Podcast
Questions and Answers
Which classification levels exist for classified information?
Which classification levels exist for classified information?
What are the forms of classified information?
What are the forms of classified information?
Classified finished documents, classified working papers, classified information identified for destruction, and classification-pending material.
Classified information can be disclosed to unauthorized persons.
Classified information can be disclosed to unauthorized persons.
False
Classified information identified for destruction must be safeguarded until it is destroyed.
Classified information identified for destruction must be safeguarded until it is destroyed.
Signup and view all the answers
Contractors are required to establish an information management system for classified information.
Contractors are required to establish an information management system for classified information.
Signup and view all the answers
All classified information must be numbered in a series.
All classified information must be numbered in a series.
Signup and view all the answers
What must someone have to be authorized to handle classified information?
What must someone have to be authorized to handle classified information?
Signup and view all the answers
Commercial delivery entities can transmit classified information within the U.S.
Commercial delivery entities can transmit classified information within the U.S.
Signup and view all the answers
Only an authorized person may receive and sign for packages that may contain classified information.
Only an authorized person may receive and sign for packages that may contain classified information.
Signup and view all the answers
What is derivative classification?
What is derivative classification?
Signup and view all the answers
What must you do if your copier has stored images of classified information?
What must you do if your copier has stored images of classified information?
Signup and view all the answers
Which of these cases represent good examples to reproduce classified information for operational needs? (Select all that apply)
Which of these cases represent good examples to reproduce classified information for operational needs? (Select all that apply)
Signup and view all the answers
If you are alone making classified copies and the machine jams, is it permissible to ask for help?
If you are alone making classified copies and the machine jams, is it permissible to ask for help?
Signup and view all the answers
Is it permissible for John, an authorized person, to have his administrative assistant make copies of classified information on his behalf?
Is it permissible for John, an authorized person, to have his administrative assistant make copies of classified information on his behalf?
Signup and view all the answers
After noticing some classification markings were cut off, is it permissible to distribute copies of classified information?
After noticing some classification markings were cut off, is it permissible to distribute copies of classified information?
Signup and view all the answers
Is it permissible for Sarah to make three blank copies after making copies of classified information?
Is it permissible for Sarah to make three blank copies after making copies of classified information?
Signup and view all the answers
What must contractors establish regarding classified holdings?
What must contractors establish regarding classified holdings?
Signup and view all the answers
What must contractors do with classified information after the retention period?
What must contractors do with classified information after the retention period?
Signup and view all the answers
If retention is required beyond the standard two-year period, additional retention authorization must be requested from the ______.
If retention is required beyond the standard two-year period, additional retention authorization must be requested from the ______.
Signup and view all the answers
How must contractors identify TOP SECRET information for retention?
How must contractors identify TOP SECRET information for retention?
Signup and view all the answers
What must contractors include in their statement of justification for retention?
What must contractors include in their statement of justification for retention?
Signup and view all the answers
The intended recipient of classified information must assure the sender that they are an authorized person at a facility with classified storage capability.
The intended recipient of classified information must assure the sender that they are an authorized person at a facility with classified storage capability.
Signup and view all the answers
Working papers must be marked in the same manner prescribed for a finished document at the same classification level when it is transmitted outside the facility or retained for more than 180 days from the date of creation.
Working papers must be marked in the same manner prescribed for a finished document at the same classification level when it is transmitted outside the facility or retained for more than 180 days from the date of creation.
Signup and view all the answers
What is the only type of container that may be used to safeguard classified information?
What is the only type of container that may be used to safeguard classified information?
Signup and view all the answers
What labels must be affixed to GSA-approved storage containers?
What labels must be affixed to GSA-approved storage containers?
Signup and view all the answers
What should GSA-approved security containers be periodically checked for?
What should GSA-approved security containers be periodically checked for?
Signup and view all the answers
Which of the following is NOT a type or size of GSA-approved security containers?
Which of the following is NOT a type or size of GSA-approved security containers?
Signup and view all the answers
What does the GSA Test Certification Label indicate?
What does the GSA Test Certification Label indicate?
Signup and view all the answers
What color label indicates a GSA-approved container manufactured post-1990?
What color label indicates a GSA-approved container manufactured post-1990?
Signup and view all the answers
Repairs of storage containers must be completed by appropriately cleared personnel who are trained in approved methods of maintenance.
Repairs of storage containers must be completed by appropriately cleared personnel who are trained in approved methods of maintenance.
Signup and view all the answers
What is required for TOP SECRET information storage?
What is required for TOP SECRET information storage?
Signup and view all the answers
Which of the following requires supplemental protection during non-working hours?
Which of the following requires supplemental protection during non-working hours?
Signup and view all the answers
Which of the following are approved for storing TOP SECRET information (with supplemental controls)?
Which of the following are approved for storing TOP SECRET information (with supplemental controls)?
Signup and view all the answers
What options are approved for storing TOP SECRET information?
What options are approved for storing TOP SECRET information?
Signup and view all the answers
You must keep a written record of the combination lock of any container in which classified information is stored.
You must keep a written record of the combination lock of any container in which classified information is stored.
Signup and view all the answers
Storage of TOP SECRET information always requires supplemental protection or security-in-depth during non-working hours regardless of the type of security container used.
Storage of TOP SECRET information always requires supplemental protection or security-in-depth during non-working hours regardless of the type of security container used.
Signup and view all the answers
When supplemental protection is required, the facility must only use security guards.
When supplemental protection is required, the facility must only use security guards.
Signup and view all the answers
Security checks are required at the end of the last working shift of each day to ensure classified information is properly stored and security containers are locked.
Security checks are required at the end of the last working shift of each day to ensure classified information is properly stored and security containers are locked.
Signup and view all the answers
When must a combination be changed to the lock for a security container used to store classified information?
When must a combination be changed to the lock for a security container used to store classified information?
Signup and view all the answers
In which of these cases would you need to make a report to your DCSA Field Office?
In which of these cases would you need to make a report to your DCSA Field Office?
Signup and view all the answers
What is required when classified information is out of its security container?
What is required when classified information is out of its security container?
Signup and view all the answers
Where may classified information be discussed between authorized persons?
Where may classified information be discussed between authorized persons?
Signup and view all the answers
An authorized person may lock classified information in a desk drawer while going down the hall to get a cup of coffee.
An authorized person may lock classified information in a desk drawer while going down the hall to get a cup of coffee.
Signup and view all the answers
An authorized person is responsible for safeguarding classified information in a restricted area.
An authorized person is responsible for safeguarding classified information in a restricted area.
Signup and view all the answers
An authorized person must escort or control the activities of their classified visitor.
An authorized person must escort or control the activities of their classified visitor.
Signup and view all the answers
What is a best practice regarding reproducing classified information?
What is a best practice regarding reproducing classified information?
Signup and view all the answers
Study Notes
Classification Levels
- Classified information is divided into three levels: CONFIDENTIAL, SECRET, and TOP SECRET.
- Unauthorized disclosure of classified information can cause varying degrees of harm to national security.
- Higher classification levels demand greater protective measures to prevent loss or compromise.
Forms of Classified Information
- Includes finished documents (paper and electronic), working papers, destruction-identified material, and classification-pending materials.
- Classified working papers aid in creating finished documents and must be safeguarded.
- Classification-pending materials need protection at the highest proposed classification level until a determination is made.
Disclosure of Classified Information
- Only authorized persons may access classified information, requiring a favorable personnel clearance, an NDA, and a need-to-know.
- Disclosure can occur orally and is permissible within cleared employees and subcontractors involved in classified work.
- Authorization is needed before sharing classified information with other DOD activities or foreign entities.
Information Management Systems (IMS)
- Contractors must implement an IMS to manage all classified information irrespective of its format.
- An IMS may be as simple as spreadsheets or logs and must account for the lawful use of classified information.
TOP SECRET Accountability
- Records for access and accountability of TOP SECRET information must be maintained throughout its lifecycle.
- Controls ensure procedures for need-to-know validation and retention are enforced.
- TOP SECRET materials must be numbered if not stored electronically, and an annual inventory is mandated.
Receiving Classified Information
- Incoming classified information must be received by authorized personnel, ensuring tampering prevention and security.
- The process of receiving classified material includes examining for tampering and notifying the Facility Security Officer (FSO) if tampering is suspected.
Handling Upon Receipt
- Established procedures are necessary once classified packages are received; tampering must be inspected.
- The designated custodian integrates classified materials into IMS and checks for discrepancies against supplied receipts.
Derivative Classification
- Derivative classification involves creating new classified information from existing classified sources.
- Must properly safeguard and mark any classified materials generated internally, in alignment with guidelines from the Central Office of Record.
Storage of Classified Information
- Only GSA-approved security containers can store classified information, which must meet specific criteria for security.
- Containers must withstand manipulation and protect the contents effectively, with procurement conducted through the GSA Global Supply System.
Key True/False Points
- All classified information requires escalating levels of protection; thus, not all classified information has the same level of safeguarding.
- An individual’s clearance level must match the classified information received; only authorized persons may sign for packages containing classified material.
Working Papers
- Working papers must be dated, marked at the highest classification level, and annotated as "WORKING PAPERS."
- They should be destroyed when no longer needed and must follow transmission requirements akin to finished documents when retained beyond 180 days.### GSA-Approved Storage Containers
- Label Requirements: Must display a GSA test certification label on the side of the locking drawer and a GSA-approved security container label on the left side of an upper drawer.
- Repair Certification: If repaired, obtain locksmith certification confirming no compromise to the container's integrity.
- Special Repair Requirements: Broken containers have specific repair protocols.
Hazards - Integrity Compromises & Deliberate Attacks
- Regular inspections for hidden drilled holes or openings are essential to maintain security integrity.
- Security personnel should check areas behind labels for undetected damage.
Types & Sizes of GSA-Approved Security Containers
- Available types include 2-drawer, 4-drawer, and 5-drawer options, as well as legal and letter sizes.
- Can be designed with single, dual, or multi-lock systems, and there's availability of map and plan containers.
GSA Test Certification Label
- Indicates the security container's class, which rates its resistance against unauthorized entry.
- New containers are only available in Class 5 and Class 6.
GSA Approved Label
- Confirms the container's compliance with GSA standards.
- Color code indicates age: black for pre-1990 and red for post-1990 (with specialized locking mechanisms).
Repair Protocols for GSA-Approved Security Containers
- Must be repaired by trained, cleared personnel using approved methods.
- All repairs must restore the container's original security integrity and be documented with certification.
Storage Areas for Classified Information
- Two main types: approved vaults and open storage areas.
- Vaults require substantial construction and are equivalent in security to GSA-approved containers.
- Open storage is more affordable but requires agreement with the Cognizant Security Agency (CSA) on security measures.
Guards and Security Measures
- Only facilities using guards before 1995 are grandfathered to continue using them; newer facilities cannot.
- Security containers, vaults, and open storage areas must be locked when unsupervised, using either combination locks or padlocks.
Combination Locks
- Built-in combination locks are the most common for securing classified information.
- Approved models must meet Federal specifications, and older locks can still be used until inoperable.
- Combination padlocks are also permissible, with specific models approved for use.
Protecting Combinations
- Limit knowledge of combinations to authorized personnel and maintain a secure record.
- Protect recorded combinations at the same security level as the information being stored.
- Use memorable yet secure methods for creating combinations to minimize reliance on written documentation.
Special Requirements for One-Person Facilities
- Current combinations must be reported to the CSA, and notification procedures must be in place for personnel incapacitation.
Change of Combinations
- Combinations should be changed frequently, especially at initial use, when personnel with knowledge of them leave or if the lock is suspected compromised.
Keys and Padlocks
- High-security keyed padlocks are applicable, although not as commonly used as combination locks.
- Guidelines include appointing a custodian for keys, maintaining a registry, and performing monthly audits.
Supplemental Protection Mechanisms
- Intrusion detection systems (IDS) may be required for supplemental protection, while security guards are limited based on historical authorization.
- Guards must perform regular rounds to safeguard TOP SECRET and SECRET information.
Security Measures Based on Classification Level
- Requirements vary greatly by classification: TOP SECRET mandates strict measures; SECRET relies on open containers without supplemental controls; CONFIDENTIAL does not require additional protection.
Security-In-Depth (SID)
- Determined by the CSA based on layered security protocols to deter unauthorized access.
Reporting Obligations to CSA
- Various reports such as "Change in Storage Capability" and "Inability to Safeguard Classified Material" must be submitted to the DCSA field office for compliance with security requirements.
End-of-Day Security Checks
- Necessary to confirm all classified information is secured; documentation of these checks is recommended, using Standard Form (SF) 702 for organization.### Power Outage Procedures
- Classified information must be continuously protected until the alarm system is restored.
- An appropriately cleared authorized person must oversee classified materials during outages.
Physical Handling Classified Information (1)
- Contractors are responsible for safeguarding classified information in their control.
- When not in a security container, classified info requires constant surveillance by an authorized person.
- If the authorized person must leave, classified information must be secured or monitored by another authorized individual.
- When unauthorized persons are present, classified information must be covered or returned to its container.
Physical Handling Classified Information (2)
- Prevent unauthorized view of classified information on computer screens according to the system's security plan.
- Conduct area checks to ensure classified information is properly stored or monitored.
- After classified work, return all materials to secure containers.
Restricted Areas
- Establish restricted areas for controlling access to classified information in open settings.
- Restricted areas may not require physical barriers, but must have clear perimeters.
- Authorized persons in these areas are responsible for preventing unauthorized access.
- Once classified work is done, all materials should be returned to secure storage.
Perimeter Controls (1)
- Perimeter controls include inspections to deter unauthorized access to classified information.
- Contractors storing classified info must maintain such controls and post inspection signs.
Perimeter Controls (2)
- Inspections must follow consistent procedures aligned with operational needs.
- Seek legal advice when setting up inspection policies.
Emergency Procedures
- Develop simple and practical procedures for safeguarding classified info during emergencies.
- Ensure safety of employees is a priority during emergency planning.
Classified Visits
- Verify visitor's identity, clearance, and need-to-know before sharing classified information.
- Brief visitors on security procedures and control their access during visits.
- Ensure all classified materials handled by visitors are returned after their visit.
Oral Classified Discussions (1)
- Discuss classified information only over secure communication channels.
- Avoid discussing in unsecured areas or over unsecure devices.
Oral Classified Discussions (2)
- Implement robust security education to ensure employees understand discussion protocols.
- Classify information disclosure strictly to authorized individuals only.
Wireless Devices
- Prohibit use of wireless devices (like cell phones) to prevent accidental classification leaks.
- Different devices mandate distinct security measures based on their capabilities.
True or False Questions
- An authorized person cannot leave classified information unsecured (false).
- An authorized person may turn classified documents face down when unauthorized individuals are present (true).
- Responsibilities for protecting classified information in restricted areas fall to authorized individuals (true).
- Authorized personnel must always control the movements of classified visitors (false, they must escort them).
Government Contracting Activity (GCA) - Authorizations
- Obtain prior authorization from GCA before reproducing classified information.
- The reproduction is allowed only for operational needs or contract deliverables.
Procedures - Copy Requirements
- Limit reproduction of classified information to operationally necessary amounts.
- Only authorized personnel knowledgeable about security procedures may reproduce classified materials.
Procedures - Reproduction Request
- Consider requiring formal reproduction requests to ensure proper handling of classified information.
Procedures - Equipment Requirements
- All copying and printing devices used for classified work must be authorized.
- Consult with security representatives before using such devices.
Best Practices
- Use designated equipment for reproducing classified materials.
- Ensure only the necessary number of copies are made and accounted for.
- Eliminate any images from copier memory by making blank copies afterward.
Retention Requirements
- Regularly review classified holdings to minimize inventory.
- Classified information can be retained for two years post-contract unless otherwise directed by GCA.
- Justifications are required for extensions beyond two years.
Retention - Classified Information
- Different identification requirements exist for retention; TOP SECRET needs specific documentation, while SECRET and CONFIDENTIAL can be general.
Justification for Retention
- Retain classified information when necessary for essential records or proprietary data ownership.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz reviews the classification levels of information within the National Industrial Security Program (NISP). Participants will learn about the definitions and implications of CONFIDENTIAL, SECRET, and TOP SECRET classifications and their importance to national security. Test your knowledge and understanding of safeguarding classified information.
