CISSP & CISM Certified Info System Security Pro
Multi-certified Info System Security Pro seeks employment. Have certifications CISSP and CISM (Certified Info Security Manager - ISACA.org).
For credentials, see CISSP+CISM WIKI: http://cisspcism.pbwiki.com/
For commentary, see http://itdefpat.blogspot.com
To see my TOP links, see http://del.icio.us/president_cFL_ISSA
or
for the top 104 infosec links
via RSS
http://del.icio.us/rss/itdefpat/infosec
About Me
- Name: IT Defense Patrol
- Location: Orlando, Florida, United States
Certifications: CISSP, CISM LinkedIn http://www.linkedin.com/pub/2/267/926 (Most info, contacts) PeopleAggregator http://peopleaggregator.net/user.php?tier_one=mypage&tier_two=public_page&uid=1371 (Prettiest) VOX http://gmotu.vox.com/
Tuesday, September 16, 2008
1. US
The classification must be spelled out and may not be abbreviated in the classification line.
The four classification markings are:
Ø TOP SECRET
Ø SECRET
Ø CONFIDENTIAL
Ø UNCLASSIFIED
Example: TOP SECRET//COMINT-GAMMA/TK//RESEN,ORCON//COMSEC//1X
Labels: CLASSIFICATION
2. Non-U.S.
organizations. The markings must be listed in the registry and be a trigraph country code.
Authorized non-U.S. classification markings are:
Ø TOP SECRET (TS)
Ø SECRET (S)
Ø CONFIDENTIAL (C)
Ø RESTRICTED (R)
Ø UNCLASSIFIED (U)
Example: // DEU SECRET//X1
Additional examples of the Non-U.S. Classification Markings are:
TYPE PORTION PAGE (EXAMPLE) REMARKS
Non-U.S. Country Classification //[Country Trigraph] [Non-U.S. Classification Portion Abbreviation]
//DEU SECRET//X5
• Markings begin with double right slash (i.e., //)
• Cannot be used with U.S. Classification Markings
• Must use X5 as Declassification Date
COSMIC Top Secret Atomal (//CTSA) //COSMIC TOP SECRET ATOMAL//MR
NATO Secret (//NS) //NATO SECRET//MR
Secret ATOMAL (//NSAT) //SECRET ATOMAL//MR
+++
NATO Confidential (//NC) (//NCA) //NATO CONFIDENTIAL//MR
Confidential Atomal //CONFIDENTIAL ATOMAL//MR
++++
NATO Restricted (//NR) //NATO RESTRICTED//MR
• NATO Marking
• Cannot be used with U.S. Classification
• May be used by NATO organization only
• Must use MR as Declassification Date
Labels: CLASSIFICATION, NON-US
3 SCI
protective mechanisms used to regulate or guide each program established by the Director of Central Intelligence as SCI. A control system provides the ability to exercise restraint, direction, or influence over or provide that degree of access control or physical protection necessary to regulate, handle or manage information or items within an approved program. Multiple entries may be chosen from the SCI Control System if the entries are applicable to the document.
TYPE PORTIO N PAGE (EXAMPLE) REMARKS
COMINT (SI) SERCRET//COMINT//[declass date]
• Referred to as SI
• May be use ONLY with: Top Secret, Secret or Confidential
GAMMA (G) TOP SECRET//COMINT-GAMMA-UMBRA//ORCON//[declass date]
• COMINT sub-control system/sub-compartment
• Requires: Top Secret and COMINT-UMBRA and ORCON
Talent Keyhole (TK) SECRET//TALENT-KEYHOLE//[declass date]
SECRET//TK//[declass date]
• May be used only with TS or S
Labels: CLASSIFICATION, SCI
4, FOREIGN GOV INFO
which contain controlled information of non-U.S. origin. Use FGI + trigraph country code in alphabetical order, separated by single spaces. List all country codes in alphabetical order separated by a single space. Substitute “FGI” where specific government must be concealed. The Foreign Government Markings are:
Ø FGI [Country Trigraph(s)]
Ø FGI
Labels: CLASSIFICATION, FOREIGN
5 DISSEMINATION
RS - RISK SENSITIVE
FOUO - FOR OFFIIAL USE ONLY
ORCON - ORIGINATOR CONTROLLED
IMCON - CONTROLLED IMAGERY
RD - RESTRICTED DATA
FRD - FORMERLY RD
SAMI - SOURCES AND METHODS INFORMATION
NF - NO FORN
PR PROPIN - PROPRIETARY INFORMATION
REL - RELEASABLE
CNWDI - Critical Nuclear Weapon Design Information
Labels: CLASSIFICATION, DISSEMINATION
TERMS
ADP – Automated Data Processing
AIS – Automated Information System
(C) – Confidential
CNWDI – Critical Nuclear Weapons Design Information
COMINT – Communication Intelligence
COMSEC - Communication Security
COSMIC – NATO Top Secret
DAN – Document Accountability Number
DCID –Director of Central Intelligence Directive
EO – Executive Order
FAX – Facsimile
FGI – Foreign Government Information
FOIA – Freedom of Information Act
FOUO – For Official Use Only
FRD – Formerly Restricted Data
ISOO – Information Security Oversight Office
ISSO – Information Systems Security Officers
LIMDIS – Limited Distribution
MR – Mandatory Review
MTMC – Traffic Management Commands
NATO – North Atlantic Treaty Organization
NOFORN – Not Releasable to Foreign Nationals
NSDD – National Security Decision Directive
NTM – National Technical Means
OADR – Originating Agency’s Determination Required
OCA – Original Classification Authority
OMB – Office Management and Budget
ORCON – Originator Controlled
PDD – Presidential Decision Directive
PHV – Permanent Historical Value
PROPIN – Caution, Proprietary Information Involved
(R) – Restricted
REL TO – Release To
RD - Restricted Data
RSEN – Risk Sensitive
(S) – Secret
SAP – Special Access Program
SAR – Special Access Required
SCI – Sensitive Compartmented Information
SF – Standard Form
STU – Secure Telephone Unit
(TS) – Top Secret
(U) – Unclassified
U.S. – United States
USA – United States of America
Labels: CLASSIFICATION
USG CLASSIFICATION GLOSSARY
Collateral – All national security information classified CONFIDENTIAL, SECRET, TOP
SECRET under the provisions of an Executive Order for which special Intelligence Community systems of compartmentation (such as, sensitive compartmented information) are not formally established.
Communication Intelligence or “COMINT” – Technical and intelligence information derived from foreign communication by other than the intended recipients.
Communication Security (COMSEC) – Protective measures to prevent unauthorized persons
from receive classified information via telecommunications.
Director of Central Intelligence Directive or “DCID” – The President’s principal foreign intelligence adviser appointed by him with the consent of the Senate to be the head of the Intelligence Community and Director of the Central Intelligence Agency and to discharge those authorities and responsibilities as they are prescribed by law and by Presidential and National Security Council directives.
("Dee-skid"). Several important DCID published.
Foreign Government Information – Information that is (a) provided to the U.S. by a foreign government or governments, and international organization of governments, or any element thereof with the expectation, expressed or implied, that the information, the source of the information, or both, are to be held in confidence; or (b) produced by the U.S. pursuant to or as a result of a joint arrangement with a foreign government or governments or an international organization of governments, or any element thereof requiring that the information, the arrangements, or both, are to be held in confidence.
GAMMA or “G” – Unclassified term used to describe a type of SCI
Limited Distribution or “LIMDIS” – Identify unclassified geospatial information and data which the SecDef may withhold from public disclosure.
Need-to-Know – A determination by an authorized holder of classified information that access to specific classified material in their procession is required by another person to perform a specific and authorized function to carry out a national task. Such person shall process an
appropriate security clearance and access approvals in accordance with DCID 1/14.
Sensitive Compartmented Information or “SCI” – Classified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled within formal access control systems established by the Director or Central Intelligence. The term does not include Restricted Data as defined in Section II, Public Law 83-703, Atomic Energy Act of 1954, as amended.
Special Access Program or “SAP” – Any program, which may or may not contain SCI, imposing need-to-know and access controls beyond those normally provided for access to CONFIDENTIAL, SECRET, and TOP SECRET information. Such controls may include, but are not limited to, access approval; adjudicative or investigative requirements; special designation of official s authorized to determine need-to-know; or special list or persons determined to have a need-to-know.
TK – Unclassified term used to describe a type of SCI.
Trigraph – A group of three letters used to identify specific country or specific accesses.
Unauthorized Disclosure – A communication or physical transfer or classified information to an unauthorized recipient.
Labels: glossary
USG CLASSIFICATION AND SECRECY
http://www.danjryan.com/jscrpt.html
http://www.fas.org/sgp/library/moynihan/foreword.html
http://www.gpo.gov/congress/commissions/secrecy/index.
Prior to CAPCO, USG classification was haphazard and inconsistant. DoD, DoS and IC (and DoE as well) each had their own methods and markings, which were largely incompatible.
CAPCO standardized the processes and the markings.
CAPCO is managed by the National Archive, Information Security Oversight Office (ISOO). ISOO produces manuals and guidances on CAPCO, such as ISOO Implementing Directive No. 1
See http://www.archives.gov/isoo/training/marking-booklet.pdf
ISOO Dir No. 1 is the starting point for understanding.
Overarching DoD implementation of this can be found in DoD 5200.1
http://www.fas.org/irp/doddir/dod/5200-1ph/index.html
A more thorough discussion can be found in the NIMA guide (NIMA has since renamed to NGA):
http://ftp.fas.org/sgp/othergov/dod/nimaguide.pdf
Of particualar interest is introduction of the / separators. This document has extensive tables of possible combinations.
Also notes appropriate use of FOUO (and improper use)
Later section go in to great detail about using the full codes.
Labels: CAPCO, CLASSIFICATION, US DoD