safeguarding classified - jsac-dfw.org classified.pdf · safeguarding classified matt blakley,...

Safeguarding Classified

Matt Blakley,

Industrial Security Representative

Irving, TX Field Office

Agenda

• Introduction

• Requirements (Highlights)

• Resources

• Questions

Introduction

• Typical education of a new FSO

– Essentials of Industrial Security (EISM)

– Protecting Secret and Confidential Documents (PSCD)

– FSO Program Management Course

• On the job training

• Questions:

– Your Industrial Security Representative

– Your Customer

– Your Peers (at JSAC, NCMS, ASIS, etc.)

Do we need to Safeguard?

• What are we going to be doing?

– 1st Look at level of classification. • Review DD 254

• Review Security Classification Guide (SCG)

– 2nd Requirements to meet that level.

– 3rd What is being safeguarded? • Documents, Manuals, CDs and DVDs

• Classified Information Systems (IS) – Unattended processing?

• Hardware

Do we need to Safeguard?

• What are we going to be doing?

– 1st Look at level of classification. • Review DD 254

• Review Security Classification Guide (SCG)

– 2nd Requirements to meet that level.

– 3rd What is being safeguarded? • Documents, Manuals, CDs and DVDs

• Classified Information Systems (IS) – Unattended processing?

• Hardware

Storage

Confidential Secret Top Secret

GSA Security Container Yes Yes Yes

with SP

Approved Vaults Yes Yes Yes

with SP

Closed Area Yes Yes Yes

with SP with SP

Sub-standard Containers Yes* Yes*

*Through 2012 with SP

GSA Approved Container

• Categorized by Class: – Class 2 through Class 7 Containers,

– Class 5 and Class 8 Vault Doors.

• Can currently only purchase new Class 5 containers.

• Used containers are out there. – Know what you are getting.

• Your Industrial Security Representative will review and approve your container prior to you being approved to safeguard classified! – Questions? Ask your IS Rep.

GSA Approved Container

• Two-drawer with X-09 lock:

GSA Approved Lock

• The X-09 lock for doors:

Supplemental Protection

• Guards

– Established prior to 1995

• 2 hour rounds for TS

• 4 hour rounds for Secret

• Intrusion Detection System (IDS)

– UL 2050

• Extent 3

• Line Security

Control and Accountability

• Information Management System (5-200)

– “…shall establish…”

– “…capable of facilitating such retrieval and

disposition in a reasonable period of time.”

Control and Accountability

of Top Secret Accountability for Top Secret (5-201)

– Annual inventory

– Continuous receipt system • Inside and outside the facility

– Numbered in series

• Generation of Classified Material (5-203) – Record of TS created or brought into accountability

• Witness to Destruction (5-706) – TS, two persons are required

– Record of destruction is required for TS

– Maintain the record for two-years

Transmission

• Double wrapped (5-401a)

• Receipt System (5-401b)

• Outside the facility, it depends on the level of classification. – Top Secret

• DCS, Courier, CSA-approved COMSEC.

– Secret

• TS methods plus:

– USPS Express Mail or USPS Registered Mail

– Cleared Commercial Carrier*

– Cleared Messenger Service

– CSA-Approved Commercial Delivery

– Confidential

• S methods plus:

– USPS Certified Mail

– Commercial Carrier

Reproduction

• How?

– If non-volatile memory, will be treated like an

information system (IS) and will need to be

formally accredited.

• Sanitization?

• White-paper?

– If no non-volatile memory (old school) no

formal accreditation is required.

Destruction

• NSA approved

– Shredders

– Pulverizers

Common Findings - 1

• STORAGE:

– Perimeter Controls (Failure to post a sign that

all are subject to inspection) (5-103)

– Emergency Procedures (5-104)

– Intrusion Detection System without “Line

Security” (5-904)

– End of Day Checks (5-102)

Common Findings - 2

• MARKING (4-208):

– Markings for Derivatively Classified Documents

• Derived From:

• Declassify On:

• Classified By:

Common Findings - 3

• RETENTION (5-701):

– Two-years from completion of contract*

– “I might need it someday…”

Resources

• NISPOM Chapter 5 – Associated Industrial Security Letters (ISLs)

• FSO Program Management Course, (EISM & PSCD) DSSA – www.enrol.dss.mil

• Websites – DoD Lock Program

• https://portal.navfac.navy.mil/go/locks

– GSA • http://www.gsa.gov

– UL • http://www.ul.com/

Questions?