itdefpat

CISSP CISM 2009

THE7

1US//2NONUS//3SCI//FGI//5DISSEM//6NONINTEL//7DCLASDATE

6 & 7

6 NON-INTEL: COMSEC SAR
7 DECLASS DATE

1. US

1. U.S. Classification Markings: The classification is the first entry in the classification line.
The classification must be spelled out and may not be abbreviated in the classification line.
The four classification markings are:
Ø TOP SECRET
Ø SECRET
Ø CONFIDENTIAL
Ø UNCLASSIFIED

Example: TOP SECRET//COMINT-GAMMA/TK//RESEN,ORCON//COMSEC//1X

2. Non-U.S.

2. Non-U.S. Classification Markings: Used by other countries and international
organizations. The markings must be listed in the registry and be a trigraph country code.
Authorized non-U.S. classification markings are:
Ø TOP SECRET (TS)
Ø SECRET (S)
Ø CONFIDENTIAL (C)
Ø RESTRICTED (R)
Ø UNCLASSIFIED (U)
Example: // DEU SECRET//X1

Additional examples of the Non-U.S. Classification Markings are:
TYPE PORTION PAGE (EXAMPLE) REMARKS

Non-U.S. Country Classification //[Country Trigraph] [Non-U.S. Classification Portion Abbreviation]
//DEU SECRET//X5
• Markings begin with double right slash (i.e., //)
• Cannot be used with U.S. Classification Markings
• Must use X5 as Declassification Date

COSMIC Top Secret Atomal (//CTSA) //COSMIC TOP SECRET ATOMAL//MR
NATO Secret (//NS) //NATO SECRET//MR
Secret ATOMAL (//NSAT) //SECRET ATOMAL//MR

+++
NATO Confidential (//NC) (//NCA) //NATO CONFIDENTIAL//MR
Confidential Atomal //CONFIDENTIAL ATOMAL//MR

++++
NATO Restricted (//NR) //NATO RESTRICTED//MR

• NATO Marking
• Cannot be used with U.S. Classification
• May be used by NATO organization only
• Must use MR as Declassification Date

3 SCI

3. SCI Control Systems/Codewords: A SCI Control System is the system of procedural
protective mechanisms used to regulate or guide each program established by the Director of Central Intelligence as SCI. A control system provides the ability to exercise restraint, direction, or influence over or provide that degree of access control or physical protection necessary to regulate, handle or manage information or items within an approved program. Multiple entries may be chosen from the SCI Control System if the entries are applicable to the document.

TYPE PORTIO N PAGE (EXAMPLE) REMARKS
COMINT (SI) SERCRET//COMINT//[declass date]
• Referred to as SI
• May be use ONLY with: Top Secret, Secret or Confidential

GAMMA (G) TOP SECRET//COMINT-GAMMA-UMBRA//ORCON//[declass date]
• COMINT sub-control system/sub-compartment
• Requires: Top Secret and COMINT-UMBRA and ORCON

Talent Keyhole (TK) SECRET//TALENT-KEYHOLE//[declass date]
SECRET//TK//[declass date]
• May be used only with TS or S

4, FOREIGN GOV INFO

4. Foreign Government Information (FGI): Information used in U.S. controlled documents
which contain controlled information of non-U.S. origin. Use FGI + trigraph country code in alphabetical order, separated by single spaces. List all country codes in alphabetical order separated by a single space. Substitute “FGI” where specific government must be concealed. The Foreign Government Markings are:

Ø FGI [Country Trigraph(s)]
Ø FGI

5 DISSEMINATION

5. Dissemination Control Markings: Identifies the expansion or limitation on the distribution of classified information.

RS - RISK SENSITIVE
FOUO - FOR OFFIIAL USE ONLY
ORCON - ORIGINATOR CONTROLLED
IMCON - CONTROLLED IMAGERY
RD - RESTRICTED DATA
FRD - FORMERLY RD
SAMI - SOURCES AND METHODS INFORMATION
NF - NO FORN
PR PROPIN - PROPRIETARY INFORMATION
REL - RELEASABLE
CNWDI - Critical Nuclear Weapon Design Information

TERMS

Acronyms
ADP – Automated Data Processing
AIS – Automated Information System
(C) – Confidential
CNWDI – Critical Nuclear Weapons Design Information
COMINT – Communication Intelligence
COMSEC - Communication Security
COSMIC – NATO Top Secret
DAN – Document Accountability Number
DCID –Director of Central Intelligence Directive
EO – Executive Order
FAX – Facsimile
FGI – Foreign Government Information
FOIA – Freedom of Information Act
FOUO – For Official Use Only
FRD – Formerly Restricted Data
ISOO – Information Security Oversight Office
ISSO – Information Systems Security Officers
LIMDIS – Limited Distribution
MR – Mandatory Review
MTMC – Traffic Management Commands
NATO – North Atlantic Treaty Organization
NOFORN – Not Releasable to Foreign Nationals
NSDD – National Security Decision Directive
NTM – National Technical Means
OADR – Originating Agency’s Determination Required
OCA – Original Classification Authority
OMB – Office Management and Budget
ORCON – Originator Controlled
PDD – Presidential Decision Directive
PHV – Permanent Historical Value
PROPIN – Caution, Proprietary Information Involved
(R) – Restricted
REL TO – Release To
RD - Restricted Data
RSEN – Risk Sensitive
(S) – Secret
SAP – Special Access Program
SAR – Special Access Required
SCI – Sensitive Compartmented Information
SF – Standard Form
STU – Secure Telephone Unit
(TS) – Top Secret
(U) – Unclassified
U.S. – United States
USA – United States of America

USG CLASSIFICATION GLOSSARY

A SELECT FEW TERMS OF INTEREST:

Collateral – All national security information classified CONFIDENTIAL, SECRET, TOP
SECRET under the provisions of an Executive Order for which special Intelligence Community systems of compartmentation (such as, sensitive compartmented information) are not formally established.

Communication Intelligence or “COMINT” – Technical and intelligence information derived from foreign communication by other than the intended recipients.

Communication Security (COMSEC) – Protective measures to prevent unauthorized persons
from receive classified information via telecommunications.

Director of Central Intelligence Directive or “DCID” – The President’s principal foreign intelligence adviser appointed by him with the consent of the Senate to be the head of the Intelligence Community and Director of the Central Intelligence Agency and to discharge those authorities and responsibilities as they are prescribed by law and by Presidential and National Security Council directives.
("Dee-skid"). Several important DCID published.

Foreign Government Information – Information that is (a) provided to the U.S. by a foreign government or governments, and international organization of governments, or any element thereof with the expectation, expressed or implied, that the information, the source of the information, or both, are to be held in confidence; or (b) produced by the U.S. pursuant to or as a result of a joint arrangement with a foreign government or governments or an international organization of governments, or any element thereof requiring that the information, the arrangements, or both, are to be held in confidence.

GAMMA or “G” – Unclassified term used to describe a type of SCI

Limited Distribution or “LIMDIS” – Identify unclassified geospatial information and data which the SecDef may withhold from public disclosure.

Need-to-Know – A determination by an authorized holder of classified information that access to specific classified material in their procession is required by another person to perform a specific and authorized function to carry out a national task. Such person shall process an
appropriate security clearance and access approvals in accordance with DCID 1/14.


Sensitive Compartmented Information or “SCI” – Classified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director or Central Intelligence. The term does not include Restricted Data as defined in Section II, Public Law 83-703, Atomic Energy Act of 1954, as amended.


Special Access Program or “SAP” – Any program, which may or may not contain SCI, imposing need-to-know and access controls beyond those normally provided for access to CONFIDENTIAL, SECRET, and TOP SECRET information. Such controls may include, but are not limited to, access approval; adjudicative or investigative requirements; special designation of official s authorized to determine need-to-know; or special list or persons determined to have a need-to-know.

TK – Unclassified term used to describe a type of SCI.

Trigraph – A group of three letters used to identify specific country or specific accesses.

Unauthorized Disclosure – A communication or physical transfer or classified information to an unauthorized recipient.

CLASSIFICATIONS MADE EASY (NGA)

USG CLASSIFICATION AND SECRECY

The starting point for any discussion of US Government (USG) classification & secrecy is CAPCO:

http://www.danjryan.com/jscrpt.html
http://www.fas.org/sgp/library/moynihan/foreword.html
http://www.gpo.gov/congress/commissions/secrecy/index.

Prior to CAPCO, USG classification was haphazard and inconsistant. DoD, DoS and IC (and DoE as well) each had their own methods and markings, which were largely incompatible.
CAPCO standardized the processes and the markings.

CAPCO is managed by the National Archive, Information Security Oversight Office (ISOO). ISOO produces manuals and guidances on CAPCO, such as ISOO Implementing Directive No. 1
See http://www.archives.gov/isoo/training/marking-booklet.pdf
ISOO Dir No. 1 is the starting point for understanding.

Overarching DoD implementation of this can be found in DoD 5200.1
http://www.fas.org/irp/doddir/dod/5200-1ph/index.html

A more thorough discussion can be found in the NIMA guide (NIMA has since renamed to NGA):
http://ftp.fas.org/sgp/othergov/dod/nimaguide.pdf
Of particualar interest is introduction of the / separators. This document has extensive tables of possible combinations.
Also notes appropriate use of FOUO (and improper use)
Later section go in to great detail about using the full codes.

OpenID

from freeyourid.com:

go to http://brett.osborne.name (mailto:brett@osborne.name)

Resume (download)

CISSP+CISM WIKI

to get Word .doc or Acrobat .pdf of resume!

CISM Body of Knowlege/Domains

• Information security governance
• Risk management
• Information security program(me) management
• Information security management
• Response management

Oh, my words!

CISSP,CISM,information Assurance,Security,Systems Engineering,
Risk,vulnerability,regulations,standards,ISO,Polic,Architect,Assessment,
audit,firewall,intrusion,control,network

Overview

Information System Security Professional - 15 years in IT; over 8 years IS Security experience.

Current:
Lockheed Martin (1997)2003-present
Joint Strike Fighter F-35 Program Autonomic Logistic Information System (ALIS)

Expertise:

• Information Assurance (Governance) - policy, procedure, standards, compliance
• Requirements - creation, revision and validation
• Information Security analysis - requirements, initial design, architecture
• Information Security - Network and Operating system protections (firewall, intrusion, virus, permissions)
• Value: Cost/Technology/Schedule - Program Estimate at Completion, Risk, Basis of Estimate

Certifications:

• CISSP - (ISC)2, 2005
• CISM - ISACA, 2005

Associations

• Information System Security Association (ISSA), Central Florida Chapter President 2006
• Information Systems Audit and Control Association (ISACA), 2005 Board
  
• International Council on Systems Engineering (INCOSE), Orlando Chapter Secretary 2006
• ISC2 CISSP Exam Supervisor
  

Qualifications

Certifications

• CISSP
• CISM

Other

• US DoD Clearance
• Top Secret (active)
• NATO access
• Foreign Government Information