Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Safeguarding Classified Information in the NISP, Schemes and Mind Maps of Construction

Throughout this course you will learn the safeguarding requirements for each of these types of classified information. Screen text: You must safeguard all forms ...

Typology: Schemes and Mind Maps

2021/2022

Uploaded on 09/27/2022

lovefool
lovefool 🇬🇧

4.5

(21)

293 documents

1 / 64

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Safeguarding Classified Information in the NISP Product #: IS109
Student Guide
Center for Development of Security Excellence (CDSE) 1
Safeguarding Classified Information in the NISP
Course Introduction
Course Information
Narration: Welcome to the Safeguarding Classified Information in the National Industrial
Security Program, or NISP, Course.
Screen text: Safeguarding Classified Information in the NISP
Course Information
Purpose: Provide a thorough understanding of the requirements for safeguarding classified
material in the NISP as delineated in the National Industrial Security Program
Operating Manual (NISPOM)
Audience:
Contractor Facility Security Officers
Security staff of cleared DoD contractors participating in the NISP
DSS Industrial Security Representatives
DoD Industrial Security Specialists
Pass/Fail: 75% on final examination
Estimated completion time: 150 minutes
Course Resources
Course Overview
Narration: Safeguarding classified information is imperative for our national security.
Safeguarding classified information means being able to securely receive, use, store, transmit,
reproduce, and appropriately dispose of classified information either generated by or entrusted to
your company.
Requirements for safeguarding classified information in the NISP are stated in DoD 5220.22-M,
the National Industrial Security Program Operating Manual, or NISPOM.
In this course, you will learn about the measures you and your company must take to ensure that
classified information is protected from loss or compromise.
Screen text:
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40

Partial preview of the text

Download Safeguarding Classified Information in the NISP and more Schemes and Mind Maps Construction in PDF only on Docsity!

Student Guide

Safeguarding Classified Information in the NISP

Course Introduction

Course Information

Narration: Welcome to the Safeguarding Classified Information in the National Industrial Security Program, or NISP, Course.

Screen text: Safeguarding Classified Information in the NISP

Course Information

Purpose: Provide a thorough understanding of the requirements for safeguarding classified material in the NISP as delineated in the National Industrial Security Program Operating Manual (NISPOM)

Audience:

  • Contractor Facility Security Officers
  • Security staff of cleared DoD contractors participating in the NISP
  • DSS Industrial Security Representatives
  • DoD Industrial Security Specialists

Pass/Fail: 75% on final examination

Estimated completion time: 150 minutes

Course Resources

Course Overview

Narration: Safeguarding classified information is imperative for our national security.

Safeguarding classified information means being able to securely receive, use, store, transmit, reproduce, and appropriately dispose of classified information either generated by or entrusted to your company.

Requirements for safeguarding classified information in the NISP are stated in DoD 5220.22-M, the National Industrial Security Program Operating Manual, or NISPOM.

In this course, you will learn about the measures you and your company must take to ensure that classified information is protected from loss or compromise. Screen text:

Student Guide

Safeguard classified information when:

  • Receiving
  • Using
  • Storing
  • Transmitting
  • Reproducing
  • Disposing

For more information see NISPOM Chapter 5: Safeguarding Classified Information

Course Objectives

Screen text:

Course Objectives:

  • Identify the general requirements for safeguarding classified information
  • Identify the requirements for control and accountability of classified information
  • Identify options and requirements for storage of classified information
  • Identify requirements for disclosure of classified information
  • Identify requirements for reproduction of classified information
  • Identify requirements for disposition of classified information

Course Structure

Screen text:

Lessons

  • Course Introduction
  • Basic Concepts
  • Obtaining Classified Information
  • Storing Classified Information
  • Using Classified Information
  • Reproducing Classified Information
  • Disposition of Classified Information
  • Practical Exercise
  • Course Conclusion

Student Guide

TOP SECRET rollover text: The classification level applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe.

Forms of Classified Information

Narration: All forms of classified information must be protected. Forms of classified information include classified finished or final documents, both paper-based and electronic, classified working papers, classified waste, and classification-pending material.

Classified working papers are documents that are generated in the preparation of a finished document.

Classified waste is classified information that is no longer needed and is pending destruction.

Classification-pending documents are documents that require a classification determination from the Government Contracting Activity, or GCA. These documents must be safeguarded in accordance with the proposed highest classification level until guidance is received from the GCA.

Throughout this course you will learn the safeguarding requirements for each of these types of classified information.

Screen text: You must safeguard all forms of classified information!

Classified Documents Working Papers Classified Waste Classification-Pending Documents Electronic Documents and Media

Disclosure to Authorized Persons

Narration: You must ensure that classified information is disclosed only to authorized persons. An authorized person is someone who has a need-to-know for classified information in the performance of official duties and who has been granted a personnel clearance at the required level.

So you are only authorized to disclose classified information to your cleared employees, to another cleared contractor or sub-contractor, to a cleared parent company or subsidiary, within a multiple facility organization, or MFO, to DoD activities, or to Federal agencies when their access is necessary for the performance of tasks or services essential to the fulfillment of a classified contract, prime contract, or subcontract.

Student Guide

Note that disclosure of classified information may be done in oral form. This will be discussed later in the course.

Screen text:

Disclose classified information to:

  • Authorized persons who have: o Need-to-know o Personnel clearance (PCL)
  • Authorized persons who are: o Cleared employees o Cleared contractors o Cleared sub-contractors o Cleared parents or subsidiaries
  • Cleared facilities of a multiple facility organization (MFO)
  • DoD activities
  • Federal agencies
  • Fulfill the requirements of a: o Classified contract o Prime contract o Subcontract

Authorized persons rollover text: A person who has a need-to-know for classified information in the performance of official duties and who has been granted a personnel clearance (PCL) at the required level.

Classified contract rollover text: Any contract requiring access to classified information by a contractor or his or her employees in the performance of the contract. A contract may be a classified contract even though the contract document is not classified. The requirements prescribed for a “classified contract” also are applicable to all phases of the pre-contract activity.

Cleared contractor’s rollover text: To become a cleared contractor, a company must obtain a Facility Clearance (FCL) which is an administrative determination that, from a security viewpoint, a company is eligible for access to classified information of a certain category (and all lower categories).

Multiple facility organization rollover text: A multiple facility organization (MFO) is a legal entity (single proprietorship, partnership, association, trust, or corporation) composed of two or more contractor facilities.

Personnel clearance (PCL) rollover text: A personnel clearance (PCL) is an administrative determination that an individual is eligible, from a security point of view, for access to classified information of the same or lower category as the level of the

Student Guide

Information Management System

Narration: Contractors are required to establish an information management system to protect and control the classified information in their possession. The purpose of this requirement is to ensure that you have the capability to retrieve classified information when it is necessary and to ensure the appropriate disposition of classified information in a reasonable period of time.

The information management system may be in the form of an electronic database or as simple as a spreadsheet or log. You merely have to demonstrate capability for timely retrieval of classified information within the company and the capability to dispose of any and all classified information in the facility’s possession when required to do so.

Screen text:

Information management system:

  • Protect and control classified information o Retrieve information o Ensure disposition
  • No specific format required o Electronic database o Spreadsheet o Log
  • Timely retrieval and disposal of classified information is required

Top Secret Accountability

Narration: Access and accountability records must be kept at various points in the Top Secret information lifecycle.

When Top Secret information is produced by a contractor, a record must be kept indicating when the finished document was completed, when the information is retained for more than 180 days regardless of its stage of development, or when it is transmitted inside or outside the facility.

For more information about transmitting outside the facility, refer to the Transmission and Transportation for Industry e-Learning course offered by the Center for Development of Security Excellence, or CDSE.

Each TOP SECRET item must be numbered in a series and the copy number must be placed on TOP SECRET documents and all associated transaction documents. Top Secret control officials must be designated to receive, transmit, and maintain access and accountability records for Top Secret information. An inventory must be conducted annually unless a written exception is obtained from the GCA.

Screen text:

Student Guide

Records must be kept for TOP SECRET information produced by a contractor when:

  • Finished document is completed
  • Information is retained for more than 180 days
  • Information is transmitted inside or outside the facility

Other requirements:

  • Top Secret control officials must be designated to receive, transmit, and maintain access and accountability records
  • Conduct annual inventory unless a written exception is obtained from the GCA

Callout text: Transmission and Transportation for Industry Course (IS107.16)

Review Activity 1

Screen text:

All classified information should be afforded the same level of protection regardless of the classification level of the information. o True o False

Classified waste must be safeguarded until it is destroyed. o True o False

Contractors are required to establish an information management system to protect and control classified information in their possession. o True o False

All classified information must be numbered in a series. o True o False

Answer Key: All classified information should be afforded the same level of protection regardless of the classification level of the information. o True  False

Classified waste must be safeguarded until it is destroyed.  True o False Contractors are required to establish an information management system to protect and control classified information in their possession.

Student Guide

Obtaining Classified Information

Objectives

Narration: Contractors can obtain classified information either by receiving it from the government or another cleared contractor, or by generating it internally. In this lesson you will learn about the guideline’s contractors must follow in obtaining classified information.

Screen text: Obtaining Classified Information

Lesson Objectives:

  • Identify the contractor’s responsibilities and procedures in receiving classified information
  • Identify the contractor’s responsibilities and procedures in generating classified or derivatively classifying information

Clearance of Receiving Individual

Narration: Classified material coming into a facility must be received directly by authorized personnel, whether it’s in the form of a package, envelope, fax, email, or phone call.

An authorized person means a cleared person who has been assigned this duty and, therefore, has a need-to-know. This means that the individual who picks up the mail or accepts deliveries from the U.S. Postal Service or commercial delivery companies approved for transmitting classified material must be cleared to the level of the classified material expected to be received by the contractor.

All employees who are authorized to receive or sign for U.S. Registered or U.S. Express mail must have Secret clearances. Likewise, employees who are authorized to receive or sign for U.S. Certified Mail must have CONFIDENTIAL clearances. If the person who normally accepts deliveries is not cleared, that individual must call the Facility Security Officer, or FSO, or other cleared person to sign for packages that require signatures.

If no cleared employee is available, the uncleared person must refuse the package. This is true even if the uncleared person does not have any intention of ever opening the package. In the case of delivery to a P.O. Box, an authorized person must go to the post office, unlock the post office box, sign for its contents when a signature is required, and bring the classified information directly back to the facility.

For more information on authorized methods for transporting and transmitting classified information, refer to the Transmission and Transportation for Industry e-Learning course offered by the Center for Development of Security Excellence, or CDSE.

Screen text:

Student Guide

Classified Information must be:

  • Received directly by an authorized person who: o Has a need-to-know o Is cleared to the level of the classified material
  • Refused if an authorized person is not available to receive the package
  • Picked up and signed for by an authorized person, if delivered to a P.O. Box

To sign for packages that arrive via:

Clearance required:

U.S. Registered Mail U.S. Express Mail

SECRET

U.S. Certified Mail CONFIDENTIAL

Handling Upon Receipt

Narration: Once a Registered or Certified package has been received by an authorized person, he or she should examine the outer package for evidence of tampering. If the receiver suspects tampering, the Facility Security Officer, or FSO, should be immediately notified.

The FSO or another cleared employee that the FSO has delegated the responsibility to perform these duties should first determine if the package contains classified information by inspecting the inner package.

If it does contain classified information and the inner package has been tampered with, then the FSO or designee must conduct an inquiry and determine whether a loss, compromise or suspected compromise of classified information in accordance with the NISPOM had occurred. If a loss, compromise or suspected compromise has occurred, the FSO must notify both the sender and their Cognizant Security Office, or CSO.

If the receiver does not suspect any tampering on the outer package, they must immediately turn the package over to the designated document custodian, who may be the FSO or the FSO’s designee for processing. If the designated custodian is not able to open and process the package at that time, it must be protected as if it were classified until it is opened and a classification determination is made.

When the designated custodian opens and processes the package, the inner package should also be inspected for evidence of tampering.

If tampering is detected, the FSO or designee must conduct an inquiry and determine whether a loss, compromise or suspected compromise of classified information in accordance with the NISPOM had occurred. If a loss, compromise or suspected compromise has occurred, the FSO must notify both the sender and their CSO.

Student Guide

IMS rollover text: Information Management System

JPAS rollover text: Joint Personnel Adjudication System

N-T-K rollover text: Need-to-know

tampering rollover text: Tampering is a deliberate attempt to gain illegal or unauthorized access to the contents of a shipment.

TS/S rollover text: Top Secret/Secret

From Commercial Carriers

Narration: When a shipment is received via a cleared commercial carrier, usually a trucking firm, the sender notifies the recipient in advance as to when the shipment is to be expected. If the shipment is not received within 48 hours after the expected time of arrival, the recipient must contact the sender immediately.

For more detailed information, refer to the Transmission and Transportation for Industry e- Learning course offered by CDSE.

Screen text:

When packages are received via cleared commercial carriers:

  • Sender notifies recipient of expected arrival date
  • Recipient notifies sender if package not received within 48 hours of expected date

Derivatively Classified Material

Narration: In addition to receiving classified information from outside sources, contractors may produce classified information internally. This process of generating new classified materials from already existing classified information is known as derivative classification.

For more information about the process, refer to the Derivative Classification e-Learning course offered by CDSE.

Contractors are required to properly safeguard any classified materials they generate, or derivatively classify, and implement an IMS which is capable of facilitating the retrieval and disposition of their classified holdings in a timely manner. Depending on the type of information, additional requirements may apply.

The NISPOM requires contractors to keep a formal record of any Top Secret material they receive or generate at their company. Contractors must follow guidance from the Central Office

Student Guide

of Record for entering any COMSEC material they generate into the accountability system. The NISPOM also contains guidance about generating and marking NATO materials.

Finally, contractors must properly mark all classified information they generate, or derivatively classify.

For more information about properly marking classified information, refer to the Marking Classified Information e-Learning course and the Marking in the Electronic Environment Short offered by CDSE.

Screen text: Derivative Classification

Required procedures:

  • Implement IMS to facilitate retrieval and disposition of classified holdings
  • Apply any special requirements based on the type of information: o Create a record of any Top Secret material (NISPOM 5-203) o Follow COR guidance for COMSEC material o Follow requirements for NATO documents (NISPOM 10-709)
  • Mark generated classified information properly

Selectable Button: MORE

COMSEC rollover text: Communications Security

COR rollover text: Central Office of Record

Derivative Classification rollover text: Incorporating, paraphrasing, restating, or generating in new form information that is already classified and marking the newly developed material consistent with the classification markings that apply to the source.

IMS rollover text: Information Management System

NATO rollover text: North Atlantic Treaty Organization

NISPOM rollover text: National Industrial Security Program Operating Manual

MORE popup text: Derivative Classification is the incorporating, paraphrasing, restating, or generating in new form information that is already classified and marking the newly developed material consistent with the classification markings that apply to the source information. Derivative classification includes the classification of information based on classification guidance. The duplication or

Student Guide

Review Activity 1

Screen text:

A person may be authorized to receive and sign for classified information if they are cleared to the level of the classified information they are receiving. o True o False

Only an authorized person may receive and sign for packages that may contain classified information. o True o False

All employees may pick up classified packages at a P.O. Box as long as they sign a form stating they will not open the package. o True o False

The designated document custodian must contact the sender immediately if there is no receipt in a CONFIDENTIAL package. o True o False

Answer Key

A person may be authorized to receive and sign for classified information if they are cleared to the level of the classified information they are receiving.  True o False

Only an authorized person may receive and sign for packages that may contain classified information.  True o False

All employees may pick up classified packages at a P.O. Box as long as they sign a form stating they will not open the package. o True  False

The designated document custodian must contact the sender immediately if there is no receipt in a CONFIDENTIAL package. o True  False

Student Guide

Review Activity 2

Screen text:

Formal accountability records of material generated within a facility are required for which classification level? o TOP SECRET o SECRET o CONFIDENTIAL

Answer Key

Formal accountability records of material generated within a facility are required for which classification level?  TOP SECRET o SECRET o CONFIDENTIAL

Lesson Summary

Narration: You have completed the Obtaining Classified Information lesson.

Screen text: You have completed “Obtaining Classified Information.”

Storing Classified Information

Objectives

Narration: In order to safely store classified information, there are various requirements that must be met, such as use of proper equipment and closed areas, locks, supplemental protection, and safeguarding procedures.

In this lesson, you will learn about the various requirements for the physical protection of classified material.

Screen text: Storing Classified Information

Lesson Objectives

  • Identify types of and requirements for using storage equipment and closed areas
  • Identify types of and procedures for using locking devices
  • Identify types of and guidelines for using supplemental protection
  • Identify the requirements for all possessing facilities

Student Guide

Whether new or used, all GSA-approved storage containers must have two labels affixed to them; a GSA test certification label on the side of the locking drawer and a GSA-approved security container label on the left-hand side of one of the upper drawers.

For used models, always ensure these two labels are affixed. And if the container has been repaired, you must also obtain the locksmith certification from the seller that the container’s integrity has not been impaired.

In the event that any of these storage containers is not operating correctly, there are special requirements about repairing them.

Screen text:

Selectable Buttons: MORE Repairs

GSA-approved storage containers:

  • Only storage method
  • Steel file container with built-in combination lock
  • Constructed to withstand specific hazards MORE
  • GSA establishes standards, specifications, and supply schedules
  • Various types and sizes
  • Required labeling: o GSA test certification label o GSA-approved security container label

GSA rollover text: General Services Administration

GSA test certification label rollover text: GSA test certification label:

  • Indicates class of security container
  • Class relates to delay afforded against forced, covert, or surreptitious entry
  • Only Class 5 and 6 containers are available new

GSA-approved security container label rollover text: GSA-approved security container label:

  • Verifies that container is GSA-approved
  • Color-coding: o Black: pre- o Red: post-1990 (container has a case-hardened locking drawer that requires a different method of neutralization and repair)

Student Guide

Types and sizes rollover text: Types/sizes of GSA-approved security containers:

  • 2–drawer, 4-drawer, 5-drawer
  • Legal size and letter size
  • Single, dual, or multi-lock
  • Map and plan containers

MORE popup: Look at these examples of integrity compromises and attacks on GSA security containers.

Security personnel should routinely inspect their security containers for hidden drilled holes and openings.

Repairs popup:

Narration: Repairs of storage containers must be completed by appropriately cleared or continuously escorted personnel who are specifically trained in approved methods of maintenance and repair of these containers.

In order to continue to be used to protect classified information, an approved security container must be restored to its original state of security integrity and have a signed and dated certification stating the method of repair used.

All repairs must follow Fed Standard 809, Neutralization and Repair of GSA Approved Containers and Vault Doors

Screen text:

Fed-STD-

Repairs for storage containers must: o Be done by cleared or escorted personnel o Be done using approved methods o Restore original security integrity to security containers o Result in a signed and dated certification

approved methods rollover text: Repair procedures may be obtained from the Cognizant Security Agency (CSA). A container that has been repaired using methods other than approved methods may no longer be used for storage of Secret information even with supplemental controls as of October 1, 2012.

FED-STD-809 rollover text: Neutralization and Repair of GSA Approved Containers and Vault Doors