www.ispcert.com

CLASSIFICATION

www.ispcert.com

ClassificationMarking requirementsTest

CONTENTS

www.ispcert.com

Presidential Executive Order 12829

HOW CLASSIFICATION CAME TO BE

The executive order was given to provide security measures to safeguard classified information that has been or may be released to… “current, prospective, or former contractors, licensees, or grantees of United States agencies”. It is also designed to provide for the protection of classified material as outlined in EO 12356 and the Atomic Energy Act of 1954, as amended.

www.ispcert.com

Provides Classified National Security Information and delivers a cohesive method for designation classification

The Government has designed stringent policy to ensure thatclassified material is protected at the level necessary to prevent unauthorized disclosure.

CLASSIFICATION VIA EO

www.ispcert.com

CONFIDENTIAL information could reasonably be expected cause damage

SECRET could reasonably be expected to cause serious damage

TOP SECRET could reasonably be expected to cause exceptionally grave damage to national security.

THREE DESINGNATIONS FOR CLASSIFIED

Caution: Classified information designated CONFIDENTIONAL should not be confused with the proprietary information sometimes referred to as company confidential.

www.ispcert.com

Four conditions must be met before assigning classification

An original classification authority is applying the classification level

The U.S. Government owns, is producing, or is controlling the information

Information meets one of eight categories The Original Classification Authority

determines unauthorized disclosure could cause damage to national security, including transnational terrorism and they can identify or describe the damage

CONDITIONS FOR CLASSIFICATION

www.ispcert.com

According to a report from the Chairman of the House National Security Subcommittee, 10% of secrets should have never been classified and that nearly 90% of classified information has been over-classified

A Defense Security Services report stated in 2003 nearly $6.5 billion was spent to classify information

To prevent such abuse, the Executive Order provides guidance to train and prevent classification authorities from arbitrarily assigning a classification level

CONDITIONS FOR CLASSIFICATION

www.ispcert.com

1. Military plans, weapons systems or operations The U.S. armed forces not only safeguards, but provides instructions for

protecting the specifics of their weapons and plans. If these strategies and operations were released to the wrong hands, the information would damage national security and adversely affect our ability to defend ourselves

2. Foreign government information This knowledge includes what the U.S. Government may already know about

other governments. This gives the U.S. the advantage of knowing information that another country thinks is protected.

WHAT ARE THE EIGHT CATEGORIES

www.ispcert.com

3. Intelligence activities, sources, or methods or cryptology One can imagine what damage could take place if any intelligence gathering

sources, methods or activities were compromised. The suspecting adversary could become aware of the threat and cease their activity or design countermeasures designed to thwart future efforts.

WHAT ARE THE EIGHT CATEGORIES

www.ispcert.com

4. Foreign relations or activities of the United States including confidential sources

This information is specified U.S. foreign policy activities and sources friendly to U.S. efforts and U.S. organizations. Such is protected to ensure the safety of the relations and success of the activities. Compromise of any of the sources could cause damage to National Security as they are denied further access.

5. Scientific, technological, or economic matters relating to national security, including defense against transnational terrorism

Unauthorized access to national security-related U.S. scientific, technological, and economic data could compromise plans, production, and strategies and leave certain vulnerabilities.

WHAT ARE THE EIGHT CATEGORIES

www.ispcert.com

6. U.S. programs for safeguarding nuclear materials or facilities For nuclear activities, the Department of Energy and the Nuclear Regulation

Commission provide specific guidance to ensure the best protection. Vulnerabilities and strengths are assessed to ensure the best possible measures are in place to protect these items. Plans, strategies and programs are only effective if enforced AND access is limited.

WHAT ARE THE EIGHT CATEGORIES

www.ispcert.com

7. Vulnerabilities of systems, installations, infrastructures, projects, plans or protection services related to national security including terrorism

Security managers assess strengths and to ensure the best possible measures are in place to protect these items. Plans, strategies and programs are only effective if enforced AND access is limited. An adversary could use the programs to gain advantages, steal, damage or destroy systems, installations, infrastructures, projects, plans or protection services.

8. Weapons of Mass Destruction Information fitting this category is classified to prevent

unauthorized disclosure. Such unauthorized disclosure could make the U.S. vulnerable to adversaries to include transnational terrorists.

WHAT ARE THE EIGHT CATEGORIES

www.ispcert.com

Users of classified material must understand the level of classification they are working with. The OCA not only classifies the information, but tells why it is classified, what level of damage to national security the information may affect and the date or event for the duration of the classification.

Classification must be evident and marked clearly for easy identification

Whether a document or end item, individual components must be marked at the appropriate level

CLASSIFICATION EVENTS

www.ispcert.com

Derivative classification involves extracting, summarizing, or deriving classification from another source

FSO ensures contractor is training and has resources

Contractor ensures: Use of Security Classification Guide Mark derived copy with the same classification as original Challenge classification when necessary Carry over longest period of classification to the new document Maintain list of sources used to compile the derivative document

DERIVATIVE CLASSIFICATION RESPONSIBILITIES

www.ispcert.com

In many cases those performing on classified contracts may assemble, modify, or construct classified information, reports, hardware and etc. into a new product. In that case the new product is an item derived from different sources.

Both the contractor and the government have responsibilities. The Cognizant Security Agency provides the instruction and resources and the contractor complies.

DERIVATIVE CLASSIFICATION RESPONSIBILITIES

www.ispcert.com

EXAMPLES OF DOCUMENT MARKINGS

Overall classification from source document

Paragraph from source to derived document

“Derived From” line based on information from source documents

www.ispcert.com

Contractors assist and ensure they understand guidance

The contract security classification specification identifies the specific elements of classified information involved in the contract that require security protection (NISPOM 4-103)

The FSO directs and implements the security measures necessary to protect the classified material to the appropriate level.

The GSA determines the disposition. Once the contract expires, the FSO can coordinate with the GCA to extend the storage of classified material related to the contract for up to two years

CLASSIFICATION

www.ispcert.com

Contractors are obliged to challenge classification through the GCA for any of the following situations:

Improperly classifiedCurrent situations warrant upgrade or downgradeSecurity Classification Guide is improper or inadequate

Users of classified information may discover that the classification level may be inappropriate or unnecessary. These holders have a duty to report their beliefs to the agency for review and decision

CLASSIFICATION

www.ispcert.com

Contractor Developed information may need to be classified If previously classified, use proper DDForm254, classification

guide or source document If not previously classified, but should be classified protect it

and submit to proper agencyUse the following marking:

CLASSIFICATION DETERMINATION PENDING Protect as though classified (TOP SECRET, SECRET,

CONFIDENTIAL)

CLASSIFICATION

www.ispcert.com

A contractor may have developed a product that they believe should be protected as classified. The item or information may have been previously classified. If that’s the case, then refer to the source document, classification guide and/or the DDForm254

There may be situations where a contractor has created a product that they believe should be protected as classified, but there is no guidance. In that case it will be necessary to protect the item to the level they believe it to be and submit to the proper agency for evaluation. However, the item or information must have one or both of the following characteristics: NISOM 4-105

1. Derivative classified information from which contractor was given prior access2. Government must have a proprietary interest in the information

CLASSIFICATION

www.ispcert.com

Information that loses sensitivity based on time or event is downgraded or declassified. The action is taken based on formal notification or from the Contract Security Classification Guidance.

Contractors should consult with the GCA prior to taking downgrade or declassification action. Once approved, documentation and remarking should take place concurrently.

DOWNGRADING OR DECLASSIFICATION

www.ispcert.com

The NISP is created to protect classified information Information is protected according to guidance in the Contract

Security Classification Specification

Contractors may construct, compile, extract or summarize classified information into a new document. This is called derivative information

Classified material should always be marked and protected at the correct level

SUMMARY

www.ispcert.com

• Click on the correct answers

TEST

www.ispcert.com

1. All of the following are classifications except:A. TOP SECRET B. CONFIDENTIALC. SECRETD. FOR OFFICIAL USE ONLY

2. Guidance for performing on classified contract is found in

A. SF328

B. DDForm441

C. SF86

D. DDForm254

3. Derivative information involves marking original classified information at the proper level

A. True

B. False

4. All must be considered before the OCA can assign a classification marking except

A. May cause damage to national security

B. Is owned by the Government

C. Displays nuclear vulnerabilities

D. Hide an nationally embarrassing situation

TEST-SELECT THE CORRECT ANSWER

www.ispcert.com

5. Which of the following is described as possible damage for unauthorized disclosure of SECRET

A. Causes extremely serious damageB. Causes damageC. Causes extremely grave damageD. Causes serious damage

6. GCA can approve storage of classified up to three years after expiration of contract

A. True

B. False

TEST-SELECT THE CORRECT ANSWER

www.ispcert.com

CERTIFICATE