Download Safeguarding Classified Information in the NISP and more Schemes and Mind Maps Construction in PDF only on Docsity!
Student Guide
Safeguarding Classified Information in the NISP
Course Introduction
Course Information
Narration: Welcome to the Safeguarding Classified Information in the National Industrial Security Program, or NISP, Course.
Screen text: Safeguarding Classified Information in the NISP
Course Information
Purpose: Provide a thorough understanding of the requirements for safeguarding classified material in the NISP as delineated in the National Industrial Security Program Operating Manual (NISPOM)
Audience:
- Contractor Facility Security Officers
- Security staff of cleared DoD contractors participating in the NISP
- DSS Industrial Security Representatives
- DoD Industrial Security Specialists
Pass/Fail: 75% on final examination
Estimated completion time: 150 minutes
Course Resources
Course Overview
Narration: Safeguarding classified information is imperative for our national security.
Safeguarding classified information means being able to securely receive, use, store, transmit, reproduce, and appropriately dispose of classified information either generated by or entrusted to your company.
Requirements for safeguarding classified information in the NISP are stated in DoD 5220.22-M, the National Industrial Security Program Operating Manual, or NISPOM.
In this course, you will learn about the measures you and your company must take to ensure that classified information is protected from loss or compromise. Screen text:
Student Guide
Safeguard classified information when:
- Receiving
- Using
- Storing
- Transmitting
- Reproducing
- Disposing
For more information see NISPOM Chapter 5: Safeguarding Classified Information
Course Objectives
Screen text:
Course Objectives:
- Identify the general requirements for safeguarding classified information
- Identify the requirements for control and accountability of classified information
- Identify options and requirements for storage of classified information
- Identify requirements for disclosure of classified information
- Identify requirements for reproduction of classified information
- Identify requirements for disposition of classified information
Course Structure
Screen text:
Lessons
- Course Introduction
- Basic Concepts
- Obtaining Classified Information
- Storing Classified Information
- Using Classified Information
- Reproducing Classified Information
- Disposition of Classified Information
- Practical Exercise
- Course Conclusion
Student Guide
TOP SECRET rollover text: The classification level applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe.
Forms of Classified Information
Narration: All forms of classified information must be protected. Forms of classified information include classified finished or final documents, both paper-based and electronic, classified working papers, classified waste, and classification-pending material.
Classified working papers are documents that are generated in the preparation of a finished document.
Classified waste is classified information that is no longer needed and is pending destruction.
Classification-pending documents are documents that require a classification determination from the Government Contracting Activity, or GCA. These documents must be safeguarded in accordance with the proposed highest classification level until guidance is received from the GCA.
Throughout this course you will learn the safeguarding requirements for each of these types of classified information.
Screen text: You must safeguard all forms of classified information!
Classified Documents Working Papers Classified Waste Classification-Pending Documents Electronic Documents and Media
Disclosure to Authorized Persons
Narration: You must ensure that classified information is disclosed only to authorized persons. An authorized person is someone who has a need-to-know for classified information in the performance of official duties and who has been granted a personnel clearance at the required level.
So you are only authorized to disclose classified information to your cleared employees, to another cleared contractor or sub-contractor, to a cleared parent company or subsidiary, within a multiple facility organization, or MFO, to DoD activities, or to Federal agencies when their access is necessary for the performance of tasks or services essential to the fulfillment of a classified contract, prime contract, or subcontract.
Student Guide
Note that disclosure of classified information may be done in oral form. This will be discussed later in the course.
Screen text:
Disclose classified information to:
- Authorized persons who have: o Need-to-know o Personnel clearance (PCL)
- Authorized persons who are: o Cleared employees o Cleared contractors o Cleared sub-contractors o Cleared parents or subsidiaries
- Cleared facilities of a multiple facility organization (MFO)
- DoD activities
- Federal agencies
- Fulfill the requirements of a: o Classified contract o Prime contract o Subcontract
Authorized persons rollover text: A person who has a need-to-know for classified information in the performance of official duties and who has been granted a personnel clearance (PCL) at the required level.
Classified contract rollover text: Any contract requiring access to classified information by a contractor or his or her employees in the performance of the contract. A contract may be a classified contract even though the contract document is not classified. The requirements prescribed for a “classified contract” also are applicable to all phases of the pre-contract activity.
Cleared contractor’s rollover text: To become a cleared contractor, a company must obtain a Facility Clearance (FCL) which is an administrative determination that, from a security viewpoint, a company is eligible for access to classified information of a certain category (and all lower categories).
Multiple facility organization rollover text: A multiple facility organization (MFO) is a legal entity (single proprietorship, partnership, association, trust, or corporation) composed of two or more contractor facilities.
Personnel clearance (PCL) rollover text: A personnel clearance (PCL) is an administrative determination that an individual is eligible, from a security point of view, for access to classified information of the same or lower category as the level of the
Student Guide
Information Management System
Narration: Contractors are required to establish an information management system to protect and control the classified information in their possession. The purpose of this requirement is to ensure that you have the capability to retrieve classified information when it is necessary and to ensure the appropriate disposition of classified information in a reasonable period of time.
The information management system may be in the form of an electronic database or as simple as a spreadsheet or log. You merely have to demonstrate capability for timely retrieval of classified information within the company and the capability to dispose of any and all classified information in the facility’s possession when required to do so.
Screen text:
Information management system:
- Protect and control classified information o Retrieve information o Ensure disposition
- No specific format required o Electronic database o Spreadsheet o Log
- Timely retrieval and disposal of classified information is required
Top Secret Accountability
Narration: Access and accountability records must be kept at various points in the Top Secret information lifecycle.
When Top Secret information is produced by a contractor, a record must be kept indicating when the finished document was completed, when the information is retained for more than 180 days regardless of its stage of development, or when it is transmitted inside or outside the facility.
For more information about transmitting outside the facility, refer to the Transmission and Transportation for Industry e-Learning course offered by the Center for Development of Security Excellence, or CDSE.
Each TOP SECRET item must be numbered in a series and the copy number must be placed on TOP SECRET documents and all associated transaction documents. Top Secret control officials must be designated to receive, transmit, and maintain access and accountability records for Top Secret information. An inventory must be conducted annually unless a written exception is obtained from the GCA.
Screen text:
Student Guide
Records must be kept for TOP SECRET information produced by a contractor when:
- Finished document is completed
- Information is retained for more than 180 days
- Information is transmitted inside or outside the facility
Other requirements:
- Top Secret control officials must be designated to receive, transmit, and maintain access and accountability records
- Conduct annual inventory unless a written exception is obtained from the GCA
Callout text: Transmission and Transportation for Industry Course (IS107.16)
Review Activity 1
Screen text:
All classified information should be afforded the same level of protection regardless of the classification level of the information. o True o False
Classified waste must be safeguarded until it is destroyed. o True o False
Contractors are required to establish an information management system to protect and control classified information in their possession. o True o False
All classified information must be numbered in a series. o True o False
Answer Key: All classified information should be afforded the same level of protection regardless of the classification level of the information. o True False
Classified waste must be safeguarded until it is destroyed. True o False Contractors are required to establish an information management system to protect and control classified information in their possession.
Student Guide
Obtaining Classified Information
Objectives
Narration: Contractors can obtain classified information either by receiving it from the government or another cleared contractor, or by generating it internally. In this lesson you will learn about the guideline’s contractors must follow in obtaining classified information.
Screen text: Obtaining Classified Information
Lesson Objectives:
- Identify the contractor’s responsibilities and procedures in receiving classified information
- Identify the contractor’s responsibilities and procedures in generating classified or derivatively classifying information
Clearance of Receiving Individual
Narration: Classified material coming into a facility must be received directly by authorized personnel, whether it’s in the form of a package, envelope, fax, email, or phone call.
An authorized person means a cleared person who has been assigned this duty and, therefore, has a need-to-know. This means that the individual who picks up the mail or accepts deliveries from the U.S. Postal Service or commercial delivery companies approved for transmitting classified material must be cleared to the level of the classified material expected to be received by the contractor.
All employees who are authorized to receive or sign for U.S. Registered or U.S. Express mail must have Secret clearances. Likewise, employees who are authorized to receive or sign for U.S. Certified Mail must have CONFIDENTIAL clearances. If the person who normally accepts deliveries is not cleared, that individual must call the Facility Security Officer, or FSO, or other cleared person to sign for packages that require signatures.
If no cleared employee is available, the uncleared person must refuse the package. This is true even if the uncleared person does not have any intention of ever opening the package. In the case of delivery to a P.O. Box, an authorized person must go to the post office, unlock the post office box, sign for its contents when a signature is required, and bring the classified information directly back to the facility.
For more information on authorized methods for transporting and transmitting classified information, refer to the Transmission and Transportation for Industry e-Learning course offered by the Center for Development of Security Excellence, or CDSE.
Screen text:
Student Guide
Classified Information must be:
- Received directly by an authorized person who: o Has a need-to-know o Is cleared to the level of the classified material
- Refused if an authorized person is not available to receive the package
- Picked up and signed for by an authorized person, if delivered to a P.O. Box
To sign for packages that arrive via:
Clearance required:
U.S. Registered Mail U.S. Express Mail
SECRET
U.S. Certified Mail CONFIDENTIAL
Handling Upon Receipt
Narration: Once a Registered or Certified package has been received by an authorized person, he or she should examine the outer package for evidence of tampering. If the receiver suspects tampering, the Facility Security Officer, or FSO, should be immediately notified.
The FSO or another cleared employee that the FSO has delegated the responsibility to perform these duties should first determine if the package contains classified information by inspecting the inner package.
If it does contain classified information and the inner package has been tampered with, then the FSO or designee must conduct an inquiry and determine whether a loss, compromise or suspected compromise of classified information in accordance with the NISPOM had occurred. If a loss, compromise or suspected compromise has occurred, the FSO must notify both the sender and their Cognizant Security Office, or CSO.
If the receiver does not suspect any tampering on the outer package, they must immediately turn the package over to the designated document custodian, who may be the FSO or the FSO’s designee for processing. If the designated custodian is not able to open and process the package at that time, it must be protected as if it were classified until it is opened and a classification determination is made.
When the designated custodian opens and processes the package, the inner package should also be inspected for evidence of tampering.
If tampering is detected, the FSO or designee must conduct an inquiry and determine whether a loss, compromise or suspected compromise of classified information in accordance with the NISPOM had occurred. If a loss, compromise or suspected compromise has occurred, the FSO must notify both the sender and their CSO.
Student Guide
IMS rollover text: Information Management System
JPAS rollover text: Joint Personnel Adjudication System
N-T-K rollover text: Need-to-know
tampering rollover text: Tampering is a deliberate attempt to gain illegal or unauthorized access to the contents of a shipment.
TS/S rollover text: Top Secret/Secret
From Commercial Carriers
Narration: When a shipment is received via a cleared commercial carrier, usually a trucking firm, the sender notifies the recipient in advance as to when the shipment is to be expected. If the shipment is not received within 48 hours after the expected time of arrival, the recipient must contact the sender immediately.
For more detailed information, refer to the Transmission and Transportation for Industry e- Learning course offered by CDSE.
Screen text:
When packages are received via cleared commercial carriers:
- Sender notifies recipient of expected arrival date
- Recipient notifies sender if package not received within 48 hours of expected date
Derivatively Classified Material
Narration: In addition to receiving classified information from outside sources, contractors may produce classified information internally. This process of generating new classified materials from already existing classified information is known as derivative classification.
For more information about the process, refer to the Derivative Classification e-Learning course offered by CDSE.
Contractors are required to properly safeguard any classified materials they generate, or derivatively classify, and implement an IMS which is capable of facilitating the retrieval and disposition of their classified holdings in a timely manner. Depending on the type of information, additional requirements may apply.
The NISPOM requires contractors to keep a formal record of any Top Secret material they receive or generate at their company. Contractors must follow guidance from the Central Office
Student Guide
of Record for entering any COMSEC material they generate into the accountability system. The NISPOM also contains guidance about generating and marking NATO materials.
Finally, contractors must properly mark all classified information they generate, or derivatively classify.
For more information about properly marking classified information, refer to the Marking Classified Information e-Learning course and the Marking in the Electronic Environment Short offered by CDSE.
Screen text: Derivative Classification
Required procedures:
- Implement IMS to facilitate retrieval and disposition of classified holdings
- Apply any special requirements based on the type of information: o Create a record of any Top Secret material (NISPOM 5-203) o Follow COR guidance for COMSEC material o Follow requirements for NATO documents (NISPOM 10-709)
- Mark generated classified information properly
Selectable Button: MORE
COMSEC rollover text: Communications Security
COR rollover text: Central Office of Record
Derivative Classification rollover text: Incorporating, paraphrasing, restating, or generating in new form information that is already classified and marking the newly developed material consistent with the classification markings that apply to the source.
IMS rollover text: Information Management System
NATO rollover text: North Atlantic Treaty Organization
NISPOM rollover text: National Industrial Security Program Operating Manual
MORE popup text: Derivative Classification is the incorporating, paraphrasing, restating, or generating in new form information that is already classified and marking the newly developed material consistent with the classification markings that apply to the source information. Derivative classification includes the classification of information based on classification guidance. The duplication or
Student Guide
Review Activity 1
Screen text:
A person may be authorized to receive and sign for classified information if they are cleared to the level of the classified information they are receiving. o True o False
Only an authorized person may receive and sign for packages that may contain classified information. o True o False
All employees may pick up classified packages at a P.O. Box as long as they sign a form stating they will not open the package. o True o False
The designated document custodian must contact the sender immediately if there is no receipt in a CONFIDENTIAL package. o True o False
Answer Key
A person may be authorized to receive and sign for classified information if they are cleared to the level of the classified information they are receiving. True o False
Only an authorized person may receive and sign for packages that may contain classified information. True o False
All employees may pick up classified packages at a P.O. Box as long as they sign a form stating they will not open the package. o True False
The designated document custodian must contact the sender immediately if there is no receipt in a CONFIDENTIAL package. o True False
Student Guide
Review Activity 2
Screen text:
Formal accountability records of material generated within a facility are required for which classification level? o TOP SECRET o SECRET o CONFIDENTIAL
Answer Key
Formal accountability records of material generated within a facility are required for which classification level? TOP SECRET o SECRET o CONFIDENTIAL
Lesson Summary
Narration: You have completed the Obtaining Classified Information lesson.
Screen text: You have completed “Obtaining Classified Information.”
Storing Classified Information
Objectives
Narration: In order to safely store classified information, there are various requirements that must be met, such as use of proper equipment and closed areas, locks, supplemental protection, and safeguarding procedures.
In this lesson, you will learn about the various requirements for the physical protection of classified material.
Screen text: Storing Classified Information
Lesson Objectives
- Identify types of and requirements for using storage equipment and closed areas
- Identify types of and procedures for using locking devices
- Identify types of and guidelines for using supplemental protection
- Identify the requirements for all possessing facilities
Student Guide
Whether new or used, all GSA-approved storage containers must have two labels affixed to them; a GSA test certification label on the side of the locking drawer and a GSA-approved security container label on the left-hand side of one of the upper drawers.
For used models, always ensure these two labels are affixed. And if the container has been repaired, you must also obtain the locksmith certification from the seller that the container’s integrity has not been impaired.
In the event that any of these storage containers is not operating correctly, there are special requirements about repairing them.
Screen text:
Selectable Buttons: MORE Repairs
GSA-approved storage containers:
- Only storage method
- Steel file container with built-in combination lock
- Constructed to withstand specific hazards MORE
- GSA establishes standards, specifications, and supply schedules
- Various types and sizes
- Required labeling: o GSA test certification label o GSA-approved security container label
GSA rollover text: General Services Administration
GSA test certification label rollover text: GSA test certification label:
- Indicates class of security container
- Class relates to delay afforded against forced, covert, or surreptitious entry
- Only Class 5 and 6 containers are available new
GSA-approved security container label rollover text: GSA-approved security container label:
- Verifies that container is GSA-approved
- Color-coding: o Black: pre- o Red: post-1990 (container has a case-hardened locking drawer that requires a different method of neutralization and repair)
Student Guide
Types and sizes rollover text: Types/sizes of GSA-approved security containers:
- 2–drawer, 4-drawer, 5-drawer
- Legal size and letter size
- Single, dual, or multi-lock
- Map and plan containers
MORE popup: Look at these examples of integrity compromises and attacks on GSA security containers.
Security personnel should routinely inspect their security containers for hidden drilled holes and openings.
Repairs popup:
Narration: Repairs of storage containers must be completed by appropriately cleared or continuously escorted personnel who are specifically trained in approved methods of maintenance and repair of these containers.
In order to continue to be used to protect classified information, an approved security container must be restored to its original state of security integrity and have a signed and dated certification stating the method of repair used.
All repairs must follow Fed Standard 809, Neutralization and Repair of GSA Approved Containers and Vault Doors
Screen text:
Fed-STD-
Repairs for storage containers must: o Be done by cleared or escorted personnel o Be done using approved methods o Restore original security integrity to security containers o Result in a signed and dated certification
approved methods rollover text: Repair procedures may be obtained from the Cognizant Security Agency (CSA). A container that has been repaired using methods other than approved methods may no longer be used for storage of Secret information even with supplemental controls as of October 1, 2012.
FED-STD-809 rollover text: Neutralization and Repair of GSA Approved Containers and Vault Doors
