Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
38 Cards in this Set
- Front
- Back
|
The loss or compromise of classified information presents a threat to the national security.
|
Reports of loss or compromise ensure that such incidents are properly investigated and the necessary actions are taken to negate or minimize the adverse effects of the loss or compromise and to preclude recurrence.
|
|
|
A loss of classified information
|
occurs when it cannot be
accounted for or physically located. |
|
|
A compromise .
|
is the unauthorized disclosure of classified
information to a person(s) who does not have a valid security clearance, authorized access or need-to-know |
|
|
A possible compromise
|
occurs when classified information is
not properly controlled |
|
|
electronic spillage
. |
occurs when data is placed on an IT system possessing insufficient information security controls to protect the data at the required classification
|
|
|
Commanding Officer RESPONSIBILITIES
|
When a loss or compromise of classified information occurs, the cognizant commanding officer or security
manager shall immediately initiate a Preliminary Inquiry (PI). If, during the conduct of the PI, it is determined that a loss or compromise of classified information did occur, the local NCIS office will be notified. |
|
|
Commanding Officer RESPONSIBILITIES (CON'T)
|
(CON'T) The contacted NCIS office shall promptly advise whether or not it will open an investigation and provide advice and assistance to the PI as necessary.
|
|
|
Security Manager RESPONSIBILITIES
|
shall be responsible for overseeing the PI. In the event of compromise or possible compromise on an IT system, the Security Manager shall coordinate with the IA Manager (IAM) to ensure that these incidents are
properly reported. |
|
|
Security Manager RESPONSIBILITIES (CON'T)
|
Additionally, the IAM shall ensure that the
possibly compromised classified information is sanitized from the affected system(s) in accordance with reference (e) when directed to do so by the security manager or commanding officer. |
|
|
Individual RESPONSIBILITIES
|
An individual who becomes aware that classified
information is lost or compromised shall immediately notify their security manager or commanding officer of the incident, as well as their supervisory chain of command. |
|
|
Individual RESPONSIBILITIES (CON'T)
|
If the reporting individual believes the security manager or commanding officer may be involved in the incident, they must notify the next higher echelon of command or supervision. If circumstances of discovery
make such notification impractical, the reporting individual shall notify the commanding officer or security manager at the most readily available command or contact the local NCIS office |
|
|
PRELIMINARY INQUIRY
|
the initial process to determine the facts surrounding a
possible loss or compromise of classified information. At the conclusion of the PI, a narrative of the PI findings will be prepared. |
|
|
PRELIMINARY INQUIRY INITIATION
|
The commanding officer shall appoint, in writing, a command official (other than the security manager or anyone involved with the incident) to conduct a PI.
|
|
|
PRELIMINARY INQUIRY INITIATION (CON'T)
|
This individual shall have security clearance eligibility and access commensurate to the classification level of the information involved; the ability to conduct an effective, unbiased investigation; and shall not be
someone involved, either directly or indirectly, with the incident. |
|
|
PRELIMINARY INQUIRY INITIATION (CON'T
|
A PI shall be initiated and completed within 72 hours of
initial discovery of the incident. |
|
|
CONTENTS OF THE PI MESSAGE OR LETTER
|
identification shall include the information's subject or title, classification of the information (including any relevant warning notices or intelligence control
markings, downgrading and declassification instructions), all identification or serial numbers, |
|
|
CONTENTS OF THE PI MESSAGE OR LETTER (CON'T)
|
the date of the information, the originator, the OCA, the number of pages or amount of material involved, a point of contact from the command, a command
telephone number, the Unit Identification Code (UIC) of the custodial command, etc. |
|
|
CLASSIFICATION OF THE PI MESSAGE OR LETTER
|
Every effort should be made to keep the PI unclassified and without enclosures. However, if the lost information is beyond the jurisdiction of the U.S. .
|
|
|
CLASSIFICATION OF THE PI MESSAGE OR LETTER (CON'T)
|
Government, and cannot be recovered, the PI shall be classified (using the classification and associated markings of the lost information as the derivative source) to prevent its recovery by unauthorized persons.
|
|
|
CLASSIFICATION OF THE PI MESSAGE OR LETTER (CON'T)
|
If the information involves a Public Media compromise and the PI contains information that could enable others to locate the classified information, the PI must be classified commensurate to the security classification level of the compromised information.
|
|
|
ACTIONS TAKEN UPON PI CONCLUSION
|
Loss or compromise should be assumed unless the information did not leave the control of the U.S. Government. A loss or compromise is considered “beyond the jurisdiction of the U.S. Government” if the information is, for example, transmitted over the Internet;
|
|
|
ACTIONS TAKEN UPON PI CONCLUSION (CON'T)
|
is publicly revealed or becomes the subject of a public media compromise; or is improperly revealed to an unauthorized individual or entity over which the U.S. Government has no authority.
|
|
|
ACTIONS TAKEN UPON PI CONCLUSION (CON'T)
|
A JAGMAN investigation is required in the event that
disciplinary action is being considered or recommended by the PI, or compromise of classified information is considered likely to have occurred. |
|
|
ACTIONS TAKEN UPON PI CONCLUSION (CON'T)
|
Do not forward the PI message or letter if the PI concludes that a loss or compromise of classified information did not occur or the possibility of compromise is remote due to the belief that
the information was never outside the control of cleared U.S. Government personnel. |
|
|
ACTIONS TAKEN UPON PI CONCLUSION (CON'T)
|
Determining the course of action at the conclusion of a PI remains the responsibility of the commanding officer, who must carefully consider the circumstances surrounding each loss or compromise, and apply risk management principles in making decisions about the probability of compromise.
|
|
|
REPORTING LOSSES OR COMPROMISES OF SPECIAL TYPES OF CLASSIFIED INFORMATION AND EQUIPMENT
|
Report losses or compromises of classified IT systems,
terminals, or equipment, FGI and NATO classified information to the CNO (N09N2). The CNO (N09N2) shall notify CNO (N6) and the Director, Information Assurance, Undersecretary of Defense (Intelligence). |
|
|
REPORTING LOSSES OR COMPROMISES OF SPECIAL TYPES OF CLASSIFIED INFORMATION AND EQUIPMENT (CON'T)
|
Report losses or compromises involving DoD SAPs, or results of inquiries or investigations that indicate weaknesses or vulnerabilities in established SAP policy, to the Director, Special Programs (ODUSD(CI&S)) via the Director, Special Programs Division (CNO (N89))
|
|
|
REPORTING LOSSES OR COMPROMISES OF SPECIAL TYPES OF CLASSIFIED INFORMATION AND EQUIPMENT (CON'T)
|
Report losses or compromises involving Restricted Data (including CNWDI), and Formerly Restricted Data (when it involves unauthorized disclosure to a foreign government), to the CNO (N09N2), who shall notify the Department of Energy, with a copy to the local NCIS office.
|
|
|
REPORTING LOSSES OR COMPROMISES OF SPECIAL TYPES OF CLASSIFIED INFORMATION AND EQUIPMENT (CON'T)
|
Report losses or compromises involving SIOP and SIOP-ESI to the Joint Chiefs of Staff (JCS) and the U.S. Commander, Strategic Command (USSTRATCOM) by the quickest means possible, consistent with security requirements.
|
|
|
REPORTING LOSSES OR COMPROMISES OF SPECIAL TYPES OF CLASSIFIED INFORMATION AND EQUIPMENT (CON'T)
|
Report losses or compromises of COMSEC information or keying material to the controlling authority, which shall determine if a traffic review is necessary.
|
|
|
REPORTING LOSSES OR COMPROMISES OF SPECIAL TYPES OF CLASSIFIED INFORMATION AND EQUIPMENT (CON'T)
|
Report losses or compromises of classified information which involve other Government agencies to the Office of the Deputy Undersecretary of Defense (Counterintelligence and Security) (ODUSD (CI&S)) via CNO N09N2.
|
|
|
Immediately report incidents indicating a deliberate
compromise of classified information or indicating possible involvement of a foreign intelligence agency to |
the local NCIS office.
|
|
|
JAGMAN INVESTIGATIONS
|
A JAGMAN investigation is convened by the command having custodial responsibility over the information lost or compromised. The purpose of a JAGMAN investigation is to provide a more detailed
investigation and recommend disciplinary action or additional corrective action. |
|
|
Designation as a national security case does not normally occur until
|
the JAGMAN investigation is completed and it has been submitted to the appointing authority (cognizant command).
|
|
|
JAGMAN INITIATION AND APPOINTMENT LETTER
|
The commanding officer shall appoint, in writing, an
individual to conduct a JAGMAN investigation. This individual shall have security clearance eligibility and access commensurate to the classification level of the information involved; the ability to conduct an effective, unbiased investigation; and shall not be someone involved, either directly or indirectly, with the incident. |
|
|
If, during the course of the JAGMAN investigation, it is
determined that a compromise did not occur, |
the investigation shall be terminated and all addressees will be notified with a brief statement supporting the determination.
|
|
|
Successful completion of a JAGMAN investigation may, under certain circumstances, require professional or technical assistance. Commanding officers may ask the NCIS for investigative assistance in cases where commands lack either the resources or the capabilities to conduct certain types of investigations.
|
Such a request may be made at any time during
the course of the investigation, regardless of whether NCIS initially declined investigative action. For example, NCIS can provide valuable assistance in interviewing witnesses who have been transferred or in processing latent fingerprints. |
|
|
TRUE OR FALSE?
Every effort shall be made to keep the JAGMAN investigation unclassified; however, it shall be classified under the same circumstances as a PI. |
TRUE
|
