SECNAV M-5510.36, DEPARTMENT OF THE NAVY INFORMATION SECURITY PROGRAM Flashcards
What applies uniform, consistent, and cost-effective policies and procedures to the classification, safeguarding, transmission and destruction of classified information?
Information Security Program (ISP)
Who bears executive responsibility for the security of the Nation, which includes the authority to classify information for the protection of the national defense and foreign relations of the U.S.?
President of the United States (POTUS)
What provides overall policy guidance on information security?
National Security Council (NSC)
Who as the chairman of the National Foreign Intelligence Board (NFIB), issues instructions in the form of DCI directives or policy statements affecting intelligence policies and activities?
Director of Central Intelligence (DCI)
What is the primary internal security agency of the U.S. Government?
Federal Bureau of Investigation (FBI)
Who is the investigative component of the DON and is the sole liaison with the FBI on internal security matters?
Director, Naval Criminal Investigative Service (DIRNCIS)
Who is the Department of Defense (DoD) senior official charged by the Secretary of Defense (SECDEF) with responsibility for developing policies and procedures governing information and personnel security, including atomic energy policy programs?
Under Secretary of Defense (Intelligence) (USD(I))
Who is designated as the senior official responsible for administering that portion of the DoD ISP pertaining to Special Access Programs (SAP), the National Disclosure Policy (NDP), Foreign Government Information (FGI) (including North Atlantic Treaty Organization (NATO) information), and security arrangements for international Programs?
Under Secretary of Defense for Policy (USD(P))
What provides centralized coordination and direction for signals intelligence and communications security for the U.S. Government?
National Security Agency (NSA)
The authority to lower any COMSEC security standards within the DoD rests with the what?
SECDEF
What is responsible for the direction and control of SCI programs established by DOD components?
Defense Intelligence Agency (DIA)
Who is responsible to the SECNAV for establishing, directing, and overseeing an effective DON ISP, and for implementing and complying with all directives issued by higher authority?
CNO
What is responsible for investigative, law enforcement, physical security, technical surveillance countermeasures, and counterintelligence (CI) policy and programs within the DON?
DIRNCIS
Who is responsible to the ASN (RD&A) for implementing policies and managing DON participation in
international efforts concerning RD&A?
Director, Navy International Programs Office (Navy IPO)
Who is a Senior Official of the Intelligence Community (SOIC) and administers the SCI program for the Navy, including non-Service DON entities?
Director of Naval Intelligence (DNI)
Who is a Senior Official of the Intelligence Community (SOIC) and administers the SCI program for the Marine Corps?
Director of Intelligence of the Marine Corps
Who is responsible for DON policies and implementation of the DoD IA program?
Department of the Navy, Chief Information Officer (CIO)
Who is responsible for implementing the DON CIO policies within the DON?
Commander, NETWARCOM
Who as the designated SSO for the Commander, NETWARCOM, is responsible for signals intelligence activities and for administration of SCI programs within the DON cryptologic community?
NETWARCOM Security Directorate
Who administers the DON CMS program and acts as the central office of records for all DON CMS accounts?
Director, COMSEC Material System (DCMS)
Who administers the DON ISP within the U.S. Marine Corps?
Commandant of the Marine Corps (CMC)
Who is responsible for implementation of CI and human intelligence programs and the ISP?
CMC (Code ARS)
Who as Special Security Officer (SSO) for the U.S. Marine Corps, is responsible for guidance and implementation of SCI programs?
CMC (Code IOS)
What may be granted to accommodate a long-term or permanent inability to meet a specific requirement?
Exception
COMSEC information is governed by what reference?
EKMS-1
Sensitive Compartmented Information (SCI) is governed by what reference and other national, DoD and DON issuances?
DoD 5105.21-M-1
The Under Secretary of the Navy must formally approve the establishment of each SAP in coordination with the what?
Deputy SECDEF
SIOP and SIOP-ESI are governed by what reference which is issued by the CNO?
OPNAVINST S5511.35K
Classified and unclassified NNPI is governed by what reference?
NAVSEAINST 5511.32C
What is information received from one or more foreign governments or international organizations as classified or expected to be held in confidence?
FGI
NATO classified and unclassified information is governed by what reference?
USSAN 1-69
What is defined and governed by laws, international agreements, EOs, and regulations that address the identification, marking, protection, handling, transmission, transportation, and destruction?
Controlled Unclassified Information (CUI)
The National Industrial Security Program (NISP) was established by what reference to safeguard classified information released to industry in a manner that is equivalent to its protection within the executive branch?
Executive Order 12829
What is used as a generic term for any organizational entity and may include a base, station, unit, laboratory, installation, facility, center, activity, detachment, squadron, ship, etc.?
Command
Who is responsible for the effective management of the ISP within the command?
Commanding Officer
Who is responsible for implementing the ISP and shall have direct access to the commanding officer?
Security manager
The Security manager will coordinate after-incident responses involving classified information processed on IT systems with the command what?
Information Assurance Manager (IAM)
The command security manager will ensure that access to classified information is limited to appropriately cleared personnel with a need-to-know per what reference?
SECNAVINST 5510.30
The command security manager may be assigned full-time, part-time or as a collateral duty and must be an officer or a civilian employee, what grade or above, with sufficient authority and staff to manage the program for the command?
GS-11
The security manager must be a U.S. citizen and have been the subject of a favorably adjudicated Single Scope Background Investigation (SSBI) completed within how many years prior to assignment?
Five
The commanding officer shall designate, in writing, a command what for commands handling Top Secret information?
TSCO
The TSCO must be an officer, senior non-commissioned officer what rank or above, or a civilian employee, GS-7 or above?
E7
The TSCO must be an officer, senior non-commissioned officer what rank or above, or a civilian employee, GS-7 or above?
E7
Persons designated as assistant security managers must be U.S. citizens, and either officers, enlisted persons what rank or above, or civilians GS-6 or above?
E6
Who is the principal advisor to the commanding officer in all matters regarding the Communication Material System (CMS)?
EKMS manager
What reference requires the commanding officer to designate, in writing, an NWP custodian?
NTTP 1-01
What reference establishes procedures and minimum security standards for the handling and protection of NATO classified information?
USSAN 1-69
What is the main receiving and dispatching element for NATO information in the U.S. Government?
Central United States Registry (CUSR)
Per what reference, the commanding officer shall designate, in writing, an IAM and Information Assurance Officer(s) (IAO), as appropriate?
OPNAVINST 5239.1B
Who serves as the point of contact for all command information assurance (IA) matters and implements the command’s IA program?
IAM
Who is designated for each information system and network in the command, and are responsible for implementing and maintaining the command’s information technology systems and network security requirements?
IAO
Per what reference, the commanding officer shall designate, in writing, a command SSO and Subordinate Special Security Officer (SSSO), as needed, for any command that is accredited for and authorized to receive, store, and process SCI?
DoD 5105-21-M-1
Who is responsible for the operation (e.g., security, control, use, etc.) of all command Sensitive Compartmented Information Facilities (SCIFs)?
SSO
The SSO and the SSSO shall be appointed in writing and each must be a U.S. citizen and either a commissioned officer or a civilian employee GS-9 or above, and must meet the standards of what reference?
DCID 6/4
Per what reference, the Commanding Officer shall designate, in writing, a command security officer?
OPNAVINST 5530.14C
Specified security functions may be performed for other commands via what, or Memoranda of Understanding (MOU) or Memoranda of Agreement (MOA)?
SSAs
Who shall ensure that personnel in their commands receive the security education necessary to ensure proper execution of their security responsibilities?
Commanding officers
Who is responsible for policy guidance, education requirements and support for the DON security education program?
CNO
What is the only basis for classifying national security information, except as provided by Title 42, U.S.C., Sections 2011-2284?
Executive order 12958
Information classified by what DON authorities shall be codified in security classification guides, and it shall be declassified as soon as it no longer meets the standards for classification in the interest of the national security?
Original Classification Authorities (OCAs)
Information that requires protection against unauthorized disclosure in the interest of national security shall be classified as Top Secret, Secret, or what else?
Confidential
What is the classification level applied to information whose unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to the national security?
Top Secret
What is the classification level applied to information whose unauthorized disclosure could reasonably be expected to cause serious damage to the national security?
Secret
What is the classification level applied to information whose unauthorized disclosure could reasonably be expected to cause damage to the national security?
Confidential
What is the initial decision that an item of information could be expected to cause damage to the national security if subjected to unauthorized disclosure?
Original classification
The authority to originally classify information as Top Secret, Secret, or Confidential rests with the what and officials delegated the authority?
SECNAV
OCA’s and acting OCAs must have refresher training on OCA duties and responsibilities how often?
Annually
Requests for Top Secret original classification authority shall be submitted, in writing, to the what via CNO?
Secretary of the Navy
Requests for Secret or Confidential original classification authority shall be submitted, in writing, directly to the what?
CNO
What reference contains the specific criteria, principles, and considerations for original classification?
OPNAVINST 5513.1F
At the time of original classification, the OCA shall attempt to establish a specific date or event for declassification, however the date or event shall not exceed how many years from the date of the original classification?
25
Who may provide advice and assistance to classifiers in assigning classification for original and derivative classification decisions?
Security Managers
Only the Secretary of the Navy or the what may reclassify information
Under Secretary of the Navy
OCAs shall request reclassification, in writing, via who?
CNO
Cleared recipients or holders of reclassified information shall be notified within how long and appropriately briefed about their continuing obligation and responsibility to protect this information from unauthorized disclosure?
30 days
The OCA shall act upon a classification challenge within how many days of receipt and notify the challenger of any changes made as a result of the challenge or the reason(s) no change is being made?
30
If the person initiating a classification challenge is not satisfied with the OCA’s final determination, the decision may be appealed to the what for review as the DON’s impartial official?
CNO
Individuals, not having original classification authority, who create information they believe to be classified shall mark the information accordingly, and Mark the first page and/or cover sheet of information as tentatively classified with the intended classification level preceded by what word?
Tentative
What reference provides that the SECDEF, among others, may determine whether granting a patent disclosure for an invention would be detrimental to national security?
Title 35, U.S.C, Section 181-188
New projects and significant technical developments or trends related to what are normally classified in order to protect the strategic value of this technology?
NNPI
Classified information related to the tactical characteristics and capabilities of naval nuclear ships and propulsion plant design is typically what while classified information relating primarily to the reactor plant of a nuclear propulsion system is typically RD?
NSI
What reference provides detailed guidance for classifying NNPI?
CG-RN-1
Who, as the Program Manager for the Naval Nuclear Reactor Program, issues bulletins amplifying or modifying classification and security guidance pertaining to NNPI?
Commander, Naval Sea Systems Command
The only officials authorized to downgrade, declassify, or modify an original classification determination with a resulting change in the classification guidance for classified DON information is the what with respect to all information over which the DON exercises final classification authority?
SECNAV
Detailed policy concerning the automatic declassification of DON information is contained in what reference?
OPNAVINST 5513.16
Executive Order 12958 established procedures for automatic declassification review of classified records that are more than 25 years old and have been determined to have permanent historical value as defined by what reference?
Title 44, U.S.C, Chapters 21, 31, and 33
Historically valuable records are identified in what reference by the use of the term “permanent” in the records series disposition instruction?
SECNAV M-5210.1
Automatic declassification review of 25-year old records applies to the official records contained in what records systems?
National Archives and Records Administration (NARA)
Declassified documents will not be released to the public until a public release review has been conducted in accordance with what reference?
DoD Directive 5230.9
Systematic declassification review is the review for declassification of classified information contained in records that have been determined by the what of the U.S. to have permanent historical value?
Archivist
Who is responsible for identifying to the Archivist of the U.S. that classified DON information that is 25 years old and older which requires continued protection?
CNO
Who may establish special procedures for systematic review for declassification of classified cryptologic information?
SECDEF
Who may establish procedures for systematic review for declassification of classified information pertaining to intelligence activities (including special activities), or intelligence sources or methods?
Director, Central Intelligence (DCI)
Mandatory declassification review does not supplement or modify the procedures for the handling of FOIA requests as described in what reference?
SECNAVINST 5720.42F
All information classified under Executive Order 12958 or predecessor orders shall be subject to a review for declassification by the DON if the information has not been reviewed within the preceding how many years?
Two
Command action on the initial Mandatory declassification request shall be completed within how many working days and the requester notified accordingly?
45
A final determination shall ordinarily be made within how long of the date of receipt of the mandatory declassification request?
One year
Per what reference, fees may be charged as authorized by Title 31, U.S.C., Section 9701 for mandatory declassification reviews?
NAVSO P1000
OCAs shall take reasonable steps to declassify classified information contained in records determined to be of permanent historical value, per what reference?
SECNAV M-5210.1
Notices that assign classification to unclassified information shall be classified Confidential, unless the notice itself contains information at a higher classification level. The notice shall be marked for declassification no less than how many days from its origin?
90
The Department of State (DOS), editors of Foreign Relations of the U.S., have a mandated goal of publishing how many years after the event?
20
What serve both legal and management functions by recording DON original classification determinations made under Executive Order 12958 and its predecessor orders?
Security Classification Guides (SCGs)
SCGs are the primary reference source for what classifiers to identify the level and duration of classification for specific information elements?
Derivative
The CNO (N09N2) manages a system called what, which manages and centrally issues SCGs for the DON OCAs?
RANKIN
SCGs shall be prepared, in writing, in the format described in what reference?
OPNAVINST 5513.1F
The primary element of the RANKIN Program is a computerized database that provides for the standardization, centralized management and issuance of all DON what?
SCGs
What series contains, as enclosures, individual SCGs for systems, plans, programs, or projects related to the overall subject area of the instruction?
OPNAVINST 5513
Who periodically issues an index of SCGs available within the DON?
CNO
Most instructions in the OPNAVINST 5513 series are assigned what and can be ordered through the DON supply system?
National Stock Numbers (NSNs)
Original Classification Authorities shall review their SCGs for accuracy and completeness at least every how many years and advise the CNO (N09N2) of the results?
Five
Security Classification Guides for systems, plans, programs, or projects involving more than one DoD component are issued by the what?
Office of the Secretary of Defense (OSD)
In cases of apparent conflict between a SCG and a classified source document about a discrete item of information, the instructions in the what shall take precedence?
SCG
What include those markings that identify the source of classification (or for original decisions, the authority and reason for classification)?
Associated markings
What include any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission or reception of data or information?
IT systems
What includes Universal Serial Bus drives, flash drives, pen drives, compact disks, scanners, videotapes, floppy disks, recordings, etc.?
Electronic media
Documents containing RD (including CNWDI) or FRD, shall not be marked with any downgrading or declassification instructions, other than those approved by the what?
DOE
Mark (stamp, print, or permanently affix with a sticker or tape) the face and back cover, and what else, of all classified documents to show the highest overall classification level of the information they contain?
Top and bottom center
What abbreviation shall be used to designate unclassified portions containing information exempt from mandatory release to the public?
FOUO
What letter shall be used for the identification of NATO RESTRICTED or Foreign Government RESTRICTED information?
R
The authority to grant waivers of the portion marking requirement rests with the what?
Director, ISOO
Associated markings shall not be placed on the what of any classified document?
Back cover
The “Classified by” and “Reason” lines are rarely used because what estimated percent of all DON documents are derivatively classified?
99%
Declassification instructions and other downgrading instructions do not apply to documents containing Restricted Data (RD) or what else?(
Formerly Restricted Data (FRD)
Only what designated declassifier can declassify an RD document?
Department of Energy (DOE)
What advise document holders that additional protective measures such as restrictions on reproduction, dissemination or extraction are necessary?
Warning notices
Per Title 42, U.S.C., Sections 2011-2284 and what else, mark classified documents containing RD and/or FRD on the face of the document, in the lower left corner, with the applicable warning notice?
DoD Directive 5210.2
What which is a subset of RD is subject to special dissemination controls and marking requirements?
CNWDI
The marking policies and dissemination procedures for CNWDI are contained in what reference?
DoD Directive 5210.2
Per what reference, there is national policy prohibiting foreign disclosure of NNPI?
NAVSEAINST 5511.32C
Classified NNPI not containing RD or FRD information shall include the associated markings set forth in what reference?
NAVSEAINST 5511.32C
Per what reference, SIOP documents shall be marked in the same manner as any other classified document?
OPNAVINST S5511.35K
Per EKMS-1, what designator identifies all COMSEC documents and keying material which are used to protect or authenticate classified or controlled unclassified government or government-derived information?
CRYPTO
Per what reference, mark documents containing FOUO Law Enforcement Sensitive (FOUOLES) in the same manner as documents containing FOUO?
DoD 5200.1-R
Per what reference, mark the bottom face and the back cover of unclassified documents containing DoD UCNI with “DoD unclassified Controlled Nuclear Information.”?
OPNAVINST 5570.2
The DOS does not require that what information be specifically marked, but does require that holders be made aware of the need for controls?
SBU
Mark information or material designated as LIMITED DISTRIBUTION, or derived from such information or material per what reference?
DoD Directive 5030.59
The policy for marking intelligence information is contained in what reference?
DCID 6/6
What marking is the most restrictive intelligence control marking and shall only be used on classified intelligence that clearly identifies or would reasonably permit ready identification of intelligence sources or methods that are particularly susceptible to countermeasures that would nullify or measurably reduce their effectiveness?
ORCON/OC
Use what marking with, or without, a security classification level marking, to identify information provided by a commercial firm or private source under an expressed or implied understanding that the information shall be protected as a trade secret or proprietary data believed to have actual or potential intelligence value?
PROPIN/PR
Within the DON, only the Director of Naval Intelligence and the Director of Intelligence, United States Marine Corps, may determine what information warrants initial application of what caveat?
NOFORN
The “NOFORN” caveat shall not be applied to non-intelligence information except for what?
NNPI
What control marking was previously only for use on intelligence information, but is now authorized for use on all classified defense information deemed releasable through appropriate foreign disclosure channels?
REL TO
The product of what shall not be classified unless it incorporates classified information to which the developer was given prior access?
IR&D
What reference governs the assignment, control, and use of nicknames, exercise terms and code words?
OPNAVINST 5511.37C
What are a combination of two unclassified words with an unclassified meaning?
Nicknames
What term is a combination of two non-code words that may or may not be classified and may or may not have a classified meaning?
Exercise
What is a single classified word with a classified meaning?
Code word
Classification by what is rare, and in order to qualify for classification, something not already identified in the individual parts must be revealed?
Compilation
What with jurisdiction over the classified information may change the level of classification?
OCA
What determines the duration of classification?
Date of Source
When using source documents that have old declassification instructions, all declassification actions are effective on what date of the year in which declassification is to take place?
31 December
Who shall ensure that classified information is processed only in secure facilities, on accredited Information Technology (IT) systems, and under conditions which prevent unauthorized persons from gaining access?
Commanding officers
All personnel shall comply with what policy for access to classified information?
Need-to-know
Foreign national access to CUI shall be in accordance with reference?
SECNAVINST 5510.34A
All Top Secret information (including copies) originated or received by a command shall be continuously accounted for, individually serialized, and entered into a command what?
Top Secret register or log
Who shall obtain a record of receipt (typically a classified material receipt) from each recipient for Top Secret information distributed internally and externally?
Top Secret Control Officers (TSCOs)
Top Secret information shall be physically sighted or accounted for at least how often, and more frequently as circumstances warrant?
Annually
Commanding officers shall establish procedures to control and mark all Secret and Confidential working papers in the manner prescribed for a finished document when retained more than how many days from the date of creation or officially released outside the organization by the originator?
180
A document transmitted over a classified IT system is considered a what?
Finished document
What reference requires an administrative system for controlling the NWP Library within the command?
NTTP 1-01
Control and safeguard NATO classified information (including NATO Restricted) per what reference?
USSAN 1-69
Maintain records for the receipt, internal distribution, destruction, annual inventory, access, reproduction, and transmission of Top Secret FGI for how many years?
Five
Maintain records for the receipt, internal distribution, transmission and destruction of Secret FGI for how many years?
Three
Maintain records for the receipt and transmission of Confidential FGI for how many years?
Two
Control and safeguard RD and FRD per what reference?
DoD Directive 5210.2
Control and safeguard SCI per what reference?
DoD 5105.21-M-1
Control and safeguard COMSEC information per what reference?
EKMS-1
Control and safeguard SIOP and SIOP-ESI per what reference?
OPNAVINST S5511.35K
Control and safeguard SAP information per what reference?
SECNAVINST S5460.3C
Control and safeguard NNPI per what reference?
NAVSEAINST 5511.32C
Control and safeguard FOUO information per what reference?
SECNAVINST 5720.42F
Control and safeguard DoD UCNI per what reference?
OPNAVINST 5570.2
When an Original Classification Authority (OCA) determines that other security measures detailed in this policy manual are insufficient for establishing “need-to-know” for classified
information, and where Special Access Program (SAP) controls are not warranted, what may be employed?
Alternative Compensatory Control Measures (ACCM)
ACCM shall not be used for NATO or non-intelligence Foreign Government Information (FGI) without the prior written approval of the what?
ODUSD (Policy)
ACCM shall not be used to protect classified information in acquisition programs as defined in what reference?
DoD Directive 5200.1-M
ACCM shall not be used to control classified information designated as Restricted Data (RD), Formerly Restricted Data (FRD), Communications Security (COMSEC) or what else?
Sensitive Compartmented Information (SCI)
ACCM shall not use what structure or system to control the position and numbers of persons with access to ACCM?
Billet
Who approves the use of ACCM, and ensures that the protection afforded classified information is sufficient to reasonably deter and detect loss or compromise?
CNO
What shall be used in the text of message traffic and on cover sheets accompanying secure facsimile transmissions to assist in alerting the recipient that the transmission involves ACCM protected information?
ACCM nickname
What, or other secure transmission methods authorized for processing classified information at the same level may be used to transmit ACCM information?
Secret Internet Protocol Router Network (SIPRNET)
Approved ACCM may be applied to cleared DoD contractors only when identified in the Contract Security Classification Specification, what form?
DD Form 254
Commanding officers shall establish procedures for end of the day security checks, utilizing the what, Activity Security Checklist, to ensure that all areas which process classified information are properly secured?
SF 701
What, Security Container Check Sheet, shall be utilized to record that classified vaults, secure rooms, strong rooms and security containers have been properly secured at the end of the day?
SF 702
Refer to what reference for visit procedures?
SECNAVINST 5510.30
Technical surveillance counter-measures support for meetings involving Top Secret information, and for other designated classified discussion areas (e.g., base theaters, school auditoriums, unsecured classrooms, etc.) must be requested per what reference?
SECNAVINST 3850.4
Classified information originated in a non-DoD department or agency shall not be disseminated outside the DoD without the consent of the originator except where specifically permitted (also known as what rule)?
Third agency rule
Authority for disclosure of DON classified and CUI to foreign governments has been centralized in the what?
Director, Navy International Programs Office
In emergency situations, in which there is an imminent threat to life or in defense of the homeland, who, or a designee may authorize the disclosure of classified information to an individual or individuals who are otherwise not routinely eligible for access?
Secretary of the Navy
Within how long of the disclosure of classified information, or the earliest opportunity that the emergency permits, but no later than 30 days after the release, the disclosing authority must notify the originating agency of the information?
72 hours
The policy and procedures concerning the dissemination of SAP information are contained in what reference?
SECNAVINST S5460.3C
The policy and procedures for the preparation and processing of classified information to be disseminated to Congress are contained in references SECNAVINST 5730.5H and what else?
OPNAVINST 5510.158A
What reference requires the assignment of distribution statements to facilitate control, distribution, and release of technical documents without the need to repeatedly refer questions to the originating command?
DoD Directive 5230.24
Information relating to NNPI which is not marked and handled as unclassified NNPI shall be reviewed and approved by what prior to release to the public?
Naval Sea Systems Command
What reference applies to unclassified technical data which reveals critical technology with military or space application and requires an approval, authorization, or license for its lawful export and which may be withheld from public disclosure?
OPNAVINST 5510.161
It is DoD policy under what reference that a security and policy review shall be performed on all official DoD information intended for public release including information intended for
placement on publicly accessible websites or computer servers?
DoD Directive 5230.9
All international transfers of classified information shall be via what channels?
Government-to-government
What reference establishes the requirements for the transmission or transportation of COMSEC information?
EKMS-1
NATO RESTRICTED information shall, at a minimum, be transmitted by what mail within CONUS?
USPS first class
What reference establishes the requirements for the transmission or transportation of SCI?
DoD 5105.21-M-1
What reference establishes the requirements for the transmission or transportation of SAP information?
SECNAVINST S5460.3C
What reference establishes the requirements for the transmission or transportation of SIOP and SIOP-ESI?
OPNAVINST S5511.35K
What reference establishes the requirements for the transmission or transportation of nuclear information or components?
OPNAVINST C8126.1B
Transport what information via USPS first class mail, or standard mail for bulk shipments?
FOUO
Transmit or transport what via USPS first class mail in a single, opaque envelope or wrapping?
DoD UCNI
What is required for Top Secret and Secret information transmitted or transported in and out of the command and for all classified information provided to a foreign government or its representatives, including its embassies in the U.S., and its contractors?
Acknowledgement of receipt
Refer to what reference on the handcarry of classified NATO information?
USSAN 1-69
In the event that the handcarry of classified information will also involve the disclosure of classified information to foreign nationals, the cognizant foreign disclosure authority shall ensure that disclosure authorization has been obtained per what reference?
SECNAVINST 5510.34A
The security manager shall provide written authorization to all individuals escorting or handcarrying classified information. This authorization may be the what, Courier Authorization Card, or included on official travel orders, or a courier authorization letter?
DD 2501
Senate regulations require that all classified material intended for delivery to any Senator, staff member, Committee or other Senate office be delivered to the what which is the central document control facility for the
U.S. Senate?
Office of Senate Security (OSS)
OSS does not accept any classified material for the what?
U.S. House of Representatives
What establishes and publishes minimum standards, specifications, and supply schedules for containers, vault doors, modular vaults, and associated security devices suitable for the storage and destruction of classified information?
General Services Administration (GSA)
What reference promulgates national policy for procuring and using security containers for Information Technology (IT) system purposes?
CNSSP No. 10
Store Top Secret information in a vault, modular vault or secure room, equipped with an IDS and a personnel response to the alarm within 15 minutes of the alarm annunciation if the area is covered by Security-in-Depth, or a how many-minute alarm response if it is not?
5
What reference governs the requirements for storing classified ordnance items too large to store in GSA- approved containers?
OPNAVINST 5530.13C
If new security storage equipment is needed, procure it from the what?
GSA Federal Supply Schedule
Only what containers are on the current GSA schedule?
Class 5 and 6
GSA approved containers manufactured before when are identified by GSA label that has either black lettering on a silver background, or silver on black?
October 1990
What GSA approved containers have a silver label with green lettering?
Class 7
What containers are GSA-approved security containers for protection of IT systems?
Information Processing System (IPS)
GSA approved Class 5 containers provide the same protection as Class 6 plus how many minutes against forced entry attack?
Ten
What GSA approved containers are typically used for storage of classified information such as documents, maps, drawings, and plans?
Class 6
Security containers manufactured by what must be removed from service and disposed of under accepted safety standards?
Remington Rand
Two and four-drawer Class 5 security containers manufactured by what are no longer approved for the storage of classified information?
Art Metal Products, Inc.
New purchases of combination locks shall conform to what Federal Specification?
FF-L-2740
Built-in combination locks will then be reset to what standard combination when taken out of service?
50-25-50
Combination padlocks will be reset to what standard combination when taken out of service?
10-20-30
Title 18, U.S.C., Section 1386 makes unauthorized possession of keys, key blanks, keyways, or locks adopted by any part of the DoD for use in the protection of conventional arms, ammunition or explosives (AA&E), special weapons, and classified equipment a criminal offense punishable by fine or imprisonment up to how many years, or both?
10
What reference governs key security and lock control used to protect classified information?
OPNAVINST 5530.14C
When securing security containers, rotate the dial of mechanical combination locks at least how many complete turns in the same direction, and check each drawer?
Four
Neutralization of lock-outs, repairs and maintenance of GSA-Approved security containers shall be accomplished in accordance with what?
Federal Standard 809
What consists of monitors and electronic sensors designed to detect, not prevent, an attempted intrusion?
IDS
What system is designed to assess, view areas, or detect an intrusion?
CCTV
What components consist of card reader devices and/or biometrics, such as hand geometry, iris or fingerprint scanners, and the computers to control them?
ACS
What provides additional protective controls at vital areas in the event of human or mechanical failure?
ESS
Destroy classified information no longer required for operational purposes per what reference?
SECNAV M-5210.1
Refer to what reference for IT storage media destruction techniques?
DON IA Pub P-5239-26
Who provides technical guidance concerning appropriate methods, equipment, and standards for the destruction of classified electronic media and processing equipment components?
Directorate for Information Systems Security, NSA
A cross-cut shredder shall reduce the information to shreds no greater than how many square millimeters?
Five
Crosscut shredders purchased prior to 1 January 2003 which reduce the information to shreds no greater than 3/64 inch wide by 1/2 inch long may continue to be used until when?
October 2008
Pulping (wet process) devices with a what size or smaller security screen may be used to destroy classified water-soluble material?
1/4 inch
What may be used to store classified material awaiting destruction at a central destruction facility?
Burn bag
A record of destruction is required for Top Secret information. What form, “Classified Material Destruction Report”?
OPNAV 5511/12
Retain Top Secret records of destruction for how many years?
Five
Destroy record copies of FOUO, SBU, DoD UCNI, DOE UCNI, and unclassified technical documents assigned Distribution Statements B through X, per what reference?
SECNAV M-5210.1
Commanding officers shall ensure that the release of classified information in connection with the transfer to a friendly foreign government is processed per what reference, and that the permission of the Archivist of the
U.S. is obtained before transferring records to other agencies or non-U.S. Government organizations, including
foreign governments?
SECNAVINST 5510.34A
Commanding officers required to develop a Program Protection Plan in accordance with what reference shall levy these requirements on contractors via the contract?
DoD Directive 5200.1-M
Executive Order 12829 established what for safeguarding information classified under references Executive Order 12958 or Title 42, U.S.C., Sections 2011-2284 that is released to industry?
National Industrial Security Program (NISP)
What reference imposes the requirements, restrictions, and safeguards necessary to prevent unauthorized disclosure of classified information released by U.S. Government executive branch departments and agencies to their contractors?
DoD 5220.22-M
What reference establishes the authorities of the Intelligence Related Contracting Coordination Office and establishes policy and assigns responsibilities for the conduct of Intelligence Related Contracting within the DON in order to ensure the protection of sensitive intelligence and/or mission related information during the acquisition process?
SECNAVINST C4200.35
The Director of DSS oversees DoD implementation of the NISP through how many regions comprised of field offices located throughout the U.S.?
Five
When contractors perform work at DON locations other than the command awarding the contract, the awarding command shall inform the new host of the contractual arrangement and forward a copy of the notification of contract award, a copy of the what, and other pertinent documents to the host command?
DD 254
Only a DON contracting command or cleared contractor (industry sponsor) may initiate an FCL process through what?
DSS
An employee of a contractor granted an FCL under the NISP may be processed for a what when the contractor determines that access to classified information is essential to the performance of duty assignment?
PCL
Disclose classified information only to contractors cleared under the what?
NISP
What maintains a database for each cleared facility which contains the FCL level and storage capability?
DSS Central Verification Activity (CVA)
What will verify the security clearance and status of foreign contractor employees?
DSS
A system exists within DoD to certify individuals and enterprises qualified to receive unclassified technical data with military or space application which is accomplished using a what?
DD Form 2345
Certification under the Joint Certification Program establishes the eligibility of a U.S. or Canadian contractor to receive technical data governed by what reference?
OPNAVINST 5510.161
What, with its attachments, supplements, and incorporated references, is designed to provide a contractor with the security requirements and classification guidance needed for performance on a classified contract?
DD 254
What reference addresses visit requirements for contractor employees?
DoD 5220.22-R
GSA commercial carriers may not be used for Top Secret, COMSEC, NATO or what else?
Foreign Government information
Who is responsible for executing the policy and procedures governing the release of intelligence to cleared DoD contractors and is the final appeal authority on release denials
Director, Office of Naval Intelligence (ONI)
Any command releasing intelligence to a cleared DoD contractor is responsible for proper what?
Sanitization
What policy for contractors is intended to facilitate foreign investment by ensuring that foreign firms cannot undermine U.S. security and export controls to gain unauthorized access to classified information?
FOCI
Notification of the possible acquisition of a cleared DoD contractor by a foreign government is provided by DSS to whom?
CNO
If the contractor’s proposal is rejected by DSS, the only remaining method to retain the services of the contractor is via a what?
Special Security Agreement (SSA)
A contractor cleared under an SSA may not have access to proscribed information without what issued by the listed cognizant authority?
National Interest Determination (NID)
The Internal Security Act of what year entrusts commanding officers to protect persons and property against the actions of untrustworthy persons?
1950
What reference establishes the FAD program within the DON to assist commands in making trustworthiness determinations on contractor employees for access eligibility to controlled unclassified information or sensitive areas and equipment under DON control?
SECNAVINST 5510.30B
What is the unauthorized disclosure of classified information to a person(s) who does not have a valid security clearance, authorized access or need-to-know?
Compromise
What occurs when data is placed on an IT system possessing insufficient information security controls to protect the data at the required classification?
Electronic spillage
When a loss or compromise of classified information occurs, the cognizant commanding officer or security manager shall immediately initiate a what?
Preliminary Inquiry (PI)
Who shall be responsible for overseeing the PI?
Security Manager
In the event of compromise or possible compromise on an IT system, the Security Manager shall coordinate with the what to ensure that these incidents are properly reported?
IA Manager (IAM)
A PI shall be initiated and completed within how long of initial discovery of the incident?
72 hours
What investigation is required in the event that disciplinary action is being considered or recommended by the PI, or compromise of classified information is considered likely to have occurred?
JAGMAN
A record of the PI must be kept for how many years?
Two
Report losses or compromises of classified IT systems, terminals, or equipment to the what?
CNO
What are exempt from certain disclosure provisions of Title 5, U.S.C., Section 552a, while JAGMAN investigations are not?
NCIS ROIs
What is a multi-disciplinary analysis to determine the effect of a compromise of classified information on national security?
Damage assessment
What is the unofficial release of DoD classified information to the public resulting in its unauthorized disclosure?
Public media compromise
Security Discrepancy Notices for shall be retrained for how many years?
Two
