Скачать презентацию ISP Preparation Series 1 — Chapter 5 Скачать презентацию ISP Preparation Series 1 — Chapter 5

225cc3b03cccb9fcc5f847e609772714.ppt

  • Количество слайдов: 32

ISP Preparation Series 1 - Chapter 5 ISP Preparation Series 1 - Chapter 5

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION Section 1: General Safeguarding General: (5 -100) Contractors shall CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION Section 1: General Safeguarding General: (5 -100) Contractors shall be responsible for safeguarding Safeguarding Oral Discussions: (5 -101) Prohibition against discussing classified information over unsecure telephones, etc. End of Day Check (5 -102) System of security checks Checks are not required during continuous 24 hour operations Perimeter controls (5 -103) Subject to an inspection of their personal effects Inspections shall be limited Contractual obligations and operational efficiency Emergency procedures- (5 -104) Shall be simple and practical © 2007 SCRA®. All Rights Reserved. 2 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION SECTION 2: CONTROL AND ACCOUNTABILITY 5 -200 Policy- capable CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION SECTION 2: CONTROL AND ACCOUNTABILITY 5 -200 Policy- capable of facilitating retrieval and disposition Accountability for Top Secret Control Officers (TSCO) An inventory will be conducted annually The transmittal of Top Secret information will be covered by continuous receipts Each item shall be numbered in series; 5 -202 Receiving Classified Material. To ensure that classified material is received by authorized personnel © 2007 SCRA®. All Rights Reserved. 3 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -203 Generation of Classified Material a. A record CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -203 Generation of Classified Material a. A record of Top Secret material (produced by the contractor) shall be made when the material is: 1. Completed 2. Retained 3. Transmitted b. Working papers (generated by the contractor) shall be 1. Dated 2. Marked 3. Destroyed 4. Marked in same manner as a finished document when: a. Retained b. Retained c. Transmitted © 2007 SCRA®. All Rights Reserved. 4 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION SECTION 3: STORAGE AND STORAGE EQUIPMENT 5 -300 General CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION SECTION 3: STORAGE AND STORAGE EQUIPMENT 5 -300 General – Uniform requirements shall not inhibit requirements of the law 5 -301 GSA Storage Equipment- GSA establishes uniform standards, and supply schedules 5 -302 TS Storage- 5 -303 SECRET storage- - Additional storage methods can be used until 1 Oct 2012 © 2007 SCRA®. All Rights Reserved. 5 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -304 CONFIDENTIAL Storage 5 -305 Restricted Areas- 5 CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -304 CONFIDENTIAL Storage 5 -305 Restricted Areas- 5 -306 Closed Areas- 1) Access is controlled through use of a cleared person or supplanting access device 2) Access is by clearance and need to know 3) Escort without appropriate clearance and need to know 4) Closed areas storing TS and Secret will be afforded supplemental protection during nonworking hours 5) When unattended, admittance shall be controlled by locked entrances and exits 5 -307 Supplemental Protection a) IDS will be used as supplemental protection b) Security guards approved as supplemental will continue to be used c) Supplemental is not required when the GSA container is in an area with security-in-depth © 2007 SCRA®. All Rights Reserved. 6 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -308 Protection of Combinations to Security Containers, Cabinets, CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -308 Protection of Combinations to Security Containers, Cabinets, Vaults, and Closed Areas- Only minimum number of personnel allowed combination; No external marking allowed 5 -309 Changing combinations-shall be changed by person that has access; shall be changed when: 5 -310 Supervision of Keys and Padlocks- As follows § Key and lock custodian § Key and lock control register § Audit § Inventory § Keys will not be removed from premises § Changed annually § Master keys are prohibited © 2007 SCRA®. All Rights Reserved. 7 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -311 Repair of Approved Containers- Shall be accomplished CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -311 Repair of Approved Containers- Shall be accomplished by appropriately cleared or continuously escorted personnel trained in methods of maintenance 5 -312 Supplanting Access Control Systems or Devices- systems which meet special criteria maybe used; Approval of the FSO is required © 2007 SCRA®. All Rights Reserved. 8 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -313 Automated Access Control- Must be capable of CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -313 Automated Access Control- Must be capable of identifying the individual entering the area; must assure in writing that their system will meet the following standards 1) Chances of an unauthorized individual gaining access 2) Chances of authorized individual being rejected for access 3) ID of individual entering the area can be obtained by ID badge, or personal identity a) ID badge must have embedded sensors, integrated circuits, b) Personal identity requires some supporting techniques c) A PIN is also required d) Authentication is accomplished through the ID badge, PIN, with an electronic database e) Locations must be protected f) Control panels g) Systems that use transmission lines shall be protected (Grade A by UL) h) Access to information shall be restricted to individuals i) Records shall be maintained j) During shift change if the door remains open, … © 2007 SCRA®. All Rights Reserved. 9 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -314 Electronic, mechanical or electro-mechanical devices- Provided the CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -314 Electronic, mechanical or electro-mechanical devices- Provided the material is no higher than Secret, electronic, mechanical, or electromechanical devices may be used to supplant contractor personnel or guards to control admittance; device maybe activated by a push button combination with a control card § The control panel maybe inside or outside the closed area; § Shall be installed in a manner to preclude access § Selection and setting of the combination § Electrical gear, wiring, etc. , § Personnel entering or exiting the area © 2007 SCRA®. All Rights Reserved. 10 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION SECTION 4: TRANSMISSION 5 -400 General 5 -401 Preparation CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION SECTION 4: TRANSMISSION 5 -400 General 5 -401 Preparation and Receipting-Classified that is transmitted shall be enclosed in opaque inner and outer covers a. Suspense system will be established c. When material is too big the packaging shall ensure necessary protection while material is in transit 5 -402 TOP SECRET transmission outside of facility- Written authorization is required from GCA; TS is transmitted by the following; § Defense Courier Service § Designated courier/escort § Electrical means © 2007 SCRA®. All Rights Reserved. 11 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -403 SECRET transmission outside of facility- Use the CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -403 SECRET transmission outside of facility- Use the following methods; § By the methods used for TS § US Postal Service Express mail/ registered mail § Cleared commercial carrier § Cleared messenger service § Commercial delivery service § Other methods in writing 5 -404 CONFIDENTIAL transmission outside of facility- methods used with Secret and US Postal Certified mail © 2007 SCRA®. All Rights Reserved. 12 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -405 Transmission outside of the US- Under provision CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -405 Transmission outside of the US- Under provision of a classified contract or written authorization from GCA a) TOP SECRET may be transmitted by Defense Courier Service, Dept of State, or courier service authorized by GCA b) SECRET and CONFIDENTIAL may be transmitted by 1) Registered mail 2) An appropriately cleared contractor employee 3) US Civil service employee or military 4) US or Canadian registered mail 5) as authorized by GCA © 2007 SCRA®. All Rights Reserved. 13 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -406 Addressing Classified Material-Classified material shall be addressed CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -406 Addressing Classified Material-Classified material shall be addressed to the Commander or approved classified address of a Federal activity or cleared contractor using the name and classified mailing address of the facility; a) When necessary to direct SECRET or CONFIDENTIAL material to a person b) When addressing SECRET or CONFIDENTIAL material at a facility where one person is assigned 5 -407 Transmission within a facility- Provide adequate measures © 2007 SCRA®. All Rights Reserved. 14 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -408 SECRET transmission by a commercial carrier- Approved CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -408 SECRET transmission by a commercial carrier- Approved by the CSA; the contractor is responsible for the following; § Protection § Shipped in hardened containers § Carrier equipment shall be sealed by the contractor or carrier when there is a full load; § For DOD contractors the notation “Protective Security Service required” shall be reflected on all copies of the BL § Selected by the US government § Contractor shall request routing instructions § Contractor shall notify consignee of nature of shipment, number of seals, time and date of arrival; Address the notification to an organizational entity; request that consignee notify contractor of any shipment not received within 48 hours of designated time of arrival § In addition, the contractor shall annotate on the BL: CARRIER TO NOTIFY THE CONSIGNOR AND CONSIGNEE IMMEDIATELY IF SHIPMENT IS DELAYED © 2007 SCRA®. All Rights Reserved. 15 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -409 CONFIDENTIAL Transmission by commercial carrier- material may CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -409 CONFIDENTIAL Transmission by commercial carrier- material may be shipped by CSA or GSA approved carrier; For DOD contractors a commercial carrier authorized by law or regulation shall be used when authorized by Surface Deployment and Distribution Command (formerly TMO) that the carrier has a tariff, government tender, or contract that provided Constant Surveillance Service; The contractor shall also: 5 -410 Use of Couriers, Hand carriers and Escorts- Contractors shall ensure cleared employees that are designated to be couriers, hand carriers or escorts are - briefed on their responsibility; - possess an ID card; - make arrangements to store classified material overnight at a cleared contractor facility or government installation; - sure that an inventory is made of contents prior and upon return of classified contents © 2007 SCRA®. All Rights Reserved. 16 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -411 Use of Commercial Passenger Aircraft for transmitting CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -411 Use of Commercial Passenger Aircraft for transmitting Classified Material- Maybe hand carried by cleared employee with approval of FSO § Routine processing § Special processing: § Authorization letter-Contractor shall provide a letter as written authorization 5 -412 Use of Escorts for classified shipments 5 -413 Escort functions- Escorts shall be responsible for © 2007 SCRA®. All Rights Reserved. 17 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION SECTION 5: DISCLOSURE 5 -500 General 5 -501 Disclosure CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION SECTION 5: DISCLOSURE 5 -500 General 5 -501 Disclosure to employees 5 -502 Disclosure to Subcontractors 5 -503 Disclosure between parent and subsidiary 5 -504 Disclosure in an MFO 5 -505 Disclosure to DOD activities 5 -506 Disclosure to Federal agencies 5 -507 Disclosure of Classified Information to Foreign Persons 5 -508 Disclosure of Export Controlled Information to Foreign Persons © 2007 SCRA®. All Rights Reserved. 18 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -509 Disclosure to Other Contractors 5 -510 Disclosure CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -509 Disclosure to Other Contractors 5 -510 Disclosure of Classified Information in connection with Litigation 5 -511 Disclosure to the Public- Contractors will not disclose classified or unclassified pertaining to a classified contract without prior approval by the 254 or GCA © 2007 SCRA®. All Rights Reserved. 19 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION SECTION 6: REPRODUCTION 5 -600 General - will be CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION SECTION 6: REPRODUCTION 5 -600 General - will be held to a minimum 5 -601 Limitations a) TS documents may be reproduced as necessary b) Unless restricted by the GCA Secret and Confidential may be reproduced as follows: c) Reproduced copies are allotted the same protection as original documents 5 -602 Marking Reproductions- All reproductions of classified material shall be marked with the same classification as the material being reproduced 5 -603 Records-Contractors shall maintain a record of the reproduction of all TS material © 2007 SCRA®. All Rights Reserved. 20 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION SECTION 7: DISPOSITION AND RETENTION 5 -700 General § CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION SECTION 7: DISPOSITION AND RETENTION 5 -700 General § Contractors shall establish procedures for review of their classified holdings on a recurring basis; 5 -701 Retention of Classified material- Contractors are authorized to retain classified material under a contract for 2 years after completion of the contract, provided GCA does not disapprove, a) Contractors shall identify classified material for retention beyond 2 years as follows: 1) TS shall be identified in a list of specific documents 2) Secret and Confidential material may be identified as general subject matter b) Contractors shall include a statement of justification based on the following: 1) Necessary for maintenance of records 2) Patentable or proprietary data to which the contractor has title 3) Research 4) Benefit the Government in other contracts c) If retention beyond 2 years is not authorized, all classified material in accordance with the contract will be destroyed, or the GCA has requested that the material be returned © 2007 SCRA®. All Rights Reserved. 21 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -702 Termination of Security Agreements- If the FCL CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -702 Termination of Security Agreements- If the FCL is terminated, the contractor shall return all classified to the GCA or dispose IAW instructions from the CSA 5 -703 Disposition of Classified material Not Received under a Specific Contract- a) Contractors shall return, or destroy classified material received with a bid, proposal, or quote within the following schedule: b) If the classified material was not received under a specific contract, destroy within 1 year of receipt 5 -704 Destruction- Contractors shall destroy classified material under their possession as soon as possible © 2007 SCRA®. All Rights Reserved. 22 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -705 Methods of Destruction§ Burning, shredding, pulping, melting, CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -705 Methods of Destruction§ Burning, shredding, pulping, melting, chemical decomposition or pulverizing § Pulpers § Disintegration, shredding, or burning § Cross-cut shredders § Any requiring replacement may be replaced with shredders on the NSA Evaluated Products List § Public destruction facilities § Classified material removed from a facility for destruction 5 -706 Witness to Destruction- Classified material shall be destroyed by authorized personnel © 2007 SCRA®. All Rights Reserved. 23 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -707 Destruction records- Destruction records are required for CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -707 Destruction records- Destruction records are required for TS 5 -708 Classified waste- Classified waste shall be destroyed as soon as possible SECTION 8: CONSTRUCTION REQUIREMENTS 5 -800 General- Construction requirements for closed areas and vaults © 2007 SCRA®. All Rights Reserved. 24 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -801 Construction requirements for closed areas- § Hardware CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -801 Construction requirements for closed areas- § Hardware § Walls § Windows § Door locking devices § Ceilings § Miscellaneous openings – All vents, ducts, in excess of 96 square inches must be protected with 18 inch expanded metal; A barrier is not needed if an approved IDS provides protection for the openings © 2007 SCRA®. All Rights Reserved. 25 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -802 Construction for Vaults- The concrete shall be CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -802 Construction for Vaults- The concrete shall be poured in place and have a compressive strength of 2500 pds per sq inch § Floor- § Walls- § Roof/ceiling- § Door- § Miscellaneous openings- © 2007 SCRA®. All Rights Reserved. 26 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION SECTION 9: INTRUSION DETECTION SYSTEMS 5 -900 General – CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION SECTION 9: INTRUSION DETECTION SYSTEMS 5 -900 General – this section provides the minimum standards for approved IDS when supplemental protection is required for TS and Secret material; The CSA will approve contingency protection in the event of IDS malfunction 5 -901 CSA Approval- CSA approval is required before installing a IDS; 5 -902 Central Monitoring Station § The Central Monitoring Station maybe located at a UL listed station: § Government Contractor Monitoring Station § Cleared commercial central station § Cleared protective signal service station § Cleared residential monitoring station § SECRET cleared central station employees § Necessary repairs § When an IDS is used it shall be activated at the close of business at the alarmed area; § Records shall be maintained for 90 days © 2007 SCRA®. All Rights Reserved. 27 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -903 Investigative Response to Alarms-The primary purpose is CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -903 Investigative Response to Alarms-The primary purpose is to ascertain if intrusion has occurred; if alarm resets then un-cleared team may respond, if damage is observed then cleared team must respond; if cleared team does not arrive within one hour then report to CSA is due by close of next business day a) Proprietary security force, security force personnel, central station guards or subcontracted guards may be used: 1) General Contracting Monitoring Station- 2) Commercial central station, protective signaling service station, or residential monitoring station- there shall be sufficient number of trained guards available; guards shall be cleared if they are allowed access to classified material 3) Un-cleared guards dispatched by commercial central station, protective signaling service or residential monitoring station shall remain on premises until a cleared representative of the facility arrives or for a period of not less than one hour; if a cleared person does not arrive the central control station must provide the CSA with a report within 24 hours 4) Subcontracted guards must be under a classified contract with the alarm company or the cleared facility b) The response time © 2007 SCRA®. All Rights Reserved. 28 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -904 Installation-The IDS at the facility shall be CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -904 Installation-The IDS at the facility shall be installed by a UL listed ASC or by a company approved by the CSA authorization is required in the following circumstances: § Line security is not available § Alarm installation provides Extent 5 protection § LE personnel are primary response § Alarm signal transmission is over computer controlled data-networks § Alarm investigator response time exceeds 15 minutes © 2007 SCRA®. All Rights Reserved. 29 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -905 Certification of Compliance- evidence of compliance will CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -905 Certification of Compliance- evidence of compliance will consist of a valid UL certificate for the appropriate category of service; Certificate that alarm company § Is listed as furnishing security systems of the category listed § Is authorized to issue the certificate of installation § Is subject to the UL field counter program © 2007 SCRA®. All Rights Reserved. 30 Version 1. 1 7 May 2007

CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -906 Exceptional cases a) If the previous requirements CHAPTER 5: SAFEGUARDING CLASSIFIED INFORMATION 5 -906 Exceptional cases a) If the previous requirements cannot be met, contractors may request approval by meeting one of the following conditions: 1) if you are monitored by a central control station 2) if you are connected by direct wire to alarm receiving equipment located in a local police station or public emergency service dispatch center Police dept response maybe only requested when: a) The contractor facility is located in an area where central control station services are not available with line security and/or proprietary security force personnel, or contractually-dispatched response to an alarm signal cannot be achieved within the time limits required by the CSA; installation of these systems must use UL listed equipment and be accomplished by an Alarm Service Center (ASC) listed by UL in the following categories: 1) Defense Industrial Security Systems 2) Proprietary Alarm Systems 3) Central Station Burglar Alarm System 4) Police Station Connected Burglar System b) An installation proposal explaining how the proposal would operate shall be submitted to the CSA; c) The contractor shall require a 15 minute response time from the police dept d) In exceptional cases the CSA may approve for cleared employees to be the sole response © 2007 SCRA®. All Rights Reserved. 31 Version 1. 1 7 May 2007

Questions? ? ? © 2006 By SCRA. All Rights Reserved 32 Version 1. 0 Questions? ? ? © 2006 By SCRA. All Rights Reserved 32 Version 1. 0 25 September 2006