proceedings
7(B). Would deprive a person of a right to a fair trial or an impartial adjudication
7(C). Could reasonably be expected to constitute an unwarranted invasion of personal privacy
7(D). Could reasonably be expected to disclose the identity of a confidential source
7(E). Would disclose techniques and procedures for law enforcement investigations or prosecutions
7(F). Could reasonably be expected to endanger the life or physical safety of any individual
Exemption 8: Information that concerns the supervision of financial institutions.
Exemption 9: Geological information on wells.

58
Q

STIP

A

Scientific and Technical Information Program
Not a control marking but a program that implements distribution control statements on scientific and technical information
Improves acquisition data sources
Disseminated technical information efficiently
Prevents loss of technical information to US adversaries and competition
Aids transfer of technical information to qualified researches in industry and gov’t

59
Q

Initial Orientation

A

DoDM 5200.01 Vol 3
Required prior to allowing access to classified information
All personnel in the organization (civilians, military, contractor support)
Topics:
Controlled Unclassified Information
Basic security policies and procedures
Individual security responsibilities and sanctions for non-compliance
Need to review unclassified info prior to public access
Identify DoD Senior Agency Official and Security Manager