LRAFB SFPC - Classified Information Levels

Questions and Answers

Which classification levels exist for classified information?

TOP SECRET (correct)

CONFIDENTIAL (correct)

NONE

SECRET (correct)

What are the forms of classified information?

Classified finished documents, classified working papers, classified information identified for destruction, and classification-pending material.

Classified information can be disclosed to unauthorized persons.

False

Classified information identified for destruction must be safeguarded until it is destroyed.

True

Contractors are required to establish an information management system for classified information.

True

All classified information must be numbered in a series.

False

What must someone have to be authorized to handle classified information?

Need-to-know, favorable determination of eligibility (personnel clearance), and a signed nondisclosure agreement.

Commercial delivery entities can transmit classified information within the U.S.

True

Only an authorized person may receive and sign for packages that may contain classified information.

True

What is derivative classification?

The process of incorporating, paraphrasing, or restating classified information and marking it consistently.

What must you do if your copier has stored images of classified information?

Erase all stored images according to the manufacturer's instructions.

Which of these cases represent good examples to reproduce classified information for operational needs? (Select all that apply)

SECRET and CONFIDENTIAL documents in the performance of a prime contract or a subcontract

If you are alone making classified copies and the machine jams, is it permissible to ask for help?

Problematic

Is it permissible for John, an authorized person, to have his administrative assistant make copies of classified information on his behalf?

Permissible

After noticing some classification markings were cut off, is it permissible to distribute copies of classified information?

Permissible

Is it permissible for Sarah to make three blank copies after making copies of classified information?

Problematic

What must contractors establish regarding classified holdings?

Procedures for reviewing their classified holdings on a regular basis to reduce classified inventories.

What must contractors do with classified information after the retention period?

Destroy, declassify if appropriate, or return to the Government Contracting Activity.

If retention is required beyond the standard two-year period, additional retention authorization must be requested from the ______.

Government Contracting Activity

How must contractors identify TOP SECRET information for retention?

By general subject matter

What must contractors include in their statement of justification for retention?

Material is considered obsolete

The intended recipient of classified information must assure the sender that they are an authorized person at a facility with classified storage capability.

False

Working papers must be marked in the same manner prescribed for a finished document at the same classification level when it is transmitted outside the facility or retained for more than 180 days from the date of creation.

True

What is the only type of container that may be used to safeguard classified information?

GSA-approved security container

What labels must be affixed to GSA-approved storage containers?

GSA test certification label and GSA-approved security container label

What should GSA-approved security containers be periodically checked for?

Integrity compromises and attacks

Which of the following is NOT a type or size of GSA-approved security containers?

Ruggedized container

What does the GSA Test Certification Label indicate?

Class of security container

What color label indicates a GSA-approved container manufactured post-1990?

Red

Repairs of storage containers must be completed by appropriately cleared personnel who are trained in approved methods of maintenance.

True

What is required for TOP SECRET information storage?

All of the above

Which of the following requires supplemental protection during non-working hours?

TOP SECRET information

Which of the following are approved for storing TOP SECRET information (with supplemental controls)?

Open storage area

What options are approved for storing TOP SECRET information?

GSA-approved container

You must keep a written record of the combination lock of any container in which classified information is stored.

False

Storage of TOP SECRET information always requires supplemental protection or security-in-depth during non-working hours regardless of the type of security container used.

True

When supplemental protection is required, the facility must only use security guards.

False

Security checks are required at the end of the last working shift of each day to ensure classified information is properly stored and security containers are locked.

True

When must a combination be changed to the lock for a security container used to store classified information?

At the initial use of an approved container or lock.

In which of these cases would you need to make a report to your DCSA Field Office?

Both A and B

What is required when classified information is out of its security container?

It must be kept under constant surveillance of an authorized person.

Where may classified information be discussed between authorized persons?

On secure telephones.

An authorized person may lock classified information in a desk drawer while going down the hall to get a cup of coffee.

False

An authorized person is responsible for safeguarding classified information in a restricted area.

True

An authorized person must escort or control the activities of their classified visitor.

False

What is a best practice regarding reproducing classified information?

Use equipment specifically designated for reproducing classified information.

Study Notes

Classification Levels

• Classified information is divided into three levels: CONFIDENTIAL, SECRET, and TOP SECRET.
• Unauthorized disclosure of classified information can cause varying degrees of harm to national security.
• Higher classification levels demand greater protective measures to prevent loss or compromise.

Forms of Classified Information

• Includes finished documents (paper and electronic), working papers, destruction-identified material, and classification-pending materials.
• Classified working papers aid in creating finished documents and must be safeguarded.
• Classification-pending materials need protection at the highest proposed classification level until a determination is made.

Disclosure of Classified Information

• Only authorized persons may access classified information, requiring a favorable personnel clearance, an NDA, and a need-to-know.
• Disclosure can occur orally and is permissible within cleared employees and subcontractors involved in classified work.
• Authorization is needed before sharing classified information with other DOD activities or foreign entities.

Information Management Systems (IMS)

• Contractors must implement an IMS to manage all classified information irrespective of its format.
• An IMS may be as simple as spreadsheets or logs and must account for the lawful use of classified information.

TOP SECRET Accountability

• Records for access and accountability of TOP SECRET information must be maintained throughout its lifecycle.
• Controls ensure procedures for need-to-know validation and retention are enforced.
• TOP SECRET materials must be numbered if not stored electronically, and an annual inventory is mandated.

Receiving Classified Information

• Incoming classified information must be received by authorized personnel, ensuring tampering prevention and security.
• The process of receiving classified material includes examining for tampering and notifying the Facility Security Officer (FSO) if tampering is suspected.

Handling Upon Receipt

• Established procedures are necessary once classified packages are received; tampering must be inspected.
• The designated custodian integrates classified materials into IMS and checks for discrepancies against supplied receipts.

Derivative Classification

• Derivative classification involves creating new classified information from existing classified sources.
• Must properly safeguard and mark any classified materials generated internally, in alignment with guidelines from the Central Office of Record.

Storage of Classified Information

• Only GSA-approved security containers can store classified information, which must meet specific criteria for security.
• Containers must withstand manipulation and protect the contents effectively, with procurement conducted through the GSA Global Supply System.

Key True/False Points

• All classified information requires escalating levels of protection; thus, not all classified information has the same level of safeguarding.
• An individual’s clearance level must match the classified information received; only authorized persons may sign for packages containing classified material.

Working Papers

• Working papers must be dated, marked at the highest classification level, and annotated as "WORKING PAPERS."
• They should be destroyed when no longer needed and must follow transmission requirements akin to finished documents when retained beyond 180 days.### GSA-Approved Storage Containers
• Label Requirements: Must display a GSA test certification label on the side of the locking drawer and a GSA-approved security container label on the left side of an upper drawer.
• Repair Certification: If repaired, obtain locksmith certification confirming no compromise to the container's integrity.
• Special Repair Requirements: Broken containers have specific repair protocols.

Hazards - Integrity Compromises & Deliberate Attacks

• Regular inspections for hidden drilled holes or openings are essential to maintain security integrity.
• Security personnel should check areas behind labels for undetected damage.

Types & Sizes of GSA-Approved Security Containers

• Available types include 2-drawer, 4-drawer, and 5-drawer options, as well as legal and letter sizes.
• Can be designed with single, dual, or multi-lock systems, and there's availability of map and plan containers.

GSA Test Certification Label

• Indicates the security container's class, which rates its resistance against unauthorized entry.
• New containers are only available in Class 5 and Class 6.

GSA Approved Label

• Confirms the container's compliance with GSA standards.
• Color code indicates age: black for pre-1990 and red for post-1990 (with specialized locking mechanisms).

Repair Protocols for GSA-Approved Security Containers

• Must be repaired by trained, cleared personnel using approved methods.
• All repairs must restore the container's original security integrity and be documented with certification.

Storage Areas for Classified Information

• Two main types: approved vaults and open storage areas.
• Vaults require substantial construction and are equivalent in security to GSA-approved containers.
• Open storage is more affordable but requires agreement with the Cognizant Security Agency (CSA) on security measures.

Guards and Security Measures

• Only facilities using guards before 1995 are grandfathered to continue using them; newer facilities cannot.
• Security containers, vaults, and open storage areas must be locked when unsupervised, using either combination locks or padlocks.

Combination Locks

• Built-in combination locks are the most common for securing classified information.
• Approved models must meet Federal specifications, and older locks can still be used until inoperable.
• Combination padlocks are also permissible, with specific models approved for use.

Protecting Combinations

• Limit knowledge of combinations to authorized personnel and maintain a secure record.
• Protect recorded combinations at the same security level as the information being stored.
• Use memorable yet secure methods for creating combinations to minimize reliance on written documentation.

Special Requirements for One-Person Facilities

• Current combinations must be reported to the CSA, and notification procedures must be in place for personnel incapacitation.

Change of Combinations

• Combinations should be changed frequently, especially at initial use, when personnel with knowledge of them leave or if the lock is suspected compromised.

Keys and Padlocks

• High-security keyed padlocks are applicable, although not as commonly used as combination locks.
• Guidelines include appointing a custodian for keys, maintaining a registry, and performing monthly audits.

Supplemental Protection Mechanisms

• Intrusion detection systems (IDS) may be required for supplemental protection, while security guards are limited based on historical authorization.
• Guards must perform regular rounds to safeguard TOP SECRET and SECRET information.

Security Measures Based on Classification Level

• Requirements vary greatly by classification: TOP SECRET mandates strict measures; SECRET relies on open containers without supplemental controls; CONFIDENTIAL does not require additional protection.

Security-In-Depth (SID)

• Determined by the CSA based on layered security protocols to deter unauthorized access.

Reporting Obligations to CSA

• Various reports such as "Change in Storage Capability" and "Inability to Safeguard Classified Material" must be submitted to the DCSA field office for compliance with security requirements.

End-of-Day Security Checks

• Necessary to confirm all classified information is secured; documentation of these checks is recommended, using Standard Form (SF) 702 for organization.### Power Outage Procedures
• Classified information must be continuously protected until the alarm system is restored.
• An appropriately cleared authorized person must oversee classified materials during outages.

Physical Handling Classified Information (1)

• Contractors are responsible for safeguarding classified information in their control.
• When not in a security container, classified info requires constant surveillance by an authorized person.
• If the authorized person must leave, classified information must be secured or monitored by another authorized individual.
• When unauthorized persons are present, classified information must be covered or returned to its container.

Physical Handling Classified Information (2)

• Prevent unauthorized view of classified information on computer screens according to the system's security plan.
• Conduct area checks to ensure classified information is properly stored or monitored.
• After classified work, return all materials to secure containers.

Restricted Areas

• Establish restricted areas for controlling access to classified information in open settings.
• Restricted areas may not require physical barriers, but must have clear perimeters.
• Authorized persons in these areas are responsible for preventing unauthorized access.
• Once classified work is done, all materials should be returned to secure storage.

Perimeter Controls (1)

• Perimeter controls include inspections to deter unauthorized access to classified information.
• Contractors storing classified info must maintain such controls and post inspection signs.

Perimeter Controls (2)

• Inspections must follow consistent procedures aligned with operational needs.
• Seek legal advice when setting up inspection policies.

Emergency Procedures

• Develop simple and practical procedures for safeguarding classified info during emergencies.
• Ensure safety of employees is a priority during emergency planning.

Classified Visits

• Verify visitor's identity, clearance, and need-to-know before sharing classified information.
• Brief visitors on security procedures and control their access during visits.
• Ensure all classified materials handled by visitors are returned after their visit.

Oral Classified Discussions (1)

• Discuss classified information only over secure communication channels.
• Avoid discussing in unsecured areas or over unsecure devices.

Oral Classified Discussions (2)

• Implement robust security education to ensure employees understand discussion protocols.
• Classify information disclosure strictly to authorized individuals only.

Wireless Devices

• Prohibit use of wireless devices (like cell phones) to prevent accidental classification leaks.
• Different devices mandate distinct security measures based on their capabilities.

True or False Questions

• An authorized person cannot leave classified information unsecured (false).
• An authorized person may turn classified documents face down when unauthorized individuals are present (true).
• Responsibilities for protecting classified information in restricted areas fall to authorized individuals (true).
• Authorized personnel must always control the movements of classified visitors (false, they must escort them).

Government Contracting Activity (GCA) - Authorizations

• Obtain prior authorization from GCA before reproducing classified information.
• The reproduction is allowed only for operational needs or contract deliverables.

Procedures - Copy Requirements

• Limit reproduction of classified information to operationally necessary amounts.
• Only authorized personnel knowledgeable about security procedures may reproduce classified materials.

Procedures - Reproduction Request

• Consider requiring formal reproduction requests to ensure proper handling of classified information.

Procedures - Equipment Requirements

• All copying and printing devices used for classified work must be authorized.
• Consult with security representatives before using such devices.

Best Practices

• Use designated equipment for reproducing classified materials.
• Ensure only the necessary number of copies are made and accounted for.
• Eliminate any images from copier memory by making blank copies afterward.

Retention Requirements

• Regularly review classified holdings to minimize inventory.
• Classified information can be retained for two years post-contract unless otherwise directed by GCA.
• Justifications are required for extensions beyond two years.

Retention - Classified Information

• Different identification requirements exist for retention; TOP SECRET needs specific documentation, while SECRET and CONFIDENTIAL can be general.

Justification for Retention

• Retain classified information when necessary for essential records or proprietary data ownership.

Description

This quiz reviews the classification levels of information within the National Industrial Security Program (NISP). Participants will learn about the definitions and implications of CONFIDENTIAL, SECRET, and TOP SECRET classifications and their importance to national security. Test your knowledge and understanding of safeguarding classified information.