Download - 2nd Qtr CY16
Over the last few years we have been putting out a quarterly newsletter
from the ANG Information Protection and ANG Special Security Offices.
We would now like to introduce the Operations Security and Cybersecurity
Branches to our ANG 2/3/6 Security Division and quarterly newsletters.
Please welcome aboard these 2 branches and we hope you enjoy their
submissions to the newsletters.
Quarterly Journal of Security Information
ISSUE 1, VOLUME 2, April 2016
ANG 2/3/6 SECURITY DIVISION
Information Protection 2
Special Security Office (SS0) 3
Cybersecurity 4
Security Education & Training 5
Operations Security 6-7
Securely Transmitting Sensitive Info 8-9
NGB A2/3/6S Contact Listing 10
INSIDE THIS ISSUE:
NP2 OPM Portal site came on line, 1 April. If you don’t have accounts for all your Security Managers, See
the email that went out on 13 April to submit more account creations. If you have SMs that have gotten
their accounts but cannot get logged in, they will need to email the [email protected]. Currently the
NP2 Helpdesk is taken 4—5 days to reply to tickets.
The new site https://apollo.opm.gov uses your PIV Certificate and Pin off your CAC to login. If the
PIV UPN was not supplied for an account then a username and password was issued. If a username and
password is being used and now you have your PIV Certificate, fill out the NP2 account spreadsheet and
email it to the ANG IP Mailbox to update.
NC4 OPM Portal (old site) will be decommissioned on 19 April 2016!!!!
A great question was brought up a few
weeks ago regarding the requirement for
the Information Protection Office to
properly mark/label all Multi-Function
Devices (MFDs - Printer/Copier/Scanners)
to show whether or not if it was approved
for unclassified or classified reproduction.
That question was…”Is there still a re-
quirement?” For those of you who have
been in this position for some time, you
know of this…for those of you who are
new…you’re probably asking…”is there?”.
Well, a long time ago in an Information
Protection galaxy far, far, away…there
was a requirement, and an inspectable
one at that. But times have changed,
technology has improved and responsibili-
ties have switched hands.
BLUF: There is no longer an IP AFI require-ment for the IPO to mark/label MFDs.
PAGE 2
New NP2 Portal replaces OPM Portal
Is There Still a Requirement?
AN G 2/3/ 6 SEC UR ITY D IVISIO N
Submitted by: Mrs. Christine Watson
Submitted by: SMSgt Robert Vance
For some, you may have noticed your
Communications Flight Information
Assurance personnel have been ask-
ing you to remove them (if you had
them marked to begin with) or soon
they may. Essentially, the responsi-
bilities for marking/labeling have fall-
en to our Comm brethren, where in
all honestly…it should. AFM 33-282,
Computer Security (COMPUSEC),
identifies MFDs as a Peripheral De-
vice, therefore it states: Appropriately
mark and label peripheral devices
according to the highest level of clas-
sification processed or displayed on
the device by either physically mark-
ing or technically configuring to dis-
play the classification banner. Very
simply, you’ll either notice a SF 710
(Unclassified Sticker), SF 707 (Secret
Sticker), the digital display on the
device configured to show the classi-
fication level, or a combination of
both.
Information Protection Office
NEW! ANG SSO SHAREPOINT SITE ON JWICS
Happy Spring everyone! The ANG SSO office is happy to announce that we have begun development of a
dedicated SharePoint site located on the AF JWICS network. For those of you working on your own site SCIF
and JWICS accreditations, this should be very exciting news for you. Once fully operational the new ANG SSO
JWICS SharePoint site will act as the primary starting point for all references and guidance material you may
need while working on the accreditation processes. The new JWICS SharePoint site is still very early in the
development stages, however we hope to have it completed in its initial design, within the next couple
months.
The new ANG SSO SharePoint can be located on the JWICS network with the following URL: https://
intelshare.intelink.ic.gov/sites/a2-ang-sso/
If you have any questions about the new ANG SSO SharePoint located on the AF JWICS network please con-
tact the ANG SSO office at 612-9636 or you may contact SSgt Kendall Silva at 612-9344.
PAGE 3
Special Security Office
AN G 2/3/ 6 SEC UR ITY D IVISIO N
Submitted by: SSgt Kendall Silva
ELIGIBILITY AND ACCESS REQUIREMENTS
The Office of Personnel Management breach put the identities of 21+ million individuals in the hands of
an unauthorized third-party. As a result, the creation of the National Background Investigation Bureau
(NBIB) was created. The NBIB is expected to work closely with the Defense Security Service in ensuring
only individuals who are eligible and meet the prerequisites for being granted a security clearance
receive one.
The ANG SSO is tasked with ensuring that only individuals that require Sensitive Compartmented
Information (SCI) access to perform their daily duties receive access. Therefore, only submit Interim SCI
Requests for individuals that require SCI to effectively carry out the mission. Interim SCI Request required
forms are available on the ANG SSO SharePoint page: https://eis.ang.af.mil/func/intel/A2S/Pages/
default.aspx
Submitted by: MSgt Rodney Hudson
PERIODIC FACILITY PERIMETER CHECKS
Did you know that part of your annual self-inspection requires you to complete a check of your perimeter
walls for gaps, holes, and cracks? Periodic inspections of the perimeter walls and HVAC inspection ports
within the facility should be conducted even after final accreditation is received to ensure the finish work
within the facility remains intact. You should also periodically conduct sound tests on all perimeter doors
to ensure sound attenuation requirements are met. At a MINIMUM, you should be performing these in-
spections once a year in conjunction with your annual self-inspection.
Submitted by: Mr. Kris Gaus
ANG SSO's Newest Addition
Please join us in welcoming Mr. Gregory Bartlett to the ANG SSO Staff! Greg is joining us from the 152nd IS
(Reno, NV) after retiring from the ANG in October 2015. He has over 17 years of experience in the Commu-
nications, Information Systems Security Office, and DCGS mission set and will surely be an asset to our
CISO program working with TSgt Caldwell and SSgt Silva. Welcome Greg!
Submitted by: SMSgt Katie Weisenburg
Q UAR TER L Y JO URN AL OF SEC UR ITY IN FO R MATIO N PAGE 4
CYBER SURETY
Public Key Infrastructure (PKI)
The SIPRNet token facilitates Smart Card Logon, secure e-mail, and access
to secure websites for use on SECRET networks only. SIPRNet Tokens are
issued by Registration Authorities (RAs), Local Registration Authorities
(LRAs) and Trusted Agents (TAs). Due to cost, card stock shortages etc.,
SIPRNet tokens can be reused. All Air National Guard Local Registration
Authorities (LRAs) and Trusted Agents (TAs) are required to review their
Wing’s Out-processing procedures to ensure SIPRNet tokens are collected
from personnel who separate, retire, and PCS.
DIACAP Status: Submitted by: Ms. Priscilla Bates
Recertification is in progress for ALL SIPR Packages and must be submitted on SIPR to CAR.
Recertification SOP has been distributed to all units. Read and start the process! DIACAP Pack-
age ATO will be good until 31 March 2018 once received. SLA is being signed and will be distrib-
uted soon. Please take time to read and become familiar with the required documentation for
RMF. This will help with recertifying your package! RMF Process - DRAFT AFI 33-210 Required
Documentation: CNSSI 1253 Security Categorization & Control Selection for National Security
Systems National Security Institute of Technology & Standards (NIST) SP 800-60, Guide for Map-
ping Types of Information and Information to Security Categories DoDI 8510.01 Risk Manage-
ment Framework (RMF) for DoD Information Technology (IT) NIST SP 800-53r4 Assessing Security
and Privacy Controls in federal Information Systems and Organizations AFI 33-115 Network Oper-
ations AFI 33-141 Portfolio Management.
Submitted by: Mrs. Jacqueline Parker-O’Malley
Submitted by: Mrs. Christine A Watson
VO L UME 1, ISSUE 1
This years training is being held at the MS CRTC in Gulfport MS, June 20—24. The 20th and 24
are official travel days.
Please make sure to sign up for each break out (limited to 25 per topic) and supply flight infor-
mation for car pooling. Go to the ANG IP SharePoint site, https://cs3.eis.af.mil/sites/26493/
default.aspx. In the _6. CIP Workshops - CIP Training 2016 folder you will find the Topic break
out schedule and Flight information spreadsheets.
Remember to get with your Base Training Office to register/reserve your seat, Course name:
ANGC CIP.
Course is SD Funded for Military and Unit funded for Civilians. We will do one SF 182 for all civil-
ians attending,
Welcome, Reporting Letter will be out in the next couple of weeks.
PAGE 5
2016 FDO Courses
2016 CIP Course
There will be 2 FDO courses held in May this
year. Both will be at the 169 FW Eastover SC.
Dates are
May 3 - 5 2016, 0800 - 1600
Travel Days: May 2 and May 6th.
May 24-26 2016, 0800 - 1600
Travel Days: May 23 and May 27th
Course Name in TEAMS: ANGC FDO/FDR
Get with your Base Training office to register.
We are working on a 3rd course to be held on
the West Coast, More to come in the future
on this!!!
Security Education and Training
Hotel registration for the FDO courses:
Hotel Name: Hampton Inn & Suites Colum-
bia/Southeast-Ft. Jackson
Hotel Address: 201 East Exchange
Boulevard, Columbia, South Carolina 29209
Phone Number: 8032173999
Must register by 2 April 2016
Group Name: Swampfox 1
Group Code: SFX
Check-in: 02-MAY-2016
Check-out: 06-MAY-2016
Must register by 2 May 2016
Group Name: Swampfox 2
Group Code: SF2
Check-in: 23-MAY-2016
Check-out: 27-MAY-2016
Submitted by: Mrs. Christine A Watson
PAGE 6
Greetings OPSEC PMs and Information Security Professionals
WHO I AM
For those that may not know me, My name is Mr. Daniel (Dan) Tyler and I’m the
OPSEC PM for the Air National Guard. I was recently moved from NGB/A3C, Cyber
Operations to the new NGB/A2/3/6S under Mr. Tommy Bertrand, Security Pro-
gram Executive of the ANG Information Protection Office, Special Security Offices,
Cyber Security, OPSEC & FDO. I’ve been serving the Department of the Air Force
for since 1982 with 22 years active duty service, 2 years as a civilian contractor,
and 10 years as a government civilian. I’ve been working at the ANG Readiness
Center in those 3 capacities since 2002. As the ANG OPSEC PM, my motto has
always been: Sampson slew 10,000 Philistines with the jawbone of an ass; OPSEC
is jeopardized with the same weapon! Practice good OPSEC!
AN G 2/3/ 6 SEC UR ITY D IVISIO N
OFFICIAL OPSEC LOGO
Air Force OPSEC Professionals; the Air Force released
the official AF OPSEC Logo in color and monochrome for
your official OPSEC use. Please be sure to follow Air
Force rules when using official AF logos.
I want to thank my wing OPSEC PM’s for providing input to the OPSEC Program Executive Data Call; we
received a 95.5 response rate and based on your input, we are formulating a proper course of action in
regards to the AF Signature Management and Base Profiling Process requirements, IAW AFI 10-701
and the ANG Sup.
ANG OPSEC PROGRAM EXECUTIVE DATA CALL
Operation Security (OPSEC) Office
Submitted by: Mr. Daniel Tyler
Submitted by: Mr. Daniel Tyler
Submitted by: Mr. Daniel Tyler
Q UAR TER L Y JO URN AL OF SEC UR ITY IN FO R MATIO N PAGE 7
YOUR PERSONAL INFORMATION HAS BEEN HACKED! That sentence can cause chills to run
down your spine; but it’s exactly what
happened to most if not all military,
civilian, and contractor personnel affil-
iated with the Department of Defense.
With over 21.5 million individuals im-
pacted, the odds are 99.9% that your
information has been compromised;
this includes 19.7 million individuals
that applied for a background investi-
gation, and 1.8 million non-applicants,
primarily spouses or co-habitants of
applicants. I'm sure everyone reading
this newsletter is aware that there
were two separate but related cyber-
security incidents that have impacted
the private data of Federal govern-
ment employees, contractors, and
others. By now you should have been
officially notified by OPM. For back-
ground information on these inci-
dents, go to https://www.opm.gov/
cybersecurity/cybersecurity-incidents/
Since DSET Software has been in-
corporated into Outlook, OPSEC, PII,
and FOUO violations have de-
creased by almost 90% by ensuring
messages are signed, encrypted,
and properly marked prior to leaving
the e-mail server. After you have
written an e-mail message that may
to contain either PII or FOUO infor-
mation, if you haven’t already
clicked on one of these buttons and
hit Send, DESET runs a scan of your
message text and any included at-
tachments to identify if there’s po-
tentially any PII and or FOUO infor-
mation that requires additional pro-
tections. If the scan identifies infor-
mation or attachments that requires
additional protection, one of two
pop up boxes comes up; (Digital
Signature Enforcement Tool – Po-
tential PII Alert) or (Digital Signature
Enforcement Tool – FOUO Warning).
This decision box provides you
choices to review the potential PII or
Because of these breaches,
OPM has partnered with MyID-
care to provide you with 3
years of complimentary identity
protection service that include
Identity monitoring, Credit
monitoring, identity restoration
services, and Identity theft in-
surance. You should have also
received a notification letter
and PIN from OPM in order to
sign up for these protection
services. If you received offi-
cial OPM notification and a
notification letter and PIN from
OPM, or you think you may
have been impacted but have
not received a letter, go to
https://www.opm.gov/
cybersecurity to sign up for
services or to verify if you were
impacted. At this time, there is
no information to suggest misuse of
the information that was stolen
from OPM's systems. They continue
to investigate and monitor the situa-
tion.
If you have not yet taken advantage
of the complimentary MyIDcare
identity protection services, your
compromised information continues
to be at risk. Don’t wait until you
become a victim; your information
continues to be at risk as long as
it’s unprotected. If you have not
taken advantage of MyIDcare be-
cause you already pay for Identity
protection services from another
company, taking advantage of
MyIDcare in addition to your other
Identity protection service will only
increase your Identity Protection.
FOUO information. At this point,
“YOU” are the last line of defense,
This is where you click on the
proper box in order to protect PII
or FOUO information before send-
ing . The proper DoD markings
will appear and the Encrypt, Sign,
and either the PII or FOUO but-
tons will be highlighted and your
message will be sent.
After completing this step if your
e-mail identifies that your recipi-
ent or recipients won’t be able to
receive your message because
their digital signature has not
been verified, or your sending to
an organizational e-mail account
that hasn’t been set up to receive
encrypted messages; don’t just
hit the send unencrypted button
because it’s more convenient.
You have the responsibility to pro-
tect FOUO and PII information.
There are other ways to securely
transmit sensitive information. See
pages 8 and 9 of this newsletter
for the Securely Transmitting Sen-
sitve Information Smart Card.
Please provide the widest dissemi-
nation of this smart card . using
the attached smart card which pro-
vides alternative methods of trans-
mitting information that requires
protection.
Bottom line, after writing an e-mail,
take the time to ensure its properly
protected marked, even if your
message or attachments don’t
contain PII or FOUO information,
always click Encrypt and Sign prior
to sending or set Encrypt and Sign
as your default settings. Don’t pro-
vide the adversary with infor-
mation that can be used against
us. Think OPSEC!!
SECURELY TRANSMITTING SENSITIVE INFORMATION Submitted by: Mr. Daniel Tyler
Submitted by: Mr. Daniel Tyler
PAGE 8 AN G 2/3/ 6 SEC UR ITY D IVISIO N
VO L UME 1, ISSUE 1
PAGE 9
NGB A2/3/6S Contact Listings
ANG Security Program Executive: Mr. Tommy Bertrand DSN: 612-8391
ANG IP
General Office Number: DSN: 612-7287, Commercial: (240) 612-7287
Chief, ANG IP: Ms. Toni Kirk DSN: 612-8050
ANG Information Security Program Manager: Mrs. Christine Watson DSN: 612-7804
ANG Foreign Disclosure Program Manager: Mrs. Christine Watson DSN: 612-7804
Industrial Security Manager: SMSgt Robert Vance DSN: 612-9420
Personnel Support Staff: TSgt Rodney Baltrip DSN: 612-7287
ANG SSO
General Office Number: DSN: 612-9636, Commercial: (240) 612-9636
Chief, ANG SSO: Mr. Scott Johnson DSN: 612-9340
Physical Security Specialist: Mr. Kris Gaus DSN: 612-9341
Manager, ANG SSO: SMSgt Katie Weisenburg DSN: 612-7615
NCOIC, SCI Personnel Security: MSgt Rodney Hudson DSN: 612-8426
NCOIC, Command CISO: TSgt Rachel Caldwell DSN: 612-9342
Assistant NCOIC, Command CISO: SSgt Kendall Silva DSN: 612-9433
Information Systems Security Analysis Mr. Gregory Bartlett DSN: 612-7710
ANGRC IP
General Office Number: DSN: 612-7790, Commercial: (240) 612-7790
Chief, Information Protection/FDO Support: SMSgt Robert Vance DSN: 612-9420
Enterprise Security Specialist: MSgt Naira Reyes DSN: 612-8797
ANG SM/OPSEC PM
Chief, ANG SM/OPSEC Mr. Daniel Tyler DSN: 612-9279
ANG CYBER SURETY
Chief, ANG Cyber Surety Mr. Gary Gillepie DSN: 612-8025
IT INFOSEC Specialist Mrs. Jacqueline Parker O’Malley DSN: 612-8580
IT INFOSEC Specialist Ms. Priscilla Bates DSN: 612-7857
IT INFOSEC Specialist Mrs. Latasha Beckles DSN: 612-8203
IT INFOSEC Specialist Mr. Lloyd Goodwin DSN: 612-9550
IT INFOSEC Specialist Mrs. Jamie Downing DSN: 612-7853
Cyber Surety/IA FAM MSgt Richard Hays DSN: 612-8201