Download SPēD SFPC Exam Study Notes and more Exams Nursing in PDF only on Docsity!
SPēD SFPC EXAM- All Areas Questions with
Accurate Answers. Download to Pass
Indicators of insider threats - Correct answer - 1. Failure to report overseas travel or contact with foreign nationals
- Seeking to gain higher clearance or expand access outside job scope
- Engaging in classified conversations without NTK
- Working inconsistent hours
- Exploitable behavior traits
- Repeated security violations
- Unexplainable affluence/living above one's means
- Illegal downloads of information/files Elements that should be considered in identifying Critical Program Information - Correct answer - Elements which if compromised could:
- cause significant degradation in mission effectiveness,
- shorten expected combat-effective life of system
- reduce technological advantage
- significantly alter program direction; or
- enable adversary to defeat, counter, copy, or reverse engineer technology/capability. Elements that security professional should consider when assessing and managing risks to DoD assets (risk management process) - Correct answer - 1. Assess assets
- Assess threats
- Assess Vulnerabilities
- Assess risks
- Determine countermeasure options
- Make RM decision The three categories of Special Access Programs - Correct answer - acquisition, intelligence, and operations & support Types of threats to classified information - Correct answer - Insider Threat, Foreign Intelligence Entities (FIE), criminal activities, cyber threats, business competitors The concept of an insider threat - Correct answer - An employee who may represent a threat to national security. These threats encompass potential espionage, violent acts against the Government or the nation, and unauthorized disclosure of classified information The purpose of the Foreign Visitor Program - Correct answer - To track and approve access by a foreign entity to information that is classified; and to approve access by a
foreign entity to information that is unclassified, related to a U.S. Government contract, or plant visits covered by ITAR. Special Access Program - Correct answer - A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level. Enhanced security requirements for protecting Special Access Program (SAP) information - Correct answer - Within Personnel Security:
- Access Rosters;
- Billet Structures (if required);
- Indoctrination Agreement;
- Clearance based on appropriate investigation completed within last 5/ years;
- Individual must materially contribute to program and have need to know (NTK);
- SAP personnel subject to random counterintelligence scope polygraph;
- Polygraph examination, if approved by the DepSecDef, may be used as a mandatory access determination;
- Tier review process;
- Personnel must have Secret or TS clearance;
- SF-86 must be current within one year;
- Limited Access;
- Waivers required for foreign cohabitants, spouses, and immediate family members. Within Industrial Security: The SecDef or DepSecDef can approve carve-out provision to relieve Defense Security Service of industrial security oversight responsibilities. Within Physical Security:
- Access Control;
- Maintain SAP Facility;
- Access Roster;
- All SAPs must have unclassified nickname/ Codeword (optional). Within Information Security:
- The use of HVSACO;
- Transmission requirements (order of precedence). Responsibilities of the Government SAP Security Officer/Contractor Program Security Officer (GSSO/ CPSO) - Correct answer - • Possess personnel clearance and Program access at least equal to highest level of Program classified information involved.
- Provide security administration and management for organization.
- Ensure personnel processed for access to SAP meet prerequisite personnel clearance and/or investigative requirements specified.
- Ensure adequate secure storage and work spaces.
- Ensure strict adherence to the provisions of NISPOM, its supplement, and the Overprint.
- When required, establish and oversee classified material control program for each SAP.
- When required, conduct an annual inventory of accountable classified material.
- When required, establish SAPF.
- Establish and oversee visitor control program.
- Monitor reproduction/duplication/destruction capability of SAP information
- Ensure adherence to special communications capabilities within SAPF.
- Provide for initial Program indoctrination of employees after access is approved; rebrief and debrief personnel
- Establish and oversee specialized procedures for transmission of SAP material to and from Program elements
- When required, ensure contractual specific security requirements are accomplished.
- Establish security training and briefings specifically tailored to unique requirements of SAP. The five Cognizant Security Agencies (CSAs) - Correct answer - Department of Defense (DoD), Director of National Intelligence (DNI), Department of Energy (DoE), Department of Homeland Security (DHS) and the Nuclear Regulatory Commission (NRC). Cognizant Security Agencies (CSA)s' role in the National Industrial Security Program (NISP). - Correct answer - Establish general industrial security programs and oversee/administer security requirements Primary authorities governing foreign disclosure of classified military information - Correct answer - 1. Arms Export Control Act
- National Security Decision Memorandum 119
- National Disclosure Policy-
- International Traffic in Arms Regulation (ITAR)
- E.O.s 12829, 13526
- Bilateral Security Agreements
- DoD 5220.22-M, "NISPOM," Factors for determining whether U.S. companies are under Foreign Ownership, Control or Influence (FOCI) - Correct answer - 1. Record of economic and government espionage against the U.S. targets
- Record of enforcement/engagement in unauthorized technology transfer
- Type and sensitivity of information that shall be accessed
- Source, nature and extent of FOCI
- Record of compliance with pertinent U.S. laws, regulations and contracts
- Nature of bilateral & multilateral security & information exchange agreements
- Ownership/control, in whole or part, by foreign government The purpose and function of the Militarily Critical Technologies List (MCTL). - Correct answer - 1. Serves as technical reference for development and implementation of DoD technology, security policies on international transfers of defense-related goods, services, and technologies as administered by the Director, Defense Technology Security Administration (DTSA).
- Formulation of export control proposals and export license review Security Infraction - Correct answer - Failure to comply with security requirements which cannot reasonably be expected to and does not result in loss, compromise, or suspected compromise of classified information DoD Manual 5200.01, Volumes 1-3 - Correct answer - Manual that governs DoD Information Security Program DoDI 5200.01 - Correct answer - Authorizes the publication of DoDM 5200.01 Vol 1-3, the DoD Information Security Program E.O. 13526 - Correct answer - Executive order that governs DoD Information Security Program ISOO 32 CFR Parts 2001 & 2003, "Classified National Security Information; Final Rule" - Correct answer - Provides guidance to all government agencies on classification, downgrading, declassification, and safeguarding of classified national security information Security Violation - Correct answer - Knowing, willful, or negligent action that results in or could be expected to result in loss, suspected compromise, or compromise of classified information Unauthorized Disclosure - Correct answer - Communication or physical transfer of classified or controlled unclassified information (CUI) to unauthorized recipient Three classification levels - Correct answer - TS - grave damage to national security S - serious damage to national security C - damage to national security Single Scope Background Investigation (SSBI) - Correct answer - For military, contractors, and civilians: · Critical/Special-Sensitive · TS, "Q" info, war-related plans, policymaking, revenue and funds, SCI, SAPs · Equivalent to Tier 5
Access National Agency Check with Inquiries (ANACI) - Correct answer - For civilians: · Noncritical-Sensitive positions · Confidential/Secret, "L" info, systems containing PII · Equivalent to Tier 3 National Agency Check with Local Agency and Credit Check (NACLC) - Correct answer - For military and contractors: · Noncritical-Sensitive · Confidential/Secret clearance eligibility · Equivalent to Tier 3 NACI - Correct answer - National Agency Check with Inquiries for civilians and contractors: · Non-Sensitive positions · Low Risk · HSPD-12 Credentialing National Agency Check (NAC) - Correct answer - The fingerprint portion of personnel security investigation (PSI) The purpose of due process in Personnel Security Program (PSP) - Correct answer - Ensures fairness by providing subject opportunity to appeal unfavorable adjudicative determination Personnel security program (PSP) security clearance eligibility process - Correct answer - 1. designation: check position responsibilities to validate need for investigation
- pre-investigation: initiate e-QIP, review for completeness/correctness, submit to DCSA (investigative entity)
- investigation: conduct based on risk/sensitivity level of position; conducted by DCSA (investigation results sent to DoDCAF)
- adjudication: evaluation of investigation report against 13 adjudicative guidelines (DoDCAF makes eligibility determination)
- reinvestigation/continuous evaluation: favorably adjudicated personnel reviewed to determine whether still eligible to maintain security clearance SF 312 Classified Information Non-Disclosure Agreement - Correct answer - Contractual agreement between the US Gov't and cleared employee that must be executed as a condition of access Agreement to never disclose classified information to an unauthorized person Procedures for initiating Personnel Security Investigations (PSIs) - Correct answer - 1. Validate need for investigation
- Initiate e-QIP
- Review Personnel Security Questionnaire (PSQ) for completeness
- Submit electronically to OPM T/F: Only U.S. citizens may be granted a security clearance. - Correct answer - True T/F: A security clearance guarantees that any individual will be granted access to classified information. - Correct answer - False. Individual must also have NTK and sign a SF 312. T/F: Any individual with an official need to know to conduct assigned duties will be granted a clearance. - Correct answer - False. The granting of a clearance is based on the favorable determination of an individual's integrity, loyalty, and trustworthiness by examining them against the 13 adjudicative guidelines. T/F: Non U.S. citizens are restricted from gaining access to classified. - Correct answer - False. While non-U.S. citizens are restricted from receiving security clearances, they can gain limited access to classified information through a Limited Access Authorization (LAA). Only goes up to Secret level (NOT TOP SECRET). T/F: Non-US citizens are restricted from receiving security clearances. - Correct answer - True. T/F: An individual must have a need for regular access to classified or sensitive information to establish a need for a security clearance. - Correct answer - True. T/F: Ease of movement within a facility is an acceptable justification for obtaining a security clearance. - Correct answer - False. Seeking ease of movement is not an acceptable justification for obtaining a security clearance. DoD position sensitivity types - Correct answer - 1. Critical/Special Sensitive--> TS
- Non-Critical Sensitive--> Confidential and Secret
- Non-Sensitive--> not national security positions T/F: Civilians in non-sensitive positions may receive security clearances. - Correct answer - False. Only individuals in sensitive positions receive security clearances. Investigative requirement for a Critical/Special-Sensitive position - Correct answer - Single scope background investigation (SSBI aka T5), SSBI-PR (T5R), or PPR Investigative requirement for a Non-Critical Sensitive position - Correct answer - ANACI or NACLC (T3) Revocation - Correct answer - When current security clearance eligibility determination is rescinded Denial - Correct answer - Initial request for security clearance eligibility is not granted
What is the purpose of the Statement of Reasons (SOR)? - Correct answer - Provide comprehensive and detailed written explanation of why preliminary unfavorable adjudicative determination was made. Can be appealed! The 13 Adjudicative Guidelines - Correct answer - 1. Allegiance to United States
- Foreign Influence
- Foreign Preference
- Sexual Behavior
- Personal Conduct
- Financial Considerations
- Alcohol Consumption
- Drug Involvement
- Psychological Conditions
- Criminal Conduct
- Handling Protected Information
- Outside Activities
- Use of Information Technology Systems Categories of approved classified material storage locations - Correct answer - Storage Containers
- Security containers (e.g., field safes, cabinets)
- Vaults (including modular vaults)
- Open storage area (secure area/secure room) Storage Facilities
- SCIF (SCI information)
- AA&E storage facility (arms, ammunition, and explosives)
- Nuclear storage facility (nuclear weapons) Construction requirements for vault doors - Correct answer - 1. Constructed of hardened steel
- Hung on non-removable hinge pins or with interlocking leaves.
- Equipped with a GSA-approved combination lock.
- Emergency egress hardware (deadbolt or metal bar extending across width of door). The purpose of intrusion detection systems - Correct answer - To deter, detect, and document unauthorized entry into secured areas The purpose of barriers - Correct answer - -Define physical limits of installation -Channel traffic -Impede access -Shield activities within installation from direct observation The purpose of an Antiterrorism Program - Correct answer - Protect DoD personnel, their families, installations, facilities, information, and other material resources from terrorist acts
Force Protection Condition (FPCONS) levels - Correct answer - Measures taken to protect personnel and assets from attack; issued by COCOMs and installation commanders/facility directors Levels: Normal, Alpha, Bravo, Charlie, Delta The concept of security-in-depth - Correct answer - Layered and complementary security controls sufficient to deter, detect, and document unauthorized entry and movement within installation/facility. e-QIP - Correct answer - System used to document personal information from Personnel Security Questionnaire Personnel Security Investigation (PSI) - Correct answer - The first phase of the security clearance process; used by DoD as standard for uniform collection of relevant and important background information about individual. JCAVS - Correct answer - A security manager uses this system to communicate with the DoD CAF JAMS - Correct answer - This sub-system (used by adjudicators) and JCAVS make up the JPAS/DISS system DISS - Correct answer - A DoD system of record for personnel security clearance information Scattered Castles - Correct answer - Intelligence Community (IC) Personnel Security Database that verifies personnel security access and visit certifications. Access - Correct answer - Occurs when individual has security eligibility, NTK, and a signed SF 312 (NDA); permitted to access classified information PSIs are used to determine the eligibility of an individual for ___________ or retention to sensitive duties. - Correct answer - Assignment True or False: The DoD CAF is the only authority who can grant an interim clearance. - Correct answer - False DoD CAF responsibilities - Correct answer - 1. Making adjudicative decisions by applying whole person concept
- A repository for investigative records
- Initiating special investigations Sensitive Duties - Correct answer - Duties that have a great impact on National Security
Continuous Evaluation/Vetting - Correct answer - Ongoing review of individual's background to determine whether they should continue to hold security clearance or not Reinvestigation - Correct answer - Periodic investigation conducted at predetermined intervals; CE supplements reinvestigations of all cleared personnel True - Correct answer - True or False: Special access requirements are designed to provide an additional layer of security to some of our nation's most valuable assets. True or False: There is no difference between a threat and a vulnerability. - Correct answer - False. Threats and vulnerabilities are related but distinct. Threats to national security exploit vulnerabilities. E.O. 12968 - Correct answer - The Executive Order (E.O.) that establishes a uniform Personnel Security Program DoD 5200.2-R - Correct answer - Implements and maintains the DoD personnel security policies and procedures USD(I) Memorandum, August 30, 2006 - Correct answer - Defines the Adjudicative Guidelines Scope - Correct answer - This refers to when adjudicators must ensure that an investigation meets the minimum timeframe and element requirements before reviewing the investigation. Administrative Judge - Correct answer - During due process, military and civilian personnel may request an in-person appearance before this individual. Termination Briefing - Correct answer - Given employment is terminated, clearance eligibility is withdrawn, or if individual will be absent from duty 60 days or more. Also given to those inadvertently exposed to classified information. Foreign Travel Briefing - Correct answer - Given to cleared personnel who plan to travel in or through foreign countries, or attend meetings attended by representatives of other countries. Refresher Briefing - Correct answer - Presented annually to personnel who have access to classified information or assignment to sensitive duties. Aims of Special Access Programs (SAPs) - Correct answer - 1. Protect technological breakthroughs
- Cover exploitation of adversary vulnerabilities
- Protect sensitive operational plans
- Reduce intelligence on U.S. capabilities
Protection Level - Correct answer - Communicates how SAP is acknowledged and protected Acknowledged SAP - Correct answer - Existence-openly recognized Purpose-identified Program details-classified Funding-generally unclassified Unacknowledged - Correct answer - Existence-protected Purpose-protected Program details-classified Funding-classified, unacknowledged, not directly linked to program Waived - Correct answer - Unacknowledged SAPs with waived reporting requirements; reporting and access controls are more restrictive 4 Phases of SAP Lifecycle - Correct answer - 1. Establishment (is extra protection warranted?)
- Management and Administration (continued need? processes followed?)
- Apportionment (proper measures in place? approval received)
- Disestablishment (program no longer needed?) Component-level SAP Central Offices - Correct answer - Manage and oversee list of SAP facilities Exist for each military component, the Joint Chiefs of Staff, Defense Advanced Research Projects Agency (DARPA), and Missile Defense Agency (MDA) Special Access Program Oversight Committee (SAPOC) - Correct answer - The final SAP approving body chaired by the Deputy Secretary of Defense; make final approval decision Senior Review Group (SRG) - Correct answer - Principal working-level body executing governance process. Make unanimous recommendation which is forwarded to DepSecDef for decision SAP Senior Working Group (SWG) - Correct answer - Coordinate, deconflict, and integrate SAPs DoD Special Access Central Office (SAPCO) - Correct answer - "One voice to Congress"/DoD SAP legislative liaison--> notifies Congress of SAP approval decision OSD-level SAP Central Offices - Correct answer - Exercise oversight for specific SAP category under their purview: Acquisition-Office of USD for Acquisition, Technology, and Logistics Intelligence-Office of USD for Intelligence Operations & Support-Office of USD for Policy
Authorization, Appropriations, and Intelligence Congressional - Correct answer - Congressional committees granted SAP access PIE-FAO - Correct answer - Personnel, information, equipment, facilities, activities, and operations Antiterrorism Officer (individual involved in PHYSEC) - Correct answer - Responsible for antiterrorism program CI Support (individual involved in PHYSEC) - Correct answer - Responsible for providing valuable information on the capabilities, intentions, and threats of adversaries OPSEC Officer (individual involved in PHYSEC) - Correct answer - Analyzes threats to assets and their vulnerabilities Physical Security Officer (individual involved in PHYSEC) - Correct answer - Management, implementation, and direction of all physical security programs Law Enforcement (individual involved in PHYSEC) - Correct answer - Must be integrated into intelligence gathering process; part of coordinating emergency responses and criminal incidents on a Federal installation Criticality - Correct answer - Determination based on asset's importance to national security and effect of loss Area Security - Correct answer - Security is geared towards protecting entire area of installation or facility Threat - Correct answer - Intention and capability of adversary to undertake detrimental actions Point Security - Correct answer - Security focused on resource itself Barrier Types - Correct answer - 1. Active-require action by personnel to permit entry
- Passive-effectiveness relies on bulk/mass; no moving parts
- natural-define boundaries and provide protection True or False: Site lighting is used to enable guard force personnel to observe activities inside or outside the installation - Correct answer - True True or False: Standby lighting is used when regular lighting is not available - Correct answer - False. Emergency lighting is used when regular lighting it not available. Standby lighting is activated by alarms or motion and operate as effective intruder deterrents.
Two-way radio - Correct answer - Assist in security; must always be back-up communication systems in addition to radios Intrusion Detection Systems (IDS) - Correct answer - Detect, deter, and document intrusion. DO NOT prevent. Sends signal through wires when triggered Closed Circuit Televisions (CCTV) - Correct answer - Has camera that captures visual image, converts image to video signal, and transmits image to remote location; provides video evidence and captures activity personnel may not have seen Automated access control systems - Correct answer - Allows biometric (e.g., fingerprints, hand geometry, iris scan) and non-biometric (e.g., card swipe reader, key system, pin) forms of identification Common Access Card (CAC) - Correct answer - Form of manual access control. Enables self-authentication on security websites and securely log into computer systems Mechanical combination lock - Correct answer - Form of built-in combination lock. Operated entirely by mechanical means. Combination only changed with key. Combination padlock - Correct answer - Permitted for securing confidential and secret info. May require supplemental controls. Electromechanical combination lock - Correct answer - Form of built-in combination lock. Permitted for securing classified info. Ex: X-07/08/09/10 and CDX-07/08/09/ Low security padlock - Correct answer - Key-operated padlock that has limited resistance to forced entry SCIF - Correct answer - A facility used by intelligence community to store SCI General Services Administration (GSA) - Correct answer - The governing authority to approve security containers Secure rooms - Correct answer - Areas designed and authorized for open storage of large volumes of classified information. Built to commercial construction standards and less secure than vault. Vaults - Correct answer - Open storage of large volumes of classified information. Constructed to meet strict forcible entry standards, including reinforced concrete on all walls, ceiling, and floor, plus a hardened steel gray doors with GSA labels. More secure than secure rooms. Terrorist threat levels - Correct answer - Analytical assessment of terrorist activity based on info about terrorist groups (operational capability, intentions, activity,
operational environment); issued by DIA for countries and COCOMs for geographic areas Levels: high, significant, moderate, low High terrorist threat level - Correct answer - 1. Anti-U.S. terrorists are operationally active
- Use large casualty-producing attacks as preferred method of operation
- Substantial DoD presence
- Operating environment favors terrorist Significant terrorist threat level - Correct answer - 1. Anti-U.S. terrorists are present
- Attack personnel or use large casualty-producing attacks as preferred method
- Limited operational activity
- Operating environment is neutral Moderate terrorist threat level - Correct answer - 1. Anti-U.S. terrorists are present
- No indications of anti-U.S. activity
- Operating environment favors host nation or U.S. Low terrorist threat level - Correct answer - No terrorist group is detected or terrorist group is non-threatening Physical security plan (PSP) - Correct answer - Comprehensive written plan providing appropriate and economical use of personnel and equipment to prevent/minimize criminal/disruptive activities. Should include special/general guard orders, access and material control, protective barrier/lighting systems, locks, and Intrusion Detection Systems (IDS) Defense Counterintelligence and Security Agency (DCSA) - Correct answer - Replaced Defense Security Service (DSS). Operates as cognizant security office (CSO) for DoD. Investigative service provider for DoD clearance suitability investigations and forward findings to DoDCAF. A contractor must adhere to the security rules of the __________ commander when working at a government installation - Correct answer - Installation National Industrial Security Program (NISP) - Correct answer - The program that covers protection of classified information by government contractors Chapter 8 of the NISPOM - Correct answer - If you are a government contractor working on a contractor-owned system at a contractor facility, you must follow the security provisions of this reference Facility security officer (FSO) responsibilities - Correct answer - *industry role
- Manage day-to-day security program operations at contractor facility (FCLs, PCLs, security education, safeguarding, reporting to government, self-inspections)
- Ensure compliance with NISP and contract documentation
- Work with DCSA to monitor classified info and educate personnel True or False: A SAP can retain security cognizance if necessary. - Correct answer - True. Contracting Officer - Correct answer - *Government role Enter into, administer, and/or terminate contracts Contracting Officer's Representative (COR) - Correct answer - *Government role
- assigned to specific contract
- communicate security requirements
- verify/sponsor FCL
- subject matter expert with regular contact with contractor Statement of Work (SOW) - Correct answer - Outlines project background and end- product objectives (what is to be completed as part of contract) DD Form 441: DoD Security Agreement - Correct answer - - Legally binding contract between government and contractor
- Contractor agrees to comply with NISPOM and acknowledge government review to ensure compliance
- Government agrees to process contractor PCLs and provide guidance/oversight (must be completed before work begins) DD Form 254: DoD Contract Security Classification Specification - Correct answer - Outlines security requirements and classification guidance (coordinated between contract knowledge, program knowledge, subject matter expert, and industrial/info security knowledge) A cleared individual can only have access at the _______ level as the facility clearance - Correct answer - Same For the purpose of a visit to another cleared facility, a clearance can be verified by looking in ________ - Correct answer - DISS The issuance of ________ is the responsibility of the DoD CAF - Correct answer - Eligibility Secret - Correct answer - Unauthorized disclosure of this information could reasonably be expected to cause serious damage to our national security. Top Secret - Correct answer - Unauthorized disclosure of this information could reasonably be expected to cause exceptionally grave damage to our national security.
Confidential - Correct answer - Unauthorized disclosure of this information could reasonably be expected to cause damage to our national security. Derivative Classification - Correct answer - Incorporating, paraphrasing, restating, or generating info already classified and marking newly developed material consistent with original source document The five requirements for Derivative Classification - Correct answer - 1. Observe and respect the OCA's original classification determination.
- Apply the required markings.
- Only use authorized sources.
- Use caution when paraphrasing. 5/ Always take the appropriate steps to resolve any doubt you have. Original Classification - Correct answer - Initial determination that information requires protection against unauthorized disclosure Compilation - Correct answer - Unclassified (or lower classified) information combined to create classified (or higher classified) information Contained in - Correct answer - Incorporating classified information from source document into new document and no additional analysis needed to determine classification Revealed by - Correct answer - Classified information that has been restated or paraphrased (not explicitly stated word-for-word) from source document but classification deduced from interpretation or analysis Original Classification Authority (OCA) - Correct answer - -Authorized to make initial classification determination -Request for OCA contains mission justification and position title -Delegated in writing by president to occupant of position, not to an individual by name -Not able to delegate further unless "acting" -Specifies highest level OCA can classify piece of information and their jurisdiction -OCA training -Demonstrable and continuing need for such authority at least 2x a year Security Classification Guides (SCG) - Correct answer - Preferred method of classification determination communication. Contains classification levels, downgrading and declassification instructions, and special handling requirements for programs, projects, plans, etc. 3 Types of Authorized Sources - Correct answer - 1. Security classification guide (SCG)
- properly marked source document
- DD Form 254
*when conflict is present, SCG always takes precedence 6 Step Original Classification Process - Correct answer - 1. Official (is info owned/produced/controlled by government?)
- Eligibility (does it fall into one of eight classification eligibility categories? are there prohibitions or limitations against classification? has info already been classified?)
- Impact (does unauthorized disclosure create potential for damage to national security?)
- Classification Level (confidential, secret, TS)
- Duration (downgrade? declassify?)
- Communication (via SCG or properly marked source document) 8 classification eligibility categories - Correct answer - 1. military plans/weapon systems/operations
- foreign government information (FGI)
- intelligence activities/sources/methods
- foreign relations/activities of U.S.
- scientific/technological/economic matters relating to national security
- programs for safeguarding nuclear materials/facilities
- vulnerabilities/capabilities of systems/installations/projects/plans relating to national security
- weapons of mass destruction (WMDs) classification prohibitions - Correct answer - 1. concealing violations of law, inefficiency, or administrative error
- preventing embarrassment
- restraining competition
- preventing/delaying release of information that does not require protection Declassification - Correct answer - Change in status from classified to unclassified Automatic declassification - Correct answer - Permanently Valuable Historical records are declassified 25 years from original classification date Systematic declassification review - Correct answer - Information exempt from automatic declassification is reviewed for possible declassification Mandatory Declassification Review (MDR) - Correct answer - Process for public to request review for declassification and public release of classified information Scheduled Declassification - Correct answer - OCA, at the time of original classification, sets date or event for declassification within 25 years Custodians - Correct answer - People who are in possession of, or who are otherwise charged with safeguarding classified information
Options an OCA has when determining declassification - Correct answer - Specific Date, Specific Event, or 50X1-HUM Exemption Restricted Data (RD) and Formerly Restricted Data (FRD) - Correct answer - - Concerns design, manufacture, and use of atomic weapons -Exempt from declassification date requirement
- Can ONLY be originally classified/declassified by Department of Energy Practices to follow when handling classified information - Correct answer - 1. Properly destroy preliminary drafts, worksheets, and other material after they have served their purpose
- Use approved secure communications circuits for telephone conversations to discuss classified information
- Follow proper procedures when copying classified information
- Use security forms such as SF 701 and SF 702 SF 702: Security Container Check Sheet - Correct answer - Record opening and closing of security container SF 701: Activity Security Checklist - Correct answer - End-of-the-day security checks SF 700: Security Container Information - Correct answer - Record identification info for each container and record combination Actual compromise - Correct answer - An unauthorized disclosure of classified information Neither confirm nor deny - Correct answer - If classified information appears in the public media, DoD personnel must be careful not to make any statement of comment that would confirm the accuracy or verify the classified status of the information Potential Compromise - Correct answer - The possibility of compromise could exist but it is not known with certainty DISA, Joint Interoperability Test Command (JITC) - Correct answer - This organization maintains a register of certified security digital facsimiles COMSEC - Correct answer - The protection resulting from the measures designed to deny unauthorized persons information of value that might be derived from the possession and study of telecommunications and to ensure the authenticity of such communications. Requires more stringent protection requirements When a document has been sealed within a properly marked inner wrapping you must... - Correct answer - Insert the inner wrapping into an outer wrapping
Marking for inner wrapper used for transportation of classified information - Correct answer - 1. recipient mailing address (include name of recipient)
- sender's address
- highest classification of document
- special markings Marking for outer wrapper used for transportation of classified information - Correct answer - 1. recipient mailing address (NO INDIVIDUAL NAMES)
- sender's address
- NO CLASSIFICATION MARKINGS When can secret information be sent via USPS express? - Correct answer - Only when it is the most effective means considering security, time, cost, and accountability What kind of information can never be sent via USPS? - Correct answer - Top Secret Methods to send confidential information - Correct answer - Defense Courier Service (DCS), cleared courier/escort, USPS First Class, USPS priority mail express, USPS registered mail, and USPS certified mail (plus others-refer to CDSE course IF107.16) Methods to send secret information - Correct answer - Defense Courier Service (DCS), cleared courier/escort, USPS registered mail, USPS priority mail express (plus others- refer to CDSE course IF107.16) Methods to send top secret information - Correct answer - ONLY 6 methods
- direct contact
- cryptographic systems
- Defense Courier Service (DCS)
- Department of State Courier Service
- DoD Component Courier Service
- Cleared courier/escort True or False: Hand carrying classified information should only be done as a last resort - Correct answer - True Responsibilities of couriers - Correct answer - 1. Ensure preparation of all documents (e.g., personal travel documents, inventory of classified materials [two copies: one for courier, one in security office], letter of authorization [for commercial air travel, one per flight])
- do not discuss material in public
- do not deviate from authorized travel schedule
- do not leave materials unattended/unsecured
- do not store material in unauthorized manner
- do not open material en-route
- can open package at customs (must be away from public view and must reseal package)
- protect material in case of emergency
- inventory material upon return
- ultimately: liable and responsible for materials When is a DD Form 2501 Courier Authorization Card issued? - Correct answer - When a continuing need is identified True or False: When someone is carrying classified information, written authorization is always required - Correct answer - True. Microfiche destruction method - Correct answer - Burned, shredded, destroyed with chemicals that destroy imprints Typewriter ribbon destruction method - Correct answer - Burned or shredded Floppy disk destruction method - Correct answer - Burned, overwritten, or demagnetized Document destruction method - Correct answer - Burned, shredded, or chemically decomposed of Videotape destruction method - Correct answer - Burned, shredded, or demagnetized Homeland Security Presidential Directive 12 (HSPD-12) - Correct answer - Requires government-wide development and implementation of standard for secure and reliable forms of identification for Federal employees and contractors. DoD 5200.08-R - Correct answer - Physical Security Program regulation Describe the following cyber security principles critical to the protection of information and information networks: least privilege, defense-in-depth, situational awareness. - Correct answer - Least privilege: The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function. Situational Awareness: Within a volume of time and space, the perception of an enterprise's security posture and its threat environment; the comprehension/meaning of both taken together (risk); and the projection of their status into the near future. Defense-in-depth: Security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization. National Security Council (NSC) - Correct answer - Provides overall policy direction for the Information Security Program
Information Security Oversight Office (ISOO) - Correct answer - -Oversee and manages information security program under guidance of NSC. -NSC provides overall policy direction -ISOO is the operating arm -Annual report to president about each agency's security classification program, analysis and reports Under Secretary of Defense for Intelligence USD(I) - Correct answer - Has primary responsibility for providing guidance, oversight, and approval authority of policies and procedures that govern DoD Information Security Program What is the Executive Order that designates the three levels of classified information? - Correct answer - EO 13526 Who has designated primary and direct responsibility for SAPS within the DoD? - Correct answer - Deputy Secretary of Defense (DepSecDef) How is classified information prepared for transit? - Correct answer - Minimize risk of accidental exposure and facilitate detection of tampering EO 12869 - Correct answer - Establishes National Industrial Security Program DoD 5220.22-M - Correct answer - National Industrial Security Program Operating Manual (NISPOM) What is net national advantage? - Correct answer - Information that is or will be valuable to the US either directly or indirectly What does critical program information include? - Correct answer - Both classified military information and controlled unclassified information Requirements for interim clearance - Correct answer - No need for immediate access, SF86 submitted, investigation opened by ISP, and all minimum requirements for interim eligibility satisfied This designation is applied to positions that include duties that require access to "Secret" information. - Correct answer - Non-critical sensitive This designation is applied to positions that include duties associated with special programs such as Special Access Programs (SAP) and SCI. - Correct answer - Special-sensitive Characteristics of each Force Protection Conditions (FPCONS) - Correct answer - Normal: general global threat of possible terrorist activity--> routine security posture (i.e., access control at all installations)
Alpha: increased general threat of possible terrorist activity against personnel/facilities; nature and extent unpredictable--> ALPHA measures must be capable of being maintained indefinitely Bravo: increased/more predictable threat or terrorist activity--> sustaining BRAVO measures may affect operational capability and military/civilian relationships Charlie: incident occurs or intelligence indicates some form of terrorist action is likely against personnel/facility---> sustaining CHARLIE measures may create hardship and affect activity of unit/personnel Delta: immediate area where terrorist attack has occurred of when intelligence indicates terrorist action against specific location/person is imminent (localized condition)--> not to be sustained for extended period of time