Information Security

Question 1

What are the names of the policies that provide guidance for the DOD Information Security Program?

Answer 1

• E.O 13526
• 32 CFR 2, parts 2001 and 2003, CNSI Final Rule
• DODM 5200.01 VOL 1-4
• DODI 5230.09
• DODI 5230.29

Question 2

What is the responisbility of the Information Security Oversight Office, or ISOO?

Answer 2

To oversee and manage the information security program, under the guidance of the National Security Council

Question 3

What is the responsibility of the National Security Council (NSC)?

Answer 3

• To provide the overall policy direction for the informatin security program.
• It assists the President in develping and issuing National Security Policies, and it guides and directs the implementation and application of the Executive Order.
• The NSC exervises its guidance primarily through the ISOO

Question 4

What is the USD(I) and their responsibility?

Answer 4

The Under Secretary of Defense for Intelligence has the primary responsibility for providing guidance, oversight, and approval authority of policies and procedures that govoern the DoD ISP (by issuing the DoD Instruction 5200.01)

Question 5

The three levels of classified information are designated by what exectuive order?

Answer 5

EO 13526

Question 6

What are the 5 requirements for dreivatie classification?

Answer 6

1. Observe and respect the OCAs original class determination
2. Apply the required markings
3. Only use authorized sources
4. Use caution when paraphrasing
5. Always take the appropriate steps to resolve any doubts you have

Question 7

What are the 4 tpes of Declassification systems?

Answer 7

1. Systematic
2. Automatic
3. Mandatory
4. Scheduled

Question 8

What is a scheduled declassification?

Answer 8

Instructions consist of either a date or event for declassification.

Question 9

What is automatic declassification?

Answer 9

Classified records that have been determined to have permanent historical value, will be automaticall declassified on December 31st of the year that is 25 years from data of its original classification.

There are 9 categories of Information that may be classified beyond 25 years. You can easily identify this information by the yse of 25X instruction for declassificaiton. The exemptions are annotated as 25X with the category nymber following the X, for example, 25X9.

Question 10

What is Mandatory Declassification Review, or MDR?

Answer 10

It is another method of declassifiying information based on requesting a review of information to see if classification is still necessary.

Question 11

What is Systematic Declassification?

Answer 11

A program to review classified records after a certain age.

Question 12

What are the options an OCA has when determining declassification?

Answer 12

• Specific Date
• Specific Event
• 50X1-HUM Exception

Question 13

What type of information does not provide declassification instructions?

Answer 13

• Restricted Data
• Formerly Restriced Data

Question 14

What are the purposes of the SF 701 and SF 702?

Answer 14

The SF 701, or the Activity Security Checklist, is used to record your End of Day Checks.

The SF 702, or the Security Container Check Sheet, is used to record the opening and closing of your security container.

Question 15

What does the term Information System refer to?

Answer 15

Refers to a set of Information Resources organized for the collection, storage, processing, maintenance, use, sharing, dissemination, dispoistion, display, or transmission of information.

Question 16

What is COMSEC?

Answer 16

Communication Security, COMSEC, is defined as the protection resultinf from all measured designed to deny unauthorized persons, information of value that might be derived from the possession and study of telecommunications, and to ensure the authenticity of such communications.

COMSEC includes crypto security, emission security, transmission security, and physical security of COMSEC material and information.

Question 17

How is classified information prepared for transmission?

Answer 17

Classified material needs to be prepared for shipment, packaged, and sealed in ways that minimize risk of accidental exposure and facilitates detection of tampering.

Question 18

Requirments to hand carry classified information

Answer 18

1. Should be done as a last resort
2. Written authorization is required
3. Courier must be briefed.

Question 19

What must be included in the Courier Brief?

Answer 19

1. Couriers liability for the materials.
2. Material cannon be left unattended
3. Should not be opened en route (unless customs)
4. No public discussion
5. Follow an authorized travel route and schedule
6. In case of ER, protect classified materials
7. All travel documents must be valid and current.

Question 20

When can SECRET information be sent via USPS?

Answer 20

Only when it is the most effective means considering security, time, cost, and accountability.

Question 21

List 3 approved methods for destroying classified material

Answer 21

• Burning
• Shredding
• Pulverizing
• Disintegrating
• Pulping
• Melting
• Chemical Decomposition
• Mutilation to preclude recognition

Question 22

Which agency creates the desctruction standard that DoD users?

Answer 22

NSA

Question 23

What is NATO?

Answer 23

The North Atlantic Treaty Organization is an alliance of 28 countries from North America and Europe, committed to fulfilling the goals of the North Atlantic Treaty signed on April 4, 1949.

The United States is a member of NATO, and as such, has access to NATO Classified documents.

NATO classified information, or documents prepared by for NATO and NATO member nation documents that have been released into the NATO security system, and that bear a NATO classification marking, needs to be safeguarded and marked in compliance with the United States Security Authority for NATO or USSAN.

Question 24

List 3 FOIA exemption categories

Answer 24

1. National Defense
2. DoD personnel practices
3. Statutes
4. Trade Secrets
5. Litigation
6. Personal and Private
7. Law Enforcement
8. Regulation of financial institutions
9. Well location

Question 25

What is FOIA?

Answer 25

The Freedom of Information Act recognizes the need to withhold certain types of information from public release and, therefor, establises guidance and framwework for evaluating information for release to the public.

The FOIA provides that, for information to be exempt from mandatory release, it must first fit into one of nine qualifying categories and there must be a legitimate Government purpose served by withholding it.

Question 26

What is STIP?

Answer 26

STIP stands for the DoD Scientific and Technical Information Program.

STIP is not a control marking.

STIP was established to improve and enhance the acqusition of data sources to prevent redundant research to dissemniate technical information efficiently to prevent the loss of technical information to U.S. adversaries and competitors and last, but no less important, STIP was established to aid the transfer of technical information to qualified researchers in U.S. Industry and government agencies.

Question 27

List 5 common briefings

Answer 27

1. Initial
2. Indoctrination (access to special types of class data, such as SCI/G/H, etc.)
3. Annual Refresher
4. Debriefing
5. Courier
6. NATO
7. Non-Disclosure Briefing (unathorized access)
8. Foreign Travel Briefing
9. Attestation (SAP briefing)
10. Antiterrorism/Force Protection (AT/FP)

Question 28

What must an intitial breifing accomplish?

Answer 28

Define classified information and CUI

Explain the importance of protecting such information

Provide a basic understanding of security policies and principles.

Notify personel of their responsibilities within the security program

Inform them of the administrative, civil, and/or criminal sanctions that can be applied when appropriate

Provide individual enough information to ensure the proper protection of classified information and CUI in their possesion, including actions to be taken if such information is discovered unseured, a security vulnerability is noted, or a person has been seeking unathorized acccess to such information

Inform personnel of the need for re view of ALL unclassified DoD information prior to its release to the public.

Question 29

What must a debriefing accomplish?

Answer 29

Emphasizes an individuals continued responsiblity to protect classfied information to which they have had access.

Instructions for reporting any unathorized attempt to gain access to such information

Advised on the prohibition against retaining matrial once they depart the organization

Reminded of the potential civil and criminal penalties for the failure to fulfill their continuing security responsibilities.

Question 30

In what circumstance is a foreign travel briefing required?

Answer 30

For individuals with SCI/SAP access

Attendance at meetings where foreign nationals are likely to be present.

Question 31

Which DoD policy document establishes the requirements and minimum standards for developing classification guidance?

Answer 31

DoDM 5200.01

DoD Information Security Program, Volumes 1-4

Question 32

Which policy document provides guidance to all Government agencies on classification, downgrading, declassification, and safeguarding of classified national security information?

Answer 32

ISOO 32 CFR Parts 2001 and 2003, Classified Antional Security Information (CNSI), Final Rule

Question 33

Which policy document prescribes a uniform system for classifying, safeguarding, and declassifying national security information?

Answer 33

E.O. 13526, Classified National Security Information

Question 34

What are the 6 steps for an OCA to classify information?

Answer 34

1. Confirm the info is owned/controlled by the Government
2. Confirm the info is elegible for classification
3. Determine impact
4. Determine classification level
5. Determine classfication duration
6. Provide Guidance

Question 35

What are the 4 steps to determine if information is eligible for classification?

Answer 35

1. Is the information official?
2. Is it under any prohibitions or limitations?
3. Is it already classified?
4. Does it fall into on of the 8 categories of classied information?

Question 36

List 4 of the 8 categories of classified information

Answer 36

1. Military plans, weapon systems
2. Foreign Government Information
3. Intelligence activities/sources/methods
4. Foreign relations/activities
5. Science/Technology or economic matters relating to National Security
6. Safeguarding nuclear material or facilities
7. Vulnerabilities or capabilities related to National Security
8. Weapons of Mass Destruction

Question 37

Whats not a reason to classify information?

Answer 37

1. Concealment of a crime or error
2. Preventing embarrassment
3. Retrain competition
4. Prevent or delay public release

Question 38

How is the level of classifcation determined by the OCA?

Answer 38

1. Probable impact
2. Verbal determinations must be followed by a written confirmation within 7 days
3. Be prepared to present reason in a court of law
4. Be prepared to provide a written description of damage.

Question 39

Describe net national advantage

Answer 39

Net national advantage is information that is or will be valuable to the U.S, either directly or indirectly.

Question 40

What must be included on a SCG cover page?

Answer 40

The name of the sytem, plan, program, or project

The date

The office issuing the guide, identified by name or ersonal identirifer and position

The OCA approving the Guide

a statememnt of supercession, if necessary

Distribution statement

Question 41

What must be submitted when requesting DoD Original Classification Authority?

Answer 41

Requests must specify the position title for which the authority is requested

Provide a brief mission specific justification for the request and be submitted through established organizational channels.

When authority is granted to a position that authority is document by an appointment officer.

Question 42

When will Agency grant a request for OCA?

Answer 42

Requests will be granted only when an existing Security Classification Guides are insufficient to address the information in question, and when it is impractical to refer decisions to another OCA.