Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
124 Cards in this Set
- Front
- Back
|
What is the purpose of Personnel Security?
|
The objective of the PSP is to authorize initial and continued access to classified information and/or initial and continued assignment to sensitive duties to those persons whose loyalty, reliability and trustworthiness are such that entrusting them with classified information or assigning them to sensitive duties is clearly consistent with the interests of national security. Additionally, the PSP ensures that no final unfavorable personnel security determination will be made without compliance with all procedural requirements.
|
|
|
What is the main goal of personnel security?
|
The main goal of personnel security is to prevent unauthorized access to classified material.
|
|
|
What are the 3 directives for governing Personnel Security?
|
The Intelligence Community Directive 704
SECNAVINST 5510.30, DON Personnel Security Program Manual SECNAVINST 5510.30B, DON Personnel Security Program Instruction |
|
|
What is The Intelligence Community Directive 704 ?
|
The Intelligence Community Directive 704 and its associated Intelligence Community Policy Guidance (ICPG 704.1 – 704.5) promulgate the personnel security policy of the DNI
|
|
|
What is the SECNAVINST 5510.30B, DON Personnel Security Program Manual?
|
SECNAVINST 5510.30, DON Personnel Security Program Manual implements Executive Order (EO) 12968, “Access to Classified Information” and incorporates policies and procedures established by other executive agencies.
|
|
|
What is contained in the SECNAVINST 5510.30B, DON Personnel Security Program Instruction?
|
SECNAVINST 5510.30B, DON Personnel Security Program Instruction provides DON commands, activities and personnel with regulations and guidance governing DON Personnel Security Program (PSP).
|
|
|
What is the Single Scope Background Investigation (SSBI)?
|
The SSBI is the EO 12968 investigative standard for determinations of
eligibility to access Top Secret classified national security information and SCI access eligibility determinations. The SSBI request will be submitted to OPM using a SF-86 or (E-Qip) electronically online. (SECNAVINST 5510.30, 6-3), DoD 5105.21-M-1, C-13) |
|
|
What is a Security Access Eligibility Report (SAER) and what is it used for?
|
Used to report derogatory information to DONCAF. Information that could, in itself, justify unfavorable administrative action that could have a negative affect on your clearance and access to classified information. Information which indicates that permitting access or continuous access to classified material may not be clearly consistent with the interest of national security. (DoD 5105.21-M-1, 2-10, C-5), (SECNAVINST 5510.30, CH. 3)
|
|
|
What are 5 reasons to submit a SAER?
|
Use of marijuana, drugs, prescription or non-prescription drugs
Excessive indebtedness or recurring financial difficulties Possible or probable compromise or unauthorized disclosure of SCI or other classified material Infraction or violation of security regulations Arrested, detained, or been a party to any civil or criminal action by either military or civilian authorities (DoD 5105.21-M-1, 2-10, C-5), (SECNAVINST 5510.30, CH. 3) |
|
|
What are 5 events reported to the SSO?
|
(a) Involvement in activities or sympathetic association with persons which/who unlawfully practice or advocate the overthrow or alteration of the United States Government by unconstitutional means. (b) Foreign influence concerns/close personal association with foreign nationals. (c) Foreign citizenship or foreign monetary interests. (d) Sexual behavior that is criminal or reflects a lack of judgment or discretion. (e) Unwillingness to comply with rules and regulations or to cooperate with security processing. (f) Unexplained affluence or excessive indebtedness. (g) Alcohol abuse. (h) Illegal or improper drug use/involvement. (i) Apparent mental or emotional disorder(s). (j) Criminal conduct. (k) Noncompliance with security requirements. (l) Engagement in outside activities which could cause a conflict of interest.(m) Misuse of information technology systems. (SECNAVINST 5510.30, CH. 3)
|
|
|
Here at NIOC HI who has Overall authority of the SCIF and controls its access?
|
Cognizant Security Authority/Senior Officer-In-Charge
CAPT Helmes – NSA/CSS Hawaii CAPT Hagy – Bldg. 324 (DCID 6/9, |
|
|
What is the SF700?
|
SF700 – Security Container Envelope contains vital information about the security container in which it is located. This information includes location, container number, lock serial number, and contact information if the container is found open and unattended.
|
|
|
What is the SF701?
|
SF701 – Activity Security Checklist filled out at the end of each day to insure that classified materials are secured properly and allows for employee accountability in the event that irregularities are discovered.
|
|
|
What is the SF702?
|
SF702 – Security Container Check-sheet record of the names and times that persons have opened closed and checked a particular container that holds classified information.
|
|
|
What is the SF703?
|
Top secret cover sheet (DoD 5105.21-M-1)
|
|
|
What are three reasons a safe combo, Combinations to locks installed on security containers/safes, perimeter doors, windows and any other openings should be changed ?
|
1. A combination lock is first installed or used;
2. A combination has been subjected, or believed to have been subjected to compromise; and 3. At other times when considered necessary by the CSA. (DCID 6/9, 2.6) |
|
|
Define FDO and responsibilities
|
Only designated foreign disclosure officers (FDOs) may approve the disclosure of classified and controlled unclassified military information to foreign representatives
|
|
|
What defines Security access to buildings in a SCIF environment?
|
The SCIF perimeter entrance should be under visual control at all times during duty hours to preclude entry by unauthorized personnel. This may be accomplished by several methods (e.g., employee work station, guard, CCTV). Regardless of the method utilized, an access control system shall be used on the SCIF entrance. Persons not SCI-indoctrinated shall be continuously escorted within a SCIF by an SCI-indoctrinated person who is familiar with the security procedures of that SCIF
|
|
|
What defines Automated Access Control Systems?
|
An automated access control system may be used to control admittance to SCIFs during working hours in lieu of visual control, if it meets the following criteria:
a. The automated access control system mug identify an individual and authenticate that person's authority to enter the area through the use of an identification (ID) badge or card, or by personal identity verification. Automated identification of individuals exiting the area is desirable. 1) ID Badges or Cards. The ID badge or card must use embedded sensors, integrated circuits, magnetic stripes or other means of encoding data that identifies the facility and the individual to whom the card is issued 1) Personal Identity Verification. Personal identity verification (Biometrics Device) identifies the individual requesting access by some unique personal characteristic, such as: (a) Fingerprinting, (b) Hand Geometry, (c) Handwriting, (d) Retina, or (e) Voice recognition. (DCID 6/9, Annex F) |
|
|
How should all classified materials be stored and handled?
|
All classified material will be stored in a GSA approved safe (class 5 or 6). SCI material will be processed, stored and discussed within an accredited Sensitive Compartmented Information Facility (SCIF). All hardcopy classified material and media will be appropriately marked and have the appropriate SF cover sheet or sticker placed on the material. Only 24 hour manned workspaces are approved for open storage within NSA/CSS Hawaii. (DCID 6/9, JOINTDODISS, CH. 13, SECNAVINST 5510.36, CH.6)
|
|
|
What is the Procedure to prepare hard copy classified material for shipment via DCS or hand?
|
All classified material shipped via DCS requires double wrapping. No item entering the DCS shall weigh over 300 pounds, or exceed dimensions 45 1/2" X 26" X 22", except those items for which the physical structure prohibits breakdown into smaller units. The minimum size of a "flat" (envelope)
entered into the DCS shall meet the standard 8 1/2" X 11" in size; small boxes and/or packages shall have a minimum total dimension of 26"; e.g., girth (twice its width plus twice the height) added to the length. Include the name of person or activity for whom the material is intended and a receipt for accountability of the material. Security classification markings, special security caveats, special project markings, and other extraneous markings must not appear on the outer wrapper. If hand carried, must be sealed pouch or locked in a briefcase. (DoD 5200.33-R, C3.2), (DoD 5105.21-M-1, 3-16) |
|
|
What is the purpose of the Defense Courier Service?
|
The DCS establishes, staffs, operates, and maintains an international network of couriers and courier stations for the expeditious, cost effective, and secure transmission of qualified classified documents and material. (DoD 5200.33-R, C1.1.3)
|
|
|
Who is responsible for safekeeping TS material in the command?
|
The Commanding Officer is responsible for the effective management of the ISP within the command. Authority delegated by this instruction to a commanding officer may be further delegated unless specifically prohibited. Authority normally delegated to the Top Secret Control Officer. (SECNAVINST 5510.30, 2-1)
|
|
|
What are the Security Badges used at NNWC?
|
Yellow (SCI Cleared/Non-Community/Reservists)
Green (SCI Cleared/Non-NSA/NSA Contractors) Blue (SCI Cleared/Employee) Red (Uncleared) |
|
|
Define what Threatcon recognition and FP Levels are used for and how many levels are there?.
|
Terrorist Threat Levels: An intelligence threat assessment of the level of terrorist threat faced by U.S. personnel and interests. The assessment is based on a continuous intelligence analysis of a minimum of four elements: terrorist group operational capability, intentions, activity, and operational environment. There are four threat levels
|
|
|
Describe the High threatcon level.
|
High. Anti-U.S. terrorists are operationally active and use large casualty producing attacks as their preferred method of operation. There is a substantial DoD presence and the Operating Environment favors the terrorist.
|
|
|
Describe the Significant threatcon level.
|
Significant. Anti-U.S. terrorists are present and attack personnel as their preferred method of operation or a group uses large casualty producing attacks as their preferred method but has limited operational activity. The Operating Environment is neutral.
|
|
|
Describe the Moderate threatcon level.
|
Moderate. Terrorists are present but there are no indications of anti-U.S. activity. The Operating Environment favors the Host Nation/U.S.
|
|
|
Describe the low level of threatcon.
|
Low. No group is detected or the group activity is non-threatening.
|
|
|
How many progressive levels of increasing AT protective measures are there for FPCON and what are they?
|
Five
FPCON Normal,FPCON ALPHA,FPCON BRAVO, FPCON CHARLIE, FPCON DELTA |
|
|
What is FPCON Normal?
|
FPCON NORMAL: Applies when a general global threat of possible terrorist activity exists and warrants a routine security posture. At a minimum, access control will be conducted at all DoD installations and facilities.
|
|
|
What is FPCON ALPHA?
|
FPCON ALPHA: Applies when there is an increased general threat of possible terrorist activity against personnel or facilities, and the nature and extent of the threat are unpredictable. ALPHA measures must be capable of being maintained indefinitely.
|
|
|
What is FPCON BRAVO?
|
FPCON BRAVO: Applies when an increased or more predictable threat of terrorist activity exists. Sustaining BRAVO measures for a prolonged period may affect operational capability and military-civil relationships with local authorities.
|
|
|
What is FPCON CHARLIE?
|
FPCON CHARLIE: Applies when an incident occurs or intelligence is received indicating some form of terrorist action or targeting against personnel or facilities is likely. Prolonged implementation of CHARLIE measures may create hardship and affect the activities of the unit and its personnel.
|
|
|
What is FPCON DELTA?
|
FPCON DELTA: Applies in the immediate area where a terrorist attack has occurred or when intelligence has been received that terrorist action against a specific location or person is imminent. This FPCON is usually declared as a localized condition. FPCON DELTA measures are not intended to be sustained for an extended duration. (NWP 3-07.2 Rev. A 2-5 – 2-7)
|
|
|
What are the three classified markings?
|
Top Secret, Secret, and Confidential
|
|
|
What does the Top Secret classified marking mean?
|
Top Secret is the classification level applied to information whose unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to the national security.
|
|
|
What does the Secret classified marking mean?
|
Secret is the classification level applied to information whose unauthorized disclosure could reasonably be expected to cause serious damage to the national security.
|
|
|
What does the Confidential classified marking mean?
|
Confidential is the classification level applied to information whose unauthorized disclosure could reasonably be expected to cause damage to the national security. (SECNAVINST 5510.36, 4-1)
|
|
|
What do Basic security protocols do for all personnel?
|
Ensures all personnel are properly trained on governing instructions, the safety of personnel, protection of classified information and NSACSS/NNWC facilities.
|
|
|
What is the purpose of the Emergency Action Plan
|
EAP Establishes policies, outlines responsibilities and general procedures for organization personnel for the safeguarding, evacuation and/or destruction of SCI and other classified material during emergency situations. (DoD 5105.21-M-1, 5-8)
|
|
|
What is the purpose of the Emergency Destruction Procedures?
|
Part of the EAP to ensure the precautionary or complete destruction of classified material. Should include: Facilities and procedures for effecting secure emergency
destruction of classified material must address: (1) Adequate number of destruction devices (2) Availability of electrical power (3) Secure storage facilities nearby (4) Adequately protected destruction areas (5) Personnel assignments (6) Clear delineation of responsibilities for implementing emergency destruction |
|
|
How are classified materials destroyed and in what order?
|
Destruction of
classified information shall be accomplished by means that eliminate risk of recognition or reconstruction of the information. Various methods and equipment may be used to destroy classified information that include burning, cross-cut shredding, wet-pulping, mutilation, chemical decomposition, or pulverizing. (DoD 5105.21-M-1, 5-8) |
|
|
What are the guidlnes that must be followed as to materilas identified for emergency destruction/removal?
|
(1) Priority One: All cryptographic equipment and documents.
(2) Priority Two: All operational SCI codeword material which might divulge targets and successes, documents dealing with U.S. SCI activities and documents concerning compartmented projects and other sensitive intelligence materials and Top Secret collateral. (3) Priority Three: Less sensitive administrative SCI material and collateral classified material not included above. (DoD 5105.21-M-1, 5-9) |
|
|
What is Sensitive Compartmented information (SCI)?
|
Classified information concerning or derived from intelligence sources, methods, or analytical processes, that is required to be handled within formal access control systems established by the Director of Central Intelligence. (DoD 5105.21-M-1, C-13)
|
|
|
Wat are three requirements for materials to be classified SCI?
|
1. The subject requiring access to SCI must be a U.S. citizen.
2. The subject must be stable, trustworthy, reliable, discreet, of excellent character, and sound judgment; and must be unquestionably loyal to the United States. 3. Members of the subjects immediate family and other persons to whom the subject is bound by affection or obligation shall not be subject to physical, mental, or other forms of duress by either a foreign power of by persons who may be or have been engaged in criminal activity, or who advocate either the use of force or violence to overthrow the U.S. Government, or alteration of the form of the U.S. Government by unconstitutional means. (ICD 704, pg. 3) |
|
|
What are 9 compartments of SCI?
|
SI
TK GAMMA HCS HSL NK EU EL C4 |
|
|
What is prohibited in the SCIF unles it is necessary in the line of Official Duty?
|
PROHIBITED EXCEPT FOR OFFICIAL DUTY - The following items are prohibited unless approved by the SOIC for conduct of official duties:
Two-way transmitting equipment, Recording equipment (audio, video, optical). Associated media will be controlled, Test, measurement, and diagnostic equipment. |
|
|
Wht items are prohibited in a SCIF?
|
The following items are prohibited in SCIFs: Personally owned photographic, video, and audio recording equipment, personally owned computers and associated media.
|
|
|
What re aurthorized SCIF items?
|
Electronic calculators, electronic spell-checkers, wrist watches, and data diaries. NOTE: If equipped with data-ports, SOICs will ensure that procedures are established to prevent unauthorized connector to automated information systems that are processing classified information.
2.1.2 Receive only pagers and beepers, Audio and video equipment with only a "playback" feature (no recording capability), or with the "record" feature disabled/removed, & Radios (DCID 6/9, Annex D) |
|
|
What is the difference between TS/SCI and SSES?
|
TS/SCI is Top Secret with SCI access - classified information that is so sensitive that even the extra protection measures applied to Top Secret information are not sufficient. Ship’s Signal’s Exploitation Space, is a Sensitive Compartmented Information Facility (SCIF) used to carry out cryptologic operation at sea.
|
|
|
AT NETWARCOM we use what type of approved security container and what class can it be?
|
GSA Approved Security Containers, either Class 5 or Class 6.
|
|
|
What is Level 1 in the restricted area of an organization as it relates to Secure Sites?
|
Level 1: Category III & IV AA&E storage, emergency dispatch area,
|
|
|
What is Level 2 in the restricted area of an organization as it relates to Secure Sites?
|
Level 2: Category I & II AA&E storage, antenna sites, communications and computer facilities
|
|
|
What is Level 3 in the restricted area of an organization as it relates to Secure Sites?
|
Level 3: computer facilities, systems, and antenna sites; critical intelligence-gathering facilities and systems
|
|
|
True/False At a NETWARCOM space are NIPRNET Informations systems monitored?
|
True
|
|
|
Who or what personnel monitor the SIPRNET infomation domain?
|
ISSM-Information System Security Manager and Information Security personnel.
|
|
|
Who can authorize transfer of material from a NIPRNET information system to a SIPRNET information system?
|
Mission Manager
|
|
|
What are Access lists used for?
|
Access list are used to verify clearance level and accesses.
|
|
|
What are Acsess Logs used for?
|
Logs are used as a record to verify each and every member who visits the facility cleared or uncleared.
|
|
|
What is 2-person integrity?
|
2-person integrity is used during the destruction, transportation and inventory of classified material. DCID 6/9, 2.5)
|
|
|
Vault verification and recurring inspections are conducted to ensure SCIF vaults are meeting what standards?
|
DCID 6/9 standards. (DCID 6/9, 4.1)
|
|
|
Who is the is the sole verification authority for DoD SCIFS?
|
SSO DIA/DAC
|
|
|
is the sole verification authority for Service Cryptologic Elements SCIFS?
|
NSA
|
|
|
All uncleared personnel, permanent party or visiting, will be escorted by _____ cleared and _______ qualified personnel only.
|
SCI, Escort
|
|
|
What are 2 categories of Protected Distribution Systems (PDS)
|
Hardened Distribution System, and Simple Distribution Sytem
|
|
|
What is a Hardened Distribution System?
|
These are afforded significant physical security protection and can be implemented by the use of the following three carriers: Hardened, Alarmed Carriers, and Continuously viewed Carrier.
|
|
|
What are Prtectd Distribution Systems (PDS) used for?
|
PDS are used to transmit unencrypted classified NSI through an area of lesser classification or control. There are two categories of PDS:Hardened Distribution Systems, Simple Distribution Systems
|
|
|
Do Simple Distribution Systems have a higler/lower level of security protction than a Hardened Distribution System?
|
Lower level of protection
|
|
|
What must be done if an Uncleared person must enter a secured space?
|
Qualified, SCI Cleared Escort will announce "Uncleared", to all, and turn on blinking light if available; all classified information must be concealed/removed from view.
|
|
|
Wat is a Ram?
|
Random Antiterrorism Measures used deter terrorist threats. To maximize the effectiveness and deterrence value, RAM should be implemented without a set pattern, either in terms of the measures selected, time, place, or other variables. RAM, at a minimum, shall consist of the random implementation of higher FPCON measures in consideration of the local terrorist capabilities. Random use of other physical security measures should be used to supplement FPCON measures.
|
|
|
True/False. Networks are vulnerable to slowdowns due to both internal and external factors.
|
True, Internally, networks can be affected by overextension and bottlenecks, external threats, DoS/DDoS attacks, and network data interception. The execution of arbitrary commands can lead to system malfunction, slowed performance, and even failure.
|
|
|
A network total system failure is the greatest threat known to System Administrators and the most critical threat is understanding all possible network _________________.
|
Vulnerabiltiles. These problems can be addressed by network management systems and utilities such as traceroute, which allow administrators to pinpoint the location of network slowdowns. Traffic can then be rerouted within the network architecture to increase speed and functionality.
|
|
|
Two of the most Serious Threats that networks face are _____ and ______ attacks which are a result of one attack or a number of coordinated attacks, respectively which lead to system malfunciton, slowed performaance, and even failure.
|
DoS and DDoS attacks.
|
|
|
A utility referred to as ___________ allows administrators to pinpoint the location of network slowdowns.
|
Traceroute
|
|
|
One of the most common network vulnerabilities known is _________ _______________.
|
Data Interception, Hackers within range of a WLAN workstation can infiltrate a secure session, and monitor or change the network data for the purpose of accessing sensitive information or altering the operation of the network.
|
|
|
User authentication systems are used to keep ____________ from occurring.
|
Interception
|
|
|
What are the five steps involved in OPSEC?
|
1. Identify Critical information.
2. Conduct Threat analysis. 3. Conduct a vulnerabilitly analysis. 4. Conduct a Risk Assessment. 5. Apply OpSEC Countermeasures. |
|
|
Deccribe what is involved in Conduct a Risk Assessment, one of the five steps involved in OPSEC.
|
The fourth step, Conduct a Risk Assessment, The risk assessment is the process of evaluating the risks to information based on susceptibility to intelligence collection and the anticipated severity of loss.
|
|
|
Deccribe what is involved in Identify critical info, one of the five steps involved in OPSEC.
|
The first step, Identify critical info. DoD activities, intentions, capabilities, or limitations that an adversary seeks in order to gain a military, political,
diplomatic, economic, or technological advantage. |
|
|
Deccribe what is involved in Conduct threat analysis, one of the five steps involved in OPSEC.
|
The second step, Conduct threat analysis. Threat information is necessary to develop appropriate countermeasures. The threat analysis includes identifying potential adversaries and their associated capabilities and intentions to collect, analyze, and exploit critical information and indicators
|
|
|
Deccribe what is involved in Conduct a Vulnerability Analysis, one of the five steps involved in OPSEC.
|
The third step, Conduct a Vulnerability Analysis. An OPSEC vulnerability exists when the adversary is capable of collecting critical information or indicators, analyzing it, and then acting quickly enough to impact friendly objectives.
|
|
|
Deccribe what is involved in Apply OPSEC Countermeasures, one of the five steps involved in OPSEC.
|
The fifth step, Apply OPSEC Countermeasures. Countermeasures are designed to prevent an adversary from detecting critical information, provide an alternative interpretation of critical information or indicators (deception), or deny the adversary’s collection system. (www.ioss.gov
|
|
|
Who is NIOC HI's current OPSEC Officer?
|
LT Jatho
|
|
|
What are the training requirements for all personnel in the SCIF that use Information Systems?
|
Training requirement for info assurance - all authorized users of DON information systems and networks receive initial IA awareness orientation and complete annual IA awareness refresher training. (JOINTDODISS, CH. 6)
|
|
|
Define what COMSEC - Communications security is?
|
Measures and controls taken to deny unauthorized persons information derived from telecommunications and ensure the authenticity of such telecommunications. Communications security includes crypto security, transmission security, emission security, traffic-flow security and physical security of COMSEC equipment.
|
|
|
Define what INFOSEC - Information security means?
|
INFOSEC - Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.
|
|
|
Define what COMPISEC Computer Security is.
|
COMPUSEC - Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users.
|
|
|
Define what SIGSEC is.
|
SIGSEC - Signal Security this is an overall term referring to
Communications security measures. Such measures are taken to deny enemy collection of data from COMINT and ELINT operations. |
|
|
Define What Physuical Security is.
|
Physical Security - PS is concerned with physical measures designed
to safeguard personnel; to prevent unauthorized access to installations, equipment, materiel, and documents; and to safeguard against espionage, sabotage, damage, and theft. PS involves the total spectrum of procedures, facilities, equipment, and personnel employed to provide a secure environment. |
|
|
Define the object of what Personnel Security is.
|
Personnel Security - The objective of the personnel security program is that military, civilian, and contractor personnel assigned to and retained in sensitive positions, in which they could potentially damage national security, are and remain reliable and trustworthy, and there is no reasonable basis for doubting their allegiance to the United States.
|
|
|
What is AT/FP?
|
AT/FP - AT or antiterrorism is the defensive measures used to reduce the vulnerability of individuals and property to terrorist acts, to include limited response and containment by local military forces. FP or force protection is the security program developed to protect Service members, civilian employees, family members, facilities and equipment, in all locations and situations, accomplished through the planned and integrated application of combating terrorism, physical security, operations security, personal protective services supported by intelligence, counterintelligence, and other security programs.
|
|
|
What does Need to Know refer to?
|
Need to know - is the determination by an authorized holder of classified information that a prospective recipient requires access to specific classified information in order to perform or assist in a lawful and authorized governmental function.
|
|
|
What doe M-1 refer to?
|
M-1 is the Military Personnel Programs book is the budget for all military services (personnel, pay, allowances, training, etc). It is made available through DTIC.
|
|
|
What is NAVSUP?
|
NAVSUP - Navy Supply System Command instructions contain all relevant info related to supply. NAVSUP serves as an advisory member on the NNFE Board of Directors. one of their principal customers is NETWARCOM
|
|
|
What are SECNAVINST?
|
SECNAVINST - Secretary of the Navy Instructions contain most of the supporting references for Navy Intelligence and Security doctrine.
|
|
|
What is an SSBI-PR?
|
A personnel security re-investigation conducted at a specific interval (every 5 years) for the purpose of updating a previously completed background investigation, special background investigation, or single scope background investigation for continued access to TS or SCI.
|
|
|
What are DCID's?
|
DCID Manual use - Director of Central Intelligence Directives (DCIDs) were formerly the principal instrument for defining intelligence community-wide policies.
|
|
|
What is ICD 704, formerally known as DCID 6/4?
|
6/4 - Personnel Security Standards and Procedures Governing Eligibility for Access to Sensitive Compartmented Information (SCI). This is now ICD 704
|
|
|
What is DCID 6/5
|
6/5 - Policy for Protection of Certain Non-SCI Sources and Methods Information (SAMI)
|
|
|
What is DCID 6/9
|
6/9 - Physical Security Standards for Sensitive Compartmented Information Facilities
|
|
|
What is USSID 18?
|
USSID 18 - United States Signals Intelligence Directive 18 prescribes policies and procedures and assigns responsibilities to ensure that the missions and functions of the United States SIGINT System (USSS) are conducted in a manner that safeguards the constitutional rights of U.S. persons. (USSID Directory)
|
|
|
_____ ______________ is the practice of obtaining confidential information by manipulation (social skills). A ________ __________commonly uses the telephone or Internet to trick a person into revealing sensitive information or getting them to do something that is against policy. With this method, _____ _________exploit the natural tendency of a person to trust their word, rather than exploiting other security holes. ____ __________ is a non-technical kind of intrusion relying heavily on human interaction which often involves tricking other people into breaking normal security procedures, the attacker uses social skills and human interaction to obtain information about an organization or their activities.
"People are the weakest link" in security and this principle is what makes _________ _________ possible. (www.ioss.gov) |
Social Engineering, Social Engineer, Social Engineer, Social Engineering
|
|
|
What are the duties and responsibilities of the SSO?
|
SSO duties and responsibilities - The Special Security Officer is
responsible for the operation (e.g., security, control, use, etc.) of all command Sensitive Compartmented Information Facilities (SCIFs). All SCI matters shall be referred to the SSO. (SECNAVINST 5510.30, 2-6 – 2-7) |
|
|
What is the Command Security Manager (CSM) and what are his or her responsibilities?
|
Command Security Manager (CSM) - The command security manager may be assigned full-time, part-time or as a collateral duty and must be an officer or a civilian employee, GS-11 or above, with sufficient authority and staff to manage the program for the command. The security manager must be a U.S. citizen and have been the subject of a favorably adjudicated SSBI completed within the previous 5 years. (SECNAVINST 5510.30, 2-2)
|
|
|
List 4 responsibililtes of the the CSM (Command Security Manager).
|
1. Serves as the commanding officer’s advisor and direct representative in matters regarding the eligibility of personnel to access classified information and to be assigned to sensitive duties.
2. Develops written command information and personnel security procedures, including an emergency plan which integrates emergency destruction bills where required. 3. Formulates and coordinates the command’s security awareness and education program. 4. Ensures security control of visits to and from the command when the visitor requires, and is authorized, access to classified information. |
|
|
List 3 responsibililtes of the the CSM (Command Security Manager).
|
1. Ensures that all personnel who will handle classified information or will be assigned to sensitive duties are appropriately cleared through coordination with the DON CAP and that requests for personnel security investigations are properly prepared, submitted and monitored.
2. Ensures that access to classified information is limited to those who are eligible and have the need to know. 3. Ensures that personnel security investigations, clearances and accesses are properly recorded. (SECNAVINST 5510.30, 2-2 – 2-5) |
|
|
True/False-Why or Why Not?
The CSM can serve as the SSO. |
The CSN can serve as the SSO only if aurhorized by the Director, ONI or NETWARCOM.
|
|
|
What does EKMS stand for?
|
The Electronic Key Management System (EKMS)
|
|
|
What is the purpose of EKMS?
|
(EKMS)
provides the capability for automated generation, accounting, distribution, destruction, and management of electronic key, as well as management of physical key and non-key COMSEC related items. |
|
|
What are the 4 tiers of EKMS?
|
Designed to provide an integrated, end-to-end key management,
and Communications Security (COMSEC) material generation, distribution, and accounting system for the Department of Defense (DoD) and civilian agencies. |
|
|
What does JPAS stand for?
|
Joint Personnel Adjudication System is the Department of Defense (DoD) personnel security migration system
|
|
|
What is JPAS used for? (4 uses)
|
- the virtual consolidation of the DoD Central Adjudication Facilities (CAFs)
- use by non-SCI security program managers and Special Security Officers - Special Access Program (SAP) program managers - DoD contractor Security officers (expected July 2002) |
|
|
___________ provides "REALTIME" information regarding clearance, access and investigative status to authorized DoD security personnel and other interfacing organizations, such as Defense Security Service, Defense Manpower Data Center, Defense Civilian Personnel Management System, Office of Personnel Management, and Air Force Personnel Center.
|
Joint Personnel Adjudication System--JPAS
|
|
|
How long can a CO administratively suspend a clearance before DONCAF makes it permanent.
|
90 Days
|
|
|
What is Antivirus software used for?
|
Antivirus software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware.
|
|
|
Who supports the Department of Defense by conducting Security Clearance interviews?
|
The Office of Personnel Management (OPM's)
|
|
|
What odes INFOCON stand for?
|
Information Operations Condition
|
|
|
Define INFOCON.
|
Defense
posture and response system for DOD information systems and networks. |
|
|
List its 5 levels of INFOCON and describe each.
|
NORMAL - Normal readiness of DOD information systems and networks.
ALPHA -Increased intelligence watch and strengthened security measures of DOD information systems and networks. BRAVO - A further increase in CND force readiness above that required for normal readiness. CHARLIE - A further increase in CND force readiness but less than maximum CND force readiness. DELTA - Maximum CND force readiness. |
|
|
True/False
It is the sole responsibility of the owner of any classified material to take the proper precautions to ensure unauthorized access is not granted to the owners classified material. |
False Everyone who works with classified information is personally responsible for taking proper precautions to ensure that unauthorized persons do not gain access to it.
|
|
|
True/False The Department of the Navy Central Adjudication Facility (DoN CAF) is a Naval Criminal Investigative Service (NCIS) organization
|
True
|
|
|
What organization is reposnsible for determining who within the Department of the Navy is eligible to hold a security clearance, to have access to Sensitive Compartmented Information (SCI), or to be assigned to sensitive duties?
|
The Department of the Navy Central Adjudication Facility (DoN CAF)
|
|
|
What domain is used to provide names only for IP addresses allocated or assigned to the Department of Defense by the American Registry for Internet Numbers?
|
.mil The U.S. Department of Defense has exclusive use of this domain. (Department of Defense Web Policy, Website Administration Policies and Procedures, www.defense.gov)
|
