1 / 37

Initial Security Briefing

Initial Security Briefing. Introduction.

aletta
Télécharger la présentation

Initial Security Briefing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Initial Security Briefing

  2. Introduction As a cleared facility under contract with the federal government, the protection of sensitive government information (both classified and controlled unclassified), is the responsibility of every employee of {Company Name}, regardless of how it was obtained or what form it takes. Our vigilance is imperative in the protection and control of this information. Under Executive Order (EO) 13526 and DoD Directives anyone with access to these resources has an obligation to protect it. The very nature of our work dictates that we lead the way in sound security practices. This is an obligation that can be satisfied only if each employee accepts personal responsibility for knowing, understanding, and adhering to the regulations and procedures set forth in the {Company Name} Security Procedures and in this Initial Security Briefing.

  3. Required Security Training • As a cleared employee, you are required to receive on-going security training and various security awareness information to include but not limited to: • Initial Security Briefing • Security Orientation • Annual Security Refresher Briefing • Termination Debriefing • Security newsletters • Memorandums • Pamphlets and guides • Periodic bulletins • Computer-based courses

  4. Non-Disclosure Agreement (SF-312) Non-disclosure responsibilities • All personnel authorized to access Classified information must sign a Non-Disclosure Agreement (NDA) with the U.S. Government upon being granted access to classified information at {Company Name} • By signing this agreement you acknowledge: • A special trust has been placed with you • You are responsible to protect classified information from unauthorized disclosure • You have received your security indoctrination for handling classified information and notification of pre-publication review • This is a binding lifetime agreement, even when you no longer require a security clearance • There are serious consequences for not complying with the terms of this agreement which are punishable under Federal criminal statutes, including imprisonment and fines

  5. Guiding Directives • NISPOM: National Industrial Security Program Operating Manual • The principle document governing U.S. industry in carrying out contracts within the U.S. Government Industrial Security Program • {Company Name} is responsible for complying with the requirements of the NISPOM in order to bid on or be awarded a contract involving classified government information • All U.S. classified contracts must be accompanied by a DD Form 254, Contract Security Classification Specification • This form becomes part of the contractual documents and identifies what level of classified information is required to accomplish the contract goals

  6. Understanding Need-to-Know • Established when an individual has a requirement for access in order to perform an essential task or service to fulfill a classified contract or program • Access to classified information requires an appropriate security clearance level and “need-to-know” • Possessing a clearance or working on the same project does not automatically grant individuals a need-to-know • This principle also applies to information systems • It is your responsibility to verify need and clearance before allowing access to limit adversary damage • Failure to do so can and has contributed greatly to espionage cases • Confirmation can be obtained through your immediate supervisor or the Security Department

  7. Classified Information Defined • Sensitive unclassified information in the process of a classification determination must be handled as classified • Classified Information is defined as any information, including oral communications, if improperly disclosed could be detrimental to national security • Information that may be classified: • Military plans, weapons, systems or operations • Foreign Government Information • Intelligence Activities • Cryptology • Foreign Relations or Activities of the U.S. • Scientific, Technological, or Economic Matters • Programs for Safeguarding Nuclear material and/or Facilities • Vulnerabilities or Capabilities of Systems, Installations, Projects, or Plans • Weapons of mass destruction

  8. Classified Information Defined (cont.) Conversations Sample • Classified information comes in all shapes and sizes to include, but is not limited to, the following: • Documents and presentations • Working papers • Emails • Conversations • Faxes • Photographs • Meeting notes • Maps and sketches • Storage media • Equipment and machinery • Other materials

  9. Classification Categories and Levels COMPARTMENTED PROGRAMS SENSITIVE COMPARTMENTED INFORMATION COLLATERAL INFORMATION UNCLASSIFIED INFORMATION SPECIAL ACCESS INFORMATION CONF SECRET TOP SECRET SAR (USAF) SAP (ARMY) SAP (NAVY) SCI (MILITARY) SCI (INTELLIGENCE AGENCIES) • Public • Domain • Non • Public • Domain • CNWDI • NATO • COMSEC ACKNOWLEDGED / UNACKNOWLEDGED ACKNOWLEDGED / UNACKNOWLEDGED • ACQUISITION • INTELLIGENCE • OPERATIONS • INTELLIGENCE SOURCES AND METHODS

  10. Classification Categories and Levels (cont.) CONFIDENTIAL (C) – Requires PROTECTION, unauthorized disclosure could be expected to cause Damage to our national security SECRET (S) – Requires a SUBSTANTIAL DEGREE OF PROTECTION, unauthorized disclosure could be expected to cause Serious Damage to our national security TOP SECRET (TS) – Requires the HIGHEST DEGREE OF PROTECTION, unauthorized disclosure could be expected to cause Exceptionally Grave Damage to our national security

  11. Classification Categories and Levels (cont.) • Classification markings can also be used in conjunction with any of the following caveats: • North Atlantic Treaty Organization (NATO) information • Foreign Government Information (FGI) • Intelligence Information • Critical Nuclear Weapons Design Information (CNWDI) • Restricted Data (RD) • Formerly Restricted Data (FRD) • Communications Security (COMSEC) and Cryptography (CRYPTO) • Special Caveat information requires additional access restrictions and/or handling

  12. Determination of Classifications • Executive Order 13526 and its predecessors establishes a formal system for classification, declassification and safeguarding of U.S. classified information • Original classification - U.S. Government only • All classified material is the property of the U.S. Government and it determines what is classified and at what level • Derivative classification - Industry • Utilized by contractors who incorporate, paraphrase, restate, or newly generate classified information from existing classified material by using the following for derivative classification guidance • Source Document, Security Classification Guide (SCG), and Contract Security Classification Specifications (DD Form 254) • Derivative classifiers • Are responsible for the protection and integrity of classified information • Must possess expertise regarding the subject matter of the classified information, as well as classification management and marking techniques • Must obtain classification training prior to derivatively classifying and receive semiannual training thereafter

  13. Marking Classified Material SECRET Secretary of Defense 1000 Defense Pentagon Washington, DC 20301 (U) Unclassified For Instructional Use Only 1 December 2012 Sample Classified by: SECDEF Reason: 1.4(c) Downgrade to: CONFIDENTIAL on 20151231 Declassify on: 20180930 Warning notices and release statements as appropriate SECRET Markings by original classification authority • Classification markings • Identify the exact information that requires protection • Indicate the level of classification assigned to the information • Provide guidance on downgrading and declassification • Give information on the source(s), reasons for classification, identify the office of origin and document originator applying the classification marking • Provide guidance on information sharing, and warn of special access, control, or safeguarding requirements • Assist with investigations into potential or actual compromise

  14. Marking Classified Material • Overall classification marking centered on • TOP and BOTTOM of each page • FRONT and BACK of entire document • Include Dissemination control SECRET Company Name and Mailing Address ABC Company 123 Anywhere Street Anywhere, USA 12345 • Portion Markings • (TS) for Top Secret • (S) for Secret • (C) for Confidential • (U) for Unclassified Unclassified Subject/Title Marking (U) Unclassified For Instructional Use Only 1 December 2012 Date of Creation Sample Contract Number (for public release purposes) Prime Contract ABC-123-4567-89 Classification Authority Block Classified line is now a requirement on derivative documents. (If derived from multiple sources, a bibliography or reference page must be included) Classified by: John Doe, Director (OCA Name and position title) Derived from: DoD SCG 128 Downgrade to: CONFIDENTIAL on 20151231 Declassify on: 20180930 Declassification Instructions. The date of declassification must be displayed using the following numeric format (20151231) Warning Notices Warning notices and release statements as appropriate SECRET Markings for derivative classified material The following basic markings must appear on all classified material:

  15. Marking Classified Material (cont.)

  16. SECRET (U) AN/SPY Satellite T & C Results 10 June 2005 Classified by: John Doe, Director Derived from: SCG 128, dtd 20040114 Declassify on: 20150610 SECRET Marking Classified Material (cont.) Derived From: Multiple Sources SECRET Bibliography ABC Company 123 Anywhere Street Anywhere, USA 12345 AN/SPY Satellite T&C Results dated 6/10/05 Classified by: John Doe, Director Derived from: SCG 128, dtd 20040114 Declassify on: 20150610 Sample Sample Optical Imagery dated 19971002 Classified by SECDEF Reason: 1.4 (a) Declassify on: X3 (U) Unclassified For Instructional Use Only 1 December 2012 Sample • The multiple sources list must be included with or annotated on the derived document (not just the original file copy). If the document has a bibliography or reference list, this may be used as the sources list. It must be annotated to distinguished as the sources of classification from other references. SECRET Prime Contract ABC-123-4567-89 (U) Optical Imagery Classified by: John Doe, Director (OCA Name and position title) Derived from: Multiple Sources Declassify on: Source marked X3, date of source 19971002 Distribution authorized to the DoD and DoD Contractors only. Sample 2 October 1997 Classified by: SECDEF Reason: 1.4(a) Declassify on: X3 SECRET SECRET

  17. Marking Classified Material (cont.) Upon Creation After 180 Days SECRET SECRET ABC Company 123 Anywhere Street Anywhere, USA 12345 (U) Unclassified For Instructional Use Only 1 December 2012 Working Papers Created 3/1/2012 Working Papers must always be annotated with the term “Working Papers” and the date of creation, marked with overall classification, and safeguarded in accordance with overall classification. Once either 180 days (for SECRET) or 30 days (for TOP SECRET) has been reached, or sooner if being released by the originator outside the facility, documents must be accounted for, controlled, and marked in a manner prescribed for a finished document. Individual pieces of related Working Papers, should be fastened together for ease of tracking. If more than one SCG is used in generation, it is a good idea to indicate this on the Working Papers. (U) Working Papers must always be annotated with the term “Working Papers” and the date of creation, marked with overall classification, and safeguarded in accordance with overall classification. (S) Once either 180 days (for SECRET) or 30 days (for TOP SECRET) has been reached, or sooner if being released by the originator outside the facility, documents must be accounted for, controlled, and marked in a manner prescribed for a finished document. (C) Individual pieces of related Working Papers, should be fastened together for ease of tracking. (U) If more than one SCG is used in generation, it is a good idea to indicate this on the Working Papers. Sample Sample Classified by: Name and position title Derived From: SCG DOD 33, dated 3 March 2004 Declassify on: Source marked X3, date of source 20040303 SECRET SECRET You are responsible for tracking, properly storing, and protecting your working papers!

  18. Marking Classified Material (cont.) Hardware, software, computers, and equipment must reflect the highest level of classification contained therein. Standard labels should be used for all levels of classification. SECRET (U)_____________________________________ SECRET Name and Address of Originating Agency Classified by: Derived from: Declassify on: SECRET (Hardware or Equipment Tag) SECRET SECRET

  19. Control and Accountability • Control and accountability of classified material • Accountable classified material includes TOP SECRET, NATO, COMSEC, and Special Access • The proper functioning of the control process depends on the cooperation and acceptance of individual responsibility • All classified received in or sent from {Company} must be recorded in a receipt and dispatch record system • Facilities holding a TOP SECRET facility clearance must conduct an annual inventory and accounting for all classified materials • Facilities should only maintain classified materials that are needed and have a valid classified contract (DD254) • Conduct annual classified reduction exercises • Reduce holdings during inspections and reviews

  20. Safeguarding and Handling • Classified information requires protection against unauthorized disclosure, therefore it must be • Properly marked, never left unattended, and protected accordingly • Accessed by individuals with a valid security clearance and need-to-know only • The recipient must be informed of the information’s classification level • Only disclose information related to the specific need or purpose • Shall be kept under constant observation by an authorized person or stored in an approved GSA security container • Do not take classified material home, to a hotel, or any other uncleared location • Do not discuss classified information in unauthorized open or public areas, such as reception areas, cafeterias, hallways, restrooms, etc. • When not in actual use, classified material shall be secured in a GSA-approved security container • A locked room, desk or file cabinet is not an approved method of classified storage unless specifically authorized by Security

  21. Safeguarding and Handling (cont.) • When working with classified material • Workspace should be free of clutter • Classified coversheets, folders, and labels must be used to • Screen from uncleared and unauthorized individuals • Warn that the information or system is classified and must be protected accordingly • Must only be processed on classified computers or other equipment approved by the government • When no longer needed, classified material must be • Destroyed by approved methods • Degaussing • Pulverizing • Shredding • When in doubt, contact the Security Department Classified Coversheets and Labels

  22. CLASSIFIED MEETING DO NOT ENTER! Safeguarding and Handling (cont.) • Classified meetings or impromptu classified discussions • Must be conducted in a room with a locking device on the door • If the room has windows, it must have blinds that can be closed to shield from outside observation • Keep conversations at a low speaking volume so those outside cannot discern what is being discussed • A sign must be placed on the door stating: “CLASSIFIED MEETING – DO NOT ENTER” • Classified information can only be transmitted via secure communications methods • Registered U.S. Mail (Secret and below) • Classified Fax • SIPRNet email account • Secure Terminal Equipment (STE) • Authorized Courier

  23. Hand-Carrying Classified Material • Hand-carrying classified material outside the {Company} facilities should only be used as a last resort • Mailing or email via a SIPRNet account is preferred • When hand-carrying classified material externally • Courier must have signed courier letter • All material will be double-wrapped and addressed to the recipient • Carry the material in an inconspicuous briefcase or other suitable carrying case • When aboard commercial passenger aircraft, if challenged by airline personnel • Present a copy of your courier authorization letter and government identification • Inform the individual that classified material is being carried - they may inspect the package, but cannot open it • The material cannot be publicly read, studied, displayed in any manner • Reasonable precautions must be taken to avoid compromise

  24. Hand-Carrying Classified Material (cont.) • Only approved storage facilities can be used for temporary storage • Vehicles, hotel safes or non-GSA approved containers cannot be used for storage • If emergency storage is required, contact the Security Department • If a location cannot be found, then the material must remain in your personal possession at all times or mailed using the United States Postal Service (Express or Registered mail, for secret and below) • Traveling within the continental United States • If classified material is lost or possibly compromised, immediately contact the Security Department and the nearest FBI office (if required) • Local Travel • If classified material is lost or possibly compromised, immediately contact the Security Department

  25. Reproduction of Classified Material • Reproduction of classified material must be essential to • The performance of a contract • Correspondence in connection with a contract • The preparation of a bid, quotation, proposal to a User Agency of the U.S. Government or an authorized contractor • The preparation of a patent application to be filed in the U.S. Patent Office • Reproduction of classified material can only occur on approved equipment when • The individual responsible for its security has provided approval • The information is not classified higher than SECRET (unless specifically prohibited) • The information is not COMSEC or Special Access information • Only the number of copies needed to meet operational requirements can be reproduced and must be destroyed when no longer needed • Persons using reproduction equipment must ensure that all material is retrieved when the job is completed

  26. Closed Areas Security Controls • {Company} maintains physical security controls for Closed Areas that must be adhered to by its employees and visitors: • Admittance is allowed to Closed Areas by employees that have a DoD security clearance, a need-to-know, and are on the access list • Uncleared visitors must be escorted at all times by approved personnel • All visitors must sign the visitor log, if used • Incoming visitor clearances may be forwarded via JPAS (SMO Code number) • Employees and visitors may not bring the following prohibited items into Closed Areas: • Cell phones • Personal electronic devices • Magnetic media storage devices • Recording or photographic devices

  27. CLOSED Closed Areas Security Controls • The following requirements must be met for all Closed Areas at the end of each business day • A Security Record must be in place and completed • If the area has been opened, the following must be checked prior to securing to prevent a security incident: • All Security Containers • All office spaces and conference rooms • Desks, bookshelves, waste baskets, and whiteboards • STE (Secure Terminal Equipment) • Printers, Fax and classified copier machines • Classified AIS systems • End-of-Day Checks must be completed daily, even if the area was not opened • All doors must be listed and checked, including non-entry doors • Security containers located outside of Closed Areas must also be checked during end-of-day checks

  28. Security Container Controls • Security containers should be locked when not in use • Open/Close signs or magnetic markers shall be used as reminders • All security containers must have a security record • The security record must be filled out each time the container is opened, closed, and at the end of the work day check • When locking up, spin the combination dial four complete revolutions in one direction and then four more in the opposite direction • Store all classified documents in “classified” folders or marked with the classification of the material stored within • Store all unclassified documents in manila folders labeled “unclassified” • Unclassified can be kept with classified material but must be distinguishable • Bind each document to avoid loose papers • Staple, paper clip and/or binder clip • Destroy or archive materials that are no longer used

  29. Access Controls – Identification Badges • The {Company} Identification Badge indicates the level of an individual’s DoD security clearance (if any) • Color-coded to designate your clearance level • Verify authorized access of those entering the facility behind you • Your badge must be worn at all times above the waist (and visible) while on the premises • Everyone must prox their badge prior to entering the facility (No tailgating) • Stop and question employees/visitors who are not wearing a identification badge, or contact Security • No one is exempt from wearing a badge at any time while in the building • Your badge shall only be used as {Company} identification only • Remove your badge and store it in a secure location when you leave the property • Report any loss, forgotten or damaged identification badges immediately to the Security Department • A temporary or replacement badge will be provided • Lost badges will be immediately deactivated

  30. Access Controls - Cleared Visitors • Pre-register and provide advance notice to the Security Department of the anticipated visitors • Security Administrator or designee will verify receipt and level of accesses • Escorts must • Appropriately sanitize (as necessary) the area to be visited prior to allowing entrance • If visiting Secure Areas, the escort must sign visitors in and out of the visitors log, if used • Ensure all visitors are only allowed access to areas and information consistent with their level of access and need-to-know • If applicable, ensure all visitor badges are returned at the end of the visit

  31. Access Controls - Uncleared Visitors • Pre-register and provide advance notice to the Security Department of the anticipated visitors • Security Administrator or designee will verify need for access • Escorts must • Be knowledgeable of the visitor’s need for access (i.e., maintenance, etc.) • Sanitize the visit path and destination prior to allowing entrance • If visiting secure areas, the escort must • Sign visitors in and out of the visitors log • Notify staff in the area that an unclassified visitor is in the area • Only share information that is on the public domain • Maintain shoulder-to-shoulder escort for the entire visit • If applicable, ensure all visitor badges are returned at the end of the visit

  32. Access Controls - Classified Visits • {Company} personnel who need to visit other facilities within the U.S. for official classified business must • Submit a Request for Classified Visit electronic form to the Security Department at least five days prior to the visit • This must be completed for all classified visits • The Technical POC and Security POC cannot be the same, must be active employees, and subcontractors cannot be listed as a POC • Non contractual and special meetings/conferences require the endorsement of the Contracting Officer – requires additional lead time • If your VAR is submitted less than 48 hours prior to the visit, the requestor must contact the Security Department • Notifications pertaining to the visit will be handled via email only • Employees are not authorized to hand-carry their Visit Authorization Letter (VAL) to the facility being visited • Coordination of classified visits are handled by the Security Department • The acceptance of the visit is at the discretion of the facility • A 45-day lead time is required for all classified visits to foreign countries

  33. Security Incidents • To maintain its security posture and meet its security obligations to the U.S. Government, {Company} retains the right to take immediate action to prevent the loss or compromise of classified or sensitive information • Once individual culpability for a security violation or deviation is determined through investigation, the Security Department management will assess the implications of the event for the individual and the {Company} security posture • {Company} has a graduated scale of administrative sanctions that will be taken for failing to adhere to established security rules and regulations

  34. Security Incidents (cont.) • Reporting individual culpability to the Department of Defense • {Company} is required to identify the culpable party(s) to a security violation where there is an issue of the individual’s future reliability • Determination to forward a culpability report occurs when one or more of the following factors are revealed: • The violation involved a disregard of security requirements, gross negligence in the handling of classified information, or a pattern of negligence or carelessness even though the incident was not deliberate • Security Violations are costly, but can be prevented by ensuring all individuals remain aware of their security responsibilities • Ignorance will not excuse you from disciplinary action or criminal prosecution

  35. Reporting Requirements • You must report the following: • Security violations or deviations • Loss, compromise, suspected loss or compromise of classified or sensitive information, or theft of {Company} equipment • System viruses, unusual system anomalies • Suspicious activity • Foreign or suspicious contacts • Contacts with U.S. persons representing a foreign interest • Foreign Influence • Foreign travel (TS, SCI, SAP) • Concerns regarding safety and security • Concerns regarding workplace violence • Incidents impacting {Company} systems security or classified contaminations • Lost or stolen identification badges • Adverse Information

  36. Individual Responsibility • As a cleared employee of {Company} you are responsible for: • Becoming familiar with security policies and procedures pertaining to your assigned duties and reporting responsibilities • Reports based solely on rumor or innuendo should not be made • Notifying your Security Department of personal changes that could affect your security clearance • Notifying your Security Department and scheduling a debriefing when you leave the {Company} or your duties change such that you no longer need a security clearance and/or access

  37. Summary Security Take Aways • As stated in the non-disclosure agreement you signed at the start of your employment, a special trust has been placed in you to protect sensitive and classified information • A security clearance is a privilege, not a right • When you accept the privilege of access to classified information, you are also accepting the responsibilities that accompanies this privilege • This is a lifelong responsibility • To assist you in understanding your individual responsibilities, contact the Security Department, attend security education events, complete all required security courses, and read the security policies, U.S. Codes, and other security related materials

More Related