Sunday, September 16, 2012
MacB - DoD Contract - DO NOT SHARE OR DISCUSS
INITIAL SECURITY BRIEFING
June 18, 2008
INITIAL SECURITY TRAINING
MacAulay Brown, Inc. (MacB) has entered into a security agreement with the Department of Defense (DoD) in order to have access to information that has been classified because of its importance to national defense.
Many of our programs and activities are vital parts of the defense and security systems of the United States. All of us—both management and individual employees—are responsible for properly safeguarding the classified information entrusted to our care.
The Government provides a comprehensive manual that covers all aspects of protecting classified information—the National Industrial Security Program Operating Manual, more commonly referred to as the NISPOM. The NISPOM prescribes requirements, restrictions, and other safeguards that are necessary to prevent unauthorized disclosure of classified information and to control authorized disclosure of classified information released by the US Government Executive Branch Departments and Agencies to their contractors. One of the requirements of the NISPOM is for contractors to “implement all terms of this Manual applicable to each of its cleared facilities” and to convey these applicable terms to employees.
This briefing is simply a convenient way of providing you with the requirements of the NISPOM as they apply to the work we do here. It identifies and describes the responsibilities and duties we have as part of our nation’s defense team. While all employees at this facility may not have the opportunity to read the NISPOM, everyone is required to read this briefing. Reading it may prevent a security violation later.
You may have questions about your security responsibilities after you finish reading this briefing. We have a Corporate Security Manager at the Dayton Office whose job is to implement and monitor the National Industrial Security Program (NISP, to be explained later in this briefing) for MacB. And there is also a Facility Security Officer (FSO) and Security Specialists at each cleared MacB Facility, who is responsible for local implementation of the NISP. They will be happy to answer any questions you may have. In addition, the Defense Security Service (DSS) Industrial Security Representatives who monitor our facilities conduct periodic inspections and will also answer any questions you may have.
All of us have an obligation to see that our security practices are consistent with the best interests of our nation’s defense program.
THE NON-DISCLOSURE AGREEMENT (NDA) 1
THE THREAT AND DEFENSIVE SECURITY MEASURES 2
OVERVIEW OF THE SECURITY CLASSIFICATION SYSTEM 3
Classification of Material 3
Origination of Classified Material 3
Disposition of Classified Material 4
INDIVIDUAL RESPONSIBILITY 5
REPORTS TO BE SUBMITTED TO SECURITY 7
Adverse Information Report 7
Suspicious Contacts 7
Solicitation, Espionage, Sabotage & Loss/Compromise of Classified Information 7
Personal Status Change Reports 8
SECURITY AND THE INTERNET 9
FOREIGN VISITORS 10
FOREIGN TRAVEL 10
CLASSIFIED VISITS 11
Classified Visits – Contract Related 11
Classified Visits – Non-Contract Related 11
When You Visit Another Organization 11
When a Non-MacB Person Visits Us 11
WORKING WITH CLASSIFIED MATERIALS 12
AIS (Automated Information Systems) Security 12
Marking Classified Materials 12
Protecting Classified Materials 12
Working Papers Error! Bookmark not defined.
Storage of Classified Material 14
Transmittal of Classified Material 15
Receipt of Classified Material 15
Destruction of Classified Material 15
Intelligence Information 15
Loaning Classified Material 15
Classified Reproduction 15
Telephone Security 15
Combinations and Locks 16
Closed Areas 16
Unclassified Sensitive Material 17
A Final Word 17
SECURITY POINTS OF CONTACT: 18
THE NON-DISCLOSURE AGREEMENT (NDA)
If this is your initial DoD briefing for access to classified information, you will be required to sign an SF-312 Non-Disclosure Agreement, or NDA. If you have been briefed for access in the past by a government agency or another government contractor, and if the NDA you signed for is on file with the government via JPAS, you won’t have to sign another NDA. Remember that the NDA is a lifelong, legally-binding contract between you and the US Government. By signing the NDA you agree to:
Never disclose any classified material to which you had access.
Abide by pre-publication review procedures.
The pre-publication review procedure requires cleared employees to submit to Security all material they wish to publish (books, articles, screenplays, etc.) or plan to present (seminar, conference, etc.) based on any classified program the employee worked on. Even if the employee believes that the material to be published is totally UNCLASSIFIED, the material must still be submitted to Security for review. Security will forward the material to the Government for sponsor review and publication approval. Employees should contact Security to see how far in advance of the publication date the material should be submitted.
Resumes are also subject to prepublication review if they contain reference to any work done on a classified project. Security maintains strict confidentiality for any material to be reviewed.
Your resume should indicate only that you have a DSS Secret or Top Secret clearance. If you hold additional accesses such as SCI or SAP/SAR, you may include a statement in your resume that prospective employers may contact MacB Security for additional clearance information.
THE THREAT AND DEFENSIVE SECURITY MEASURES
The threat to our national security has changed drastically since the days of the “Iron Curtain.” MacB has obtained a booklet entitled “Be Alert” from the Office of National Counterintelligence Executive (NCIX). Although “Be Alert” is aimed at the overseas traveler, the information is directly applicable to your activities in the United States.
The booklet has an excellent description of the current threat and a listing of defensive security measures. Your security staff will provide you a copy of this booklet at the same time that you receive this briefing. You are required to read the booklet as part of this briefing in order to gain an understanding of the enemy’s capabilities, methods of operation, and to learn measures you may take to defend yourself against exploitation.
OVERVIEW OF THE SECURITY CLASSIFICATION SYSTEM
Classification of Material
It may be necessary in the performance of a contract to derivatively classify material generated by the company. The following procedures apply:
The security classification applied to the material involved with classified contracts and programs will be supplied by the Contracting Officer or the prime contractor using a DD Form 254 and/or other classification guidance, such as a Security Classification Guide. Classification of material produced by the company in the performance of a contract or program will be in accordance with the classification guidance provided in that form or in accordance with the company’s knowledge that the material produced is in substance the same as, or would reveal, other information known to be currently classified.
Three levels of Classification:
When the company originates information other than in the performance of a classified contract or program, it is to be classified if the company already knows it is classified.
If the company originates information it thinks may or should be safeguarded, it will protect the information as though classified at the appropriate level until an advisory classification opinion is obtained from the Contracting Officer or the CSA.
Within the company, the responsibility for reviewing the necessity, currency, and accuracy of the classified material lays with the manager or supervisor whose signature or other form of approval is required in order that the material is transmitted.
Origination of Classified Material
When the company is involved in the generation of classified documents or material, the following procedures will be followed:
TOP SECRET and SECRET documents (including all copies) will be entered into the Management Information System when they are received or transmitted outside the facility.
Physically marking classified information with appropriate classification markings serves to warn and inform holders of the degree of protection required. Markings will include:
Overall Classification markings
An Unclassified Title (U) and subject markings
Classified by/Downgrade to markings
Declassify on markings.
Date of document
Classified material will be marked in accordance with the Marking Supplement to the NISPOM, which is available upon request. The Security staff will assure that all classified material is properly marked and will brief those individuals who will generate classified information on proper marking requirements.
Disposition of Classified Material
The quantity of classified material on-hand will be minimized to the maximum extent possible consistent with contractual performance. Once classified material has served its purpose, it will be returned to the User Agency or destroyed at the earliest practical moment.
All classified material received or generated in the performance of a classified contract shall be returned upon completion of the contract, unless the material has been declassified or destroyed, or retention of the material has been authorized.
Each cleared employee of this company is required to report to the Security staff any of the following:
Espionage — Information coming to his or her attention concerning existing or threatened espionage, sabotage, or subversive activities.
Compromise—The loss, compromise, or suspected compromise of classified information—whether within or outside the company—as well as failures to comply with NISPOM requirements and MacB procedures for protecting classified material, regardless of the classification level involved.
Adverse Information—Any information coming to their attention concerning any employee who is currently cleared or is in the process of being cleared for access to classified information, which indicates such access or determination may not clearly be consistent with the national interest. As a general rule, this is information that reflects adversely upon the integrity or character of the employee and suggests his or her ability to safeguard classified information could be impaired.
If there is any doubt whether something should be considered adverse or not, report the information to the Security staff for determination. Reporting such information does not necessarily mean termination of a PCL.
MacB has established a system for reporting adverse information that includes cleared supervisors and managerial personnel playing an active role in identifying and reporting such information to the Security staff.
Security violations may also be reported as adverse information. MacB has established and enforces the following policies that provide for appropriate administrative actions against employees who violate the security requirements of this manual.
If the violation directly entails the mishandling of classified information and if a culpable cleared or in-process individual can be identified, an adverse information and culpable persons report will be submitted in accordance with paragraphs 1-303 and 1-304 of the NISPOM.
If the violation did not directly entail the mishandling of classified information, yet represents a deliberate disregard for security requirements on the part of a cleared or in-process individual, an adverse information and culpable persons report will be submitted in accordance with paragraphs 1‑303 and 1-304 of the NISPOM.
The graduated scale of disciplinary action is as follows:
First violation within a period of 12 consecutive months—verbal or written reprimand and other such corrective disciplinary action deemed appropriate.
Second violation within a period of 12 consecutive months—written reprimands and other such corrective disciplinary action deemed appropriate.
Third violation within a period of 12 consecutive months—written reprimands and corrective disciplinary action as deemed applicable by the FSO and the employee’s supervisor based upon the current violation and the individual’s previous violation records.
REPORTS TO BE SUBMITTED TO SECURITY
Adverse Information Report
Adverse information is any information about you or another cleared employee that causes questions about the individual’s ability to safeguard classified information. Such information must be reported to Security. Security handles Adverse Information Reports with the strictest confidentiality. Reportable Adverse
Information includes, but is not limited to, the following:
Any use of illegal substances.
Abuse of prescription drugs.
Bizarre or notoriously disgraceful behavior.
Sudden, unexplained affluence.
Unreported contacts with foreign nationals.
Repeated disregard for security policies & procedures.
Employees must report efforts by any individual, regardless of nationality, to obtain illegal or unauthorized access to classified information or to compromise the employee. In addition, all contacts by cleared employees with known or suspected intelligence officers form any country, or any contact which suggests that you may be the target of an attempted exploitation by the intelligence services of another country shall be reported to Security.
The above paragraph quotes the requirement that is in the NISPOM. The bottom line – be suspicious! Since you have access to classified information, you are a potential target for exploitation. Be especially careful in unfamiliar territory – foreign travel or Internet chat rooms, for example.
Solicitation, Espionage, Sabotage & Loss/Compromise of Classified Information
The following must be reported to Security immediately:
Anyone attempting to solicit classified information who is not authorized access to the information.
Any classified information made available to you that you are not cleared to handle.
Any loss, compromise, or suspected compromise of classified information.
Known or suspected espionage, sabotage, or subversive activity directed towards the company or any of the company’s facilities.
Personal Status Change Reports
Cleared employees are required to report the following information/changes via email to Security:
Any arrest, by the first working day following the arrest.
Lawsuits where the judgment may exceed your assets.
Change of name including change of name due to marriage or divorce.
Recurring financial difficulties, excessive indebtedness, and/or bankruptcy.
Any change in the naturalized citizenship status of yourself or your spouse.
Any intention to marry or cohabit with a foreign national.
Any affiliation with a foreign interest - an individual acting as a representative, official, agent, or employee of a foreign government, firm, corporation, etc.
SECURITY AND THE INTERNET
Discussing any information resulting from work on a classified program while on the Internet is STRICTLY PROHIBITED. The NDA that you signed during your Secret or Top Secret Indoctrination prohibits you from discussing and/or publishing any information, INCLUDING UNCLASSIFIED INFORMATION, related to a classified program. Posting information on the Internet is considered to be publishing. You may read something that someone else posts on the Internet that is related to a program you worked on, but you must NEITHER CONFIRM NOR DENY the validity of any of any information you find on the Internet.
Chatting on the Internet can be a new and energizing experience. Remember that the “Suspicious Contact” reporting requirement covered earlier in this training applies to Internet activities.
You must coordinate with Security prior to permitting any company visits by a non-US citizen. This requirement applies to both classified and unclassified visits.
Early security coordination by the MacB sponsor will ensure that Security can obtain any requisite licenses or approvals in time to meet the visit schedule. The visit will be denied if this coordination is not completed in advance. Security will brief the MacB visit sponsor on the ground rules applicable to the visit to ensure that the visit is conducted in compliance with US law and with company directives.
Host fills out the form and needs to send an email to security stating purpose and why a Foreign must attend the meeting?
Foreign travel must be reported on your security clearance update submission forms, so keep a record of your foreign travel. This record must include travel dates, destinations countries, and the reason for traveling. Business travel must be reported.
Security does have information and web sites addresses available for foreign travel briefings. It’s a good practice to get a threat briefing from Security before you travel.
Special Compartmented Intelligence (SCI) programs and Special Access Program/Special Access Required (SAP/SAR) programs usually have stringent foreign travel reporting requirements. Check with your Contractor Special Security Officer or SAP/SAR Security Officer for program-specific foreign travel reporting requirements.
Classified Visits – Contract Related
Contract related classified visits are permitted when there is a classified contractual relationship (to include all phases of pre-contract activity) between the parties involved. When a classified contractual relationship exists, classified information may be disclosed by both parties to the contract without obtaining approval from the Government agency that has jurisdiction over the information. Contractors may disclose classified information during contract related visits provided the intended recipient possess the appropriate clearance and has a valid need-to-know for the information.
Classified Visits – Non-Contract Related
Non-contract related classified visits are those visits made when no classified contractual relationship exists between the parties. The Government agency that has jurisdiction over the information must approve the visit before any classified information can be shared by the parties involved.
Non-contract related classified visits between contractors (and teaming partners working on the same system) do not require need-to-know certification if the Government agency that has jurisdiction over the information has provided written authorization for the classified information exchange.
When You Visit Another Organization
A Visit Request Worksheet (available on the SHARED Drive S:/Security/Visit Request Worksheet) must be submitted to Security in order for a visit request to be processed.
Security will e-mail the Visit Request Worksheet for employees working on base full-time.
When a Non-MacB Person Visits Us
There are instructions when hosting a classified or unclassified meeting here at MacB, along with visitor sign in info. These instructions can be found on the SHARED Drive S:/Admin/Meeting Info. You can contact security if you have any questions while arranging a meeting.
WORKING WITH CLASSIFIED MATERIALS
The need-to-know principle is the foundational concept when working with classified material. Some important points to remember about this principle are:
Always confirm need-to-know prior to discussing classified information.
Each individual, regardless of rank, position, or clearances/accesses, has only a need-to-know for information pertinent to specific task performance.
Need-to-know is not the same as want-to-know.
AIS (Automated Information Systems) Security
Computer systems cannot be used to process classified information until they have been approved by Defense Security Serviced and MacB Security. Systems that have been approved for processing SCI material are NOT automatically approved for DoD processing.
All users of a classified computer system must read the Program AIS Security Plan. Audit logs, if not automated, located next to computers, must be completed each time the system is used. Remember - passwords are never to be shared and must be changed periodically.
Marking Classified Materials
ALL classified materials require certain markings and must be placed on all classified materials. On documents, the classification is placed on the top and bottom, front and back of each page. Portion markings, including those designating an UNCLASSIFIED portion, are used before each section, part, paragraph or similar portion of a classified document. When illustrations, photographs, figures, graphs, drawings, charts or similar portions are contained in classified documents, they shall be marked clearly to show their classified or unclassified status. Markings on classified hardware should be discernible and not easily removed.
Protecting Classified Materials
When classified material is not in a safe, it must be in constant visual control of a need-to-know verified, cleared person. Close the door and blinds when you work with classified in your office. Remember, too, that classified discussions are prohibited in public areas, cubicles, and open offices. Classified discussions are permitted in closed offices only if you have verified that normal conversation is unintelligible outside of the office.
OPENING X07 & X09 COMBINATION LOCKS
To unlock, dial left (CCW) four to six turns to power the lock. Numbers will appear on the LCD display screen when the lock is powered up. Continue dialing left to the first number of the combination.
Stop when the first number sequence is reached. The number will be displayed on the screen.
Turn the dial right (CW) until you come to the second number.
Turn the dial left until you come to the third number.
Briskly turn the dial to the right, "OP" will appear. Continue turning until the bolt is retracted and the lock is unlocked.
Note, when unlocking; if you pass your target number by 4 or more numbers, continue dialing in the same direction until you reach the target number again. If you pass the target number by no more than three numbers you may reverse directions, slowly, and the display will jump back four numbers. Now you may dial slowly in the original direction to the target number.
Make sure to utilize the safe “Open/Closed” record and flip the Open/Closed magnet to the ‘Open’ side.
CLOSING X07 & X09 COMBINATION LOCKS
After verifying that all classified information is secured back in the safe, close the drawer.
Turn Dial to the left (CCW) a minimum of one complete revolution to extend the bolt.
Turn Dial to the right (CW) a minimum of one complete revolution to ensure that it is locked. Pull down on the handle to verify.
Once again, make sure to utilize the safe “Open/Closed” record and flip the Open/Closed magnet to the ‘Closed’ side.
Secret or Confidential Working Papers shall be:
Dated when created
Marked with the overall classification on the top and bottom, front and back of each page
Marked with the annotation “Working Papers”
Destroyed when no longer needed.
You must bring Secret or Confidential working papers to Security to be marked and controlled as a finished document when:
Transmitted outside the facility, or
Retained for more than 180 days from the date of creation.
Top Secret working papers must be marked and controlled as a finished document after 30 days.
Storage of Classified Material
When storing classified material, you must:
Never store classified material in a locked desk or on a shelf.
Store classified material only in an approved Closed Area, Vault or an approved GSA container.
Memorize combinations. NEVER keep them in a desk, wallet, purse, etc.
Keep materials from different projects and/or customers separated.
Keep classified holdings to a minimum. Return materials to Security for destruction when they are no longer needed.
Inventory your classified holdings on a regular basis.
Utilize the Safe Open/Close Record.
Never leave classified material unlocked or unattended.
Store Carved Out materials separately from other materials. (Carve Outs are DoD programs over which DSS has no cognizance.)
Transmittal of Classified Material
Classified material that is to be sent outside the facility, including any off-site buildings, must always be dispatched through Security. A Courier Authorization Form and a formal Classified Courier Briefing must be completed before classified material can be hand carried.
Receipt of Classified Material
All classified material that arrives at MacB must be delivered immediately to Security for processing. Only Security personnel may sign for U.S. Postal Service Express, Registered and Certified mail. Couriers must deliver hand carried classified material unopened to Security. Classified address is the same as facility address.
Destruction of Classified Material
All controlled classified material must be delivered to Security for destruction or placed in an appropriate security container for pick up by Security. Classified working papers must be delivered to Security for destruction when they have served their purpose. Classified waste must be placed in a designated container or delivered to Security for destruction.
ALWAYS coordinate with Security before disposing of Top Secret, Carve-Out, Intelligence or Special Access materials
Loaning Classified Material
Classified material will not be loaned to anyone. If someone needs access to the information in your possession, return the document to Security. Security will verify the person’s clearance and need-to-know and then require that individual sign for the document, relieving you of your responsibility.
The reproduction of classified material may be done ONLY BY Security in the Security office. Copies must be controlled in the document information management system, if necessary.
Classified information should NEVER be discussed on a regular telephone. Do not attempt to talk around classified - someone may be listening in on your conversation. Classified information can only be discussed on a secure phone. For the location of secure phones, contact Security.
Combinations and Locks
Combinations to secure containers are classified. They must never be written down except in a controlled classified document. When closing the container, spin the combination lock and attempt to open the container, to ensure it is secure.
Intelligence Information can be identified by the following markings:
CURRENT MARKINGS *OBSOLETE MARKINGS
Dissemination & Extraction of Information Controlled by Originator WNINTEL:
Warning Notice – Intelligence Sources or Methods Involved
Caution – Proprietary Information Involved NOCONTRACT or NC:
Not Releasable to Contractors or Consultants
Not Releasable to Foreign Nationals UO:
U. S. Only
REL TO (specify country(s)):
Releasable to US, AUS, CAN, UK US & (specify country(s)) Only: US & AUS, CAN, UK Only
*Must be afforded additional protection even though marking is obsolete.
Because of its sensitivity, Intelligence Information requires the following additional security controls:
Access to Intelligence Material must be restricted to those individuals with a valid need-to-know who are actually providing services under the contract for which the material was provided.
Copies or reproductions of Intelligence Material must be controlled in the same manner as the original.
Further release of Intelligence Material to other contractors, subcontractors or other government agencies requires advance written permission from the government Contracting Officer’s Representative and a Senior Official of the Intelligence Community.
A Closed Area is a specially constructed room for storing classified material that won’t fit into a standard safe drawer, or to accommodate those classified operations that must have large working areas. MacB currently has DSS-approved Closed Areas at the home office. Cleared employees who have a need-to-know must occupy MacB’s Closed Areas or the Closed Area alarm system must be active. This alarm is connected to a central control station. We have no open storage.
A Closed Area must be “sanitized” before an uncleared or a no “need-to-know” visitor can have access to the area. “Sanitizing” involves clearing computer screens of classified information, covering or storing any exposed classified material, and making sure that small, portable classified items (floppy disks, tapes, etc.) which could be easily concealed are removed from the area to be visited. “Sanitization” takes time and concentration. Closed Area visitor escorts must call the Controlled Area ten minutes before bringing a visitor to the area. The escort must make a follow-up call ten minutes after the first call to make sure that “Sanitization” is complete.
Unclassified Sensitive Material
Protecting unclassified Proprietary and Sensitive materials is vitally important. Proprietary or Sensitive data may be disclosed only to other MacB employees who are directly involved with the subject matter on a need-to-know basis. Proprietary or Sensitive data may be disclosed to non-MacB personnel only if the disclosure fulfills an authorized, legitimate business purpose and an appropriate contract or non-disclosure agreement has been signed by both parties to the disclosure.
A Final Word
This Briefing Booklet serves as a general guide to assist you in working with classified materials. Specific programs may have additional regulations to follow. If you ever are in doubt as to how to work with a regulation, or need some clarification, please remember to consult with Security.
SECURITY POINTS OF CONTACT:
Director of Corporate Security: Bob Lilje Direct: 937-490-2559
Facility Security Officer (FSO): Bill Cuthrell Direct: 937-490-2556
Security Specialist: Greg Little Direct: 937-490-2696
Security Specialist: Julie Cipriano Direct: 937-490-2558
Security Administrator: Krista Smith Direct: 937-490-2557
Phone Number: 1-800-432-3421
Fax Number: 937-426-5364
AIS Automated Information System
DSS Defense Security Service
DoD Department of Defense
NDA Non-Disclosure Agreement
NISPOM National Industrial Security Program Operating Manual
Defense Hotline NRC Hotline
The Pentagon U.S. Nuclear Regulatory Commission
Washington, DC 20301-1900 Office of the Inspector General
(800) 424-9098 Mail Stop TSD 28
Washington, D.C. 20555-0001
Office of the Inspector General
Central Intelligence Agency
Washington, D.C. 20505
Department of Energy
Office of the Inspector General
1000 Independence Avenue, S.W. Room 5A235
Washington, D.C. 20585
(202) 586-4073 or (800) 541-1625