Presentation is loading. Please wait.

Presentation is loading. Please wait.

Department of the Navy Information Security Program

Published byNorman Maher Modified over 9 years ago

Similar presentations

Presentation on theme: "Department of the Navy Information Security Program"— Presentation transcript:

1 Department of the Navy Information Security Program
SECNAV M Department of the Navy Information Security Program

2 Purpose Establishes policy and procedures for handling and destroying classified information Provides guidance on security education and industrial security programs.

3 Applicability Applies to all uniformed sailors DON civilian personnel
Military personnel are subject to sanctions under the UCMJ and/or Federal sanctions and civilians are subject to Federal Statues in the event of improper mishandling of classified material.

4 Authorities The President of the United States.
National Security Council(NSC) Information Security Oversight Office (ISOO) Central Intelligence FBI The President bears all executive decisions based on national security. NSC provides policy guidance on security matters. The Director of the ISOO issues directives for issuing classification and markings of classified information. The Director of the Central Intelligence Office issues directives or statements affecting policies and activities. The FBI is the government internal security agency.

5 Types of classified information
Communications Security (COMSEC) Information Sensitive Compartmented Information (SCI) Special Access Programs (SAPs) Single Integrated Operational Plan (SIOP) and Single Integrated Operational Plan-Extremely Sensitive Information (SIOP-ESI) Naval Nuclear Propulsion Information (NNPI) Restricted Data (RD) and Formerly Restricted Data (FRD) Critical Nuclear Weapons Design Information (CNWDI) Foreign Government Information (FGI) North Atlantic Treaty Organization (NATO) Information

6 Types of unclassified information
For Official Use Only (FOUO) Department of State (DOS) Sensitive But Unclassified (SBU) (formerly Limited Official Use (LOU)) information DoD and DOE Unclassified Controlled Nuclear Information (UCNI) Drug Enforcement Administration (DEA) Sensitive Information Unclassified information in technical documents requiring distribution statements National Geospatial Intelligence Agency Limited Distribution Information

7 Command Security Responsibility and Authority Standards
Risk Management Delegation The commanding officer is responsible for the effective management of the ISP within the command. Commanding officers shall ensure that personnel in their commands receive the security education necessary to ensure proper execution of their security responsibilities. The commanding officer may impose more stringent requirements within the command or upon subordinates if the situation warrants. The commanding officer shall not, however, unilaterally establish requirements that impact on other commands or cleared DoD contractors, or that contradict this policy manual. Each commanding officer shall apply risk management principles to determine how best to attain the required levels of protection based on the situation at the command. The commanding officer shall designate, in writing, certain security personnel directly involved in program Implementation. The commanding officer shall designate, in writing, a command security manager. The security manager is responsible for implementing the ISP and shall have direct access to the commanding officer. The command security manager may be assigned full-time, part-time or as a collateral duty and must be an officer or a civilian employee, GS-11 or above, with sufficient authority and staff to manage the program for the command. The security manager must be a U.S. citizen and have been the subject of a favorably adjudicated Single Scope Background Investigation (SSBI) completed within five years prior to assignment.

8 COMMAND SECURITY INSTRUCTION
PART ONE: EMERGENCY PLAN PART TWO: EMERGENCY DESTRUCTION SUPPLEMENT Part One: Commanding officers shall develop an emergency plan for the protection of classified information in case of a natural disaster or civil disturbance. This plan may be prepared in conjunction with the command's disaster preparedness plan. Part Two: Commands located outside the U.S. and its territories and units that are deployable, require an emergency destruction supplement for their emergency plans.

9 Classification levels
Top Secret Secret Confidential Top Secret is the classification level applied to information whose unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to the national security. Secret is the classification level applied to information whose unauthorized disclosure could reasonably be expected to cause serious damage to the national security. Confidential is the classification level applied to information whose unauthorized disclosure could reasonably be expected to cause damage to the national security. "For Official Use Only" (FOUO) or "Secret Sensitive" (SS) shall not be used for the identification of U.S. classified national security information.

10 Control Measures Top Secret Secret Confidential
All Top Secret information (including copies) originated or received by a command shall be continuously accounted for, individually serialized, and entered into a command Top Secret register or log. Top Secret information shall be physically sighted or accounted for at least annually, and more frequently as circumstances warrant. Commanding officers shall establish administrative procedures for the control of Secret information appropriate to their local environment, based on an assessment of the threat, the location, and mission of their command. Commanding officers shall establish administrative procedures for the control of confidential information appropriate to their local environment, based on an assessment of the threat, location, and mission of their command. Commanding officers shall establish procedures to control and mark all Secret and Confidential working papers in the manner prescribed for a finished document when retained more than 180 days from the date of creation or officially released outside the organization by the originator. A document transmitted over a classified IT system is considered a finished document.

11 Dissmination Third party rule Emergency situations
Top Secret information Secret information Confidential information Classified information originated in a non-DoD department or agency shall not be disseminated outside the DoD without the consent of the originator except where specifically permitted (also known as the “third agency rule”). In emergency situations, in which there is an imminent threat to life or in defense of the homeland, the Secretary of the Navy or a designee may authorize the disclosure of classified information to an individual or individuals who are otherwise not routinely eligible for access. Limit the amount of classified information disclosed to the absolute minimum to achieve the purpose; Limit the number of individuals who receive it; Transmit the classified information via approved Federal Government channels by the most secure and expeditious method or other means deemed necessary when time is of the essence; Provide instructions about what specific information is classified, how it should be safeguarded; physical custody of classified information must remain with an authorized Federal Government entity, in all but the most extraordinary circumstances; Provide appropriate briefings to the recipients on their responsibilities not to disclose the information and obtain a signed nondisclosure agreement; and Within 72 hours of the disclosure of classified information, or the earliest opportunity that the emergency permits, but no later than 30 days after the release, the disclosing authority must notify the originating agency Top Secret information originated within the DoD shall not be disseminated outside the DoD without the consent of the originator or higher authority, Unless specifically prohibited by the originator, Secret and Confidential information originated within the DoD may be disseminated to other DoD components and agencies within the executive branch of the U.S. Government.

12 Transmission Top Secret Secret Confidential
Commanding officers shall ensure that only appropriately cleared personnel or authorized carriers transmit, transport, escort, or hand carry classified information. The means selected should minimize the risk of a loss or compromise while permitting the use of the most cost-effective mode of conveyance. All international transfers of classified information shall be via government-to-government channels. Transmit or transport U.S. Top Secret material only by: 1. Direct contact between appropriately cleared U.S. personnel; 2. The Defense Courier Service (DCS), if the material qualifies under the provisions of reference (a); 3. The Department of State (DOS) Diplomatic Courier Service; 4. Communications protected by a cryptographic system authorized by the Director, NSA, or a protected distribution system designed and installed to meet the requirements of reference (b). This applies to voice, data, message, and facsimile transmissions; 5. Appropriately cleared U.S. military or Government civilian personnel specifically designated to escort or hand carry the material, traveling on a private, public or Government owned, controlled, or chartered conveyance, or DoD contractor employee traveling by surface transportation; 6. Appropriately cleared U.S. military or Government civilian personnel, specifically designated to escort or hand carry classified information, traveling on scheduled commercial passenger aircraft within and between the U.S., its territories, and Canada; 7. Appropriately cleared U.S. military and Government civilian personnel, specifically designated to escort or hand carry classified information, traveling on scheduled U.S. owned commercial passenger aircraft on flights outside the U.S., its territories, and Canada per paragraph 9-12; and 8. Appropriately cleared and designated DoD contractor employees within and between the U.S., its territories, and Canada per reference (c). Secret Material 1. Any means approved for Top Secret information, except that Secret information may be introduced into the DCS only when U.S. control cannot otherwise be maintained. This restriction does not apply to COMSEC and SCI, per paragraph 9-5; 2. U.S. Postal Service (USPS) registered mail within and between the U.S. and its territories; 3. USPS registered mail addressed to U.S. Government agencies through U.S. Army, Navy, Marine Corps, or Air Force Postal Service facilities outside the U.S. and its territories; Confidential information: Transmit or transport U.S. Confidential information only by: 1. Any means approved for Secret information; 2. USPS registered mail to and from APO or FPO addressees located outside the U.S. and its territories, and when the originator is uncertain that the addressee’s location is within U.S. boundaries; 3. USPS certified mail for information addressed to a cleared DoD contractor facility or non-DoD agencies;

13 Storage and destruction
In a GSA-approved security container In a vault, modular vault or secure room constructed per exhibit 10A, equipped with an IDS and a personnel response to the alarm within 15 minutes of the alarm annunciation if the area is covered by Security-in-Depth, or a 5-minute alarm response if it is not. Until 1 October 2012, in a non-GSA-approved container having a built-in combination lock. Commanding officers shall ensure that all classified information is stored in a manner that will deter or detect access by unauthorized persons. Weapons or pilferable items, such as money, jewels, precious metals, or narcotics shall not be stored in the same security containers used to store classified information. There shall be no external markings revealing the classification level of information being stored in a specific security container, vault, or secure room. Report to the Chief of Naval Operations (CNO (N3AT)), via CNO (N09N2), any weakness, deficiency, or vulnerability in any equipment used to safeguard classified information.

14 Loss/compromise of classified information
A loss of classified information occurs when it cannot be accounted for or physically located. A compromise is the unauthorized disclosure of classified information to a person(s) who does not have a valid security clearance, authorized access or need-to-know. A possible compromise occurs when classified information is not properly controlled. When a loss or compromise of classified information occurs, the cognizant commanding officer or security manager shall immediately initiate a Preliminary Inquiry (PI). The Security Manager shall be responsible for overseeing the PI. An individual who becomes aware that classified information is lost or compromised shall immediately notify their security manager or commanding officer of the incident, as well as their supervisory chain of command.

15 Questions

Download ppt "Department of the Navy Information Security Program"

Similar presentations

FREEDOM OF INFORMATION EXECUTIVE BRIEFING PART II.

FREEDOM OF INFORMATION EXECUTIVE BRIEFING PART II.
FOIA Exemption 1 & E.O Classified National Security Information

FOIA Exemption 1 & E.O Classified National Security Information
Classified Contract Close-out By Jane Dinkel Security Manager LMMFC.

Classified Contract Close-out By Jane Dinkel Security Manager LMMFC.
Contract Security Classification Specification

Contract Security Classification Specification
Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
UNCLASSIFIED//FOUO UNCLASSIFIED//FOUO OverviewofUSAINSCOM Assistant Chief of Staff, Security (ACofS, G2) Mr. Rand M. Bass Deputy ACofS, G2.

UNCLASSIFIED//FOUO UNCLASSIFIED//FOUO OverviewofUSAINSCOM Assistant Chief of Staff, Security (ACofS, G2) Mr. Rand M. Bass Deputy ACofS, G2.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
Industrial Security 2010 Worldwide Security Conference.

Industrial Security 2010 Worldwide Security Conference.
FOR OFFICIAL USE ONLY ACDM 2014/Agile Development/ UNCLASSIFIED DISTRIBUTION STATEMENT D: Distribution authorized to the Department of Defense and U.S.

FOR OFFICIAL USE ONLY ACDM 2014/Agile Development/ UNCLASSIFIED DISTRIBUTION STATEMENT D: Distribution authorized to the Department of Defense and U.S.
UNIT PHYSICAL SECURITY PLAN

UNIT PHYSICAL SECURITY PLAN
Security Solutions Group

Security Solutions Group
F ACILITY S ECURITY Presented by: Dela Williams. 2.

F ACILITY S ECURITY Presented by: Dela Williams. 2.
Section One: Classification System Overview Note: All classified markings contained within this presentation are for training purposes only.

Section One: Classification System Overview Note: All classified markings contained within this presentation are for training purposes only.
Office of Security Security Education Refresher Briefing

Office of Security Security Education Refresher Briefing
UNCLASSIFIED1 COMSEC BRIEFING Having been selected to perform duties which will require access to classified COMSEC information, it is essential you be.

UNCLASSIFIED1 COMSEC BRIEFING Having been selected to perform duties which will require access to classified COMSEC information, it is essential you be.
10/27/20111 Initial Security Indoctrination DoD. 10/27/20112 The protection of Government assets, people and property, both classified and controlled.

10/27/20111 Initial Security Indoctrination DoD. 10/27/20112 The protection of Government assets, people and property, both classified and controlled.
Joint Personnel Adjudication System (JPAS) Overview

Joint Personnel Adjudication System (JPAS) Overview
Topic 6 Security Enabling Objectives 6.1 DISCUSS the origin of Communication Security and Operational Security. 6.2 DEFINE COMSEC, DoD COMSEC Policy, and.

Topic 6 Security Enabling Objectives 6.1 DISCUSS the origin of Communication Security and Operational Security. 6.2 DEFINE COMSEC, DoD COMSEC Policy, and.
S.S. Yau CSE465-591 Fall 2006 1 Classified Systems.

S.S. Yau CSE Fall Classified Systems.

Similar presentations

Ads by Google