Information Security Overview

1
Information Security Overview

• Neala Enfinger Bridget Ouellette
• 10 March 2006

2
Information Security Overview
HIGHLIGHTS

• SECNAVINST 5510.36A rewrite
• OCA
• SCG Initiative
• Portion Marking Verification Tool (PMVT)
• CAPCO Markings

3
Information Security Overview
SECNAVINST 5510.36A - SIGNIFICANT REVISIONS

• Chapter 1 Intro to the ISP
• Updates national, DOD and DON level program
  management responsibilities
• Restructured chapter for better flow
• Chapter 2 Command Security Management
• Updates command security management
  responsibilities, investigative and clearance
  requirements, and authorized individuals 
• Chapter 3 Security Education
• No significant change

4
Information Security Overview

• Chapter 4 Classification Management
• Provides additional guidance on OCA and OCA
  training
• Incorporates CNO ltr 5513.1 Ser 09N/5U981092 of 5
  Dec 05, Interim Security Guidance for duration of
  classification
• Incorporates CNO ltr 5513.1 Ser 09N/4U692255 of
  16 Aug 04, Interim Information Security Guidance
  for information released to the public with
  proper authority, and reclassification of
  information released to the public.
• Provides additional guidance on Automatic
  Declassification and the records that apply
• Chapter 5 Security Classification Guides
• No significant change

5
Information Security Overview

• Chapter 6 Marking
• Implements OUSD(I) memo of 16 Apr 04, Interim
  Information Security Guidance for marking of
  FOUO-LES
• Incorporates CNO ltr 5510 Ser N09N2/4U692357 of 6
  Oct 04, Security Classification Marking
  Instructions for REL TO
• Requires use of TRIGRAPH and TETRAGRAPH for FGI
• Implements new marking guidance for ACCM
  protected information
• Updates marking guidance for documents processed
  on IT systems, and removable IT media
• Revises Exhibits 6A (marking samples) and 6B
  (marking USMTF msgs)

6
Information Security Overview

• Chapter 7 Safeguarding
• Incorporates DoD policy on sponsorship, location
  and approval of classified meetings
• Incorporates CNO ltr 5510 Ser N09N2/5U981060 of 3
  Oct 05, ACCM policy change notice regarding ACCM
• Chapter 8 Dissemination
• Adds third agency rule for sharing classified
  information with state and local officials when
  deemed necessary under emergency conditions 
• Adds new guidance on dissemination of NGA limited
  distribution information
• Clarifies the pre-publication review process and
  commanders involvement
• Removes old guidance on docs with superceded
  distribution statements 
• Adds clarification of public release requirements
  for documents originated or proposed for public
  release in the Washington, D.C. area

7
Information Security Overview

• Chapter 9 Transmission and Transportation
• Provides additional information on authorized
  carriers for transmission of classified material
• Chapter 10 Storage and Destruction
• Allows storage of Secret material, with
  supplemental controls, in a non-GSA approved
  container with a built-in combination lock until
  1 Oct 2012 (parallels 32 CFR of 22 Sep 03)
• Expands and better defines procurement of new
  storage equipment, and the types of containers in
  use and available for purchase
• Revises open storage area standards to parallel
  32 CFR

8
Information Security Overview

• Chapter 11 Industrial Security Program
• Provides current information on DSS structure
•  Provides guidance on DSS and command security
  oversight of cleared contractor facilities and
  contractors assigned to government facilities
• Provides additional guidance on overseas
  contractor activities
• Provides the National Interest Determination
  (NID) process for contractors under foreign
  ownership, control or influence (FOCI)
• Chapter 12 Loss or Compromise of Classified
  Information
• Defines the relationship between a compromise or
  possible compromise and the term "spillage" as
  used by the IA community, and the associated
  reporting process
• Better defines the process of reporting public
  media compromises

9
Information Security Overview

• Original Classification Authority (OCA)
• Indoctrination Letters
• Updated OCA Training posted at www.navysecurity.na
  vy.mil, under Information Security
  Classification Management
• DSS initiative for OCA Training
• Sample documents

10
Information Security Overview
Security Classification Guide (SCG) Initiative

• RANKIN guides on SIPRNET via NAVAIRs Acquisition
  Systems Database (ASDB)
• Successfully tested ASDB
• Tentative timeline for beginning to post current
  SCGs Apr 06
• Tentative availability for access to SCGs via
  ASDB Aug 06
• Requests for access will be approved by CNO
  (N09N2)
• Ltr drafted to require OCAs to update SCGs

11
Information Security Overview

• Portion Marking Verification Tool (PMVT)
• Automates portion marking process
• Based on defined criteria from SCGs and
  derivative classifier input
• NAVSEA selected to beta test

12
Information Security Overview
Controlled Access Program Coordination Office
(CAPCO)

• Control Markings Register maintained by CAPCO DNI
  Special Security Center
• Includes list of authorized terms to mark
  classified material and exact format
• DOD movement towards unified marking scheme using
  CAPCO markings
• Implementation timeline TBD
• CAPCO markings can be found on the SIPRNET and
  JWICS

13
QUESTIONS?