General Questions

Question 1

Information Security

Answer 1

To promote the proper and effective way to classify, protect, and downgrade official information requiring protection in the interest of national security
Also promotes declassification of information no longer requiring protection

Question 2

1940

1st information security executive order

Answer 2

EO 8381

Question 3

EO 13526

Answer 3

2009
Current executive order on information security
Prescribes a uniform system for classifying, safeguarding, and declassifying national security information
Promotes declassification and public access to information as soon as national security considerations permit
Established National Declassification Center
Greater openness and transparency
Stronger OCA and derivative classifier training requirements
Derivative classifiers identified by name
Self-inspection programs to review samples of original and derivatively classified documents
Declassification exemptions of 50 and 75 years

Question 4

ISOO

Answer 4

Information Security Oversight Office
Responsible for overseeing and managing the information security program under the guidance of the National Security Council (NSC)
NSC provides overall policy direction
ISOO is the operating arm
Annual report to the president about each agency’s security classification program, analysis and reports

Question 5

SF-311

Answer 5

Agency Security Classification Management Program Data

Question 6

USD(I)

Answer 6

Under Secretary of Defense for Intelligence
Has the primary responsibility for providing guidance, oversight, and approval authority of policies and procedures that govern the DoD Information Security Program
Guidance on Classification Management - marking, handling and protection

Question 7

ISOO 32 CFR Parts 2001 and 2003

Answer 7

Classified National Security Information Final Rule
Provides guidance to all government agencies on classification, downgrading, declassification, and safeguarding of classified national security information

Question 8

Information Security Program and Protection of Sensitive Compartmented Information
Establishes the basic information security policies for the DoD and provides a high-level framework for DoD implementation of national policy on classified national security information
Authorizes the publication of DoDM 5200.01 Vol 1-4, the DoD Information Security Program

Answer 8

DoD Instruction 5200.01

Question 9

Handbook for Writing Security Classification Guidance

Provides detailed information on how to develop security classification guidance

Answer 9

DoD 5200-1.H

Question 10

Requires protection form unauthorized disclosure
To be eligible - must be official government information that is owned by, produced by, produced for, or under the strict control of the US government

Answer 10

Classified Information

Question 11

3 Levels of Classification

Answer 11

TS - grave damage to national security
S - serious damage to national security
C - damage to national security

Question 12

Determination that information requires protection in the interest of national security
Either original or derivative

Answer 12

Classification

Question 13

An initial determination that information requires protection against unauthorized disclosure in the interest of national security

Answer 13

Original Classification

Question 14

OCA

Answer 14

Original Classification Authority
Request for OCA contains mission justification and position title
Delegated in writing by the president to the occupant of the position, not to an individual by name, not able to delegate further unless “acting”
Specifies the highest level of the OCA can classify a piece of information and their jurisdiction
Must go through training prior to exercising their authority and at least 1x a year
A demonstrable and continuing need for such authority at least 2x a year

Question 15

6 steps to OCA decision process

Answer 15

Gov’t Info - Determine if the information is official government information or has it already been classified by another OCA
Eligibility - determine if the information is eligible for classification (not a smokescreen)
Impact/harm - determine if potential for damage to national security if release occurs
Designation - assign a level of classification
Duration - determine duration of classification
Guidance - communicate decision via SCG or properly marked source document

Question 16

SCG

Answer 16

Security Classification Guide
A document issued by a OCA that provides derivative classification instructions
Describes the elements of information that must be protected as well as the level and duration of classification

Question 17

SCG Format

Answer 17

General instructions
Overall efforts
Performance and capabilities
Specifications
Critical elements
Vulnerabilities and weaknesses
Administrative data
Hardware

Question 18

CPI

Answer 18

Critical Program Information
Includes both classified military information and controlled unclassified information
Needs to be protected from unauthorized or inadvertent destruction, transfer, alteration, or loss
Compromise of critical program information can significantly alter program direction, shorten combat effective life of the system, or require additional research, development, test, and evaluation resources to counter impact of its loss
DoD 5200.39

Question 19

Compilation

Answer 19

Combining elements of information that are individually unclassified may be classified if the compiled information reveals an additional association or relationship that qualifies for classification under DoD policy
OCAs designate when and what types of information are classified through compilation
Explain the basis for classification by compilation on the face of the document or in the text
Mark each portion individually according to its classified content

Question 20

The process of using existing classified information to create new material and marking that newly developed material consistent with the classification markings that apply to the source information
The incorporating, paraphrasing, restating, or generating in new form any information that is already classified
Not an authority, an assumed responsibility
Does not include duplication or reproduction of existing classified information
Must receive training at least once every 2 years

Answer 20

Derivative Classification

Question 21

5 Requirements of Derivative Classification

Answer 21

Observe and respect the OCA’s original classification determination
Apply required markings
Use only authorized sources (SCG and source documents)
Use caution when paraphrasing - required knowledge of subject
Take steps to resolve doubts

Question 22

Authorized Sources

Answer 22

SCG, properly marked source documents, DD254

When there is a conflict, the SCG takes precedence

Question 23

Extracting

Answer 23

When information is taken directly from an authorized classification guidance source and is stated verbatim in a new or different document

Question 24

Paraphrasing/restating

Answer 24

When information is taken from an authorized source and is re-worded in a new of different document
Be careful to ensure that the classification has not been changed

Question 25

Generating

Answer 25

When information is taken from an authorized source and generated into another form or medium, such as a video, DVD, or CD

Question 26

Contained in

Answer 26

Applied when derivative classifiers incorporate classified information from an authorized source into a new document, and no additional interpretation or analysis is needed to determine the classification of that information

Question 27

Revealed by

Answer 27

Applies when derivative classifiers incorporate classified information from an authorized source into a new document that is not clearly or explicitly stated in the source document but a reader can deduce the classified information from the new document by performing some level of additional interpretation or analysis

Question 28

Declassification

Answer 28

The authorized change in the status of information from classified to unclassified
Instructions are placed on the front of a document and usually appear as declassify on and the date or declassify on and the event
Instructions not applied to RD (determined by DOE) or FRD (detered by DOE and DoD)

Question 29

4 Declassification Systems

Answer 29

Scheduled - instructions assigned by the OCA are followed by date or event
Automatic - set up through EO 13526; applies to records that have “historical value” under Title 44 of US Code; Dec 31st of year 25 years from original classification; 9 categories of exceptions
Mandatory - the declassification system where the public can ask for classified information to be reviewed for declassification and public release
Systematic - permanently valuable classified records are reviewed for declassification after they reach a specific age; information exempted from automatic declassification is reviewed for possible declassification

Question 30

Declassification Exceptions

Answer 30

Information marked 25X, 50X, 75X + exemption category
50X HUM - no date of declassification - reveals human intelligence source
50X2 WMD - no date of declassification - reveals design of weapons of mass destruction

Question 31

SF-312

Answer 31

Classified Information Non-Disclosure Agreement
Contractual agreement between the US Gov’t and cleared employee that must be executed as a condition of access
Agreement to never disclose classified information to an unauthorized person (clearance, NTK, SF-312)

Question 32

SF-701

Answer 32

Activity Security Checklist

Verify you didn’t leave classified materials unsecure as well as ensure the area is safe and secure

Question 33

SF-702

Answer 33

Security Container Check Sheet

Used to record opening and closing of container

Question 34

SF-703

Answer 34

Coversheet for TS

Question 35

SF-704

Answer 35

Coversheet for S

Question 36

SF-705

Answer 36

Coversheet for C

Question 37

DD Form 2501

Answer 37

Courier Authorization Card

Question 38

Unauthorized Disclosure could…

Answer 38

Inhibit our national defense capabilities

Adversely affect our foreign relations

Question 39

DoD Component Requirements

Answer 39

Agencies add their own requirements to ensure security measures are effective for their unique missions
Designate a Senior Agency Official to oversee the program
Appoint a Security Manager for education and training

Question 40

ISCAP

Answer 40

Interagency Security Classifications Appeals Panel
Established by EO 12958
Receives guidance from EO 13526
Provides public and users of the classification system with a forum for further review of classification decisions
Classification challenges
Exceptions from Automatic Declassification “File Exemption Series”
Mandatory Declassification Review Appeals
Inform Decisions

Question 41

Custodian

Answer 41

Someone who is in possession of and charged with safeguarding classified information
Required to verify clearance eligibility, access level, NTK and SF-312 completed before providing to another person

Question 42

Knowing, willful, or negligent action that could reasonably be expected to result in an unauthorized disclosure of classified information
Knowing, willful, or negligent action to classify or continue to classify information contrary to the EO 13526
Knowing, willful, or negligent action to create or continue a SAP contrary EO 13526

Answer 42

Security Violation

Question 43

Involves failure to comply with EO 13526 which cannot reasonably be expected to an does not result in loss, suspected compromise, or actual compromise of classified information

Answer 43

Security Infraction

Question 44

Incident Reporting

Answer 44

Incidents that result in significant consequence or may become public must be promptly reported to the OUSD(I)
Espionage
Unauthorized disclosure to public media
Involving creation or continuation of a SAP against regulation
Defense operations that could cause harm to national security

Question 45

COMSEC

Answer 45

Crypto, emission, transmission, physical security
Protect telecommunications
Deny unauthorized persons information of value
Ensure the authenticity of communication
National Security Telecommunication and Information Systems Security Instruction (NSTISSI) No. 4001

Question 46

Transportation/Mailing

Answer 46

DoDM 5200.01 V3
TS - face to face, cryptographic, or courier
S - USPS registered mail, USPS express mail authorized only when it is the most effective means considering security, time, cost, and accountability
C - USPS certified mail, ESPS first class mail. DCS (Defense Courier Service), USPS registered mail

Question 47

Inner Mailing Wrapping

Answer 47

Address to official gov’t activity or contractor
Complete return address to your office
Conspicuously marked with the highest level of classified information
Include applicable special markings “RD”
Sealed to minimize possibility of access without leaving evidence of tampering

Question 48

Outer Mailing Wrapping

Answer 48

Insert inner envelope within outer and seal to minimize possibility of access without leaving evidence of tampering
Address to an official gov’t or DoD contractor
DO NOT address to individual’s name on inner wrapping
Put your office’s full return address
DO NOT put any markings or notations on the outer envelope to indicate contents are classified

Question 49

Handcarrying

Answer 49

Must be done by an appropriately cleared gov’t or contractor employee
Written authorization always required
Letter of authorization if traveling on commercial airline
Written statement (DD Form 2501) if another mode of transportation
Material should be double wrapped - briefcase is outer layer if locked
Items may be opened en route as a last resort if required by customs or police but must be opened out of sight of the general public

Question 50

Authorized Destruction

Answer 50

Burning, shredding, pulverizing, disintegration, pulping, melting, chemical decomposition, mutilation
NSA maintains listing of evaluated destruction and degaussing products that have been tested and meet performance requiremetns
Shredders cross-cut capability 1mm x 5mm

Question 51

Atomic Energy Information

Answer 51

Control markings that have RD or FRD marked in accordance with the Atomic Energy Act of 1954 as amended

Question 52

SCI

Answer 52

Sensitive Compartmented Information
Classified information derived from intelligence sources methods
Handled in accordance with formal access control systems established by the Director of National Intelligence

Question 53

SAP

Answer 53

Special Access Program
Established in accordance with DoDM 5200.01 Information Security Program
Only created when absolutely necessary to protect nation’s most sensitive and critical information or when required by statues
DoD program or activity employing enhanced security measures exceeding those normally required for information at the same classification level
May only be approved by the Secretary of Defense or the Deputy Secretary of Defense

Question 54

NATO

Answer 54

Alliance of 28 countries since 1949

Marked and safeguarded in accordance with the US Security Authority for NATO or USSAN

Question 55

Patent Secrecy Act

Answer 55

Secretary of Defense may determine that discourse of an invention by granting of a patent would be detrimental to national security
Subject to special secrecy order

Question 56

FOIA

Answer 56

Freedom of Information Act
To be exempt from mandatory release, it must fit into one of the qualifying categories and there must be a legitimate gov’t purpose to withhold it
FOUO is a designation that applies to Unclassified that may be exempt from mandatory release

Question 57

FOIA Exemptions

Answer 57

Exemption 1: Information that is classified to protect national security.
Exemption 2: Information related solely to the internal personnel rules and practices of an agency.
Exemption 3: Information that is prohibited from disclosure by another federal law.
Exemption 4: Trade secrets or commercial or financial information that is confidential or privileged.
Exemption 5: Privileged communications within or between agencies, including: Deliberative Process Privilege, Attorney-Work Product Privilege, Attorney-Client Privilege
Exemption 6: Information that, if disclosed, would invade another individual’s personal privacy.
Exemption 7: Information compiled for law enforcement purposes that:
7(A). Could reasonably be expected to interfere with enforcement proceedings
7(B). Would deprive a person of a right to a fair trial or an impartial adjudication
7(C). Could reasonably be expected to constitute an unwarranted invasion of personal privacy
7(D). Could reasonably be expected to disclose the identity of a confidential source
7(E). Would disclose techniques and procedures for law enforcement investigations or prosecutions
7(F). Could reasonably be expected to endanger the life or physical safety of any individual
Exemption 8: Information that concerns the supervision of financial institutions.
Exemption 9: Geological information on wells.

Question 58

STIP

Answer 58

Scientific and Technical Information Program
Not a control marking but a program that implements distribution control statements on scientific and technical information
Improves acquisition data sources
Disseminated technical information efficiently
Prevents loss of technical information to US adversaries and competition
Aids transfer of technical information to qualified researches in industry and gov’t

Question 59

Initial Orientation

Answer 59

DoDM 5200.01 Vol 3
Required prior to allowing access to classified information
All personnel in the organization (civilians, military, contractor support)
Topics:
Controlled Unclassified Information
Basic security policies and procedures
Individual security responsibilities and sanctions for non-compliance
Need to review unclassified info prior to public access
Identify DoD Senior Agency Official and Security Manager