General Questions II Flashcards

1
Q

Identify the four Cognizant Security Agencies (CSAs) and describe their role in the National Industrial Security Program (NISP).

A

The four CSAs are:
� Department of Defense (DoD)
� Director of National Intelligence (DNI)
� Department of Energy (DoE)
� Nuclear Regulatory Commission (NRC).
Each establish an industrial security program to safeguard classified information under its jurisdiction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the definition of Critical Program Information in DoD?

A

� U.S. capability elements that contribute to the warfighter’s advantage throughout the life cycle, which if compromised or subject to unauthorized disclosure, decrease the advantage.
� Elements or components of a Research, Development, and Acquisition (RDA) program that, if compromised, could cause significant degradation in mission effectiveness; shorten the expected combat-effective life of the system; reduce technological advantage; significantly alter program direction; or enable an adversary to defeat, counter, copy, or reverse engineer the technology or capability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

List three primary authorities governing foreign disclosure of classified military information.

A

� Arms Export Control Act
� National Security Decision Memorandum 119
� National Disclosure Policy-1
� International Tra c in Arms Regulation (ITAR)
� E.O.s 12829, 13526
� Bilateral Security Agreements
� DoD 5220.22-M, “NISPOM,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Briefly describe the purpose of the DD Form 254.

A

Convey security requirements, classification guidance and provide handling procedures for classified material received and/or generated on a classified contract.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

List three factors for determining whether U.S. companies are under Foreign Ownership, Control or Influence (FOCI).

A

� Record of economic and government espionage against the U.S. targets
� Record of enforcement/engagement in unauthorized technology transfer
� Type and sensitivity of the information that shall be accessed
� The source, nature and extent of FOCI
� Record of compliance with pertinent U.S. laws, regulations and contracts
� Nature of bilateral & multilateral security & information exchange agreements
� Ownership or control, in whole or part, by a foreign government

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define the purpose and the function of the Militarily Critical Technologies List (MCTL).

A

� Serves as a technical reference for the development and implementation of DoD technology, security policies on international transfers of defense-related goods, services, and technologies as administered by the Director, Defense Technology Security Administration (DTSA).
� Formulation of export control proposals and export license review

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

List the three main policies that govern the DoD Information Security Program.

A

� E.O. 13526
� Information Security Oversight Office (ISOO)
32 CFR Parts 2001 & 2003, “Classified National Security Information; Final Rule”
� DoD Manual 5200.01, Volumes 1-4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What must an “authorized person” have before being granted access to classified information?

A

Have:
� Favorable determination of eligibility for access
� A need to know the information
� Signed SF 312 Nondisclosure Agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

List three classification duration options for originally classified information.

A
� Date or event that is: � Less than 10 years
� At 10 years
� Up to 25 years
� 50X1-HUM (with no date or event)
� 50X2-WMD (with no date or event)
� 25X (with a date or event)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

List three authorized sources of security classification guidance that could be used in the derivative classification process.

A

� Security Classi cation Guide
� Properly Marked Source Document
� Contract Security Classification Specification (DD254)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define derivative classification.

A

Incorporating, paraphrasing, restating, or generating in new form information that is already classified and marking the newly developed material consistent with the markings that apply to the source information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define the difference between a security infraction and a security violation.

A

An infraction cannot reasonably be expected to and does not result in the loss, compromise, or suspected compromise of classified information;
whereas a violation does result in or could be expected to result in the loss or compromise of classified information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define unauthorized disclosure.

A

Communication or physical transfer of classified or controlled unclassified information to an unauthorized recipient.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

List three types of initial personnel security investigations and to whom they apply.

A

� SSBI: Military, Civilian, Contractor
� ANACI: Civilian
� NACLC: Military and Contractor
� NACI: Civilian and Contractor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Describe the purpose of due process in Personnel Security Program (PSP).

A

Ensures fairness by providing the subject the opportunity to appeal an unfavorable adjudicative determination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

List the key procedures for initiating Personnel Security Investigations (PSIs).

A

� Validate the need for an investigation
� Initiate e-QIP
� Review SF86 for completeness
� Submit electronically to OPM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

List three DoD position sensitivity types and their investigative requirements.

A

� Critical Sensitive: SSBI, SSBI-PR, PPR
� Non-Critical Sensitive: ANACI, NACLC
� Nonsensitive: NACI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Describe the difference between revocation and denial in Personnel Security Program (PSP).

A

� Revocation: A current security eligibility determination is rescinded.
� Denial: An initial request for security eligibility is not granted.

19
Q

Describe the purpose of a Statement of Reason (SOR)

A

The purpose of the SOR is to provide a comprehensive and detailed written explanation of why a preliminary unfavorable adjudicative determination was made.

20
Q

List five adjudicative guidelines.

A
� Allegiance to the United States
� Foreign Influence
� Foreign Preference
� Sexual Behavior
� Personal Conduct
� Financial Considerations
� Alcohol Consumption
� Drug Involvement
� Psychological Conditions
� Criminal Conduct
� Handling Protected Information
� Outside Activities
� Use of Information Technology Systems
21
Q

List three different types of approved classified material storage areas.

A

� GSA-approved storage containers
� Vaults (including modular vaults)
� Open storage area (secure rooms, to include SCIFs and
bulk storage areas)

22
Q

What is the NISP and its purpose?

A

The National Industrial Security Program is a program to safeguard classified information entrusted to industry. The purpose of the NISP is to define the requirements, restrictions, and other safeguards in order to prevent unauthorized disclosure of classified information.

23
Q

What are three principle incident/ events required to be reported to DoD counterintelligence (CI) organizations?

A

� Espionage
� Sabotage
� Terrorism
� Cyber

24
Q

List three indicators of insider threats.

A

� Failure to report overseas travel or contact with foreign nationals
� Seeking to gain higher clearance or expand access outside the job scope
� Engaging in classified conversations without a need to know
� Working hours inconsistent with job assignment or insistence on working in private
� Exploitable behavior traits
� Repeated security violations
� Attempting to enter areas without approved access
� Unexplainable affluence
� Illegal download of information/files

25
Q

List three elements that should be considered in identifying Critical Program Information.

A

Elements which if compromised could: (1) cause significant degradation in mission effectiveness, (2) shorten the expected combat-effective life of the system; (3) reduce technological advantage; (4) significantly alter program direction; or (5) enable an adversary to defeat, counter, copy, or reverse-engineer the technology or capability.

26
Q

List three elements that a security professional should consider when assessing and managing risks to DoD assets.

A
� Asset
� Threat
� Vulnerability
� Risk
� Countermeasures
27
Q

List three categories of Special Access Programs.

A

� Acquisition
� Intelligence
� Operations and Support

28
Q

List three different types of threats to classified information.

A

� Insider Threat
� Foreign Intelligence Entities (FIE)
� Cybersecurity Threat

29
Q

Briefly describe the concept of insider threat.

A

An employee who may represent a threat to national security. These threats encompass potential espionage, violent acts against the Government or the nation, and unauthorized disclosure of classified information.

30
Q

Describe the purpose of the Foreign Visitor Program.

A

To track and approve access by a foreign entity
to information that is classi ed; and to approve access by a foreign entity to information that is unclassified, related to a U.S. Government contract, or plant visits covered by ITAR.

31
Q

Briefly define a Special Access Program.

A

A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level.

32
Q

List three enhanced PERSONNEL security requirements for protecting Special Access Program (SAP) Information.

A

� Access Rosters
� Indoctrination Agreement
� Individual must materially contribute to the program in addition to having the need to know
� All individuals with access to SAP are subject to a random counterintelligence-scope polygraph examination
� Polygraph examination, if approved by the DepSecDef, may be used as a mandatory access determination
� Tier review process
� Personnel must have a Secret or Top Secret clearance
� SF-86 must be current within one year
� Limited Access
� Waivers required for foreign cohabitants, spouses, and immediate family members.

33
Q

List three enhanced PHYSICAL security requirements for protecting Special Access Program (SAP) Information.

A

� Access Control
� Maintain a SAP Facility
� Access Roster
� All SAPs must have an unclassified nickname/Codeword

34
Q

List five responsibilities of the Government SAP Security Officer/ Contractor Program Security Officer (GSSO/ CPSO)

A

� Possess a personnel clearance and Program access at least equal to the highest level of Program classified information involved.
� Provide security administration and management for his/her organization.
� Ensure personnel processed for access to a SAP meet the prerequisite personnel clearance and/or investigative requirements specified.
� Ensure adequate secure storage and work spaces.
� Ensure strict adherence to the provisions of the NISPOM, its supplement, and the Overprint.
� When required, establish and oversee a classified material control program for each SAP.
� When required, conduct an annual inventory of accountable classified material.
� When required, establish a SAPF.
� Establish and oversee a visitor control program.
� Monitor reproduction and/or duplication and destruction capability of SAP information.

35
Q

List three construction requirements for vault doors.

A

� Constructed of metal
� Hung on non-removable hinge pins or with
interlocking leaves.
� Equipped with a GSA-approved combination lock.
� Emergency egress hardware (deadbolt or metal bar
extending across width of door).

36
Q

What is the purpose of intrusion detection systems?

A

Detect unauthorized penetration into a secured area.

37
Q

What is the purpose of perimeter barriers?

A

Defines the physical limits of an installation, activity, or area, restrict, channel, impede access, or shield activities within the installation from immediate and direct observation.

38
Q

What is the purpose of an Antiterrorism Program?

A

Protect DoD personnel, their families, installations, facilities, information, and other material resources from terrorist acts.

39
Q

List three Force Protection Condition levels.

A

Normal, Alpha, Bravo, Charlie, Delta

40
Q

Describe the concept of security-in-depth.

A

Layered and complementary security controls suficient to deter, detect, and document unauthorized entry and movement within an installation or facility.

41
Q

What is the Cognizant Security Office (CSO) for the DoD?

A

Defense Security Service (DSS)

42
Q

Why does DSS conduct periodic security vulnerability assessments?

A

To evaluate the effectiveness of the facility’s security program, and ensure that the NISPOM and contract guidelines are being followed.

43
Q

What are the roles of the Facility Security Officer (FSO)?

A

� Ensuring Compliance with the NISP
� Following NISPOM Guidelines
� Providing oversight of all security practices at the facility.