Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Information taken from an existing classified

14/10/2021 Client: muhammad11 Deadline: 2 Day

Computer Security

Student Guide

Course: Derivative Classification

Lesson: Course Introduction

Course Information

Purpose Provide a thorough understanding of the responsibilities associated with derivative classification and the procedures to follow to correctly derivatively classify documents.

Audience Military, civilian, and contractor personnel responsible for oversight or application of derivative classification.

POC GeneralSecurity.Training@dss.mil Pass/Fail % 75%

Estimated completion time

120 minutes

Course Overview

In the course of working with classified information, individuals sometimes generate or create new documents and materials based on that information. These individuals are responsible for maintaining the protection of that classified information. These individuals are called derivative classifiers. They must carefully analyze their work product to determine what classified information it contains or reveals, and evaluate that information against official classification guidance.

Based on that evaluation, derivative classifiers must ensure that the information in the new material is identified as classified by applying the appropriate markings to the material. This process of determining whether information has been previously classified and properly marking it is called derivative classification.

Derivative classifiers need to understand what their responsibilities are, what processes to follow, and what resources to consult to safeguard information that, if revealed, could cause damage to the national security.

mailto:GeneralSecurity.Training@dss.mil
Derivative Classification Course Introduction

Student Guide

Course Objectives

• Identify the responsibilities associated with derivatively classifying information

• Identify the process and methods for derivatively classifying information

• Identify authorized sources to use when derivatively classifying information

• Applying authorized sources, derivatively classify information based on the concepts of "contained in,” "revealed by,” and "compilation"

Lessons in the Course

• Course Introduction

• Derivative Classification Basics

• Classification Concepts

• Practical Exercise

• Course Conclusion

Page 2

Student Guide

Course: Derivative Classification

Lesson: Derivative Classification Basics

Introduction

Because protecting classified information from improper disclosure is so critical, there are responsibilities and procedures to follow when using classified information to create new documentation. You must be familiar with these responsibilities and procedures as well as where to go for guidance so you can successfully implement and execute them at your activity or facility.

Lesson Objectives

• Define derivative classification

• Identify the requirement for and importance of derivative classification

• Identify who will have derivative classification responsibilities and the requirements he or she must meet

• Identify the steps involved in the derivative classification process

• Identify authorized sources to use when derivatively classifying information

Derivative Classification Overview

1. What is Derivative Classification?

The initial decision about what information should be classified is called original classification. Because this is a very important, sensitive decision, the Government has granted only a limited number of government officials the authority to perform original classification.

Derivative classification is different. It is the process of using existing classified information to create new material, and marking that newly-developed material consistent with the classification markings that apply to the source information. Copying or duplicating existing classified information is not derivative classification.

Whereas only authorized government officials can perform original classification, no specific delegation of authority is required to be a derivative classifier. In fact, all cleared DoD and authorized contractor personnel who generate or create material from classified sources are derivative classifiers.

Like original classification, derivative classification has far-reaching effects on the Department of Defense and industry. Classifying information helps protect our national security. It limits access to only those individuals with the appropriate clearance level

Derivative Classification Derivative Classification Basics

Student Guide

and a legitimate need to know the information. Classification also impacts resources; it imposes costs for things like security clearances, physical security measures, and countermeasures. Because of the importance of classification, but also its inherent limitations and costs, it is crucial that derivative classifiers follow appropriate procedures and observe all requirements.

2. Derivative Classification Responsibilities

In general, derivative classifiers are responsible for ensuring that they apply the highest possible standards when derivatively classifying information. Derivative classifiers who generate new products bear the principal responsibility for the accuracy of the derivative classification. For this reason, it is important to follow DoD policy requirements.

Derivative classifiers have a variety of responsibilities they must meet in order to properly perform derivative classification. First, they must understand derivative classification policies and procedures. Before derivative classification can be accomplished, the classifier must have received the required training. Training must be accomplished in the proper application of the derivative classification principles of as specified in EO 13526, as well as emphasizing the avoidance of over-classification. At a minimum, the training shall cover the principles of derivative classification, classification levels, duration of classification, identification and markings, classification prohibitions and limitations, sanctions, classification challenges, security classification guides, and information sharing. Personnel shall receive this training prior to derivatively classifying information. In addition to this preparatory training, derivative classifiers shall receive such training at least once every two years. Derivative classifiers who do not receive such mandatory training at least once every two years shall have their authority to apply derivative classification markings suspended until they have received such training. They must also have expertise in the subject matter on which they are creating documentation, as well as on classification management and marking techniques. Derivative classifiers must also have access to classification guidance. This helps meet the responsibility of analyzing and evaluating information to identify elements that require classification.

The most important responsibilities derivative classifiers have is to observe and respect the original classification authority’s decision and to use only authorized sources to determine derivative classification.

The information in boxes like the one below is supplemental content that you may find useful; however, it will not be addressed in the course examination.

To understand derivative classification policies and procedures:

• Complete the online course: Derivative Classification • Complete the Marking Classified Information online training course offered by CDSE • Consult DoDM 5200.01, Volumes 1-4 and/or DoD 5220.22-M • Contact your government security official or Facility Security Officer (FSO)________

3. Policy Guidance

There are two primary sources of policy guidance for derivative classification.

Page 2

Derivative Classification Derivative Classification Basics

Student Guide

Within the Department of Defense, DoDM 5200.01, Volumes 1-4, Information Security Program, provides the basic guidance and regulatory requirements for the Department of Defense Information Security Program. For industry, DoD 5220.22-M, the National Information Security Program Operating Manual (NISPOM) contains information on derivative classification responsibilities.

How Does Derivative Classification Work?

1. Derivative Classification Concepts

So how do you determine whether the information contained in a new product is classified? As a derivative classifier, you are responsible for checking whether the content of the information already exists in one of the acceptable forms of classification guidance. If the guidance tells you the information in your new product is classified, you must classify and treat it as such. Note that for derivative classification purposes, the term "document" refers to any physical medium in or on which information is recorded or stored. This includes written or printed matter, audiovisual materials, and electromagnetic storage media. Let's take a closer look at these authorized sources for derivative classification.

2. Authorized Sources fo r Derivative Classification

To ensure that the original classification of information is maintained, derivative classifiers must use only authorized sources of classification guidance to derivatively classify information. While it might be tempting, derivative classifiers must not rely on their memories or general rules about classification.

There are only three authorized sources for derivative classification. The first source is a Security Classification Guide (SCG). An SCG is a collection of precise, comprehensive guidance about a specific program, system, operation, or weapon system telling what elements of information are classified. For each element of information, the SCG includes its classification level, the reasons for that classification, and information about when that classification will be downgraded or terminated. For this reason, SCGs are the primary source for derivative classification.

A second authorized source is an existing, properly marked source document from which information is extracted, paraphrased, restated, and/or generated in a new form for inclusion in another document. You must carry the classification of that existing material forward into your new end product.

The third authorized source is the DD Form 254, the DoD Contract Security Classification Specification. DD Form 254 provides classification guidance to contractors performing on classified contracts. It informs them of the level of information they will need to access, the required level of security clearance for access, and the performance requirements; for example, safeguarding and special security requirements.

These three sources are the only authorized sources for derivative classification. Any other source is unauthorized, and must not be used as the basis for derivative classification. Some examples of such unauthorized sources appear in the box below:

Page 5

Derivative Classification Derivative Classification Basics

Student Guide

Examples of unauthorized sources of classification:

0 Memory: "I remember that project was classified Secret 5 years ago, so it must be Secret now."

0 Unconfirmed source: "Someone told me this document can be declassified."

0 Just because: "I am going to classify this document Top Secret because that is how we have always done it."

0 Media/Internet: "I saw it on the news last night so it must be declassified."________

3. Process Overview

Derivative classifiers must carefully analyze the material they are classifying to determine what information it contains or reveals, and evaluate that information against the instructions provided by the classification guidance or the markings on source documents.

To perform that evaluation, derivative classifiers may use only authorized sources of guidance about the classification of the information in question.

If the authorized sources do not provide sufficient guidance, you may need to refer to other officials, such as the Security Manager or Original Classification Authority for DoD personnel, or the Facility Security Officer or Government Contracting Authority for contractors. Your chain-of-command or appropriate reporting channels will provide specific guidance about who you should consult.

In addition to assigning the appropriate classification level to information, derivative classifiers are also responsible for carrying forward guidance about when the classification of that information may be downgraded, and when it may be declassified altogether. This is an important part of the derivative classification task.

Every time information is classified, a determination must be made regarding how long the information will be protected. This is an essential part of the classification and declassification process. For derivatively classified information, the classifier must specify one of the following on the "Declassify on" line:

1. A specific date or event for declassification, within 25 years of the document’s origin; or

2. Absent a declassification instruction or other declassification guidance from the OCA, a calculated date 25 years from the date of the document’s origin; or

3. 25X1 through 25X9, and a specific date or event for declassification taken from the source document; or

4. 50X1-HUM or 50X2-WMD (Does not require a date or event for declassification)

5. An approved 75-year exemption (i.e., 75X2 through 75X9) with date or event for declassification

Page 4

Derivative Classification Derivative Classification Basics

Student Guide

Finally, once you have determined the derivative classification of the new material, you are responsible for marking it appropriately.

For information on marking, refer to DoDM 5200.01, Volumes 1-4, Information Security Program, and the Marking Classified Information web-based training course offered by the DSS CDSE.

Review Activity

Question 1

Which of the following is NOT a function of derivative classification? Select the best answer.

O Creating new classified materials from properly marked, existing classified source materials and marking them accordingly

O Making an initial determination that information requires protection against unauthorized disclosure in the interest of national security

O The process of extracting, paraphrasing, restating, or generating in a new form, information that is already classified

O Carrying forward the correct classification level for classified information used to generate new materials or documents

Question 2

Which of the following are authorized sources for derivative classification? Select all that apply.

□ Security Classification Guides (SCG) □ DoD 5220.22-M (NISPOM) □ Your level of expertise with the content □ DoDM 5200.01, Volumes 1-4 (Information Security Program) □ A properly marked classified source document □ DD Form 254 (Department of Defense Contract Security Classification

Specification) □ The Facility Security Officer (Industry) or Security Manager (DoD)

Page 5

Derivative Classification Derivative Classification Basics

Student Guide

Question 3

Select True or False for each statement.

True False Photocopying a Secret document and marking the photocopy Secret is derivative classification. O O

Only government officials may perform derivative classification. O O

Consulting your FSO or security manager is always the first step in the derivative classification process. O O

Derivative classifiers are responsible for analyzing and evaluating information to identify elements that require classification. O O

Lesson Conclusion

In this lesson, you learned about the importance of derivative classification and how it is different from original classification. You also learned about the responsibilities of derivative classifiers. You learned about the three authorized sources for derivatively classifying information, and you learned the basic process for derivatively classifying information.

Page 6

Derivative Classification Derivative Classification Basics

Student Guide

Answer Key

Question 1

Making an initial determination that information requires protection against unauthorized disclosure in the interest of national security describes original classification, not derivative classification.

Derivative classification involves all of the other listed activities: • Creating new classified materials from properly marked, existing classified

source materials and marking them accordingly • The process of extracting, paraphrasing, restating, or generating in a new form,

information that is already classified • Carrying forward the correct classification level for classified information used to

generate new materials or documents

Question 2

The only authorized sources for derivative classification are SCGs, properly marked classified source materials, and DD Form 254.

Question 3

True False Photocopying a Secret document and marking the photocopy Secret is derivative classification. o

Only government officials may perform derivative classification. o •

Consulting your FSO or security manager is always the first step in the derivative classification process. o

Derivative classifiers are responsible for analyzing and evaluating information to identify elements that require classification.

• o

Page 7

Classification Markings in This Document Are for Training Purposes Only

Student Guide

Course: Derivative Classification

Lesson: Classification Concepts

Introduction

Government and contractor personnel who extract, paraphrase, restate, or generate classified information in a new form are derivatively classifying the new content. When information is clearly identified as classified, it is marked as Top Secret, Secret, or Confidential. However, there are times in the derivative classification process when the classification of information is not clearly stated or obvious. This does not mean that the information is unclassified. Derivative classifiers must carefully analyze the material they are classifying to determine the information it contains or reveals and evaluate that information against authorized classification guidance.

Lesson Objectives

• Define and distinguish the differences in the concepts of "contained in,” "revealed by,” and "compilation"

• Recognize examples of "contained in” derivative classification based on various authorized sources

• Recognize examples of "revealed by” derivative classification based on various authorized sources

• Recognize examples of compilation of information derivative classification guided by authorized sources

Derivative Classification Terms and Concepts

1. Key Terms

There are different ways in which derivative classifiers can create new content from authorized sources. They can extract information, paraphrase or restate it, or generate that information in a new form. As part of their derivative classification responsibilities, they must correctly identify the classification level of the new material and mark it accordingly. It is important, therefore, to understand what each of these terms means.

• Extracting occurs when information is taken directly from an authorized classification guidance source and is stated verbatim in a new or different document.

Classification Markings in This Document Are for Training Purposes Only

Derivative Classification Student Guide Classification Concepts

Classification Markings in This Document Are for Training Purposes Only

• Paraphrasing or restating occurs when information is taken from an authorized source and is re-worded in a new or different document. Derivative classifiers must be careful when paraphrasing or restating information to ensure that the classification has not been changed in the process.

• Generating is when information is taken from an authorized source and generated into another form or medium, such as a video, DVD, or CD.

Understanding the different ways of incorporating existing classified information into new material is only part of the picture, however. There are three key classification concepts you will need to apply in order to correctly classify your newly created materials.

2. Concepts Overview

There are three key concepts that you can use to determine the classification level of the material you create. Your new material may include classified information that is contained in the classification guidance. Or, because of the way it is organized or structured, your new material may reveal classified information that did not specifically appear in the classification guidance used to create it. Finally, your new material may aggregate, or bring together, pieces of information that are unclassified, or have one classification level, but when you present them together it either renders the new information classified or changes its classification level. This is called compilation. Let's take a closer look at each of these concepts.

"Contained In"

1. Definition

The concept of "contained in" applies when derivative classifiers incorporate classified information from an authorized source into a new document, and no additional interpretation or analysis is needed to determine the classification of that information. In other words, when classified information in a new document is contained in the authorized source, the new document's classification is derived directly from the classification of that source. The concept of "contained in" can apply when the information is extracted word-for-word or when the information is paraphrased or restated from the existing content.

Classification Markings in This Document Are for Training Purposes Only

Page 2

Derivative Classification Student Guide Classification Concepts

Classification Markings in This Document Are for Training Purposes Only

2. Examples

Let's review some examples of how the "contained in" concept determines the derivative classification of a new document.

Properly Marked Source Document

New Document

(S) The length of the (S) The length of the course is two hours. ---------------------------------------► course is two hours.

In this example, the classification guidance is a properly marked source document. It contains classified information that has been extracted word-for-word into the new document. Because the information contained in the classification source was Secret, you must classify the new document Secret.

Let's look at another example:

Properly Marked Source Document

New Document

(S) The length of the (S) This course is course is two hours. normally two hours in

length.

Here, the information from the classified source is paraphrased and incorporated in the new document. Even though it is worded differently, the information in the new document is contained in the classified source, where it is Secret. Therefore, you must classify the new document Secret.

The "contained in" concept also applies to the use of an SCG. Sometimes, the guidance in an SCG may explicitly apply to the content you incorporate into a new document:

Security Classification Guide New Document

U C S TS Length of course

X (S) The length of the course is two hours.

This SCG provides that the information about the length of the course is classified Secret. Because you have stated this exact information in your new document, you must apply this Secret classification as dictated by the SCG.

Classification Markings in This Document Are for Training Purposes Only

Page 3

Derivative Classification Student Guide Classification Concepts

Classification Markings in This Document Are for Training Purposes Only

1. Definition

The concept of "revealed by" applies when derivative classifiers incorporate classified information from an authorized source into a new document that is not clearly or explicitly stated in the source document. However, a reader can deduce the classified information from the new document by performing some level of additional interpretation or analysis. In this sense, the classified nature of the information in the new document is revealed by analysis of its contents, so it will need to be marked in accordance with that classification.

2. Example

Let's look at some examples of how the classification of information can be revealed through analysis.

Properly Marked New Document Source Document

The properly marked source document contains some Secret information. Your new document does not contain that same information. However, the information in your new document will allow a reader to deduce the classified information.

If the first half of the course is one hour long, it follows that the second half would be the same length -- one hour. Since the course has two one-hour halves, it must be two hours long. This information is classified Secret according to the properly marked source document, so you must apply the same classification markings to the information in your new document.

"Revealed by"

(S) The length of the course is two hours.

(S) The firs t half of the course is one hour and will define derivative classification. The second half of the course will provide an opportunity to practice derivatively classifying information.

Classification Markings in This Document Are for Training Purposes Only

Page 4

Derivative Classification Student Guide Classification Concepts

Classification Markings in This Document Are for Training Purposes Only

The concept of "revealed by" also applies when you are using an SCG as classification guidance. You need to look at what information can be deduced from what you have included in your new material and check whether that information is itself listed as classified in an SCG:

Security Classification New Document Guide

U C S TS Length of course

X

(S) The firs t half of the course is one hour and will define derivative classification. The second half of the course will provide an opportunity to practice derivatively classifying information.

"Classification by Compilation"

1. Definition

Sometimes combining two or more pieces of unclassified information can result in an aggregate that is classified. This occurrence is called compilation, or aggregation.

Classification by compilation involves combining or associating unclassified individual elements of information with one classification level to reveal an additional association or relationship that warrants a classified level of protection. Classification by compilation is not the norm when derivatively classifying information. However, because of the risks involved, it is critical to refer to classification guidance, such as SCGs, to ensure otherwise unclassified information does not become classified when you use it in a new document.

There are some special procedures to follow whenever you classify information by compilation. First, you must place a clearly-worded explanation of the basis for classification by compilation on the face of the new document or include it in the text. You must also mark each element of information individually according to its classified content. This will allow subsequent derivative classifiers to use the individual elements at their original classification level.

Classification Markings in This Document Are for Training Purposes Only

Page 5

Derivative Classification Student Guide Classification Concepts

Classification Markings in This Document Are for Training Purposes Only

2. Examples

Let's look at an example of classification by compilation. You have two Theater-Wide Operation Failure Reports, both of which are unclassified. When you refer to the SCG below, you can verify this fact in row 3.3.2.8:

Security Classification Guide

U C S TS

3.3.2.8 Single theater-wide operation failure report, outage report, problem report, or investigation report

X

3.3.2.9 Compilation of two or more theater- wide operation failure reports, outage reports, problem reports, or investigation reports within the same document

X

Therefore, if you create a new document that mentions either report alone, that new document will also be unclassified. But the next row in the SCG indicates that if you compile two or more of the listed report types into a single document, the classification level changes.

Imagine you need to create an Investigation Report that summarizes the contents of two Theater-Wide Operation Failure reports:

(U) Theater-wide Operation Failure (U) Theater-wide Operation Failure Report Report

(U) Table of Contents (U) Table of Contents

(U) Introduction............................... 1 (U) Introduction............................... 1 (U) Theater-wide outrage report 2 (U) Theater-wide outrage report 2

When you aggregate these unclassified pieces of information in a new document, the SCG indicates that the information taken together should be classified as Secret.

Classification Markings in This Document Are for Training Purposes Only

Page 6

Derivative Classification Student Guide Classification Concepts

Classification Markings in This Document Are for Training Purposes Only

SECRET

(U) Investigation Report

(U) Table of Contents

(U) Introduction...............................................................1 (U)* Theater-wide outage report....................................2 (U)* Theater-wide problem report.................................. 3

*Note that the compilation of two or more theater-wide operation failure reports, outage reports, problem reports, or investigation reports within the same document is classified as Secret.

SECRET

Note that the individual pieces of information should still be marked unclassified, consistent with their original classification. You are also required to explain the basis for your classification by compilation. The note on the report above is one example of how you might do so. If you think classification by compilation applies to your situation, refer to your classification guidance. Although classification by compilation may be rare, some types of information are more likely to be subject to it. Here are some examples:

Example: Budget and Tables of Distribution

U C S TS 3.3.3.7 Budget X 3.3.3.8 Tables of Distribution X 3.3.3.9 Compilation of both budget and tables of distribution within the same document

X

Example: Staffing and Equipment Allowances

U C S TS 3.3.4.7 Staffing X 3.3.4.8 Equipment allowances X 3.3.4.9 Compilation of both staffing and equipment allowances within the same document

X

Classification Markings in This Document Are for Training Purposes Only

Page 7

Example: Mission and Geographic Location

Derivative Classification Student Guide Classification Concepts

Classification Markings in This Document Are for Training Purposes Only

U C S TS 3.3.2.7 Mission X 3.3.2.8 Geographic Location X 3.3.2.9 Compilation of both mission and geographic location within the same document

X

Seeking Further Guidance

1. When and Where to Seek Guidance

As a derivative classifier, it is important to use your subject matter expertise and classification knowledge when analyzing information. If the classification in the existing content seems incorrect or there is conflicting guidance from authorized sources, you are required to seek further guidance.

Remember, as a derivative classifier, you are not authorized to make original classification decisions. Only the cognizant original classification authority has that authority. Rather, your duty is to derivatively classify new documents based on classification guidance and to seek clarification or further direction when the classification guidance is in question.

Some issues may lead you to believe that an existing document is incorrectly marked. These include the level of classification, the duration of the classification, special control requirements, and outdated classification guidance. When there is a conflict between an existing document and an SCG, the SCG takes precedence.

When you are unsure of how to mark the new document, DoD employees should contact their security manager or OCA and contractor employees should contact their FSO or Government Contracting Authority. Your community will define the appropriate chain-of- command or channels for resolving such issues.

When in doubt, you should always seek additional guidance rather than guess or speculate how to mark the new document. Remember, your derivative classification determinations may have far-reaching effects on national security and the efficient use of resources.

Classification Markings in This Document Are for Training Purposes Only

Page 8

Derivative Classification Student Guide Classification Concepts

Classification Markings in This Document Are for Training Purposes Only

Review Activity

Question 1

Using the source document and the SCG, identify the concept used to determine the derivative classification of the new document.

o Contained in o Revealed by o Classification by compilation

New Document

(S) The firings will begin on October 3rd and end on November 24th.

Security Classification Guide

U C S TS

The unit will conduct test firings. X

Test firing dates X

Unit members are Jones, Williams, and Smith. X

Compilation of unit member names and fact that the unit will conduct test firings

X

Properly Marked Source Document

(S) Test firings will begin 3 October and end 24 November.

(U) The unit will conduct test firings.

(U) Unit members are Jones, Williams, and Smith.

Classification Markings in This Document Are for Training Purposes Only

Page 9

Derivative Classification Student Guide Classification Concepts

Classification Markings in This Document Are for Training Purposes Only

Question 2

Using the source document and the SCG, identify the concept used to determine the derivative classification of the new document.

o Contained in o Revealed by o Classification by compilation

New Document

(S) Jones is unavailable because her unit is conducting test firings.

Security Classification Guide

U C S TS

The unit will conduct test firings. X

Test firing dates X

Unit members are Jones, Williams, and Smith. X

Compilation of unit member names and fact that the unit will conduct test firings

X

Properly Marked Source Document

(S) Test firings will begin 3 October and end 24 November.

(U) The unit will conduct test firings.

(U) Unit members are Jones, Williams, and Smith.

Classification Markings in This Document Are for Training Purposes Only

Page 10

Derivative Classification Student Guide Classification Concepts

Classification Markings in This Document Are for Training Purposes Only

Question 3

Using the source document and the SCG, identify the concept used to determine the derivative classification of the new document.

o Contained in o Revealed by o Classification by compilation

New Document

(S) Unit members cannot attend training while they conduct test firings. Unit members must attend training before 2 October or after 24 November.

Security Classification Guide

U C S TS

The unit will conduct test firings. X

Test firing dates X

Unit members are Jones, Williams, and Smith. X

Compilation of unit member names and fact that the unit will conduct test firings

X

Properly Marked Source Document

(S) Test firings will begin 3 October and end 24 November.

(U) The unit will conduct test firings.

(U) Unit members are Jones, Williams, and Smith.

Classification Markings in This Document Are for Training Purposes Only

Page 11

Derivative Classification Student Guide Classification Concepts

Classification Markings in This Document Are for Training Purposes Only

Lesson Conclusion

In this lesson, you learned about the key concepts in derivative classification: contained in, revealed by, and classification by compilation.

Contained in: Definition: Incorporating classified information from an authorized source of classification guidance into a new document

• No additional interpretation/analysis needed to deduce classification Revealed by: Definition: Incorporating classified information into a new document that is

NOT clearly stated in an authorized source of classification guidance

• Additional interpretation or analysis needed to deduce the classification Compilation: Definition: combining or associating individually unclassified information to

reveal information that is classified

Requirements: • Explain the basis for classification by compilation on the face of the document or in the text • Mark each portion individually according to its classified content

You also learned about when and where to seek additional guidance when performing derivative classification.

Classification Markings in This Document Are for Training Purposes Only

Page 12

Derivative Classification Student Guide Classification Concepts

Classification Markings in This Document Are for Training Purposes Only

Answer Key

Question 1

The classified information is contained in the existing document and has been paraphrased in the new document. The SCG identifies the test firing dates as Secret information. No additional interpretation was needed to identify this information's classification.

Question 2

Both pieces of information are unclassified on their own, but together, they are classified by compilation. The SCG identifies the compilation of the unit members' names and the fact that the unit is conducting test firing as Secret information.

Question 3

The classification is revealed by analyzing the information. The SCG identifies the test firing dates as Secret information. By analyzing the information in the new content, the reader is able to deduce that test firing will occur between 3 October and 24 November.

Classification Markings in This Document Are for Training Purposes Only

Page 13

Student Guide

Derivative Classification Student Guide Classification Concepts

Classification Markings in This Document Are for Training Purposes Only

Course: Derivative Classification

Lesson: Practical Exercise

Introduction

In this lesson, you will practice how to derivatively classify a document. As you complete the practical exercise, use what you have learned about classification concepts, authorized sources, and the process for derivatively classifying documents.

As you complete each activity, you can check your answers in the Answer Key at the end of this Student Guide.

Lesson Objectives

• Practice derivatively classifying a document • Apply classification concepts • Identify authorized sources • Follow the derivative classification process

Classification Markings in This Document Are for Training Purposes Only

Page 14

Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____

Scenario 1

Your office is tasked with recording meeting minutes for a new series of planning meetings. You must prepare and forward the minutes, along with the Commander's comments, to staff Department Heads and Special Assistants. Below you will see a series of questions about the classification of the new document you are creating.

There are two sources of classification guidance for you to use to determine the classification of your new document, the source document that you received at the first planning meeting and the Security Classification Guide (SCG).

Properly Marked Source Document:

SECRET

1. (S) This announcement declares the intent to hold a series of internal planning meetings in support of exercise OBSCURE NIMBUS XX, which is being hosted by Pandora Naval Station (PNS) and scheduled to take place from 15-25 March 20XX. The first planning meeting will be held on 14 August 20XX in the Rocky Oaks Conference Center. LT Herman Lukowicz, Administration Officer, will serve as point of contact.

2. (C) Attendance at this initial planning meeting will be limited to PNS Administration, Operations, Training, Maintenance, and Supply Department Heads. The next meeting will be held at the PNS Training Facility, Bldg. 112. Attendance will include all Department Heads, their key personnel, and Special Assistants.

SECRET

Classification Markings in This Document Are for Training Purposes Only

Page 2

Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____

Security Classification Guide:

U C S TS

Intent to hold series of internal planning meetings X

Name of exercise is OBSCURE NIMBUS X

PNS is hosting meetings X

Exercise dates X Attendance limited to PNS Administration, Operations, Training, Maintenance, Supply Department Heads

X

Future meeting location X

Future meeting attendees X

Compilation of future meeting attendees and meeting dates X

Point of contact's name X

Classification Markings in This Document Are for Training Purposes Only

Page 3

Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____

1. Activity 1

Derivative Document:

1. (_) The planning meeting tomorrow for exercise OBSCURE NIMBUS XX was held on 14 August 20XX. Target audience was present, participative, resourceful, and enthusiastic. The groundwork for this year’s exercise scheduled for 15-25 March 20XX has been positively established and meeting minutes are forwarded as enclosure (1).

2. (_) My point of contact in this matter is LT Herman Lukowicz, Administration Officer.

3. (_) The next planning meeting will be held at the PNS Training _______Facility, Bldg. 112, to continue planning for the exercise._______

Question 1

What is the correct portion marking for Paragraph 1 in the derivative document?

o Unclassified o Confidential o Secret o Top Secret

Question 2

What is the correct portion marking for Paragraph 2 in the derivative document?

o Unclassified o Confidential o Secret o Top Secret

Question 3

What is the correct portion marking for Paragraph 3 in the derivative document?

o Unclassified o Confidential o Secret o Top Secret

Classification Markings in This Document Are for Training Purposes Only

Page 4

Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____

2. Activ ity 2

Refer to the source document and the SCG above to answer the following questions:

Your SCG and your properly marked source document both indicate that the exercise name is classified as Secret. LT Lukowicz, however, tells you that the exercise name has been recently declassified. Which source(s) should you use to derivatively classify the material?

O LT Lukowicz o SCG and properly marked source document

Classification Markings in This Document Are for Training Purposes Only

Page 5

Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____

3. Activ ity 3

Use these sources of classification guidance to answer the question below.

Properly Marked Source Document

SECRET

1. (S) This announcement declares the intent to hold a series of internal planning meetings in support of exercise OBSCURE NIMBUS XX, which is being hosted by Pandora Naval Station (PNS) and scheduled to take place from 15-25 March 20XX. The first planning meeting will be held on 14 August 20XX in the Rocky Oaks Conference Center. LT Herman Lukowicz, Administration Officer will serve as point of contact.

2. (C) Attendance at this initial planning meeting will be limited to PNS Administration, Operations, Training, Maintenance, and Supply Department Heads. The next meeting will be held at the PNS Training Facility, Bldg. 112. Attendance will include all Department Heads, their key personnel, and Special Assistants.

SECRET

Security Classification Guide:

U C S TS

Intent to hold series of internal planning meetings X

Name of exercise is OBSCURE NIMBUS X

PNS is hosting meetings X

Exercise dates X

Attendance limited to PNS Administration, Operations, Training, Maintenance, Supply Department Heads X

Future meeting location X

Future meeting attendees X

Compilation of future meeting attendees and meeting dates X

Point of contact's name X

If your SCG states the exercise name is Secret but your properly marked source document states the exercise name is unclassified, which source should you use to derivatively classify the material?

o Properly marked source document o SCG

Classification Markings in This Document Are for Training Purposes Only

Page 6

Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____

Scenario 2 After receiving a classified document, your office is required to issue a letter outlining personnel movement information. In the following activities, you will see a series of questions about the classification of the new document you are creating. You will have two authorized sources of classification guidance available to you. You will, of course, have the properly marked source document, and you will also have a Security Classification Guide. Use both of these authorized sources to help you answer the questions.

_____ Properly Marked Source Document:________________________________________________ SECRET

(S) Personnel from the 7Reconnaissance Force will be participating in joint exercise EVERLASTING HEADACHE from 17 October to 9 November 20XX. They are scheduled to arrive in theater on 16 October 20XX.

(C) Transportation will be provided by the U.S. Air Force, operating AMC flight 8027, a C-337.

(U) The fight is scheduled to depart from Whetstone Air Force Base, Vermont on 15 October 20XX. Estimated time of departure is 0430.

(U) The flight will arrive at Stanislaus Air Force Base, Germany.

(U) The participants will be advised of their return itinerary on the last day of the exercise.

SECRET

Security Classification Guide:

U C S TS

In theater arrival dates X

Joint exercise name X

Joint exercise dates X

Name of departure Air Force Base X

Name of arrival Air Force Base X

Compilation of departure and arrival Air Force Bases X

Flight number X

Exercise participants X

Compilation of flight number and exercise participants X

Type of aircraft used for flight X

Classification Markings in This Document Are for Training Purposes Only

Page 7

Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____

The document below is your draft letter. In the following activities, you will analyze and classify each paragraph.

Derivative Document:

(__) Request transportation assistance for a joint exercise from Whetstone Air Force Base, Vermont, to Stanislaus Air Force Base, Germany.

(__) Personnel from the 7th Reconnaissance Force must arrive in theater on 16 October 20XX.

( ) The 7th Reconnaissance Force must arrive on AMC scheduled flight 8027, a C-337.

(__) The exercise begins 17 October 20XX and will continue for twenty-four days. Request assistance for return transportation on the day following exercise completion._____________________________________________

1. Activ ity 1

What classification concept would you use to determine the correct marking for the first paragraph of your derivatively classified letter?

(__) Request transportation assistance for a joint exercise from Whetstone Air Force Base, Vermont, to Stanislaus Air Force Base, Germany.

o Compilation o Revealed by o Contained in

2. Activ ity 2

What is the classification for the first paragraph of your derivatively classified letter?

(__) Request transportation assistance for a joint exercise from Whetstone Air Force Base, Vermont, to Stanislaus Air Force Base, Germany._______

o Unclassified o Confidential o Secret o Top Secret

Classification Markings in This Document Are for Training Purposes Only

Page 8

Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____

3. Activ ity 3

What classification concept would you use to determine the correct marking for the second paragraph of your derivatively classified letter?

( ) Personnel from the 7th Reconnaissance Force must arrive in theater on 16 October 20XX.

o Compilation o Revealed by o Contained in

4. Activ ity 4

What is the classification for the second paragraph of your derivatively classified letter?

( ) Personnel from the 7th Reconnaissance Force must arrive in theater on 16 October 20XX.

o Unclassified o Confidential o Secret o Top Secret

5. Activ ity 5

What classification concept would you use to determine the correct marking for the third paragraph of your derivatively classified letter?

(__) The 7th Reconnaissance Force must arrive on AMC scheduled flight 8027, a C-337._____________________________________________

o Compilation o Revealed by o Contained in

Classification Markings in This Document Are for Training Purposes Only

Page 9

Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____

6. Activ ity 6

What is the classification for the third paragraph of your derivatively classified letter?

( ) The 7th Reconnaissance Force must arrive on AMC scheduled flight 8027, a C-337.____________________________________________

o Unclassified o Confidential o Secret o Top Secret

7. Activity 7

What classification concept would you use to determine the correct marking for the last paragraph of your derivatively classified letter?

(__) The exercise begins on 17 October 20XX and will continue for twenty-four days. Request assistance for return transportation on the day following exercise completion._______________________________

o Compilation o Revealed by o Contained in

8. Activ ity 8

What is the classification for the last paragraph of your derivatively classified letter?

(__) The exercise begins on 17 October 20XX and will continue for twenty-four days. Request assistance for return transportation on the following day following exercise completion._______________________

o Unclassified o Confidential o Secret o Top Secret

Classification Markings in This Document Are for Training Purposes Only

Page 10

Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____

9. Activ ity 9

Which of the following methods would you use to determine classification of this paragraph?

(__) Personnel from the 7th Reconnaissance Force will be participating in joint exercise EVERLASTING HEADACHE from 17 October to 9 November 20XX. They are scheduled to arrive in theater on 16 October 20XX.

o Seek guidance from an appropriate authority (e.g., Security Manager, OCA, FSO, or GCA)

o Ask LT Lukowicz to mark the document o Use the classification indicated in the SCG o Use your subject matter expertise and experience to create the original

classification

10. Activ ity 10

If the SCG was not available, how would you determine classification? Select the best response.

(__) Personnel from the 7th Reconnaissance Force will be participating in joint exercise EVERLASTING HEADACHE from 17 October to 9 November 20XX. They are scheduled to arrive in theater on 16 October 20XX.

o Seek guidance from an appropriate authority (e.g., Security Manager, OCA, FSO, or GCA)

o Ask LT Lukowicz to mark the document o Use the properly marked source document o Use your subject matter expertise and experience to create the original

classification

Summary

Congratulations! You have completed the Practical Exercise for the Derivative Classification course.

Classification Markings in This Document Are for Training Purposes Only

Page 11

Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____

Answer Key

Scenario 1

1. Activ ity 1

Question 1 The information in this paragraph is contained in the existing document, where it is marked Secret. The s Cg confirms this classification, so it should be marked Secret in the derivative document.

Question 2

The SCG indicates the point of contact’s name is unclassified.

Question 3

The information in this paragraph is restating information classified as confidential in the existing document and the SCG.

2. Activ ity 2

You should use only authorized sources of classification guidance (SCG and properly marked source document) to classify the exercise name as Secret. LT Lukowicz is not an authorized source; however, you should research his disclosure through appropriate channels.

3. Activ ity 3

When there is a conflict between authorized sources, the SCG takes precedence over a properly marked existing document. You should, however, call attention to the inconsistency between the authorized sources of guidance.

Scenario 2

1. Activ ity 1

Based on the SCG, compilation is required to determine the classification. When combined or associated, these elements of information warrant classification.

2. Activ ity 2 Based on the SCG, compilation of departure and arrival Air Force Bases is Confidential.

Classification Markings in This Document Are for Training Purposes Only

Page 12

Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____

3. Activ ity 3

Based on the properly marked source document, the in-theater arrival date can be determined without further interpretation or analysis; it is contained in the document.

4. Activ ity 4

Based on the properly marked source document, the in-theater arrival date is Secret.

5. Activ ity 5

Based on the SCG, compilation is required to determine the classification. When combined or associated, these elements of information warrant a higher classification.

6. Activ ity 6

Based on the SCG, compilation of exercise attendees and flight number is Secret.

7. Activ ity 7 Based on the properly marked source document, the information is not clearly stated, but can be determined by calculating the start date and number of days. This information is "revealed by" analysis of the information presented.

8. Activ ity 8

The SCG indicates that the exercise dates are Secret.

9. Activ ity 9 When a properly marked, existing source document is unclear or conflicts with an SCG, use the classification indicated in the SCG.

10. Activ ity 10 You should ask your Security Manager, OCA, FSO, or GCA for guidance. LT Lukowicz is not an authorized source and the existing source document does not contain sufficient markings. Derivative classifiers are not authorized to make original classification decisions.

Classification Markings in This Document Are for Training Purposes Only

Page 13

Student Guide

Course: Derivative Classification

Lesson: Course Conclusion

Course Summary

Protecting classified information from disclosure is a critical responsibility of the individuals who work with it. Whenever new classified documents or materials are derived from an authorized source of classification guidance, derivative classifiers are responsible for ensuring the information is accurately identified. This course taught you about the resources you must use and the processes you must follow to properly perform derivative classification.

Lesson Review

Here is a list of the lessons in the course:

• Course Introduction • Derivative Classification Basics • Classification Concepts • Practical Exercise • Course Conclusion

Course Objectives

You should now be able to:

V Identify the responsibilities associated with derivatively classifying Information V Identify the process and methods for derivatively classifying information V Identify authorized sources to use when derivatively classifying information V Applying authorized sources, derivatively classify information based on the

concepts of "contained in,” "revealed by,” and "compilation"

Conclusion

Congratulations. You have completed the Derivative Classification Course. To receive credit for this course, you must take the Derivative Classification Examination. Please use the DSS CDSE STEPP system to register for the on-line exam.

Derivative Classification Course Glossary

Glossary

Course: Derivative Classification

Access: The ability and opportunity to gain knowledge of classified information.

Classification: The act or process by which information is determined to be classified information.

Classifier: An individual who makes a classification determination and applies a security classification to information or material. A classifier may be an original classification authority or a person who derivatively assigns a security classification based on a properly marked classified source or a classification guide.

Classified National Security Information or “ Classified Information” : Information that has been determined, pursuant to Executive Order 13526 or any predecessor order, or pursuant to the Atomic Energy Act of 1954, to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.

Classification Guidance: Is an authorized source of classification guidance. Within DoD there are three authorized sources for classification guidance: The Security Classification Guide (SCG), a properly marked source document, and the DD Form 254.

Classification Guide: Also referred to as a Security Classification Guide (SCG). A document issued by an authorized original classifier that identifies the elements of information regarding a specific subject that must be classified and establishes the level and duration of classification for each such element. A SCG is a collection of precise, comprehensive guidance about a specific program, system, operation, or weapon system telling what elements of information are classified. For each element of information, the SCG includes its classification level, the reasons for that classification, and the downgrading/duration of classification.

Cognizant Security Agencies (CSAs): Agencies of the Executive Branch that have been authorized by Executive Order 12829 to establish an industrial security program to safeguard classified information under the jurisdiction of these agencies when disclosed or released to U.S. Industry. These agencies are: The Department of Defense, Department of Energy, Central Intelligence Agency, and Nuclear Regulatory Commission.

Cognizant Security Office (CSO): The organizational entity delegated by the head of a CSA to administer industrial security on behalf of the CSA.

Compilation: The concept also know as aggregation, which involves combining or associating individually, unclassified information which reveals an additional association or relationship that warrants protection as classified information. This concept also applies to elements of information classified as a lower level which become classified at a higher level when combined.

Compromise: An unauthorized disclosure of information.

Page 1

Derivative Classification Course Glossary

Confidential: The classification level applied to information, the unauthorized disclosure of which reasonable could be expected to cause damage to the national security that the original classification authority is able to identify or describe.

Contained in: The concept that refers to the process of extracting classified information as it is stated in an authorized source of classification guidance without the need for additional interpretation or analysis, and incorporating this information into a new document.

DD Form 254, (Department of Defense Security Classification Specification): This form provides classification guidance to contractors performing on classified contracts. It informs them of the level of information they will need to access, the required level of security clearance for access, and the performance requirements to include safeguarding, special security requirements, etc. This form is an authorized source of classification used by derivative classifiers.

Damage to the National Security: Harm to the national defense or foreign relations of the United States from the unauthorized disclosure of information.

Declassification: The authorized change in the status of information from classified information to unclassified information.

Derivative Classification: The process of determining whether information has already been originally classified and, if it has, ensuring that it continues to be identified as classified by marking or similar means when included in newly created material.

Derivative Classifier: The individual responsible for ensuring that they apply the highest possible level of security classification when derivatively classifying information. These individuals bear the principal responsibility for the accuracy of the derivative classification.

DoD 5200.1-R, Department of Defense Industrial Security Program: The Regulation that implements Executive Order 12958, as amended “Classified National Security Information,” and associated OMB directives within the DoD. It applies to all Components of the DoD. It establishes the DoD Information Security Program to promote proper and effective classification, protection, and downgrading of official information requiring protection in the interest of the national security. It also promotes the declassification of information no longer requiring such protection.

DoD 5220.22-M, National Information Security Program Operating Manual (NISPOM): The manual issued in accordance with the National Industrial Security Program that prescribes the requirements, restrictions, and other safeguards to prevent unauthorized disclosure of classified of information.

Downgrading: A determination that information classified at a specific level shall be classified at a lower level.

Duration of Classification: A determination made by an original classifier, at the time of original classification, on the length of time information will require protection of security classification.

Page 2

Derivative Classification Course Glossary

Extract: Taking information directly from an authorized source of classification guidance and stating it verbatim in a new or different document.

Facility Security O fficer (FSO): A U.S. citizen employee, appointed by a contractor who will supervise and direct security measures necessary for implementing the NISPOM and other Federal requirements for classified information.

Generate: Taking information from an authorized source of classification guidance and using it in another form or media.

Government Contracting Activ ity (GCA): An element of an agency designated by the agency head and delegated broad authority regarding acquisition functions.

Information: Any knowledge that can be communicated or documentary material that is owned by, produced by or for, or is under the control of the United States Government. "Control” means the authority of the Agency that originates information, or its successor in function, to regulate access to the information.

Information Security: The result of any system of administrative policies and procedures for identifying, controlling, and protecting from unauthorized disclosure, information the protection of which is authorized by executive order.

Marking: The principal means to inform holders of classified information about specific protection requirements for that information. Marking and designation of classified information are the specific responsibility of original and derivative classifiers.

Multiple Sources: Two or more source documents, classification guides, or a combination of both.

Need-to-Know (NTK): A determination made by an authorized holder of classified information that a prospective recipient requires access to specific classified information in order to perform or assist in a lawful and authorized governmental function.

National Security: The national defense or foreign relations of the United States

Original Classification: An initial determination that information requires, in the interest of national security, protection against unauthorized disclosure.

Original Classification Authority: An individual authorized in writing, either by the President, or by Agency Heads or other officials designated by the President, to originally classify information.

Paraphrase/Restate: Taking information from an authorized source of classification guidance and re-wording it in a new or different document.

Regrade: To raise or lower the classification assigned to an item of information.

Revealed by: The concept applied when derivative classifiers incorporate classified information from an authorized source of classification guidance into a new document, which is not clearly or explicitly stated in the source document.

Page 3

Derivative Classification Course Glossary

Safeguarding: Measures and controls that are prescribed to protect classified information.

Secret: The classification level applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to national security that the original classification is able to identify or describe.

Security Classification Guide (SCG): Also referred to as a Classification Guide. A document issued by an authorized original classifier that identifies the elements of information regarding a specific subject that must be classified and establishes the level and duration of classification for each such element. A SCG is a collection of precise, comprehensive guidance about a specific program, system, operation, or weapon system telling what elements of information are classified. For each element of information, the SCG includes its classification level, the reasons for that classification, and the downgrading/duration of classification.

Source Document: An authorized source of classification used by a derivative classifier, from which information is extracted, paraphrased, restated, and/or generated in a new form for inclusion in another document.

Top Secret: The classification level applied to information, the unauthorized disclosure of which reasonable could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe.

Unauthorized disclosure: A communication or physical transfer of classified information to an unauthorized recipient.

Page 4

Developing a Security Education and Training Program Student Guide

Student Guide

Course: Developing a Security Education and Training Program

Lessonl: Course Introduction

1. Course Information

Purpose Provide a thorough understanding of the DoD and National Industrial Security Program (NISP) policy requirements and best practices and instructional methods for developing and implementing a security education and training program.

Audience Military, civilian, and contractor security professionals and practitioners who have responsibility for developing and maintaining a security education and training program.

POC InformationSecurity.Training@dss.mil IndustrialSecurity.Training@dss.mil PersonnelSecurity.Training@dss.mil

Pass/Fail % 75%

2. Course Overview

Working with classified information carries significant responsibilities. Organizations and individuals who handle classified information are charged with keeping it safe from accidental or intentional compromise. As an employee responsible for managing a security program, you have a special duty to ensure that every individual in your organization is aware of their responsibilities in safeguarding classified information.

In this course you will learn not only the policy requirements for a security education program, but also some best practices for developing and implementing such a program and the variety of instructional strategies and methods available.

3. Course Objectives

• Identify the purpose of a security education and training program • Identify security education and training policy requirements for DoD and Industry

personnel • Identify key security briefing types and define their scope • Identify strategies for gaining management support for your security education and

training program • Identify the steps involved in establishing a training strategy • Identify methods for delivering security training • Identify strategies for motivating individuals to perform their security duties and meet

their responsibilities • Identify key activities involved in maintaining a security education and training program

page 1

mailto:InformationSecurity.Training@dss.mil
mailto:IndustrialSecurity.Training@dss.mil
mailto:PersonnelSecurity.Training@dss.mil
Developing a Security Education and Training Program Student Guide

4. Course Structure

This course is organized into the lessons listed here: • Course Introduction • Introduction to Security Education and Training Requirements • Basic Security Briefing Requirements • Special Briefings and Other Training • Developing an Effective Security Education Program • Course Conclusion

page 2

Developing a Security Education and Training Program Student Guide

Lesson 2: Introduction to Security Education and Training Requirements

Introduction

1. Objectives

Because protecting classified information from improper disclosure is so critical, there are specific policies and procedures requiring education and training of personnel who have access to, or may come in contact with classified information.

Here are the lesson objectives. Take a moment to review them.

• Identify the purpose of a security education and training program • Identify security education and training policy requirements for Industry and DoD personnel

Why Security Education

1. The Importance of Security Education

C hris tophe r Boyce, R obert H a n sse n , D av id B o on e , A ld rich Am es, A na Montes, J a m e s N icho lson, Jona than P o lla rd , J e rry W hitw orth , R ona ld P e lton , John Walker, C lyd e C onrad.

What do all of these people have in common? They were all American citizens with authorized access to classified information and were arrested for espionage. They worked in offices and facilities just like yours.

Ahmed Fathy Mehalba, an Arabic translator at Guantanamo Bay, exploited lax physical security practices at Guantanamo Bay by copying and removing 386 classified documents from the facility, which did not regularly perform bag or computer searches.

Internal traitors exploit weaknesses in safeguarding practices designed to protect classified information. The importance of security awareness and vigilance on the part of personnel cannot be overemphasized. It helps to detect internal and external threats and vulnerabilities ultimately assisting in preventing security breaches. It is only when all employees are vigilant and aware, that these spies can be caught early, before they cause irreparable damage to national security.

This is why security education and training is so important. As a security educator, you must ensure that employees are aware of their obligations to protect classified information, the policies they must follow to do so, and the threat that exists all around them, so as to prevent potential security breaches.

page 3

Developing a Security Education and Training Program Student Guide

Who might the next spy be? Your office mate? One of your friends? Someone in your family?

2. W hat Is Security Education?

In order to develop an effective security education and training program, it is essential to have a strong understanding of what security education and training is and what it should achieve. There are, of course, regulatory requirements that outline what must be covered in such a program, and we will cover those requirements throughout this course. But it is also a valuable exercise for individuals responsible for providing security education and training to reflect on its purpose.

Security education is any activity undertaken to ensure that people have the skills, knowledge, and information to enable quality performance of security functions and responsibilities, understand security program policies and requirements, and maintain continued awareness of security requirements and intelligence threats. An effective security education and training program enables cleared personnel to protect classified national security information and meet their security responsibilities.

The success of such a program depends on four components: training, which instructs personnel in their specific security responsibilities, education, which informs personnel about underlying rationale and importance of those responsibilities, and awareness, which ensures that personnel remain continuously alert to security threats and vulnerabilities. Underlying all these components is motivation, or what instills in personnel a desire and commitment to be proactive in the execution of their security responsibilities. These four components—training, education, awareness and motivation—form the word TEAM.

a. Goals

The goals of a security education and training program are many. The most important outcome of effective security education is that it safeguards national security and protects the warfighter by improving the quality of the security program.

More specifically, security education and training makes personnel aware of their responsibilities and of the penalties and consequences of noncompliance. Security education should also communicate threats to classified and sensitive information, promote security best practices and security awareness, and provide guidance on how to apply security requirements.

Perhaps most overlooked, a truly successful security education and training program will also attempt to dispel any negative attitudes and debunk any myths personnel hold in regards to security requirements.

page 4

Developing a Security Education and Training Program Student Guide

Regulatory Basis

1. Nondisclosure of Classified Information

The overarching legal requirement for security education appears in three executive orders: Executive Order 13526, which prescribes the "uniform system for classifying, safeguarding, and declassifying national security information;" Executive Order 12968, Access to Classified Information, the national level policy that identifies the requirement for Employee Education and Assistance; and Executive Order 12829, upon which the National Industrial Security Program is based.

Executive Order 13526 mandates that for individuals to gain access to classified information, they must meet three criteria: First, the individual must have been granted a security clearance at the level of classification of the information to be accessed. Second, the individual must sign Standard Form 312, or SF-312, also known as the Classified Information Nondisclosure Agreement. Third, the individual must have a need-to-know the information.

Prior to signing SF-312, the individual must receive a security briefing on the nature and protection of classified information. This briefing may either occur during the individual's initial briefing or upon receiving clearance, as long as the form is signed prior to access to classified information. The Information Security Oversight Office, or ISOO, provides a briefing booklet with all of the information that should be covered in this initial security indoctrination. There are special requirements for those who require access to Top Secret information, Special Access Programs (SAP).

a. Oral Attestation of Nondisclosure

Individuals granted access to a Top Secret Special Access Program must sign the SF- 312 Form and, in addition, must attest orally to their responsibility to safeguard classified information. This applies to both DoD civilian and military personnel and to Industry under DFARS Part 252.204-7005 Oral Attestation of Security Responsibilities, when this requirement is included in a contract.

In taking the oath, individuals acknowledge their obligation to specially safeguard TOP SECRET SAP information. The presiding official ensures that the date the attestation is completed is recorded in the Organization block in Item 11 of the SF-312.

The individual making the attestation completes Item 11 of the SF-312, and the witness and presiding official sign the Witness and Acceptance blocks, respectively. Contractor personnel mail their signed SF-312 to the Department of Defense Central Adjudications Facility.

page 5

Developing a Security Education and Training Program Student Guide

2. Security Education and Training Requirements As you learned, there are three Executive Orders that provide the legal requirement for security education. Executive Order 13526 mandates that every person who receives a favorable determination of eligibility for access receive training on the proper safeguarding of classified information and the sanctions imposed on those who fail to appropriately protect such information. Additionally, it authorizes the Director of the Information Security Office, under the direction of the Archivist and in consultation with the Assistance to the President for National Security Affairs, to establish standards for agency security education and training programs. The order also lays out the requirement for agency heads to designate senior agency officials to establish and maintain these programs.

Executive Order 12968, Access to Classified Information, requires that agency heads educate employees about their individual responsibilities for handling classified information and inform them about issues that may affect their eligibility for access to classified information. The Department of Defense has implemented these requirements in two regulations: DoD Manual 5200.01, Volumes 1-4, the DoD Information Security Program, and DoD 5200.2-R, the Personnel Security Program.

Executive Order 12829 mandates special requirements for contractors as laid out in DoD 5220.22-M, the National Industrial Security Program Operating Manual (NISPOM). While the requirements for DoD and industry are similar, and in many cases identical, some of the terminology is distinct, and there are policy differences. Throughout this course you may assume that requirements apply to both DoD and industry unless indicated otherwise.

a. D oD R e q u ire m e n ts DoDM 5200.01, the DoD Information Security Program, which mandates security training for individuals with access to classified information, and DoD 5200.2-R, the Personnel Security Program, which includes the security education and training requirements for DoD personnel, describe the briefings required for DoD personnel who have access to or may come into contact with classified information.

Information Security Program, Chapter 9: Security Education and Training • Initial Orientation • Special Requirements • Continuing Security Education/Refresher Training • Termination Briefings • Program Oversight

Personnel Security Program, Section 9.2: Security Education • Initial Briefings • Refresher Briefing • Foreign Travel Briefing • Termination Briefing

page 6

Developing a Security Education and Training Program Student Guide

Each of these briefings will be discussed in detail later in this course. In addition to the basic briefings listed here, this course will also discuss security briefings required under special circumstances.

b. Industry Requirements

A signed DO Form 441 is required for any company entering into a contract to provide the U.S. Government with supplies or services affecting national security and requiring access to classified information. The DO Form 441 obligates the contractor to develop and maintain an effective security program in accordance with the NISPOM.

The NISPOM describes the security education and training requirements for contractors.

NISPOM, Chapter 3: Security Training and Briefings • FSO Training • Initial Security Briefings • Refresher Training • Debriefings

Each of these required briefings will be discussed in detail later in this course. In addition to the basic briefings listed here, this course will also discuss security briefings required under special circumstances.

Review Activity 1

Which of the following are goals of ongoing security education and training? Select all that apply then check your answers in the Answer Key at the end of this Student Guide.

Safeguard national security

Punish personnel who violate security policies and procedures Prevent personnel from learning

of threats to classified information Dispel negative attitudes and perceptions regarding security

practices Provide guidance on how to apply security requirements

Inform personnel of the penalties and consequences of noncompliance

Eliminate the need for formal security briefings

page 7

Developing a Security Education and Training Program Student Guide

Review Activity 2

S ee w he th e r yo u can rem em be r the pu rpo ses o f these im portan t p o lic y docum ents . M atch each docum en t on the le ft to its m atch ing descrip tion on the righ t. T hen c h e c k y o u r answ ers in the A n sw e r K e y a t the end of th is S tuden t G u ide . A. NISPOM Contractual agreement establishing industry’s security responsibility

B. DOD 5200.2-R The manual that includes the security education requirements for industry

C. DoDM 5200.01 The form all personnel must sign to access classified information

D. DD Form 441 Regulation mandating training prior to access to classified information

E. SF-312 The overarching policy that mandates security education

F. E.O. 12968 Regulation mandating security education for DoD employees

Lesson Conclusion

1. Summary

In this lesson, you learned about the purpose and importance of security education and training. You also learned about the policy documents that mandate security education and of the key goals for a security education and training program.

a. Security Education • Establishes, enhances, and maintains quality security programs • Mandated by E.O. 13526 and E.O. 12968 • Implemented in DoDM 5200.01, Volumes 1-4 and DoD 5200.2-R for DoD personnel • Implemented in the NISPOM for Industry • Required prior to signing of SF-312

b. Key Goals

• Safeguard national security • Protect the warfighter • Improve the quality of security programs • Communicate threats to classified and sensitive information • Promote security best practices • Promote security awareness

page 8

Developing a Security Education and Training Program Student Guide

• Provide guidance on how to apply security requirements • Dispel negative attitudes and perceptions

Answer Key

Review Activity 1

Safeguard national security

Dispel negative attitudes and perceptions regarding security

practices Provide guidance on how to apply security requirements

Inform personnel of the penalties and consequences of noncompliance

Review Activity 2

A. NISPOM security responsibility B. DoD 5200.2-R requirements for industry C. DoDM 5200.01 classified information D. DD Form 441 classified information E. SF-312 education F. E.O. 12968 DoD employees

page 9

D. Contractual agreement establishing industry’s

A. The manual that includes the security education

E. The form all personnel must sign to access

B. Requlation manadating training prior to access to

F. The overarching policy that mandates security

C. Regulation mandating security education for

Developing a Security Education and Training Program Student Guide

Lesson 3: Basic Security Briefing Requirements

Introduction

Objectives

The DoD Manual 5200.01, Volumes 1-4, the DoD 5200.2-R, and the National Industrial Security Program Operating Manual (NISPOM) outline several required security briefings: an initial briefing, refresher training and continuing security education, and a termination briefing or debriefing.

The main audiences of these briefings, and indeed the security program as a whole, are cleared employees of the DoD and Industry, though certain briefings may also be appropriate for uncleared personnel. The requirements for these briefings are almost identical for the DoD and Industry, but there are some differences that you will learn about in this lesson.

Lesson objectives: Identify and define the types of required security briefings for all cleared personnel Identify the various audiences of a security program Identify the training requirements for Industry and the DoD

Initial Briefings

W hat is the Initial Briefing?

In order for cleared personnel to receive access to classified information, they must first receive an initial security briefing and then execute Standard Form 312, the Classified Information Nondisclosure Agreement. The SF-312 briefing may either be included in the initial briefing or upon the individual’s receiving a favorable determination of eligibility for access. If the individual already has an SF-312 recorded in the Joint Personnel Adjudication System, or JPAS, it does not need to be executed again.

After the briefing, personnel who sign and execute the SF-312 are granted access to classified information at their authorized access level and on a need-to-know basis. Executed SF-312s are then forwarded to the respective repository and entered into the system of record. If an individual refuses to execute the SF-312, action shall be initiated to deny or revoke the individual’s eligibility.

All initial briefings must cover basic security roles and responsibilities, provide an overview of the classification system, and discuss the penalties for disclosing classified information to unauthorized individuals. The contents of the initial briefing vary slightly by job role and whether it is for DoD or contract employees. Now let's look at the requirements specific to DoD and Industry initial security briefings.

DoD Initial Briefings

The DoD has implemented the requirement for an initial security briefing in two regulations: in DoDM 5200.01, Volumes 1-4, the DoD Information Security Program, and in DoD 5200.2-R, the Personnel Security Program. While the requirements laid out in the two regulations are similar

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Homework Tutor
Quick N Quality
Assignment Hub
Coursework Helper
Helping Engineer
Financial Solutions Provider
Writer Writer Name Offer Chat
Homework Tutor

ONLINE

Homework Tutor

As per my knowledge I can assist you in writing a perfect Planning, Marketing Research, Business Pitches, Business Proposals, Business Feasibility Reports and Content within your given deadline and budget.

$35 Chat With Writer
Quick N Quality

ONLINE

Quick N Quality

I am an academic and research writer with having an MBA degree in business and finance. I have written many business reports on several topics and am well aware of all academic referencing styles.

$22 Chat With Writer
Assignment Hub

ONLINE

Assignment Hub

As an experienced writer, I have extensive experience in business writing, report writing, business profile writing, writing business reports and business plans for my clients.

$18 Chat With Writer
Coursework Helper

ONLINE

Coursework Helper

As per my knowledge I can assist you in writing a perfect Planning, Marketing Research, Business Pitches, Business Proposals, Business Feasibility Reports and Content within your given deadline and budget.

$32 Chat With Writer
Helping Engineer

ONLINE

Helping Engineer

I am an elite class writer with more than 6 years of experience as an academic writer. I will provide you the 100 percent original and plagiarism-free content.

$46 Chat With Writer
Financial Solutions Provider

ONLINE

Financial Solutions Provider

This project is my strength and I can fulfill your requirements properly within your given deadline. I always give plagiarism-free work to my clients at very competitive prices.

$32 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

How to make a coreless dc motor - The regal cycle company manufactures three types of bicycles - Duplexity theory of vision - Robin hood case study swot - Adv 1 sl series - Doing ethics technique - Fas 167 definition - Eve calm exotic filament - Lizard evolution virtual lab module 2 answers - Essay for english litrerature paper - Swarnandhra college of engineering and technology autonomous - Jai jai gurudeva sri sai mahadeva - Journal Entry - Ka acid dissociation constant - Burke litwin model of organisational change - Are t bill rates annualized - Cmis 141 - Purchased goodwill should be written off - Does pantene test on animals - Self Awarness - Circular flow of simple economy - Mobile accelerate plan telstra - Fast inverse square root - What does nlt mean - What are the four most common business 2.0 characteristics - Milky way loose wave weave - Conflict management presentation slides - Hum worksheet cultures and artifacts - Fresher than fresh snow cones - Premier boarding kennels corley - Record keeping payroll and simple inventory problems are examples of - Rg 105 licensing organisational competence - Valuing people now 2007 - Vcantor fitzgerald equity research - Safe at work self assessment test - Diversity swot analysis example - Paradox in macbeth act 1 scene 2 - Bbo intermediate ballet syllabus - Assignment 2 - The primary objective of financial accounting is to - Trojan war crossword mark twain media - Vcaa physics formula sheet - Organizational Behavior - Elizabeth barrett browning sonnet 18 - Liberty online writing center - University of nottingham malaysia postcode - Give me liberty an american history 5th edition pdf - Healthcare quality book 3rd edition pdf - Nissan frontier fog light installation instructions - Girlington primary school website - Uq academic integrity module - Alicia gametree co kr english - Royal agricultural society membership - Question - Linksys spa2102 power adapter - Research Paper Gender and Crimes - The controlled substances act of 1970 - Middleton cheney community primary school - SECURITY ARCHITECTURE AND DESIGN (ISOL-536-M31) PHD IN IT - 10 ways to irritate a telemarketer - Description of a park in winter - Lao friends hospital for children - Cognitive humanistic and behavioral schools of thought - What is a webliography examples - 2004 audi a4 convertible top reset - Tarantella a doll's house - Goldfeld-quandt test in r - Haigh hall medical centre bradford - No less nay bigger - Average price for beyonce tickets - Sectional view engineering drawing - Gdp worksheet final vs intermediate goods - Chapter 8 web server hardware and software - Family trainer wii download - Lancashire grid for learning english - What element has 20 protons - Chocolate rain genius - Lincoln magnum sg spool gun parts - COMMUNICATION THEORY - Brands of paper towel - Tiny floating aquatic plant crossword - This is due tomorrow morning - " What Started the Civil War" - B1681 pats transceiver fault - Logger pro best fit line - The electrical force between charges depends only on the charges - Identifying motherboard components worksheet - Readiness for enhanced breastfeeding nanda - Solar system model to scale - The purpose of picketing is to ___ a labor dispute - Lakes in victoria for boating - Layunin ng lipunan kabutihang panlahat - Wuthering heights chapter quizzes - Japanese feudalism dbq - 06.04 the korean war - Principle of justice in nursing - Bankhead primary school rutherglen - Apa code of ethics psychology - IT incident response - Sulfuric acid risk assessment