Information Security

Question 1

What are the phases of the Information Security Program (ISP)?

Answer 1

Classification

Safeguarding

Dissemination

Declassification

Destruction

Question 2

What is the purpose of the Information Security Program (ISP)?

Answer 2

Introduces the proper and effective way to:

• classify, protect and share information
• apply downgrading
• apply declassification instructions
• use authorized destruction methods

Question 3

Information Security Policies

Answer 3

E.O. 13526

32 CFR 2; Parts 2001 and 2003 CNSI, Final Rule

DoDM 5200.01 v1-3

DoDI 5230.09

DoDI 5230.29

Question 4

Name the two parts of National Security

Answer 4

National Defense

Foreign Relations

Question 5

First Step of Classification

Answer 5

Determine if materials are controlled by the U.S. Government and if disclosure of the information could cause damage to national security

Question 6

Classification Levels and Definitions

Answer 6

Levels - Top Secret, Secret and Confidential

Unauthorized disclosure may cause…

Top Secret - exceptionally grave damage

Secret - serious damage

Confidential - damage

Question 7

What is required for access to classified information?

Answer 7

1. National security eligibility
2. Need-to-know
3. SF-312 Classified Information Nondisclosure Agreement

*Eligibility + Need-to-know + SF-312 = Authorized Access

Question 8

What is Eligibility?

Answer 8

Determinations made by adjudicative authorities that examine a sufficient period of an individual’s life and background

Question 9

What is Need-to-know?

Answer 9

• Determination that an individual needs access to classified in order to perform lawful and authorized governmental functions
• Determination made by an authorized holder of classified information (custodian)

Question 10

What is an SF-312?

Answer 10

• Advises cleared employees of their responsibility to protect classified and the possible consequences of failure to protect
• Must be executed as a condition of access to classified information

Question 11

Define Original Classification

Answer 11

Making an initial classification decision for government information

Question 12

Who can make an original classification determination?

Answer 12

A designated Original Classification Authority (OCA)

Question 13

Who can authorize an OCA?

Answer 13

President

Vice President

Agency Heads

Officials designated by the President *Authorized in writing

Question 14

How are OCA duties delegated?

Answer 14

• OCA is delegated to a position, not an individual person!
• The person occupying the position that is granted OCA holds OCA authority

Question 15

Of the categories in E.O. 13526, how many is each OCA responsible for?

Answer 15

Only one of the categories

Question 16

What are the steps in the Original Classification Process?

Answer 16

1. Ensure information is official government information
2. Determine if information is eligible for classification
3. Determine if info could cause damage to national security
4. Assign level of classification
5. Determine how long the classification should last
6. Document the level of classification
7. Communicate decision

Question 17

How does the OCA communicate classification decisions?

Answer 17

The SCG and properly marked source documents

Question 18

Define Derivative Classification

Answer 18

The creation of new materials based on existing classification guidance

Question 19

Who is responsible for derivatively classifying information?

Answer 19

All cleared personnel within the DoD

Question 20

What are the responsibilities of Derivative Classifiers?

Answer 20

1. Respect the OCA’s initial classification
2. Apply required markings
3. Use authorized sources of classification guidance
4. Use caution when paraphrasing/restating classified information, as these can change the classification
5. Take steps to resolve doubts or conflicts about the classification/level/duration

Question 21

Classification Concept: Contained In

Answer 21

• Derivative classifiers incorporate classified, word for word from an authorized source
• No additional interpretation or analysis is needed to determine the classification of that information

Question 22

Classification Concept: Compilation

Answer 22

If compiled information reveals an additional association or relationship, but it is individually…

• Unclassified
• Classified at a lower level
• May be classified
• Classified at a higher level

Question 23

Classification Concept: Revealed By

Answer 23

Classification is deduced from interpretation or analysis via paraphrased or restated information

Question 24

What are the basic rules of Portion Marking?

Answer 24

• Complete before banner markings
• Indicate highest level of classification in every portion
• Place at beginning of the portion
• Utilize abbreviations

Question 25

What are the basics of Banner Marking?

Answer 25

- Highest level of classification of the overall document - Determined by highest level of any one portion - Top and bottom of each page - Classification level spelled out in all capital letters

Question 26

What information is in the Derivative Classification Authority Block?

Answer 26

Classified By Derived From Downgrade To (if applicable) Declassify On \*Block is placed on the face of each classified document near the bottom

Question 27

What is the purpose of the SCG?

Answer 27

- Provide derivative classification instructions - Facilitate proper and uniform derivative classification

Question 28

Who issues the SCG?

Answer 28

The OCA

Question 29

What basic information is provided in the SCG?

Answer 29

- Classification level for each element - Reason for classification - Duration of classification - Applicable downgrading instructions - Special control notices - OCA contact information (front cover)

Question 30

What are the four Authorized Storage Methods?

Answer 30

1. Authorized individual’s head 2. Authorized individual’s hands 3. GSA approved security container 4. Authorized information technology

Question 31

What is the purpose of a Coversheet?

Answer 31

- Alert holders to the presence of classified information - Prevent inadvertent view of classified information

Question 32

What are the SF-703, SF-704 and SF-705?

Answer 32

SF-703 = cover sheet for Top Secret SF-704 = cover sheet for Secret SF-705 = cover sheet for Confidential

Question 33

What is the SF-700?

Answer 33

Security Container Information - Used to maintain a record for each container - Used to record combinations

Question 34

What is an SF-701?

Answer 34

Activity Security Checklist - Used to record checks of work areas - Used at the end of each working day

Question 35

Define Access

Answer 35

Ability and opportunity to obtain knowledge of classified

Question 36

What is the difference between a Waiver vs an Exception?

Answer 36

Both are approved exclusions or deviations from INFOSEC standards - Waivers are temporary - Exceptions are permanent

Question 37

What markings belong on the Inner Wrapping of a classified envelope/package?

Answer 37

- Complete return address - Specific person to receive the package, if applicable - Mailing address - Highest classification level - Applicable special markings

Question 38

What are the markings on the Outer Wrapping of a classified envelope/package?

Answer 38

- Return address - Mailing address - Do NOT address it to an individual’s name! - Do NOT put any classification markings or indicators!

Question 39

Who is responsible for Prepublication Review?

Answer 39

Defense Office of Prepublication and Security Review (DOPSR)

Question 40

When is there a Security Violation?

Answer 40

1. Inquiry reveals there has been a compromise of classified information 2. Knowing, willful or negligent action that could reasonably be expected to result in the loss, suspected compromise or compromise of classified

Question 41

When is there a Security Incident?

Answer 41

- Inquiry confirms that failure to comply with security requirements did not result in a compromise of classified - Cannot reasonably be expected to and does not result in the loss, suspected compromise or compromise of classified information

Question 42

What is a Spillage?

Answer 42

Classified data is introduced to an information system not approved for that level of information

Question 43

Define Unauthorized Disclosure

Answer 43

Communication or physical transfer of classified to an unauthorized recipient

Question 44

Define Declassification

Answer 44

- Authorized change from classified to unclassified - Information no longer requires protection in the interest of national security at any level

Question 45

Declassification Type: Scheduled

Answer 45

OCA sets a date or event for declassification

Question 46

Declassification Type: Automatic

Answer 46

Information is declassified when it is 25 years old

Question 47

Declassification Type: Mandatory

Answer 47

The public can ask for classified information to be reviewed for declassification and public release

Question 48

Declassification Type: Systematic

Answer 48

Information is reviewed due to being exempt from automatic declassification

Question 49

Define Destruction

Answer 49

Destroying classified information to ensure it cannot be recognized or reconstructed

Question 50

Name 5 of the 8 Authorized Methods for Destroying Classified

Answer 50

Burning Shredding Pulverizing Disintegrating Pulping Melting Chemical Decomposition Mutilation

Question 51

Where can you find a list of approved destruction equipment?

Answer 51

The NSA's evaluated products list (EPL)

Question 52

What is the purpose of the Information Security Oversight Office (ISOO)?

Answer 52

Oversee and manage the Information Security Program under the guidance of the National Security Council

Question 53

What is the purpose of the National Security Council (NSC)?

Answer 53

- Provide overall policy direction for the Information Security Program - Assist the President in developing and issuing National Security Policy

Question 54

What is the purpose of Under Secretary of Defense for Intelligence (USD(I))?

Answer 54

Provides guidance, oversight and approval authority of policies and procedures that govern the DoD Information Security Program

Question 55

List 4 Types of Declassification Systems

Answer 55

Scheduled Automatic Mandatory Systematic

Question 56

What 2 types of information do not provide declassification instructions?

Answer 56

- Restricted Data - Formerly Restricted Data

Question 57

What information is in a Courier Briefing?

Answer 57

1. The courier is liable for materials 2. Material cannot be left unattended 3. Do not open en route (exception: customs) 4. No public discussion 5. Follow authorized travel route and schedule 6. In emergency, protect classified material 7. Travel documents must be current and valid

Question 58

List 5 Common Briefings

Answer 58

Initial Indoctrination Annual Refresher Debriefing Courier NATO Non-Disclosure Foreign Travel Attestation Antiterrorism/Force Protection

Question 59

List Categories of Classified Information

Answer 59

1. Military plans, weapons systems, or operations; 2. Foreign government information; 3. Intelligence activities (including covert action), intelligence sources or methods, or cryptology; 4. Foreign relations or foreign activities of the United States, including confidential sources; 5. Scientific, technological, or economic matters relating to the national security; 6. United States Government programs for safeguarding nuclear materials or facilities; 7. Vulnerabilities or capabilities of systems, installations, infrastructures, projects, plans, or protection services relating to the national security or the development, production, or use of weapons of mass destruction

Question 60

List 4 Reasons NOT to Classify Information

Answer 60

Concealment of a crime or error Preventing embarrassment Restrain competition Prevent or delay public release

Question 61

List 3 Methods to Derivatively Classify Info

Answer 61

Restating: Taken directly from an authorized source Paraphrase: Re-word in a new or different document Generate: Take from one form and generate into another

Question 62

Who can declassify information?

Answer 62

Secretary of Defense Secretaries of the Military Departments Officials delegated by the OCA Officials delegated as declassification authorities

Question 63

Define Actual Compromise

Answer 63

An unauthorized disclosure of information

Question 64

List 4 Topics of OCA Training

Answer 64

1. OCA Responsibilities 2. Classification Principles and Avoidance of Over Classification 3. Proper Safeguarding 4. Criminal, Civil and Administrative penalties for failing to protect classified nfo

Question 65

What must be included on an SCG cover page?

Answer 65

Date Name of system, plan, program or project Official issuing the guidance (name/personal identifier and position) OCA approving the guide Distribution statement Statement of supercession, if necessary

Question 66

What must be submitted when requesting DoD Original Classification Authority?

Answer 66

Mission specific justification for the request Position

Question 67

Declassification Guide Content

Answer 67

Identifies the subject matter Name and position of the OCA Declass Authority Date of issuance or last review States info to be declassified, downgraded or to remain classified

Question 68

Security Classification Guide Content

Answer 68

Subject matter OCA Agency point of contact Date of approval or last review Identification and delineation of the specific items or elements of information warranting protection Classification levels Reasons for classification Duration of classification Warning and handling notices Dissemination controls Declass instructions

Question 69

If classified information appears in the public media, what is DoD personnel appropriate response?

Answer 69

Neither confirm nor deny Personnel must be careful not to make any statement of comment that would confirm the accuracy or verify the classified status of the information

Question 70

Define Potential Compromise

Answer 70

Possibility that compromise could exist but it is not known with certainty.

Question 71

What must be submitted when requesting DoD Original Classification Authority?

Answer 71

Mission specific justification for the request Position