Tuesday, February 17, 2015

Security Bad Habits #1

Let's take a look at bad security habits and how to avoid them. We'll take on one at a time.
# 1. Not marking working papers. 

You might think it's okay to mark them later. You might be on a roll and can't stop for details. Whatever, stop making excuses and mark them immediately. You'll be glad you did.

Here's how to do it right

Working papers containing classified information shall be:

  • dated when created-Do this immediately, don't wait. Pretty soon you may find your security container filled with working papers and you have no idea of classification level or how old they are, and you've run out of time to mark them properly before you have to explain to DSS.
  • marked with the highest classification of any information contained in them-if the working papers are a result of classified experiments, research, or some other data, refer to the appropriate classification guidance, DD Form 254, contract or source and find out the classification level, what is classified, and why.
  • protected at that level-lock it up in the appropriate container, set alarms, put on cover sheet, enforce security clearance and need to know.
  •  destroyed when no longer needed - if you don't need it, get rid of it. Clear out that GSA Approved Container, open storage shelf, or vault. There is no reason to keep classified information once its usefulness is over.

No longer working papers when:

Your own decision

If you decide to keep the working papers, mark and protect them as you would a finished classified document. Deciding to keep a working paper is easy to figure out, just identify it as something needed in permanent storage and mark it accordingly. 

Overcome by events

Some events may take over that decision requiring automatic treatment of working papers as a classified document. In this case, they have just become overcome by events (OBE). Whether deliberate decisions to keep or just plain OBE, there are additional classification marking considerations in the NISPOM

Such OBE cases include when working papers are:

  • released outside of the facility-If this classified information is needed at another organization for a meeting or other reason, mark and treat it as permanent classified document.
  •  retained for more than 180 days from the date of the origin-You might not want to keep it forever, but if you keep it more than 180 days it's OBE; mark it as a permanent document. 
  • e-mailed within or  released outside the originating activity. Email = OBE. If it leaves the information system it resides on via email, then mark it as a permanent document.


Bottom line; If you need it, keep it. Just make sure that it officially becomes part of your classified inventory. If OBE, treat it as a permanent document.

More bad habit fighting examples coming. If you would like to contribute example bad habits for this blog or newsletter, send it over.

 For more ways to overcome bad habits, see our book: DOD Security Clearance and Contracts Guidebook.

                                                                 
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)