Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Navy Security PQS
| Term | Definition |
|---|---|
| Function of the SSO | Principal advisor on the SCI (Sensitive Compartmented Information) security program Responsible to commanding officer for management and administration of program Responsible for operation and security of SCIF (SCI Facility) |
| Function of the Command Security Officer/Command Security Manager (CSO/CSM) | Designates a security manager, TSCO, information assurance manager (IAM), security officer, and a special security officer in writing – Writes command policy – Training – Prepares emergency plan for the protection of classified material |
| Information Assurance Manager/Information Systems Security Manager (IAM/ISSM) | – Point of contact for all command information assurance (IA) matters – Implements command’s IA program |
| Information Assurance Officer (IAO) | – Designated for each information system – Maintain command’s information technology systems and network requirements |
| Top Secret Control Officer (TSCO) | – Handles Top Secret (TS) information and reports directly to security manager – Maintain system of accountability Ensure inventories of TS are conducted at least once annually |
| TOP SECRET | Unauthorized disclosure results in exceptionally grave damage to National Security Continuously accounted for, individually serialized, and registered DCS, DOS Diplomatic Courier or cleared personnel transport with 2 opaque, sealed covers to conceal |
| SECRET | Unauthorized disclosure results in serious damage to National Security Transport same as TOP SECRET, but U.S. Postal Service (USPS) and other controlled carriers also approved in certain situations |
| CONFIDENTIAL | Unauthorized disclosure results in damage to National Security – Same controls and transport as SECRET, with additional approved carriers |
| U//FOUO (Unclassified For Official Use Only) | – Information may be withheld under one or more of exemptions of the FOIA Program, outlined in SECNAVINST 5720.42F – May be disseminated within DoD components or other U.S. Government Agencies for conduct of official business. – Mail through USPS |
| Sensitive Compartmented Information/Sensitive Information (SCI) | Access approved based on mission requirements and individual’s need-toknow – Only accessible in an accredited SCIF – Personnel with access must complete security indoctrination and sign a nondisclosure agreement – Double wrapping for transport |
| Allied Information/Publications | – FGI – NATO classified information shall be safeguarded in compliance with USSAN 107 – Info classified by a foreign government or international organization retains original classification or is assigned a U.S. equivalent – Documents transmitted in |
| Special Access Program: | Any DoD program or activity employing enhanced security measures (e.g., safeguarding or personnel adjudication requirements) DOD Manual 5205.07, Special Access Program (SAP) Security Manual: Personnel Security (24 November 2015) |
| ORCON Originator Control | Most restrictive intelligence control marking – Used to enable the originator to maintain continuing knowledge and supervision of distribution of the intelligence beyond its original dissemination |
| Alternative Compensatory Control Measures (ACCM) | Agency heads may adopt to protect against loss or unauthorized disclosure to meet operational requirements – Alternative measures provide protection to reasonably deter and detect loss or unauthorized disclosure Risk management factors will include se |
| Foreign Releasability: | Must have a need-to-know; determined by agency heads through their designees, and be notified of applicable handling instructions Documents must be stored in such a manner as to prevent unauthorized access and transmitted in a method approved for class |
| Access controls | Automated Entry Control Systems (AECS): must identify an individual and authenticate person’s authority to enter – Identification Badges or Key Cards: must use means of encoding data that identifies facility and individual to whom the card is issued – P |
| Anti-Terrorism Force Protection | Provides guidance/information to reduce vulnerability of DON military and civilian personnel, family, select contractors, resources, facilities, and ships to terrorist acts – Local commanders will inform Department of the Navy (DON) personnel who are per |
| Storage requirements for classified material | Classified information not under the personal control or observation of an appropriately cleared person shall be guarded or stored in locked GSAapproved security container, vault, modular vault, or secure room Commanding officer may require or impose sec |
| Physical Security required forms | DD 254: Contract Security Classification Specification – DD 2501: Courier Authorization Card – OPNAV 5511/10: Record of Receipt – OPNAV 5511/51: Security Discrepancy Notice – SF 700 – SF 712: Security Container Information, Activity Security Checklist |
| Conditions that warrant implementation of the Command Emergency Action (move)/Destruction (Destroy) Plan | – Natural disasters (fire, flood, hurricane, tornado, earthquake) – Hostile action (terrorist attack, rioting, civil uprising) – CO, XO, OPS, or in their absence Command Duty Officer (CDO) or senior person present in building |
| Authority to impose, modify or cancel the Command Emergency Action (move)/Destruction (Destroy) Plan | CO, XO, OPS, or in their absence CDO or senior person present in building |
| Authority to order emergency destruction onboard a deployed unit | CO, XO, CDO, Senior person – Only CO can authorize precautionary destruction (anything not being used right now to complete the mission) |
| Access | Ability and opportunity to obtain knowledge of classified information. No one has a right to have access to classified information solely because of rank, position, or security clearance eligibility. Access is limited to the minimum number of persons need |
| Clearance | A formal determination by an approved adjudicative authority that a person meets personnel security eligibility standards for access to classified information. The Department of the Navy Central Adjudication Facility (DON CAF) is the only DON security cle |
| Primary and alternate means of completion Command Emergency Action/Destruction Plan | – Contingency plans for fire, hurricane/flood/tornado, hostile/mob action – Precautionary Destruction – reduce amount of classified material present in preparation for possible hostile action – Complete Destruction – prevent capture or compromise of COM |
| Procedures to be followed upon implementation, | Report situation to EKMS Manager – Distribute destruction cards, commence destruction, track status – EKMS manager or CDO reports loss or compromise to Director, Communications Security Material System and controlling authorities |
| Priority for destruction of classified materials | – Priority One – TOP SECRET and superseded material – Priority Two – SECRET material – Priority Three – CONFIDENTIAL material |
| Responsibility for ensuring a correct inventory of destroyed materials is maintained and recorded | Senior person present is overall responsible. – Command Destruction Supervisor – EKMS Manager or CDO – Destruction Supervisor maintains status of destruction efforts |
| Methods of destruction | Cross-shredder for paper, ax/sledgehammer for equipment, zeroize crypto equipment – Incineration, pulping, sinking at sea |
| Classified waste | Keep to minimum to reduce buildup/fire hazard/excess and to have less material to destroy in case EAP/EDP implemented |
| Compromise | Confirmed or suspected unauthorized disclosure of classified information to a person(s) who does not have authorized access, valid clearance, or a needto-know |
| Marking | Physically indicating on classified material the assigned classification, changes in classification, downgrading and declassification instructions, and any limitations on use of information |
| Need-to-know | Determination that an individual requires access to specific classified information in the performance of lawful and authorized functions and duties |
| Transmission security | Protect transmissions from interception and exploitation – Ensure that only appropriately cleared personnel or authorized carriers transmit, transport, escort, or hand carry classified information |
| Two Person Integrity (TPI) | System of handling and storing designed to prevent single-person access to certain COMSEC keying material Requires at least two people be in constant view of each other and COMSEC material whenever it is being accessed and handled – Each person must be |
| Two Person Control (TPC) | Same requirements as TPI – continuous surveillance and control of positive control material and devices by two authorized persons |
| Working papers | Documents and material accumulated or created while preparing finished material (e.g., classified notes from a training course or conference, research notes, drafts, and similar items that are not finished documents) |
| Downgrading | – The determination by an approved authority that information classified at a specific level requires a lower degree of protection, therefore, reducing the classification to a lower level – Good rule: If possible, if you didn’t write it, don’t downgrade |
| Disclosures | – Conveying classified information to another person, authorized or unauthorized |
| Sanitization | – Securing classified material or equipment within a secure space to make the space available as an environment existing at a lower classification – Removing classified information from material |
| Communications Security: | – Protective measures taken to deny unauthorized persons information derived from telecommunications of the U.S. Government related to national security and to ensure the authenticity of such communications – Includes cryptosecurity, physical security, t |
| Information Security: | The system of policies, procedures, and requirements to protect information that, if subjected to unauthorized disclosure, could reasonably be expected to cause damage to national security |
| TEMPEST | TEMPEST is a short name referring to investigation, study, and control of compromising emanations from telecommunications and automated IS equipment – All DoD facilities processing SCI require TEMPEST countermeasure review and accreditation to ensure no |
| Single Scope Background Investigation: | – Investigative standard for determinations of eligibility to access TOP SECRET and SCI information – Reviews birth, citizenship, education, employment, character references, finances, foreign connections, criminal record, etc. |
| Authoritative manuals and instructions that govern Physical Security | ICD 705-1, “Physical and Technical Security Standards for Sensitive Compartmented Information Facilities” (17 September 2010) DCID 6/1, Security Policy for Sensitive Compartmented Information and Security Manual (4 November 2003) – DOD Instruction 5200 |
| Authoritative manuals and instructions that govern Information Assurance/Cyber Security | DODD 8500.01E, “Information Assurance (IA) and Computer Network Defense (CND)” 21 April 2007 – CJCSI 6510.01F, “Information Assurance (IA) and Support to Computer Network Defense (CND),” 9 February 2011 – Executive Order 12333, “United States Intellige |
| steps required to report a compromise, a suspected compromise of classified material or a practice dangerous to security (PDS | Compromise - unauthorized disclosure of classified information to one or more persons who do not possess a current valid security clearance Possible compromise - occurs when classified information is not properly controlled Practice dangerous to securit |
| proper protocol for classified communications telephone | – Only discuss information at or below the highest level of classification for which the telephone is accredited – National guidance for use of STU-III/STE/SCIP in secure data transmission, must be implemented |
| Computer Systems | – Any suspected computer security incident must be reported to the Information Assurance Manager (IAM) – Keep anti-virus software up-to-date and ensure the program is scanning all emails, files, or programs that come from another computer |
| Radio Communications | – DRSN provides capability for a separate, controlled, and interoperable secure communications and conferencing network to support command, control, and crisis management activities – National Telecommunications and Information Administration: regulates |
| Video / VTC | – Real Time Service (RTS) will be operated and defended IAW CDRUSSTATCOM’s concept of operations – Equipment and software shall be Joint Staff interoperability certified and type accredited by their classified system Designated Accrediting Authority (DA |
| purpose of network scanning and patching. | – Used to detect and repair system vulnerabilities – Removable media must be scanned for malicious software before introduction into an operational information system – Includes anti-virus protection implementation |
| different types of firewalls and intrusion detection systems | Packet Filtering: Software firewall that examines information in incoming/outgoing packets (source/destination addresses and ports, and network protocol) Stateful Packet Filtering: Keeps track of state of network connections; Only passes packets with kno |
| Intrusion Detection Systems (IDS) | Shall detect attempted or actual unauthorized human entry into a SCIF – Must comply with Underwriters Laboratories (UL) 2050 Extent 3 standards |
| Purpose of DoD Cyber Security Workforce | personnel who secure, defend, and preserve data, networks, net-centric capabilities, etc. by ensuring appropriate security controls and measures are in place, and taking internal defense actions – IAT and IAM– Levels I, II and III |
| Electronic spillage | – Occurs when data is placed on an IT system possessing insufficient information security controls to protect the data at the required classification |
| Network incident | – An assessed occurrence having actual or potentially adverse effects on a network – (JTF-GNO): Lead designated to identify and mitigate threats to DOD information networks direct the defense of the GIG |
| COMSEC incident | – Any uninvestigated or unevaluated occurrence that has the potential to jeopardize the security of COMSEC material or the secure transmission of classified or sensitive government information; OR any investigated or evaluated occurrence that has been det |
| Practices Dangerous to Security (PDS) | – PDSs, while not reportable to the national level (NSA), are practices, which have the potential to jeopardize the security of COMSEC material, if allowed to perpetuate |
| Reporting requirements and actions to be completed upon discovery of Electronic spillage | – Secure information – Report spillage to proper authorities via naval message – Conduct and complete preliminary inquiry (PI) within 72 hours – Acknowledge NETWARCOM SITREP within 24 hours – Clean up spillage and report completion within 72 hours |
| Reporting requirements and actions to be completed upon discovery of Network Incident | – Same steps as above except no PI required – Notify originating command of spillage immediately |
| Reporting requirements and actions to be completed upon discovery of COMSEC Incident | – Secure information – Report spillage to controlling authority – Conduct and complete an “initial report” within 24-72 hours |
| Reporting requirements and actions to be completed upon discovery of Practices Dangerous to Security (PDS) | – Reports must be made within 24-72 hours from time of discovery – Commanding officer must take immediate corrective actions to prevent recurrence |
| Define and discuss PKI. Key Infrastructure | DoD PKI can issue certificates to support DoD missions and business operations – DoD PKI is capable of issuing different types of certificates, including identity, authentication, signature, encryption, group/role, device, and code signing to satisfy DoD |
Created by:
kgreen3