Student Guide
Course: Derivative Classification
Lesson: Course Introduction
Course Information
Purpose Provide a thorough understanding of the responsibilities associated with derivative classification and the procedures to follow to correctly derivatively classify documents.
Audience Military, civilian, and contractor personnel responsible for oversight or application of derivative classification.
POC GeneralSecurity.Training@dss.mil Pass/Fail % 75%
Estimated completion time
120 minutes
Course Overview
In the course of working with classified information, individuals sometimes generate or create new documents and materials based on that information. These individuals are responsible for maintaining the protection of that classified information. These individuals are called derivative classifiers. They must carefully analyze their work product to determine what classified information it contains or reveals, and evaluate that information against official classification guidance.
Based on that evaluation, derivative classifiers must ensure that the information in the new material is identified as classified by applying the appropriate markings to the material. This process of determining whether information has been previously classified and properly marking it is called derivative classification.
Derivative classifiers need to understand what their responsibilities are, what processes to follow, and what resources to consult to safeguard information that, if revealed, could cause damage to the national security.
mailto:GeneralSecurity.Training@dss.mil
Derivative Classification Course Introduction
Student Guide
Course Objectives
• Identify the responsibilities associated with derivatively classifying information
• Identify the process and methods for derivatively classifying information
• Identify authorized sources to use when derivatively classifying information
• Applying authorized sources, derivatively classify information based on the concepts of "contained in,” "revealed by,” and "compilation"
Lessons in the Course
• Course Introduction
• Derivative Classification Basics
• Classification Concepts
• Practical Exercise
• Course Conclusion
Page 2
Student Guide
Course: Derivative Classification
Lesson: Derivative Classification Basics
Introduction
Because protecting classified information from improper disclosure is so critical, there are responsibilities and procedures to follow when using classified information to create new documentation. You must be familiar with these responsibilities and procedures as well as where to go for guidance so you can successfully implement and execute them at your activity or facility.
Lesson Objectives
• Define derivative classification
• Identify the requirement for and importance of derivative classification
• Identify who will have derivative classification responsibilities and the requirements he or she must meet
• Identify the steps involved in the derivative classification process
• Identify authorized sources to use when derivatively classifying information
Derivative Classification Overview
1. What is Derivative Classification?
The initial decision about what information should be classified is called original classification. Because this is a very important, sensitive decision, the Government has granted only a limited number of government officials the authority to perform original classification.
Derivative classification is different. It is the process of using existing classified information to create new material, and marking that newly-developed material consistent with the classification markings that apply to the source information. Copying or duplicating existing classified information is not derivative classification.
Whereas only authorized government officials can perform original classification, no specific delegation of authority is required to be a derivative classifier. In fact, all cleared DoD and authorized contractor personnel who generate or create material from classified sources are derivative classifiers.
Like original classification, derivative classification has far-reaching effects on the Department of Defense and industry. Classifying information helps protect our national security. It limits access to only those individuals with the appropriate clearance level
Derivative Classification Derivative Classification Basics
Student Guide
and a legitimate need to know the information. Classification also impacts resources; it imposes costs for things like security clearances, physical security measures, and countermeasures. Because of the importance of classification, but also its inherent limitations and costs, it is crucial that derivative classifiers follow appropriate procedures and observe all requirements.
2. Derivative Classification Responsibilities
In general, derivative classifiers are responsible for ensuring that they apply the highest possible standards when derivatively classifying information. Derivative classifiers who generate new products bear the principal responsibility for the accuracy of the derivative classification. For this reason, it is important to follow DoD policy requirements.
Derivative classifiers have a variety of responsibilities they must meet in order to properly perform derivative classification. First, they must understand derivative classification policies and procedures. Before derivative classification can be accomplished, the classifier must have received the required training. Training must be accomplished in the proper application of the derivative classification principles of as specified in EO 13526, as well as emphasizing the avoidance of over-classification. At a minimum, the training shall cover the principles of derivative classification, classification levels, duration of classification, identification and markings, classification prohibitions and limitations, sanctions, classification challenges, security classification guides, and information sharing. Personnel shall receive this training prior to derivatively classifying information. In addition to this preparatory training, derivative classifiers shall receive such training at least once every two years. Derivative classifiers who do not receive such mandatory training at least once every two years shall have their authority to apply derivative classification markings suspended until they have received such training. They must also have expertise in the subject matter on which they are creating documentation, as well as on classification management and marking techniques. Derivative classifiers must also have access to classification guidance. This helps meet the responsibility of analyzing and evaluating information to identify elements that require classification.
The most important responsibilities derivative classifiers have is to observe and respect the original classification authority’s decision and to use only authorized sources to determine derivative classification.
The information in boxes like the one below is supplemental content that you may find useful; however, it will not be addressed in the course examination.
To understand derivative classification policies and procedures:
• Complete the online course: Derivative Classification • Complete the Marking Classified Information online training course offered by CDSE • Consult DoDM 5200.01, Volumes 1-4 and/or DoD 5220.22-M • Contact your government security official or Facility Security Officer (FSO)________
3. Policy Guidance
There are two primary sources of policy guidance for derivative classification.
Page 2
Derivative Classification Derivative Classification Basics
Student Guide
Within the Department of Defense, DoDM 5200.01, Volumes 1-4, Information Security Program, provides the basic guidance and regulatory requirements for the Department of Defense Information Security Program. For industry, DoD 5220.22-M, the National Information Security Program Operating Manual (NISPOM) contains information on derivative classification responsibilities.
How Does Derivative Classification Work?
1. Derivative Classification Concepts
So how do you determine whether the information contained in a new product is classified? As a derivative classifier, you are responsible for checking whether the content of the information already exists in one of the acceptable forms of classification guidance. If the guidance tells you the information in your new product is classified, you must classify and treat it as such. Note that for derivative classification purposes, the term "document" refers to any physical medium in or on which information is recorded or stored. This includes written or printed matter, audiovisual materials, and electromagnetic storage media. Let's take a closer look at these authorized sources for derivative classification.
2. Authorized Sources fo r Derivative Classification
To ensure that the original classification of information is maintained, derivative classifiers must use only authorized sources of classification guidance to derivatively classify information. While it might be tempting, derivative classifiers must not rely on their memories or general rules about classification.
There are only three authorized sources for derivative classification. The first source is a Security Classification Guide (SCG). An SCG is a collection of precise, comprehensive guidance about a specific program, system, operation, or weapon system telling what elements of information are classified. For each element of information, the SCG includes its classification level, the reasons for that classification, and information about when that classification will be downgraded or terminated. For this reason, SCGs are the primary source for derivative classification.
A second authorized source is an existing, properly marked source document from which information is extracted, paraphrased, restated, and/or generated in a new form for inclusion in another document. You must carry the classification of that existing material forward into your new end product.
The third authorized source is the DD Form 254, the DoD Contract Security Classification Specification. DD Form 254 provides classification guidance to contractors performing on classified contracts. It informs them of the level of information they will need to access, the required level of security clearance for access, and the performance requirements; for example, safeguarding and special security requirements.
These three sources are the only authorized sources for derivative classification. Any other source is unauthorized, and must not be used as the basis for derivative classification. Some examples of such unauthorized sources appear in the box below:
Page 5
Derivative Classification Derivative Classification Basics
Student Guide
Examples of unauthorized sources of classification:
0 Memory: "I remember that project was classified Secret 5 years ago, so it must be Secret now."
0 Unconfirmed source: "Someone told me this document can be declassified."
0 Just because: "I am going to classify this document Top Secret because that is how we have always done it."
0 Media/Internet: "I saw it on the news last night so it must be declassified."________
3. Process Overview
Derivative classifiers must carefully analyze the material they are classifying to determine what information it contains or reveals, and evaluate that information against the instructions provided by the classification guidance or the markings on source documents.
To perform that evaluation, derivative classifiers may use only authorized sources of guidance about the classification of the information in question.
If the authorized sources do not provide sufficient guidance, you may need to refer to other officials, such as the Security Manager or Original Classification Authority for DoD personnel, or the Facility Security Officer or Government Contracting Authority for contractors. Your chain-of-command or appropriate reporting channels will provide specific guidance about who you should consult.
In addition to assigning the appropriate classification level to information, derivative classifiers are also responsible for carrying forward guidance about when the classification of that information may be downgraded, and when it may be declassified altogether. This is an important part of the derivative classification task.
Every time information is classified, a determination must be made regarding how long the information will be protected. This is an essential part of the classification and declassification process. For derivatively classified information, the classifier must specify one of the following on the "Declassify on" line:
1. A specific date or event for declassification, within 25 years of the document’s origin; or
2. Absent a declassification instruction or other declassification guidance from the OCA, a calculated date 25 years from the date of the document’s origin; or
3. 25X1 through 25X9, and a specific date or event for declassification taken from the source document; or
4. 50X1-HUM or 50X2-WMD (Does not require a date or event for declassification)
5. An approved 75-year exemption (i.e., 75X2 through 75X9) with date or event for declassification
Page 4
Derivative Classification Derivative Classification Basics
Student Guide
Finally, once you have determined the derivative classification of the new material, you are responsible for marking it appropriately.
For information on marking, refer to DoDM 5200.01, Volumes 1-4, Information Security Program, and the Marking Classified Information web-based training course offered by the DSS CDSE.
Review Activity
Question 1
Which of the following is NOT a function of derivative classification? Select the best answer.
O Creating new classified materials from properly marked, existing classified source materials and marking them accordingly
O Making an initial determination that information requires protection against unauthorized disclosure in the interest of national security
O The process of extracting, paraphrasing, restating, or generating in a new form, information that is already classified
O Carrying forward the correct classification level for classified information used to generate new materials or documents
Question 2
Which of the following are authorized sources for derivative classification? Select all that apply.
□ Security Classification Guides (SCG) □ DoD 5220.22-M (NISPOM) □ Your level of expertise with the content □ DoDM 5200.01, Volumes 1-4 (Information Security Program) □ A properly marked classified source document □ DD Form 254 (Department of Defense Contract Security Classification
Specification) □ The Facility Security Officer (Industry) or Security Manager (DoD)
Page 5
Derivative Classification Derivative Classification Basics
Student Guide
Question 3
Select True or False for each statement.
True False Photocopying a Secret document and marking the photocopy Secret is derivative classification. O O
Only government officials may perform derivative classification. O O
Consulting your FSO or security manager is always the first step in the derivative classification process. O O
Derivative classifiers are responsible for analyzing and evaluating information to identify elements that require classification. O O
Lesson Conclusion
In this lesson, you learned about the importance of derivative classification and how it is different from original classification. You also learned about the responsibilities of derivative classifiers. You learned about the three authorized sources for derivatively classifying information, and you learned the basic process for derivatively classifying information.
Page 6
Derivative Classification Derivative Classification Basics
Student Guide
Answer Key
Question 1
Making an initial determination that information requires protection against unauthorized disclosure in the interest of national security describes original classification, not derivative classification.
Derivative classification involves all of the other listed activities: • Creating new classified materials from properly marked, existing classified
source materials and marking them accordingly • The process of extracting, paraphrasing, restating, or generating in a new form,
information that is already classified • Carrying forward the correct classification level for classified information used to
generate new materials or documents
Question 2
The only authorized sources for derivative classification are SCGs, properly marked classified source materials, and DD Form 254.
Question 3
True False Photocopying a Secret document and marking the photocopy Secret is derivative classification. o
•
Only government officials may perform derivative classification. o •
Consulting your FSO or security manager is always the first step in the derivative classification process. o
•
Derivative classifiers are responsible for analyzing and evaluating information to identify elements that require classification.
• o
Page 7
Classification Markings in This Document Are for Training Purposes Only
Student Guide
Course: Derivative Classification
Lesson: Classification Concepts
Introduction
Government and contractor personnel who extract, paraphrase, restate, or generate classified information in a new form are derivatively classifying the new content. When information is clearly identified as classified, it is marked as Top Secret, Secret, or Confidential. However, there are times in the derivative classification process when the classification of information is not clearly stated or obvious. This does not mean that the information is unclassified. Derivative classifiers must carefully analyze the material they are classifying to determine the information it contains or reveals and evaluate that information against authorized classification guidance.
Lesson Objectives
• Define and distinguish the differences in the concepts of "contained in,” "revealed by,” and "compilation"
• Recognize examples of "contained in” derivative classification based on various authorized sources
• Recognize examples of "revealed by” derivative classification based on various authorized sources
• Recognize examples of compilation of information derivative classification guided by authorized sources
Derivative Classification Terms and Concepts
1. Key Terms
There are different ways in which derivative classifiers can create new content from authorized sources. They can extract information, paraphrase or restate it, or generate that information in a new form. As part of their derivative classification responsibilities, they must correctly identify the classification level of the new material and mark it accordingly. It is important, therefore, to understand what each of these terms means.
• Extracting occurs when information is taken directly from an authorized classification guidance source and is stated verbatim in a new or different document.
Classification Markings in This Document Are for Training Purposes Only
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
• Paraphrasing or restating occurs when information is taken from an authorized source and is re-worded in a new or different document. Derivative classifiers must be careful when paraphrasing or restating information to ensure that the classification has not been changed in the process.
• Generating is when information is taken from an authorized source and generated into another form or medium, such as a video, DVD, or CD.
Understanding the different ways of incorporating existing classified information into new material is only part of the picture, however. There are three key classification concepts you will need to apply in order to correctly classify your newly created materials.
2. Concepts Overview
There are three key concepts that you can use to determine the classification level of the material you create. Your new material may include classified information that is contained in the classification guidance. Or, because of the way it is organized or structured, your new material may reveal classified information that did not specifically appear in the classification guidance used to create it. Finally, your new material may aggregate, or bring together, pieces of information that are unclassified, or have one classification level, but when you present them together it either renders the new information classified or changes its classification level. This is called compilation. Let's take a closer look at each of these concepts.
"Contained In"
1. Definition
The concept of "contained in" applies when derivative classifiers incorporate classified information from an authorized source into a new document, and no additional interpretation or analysis is needed to determine the classification of that information. In other words, when classified information in a new document is contained in the authorized source, the new document's classification is derived directly from the classification of that source. The concept of "contained in" can apply when the information is extracted word-for-word or when the information is paraphrased or restated from the existing content.
Classification Markings in This Document Are for Training Purposes Only
Page 2
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
2. Examples
Let's review some examples of how the "contained in" concept determines the derivative classification of a new document.
Properly Marked Source Document
New Document
(S) The length of the (S) The length of the course is two hours. ---------------------------------------► course is two hours.
In this example, the classification guidance is a properly marked source document. It contains classified information that has been extracted word-for-word into the new document. Because the information contained in the classification source was Secret, you must classify the new document Secret.
Let's look at another example:
Properly Marked Source Document
New Document
(S) The length of the (S) This course is course is two hours. normally two hours in
length.
Here, the information from the classified source is paraphrased and incorporated in the new document. Even though it is worded differently, the information in the new document is contained in the classified source, where it is Secret. Therefore, you must classify the new document Secret.
The "contained in" concept also applies to the use of an SCG. Sometimes, the guidance in an SCG may explicitly apply to the content you incorporate into a new document:
Security Classification Guide New Document
U C S TS Length of course
X (S) The length of the course is two hours.
This SCG provides that the information about the length of the course is classified Secret. Because you have stated this exact information in your new document, you must apply this Secret classification as dictated by the SCG.
Classification Markings in This Document Are for Training Purposes Only
Page 3
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
1. Definition
The concept of "revealed by" applies when derivative classifiers incorporate classified information from an authorized source into a new document that is not clearly or explicitly stated in the source document. However, a reader can deduce the classified information from the new document by performing some level of additional interpretation or analysis. In this sense, the classified nature of the information in the new document is revealed by analysis of its contents, so it will need to be marked in accordance with that classification.
2. Example
Let's look at some examples of how the classification of information can be revealed through analysis.
Properly Marked New Document Source Document
The properly marked source document contains some Secret information. Your new document does not contain that same information. However, the information in your new document will allow a reader to deduce the classified information.
If the first half of the course is one hour long, it follows that the second half would be the same length -- one hour. Since the course has two one-hour halves, it must be two hours long. This information is classified Secret according to the properly marked source document, so you must apply the same classification markings to the information in your new document.
"Revealed by"
(S) The length of the course is two hours.
(S) The firs t half of the course is one hour and will define derivative classification. The second half of the course will provide an opportunity to practice derivatively classifying information.
Classification Markings in This Document Are for Training Purposes Only
Page 4
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
The concept of "revealed by" also applies when you are using an SCG as classification guidance. You need to look at what information can be deduced from what you have included in your new material and check whether that information is itself listed as classified in an SCG:
Security Classification New Document Guide
U C S TS Length of course
X
(S) The firs t half of the course is one hour and will define derivative classification. The second half of the course will provide an opportunity to practice derivatively classifying information.
"Classification by Compilation"
1. Definition
Sometimes combining two or more pieces of unclassified information can result in an aggregate that is classified. This occurrence is called compilation, or aggregation.
Classification by compilation involves combining or associating unclassified individual elements of information with one classification level to reveal an additional association or relationship that warrants a classified level of protection. Classification by compilation is not the norm when derivatively classifying information. However, because of the risks involved, it is critical to refer to classification guidance, such as SCGs, to ensure otherwise unclassified information does not become classified when you use it in a new document.
There are some special procedures to follow whenever you classify information by compilation. First, you must place a clearly-worded explanation of the basis for classification by compilation on the face of the new document or include it in the text. You must also mark each element of information individually according to its classified content. This will allow subsequent derivative classifiers to use the individual elements at their original classification level.
Classification Markings in This Document Are for Training Purposes Only
Page 5
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
2. Examples
Let's look at an example of classification by compilation. You have two Theater-Wide Operation Failure Reports, both of which are unclassified. When you refer to the SCG below, you can verify this fact in row 3.3.2.8:
Security Classification Guide
U C S TS
3.3.2.8 Single theater-wide operation failure report, outage report, problem report, or investigation report
X
3.3.2.9 Compilation of two or more theater- wide operation failure reports, outage reports, problem reports, or investigation reports within the same document
X
Therefore, if you create a new document that mentions either report alone, that new document will also be unclassified. But the next row in the SCG indicates that if you compile two or more of the listed report types into a single document, the classification level changes.
Imagine you need to create an Investigation Report that summarizes the contents of two Theater-Wide Operation Failure reports:
(U) Theater-wide Operation Failure (U) Theater-wide Operation Failure Report Report
(U) Table of Contents (U) Table of Contents
(U) Introduction............................... 1 (U) Introduction............................... 1 (U) Theater-wide outrage report 2 (U) Theater-wide outrage report 2
When you aggregate these unclassified pieces of information in a new document, the SCG indicates that the information taken together should be classified as Secret.
Classification Markings in This Document Are for Training Purposes Only
Page 6
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
SECRET
(U) Investigation Report
(U) Table of Contents
(U) Introduction...............................................................1 (U)* Theater-wide outage report....................................2 (U)* Theater-wide problem report.................................. 3
*Note that the compilation of two or more theater-wide operation failure reports, outage reports, problem reports, or investigation reports within the same document is classified as Secret.
SECRET
Note that the individual pieces of information should still be marked unclassified, consistent with their original classification. You are also required to explain the basis for your classification by compilation. The note on the report above is one example of how you might do so. If you think classification by compilation applies to your situation, refer to your classification guidance. Although classification by compilation may be rare, some types of information are more likely to be subject to it. Here are some examples:
Example: Budget and Tables of Distribution
U C S TS 3.3.3.7 Budget X 3.3.3.8 Tables of Distribution X 3.3.3.9 Compilation of both budget and tables of distribution within the same document
X
Example: Staffing and Equipment Allowances
U C S TS 3.3.4.7 Staffing X 3.3.4.8 Equipment allowances X 3.3.4.9 Compilation of both staffing and equipment allowances within the same document
X
Classification Markings in This Document Are for Training Purposes Only
Page 7
Example: Mission and Geographic Location
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
U C S TS 3.3.2.7 Mission X 3.3.2.8 Geographic Location X 3.3.2.9 Compilation of both mission and geographic location within the same document
X
Seeking Further Guidance
1. When and Where to Seek Guidance
As a derivative classifier, it is important to use your subject matter expertise and classification knowledge when analyzing information. If the classification in the existing content seems incorrect or there is conflicting guidance from authorized sources, you are required to seek further guidance.
Remember, as a derivative classifier, you are not authorized to make original classification decisions. Only the cognizant original classification authority has that authority. Rather, your duty is to derivatively classify new documents based on classification guidance and to seek clarification or further direction when the classification guidance is in question.
Some issues may lead you to believe that an existing document is incorrectly marked. These include the level of classification, the duration of the classification, special control requirements, and outdated classification guidance. When there is a conflict between an existing document and an SCG, the SCG takes precedence.
When you are unsure of how to mark the new document, DoD employees should contact their security manager or OCA and contractor employees should contact their FSO or Government Contracting Authority. Your community will define the appropriate chain-of- command or channels for resolving such issues.
When in doubt, you should always seek additional guidance rather than guess or speculate how to mark the new document. Remember, your derivative classification determinations may have far-reaching effects on national security and the efficient use of resources.
Classification Markings in This Document Are for Training Purposes Only
Page 8
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
Review Activity
Question 1
Using the source document and the SCG, identify the concept used to determine the derivative classification of the new document.
o Contained in o Revealed by o Classification by compilation
New Document
(S) The firings will begin on October 3rd and end on November 24th.
Security Classification Guide
U C S TS
The unit will conduct test firings. X
Test firing dates X
Unit members are Jones, Williams, and Smith. X
Compilation of unit member names and fact that the unit will conduct test firings
X
Properly Marked Source Document
(S) Test firings will begin 3 October and end 24 November.
(U) The unit will conduct test firings.
(U) Unit members are Jones, Williams, and Smith.
Classification Markings in This Document Are for Training Purposes Only
Page 9
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
Question 2
Using the source document and the SCG, identify the concept used to determine the derivative classification of the new document.
o Contained in o Revealed by o Classification by compilation
New Document
(S) Jones is unavailable because her unit is conducting test firings.
Security Classification Guide
U C S TS
The unit will conduct test firings. X
Test firing dates X
Unit members are Jones, Williams, and Smith. X
Compilation of unit member names and fact that the unit will conduct test firings
X
Properly Marked Source Document
(S) Test firings will begin 3 October and end 24 November.
(U) The unit will conduct test firings.
(U) Unit members are Jones, Williams, and Smith.
Classification Markings in This Document Are for Training Purposes Only
Page 10
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
Question 3
Using the source document and the SCG, identify the concept used to determine the derivative classification of the new document.
o Contained in o Revealed by o Classification by compilation
New Document
(S) Unit members cannot attend training while they conduct test firings. Unit members must attend training before 2 October or after 24 November.
Security Classification Guide
U C S TS
The unit will conduct test firings. X
Test firing dates X
Unit members are Jones, Williams, and Smith. X
Compilation of unit member names and fact that the unit will conduct test firings
X
Properly Marked Source Document
(S) Test firings will begin 3 October and end 24 November.
(U) The unit will conduct test firings.
(U) Unit members are Jones, Williams, and Smith.
Classification Markings in This Document Are for Training Purposes Only
Page 11
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
Lesson Conclusion
In this lesson, you learned about the key concepts in derivative classification: contained in, revealed by, and classification by compilation.
Contained in: Definition: Incorporating classified information from an authorized source of classification guidance into a new document
• No additional interpretation/analysis needed to deduce classification Revealed by: Definition: Incorporating classified information into a new document that is
NOT clearly stated in an authorized source of classification guidance
• Additional interpretation or analysis needed to deduce the classification Compilation: Definition: combining or associating individually unclassified information to
reveal information that is classified
Requirements: • Explain the basis for classification by compilation on the face of the document or in the text • Mark each portion individually according to its classified content
You also learned about when and where to seek additional guidance when performing derivative classification.
Classification Markings in This Document Are for Training Purposes Only
Page 12
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
Answer Key
Question 1
The classified information is contained in the existing document and has been paraphrased in the new document. The SCG identifies the test firing dates as Secret information. No additional interpretation was needed to identify this information's classification.
Question 2
Both pieces of information are unclassified on their own, but together, they are classified by compilation. The SCG identifies the compilation of the unit members' names and the fact that the unit is conducting test firing as Secret information.
Question 3
The classification is revealed by analyzing the information. The SCG identifies the test firing dates as Secret information. By analyzing the information in the new content, the reader is able to deduce that test firing will occur between 3 October and 24 November.
Classification Markings in This Document Are for Training Purposes Only
Page 13
Student Guide
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
Course: Derivative Classification
Lesson: Practical Exercise
Introduction
In this lesson, you will practice how to derivatively classify a document. As you complete the practical exercise, use what you have learned about classification concepts, authorized sources, and the process for derivatively classifying documents.
As you complete each activity, you can check your answers in the Answer Key at the end of this Student Guide.
Lesson Objectives
• Practice derivatively classifying a document • Apply classification concepts • Identify authorized sources • Follow the derivative classification process
Classification Markings in This Document Are for Training Purposes Only
Page 14
Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____
Scenario 1
Your office is tasked with recording meeting minutes for a new series of planning meetings. You must prepare and forward the minutes, along with the Commander's comments, to staff Department Heads and Special Assistants. Below you will see a series of questions about the classification of the new document you are creating.
There are two sources of classification guidance for you to use to determine the classification of your new document, the source document that you received at the first planning meeting and the Security Classification Guide (SCG).
Properly Marked Source Document:
SECRET
1. (S) This announcement declares the intent to hold a series of internal planning meetings in support of exercise OBSCURE NIMBUS XX, which is being hosted by Pandora Naval Station (PNS) and scheduled to take place from 15-25 March 20XX. The first planning meeting will be held on 14 August 20XX in the Rocky Oaks Conference Center. LT Herman Lukowicz, Administration Officer, will serve as point of contact.
2. (C) Attendance at this initial planning meeting will be limited to PNS Administration, Operations, Training, Maintenance, and Supply Department Heads. The next meeting will be held at the PNS Training Facility, Bldg. 112. Attendance will include all Department Heads, their key personnel, and Special Assistants.
SECRET
Classification Markings in This Document Are for Training Purposes Only
Page 2
Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____
Security Classification Guide:
U C S TS
Intent to hold series of internal planning meetings X
Name of exercise is OBSCURE NIMBUS X
PNS is hosting meetings X
Exercise dates X Attendance limited to PNS Administration, Operations, Training, Maintenance, Supply Department Heads
X
Future meeting location X
Future meeting attendees X
Compilation of future meeting attendees and meeting dates X
Point of contact's name X
Classification Markings in This Document Are for Training Purposes Only
Page 3
Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____
1. Activity 1
Derivative Document:
1. (_) The planning meeting tomorrow for exercise OBSCURE NIMBUS XX was held on 14 August 20XX. Target audience was present, participative, resourceful, and enthusiastic. The groundwork for this year’s exercise scheduled for 15-25 March 20XX has been positively established and meeting minutes are forwarded as enclosure (1).
2. (_) My point of contact in this matter is LT Herman Lukowicz, Administration Officer.
3. (_) The next planning meeting will be held at the PNS Training _______Facility, Bldg. 112, to continue planning for the exercise._______
Question 1
What is the correct portion marking for Paragraph 1 in the derivative document?
o Unclassified o Confidential o Secret o Top Secret
Question 2
What is the correct portion marking for Paragraph 2 in the derivative document?
o Unclassified o Confidential o Secret o Top Secret
Question 3
What is the correct portion marking for Paragraph 3 in the derivative document?
o Unclassified o Confidential o Secret o Top Secret
Classification Markings in This Document Are for Training Purposes Only
Page 4
Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____
2. Activ ity 2
Refer to the source document and the SCG above to answer the following questions:
Your SCG and your properly marked source document both indicate that the exercise name is classified as Secret. LT Lukowicz, however, tells you that the exercise name has been recently declassified. Which source(s) should you use to derivatively classify the material?
O LT Lukowicz o SCG and properly marked source document
Classification Markings in This Document Are for Training Purposes Only
Page 5
Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____
3. Activ ity 3
Use these sources of classification guidance to answer the question below.
Properly Marked Source Document
SECRET
1. (S) This announcement declares the intent to hold a series of internal planning meetings in support of exercise OBSCURE NIMBUS XX, which is being hosted by Pandora Naval Station (PNS) and scheduled to take place from 15-25 March 20XX. The first planning meeting will be held on 14 August 20XX in the Rocky Oaks Conference Center. LT Herman Lukowicz, Administration Officer will serve as point of contact.
2. (C) Attendance at this initial planning meeting will be limited to PNS Administration, Operations, Training, Maintenance, and Supply Department Heads. The next meeting will be held at the PNS Training Facility, Bldg. 112. Attendance will include all Department Heads, their key personnel, and Special Assistants.
SECRET
Security Classification Guide:
U C S TS
Intent to hold series of internal planning meetings X
Name of exercise is OBSCURE NIMBUS X
PNS is hosting meetings X
Exercise dates X
Attendance limited to PNS Administration, Operations, Training, Maintenance, Supply Department Heads X
Future meeting location X
Future meeting attendees X
Compilation of future meeting attendees and meeting dates X
Point of contact's name X
If your SCG states the exercise name is Secret but your properly marked source document states the exercise name is unclassified, which source should you use to derivatively classify the material?
o Properly marked source document o SCG
Classification Markings in This Document Are for Training Purposes Only
Page 6
Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____
Scenario 2 After receiving a classified document, your office is required to issue a letter outlining personnel movement information. In the following activities, you will see a series of questions about the classification of the new document you are creating. You will have two authorized sources of classification guidance available to you. You will, of course, have the properly marked source document, and you will also have a Security Classification Guide. Use both of these authorized sources to help you answer the questions.
_____ Properly Marked Source Document:________________________________________________ SECRET
(S) Personnel from the 7Reconnaissance Force will be participating in joint exercise EVERLASTING HEADACHE from 17 October to 9 November 20XX. They are scheduled to arrive in theater on 16 October 20XX.
(C) Transportation will be provided by the U.S. Air Force, operating AMC flight 8027, a C-337.
(U) The fight is scheduled to depart from Whetstone Air Force Base, Vermont on 15 October 20XX. Estimated time of departure is 0430.
(U) The flight will arrive at Stanislaus Air Force Base, Germany.
(U) The participants will be advised of their return itinerary on the last day of the exercise.
SECRET
Security Classification Guide:
U C S TS
In theater arrival dates X
Joint exercise name X
Joint exercise dates X
Name of departure Air Force Base X
Name of arrival Air Force Base X
Compilation of departure and arrival Air Force Bases X
Flight number X
Exercise participants X
Compilation of flight number and exercise participants X
Type of aircraft used for flight X
Classification Markings in This Document Are for Training Purposes Only
Page 7
Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____
The document below is your draft letter. In the following activities, you will analyze and classify each paragraph.
Derivative Document:
(__) Request transportation assistance for a joint exercise from Whetstone Air Force Base, Vermont, to Stanislaus Air Force Base, Germany.
(__) Personnel from the 7th Reconnaissance Force must arrive in theater on 16 October 20XX.
( ) The 7th Reconnaissance Force must arrive on AMC scheduled flight 8027, a C-337.
(__) The exercise begins 17 October 20XX and will continue for twenty-four days. Request assistance for return transportation on the day following exercise completion._____________________________________________
1. Activ ity 1
What classification concept would you use to determine the correct marking for the first paragraph of your derivatively classified letter?
(__) Request transportation assistance for a joint exercise from Whetstone Air Force Base, Vermont, to Stanislaus Air Force Base, Germany.
o Compilation o Revealed by o Contained in
2. Activ ity 2
What is the classification for the first paragraph of your derivatively classified letter?
(__) Request transportation assistance for a joint exercise from Whetstone Air Force Base, Vermont, to Stanislaus Air Force Base, Germany._______
o Unclassified o Confidential o Secret o Top Secret
Classification Markings in This Document Are for Training Purposes Only
Page 8
Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____
3. Activ ity 3
What classification concept would you use to determine the correct marking for the second paragraph of your derivatively classified letter?
( ) Personnel from the 7th Reconnaissance Force must arrive in theater on 16 October 20XX.
o Compilation o Revealed by o Contained in
4. Activ ity 4
What is the classification for the second paragraph of your derivatively classified letter?
( ) Personnel from the 7th Reconnaissance Force must arrive in theater on 16 October 20XX.
o Unclassified o Confidential o Secret o Top Secret
5. Activ ity 5
What classification concept would you use to determine the correct marking for the third paragraph of your derivatively classified letter?
(__) The 7th Reconnaissance Force must arrive on AMC scheduled flight 8027, a C-337._____________________________________________
o Compilation o Revealed by o Contained in
Classification Markings in This Document Are for Training Purposes Only
Page 9
Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____
6. Activ ity 6
What is the classification for the third paragraph of your derivatively classified letter?
( ) The 7th Reconnaissance Force must arrive on AMC scheduled flight 8027, a C-337.____________________________________________
o Unclassified o Confidential o Secret o Top Secret
7. Activity 7
What classification concept would you use to determine the correct marking for the last paragraph of your derivatively classified letter?
(__) The exercise begins on 17 October 20XX and will continue for twenty-four days. Request assistance for return transportation on the day following exercise completion._______________________________
o Compilation o Revealed by o Contained in
8. Activ ity 8
What is the classification for the last paragraph of your derivatively classified letter?
(__) The exercise begins on 17 October 20XX and will continue for twenty-four days. Request assistance for return transportation on the following day following exercise completion._______________________
o Unclassified o Confidential o Secret o Top Secret
Classification Markings in This Document Are for Training Purposes Only
Page 10
Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____
9. Activ ity 9
Which of the following methods would you use to determine classification of this paragraph?
(__) Personnel from the 7th Reconnaissance Force will be participating in joint exercise EVERLASTING HEADACHE from 17 October to 9 November 20XX. They are scheduled to arrive in theater on 16 October 20XX.
o Seek guidance from an appropriate authority (e.g., Security Manager, OCA, FSO, or GCA)
o Ask LT Lukowicz to mark the document o Use the classification indicated in the SCG o Use your subject matter expertise and experience to create the original
classification
10. Activ ity 10
If the SCG was not available, how would you determine classification? Select the best response.
(__) Personnel from the 7th Reconnaissance Force will be participating in joint exercise EVERLASTING HEADACHE from 17 October to 9 November 20XX. They are scheduled to arrive in theater on 16 October 20XX.
o Seek guidance from an appropriate authority (e.g., Security Manager, OCA, FSO, or GCA)
o Ask LT Lukowicz to mark the document o Use the properly marked source document o Use your subject matter expertise and experience to create the original
classification
Summary
Congratulations! You have completed the Practical Exercise for the Derivative Classification course.
Classification Markings in This Document Are for Training Purposes Only
Page 11
Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____
Answer Key
Scenario 1
1. Activ ity 1
Question 1 The information in this paragraph is contained in the existing document, where it is marked Secret. The s Cg confirms this classification, so it should be marked Secret in the derivative document.
Question 2
The SCG indicates the point of contact’s name is unclassified.
Question 3
The information in this paragraph is restating information classified as confidential in the existing document and the SCG.
2. Activ ity 2
You should use only authorized sources of classification guidance (SCG and properly marked source document) to classify the exercise name as Secret. LT Lukowicz is not an authorized source; however, you should research his disclosure through appropriate channels.
3. Activ ity 3
When there is a conflict between authorized sources, the SCG takes precedence over a properly marked existing document. You should, however, call attention to the inconsistency between the authorized sources of guidance.
Scenario 2
1. Activ ity 1
Based on the SCG, compilation is required to determine the classification. When combined or associated, these elements of information warrant classification.
2. Activ ity 2 Based on the SCG, compilation of departure and arrival Air Force Bases is Confidential.
Classification Markings in This Document Are for Training Purposes Only
Page 12
Derivative Classification Student Guide Classification Concepts ______Classification Markings in This Document Are for Training Purposes Only_____
3. Activ ity 3
Based on the properly marked source document, the in-theater arrival date can be determined without further interpretation or analysis; it is contained in the document.
4. Activ ity 4
Based on the properly marked source document, the in-theater arrival date is Secret.
5. Activ ity 5
Based on the SCG, compilation is required to determine the classification. When combined or associated, these elements of information warrant a higher classification.
6. Activ ity 6
Based on the SCG, compilation of exercise attendees and flight number is Secret.
7. Activ ity 7 Based on the properly marked source document, the information is not clearly stated, but can be determined by calculating the start date and number of days. This information is "revealed by" analysis of the information presented.
8. Activ ity 8
The SCG indicates that the exercise dates are Secret.
9. Activ ity 9 When a properly marked, existing source document is unclear or conflicts with an SCG, use the classification indicated in the SCG.
10. Activ ity 10 You should ask your Security Manager, OCA, FSO, or GCA for guidance. LT Lukowicz is not an authorized source and the existing source document does not contain sufficient markings. Derivative classifiers are not authorized to make original classification decisions.
Classification Markings in This Document Are for Training Purposes Only
Page 13
Student Guide
Course: Derivative Classification
Lesson: Course Conclusion
Course Summary
Protecting classified information from disclosure is a critical responsibility of the individuals who work with it. Whenever new classified documents or materials are derived from an authorized source of classification guidance, derivative classifiers are responsible for ensuring the information is accurately identified. This course taught you about the resources you must use and the processes you must follow to properly perform derivative classification.
Lesson Review
Here is a list of the lessons in the course:
• Course Introduction • Derivative Classification Basics • Classification Concepts • Practical Exercise • Course Conclusion
Course Objectives
You should now be able to:
V Identify the responsibilities associated with derivatively classifying Information V Identify the process and methods for derivatively classifying information V Identify authorized sources to use when derivatively classifying information V Applying authorized sources, derivatively classify information based on the
concepts of "contained in,” "revealed by,” and "compilation"
Conclusion
Congratulations. You have completed the Derivative Classification Course. To receive credit for this course, you must take the Derivative Classification Examination. Please use the DSS CDSE STEPP system to register for the on-line exam.
Derivative Classification Course Glossary
Glossary
Course: Derivative Classification
Access: The ability and opportunity to gain knowledge of classified information.
Classification: The act or process by which information is determined to be classified information.
Classifier: An individual who makes a classification determination and applies a security classification to information or material. A classifier may be an original classification authority or a person who derivatively assigns a security classification based on a properly marked classified source or a classification guide.
Classified National Security Information or “ Classified Information” : Information that has been determined, pursuant to Executive Order 13526 or any predecessor order, or pursuant to the Atomic Energy Act of 1954, to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.
Classification Guidance: Is an authorized source of classification guidance. Within DoD there are three authorized sources for classification guidance: The Security Classification Guide (SCG), a properly marked source document, and the DD Form 254.
Classification Guide: Also referred to as a Security Classification Guide (SCG). A document issued by an authorized original classifier that identifies the elements of information regarding a specific subject that must be classified and establishes the level and duration of classification for each such element. A SCG is a collection of precise, comprehensive guidance about a specific program, system, operation, or weapon system telling what elements of information are classified. For each element of information, the SCG includes its classification level, the reasons for that classification, and the downgrading/duration of classification.
Cognizant Security Agencies (CSAs): Agencies of the Executive Branch that have been authorized by Executive Order 12829 to establish an industrial security program to safeguard classified information under the jurisdiction of these agencies when disclosed or released to U.S. Industry. These agencies are: The Department of Defense, Department of Energy, Central Intelligence Agency, and Nuclear Regulatory Commission.
Cognizant Security Office (CSO): The organizational entity delegated by the head of a CSA to administer industrial security on behalf of the CSA.
Compilation: The concept also know as aggregation, which involves combining or associating individually, unclassified information which reveals an additional association or relationship that warrants protection as classified information. This concept also applies to elements of information classified as a lower level which become classified at a higher level when combined.
Compromise: An unauthorized disclosure of information.
Page 1
Derivative Classification Course Glossary
Confidential: The classification level applied to information, the unauthorized disclosure of which reasonable could be expected to cause damage to the national security that the original classification authority is able to identify or describe.
Contained in: The concept that refers to the process of extracting classified information as it is stated in an authorized source of classification guidance without the need for additional interpretation or analysis, and incorporating this information into a new document.
DD Form 254, (Department of Defense Security Classification Specification): This form provides classification guidance to contractors performing on classified contracts. It informs them of the level of information they will need to access, the required level of security clearance for access, and the performance requirements to include safeguarding, special security requirements, etc. This form is an authorized source of classification used by derivative classifiers.
Damage to the National Security: Harm to the national defense or foreign relations of the United States from the unauthorized disclosure of information.
Declassification: The authorized change in the status of information from classified information to unclassified information.
Derivative Classification: The process of determining whether information has already been originally classified and, if it has, ensuring that it continues to be identified as classified by marking or similar means when included in newly created material.
Derivative Classifier: The individual responsible for ensuring that they apply the highest possible level of security classification when derivatively classifying information. These individuals bear the principal responsibility for the accuracy of the derivative classification.
DoD 5200.1-R, Department of Defense Industrial Security Program: The Regulation that implements Executive Order 12958, as amended “Classified National Security Information,” and associated OMB directives within the DoD. It applies to all Components of the DoD. It establishes the DoD Information Security Program to promote proper and effective classification, protection, and downgrading of official information requiring protection in the interest of the national security. It also promotes the declassification of information no longer requiring such protection.
DoD 5220.22-M, National Information Security Program Operating Manual (NISPOM): The manual issued in accordance with the National Industrial Security Program that prescribes the requirements, restrictions, and other safeguards to prevent unauthorized disclosure of classified of information.
Downgrading: A determination that information classified at a specific level shall be classified at a lower level.
Duration of Classification: A determination made by an original classifier, at the time of original classification, on the length of time information will require protection of security classification.
Page 2
Derivative Classification Course Glossary
Extract: Taking information directly from an authorized source of classification guidance and stating it verbatim in a new or different document.
Facility Security O fficer (FSO): A U.S. citizen employee, appointed by a contractor who will supervise and direct security measures necessary for implementing the NISPOM and other Federal requirements for classified information.
Generate: Taking information from an authorized source of classification guidance and using it in another form or media.
Government Contracting Activ ity (GCA): An element of an agency designated by the agency head and delegated broad authority regarding acquisition functions.
Information: Any knowledge that can be communicated or documentary material that is owned by, produced by or for, or is under the control of the United States Government. "Control” means the authority of the Agency that originates information, or its successor in function, to regulate access to the information.
Information Security: The result of any system of administrative policies and procedures for identifying, controlling, and protecting from unauthorized disclosure, information the protection of which is authorized by executive order.
Marking: The principal means to inform holders of classified information about specific protection requirements for that information. Marking and designation of classified information are the specific responsibility of original and derivative classifiers.
Multiple Sources: Two or more source documents, classification guides, or a combination of both.
Need-to-Know (NTK): A determination made by an authorized holder of classified information that a prospective recipient requires access to specific classified information in order to perform or assist in a lawful and authorized governmental function.
National Security: The national defense or foreign relations of the United States
Original Classification: An initial determination that information requires, in the interest of national security, protection against unauthorized disclosure.
Original Classification Authority: An individual authorized in writing, either by the President, or by Agency Heads or other officials designated by the President, to originally classify information.
Paraphrase/Restate: Taking information from an authorized source of classification guidance and re-wording it in a new or different document.
Regrade: To raise or lower the classification assigned to an item of information.
Revealed by: The concept applied when derivative classifiers incorporate classified information from an authorized source of classification guidance into a new document, which is not clearly or explicitly stated in the source document.
Page 3
Derivative Classification Course Glossary
Safeguarding: Measures and controls that are prescribed to protect classified information.
Secret: The classification level applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to national security that the original classification is able to identify or describe.
Security Classification Guide (SCG): Also referred to as a Classification Guide. A document issued by an authorized original classifier that identifies the elements of information regarding a specific subject that must be classified and establishes the level and duration of classification for each such element. A SCG is a collection of precise, comprehensive guidance about a specific program, system, operation, or weapon system telling what elements of information are classified. For each element of information, the SCG includes its classification level, the reasons for that classification, and the downgrading/duration of classification.
Source Document: An authorized source of classification used by a derivative classifier, from which information is extracted, paraphrased, restated, and/or generated in a new form for inclusion in another document.
Top Secret: The classification level applied to information, the unauthorized disclosure of which reasonable could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe.
Unauthorized disclosure: A communication or physical transfer of classified information to an unauthorized recipient.
Page 4
Developing a Security Education and Training Program Student Guide
Student Guide
Course: Developing a Security Education and Training Program
Lessonl: Course Introduction
1. Course Information
Purpose Provide a thorough understanding of the DoD and National Industrial Security Program (NISP) policy requirements and best practices and instructional methods for developing and implementing a security education and training program.
Audience Military, civilian, and contractor security professionals and practitioners who have responsibility for developing and maintaining a security education and training program.
POC InformationSecurity.Training@dss.mil IndustrialSecurity.Training@dss.mil PersonnelSecurity.Training@dss.mil
Pass/Fail % 75%
2. Course Overview
Working with classified information carries significant responsibilities. Organizations and individuals who handle classified information are charged with keeping it safe from accidental or intentional compromise. As an employee responsible for managing a security program, you have a special duty to ensure that every individual in your organization is aware of their responsibilities in safeguarding classified information.
In this course you will learn not only the policy requirements for a security education program, but also some best practices for developing and implementing such a program and the variety of instructional strategies and methods available.
3. Course Objectives
• Identify the purpose of a security education and training program • Identify security education and training policy requirements for DoD and Industry
personnel • Identify key security briefing types and define their scope • Identify strategies for gaining management support for your security education and
training program • Identify the steps involved in establishing a training strategy • Identify methods for delivering security training • Identify strategies for motivating individuals to perform their security duties and meet
their responsibilities • Identify key activities involved in maintaining a security education and training program
page 1
mailto:InformationSecurity.Training@dss.mil
mailto:IndustrialSecurity.Training@dss.mil
mailto:PersonnelSecurity.Training@dss.mil
Developing a Security Education and Training Program Student Guide
4. Course Structure
This course is organized into the lessons listed here: • Course Introduction • Introduction to Security Education and Training Requirements • Basic Security Briefing Requirements • Special Briefings and Other Training • Developing an Effective Security Education Program • Course Conclusion
page 2
Developing a Security Education and Training Program Student Guide
Lesson 2: Introduction to Security Education and Training Requirements
Introduction
1. Objectives
Because protecting classified information from improper disclosure is so critical, there are specific policies and procedures requiring education and training of personnel who have access to, or may come in contact with classified information.
Here are the lesson objectives. Take a moment to review them.
• Identify the purpose of a security education and training program • Identify security education and training policy requirements for Industry and DoD personnel
Why Security Education
1. The Importance of Security Education
C hris tophe r Boyce, R obert H a n sse n , D av id B o on e , A ld rich Am es, A na Montes, J a m e s N icho lson, Jona than P o lla rd , J e rry W hitw orth , R ona ld P e lton , John Walker, C lyd e C onrad.
What do all of these people have in common? They were all American citizens with authorized access to classified information and were arrested for espionage. They worked in offices and facilities just like yours.
Ahmed Fathy Mehalba, an Arabic translator at Guantanamo Bay, exploited lax physical security practices at Guantanamo Bay by copying and removing 386 classified documents from the facility, which did not regularly perform bag or computer searches.
Internal traitors exploit weaknesses in safeguarding practices designed to protect classified information. The importance of security awareness and vigilance on the part of personnel cannot be overemphasized. It helps to detect internal and external threats and vulnerabilities ultimately assisting in preventing security breaches. It is only when all employees are vigilant and aware, that these spies can be caught early, before they cause irreparable damage to national security.
This is why security education and training is so important. As a security educator, you must ensure that employees are aware of their obligations to protect classified information, the policies they must follow to do so, and the threat that exists all around them, so as to prevent potential security breaches.
page 3
Developing a Security Education and Training Program Student Guide
Who might the next spy be? Your office mate? One of your friends? Someone in your family?
2. W hat Is Security Education?
In order to develop an effective security education and training program, it is essential to have a strong understanding of what security education and training is and what it should achieve. There are, of course, regulatory requirements that outline what must be covered in such a program, and we will cover those requirements throughout this course. But it is also a valuable exercise for individuals responsible for providing security education and training to reflect on its purpose.
Security education is any activity undertaken to ensure that people have the skills, knowledge, and information to enable quality performance of security functions and responsibilities, understand security program policies and requirements, and maintain continued awareness of security requirements and intelligence threats. An effective security education and training program enables cleared personnel to protect classified national security information and meet their security responsibilities.
The success of such a program depends on four components: training, which instructs personnel in their specific security responsibilities, education, which informs personnel about underlying rationale and importance of those responsibilities, and awareness, which ensures that personnel remain continuously alert to security threats and vulnerabilities. Underlying all these components is motivation, or what instills in personnel a desire and commitment to be proactive in the execution of their security responsibilities. These four components—training, education, awareness and motivation—form the word TEAM.
a. Goals
The goals of a security education and training program are many. The most important outcome of effective security education is that it safeguards national security and protects the warfighter by improving the quality of the security program.
More specifically, security education and training makes personnel aware of their responsibilities and of the penalties and consequences of noncompliance. Security education should also communicate threats to classified and sensitive information, promote security best practices and security awareness, and provide guidance on how to apply security requirements.
Perhaps most overlooked, a truly successful security education and training program will also attempt to dispel any negative attitudes and debunk any myths personnel hold in regards to security requirements.
page 4
Developing a Security Education and Training Program Student Guide
Regulatory Basis
1. Nondisclosure of Classified Information
The overarching legal requirement for security education appears in three executive orders: Executive Order 13526, which prescribes the "uniform system for classifying, safeguarding, and declassifying national security information;" Executive Order 12968, Access to Classified Information, the national level policy that identifies the requirement for Employee Education and Assistance; and Executive Order 12829, upon which the National Industrial Security Program is based.
Executive Order 13526 mandates that for individuals to gain access to classified information, they must meet three criteria: First, the individual must have been granted a security clearance at the level of classification of the information to be accessed. Second, the individual must sign Standard Form 312, or SF-312, also known as the Classified Information Nondisclosure Agreement. Third, the individual must have a need-to-know the information.
Prior to signing SF-312, the individual must receive a security briefing on the nature and protection of classified information. This briefing may either occur during the individual's initial briefing or upon receiving clearance, as long as the form is signed prior to access to classified information. The Information Security Oversight Office, or ISOO, provides a briefing booklet with all of the information that should be covered in this initial security indoctrination. There are special requirements for those who require access to Top Secret information, Special Access Programs (SAP).
a. Oral Attestation of Nondisclosure
Individuals granted access to a Top Secret Special Access Program must sign the SF- 312 Form and, in addition, must attest orally to their responsibility to safeguard classified information. This applies to both DoD civilian and military personnel and to Industry under DFARS Part 252.204-7005 Oral Attestation of Security Responsibilities, when this requirement is included in a contract.
In taking the oath, individuals acknowledge their obligation to specially safeguard TOP SECRET SAP information. The presiding official ensures that the date the attestation is completed is recorded in the Organization block in Item 11 of the SF-312.
The individual making the attestation completes Item 11 of the SF-312, and the witness and presiding official sign the Witness and Acceptance blocks, respectively. Contractor personnel mail their signed SF-312 to the Department of Defense Central Adjudications Facility.
page 5
Developing a Security Education and Training Program Student Guide
2. Security Education and Training Requirements As you learned, there are three Executive Orders that provide the legal requirement for security education. Executive Order 13526 mandates that every person who receives a favorable determination of eligibility for access receive training on the proper safeguarding of classified information and the sanctions imposed on those who fail to appropriately protect such information. Additionally, it authorizes the Director of the Information Security Office, under the direction of the Archivist and in consultation with the Assistance to the President for National Security Affairs, to establish standards for agency security education and training programs. The order also lays out the requirement for agency heads to designate senior agency officials to establish and maintain these programs.
Executive Order 12968, Access to Classified Information, requires that agency heads educate employees about their individual responsibilities for handling classified information and inform them about issues that may affect their eligibility for access to classified information. The Department of Defense has implemented these requirements in two regulations: DoD Manual 5200.01, Volumes 1-4, the DoD Information Security Program, and DoD 5200.2-R, the Personnel Security Program.
Executive Order 12829 mandates special requirements for contractors as laid out in DoD 5220.22-M, the National Industrial Security Program Operating Manual (NISPOM). While the requirements for DoD and industry are similar, and in many cases identical, some of the terminology is distinct, and there are policy differences. Throughout this course you may assume that requirements apply to both DoD and industry unless indicated otherwise.
a. D oD R e q u ire m e n ts DoDM 5200.01, the DoD Information Security Program, which mandates security training for individuals with access to classified information, and DoD 5200.2-R, the Personnel Security Program, which includes the security education and training requirements for DoD personnel, describe the briefings required for DoD personnel who have access to or may come into contact with classified information.
Information Security Program, Chapter 9: Security Education and Training • Initial Orientation • Special Requirements • Continuing Security Education/Refresher Training • Termination Briefings • Program Oversight
Personnel Security Program, Section 9.2: Security Education • Initial Briefings • Refresher Briefing • Foreign Travel Briefing • Termination Briefing
page 6
Developing a Security Education and Training Program Student Guide
Each of these briefings will be discussed in detail later in this course. In addition to the basic briefings listed here, this course will also discuss security briefings required under special circumstances.
b. Industry Requirements
A signed DO Form 441 is required for any company entering into a contract to provide the U.S. Government with supplies or services affecting national security and requiring access to classified information. The DO Form 441 obligates the contractor to develop and maintain an effective security program in accordance with the NISPOM.
The NISPOM describes the security education and training requirements for contractors.
NISPOM, Chapter 3: Security Training and Briefings • FSO Training • Initial Security Briefings • Refresher Training • Debriefings
Each of these required briefings will be discussed in detail later in this course. In addition to the basic briefings listed here, this course will also discuss security briefings required under special circumstances.
Review Activity 1
Which of the following are goals of ongoing security education and training? Select all that apply then check your answers in the Answer Key at the end of this Student Guide.
Safeguard national security
Punish personnel who violate security policies and procedures Prevent personnel from learning
of threats to classified information Dispel negative attitudes and perceptions regarding security
practices Provide guidance on how to apply security requirements
Inform personnel of the penalties and consequences of noncompliance
Eliminate the need for formal security briefings
page 7
Developing a Security Education and Training Program Student Guide
Review Activity 2
S ee w he th e r yo u can rem em be r the pu rpo ses o f these im portan t p o lic y docum ents . M atch each docum en t on the le ft to its m atch ing descrip tion on the righ t. T hen c h e c k y o u r answ ers in the A n sw e r K e y a t the end of th is S tuden t G u ide . A. NISPOM Contractual agreement establishing industry’s security responsibility
B. DOD 5200.2-R The manual that includes the security education requirements for industry
C. DoDM 5200.01 The form all personnel must sign to access classified information
D. DD Form 441 Regulation mandating training prior to access to classified information
E. SF-312 The overarching policy that mandates security education
F. E.O. 12968 Regulation mandating security education for DoD employees
Lesson Conclusion
1. Summary
In this lesson, you learned about the purpose and importance of security education and training. You also learned about the policy documents that mandate security education and of the key goals for a security education and training program.
a. Security Education • Establishes, enhances, and maintains quality security programs • Mandated by E.O. 13526 and E.O. 12968 • Implemented in DoDM 5200.01, Volumes 1-4 and DoD 5200.2-R for DoD personnel • Implemented in the NISPOM for Industry • Required prior to signing of SF-312
b. Key Goals
• Safeguard national security • Protect the warfighter • Improve the quality of security programs • Communicate threats to classified and sensitive information • Promote security best practices • Promote security awareness
page 8
Developing a Security Education and Training Program Student Guide
• Provide guidance on how to apply security requirements • Dispel negative attitudes and perceptions
Answer Key
Review Activity 1
Safeguard national security
Dispel negative attitudes and perceptions regarding security
practices Provide guidance on how to apply security requirements
Inform personnel of the penalties and consequences of noncompliance
Review Activity 2
A. NISPOM security responsibility B. DoD 5200.2-R requirements for industry C. DoDM 5200.01 classified information D. DD Form 441 classified information E. SF-312 education F. E.O. 12968 DoD employees
page 9
D. Contractual agreement establishing industry’s
A. The manual that includes the security education
E. The form all personnel must sign to access
B. Requlation manadating training prior to access to
F. The overarching policy that mandates security
C. Regulation mandating security education for
Developing a Security Education and Training Program Student Guide
Lesson 3: Basic Security Briefing Requirements
Introduction
Objectives
The DoD Manual 5200.01, Volumes 1-4, the DoD 5200.2-R, and the National Industrial Security Program Operating Manual (NISPOM) outline several required security briefings: an initial briefing, refresher training and continuing security education, and a termination briefing or debriefing.
The main audiences of these briefings, and indeed the security program as a whole, are cleared employees of the DoD and Industry, though certain briefings may also be appropriate for uncleared personnel. The requirements for these briefings are almost identical for the DoD and Industry, but there are some differences that you will learn about in this lesson.
Lesson objectives: Identify and define the types of required security briefings for all cleared personnel Identify the various audiences of a security program Identify the training requirements for Industry and the DoD
Initial Briefings
W hat is the Initial Briefing?
In order for cleared personnel to receive access to classified information, they must first receive an initial security briefing and then execute Standard Form 312, the Classified Information Nondisclosure Agreement. The SF-312 briefing may either be included in the initial briefing or upon the individual’s receiving a favorable determination of eligibility for access. If the individual already has an SF-312 recorded in the Joint Personnel Adjudication System, or JPAS, it does not need to be executed again.
After the briefing, personnel who sign and execute the SF-312 are granted access to classified information at their authorized access level and on a need-to-know basis. Executed SF-312s are then forwarded to the respective repository and entered into the system of record. If an individual refuses to execute the SF-312, action shall be initiated to deny or revoke the individual’s eligibility.
All initial briefings must cover basic security roles and responsibilities, provide an overview of the classification system, and discuss the penalties for disclosing classified information to unauthorized individuals. The contents of the initial briefing vary slightly by job role and whether it is for DoD or contract employees. Now let's look at the requirements specific to DoD and Industry initial security briefings.
DoD Initial Briefings
The DoD has implemented the requirement for an initial security briefing in two regulations: in DoDM 5200.01, Volumes 1-4, the DoD Information Security Program, and in DoD 5200.2-R, the Personnel Security Program. While the requirements laid out in the two regulations are similar
page 10
Developing a Security Education and Training Program Student Guide
in that both discuss the protection of classified information, they focus on different aspects of that important responsibility.
The Initial Orientation mandated in the DoDM 5200.01, Volume 3 outlines the classification system and establishes the policies that all employees must follow to protect classified information.
The Initial Briefing mandated in the DoD 5200.2-R, on the other hand, focuses more on specific threats to classified information and job-specific actions to protect that information.
Information Security Initial Orientation
DoDM 5200.01, Volume 3 requires that all personnel in the organization, including DoD civilians, military members, and on-site support contractors, shall receive an initial orientation. The regulation suggests that the initial orientation should include the following: an explanation of security roles and responsibilities, such as the Senior Agency Official and Agency Security Personnel; a discussion of the elements of classifying and declassifying information, including a definition of the levels of classification, the process for declassification, and the procedures for challenging a classification status; and the elements of safeguarding, including proper safeguarding procedures, what constitutes compromise of classified information, and the procedures for transmitting classified information.
Security roles and responsibilities include the: Senior Agency Official Agency Security Personnel Agency employees who create or handle classified information Point of contact for questions or concerns about security matters
Training should address the security responsibilities of each role and who should be contacted in case of questions. The initial briefing should discuss elements of classifying and declassifying inform ation , including: Definition and importance of classification Levels of classification and damage criteria associated with each level Classification markings General requirements for declassifying information Procedures for challenging classification status
The briefing should discuss elements of safeguarding , including: Proper procedures What constitutes compromise of classified information General conditions and restrictions for access to classified information Steps to take when standards have been violated Steps to take in an emergency evacuation Appropriate policies and procedures for transmission of classified information
page 11
Developing a Security Education and Training Program Student Guide
The DoDM 5200.01, Volume 3 also recommends an orientation briefing for personnel who are not cleared for access to classified information but who may come into inadvertent contact with classified information in their normal work environment. The initial briefing for uncleared personnel should include a brief explanation of the classification system and its importance and the steps they should take if they discover unsecured classified information or notice a security vulnerability.
Personnel Security Initial Briefing
DoD 5200.2-R requires training for all individuals cleared for access to classified information, as well as any individuals with duties requiring a trustworthiness determination.
This training must include security requirements specific to their particular job, techniques employed by foreign intelligence activities to obtain classified information and employee responsibility for reporting those attempts, the prohibition against disclosure of classified information to unauthorized individuals, the responsibility for continuous evaluation of one’s own and others’ security activities, and the penalties that may be imposed for security violations.
Industry Initial Briefings
Now let's look at initial security briefings for contractor personnel. The NISPOM outlines the required topics that must be included in an initial security briefing prior to employees of a cleared contractor accessing classified information.
The topics covered are a threat awareness briefing, a defensive security briefing, an overview of the security classification system, employee reporting obligations and requirements, and security procedures and duties applicable to the employee’s job.
Building an Initial Briefing
Now that you understand the requirements for initial security briefings, let’s talk a little about how you can build your own briefings.
As you learned, all initial briefings, whether for DoD or contract employees, should include content on: foreign intelligence threats, defensive security, how information is classified and how it must be protected, requirements for continuous evaluation and reporting, and job-specific security requirements.
Threat Awareness
The threat awareness briefing should inform employees of techniques employed by foreign intelligence services to obtain classified information. Most of these techniques are well-known and their use is predictable.
You may wish to begin with an overview of the history of espionage and foreign intelligence threats to U.S. national security. Every briefing should cover new threats. You may also wish to discuss examples of famous espionage cases in which classified information was compromised, such as the cases of Aldrich Ames of the CIA, Christopher Boyce, a contract employee, John Walker of the Navy, the FBI's Robert Hanssen, and others, and identify targeted information and technology.
page 12
Developing a Security Education and Training Program Student Guide
It is also important to provide resources where employees can find information on current threats and techniques on countering those threats. DoD personnel may receive information on current threats and techniques from their supporting counterintelligence activity.
Contractors should review the material available under the Counterintelligence section of the DSS website. The articles and publications posted provide information that can be used to educate and motivate cleared employees.
The information in boxes like the one below is supplemental content that you may find useful; however, it will not be addressed in the course examination.
In addition to the DSS website, you may wish to access some of the following resources: Military Counterintelligence Office: DSS counterintelligence, or CI, specialists work closely with military CI components and other agencies in an effort to help you recognize potential threats. Local FBI: Contact your local FBI office and arrange to sponsor or participate in an Awareness of National Security Issues and Response, or ANSIR, briefing, or a Domain Initiative and Infraguard briefing. Defense Intelligence Agency Department of State Immigration and Custom Enforcement For Industry: Defense Security Service Industrial Security Rep: Request assistance in obtaining threat information that is relevant and available for your company. If you have employees stationed or traveling overseas, or working with a specific country, contact your Rep for information on that country.
Defensive Security
Another topic included in the initial security briefing is defensive security. The primary defensive security tools are employee vigilance and awareness of threats. Cleared employees should be made aware that they may be targeted by foreign intelligence services and must be sure to have the proper authority to release information to foreign nationals, if so required, prior to allowing them access.
Perhaps even more dangerous than external perpetrators of espionage, are internal employees who have been compromised. There are several common warning signs of internal threats of which all employees should be aware. They include: attempts to gain access to classified information without a valid need-to-know or without the required security clearance, unauthorized reproduction or removal of classified material from the work area and secret destruction of documents, unexplained affluence, and foreign travel on a regular basis and without sufficient explanation.
For Industry
If your company markets outside the U.S., stress that export-controlled information may be at risk as well as classified information. Point out that unclassified information relating to a classified contract shall not be disclosed, or any information that falls under
page 13
Developing a Security Education and Training Program Student Guide
the International Traffic in Arms Regulation (ITAR). Unclassified technical data may require government approval before release.
Providing security to America's secrets in an era of intense post-Cold-War global competition is a great challenge. It is a good idea to review your NISP-related contracts and work with your IS Representative to familiarize yourself with the particular restrictions that may apply to your employees' situations and to obtain disclosure guidance from appropriate agencies, such as the: Office of Defense Trade Controls Department of State Department of Commerce Immigration and Custom Enforcement
Then brief your employees accordingly.
Classification System
All cleared employees must have a thorough understanding of the security classification system. The initial briefing should cover the difference between original and derivative classification, the three levels of classified information, the procedures for classifying and marking information, the importance of having and maintaining a system of control measures to ensure that classified information is available only to authorized individuals, the importance of appropriate controls and safeguards to protect classified information, prohibitions against the improper use of classified information and the abuse of the classification system, and procedures for challenging classification decisions. In addition, the initial briefing should also cover what Controlled Unclassified Information, or CUI, is and the importance of protecting it.
page 14
Developing a Security Education and Training Program Student Guide
Continuous Evaluation and Reporting
Any security program is based to a large extent on individual trust and responsibility, and employee evaluation and reporting requirements are critical elements in the program. As part of the initial briefing, you must inform employees of their individual responsibility for continuous evaluation and reporting. Employees must understand the nature of reporting requirements and know that reporting, whether regarding oneself or others, is designed to protect the employee, in addition to countering possible foreign intelligence threats. In addition, the briefing should cover the roles and responsibilities in continuous evaluation and the types of required reports.
Continuous evaluation is the uninterrupted assessment of an individual for retention of a security clearance and involves reinvestigation at given intervals. To maintain eligibility, employees must recognize and avoid behaviors that might jeopardize their security clearance. Employees, coworkers, supervisors, and managers all play an important role in the continuous evaluation program and all must receive training on their responsibilities. Management (includes Commanders and Heads of DoD Components) must ensure personnel are indoctrinated and receive continual instruction on the national security implications of their duties. Supervisors should receive guidance on how to recognize matters of personnel security concern related to employees who report to them. Individuals must be familiar with the security regulations that pertain to their assigned duties and of the standards of conduct required of persons holding positions of trust. Coworkers must advise supervisors or security officers when they become aware of information of security significance regarding an individual with access to classified information.
page 15
Developing a Security Education and Training Program Student Guide
Cleared employees are required to report any information pertaining to the following: Any suspicious contacts, including: Foreign travel to or through a foreign or attendance at international conferences at which representatives of such a country will be in attendance Establishment of residency in a foreign country by an employee’s spouse or member of his/her immediate family or the acquisition of relatives, through marriage, who live in such a country Any association with or intention to represent a foreign interest (RFI) Any instances in which someone approaches you and requests information pertaining to classified or sensitive information when such person does not have a legitimate "need- to-know” and/or is willing to "pay” you for such information Sabotage, espionage, and any subversive or suspicious activity Any security violations or infractions or any problem with security-related equipment or procedures, including: Any loss, compromise, or suspected compromise of classified information in your possession or in the possession of another person Receipt of classified material not related to a classified contract, project, or program for which no safeguarding or disposition instructions have been received Any instances in which classified material is out of the control of the custodian or which cannot be readily located Any adverse information related to oneself or another cleared individual, to include information on: alcohol and drug abuse, criminal activity, relationships/friendships with foreign nationals, mental health problems, or financial difficulties, financial irresponsibility, or unexplained affluence Change in name, residence or marital status Any instances, in which an employee desires not to perform on classified work, declines to accept security responsibility, or requests to terminate clearance or clearance processing
Job-Specific Security Procedures and Duties
The last topic that needs to be covered in the initial briefing are job-specific security procedures and duties. These are security responsibilities that are tailored to specific job roles. For example, a clerk would have very different concerns in protecting classified information than would an engineer. For an engineer, you might stress procedures regarding scientific meetings where representatives of foreign countries will attend and the procedures pertaining to working papers.
Remember that this briefing should be as specific and thorough as you can make it, with as much hands-on demonstration of security procedures as possible.
page 16
Developing a Security Education and Training Program Student Guide
Refresher Training
Refresher Training and Continuing Education
The DoDM 5200.01, Volume 3; the DoD 5200.2-R; and the NISPOM all mandate that all cleared personnel attend refresher training at least annually. Refresher training must reinforce the information covered in the initial briefing and in any specialized training, including security policies, principles, and procedures, and penalties for engaging in espionage and other security violations. This training must address new threats and foreign intelligence techniques and discuss any changes in security regulations. It should also address any issues or concerns identified during security inspections and self-inspections.
The content and format of refresher briefings should be tailored to meet the needs of the audience of experienced personnel. In addition to annual refresher training, the DoDM 5200.01, Volume 3 requires continuous and ongoing education for all cleared personnel. This continuing education should supplement periodic briefings, training sessions, and formal presentations, and may take the form of informational and promotional efforts or job performance aids. Maintaining records of attendance at refresher training sessions allows you to keep track of who has received the training. These records must include the topics covered in the session and the names of all attendees.
Refresher training methods may include: Group briefings Interactive videos Training sessions Online courses Job performance aids Promotional efforts Bulletins Newsletters Security awareness meetings
Termination Briefings
Termination Briefings and Debriefings
The DoDM 5200.01, Volume 3, DoD 5200.2-R, and the NISPOM all mandate termination briefings when an employee terminates employment or is discharged, and when an employee’s access is terminated, suspended, or revoked. The NISPOM, which refers to these as debriefings, also requires a debriefing upon termination of a company’s facility clearance.
The termination briefing should cover the individual’s continued responsibility to protect classified information, the continuing requirement for the individual to report attempts by unauthorized individuals to gain access to classified information, the prohibition against retaining classified materials, and the civil and criminal penalties for violating security regulations and disclosing classified information.
The DoD 5200.2-R states that the termination briefing should be followed by the execution of a Security Termination Statement, or STS. An employee’s refusal to sign the STS must be
page 17
Developing a Security Education and Training Program Student Guide
reported immediately to the security manager of the cognizant organization. The STS should be retained by the DoD component for at least two years after employee termination. The individual must be orally debriefed if the individual refuses to sign the STS.
Review Activity 1
Identify the target audiences for security education and training suggested by the various policy documents mandating security education. Select the identified target audiences for each type of briefing, then check your answers in the Answer Key at the end of this Student Guide.
DoD Cleared Personnel
DoD Uncleared Personnel
Industry Cleared Personnel
Initial Briefing □ □ □
Refresher Training □ □ □
Continuing Education □ □ □
Termination Briefing □ □ □
Review Activity 2 Select True or False for each statement. Then check your answers in the Answer Key at the end of this Student Guide.
True False
All cleared personnel are required to orally attest to their responsibilities for safeguarding classified information. O O
Job-specific security procedures are usually included as part of an initial security briefing. O O
Information on current security threats must be included as part of security training. O O
Termination briefings should communicate the continued requirement for individuals to protect classified information, even after resigning or being discharged.
O O
Refresher training is required only for individuals who have violated security procedures. O O
Review Activity 3 Which of the following are topics that should be included in an initial security briefing? Select all that apply, then check your answers in the Answer Key at the end of this Student Guide.
□ An overview of the security classification system
□ Techniques employed by foreign intelligence activities
page 18
□ Prohibition against unauthorized disclosure of classified information
□ Penalties for security violations
Developing a Security Education and Training Program Student Guide
page 19
Developing a Security Education and Training Program Student Guide
Lesson Conclusion
Summary In this lesson, you learned about the requirements for cleared DoD and Industry personnel to attend initial security briefings, refresher training, and termination briefings. You also learned of the requirement for DoD personnel to receive ongoing continuing education.
Initial Briefing Varies by role and whether DoD or industry Includes basic security roles and responsibilities Includes overview of classification system Discusses penalties for unauthorized disclosure
Continuing Education Required for all cleared DoD personnel Supplement formal briefings Informational and promotional efforts Job performance aids
Refresher Training Performed at least annually Reinforce contents of initial briefing, including: Policies, principles, and procedures Penalties for engaging in espionage Address new threats and techniques and changes in security regulations Address issues or concerns identified during self-inspections
Termination Briefing Debrief employees when: Employee terminates employment or is discharged Employee’s access is terminated, suspended, or revoked Include: Continued responsibility to protect classified information Requirement to report unauthorized attempts to gain access Prohibition against retaining materials Civil and criminal penalties for violations
page 20
Developing a Security Education and Training Program Student Guide
Answer Key
Review Activity 1 DoD Cleared
Personnel DoD Uncleared
Personnel Industry Cleared
Personnel
Initial Briefing M M M
An initial briefing is required for both cleared and uncleared DoD personnel and cleared Industry personnel. Although not required, the DoDM 5200.01, Volumes 1-4 does suggest providing an initial briefing to uncleared personnel who may come into inadvertent contact with classified information.
Refresher Training M □ M
Refresher training is required for both DoD and Industry cleared personnel. Policy documents do not mention a need for refresher training for uncleared personnel.
Continuing Education M □ □
Continuing education is required for DoD cleared personnel. The NISPOM does not mention a similar requirement for Industry, but continuing education is recommended and encouraged.
Termination Briefing M □ M
A termination briefing is required for both DoD and Industry cleared personnel. Policy documents do not mention a need for termination briefings for uncleared personnel.
Review Activity 2 True False
All cleared personnel are required to orally attest to their responsibilities for safeguarding classified information.
Only personnel requiring access to Top Secret, SAP, or SCI information are required to orally attest to their responsibilities for safeguarding such information.
o •
Job-specific security procedures are usually included as part of an initial security briefing.
• o
Information on current security threats must be included as part of security training.
• o
Termination briefings should communicate the continued requirement for individuals to protect classified information, even after resigning or being discharged.
• o
Refresher training is required only for individuals who have violated security procedures.
Refresher training is required for ALL cleared personnel.
o •
page 21
Developing a Security Education and Training Program Student Guide
Review Activity 3
M An overview of the security classification system
M Techniques employed by foreign intelligence activities
M Prohibition against unauthorized disclosure of classified information
M Penalties for security violations
All of these are required elements of an initial security briefing.
page 22
Basic Security Briefings Job Aid
Developing a Security Education and Training Program Student Guide
BASIC BRIEFING TYPES Type References Briefing Notes
DoD or Industry?
Initial Briefing NISPOM, 3-106
Information Security Initial Orientation
DoDM 5200.01, Volumes 1-4, 9.2
Focus: Classification system Cleared Personnel
Roles and responsibilities
Elements of classifying and declassifying information Elements of safeguarding
Uncleared Personnel Included if may come into inadvertent contact with classified information
Actions to take on discovery of unsecured classified information or a security vulnerability
DoD
Personnel Security Initial Briefing
DoD 5200.2-R, 9.2.2
Focus: Threats to classified information and job- specific actions to protect information Specific security requirements for particular job Employee responsibility to report Techniques employed by foreign intelligence activities Prohibition against unauthorized disclosure of classified information Responsibility for continuous evaluation Penalties for security violations
DoD
Threat Awareness
DoD 5200.2-R, 9.2.2 NISPOM, 3-106
Topics Define foreign intelligence threat and identify espionage techniques
Provide historical overview
Discuss new threats Provide examples of famous espionage cases where classified information was compromised
Identify targeted information or technologies
Sources on current threat information
DoD and Industry
Defensive Security
NISPOM, 3-106 Topics Employees must be: Aware of the danger of espionage Cautious when in contact with foreign nationals Vigilant to internal and external threats Warning signs: Attempts to gain unauthorized access to classified or sensitive information Unauthorized reproduction or removal of classified material Unexplained affluence Foreign travel without sufficient explanation
Industry
page 23
Developing a Security Education and Training Program Student Guide
BASIC BRIEFING TYPES Type References Briefing Notes DoD or Industry?
Classification System
DoDM 5200.01, Volumes 1-4, 9.2 NISPOM, 3-106
Topics Original vs. derivative classification Classification levels
Proper classification and marking Maintaining a system of control measures, such as an information management system (IMS) Control safeguards
Prohibitions against improper use and abuse of classification system
Procedures for challenging classification decisions
DoD and Industry
Continuous Evaluation and Reporting Obligations
DoD 5200.2-R, 9.1 NISPOM, 3-106
Topics Make sure employees understand the nature of continuous evaluation and reporting requirements, self- reportingand reporting on others, protecting the employee and counter possible intelligence threats Roles and responsibilities in continuous evaluation
Types of required reports
Suspicious contacts Security violations or infractions
Adverse information Change in employee status
Sabotage, espionage, and any subversive or suspicious activity
DoD and Industry
Job-Specific Security Procedures
DoD 5200.2-R, 9.2.2 NISPOM, 3-106
Tailored to specific job roles DoD and Industry
Refresher Training
DoDM 5200.01, Volumes 1-4, 9.4.2 DoD 5200.2-R, 9.2.3 NISPOM, 3-107
Performed at least annually Topics Performed at least annually Reinforce contents of initial briefing, including: Policies, principles, and procedures Penalties for engaging in espionage Address new threats and techniques and changes in security regulations Address issues or concerns identified during self inspections
Tailored to meet the needs of experienced personnel
DoD and Industry
Continuing Education
DoDM 5200.01, Volumes 1-4, 9.4.1 NISPOM, 3-107
Continuous rather than periodic Approach Supplement formal briefings Informational and promotional efforts
Job performance aids
DoD: Required Industry: Strongly Recommended
page 24
Developing a Security Education and Training Program Student Guide
BASIC BRIEFING TYPES
Type References Briefing Notes DoD or Industry? Termination Briefing/ Debriefing
DoDM 5200.01, Volumes 1-4, 9.5 DoD 5200.2-R, 9.2.5 NISPOM, 3-108
Performed when: Employee terminates employment or is discharged Employee's access is terminated, suspended, or revoked NISP only: company's facility clearance is terminated Topics Continued responsibility to protect classified information
Requirement to report unauthorized attempts to gain access
Prohibition against retaining materials Civil and criminal penalties for violations
DoD and Industry
page 25
Developing a Security Education and Training Program Student Guide
Lesson 4: Special Briefings and Other Training
Introduction
Objectives
In addition to the standard training requirements for all personnel with access to classified information, there are several types of special briefings and other training required under certain circumstances.
They include training for personnel filling special roles, training for personnel working with special access programs, and other training, such as briefings for foreign travel and for those with access to foreign government information or automated information systems.
Lesson objectives: Identify and define the types of briefings and other training required for specific roles/activities Identify the various types of special briefings and recognize when they are required
Roles with Special Requirements
Classification Roles
As you learned in the previous lesson, certain job roles require special security procedures.
The DoDM 5200.01, Volume 3 specifically identifies special briefing requirements for three different categories of job holders: original classifiers, declassification authorities other than original classifiers, and derivative classifiers, security personnel and others. This last category of job holders can be military, civilian, or contractor personnel.
Original Classification Authority
The DoDM 5200.01, Volume 3 mandates that original classification authorities receive security education and training that addresses who is authorized to classify information originally and the standards an original classifier must meet to classify information.
The training must also address the difference between original and derivative classification, the process for determining how long information can be classified, the prohibitions and limitations on classifying information, the basic markings that must appear on classified information, the general standards and procedures for declassification, and the requirements and standards for creating, maintaining, and publishing security classification guides.
Original classification authority delegation is driven by position, not by name.
Declassification Authority
Declassification authorities other than original classifiers must receive training addressing the standards, methods, and procedures for declassifying information as mandated by Executive Order 13526 and the DoDM 5200.01.
page 26
Developing a Security Education and Training Program Student Guide
The training must also cover the standards for creating and using declassification guides, the contents of each DoD Component's declassification plan, and the Component’s responsibilities for the establishment and maintenance of a declassification database.
Declassification authorities are always U.S. Government employees or military members who have specifically been given this responsibility.
Derivative Classifiers, Security Personnel, and Others
Derivative classifiers, security managers and specialists, classification management officers, and others with responsibilities relating to the oversight of classified information, must receive training and education on the following topics: the processes for classifying information originally and derivatively, and the standards applicable to each, the avoidance of over classification, proper and complete classification markings, and the authorities, methods and process for downgrading and declassifying information.
The training must also cover the methods for the proper use, storage, reproduction, transmission, dissemination, and destruction of classified information, the requirements for creating and updating classification and declassification guides, the requirements for controlling access to classified information, and the procedures for investigating and reporting actual and potential compromises of classified information, and the penalties that may be associated with violations of established security policies and procedures.
In addition, these individuals must be briefed on the requirements for oversight of the security classification program, including self inspections.
Finally, these individuals must receive training on the procedures for the secure use, processing, storage, reproduction, and transmission of classified information on automated information systems and networks. Responsible individuals will also be trained on the required certification and accreditation of these systems.
Job-Specific Training Requirements
In addition to the briefing requirements for individuals involved in the classification and declassification of information, there are special training requirements for DoD security professionals, as identified in DoD Instruction 3305.13, for the Facility Security Officer, or FSO, as identified in the NISPOM, and for others with special roles, including the Information Assurance Manager or Information System Security Manager, and couriers, escorts, and handcarriers of classified information.
Security Professionals
DoD Instruction 3305.13 identifies additional requirements for security professionals, or any individuals who are educated, trained, and experienced in one or more security disciplines and who provide advice and expertise to senior officials on the implementation, operation, and administration of the organization’s security programs.
The responsibility for the establishment and maintenance of the Security Professional Education Development Program is assigned to the Defense Security Service, under the authority of the Under Secretary of Defense for Intelligence.
page 27
Developing a Security Education and Training Program Student Guide
The program consists of a combination of instructor-led, distance learning, blended learning, job aids, and other delivery methods as required to meet mission requirements.
Facility Security Officer
The NISPOM makes contractors responsible for providing FSOs and others performing security duties, with security training as deemed appropriate by the cognizant security authority. Training requirements must be based on the facility’s involvement with classified information and may include an FSO orientation and program management courses. FSO training must be completed within one year of FSO appointment.
IAM and ISSM
Information systems containing classified and sensitive information are a critical asset in need of protection. As mandated by DoDD 8570.01 and DoD 8570.01-M, the individuals responsible for managing those systems must receive training at a level commensurate with the complexity of the information system they are responsible for managing.
The DoD refers to these individuals as Information Assurance Managers and Officers, whereas they are known as Information System Security Managers and Officers in Industry.
This training must communicate the responsibility for providing information system security education for all relevant personnel prior to their use of automated information systems, or AIS.
Courier/Handcarrying Briefing
Courier briefings are provided to cleared personnel, whether U.S. military, government civilians, or DoD contractors, who are couriers for the Defense Courier Service or will be handcarrying or escorting classified material.
During this briefing, the individual will be instructed on procedures for handling classified information while in transit, modes of transportation that may be used, and authorized destinations of classified handcarried or escorted classified materials. They will also be informed on points of contact in case of an emergency while performing courier responsibilities.
Additional information on this topic is available in the Transmission and Transportation for DoD and the Transmission and Transportation for Industry courses.
Special Information and Circumstances
Special Types of Information
Both the DoDM 5200.01, Volume 3 and the NISPOM require personnel to receive an indoctrination briefing prior to being granted access to special types of information. For contractors, a U.S. Government representative, usually the DSS IS Rep, must brief and debrief the FSO. The FSO provides briefings to employees prior to them gaining access to the information. These briefings provide guidance on how to protect these special types of classified information and how to determine who is authorized access to this information.
page 28
Developing a Security Education and Training Program Student Guide
Special types of information include Special Access Program, or SAP, Communications Security, or COMSEC, North Atlantic Treaty Organization, or NATO, Critical Nuclear Weapon Design Information, or CNWDI, and foreign government information, or FGI.
Special briefings are also required for individuals who need access to sensitive compartmented information, or SCI, individuals who need access to information protected by Alternative Compensatory Control Measures, or ACCM, and individuals responsible for Operations Security, or OPSEC.
Special Access Program
A Special Access Program, or SAP, is any official program or activity, as authorized by Executive Order 13526. SAPs employ enhanced security measures, such as safeguarding and access requirements, exceeding those normally required for collateral information at the same level of classification.
Training for those with access to SAPs must be conducted in accordance with the DoD Overprint to the National Industrial Security Program Operating Manual Supplement and the Joint Air Force-Army-Navy, or JAFAN, 6/0.
COMSEC
Briefing requirements for COMSEC access are identified in the NSA/CSS Policy Memorandum No. 3-16, Control of COMSEC Material, and in DoD Instruction 8523.01, which requires that COMSEC equipment users and maintenance technicians are appropriately trained.
The COMSEC briefing should describe the types of COMSEC information to which employees may have access, to include transmission security, physical security, emission security, and cryptographic security.
The briefing should also cover the reasons why special safeguards are necessary for protecting this information, the directives and rules that prescribe those safeguards, and the penalties incurred for willful disclosure of this information to unauthorized persons.
COMSEC rebriefings are not required; however, some activities may include them as part of their normal refresher briefing. COMSEC debriefings are not required, unless the employee had access to CRYPTO information, in accordance with NSA/CSS No. 3-16. And remember, records of all COMSEC briefings and debriefings must be maintained. For contractors with access to COMSEC, the NISPOM sets forth special training requirements.
The information in boxes like the one below is supplemental content that you may find useful; however, it will not be addressed in the course examination.
page 29
Developing a Security Education and Training Program Student Guide
COMSEC Briefing Topics
Specific requirements for contractors are laid out in the NISPOM. A U.S. Government representative must brief the FSO, the contractor’s COMSEC Custodian, and the COMSEC Alternate on the special sensitivity of information and security requirements, who must in turn brief other contractor employees. See NISPOM Paragraph 9-404: COMSEC Briefing and Debriefing for more information.
CRYPTO Information
In accordance with NSA/CSS Policy Memorandum No. 3-16, Control of COMSEC Material, employees with access to CRYPTO information must: Receive a special debriefing Execute Section II of SD 572 (Cryptographic Access Certification and Termination) when access is no longer required
NATO Information
DoD Directive 5100.55, the United States Security Authority for North Atlantic Treaty Organization Affairs, or USSAN, requires that NATO briefings are provided to personnel who have a valid need to work with NATO classified information. Access to NATO classified information requires a security clearance at the same classification level as the NATO information to be accessed. Information designated as NATO RESTRICTED does not require a security clearance.
The NATO briefing will cover security requirements for handling classified NATO information and the consequences of negligent handling of this information. Employees must complete a statement acknowledging receipt of the NATO indoctrination briefing and their responsibility for safeguarding NATO information.
For contractors, annual refresher briefings are required to reinforce the importance of proper handling and protection of classified NATO information. When access to NATO information is no longer required a debriefing is conducted. The debriefing covers the individual’s continued responsibility for safeguarding classified NATO information. Records of all briefings, rebriefings, and debriefings must be retained, in accordance with the government records management system. For contractors with access to NATO information, these special training requirements are found in the NISPOM.
page 30
Developing a Security Education and Training Program Student Guide
NATO Classification Markings
NATO has the following levels of security classification: COSMIC TOP SECRET (CTS) NATO SECRET (NS) NATO CONFIDENTIAL (NC) NATO RESTRICTED (NR) ATOMAL information is marked: COSMIC TOP SECRET ATOMAL (CTSA) NATO SECRET ATOMAL (NSA) NATO CONFIDENTIAL ATOMAL (NCA)
ATOMAL applies to: U.S. RESTRICTED DATA or FORMERLY RESTRICTED DATA United Kingdom Atomic information released to NATO
CNWDI
Access to Critical Nuclear Weapon Design Information, or CNWDI, is limited to personnel who have a final SECRET or TOP SECRET security clearance. Prior to access these personnel must receive a briefing discussing the definition and sensitivity of CNWDI. The briefing should also cover the regulations laid out in DoD Directive 5210.2, Access to and Dissemination of Restricted Data, including special CNWDI markings and transmission and other special handling requirements.
Upon termination of access, employees must be given an oral debriefing. Records of all employees authorized to access CNWDI, as well as briefing and debriefing records, must be retained for two or three years, depending on classification level. For contractors with access to CNWDI, special training requirements are found in the NISPOM.
Foreign Government Information
Employees with access to foreign government information, or FGI, must be briefed on the special handling requirements for FGI. This briefing explains what FGI is and the basic security standards and procedures for safeguarding classified FGI, which are basically equivalent to those for U.S. classified information although there are some significant differences of which personnel should be made aware.
The biggest distinction that personnel must be aware of when handling FGI are differences in classification markings among various nations. In addition to TOP SECRET, SECRET, and CONFIDENTIAL, many foreign governments have a fourth classification level, known as RESTRICTED, for which there is no U.S. equivalent.
The FGI briefing should also cover usage, disclosure, dissemination, and storage guidelines, to ensure that this information is properly protected.
page 31
Developing a Security Education and Training Program Student Guide
As defined by the E.O. 13526, foreign government information (FGI) is: Information that has been provided to the U.S. by a foreign government or governments, an international organization of governments, or any element thereof with the expectation, expressed or implied, that the information, the source of the information, or both, are to be held in confidence Information produced by the U.S. pursuant to, or as a result of, a joint arrangement with a foreign government or governments, an international organization of governments or any element thereof, requiring that the information, the arrangement, or both are to be held in confidence; or Information received and treated as "foreign government information” under the terms of a predecessor_____________________________________________________________
Sensitive Compartmented Information
Sensitive Compartmented Information, or SCI, is classified information derived from intelligence sources and requiring special handling. Training for those with access to SCI must be conducted in accordance with Appendix F of DoDM 5105.21, Volumes 1-3, or the Sensitive Compartmented Information Administrative Security Manual. This document is For Official Use Only.
Alternative Compensatory Control Measures
Alternative Compensatory Control Measures, or ACCM, are additional security measures which may be used to ensure strict need-to-know protection when standard security measures are insufficient. Training on ACCM is required prior to individuals gaining access to ACCM- protected information, and anuually thereafter as described in the DoDM 5200.01, Volume 3, Enclosure 2.
OPSEC
Operations Security, or OPSEC, is a process of identifying critical information and analyzing friendly actions attendant to military operations and other activities. Enclosure 7 of the DoD Operations Security (OPSEC) Program Manual, or DoD 5205.02-M, mandates initial and refresher training for individuals with OPSEC responsibilities in order to provide the knowledge and skills necessary to enable quality performance of OPSEC functions.
Awareness training is required for all personnel to include an explanation of OPSEC, its purpose, threat awareness, the organization’s critical information, and the individual’s role in protecting it. Contractors are required to complete OPSEC training when this requirement is included in their contract.
Other Special Briefings
There are several other circumstances requiring special briefings. These include foreign travel or assignment, use of automated information systems, antiterrorism and force protection, physical security, international programs, and for contractors, procedures surrounding classified visits and meetings.
page 32
Developing a Security Education and Training Program Student Guide
Foreign Travel Briefing
One type of special security briefing is the foreign travel briefing. Foreign travel briefings are provided to personnel who will be traveling, either officially or unofficially, to foreign countries, professional meetings or conferences where foreign attendance is likely, and any other locations where there are concerns about possible foreign intelligence exploitation. This briefing is usually required for all personnel with SCI or SAP access.
Foreign travel briefings provide important information not only about the potential security risks at a given destination, but also about points of contact if a problem arises. In addition to security warnings, the foreign travel briefings provide valuable information about any applicable safety or criminal issues travelers should be aware of. The briefing should also cover reporting requirements for any suspicious contact and information on how foreign intelligence services target and approach cleared personnel. Employees are debriefed upon return as to what occurred during the travel. Records of briefings are maintained in accordance with the cognizant security authorities’ records management systems.
Check with your Component, agency, or local requirements to determine your specific foreign travel briefing policies. Requirements for contractors are laid out in the NISPOM.
Information Assurance
Information assurance is the protection and defense of information and information systems by ensuring availability, integrity, and confidentiality. All users who have access to government computer systems must complete an information assurance, or IA, briefing, in which they are informed of their responsibility for protecting the system to prevent any unauthorized disclosure, modification or destruction of information, as well as the prohibition against introduction, removal, or duplication of hardware, software, or media to or from any information technology system without authorization. In this briefing, personnel also learn the requirements for password and pass-phrase security.
Personnel are required to participate in annual refresher training that covers identification of threats to and the physical protection of information systems, as well as provide a basic understanding of malicious content and logic and non-standard threats, such as social engineering. Contractor employees must also be trained in accordance with the approved System Security Plan if they have access to an information system approved for processing classified information.
Antiterrorism/Force Protection
Antiterrorism and Force Protection, or ATFP, are defensive measures used to reduce the vulnerability of individuals and property to terrorist acts, including limited response and containment by local military and civilian forces. ATFP also includes actions taken to prevent or mitigate hostile actions against DoD personnel and their families, resources, facilities, and critical information.
There are specific training requirements for personnel who are responsible for managing ATFP programs. ATFP training is required for individuals, commanders, senior executive officers, high-risk personnel, those assigned to high-risk billets, and units preparing to deploy.
page 33
Developing a Security Education and Training Program Student Guide
There are four levels of ATFP training: level-one training is for individual personal protection awareness; level two is for unit antiterrorism advisors; level three is a commander’s course; and level four is an executive seminar. Antiterrorism Officer Training Level II is available online from the DSS website.
Physical Security
DoD 5200.8-R, the Physical Security Program, mandates the creation of physical security awareness training for DoD personnel as a part of physical security planning. This awareness training must be sustained and delivered regularly.
This training should cover common physical security measures as part of security-in-depth, to include perimeter fences, employee and visitor access controls, badges/Common Access Cards, intrusion detection systems, random guard patrols, prohibited item controls, entry and exit inspections, escorting, and closed circuit video monitoring.
International Programs
Special briefings are also required for individuals who require access to international programs or who participate in international activities. These individuals must be receiving training on international security and foreign disclosure guidelines by taking either the International Security Requirements course offered by USD(P), the International Programs Security and Technology Transfer course offered by the Defense Systems Management college, or an equivalent course offered by the DoD Component. Applicable activities covered in this training include security assistance, cooperative research, foreign disclosure, and specific country relationships.
Contractor employees involved in international programs must be trained commensurate with their particular duties and the provisions of their company's Technology Control Plan.
Visits and Meetings
When cleared individuals visit a cleared contractor or government facility and need access to classified information, visitors must be trained on the security procedures they are expected to follow. This security briefing typically addresses the facility’s badging and escort policy, as well as physical security procedures and access areas. It will also discuss use of portable electronic devices, such as cell phones, laptops, video and audio recording devices.
The briefing may also address how to verify another person’s personnel security clearance, how to handle classified documents, and how to transmit and/or transport classified material. This is especially relevant to long-term visitors who are typically co-located at the host facility to work on a contract. Finally, the security briefing may cover the reporting requirements for security incidents , such as loss or compromise of classified material.
Heads of DoD Components shall establish procedures to accommodate visitors to their Component facilities in accordance with DoDM 5200.01, Volume 3, Enclosure 2. Additionally, contractors working in a DoD facility are considered long-term visitors in accordance with the NISPOM and are subject to government security education and training requirements as defined in their contract and the DD Form 254, Contract Security Classification Specification.
page 34
Developing a Security Education and Training Program Student Guide
Nondisclosure and Oral Attestation Briefings
Two common special briefings that were discussed earlier in this course are the SF-312 Nondisclosure briefing, required for all cleared personnel, and the Oral Attestation briefing, required for individuals being granted to a Top Secret Special Access Program
Prior to signing SF-312, the individual must receive a security briefing on the nature and protection of classified information. The Information Security Oversight Office, or ISOO, provides a briefing booklet with all of the information that should be covered in this initial security indoctrination. During the attestation briefing, individuals have to orally attest to understanding their responsibility to protect national security information. Immediately following this attestation all personnel will sign a document that applies to them and their work location. The document must be signed in the presence of a witness.
Both the SF-312 briefing and oral attestation briefing may be conducted either as part of an initial briefing, or as separate briefings, when the individual is granted clearance or access to the classified information.