s:11 sep 2007 dami-cds-so 28 aug 2007

"Protecting Our Nation's Intelligence"

1

S:S: 11 Sep 200711 Sep 2007DAMI-CDS-SODAMI-CDS-SO

28 Aug 2007 28 Aug 2007 MEMORANDUM FOR All HQDA SSO Supported Security ManagersMEMORANDUM FOR All HQDA SSO Supported Security Managers SUBJECT: Continuing Security Awareness ProgramSUBJECT: Continuing Security Awareness Program 1. Enclosed you will find Continuing Security Awareness Program training slides.1. Enclosed you will find Continuing Security Awareness Program training slides. 2. As prescribed in DoD 5105.21-M-1, all persons granted SCI access will be advised at least 2. As prescribed in DoD 5105.21-M-1, all persons granted SCI access will be advised at least annually of their continuing security responsibilities.annually of their continuing security responsibilities. 3.3. In order to receive credit for training, all personnel are required to turn in their signed In order to receive credit for training, all personnel are required to turn in their signed certificate and the “Watched DVD Only No Foreign Travel” form to their Security Manager.certificate and the “Watched DVD Only No Foreign Travel” form to their Security Manager.

4.4. Security Manager’s will ensure that all SCI indoctrinated personnel assigned/attached to their Security Manager’s will ensure that all SCI indoctrinated personnel assigned/attached to their organization complete Continuing Security Awareness Program trainingorganization complete Continuing Security Awareness Program training no later than 24 Sep 07. no later than 24 Sep 07. If an individual is on leave, then it will be completed upon their return. If an individual is on leave, then it will be completed upon their return. Additionally, Security Additionally, Security Manager’s will forward the names and dates training was completed to SSO DA, Personnel Manager’s will forward the names and dates training was completed to SSO DA, Personnel Security Branch in a roster format,Security Branch in a roster format, no later than 28 Sep 07. We do not want printed certificates. no later than 28 Sep 07. We do not want printed certificates.

5. Point of contacts for HQDA SSO are, Personnel Security Branch at 695-2758, 695-6663, and 5. Point of contacts for HQDA SSO are, Personnel Security Branch at 695-2758, 695-6663, and Physical Security 703-697-6349/3226.Physical Security 703-697-6349/3226. DANIEL J. SCHOCHDANIEL J. SCHOCHEnclEncl DANIEL J. SCHOCHDANIEL J. SCHOCHasas DACDAC

Special Security OfficerSpecial Security Officer


2

CONTINUING CONTINUING

SECURITY SECURITY

AWARENESS AWARENESS

PROGRAMPROGRAM

U.S. Army Special Security OfficeU.S. Army Special Security Office


3

FOREIGN INTELLIGENCE THREATFOREIGN INTELLIGENCE THREAT

SECURITY RISKS WITH NEW TECHNOLOGYSECURITY RISKS WITH NEW TECHNOLOGY

EMPLOYEE OUTSIDE ACTIVITIESEMPLOYEE OUTSIDE ACTIVITIES

FOREIGN TRAVEL/CONTACTSFOREIGN TRAVEL/CONTACTS

CLASSIFICATION AND CONTROL MARKINGSCLASSIFICATION AND CONTROL MARKINGS

PREPUBLICATION REVIEW REQUIREMENTPREPUBLICATION REVIEW REQUIREMENT

JOINT PERSONNEL ADJUDICATION SYSTEM (JPAS)JOINT PERSONNEL ADJUDICATION SYSTEM (JPAS)

OVERVIEWOVERVIEW


4


1.1. THE FOREIGN INTELLIGENCE THREAT BRIEF (FITB) addresses THE FOREIGN INTELLIGENCE THREAT BRIEF (FITB) addresses

efforts by Foreign Intelligence Services (FIS), foreign commercial efforts by Foreign Intelligence Services (FIS), foreign commercial

enterprises, foreign terrorists, or foreign computer intruders to enterprises, foreign terrorists, or foreign computer intruders to

acquire U.S. classified, sensitive, or proprietary information or acquire U.S. classified, sensitive, or proprietary information or

material, and the unauthorized disclosure of such information or material, and the unauthorized disclosure of such information or

material to foreign sources. material to foreign sources.

2.2. The FITB discusses the Source of the Threat, OPSEC, Type of The FITB discusses the Source of the Threat, OPSEC, Type of

Information Being Targeted, the Insider Threat, Volunteer Spies, Information Being Targeted, the Insider Threat, Volunteer Spies,

Personal Security Indicators that would indicate Improper or Personal Security Indicators that would indicate Improper or

Suspicious Activity, and the Technical / Non-HUMINT Threat.Suspicious Activity, and the Technical / Non-HUMINT Threat.

3.3. Think about it! How does the FIS Agent gather information about you Think about it! How does the FIS Agent gather information about you

or your organization? Your detailed signature block on your e-mail or your organization? Your detailed signature block on your e-mail

that lists your home, work, cell phone, e-mail, and physical address; that lists your home, work, cell phone, e-mail, and physical address;


5


3. … your’s or family members’ personal web sites such as My Space or 3. … your’s or family members’ personal web sites such as My Space or

Facebook Pages; conversations with fellow commuters about the Facebook Pages; conversations with fellow commuters about the

frustrations of the day soon turn into discussions about where you frustrations of the day soon turn into discussions about where you

work, what you do, family, the cost of housing, kids college, and other work, what you do, family, the cost of housing, kids college, and other

financial woes; cell phone conversations with clients or co-workers financial woes; cell phone conversations with clients or co-workers

discussing work, setting up meetings, going over slides to correct discussing work, setting up meetings, going over slides to correct

errors; organizational websites highlighting new technology and errors; organizational websites highlighting new technology and

specifications, news releases, deployment photos, social calendars, specifications, news releases, deployment photos, social calendars,

and so much more is collected to be used against us.and so much more is collected to be used against us.

4. How much did you disclose? What has the FIS agent gained? Who 4. How much did you disclose? What has the FIS agent gained? Who

have you endangered? What damage have you caused? When the have you endangered? What damage have you caused? When the

puzzle of information is put together and the dots connected, you puzzle of information is put together and the dots connected, you

may have disclosed Sensitive and Classified Information. You havemay have disclosed Sensitive and Classified Information. You have


6


4. … placed your family, co-workers, yourself, Troops overseas, and your 4. … placed your family, co-workers, yourself, Troops overseas, and your

Nation in Grave Danger! The damage you have caused is irreparable Nation in Grave Danger! The damage you have caused is irreparable

and the devastation can be seen in the body bags and grave sites!and the devastation can be seen in the body bags and grave sites!

5.5. You can protect yourself and your organization by maintaining You can protect yourself and your organization by maintaining

situational awareness, practicing OPSEC, and staying educated by situational awareness, practicing OPSEC, and staying educated by

using the resources available within the Intel Community. using the resources available within the Intel Community.

Unclassified information on the current Foreign Intelligence Threat, Unclassified information on the current Foreign Intelligence Threat,

and other CI publications can be found on the Office of the Director and other CI publications can be found on the Office of the Director

National Intelligence / Office of the National Counterintelligence National Intelligence / Office of the National Counterintelligence

Executive webpage Executive webpage http://www.ncix.gov/archives/index.html

6.6. The following invaluable resources are located in the NCIX Archives, The following invaluable resources are located in the NCIX Archives,

Publications, CI Issues sections, and Threats from Foreign Entities:Publications, CI Issues sections, and Threats from Foreign Entities:

a. A highly recommended resource for industry that details currenta. A highly recommended resource for industry that details current


7


6a. …intel threat against Corporations is the, 6a. …intel threat against Corporations is the, Annual Report to Congress Annual Report to Congress

on Foreign Economic Collection and Industrial Espionage, 2005on Foreign Economic Collection and Industrial Espionage, 2005

http://www.ncix.gov/publications/reports/fecie_all/FECIE_2005.pdf http://www.ncix.gov/publications/reports/fecie_all/FECIE_2005.pdf

b. CI Reader: An American Revolution into the New Millinium b. CI Reader: An American Revolution into the New Millinium

Volumes I-IV Volumes I-IV http://www.ncix.gov/issues/CI_Reader/index.htmlhttp://www.ncix.gov/issues/CI_Reader/index.html

7.7. Additional guidance is posted on these IC and Security-Related Sites: Additional guidance is posted on these IC and Security-Related Sites:

a. Economic Espionage a. Economic Espionage http://www.fbi.gov/hq/ci/economic.htmhttp://www.fbi.gov/hq/ci/economic.htm

b. Research & Technology (RPT) Program b. Research & Technology (RPT) Program http://www.infragard.net/http://www.infragard.net/

c. Anatomy of an Industrial Espionage Attack by Ira S. Winklerc. Anatomy of an Industrial Espionage Attack by Ira S. Winkler

http://www.usda.gov/da/pdsd/SecurityGuideEmployees/V1comput/Case1.htm http://www.usda.gov/da/pdsd/SecurityGuideEmployees/V1comput/Case1.htm

d. State Department d. State Department http://www.state.gov/ http://www.state.gov/


8


e. Office of the Director of National Intelligence e. Office of the Director of National Intelligence

http://www.dni.gov/testimonies/20060228_testimony.htmhttp://www.dni.gov/testimonies/20060228_testimony.htm

f. DSS Industrial Security Counterintelligence f. DSS Industrial Security Counterintelligence

https://www.dss.mil/portal/ShowBinary/BEA%20Repository/https://www.dss.mil/portal/ShowBinary/BEA%20Repository/

new_dss_internet//isp/count_intell/count_n_sec_count_meas.html new_dss_internet//isp/count_intell/count_n_sec_count_meas.html

8.8. The key to reducing the Foreign Intelligence Threat is to Practice and The key to reducing the Foreign Intelligence Threat is to Practice and

Remember OPSEC! National Security is everybody’s business!Remember OPSEC! National Security is everybody’s business!


9

Mass StorageMass Storage

MiniaturizationMiniaturization

Imaging TechnologyImaging Technology

Wireless Technology Wireless Technology AdvancesAdvances

THE FOLLOWING 8 SLIDES DEPICTS DEVICES THAT ARE CAPABLE OF THE FOLLOWING 8 SLIDES DEPICTS DEVICES THAT ARE CAPABLE OF ELECTRONICALLY GATHERING/COPYING INFORMATIONELECTRONICALLY GATHERING/COPYING INFORMATION

SECURITY RISKS WITH NEW SECURITY RISKS WITH NEW TECHNOLOGYTECHNOLOGY


10


New Technology poses new threats to security, not limited to New Technology poses new threats to security, not limited to Computer Security Next Generation Devices, new devices and miniaturization.Computer Security Next Generation Devices, new devices and miniaturization.

Thumb DriveThumb DrivePen DrivePen Drive


11

Security Risks w/ New Technology

The problem is real! Stolen military data for sale in AfghanistanDespite crackdown, computer drives found

with names of HUMINT sources. Memory sticks (Thumb Drives) like these,

on sale at the bazaar outside the U.S. military base in Bagram, were found to contain U.S. intelligence data.

Shoaib Amin / AP


12

USB Memory WatchUSB Memory Watch

Imaging DevicesImaging Devices



13

MiniaturizationMiniaturization

Casio Watch Camera:Casio Watch Camera: Casio Audio Recorder:Casio Audio Recorder:

MP3 DevicesMP3 Devices



14

New Audio Recorders New Audio Recorders with USB connectivitywith USB connectivity

New Video DevicesNew Video Devices



15

Other USB GizmosOther USB Gizmos

E-Pen E-Pen

The Mother LodeThe Mother Lode



16

Integrated DevicesIntegrated Devices



17

Motorola V600Motorola V600

Integrated DevicesIntegrated Devices



18

DefenseDefense

• Educate Users!Educate Users!• Work closely with System Administrators and Information Systems Work closely with System Administrators and Information Systems

Security Officers (ISSO).Security Officers (ISSO).• Inquire about technical details of products purchased.Inquire about technical details of products purchased.• Pass information on to those who do Entry / Exit inspections.Pass information on to those who do Entry / Exit inspections.• Conduct periodic system inspections.Conduct periodic system inspections.• Be aware of possible risks and pay attention to those around you.Be aware of possible risks and pay attention to those around you.

Bottom LineBottom Line

Don’t assume the device is authorized in the facility.Don’t assume the device is authorized in the facility.Contact the Security Office if you have any questions.Contact the Security Office if you have any questions.

Inquire about technical details of proposed purchases Inquire about technical details of proposed purchases beforebefore ordering items. ordering items.



19

1. Potential conflicts with an individual’s responsibility to protect SCI 1. Potential conflicts with an individual’s responsibility to protect SCI material may arise from outside employment or other outside activity material may arise from outside employment or other outside activity from contact or association with foreign nationals. from contact or association with foreign nationals.

2. In cases where such employment or association has resulted in a 2. In cases where such employment or association has resulted in a suspected or established compromise of SCI, the local SCI security suspected or established compromise of SCI, the local SCI security official and supporting CI activity must be advised immediately.official and supporting CI activity must be advised immediately.

3. Involvement in non-U.S. government employment or activities that 3. Involvement in non-U.S. government employment or activities that raise potential conflicts with an individual’s responsibility to protect raise potential conflicts with an individual’s responsibility to protect classified information is of security concern and must be evaluated by an classified information is of security concern and must be evaluated by an SCI security official to determine whether the conflict is of such a nature SCI security official to determine whether the conflict is of such a nature that SCI access should be denied or revoked.that SCI access should be denied or revoked.

4. Individuals who hold or are being considered for SCI access approval 4. Individuals who hold or are being considered for SCI access approval must report in writing to the local SCI security official any existing or must report in writing to the local SCI security official any existing or contemplated outside employment or activity that appears to meet the contemplated outside employment or activity that appears to meet the criteria listed below:criteria listed below:

EMPLOYEE OUTSIDE ACTIVITIESEMPLOYEE OUTSIDE ACTIVITIES


20

a. Employment that must be reported includes compensated or volunteer a. Employment that must be reported includes compensated or volunteer service with any foreign national; with a representative of any foreign service with any foreign national; with a representative of any foreign interest; or with any foreign, domestic, or international organization or interest; or with any foreign, domestic, or international organization or person engaged in analysis, discussion, or publication of material on person engaged in analysis, discussion, or publication of material on intelligence, defense, or foreign affairs.intelligence, defense, or foreign affairs.

b. Continuing association with foreign nationals must be reported.b. Continuing association with foreign nationals must be reported.

c. When outside employment of activity raises doubt as to an individual’s c. When outside employment of activity raises doubt as to an individual’s willingness or ability to safeguard classified information, he/she will be willingness or ability to safeguard classified information, he/she will be advised that continuing that employment or activity may result in withdrawal advised that continuing that employment or activity may result in withdrawal of SCI access, and be given an opportunity to discontinue. If the individual of SCI access, and be given an opportunity to discontinue. If the individual terminates the outside employment or activity of security concern, his or her terminates the outside employment or activity of security concern, his or her SCI access approval(s) may be continued, provided this is otherwise SCI access approval(s) may be continued, provided this is otherwise consistent with national security requirements.consistent with national security requirements.

EMPLOYEE OUTSIDE ACTIVITIES EMPLOYEE OUTSIDE ACTIVITIES (CONT’D)(CONT’D)


21

1. Personnel w/ SCI access who plan official or unofficial foreign travel will:1. Personnel w/ SCI access who plan official or unofficial foreign travel will:

a. View the Foreign Travel Brief, a. View the Foreign Travel Brief, Expect the Unexpected, Defensive Expect the Unexpected, Defensive Tactics for a Safe TripTactics for a Safe Trip AbroadAbroad, put out by DIA which is posted on the SSO , put out by DIA which is posted on the SSO Unclassified Website at the following link: Unclassified Website at the following link: http://www.dami.army.pentagon.mil/offices/dami-cd/sso/travel.asp Click on this Click on this link and follow the instructions.link and follow the instructions.

(1). For the purpose of this training: please watch the video and follow (1). For the purpose of this training: please watch the video and follow instruction 2 (a), which tells you to print the pdf file “Watched DVD only No Foreign instruction 2 (a), which tells you to print the pdf file “Watched DVD only No Foreign Travel “and fax the signed completed form to the Unclassified Fax for SSO DA at Travel “and fax the signed completed form to the Unclassified Fax for SSO DA at 703-697-3466 (DSN 227)!703-697-3466 (DSN 227)!

b. Report anticipated foreign travel to immediate supervisors or local SCI b. Report anticipated foreign travel to immediate supervisors or local SCI security officials (Security Manager) by filling out the Foreign Travel Brief security officials (Security Manager) by filling out the Foreign Travel Brief form, located in the above mentioned SSO Unclassified Website, which form, located in the above mentioned SSO Unclassified Website, which states: the dates of travel, the country (ies) you will be visiting, and the date states: the dates of travel, the country (ies) you will be visiting, and the date you received your Foreign Travel Brief. you received your Foreign Travel Brief.

c. Supervisors will ensure personnel become knowledgeable of threat c. Supervisors will ensure personnel become knowledgeable of threat conditions, monitor the itinerary from a safety point-of-view, and follow-up on conditions, monitor the itinerary from a safety point-of-view, and follow-up on security-related issues. Current travel warnings and local customs are security-related issues. Current travel warnings and local customs are available for most foreign countries on the State Department Website: available for most foreign countries on the State Department Website: http://travel.state.gov/travel/cis_pa_tw/tw/tw_1764.html d. Report any unusual incidents to your agency security manager.d. Report any unusual incidents to your agency security manager.

FOREIGN TRAVEL/CONTACTSFOREIGN TRAVEL/CONTACTS


22

2.2. SCI indoctrinated personnel must protect themselves against SCI indoctrinated personnel must protect themselves against cultivation and possible exploitation by foreign nationals who are or cultivation and possible exploitation by foreign nationals who are or may be working for foreign intelligence services and to whom they may be working for foreign intelligence services and to whom they might unwittingly provide sensitive or classified national security might unwittingly provide sensitive or classified national security information.information.

3. Persons with SCI access have a continuing responsibility to report, 3. Persons with SCI access have a continuing responsibility to report, within 72 hours, to their immediate supervisor or local SCI security within 72 hours, to their immediate supervisor or local SCI security official all contacts:official all contacts:

a. That are of a close, continuing personal association, characterized a. That are of a close, continuing personal association, characterized by ties of kinship, affection, or obligation with foreign nationals. by ties of kinship, affection, or obligation with foreign nationals. Casual contacts and associations arising from living in a community Casual contacts and associations arising from living in a community normally need not be reported.normally need not be reported.

b. In which illegal or authorized access is sought to classified, b. In which illegal or authorized access is sought to classified, sensitive, or proprietary information or technology, either within or sensitive, or proprietary information or technology, either within or outside the scope of the employee’s official activities. Personnel outside the scope of the employee’s official activities. Personnel should be skeptical of requests for information that go beyond the should be skeptical of requests for information that go beyond the bounds of innocent curiosity or normal business inquiries.bounds of innocent curiosity or normal business inquiries.

c. With known or suspected intelligence officers from any country.c. With known or suspected intelligence officers from any country.

FOREIGN TRAVEL/CONTACTS (CONT’D)FOREIGN TRAVEL/CONTACTS (CONT’D)


23

d. With, or invitations from, foreign government officials except as d. With, or invitations from, foreign government officials except as stated in (1) and (2) below:stated in (1) and (2) below:

(1) Unless specifically approved by the appropriate SIO, SOIC, or (1) Unless specifically approved by the appropriate SIO, SOIC, or designee, DoD SCI-Indoctrinated personnel will not initiate contact with designee, DoD SCI-Indoctrinated personnel will not initiate contact with foreign government representatives, accept invitations to attend any foreign government representatives, accept invitations to attend any official or social foreign function, or extend reciprocal invitations.official or social foreign function, or extend reciprocal invitations.

(2) DoD personnel whose official duties require them to deal (2) DoD personnel whose official duties require them to deal officially and socially with foreign nationals must limit their contact and officially and socially with foreign nationals must limit their contact and association to the requirements of their duties. association to the requirements of their duties.

4. Failure to report foreign contacts, as required above, may result in 4. Failure to report foreign contacts, as required above, may result in reevaluation of eligibility for continued SCI access. This does not imply reevaluation of eligibility for continued SCI access. This does not imply that an individual will automatically be subject to administrative action if that an individual will automatically be subject to administrative action if he/she reports questionable contacts or associations. he/she reports questionable contacts or associations.

5. These instructions are not intended to inhibit or discourage contact 5. These instructions are not intended to inhibit or discourage contact with foreign nationals. They are meant to ensure that the nature of the with foreign nationals. They are meant to ensure that the nature of the contacts and associations and all relevant information developed are contacts and associations and all relevant information developed are properly documented and disseminated.properly documented and disseminated.

FOREIGN TRAVEL/CONTACTS (CONT’D)FOREIGN TRAVEL/CONTACTS (CONT’D)


24

The Authorized Classification and Control Markings Register provides seven categories of informationThe Authorized Classification and Control Markings Register provides seven categories of information

CLASSIFICATION & CONTROL MARKINGS CLASSIFICATION & CONTROL MARKINGS

US CLASSIFICATION//NON-US CLASSIFICATION//SCI CONTROL SYSTEMS AND SUB-CATEGORIES//FOREIGN GOVERNMENT US CLASSIFICATION//NON-US CLASSIFICATION//SCI CONTROL SYSTEMS AND SUB-CATEGORIES//FOREIGN GOVERNMENT INFORMATION//DISSEMINATION CONTROLS//NON-INTELLIGENCE COMMUNITY MARKINGS//DECLASSIFICATION DATE MARKINGINFORMATION//DISSEMINATION CONTROLS//NON-INTELLIGENCE COMMUNITY MARKINGS//DECLASSIFICATION DATE MARKING

… … and here is an example of a US-originated classification line with instructions.and here is an example of a US-originated classification line with instructions.

Conspicuously place the classification line at the top and Conspicuously place the classification line at the top and bottom of each page; it must be in uppercase with exception bottom of each page; it must be in uppercase with exception of the word “and” in the REL TO marking. A double slash of the word “and” in the REL TO marking. A double slash separates categories; use only the categories that apply to separates categories; use only the categories that apply to the document. When necessary, break the line after a the document. When necessary, break the line after a punctuation mark. Mark unclassified documents when punctuation mark. Mark unclassified documents when transmitted over a classified system or when they contain transmitted over a classified system or when they contain dissemination controls, such as FOUOdissemination controls, such as FOUO

Separate Dissemination Control Separate Dissemination Control markings with a comma-no space markings with a comma-no space after the comma. List in order after the comma. List in order shown in markings register.shown in markings register.

In the REL TO markings, always list USA first, In the REL TO markings, always list USA first, followed by other countries in alphabetical trigraph followed by other countries in alphabetical trigraph order. Use ISO 3166 trigraph country codes; separate order. Use ISO 3166 trigraph country codes; separate trigraphs with a comma and a space—no comma trigraphs with a comma and a space—no comma before or after “and”.before or after “and”.

The word “and” is the only word in The word “and” is the only word in lowercase in the marking system.lowercase in the marking system.

TOP SECRET//HCS/COMINT-GAMMA/TK//FGI CAN GBR//RSEN,ORCON,REL TO USA,CAN and GBR//SAR//X5TOP SECRET//HCS/COMINT-GAMMA/TK//FGI CAN GBR//RSEN,ORCON,REL TO USA,CAN and GBR//SAR//X5

Identify the SCI control Identify the SCI control systems and subsystems.systems and subsystems.

Use a single slash (no space) to Use a single slash (no space) to separate SCI control systems.separate SCI control systems.

Identify source of FGI in a US-Identify source of FGI in a US-originated document. Use FGI + originated document. Use FGI + trigraph country code in alphabetical trigraph country code in alphabetical order, separated by single space.order, separated by single space. Use numerical date Use numerical date

exemption code, or MR, exemption code, or MR, as appropriate for as appropriate for document. Limited to one document. Limited to one entry. Must use X5 if entry. Must use X5 if document contains FGI.document contains FGI.

Use a hyphen (no space) between the SCI control system Use a hyphen (no space) between the SCI control system identifier (e.g., COMINT and the SCI subsystem (e.g. GAMMA).identifier (e.g., COMINT and the SCI subsystem (e.g. GAMMA).

Separate multiple Non-Intelligence Community Separate multiple Non-Intelligence Community markings with a comma—no space after the markings with a comma—no space after the comma.comma.

Precedence Order and Authorized Portion MarkingsPrecedence Order and Authorized Portion Markings

1.1.US ClassificationUS Classification 3. SCI Control System/Subsystem3. SCI Control System/Subsystem 5. Dissemination Control Markings5. Dissemination Control Markings 6. Non-6. Non-Intelligence Community MarkingsIntelligence Community Markings

TOP SECRETTOP SECRET (TS)(TS) HCS (HCS)HCS (HCS) RSENRSEN(RS)(RS) SPECIAL ACCESS REQUIRED-[nickname] (SAR-NM)SPECIAL ACCESS REQUIRED-[nickname] (SAR-NM)

SECRETSECRET (S)(S) BYE (BYE)BYE (BYE) FOUOFOUO(FOUO)(FOUO) SENSITIVE INFORMATION (SINFO)SENSITIVE INFORMATION (SINFO)

CONFIDENTIALCONFIDENTIAL (C)(C) COMINT (SI)COMINT (SI) ORCONORCON(OC)(OC)

UNCLASSIFIEDUNCLASSIFIED (U)(U) GAMMA (G)GAMMA (G) ++ SAMISAMI(SAMI)(SAMI) 7. Declassification Information7. Declassification Information

TALENT KEYHOLE (TK)TALENT KEYHOLE (TK) ++ IMCONIMCON(IMC)(IMC) Date (YYYYMMDD)Date (YYYYMMDD)

NOFORNNOFORN(NF)(NF) X1 thru X8 or EO 12958 (X5 takes priority)X1 thru X8 or EO 12958 (X5 takes priority)

2. Non-US Classification2. Non-US Classification 4. Foreign Government Information4. Foreign Government Information PROPINPROPIN(PR)(PR) MR – Use “MR” when –MR – Use “MR” when –

+ (Reserved for other+ (Reserved for other Example: Canadian Secret InformationExample: Canadian Secret Information Authorized for Release to.. (REL TO)Authorized for Release to.. (REL TO) Decl is based on Decl is based on specific event;specific event;

countries and internationalcountries and international (//CAN S)(//CAN S) USA/[ALPHABETICAL USA/[ALPHABETICAL COUNTRYCOUNTRY Decl block shows “Source Marked OADR’;Decl block shows “Source Marked OADR’;

org—NATO, BWCS, CWCS,org—NATO, BWCS, CWCS, TRIGRAPH] EYES ONLYTRIGRAPH] EYES ONLY(EYES)(EYES) Document contains Restricted Data, FRD,Document contains Restricted Data, FRD,GCTF, KFOR, PGMF, SFOR)GCTF, KFOR, PGMF, SFOR) DEA SensitiveDEA Sensitive

(DSEN)(DSEN) or NATO classified information.or NATO classified information.

Never use MR in declassification block.Never use MR in declassification block.*Refer to (U) Authorized Classification and Control Markings Register (SECRET) for complete listing of markings. The Register, Implementation Manual, and Country *Refer to (U) Authorized Classification and Control Markings Register (SECRET) for complete listing of markings. The Register, Implementation Manual, and Country Codes are posted on Intelink-TS at Codes are posted on Intelink-TS at http://www.dia.ic.gov/homepage/security.html and Intelink-S at http://www.cms.cia.sgov.gov/capco. + Denotes substantive change.+ Denotes substantive change.

Refer to DIAR 50-2, DoD 5105.21-M-1 and DoD 5200.1R for additional detailed instructions.Refer to DIAR 50-2, DoD 5105.21-M-1 and DoD 5200.1R for additional detailed instructions.UNCLASSIFIED//FOR OFFICIAL USE ONLYUNCLASSIFIED//FOR OFFICIAL USE ONLY


25

1. Security Review Process (Prepublication Review). DoD SCI-1. Security Review Process (Prepublication Review). DoD SCI-indoctrinated personnel are encouraged to participate as speakers in indoctrinated personnel are encouraged to participate as speakers in recognized forums and to submit professional papers. Such participation recognized forums and to submit professional papers. Such participation encourages the exchange of information and promotes professional encourages the exchange of information and promotes professional growth.growth.

2. Prior to public disclosure in any form, 2. Prior to public disclosure in any form, an SCI-indoctrinated or debriefed individual will submit for security an SCI-indoctrinated or debriefed individual will submit for security review all material intended for disclosure that may contain SCI or SCI-review all material intended for disclosure that may contain SCI or SCI-derived information. Submit the material to the Department or Agency derived information. Submit the material to the Department or Agency that last authorized the individual’s access to such information. Review that last authorized the individual’s access to such information. Review action must start without delay; an initial reply to the author must be action must start without delay; an initial reply to the author must be made within 30 days.made within 30 days.

a. The a. The SCI prepublication review in no way absolves an individual from following SCI prepublication review in no way absolves an individual from following the requirements of DoD Directive 5230.9, “Clearance of DoD Information the requirements of DoD Directive 5230.9, “Clearance of DoD Information for Public Release,” or other regulations requiring certain military/DoD for Public Release,” or other regulations requiring certain military/DoD persons to submit material for review prior to public release.persons to submit material for review prior to public release.

b. The SCI security officer b. The SCI security officer receiving the material will make an initial review and coordinate the receiving the material will make an initial review and coordinate the review as required. If a determination cannot be made initially as to review as required. If a determination cannot be made initially as to whether SCI is involved, the material will be forwarded through SCI whether SCI is involved, the material will be forwarded through SCI channels to Command, Defense Agency, or Military Department level for channels to Command, Defense Agency, or Military Department level for review.review.

PREPUBLICATION REVIEW REQUIREMENTPREPUBLICATION REVIEW REQUIREMENT


26

3. All proposed public statements on information derived from SCI or 3. All proposed public statements on information derived from SCI or concerning SCI operations, sources, or methods must be reviewed and concerning SCI operations, sources, or methods must be reviewed and approved before release by the appropriate SOIC or designee.approved before release by the appropriate SOIC or designee.

4. Resumes or applications for employment which detail technical 4. Resumes or applications for employment which detail technical expertise gained through government employment in classified or sensitive expertise gained through government employment in classified or sensitive programs must be written in an unclassified context even if the potential programs must be written in an unclassified context even if the potential employer is known to be a cleared defense contractor. A security review employer is known to be a cleared defense contractor. A security review should be requested to resolve questions or concerns regarding possible should be requested to resolve questions or concerns regarding possible classified content prior to submission to a potential employer. The classified content prior to submission to a potential employer. The following statement is appropriate for use in resumes or applications following statement is appropriate for use in resumes or applications regarding clearance status when seeking employment with an organization regarding clearance status when seeking employment with an organization involved in classified programs:involved in classified programs:

CLEARED FOR TOP SECRET INFORMATION ANDCLEARED FOR TOP SECRET INFORMATION ANDGRANTED ACCESS TO SENSITIVE GRANTED ACCESS TO SENSITIVE

COMPARTMENTEDCOMPARTMENTEDINFORMATION BASED ON SINGLE SCOPE BACKGROUNDINFORMATION BASED ON SINGLE SCOPE BACKGROUND

INVESTIGATION COMPLETED ON (DATE).INVESTIGATION COMPLETED ON (DATE).

5. The individual’s servicing SCI security official can provide SSBI 5. The individual’s servicing SCI security official can provide SSBI completion dates and case control numbers. Do not indicate or provide completion dates and case control numbers. Do not indicate or provide digraphs/trigraphs on a resume or job application.digraphs/trigraphs on a resume or job application.

PREPUBLICATION REVIEW REQUIREMENT PREPUBLICATION REVIEW REQUIREMENT (CONT’D)(CONT’D)


27

6. The local SCI security official will establish local written procedures or 6. The local SCI security official will establish local written procedures or security reviews or pre-publication reviews. The requirements for security security reviews or pre-publication reviews. The requirements for security review and prepublication review will be part of the annual security review and prepublication review will be part of the annual security education program. The local SCI security official will ensure that proper education program. The local SCI security official will ensure that proper local coordination has been effected with the appropriate government local coordination has been effected with the appropriate government agency public affairs or information office to ensure that a prepublication agency public affairs or information office to ensure that a prepublication review has been conducted for any public releases that may possibly review has been conducted for any public releases that may possibly contain SCI.contain SCI.

PREPUBLICATION REVIEW REQUIREMENT PREPUBLICATION REVIEW REQUIREMENT (CONT’D)(CONT’D)


28

1. Effective 14 Feb 05, JPAS is the Army’s system of record to determine 1. Effective 14 Feb 05, JPAS is the Army’s system of record to determine clearance eligibility and current command access level. This change is clearance eligibility and current command access level. This change is necessary and desirable in order to provide a single location to input, necessary and desirable in order to provide a single location to input, maintain and retrieve eligibility and access data on all DoD personnel.maintain and retrieve eligibility and access data on all DoD personnel.

2. Account Managers will ensure that all personnel with access to JPAS 2. Account Managers will ensure that all personnel with access to JPAS have received the appropriate live or online training prior to being granted have received the appropriate live or online training prior to being granted system access.system access.

3. SSO/Security Manager (SM) will create a relationship with each 3. SSO/Security Manager (SM) will create a relationship with each individual that they are responsible for. Every individual must be owned by individual that they are responsible for. Every individual must be owned by someone in order for JPAS notifications (adjudications, suspensions, etc) someone in order for JPAS notifications (adjudications, suspensions, etc) to be transmitted to owners and servicing offices. To determine what type to be transmitted to owners and servicing offices. To determine what type of relationship should exist, use the following guidelines:of relationship should exist, use the following guidelines:

JOINT PERSONNEL ADJUDICATION JOINT PERSONNEL ADJUDICATION SYSTEM (JPAS)SYSTEM (JPAS)


29

JOINT PERSONNEL ADJUDICATION JOINT PERSONNEL ADJUDICATION SYSTEM (JPAS) (CONT’D)SYSTEM (JPAS) (CONT’D)

a. SSOs will take an “owning” relationship of a. SSOs will take an “owning” relationship of all SCI cleared personnel that are in their SCI billets by becoming their all SCI cleared personnel that are in their SCI billets by becoming their SCI Security Management Office (SMO).SCI Security Management Office (SMO).

b. SSOs will take “servicing” relationship of all SCI personnel that b. SSOs will take “servicing” relationship of all SCI personnel that they are providing support to when the individual’s SCI billet is held by they are providing support to when the individual’s SCI billet is held by another command/organization.another command/organization.

c. SMs will take an “owning” relationship of all personnel within c. SMs will take an “owning” relationship of all personnel within their command/unit by becoming their non SCI SMOs. This will provide their command/unit by becoming their non SCI SMOs. This will provide local SMs/Commands/Units with visibility of the status of all of their local SMs/Commands/Units with visibility of the status of all of their personnel. It will also cause initial questions regarding clearance issues personnel. It will also cause initial questions regarding clearance issues to be directed to the local SM. to be directed to the local SM.

d. SMs will take a “servicing” relationship of all personnel that they d. SMs will take a “servicing” relationship of all personnel that they do not “own” but for whom they provide supporting services to. (This do not “own” but for whom they provide supporting services to. (This may include Consolidated Security Offices that provide final transmission may include Consolidated Security Offices that provide final transmission of Personnel Security Investigation (PSI) forms and/or maintaining official of Personnel Security Investigation (PSI) forms and/or maintaining official security records.)security records.)


30

CERTIFICATE OF CERTIFICATE OF TRAININGTRAINING

This is to certify that I, ______________, This is to certify that I, ______________, have completed thehave completed the

TYPED/PRINTED NAMETYPED/PRINTED NAME

Continuing Security Awareness Continuing Security Awareness Program Training.Program Training.

__________________________________ ________________________ __________________________________ ________________________

SIGNATURESIGNATURE DATEDATE

(Please give this certificate to your Security Manager upon completion of training).

CERTIFICATE OF CERTIFICATE OF TRAININGTRAINING

This is to certify that I, ______________, This is to certify that I, ______________, have completed thehave completed the

TYPED/PRINTED NAMETYPED/PRINTED NAME

Continuing Security Awareness Continuing Security Awareness Program Training.Program Training.

__________________________________ ________________________ __________________________________ ________________________

SIGNATURESIGNATURE DATEDATE

(Please give this certificate to your Security Manager upon completion of training).

s:11 sep 2007 dami-cds-so 28 aug 2007

Documents

physical security

security managerssubject

personnel security branch

personal security indicators

foreign terrorists

foreign sources

foreign commercial enterprises

foreign travel form