Meegan Kriley, Security Specialist
description
Transcript of Meegan Kriley, Security Specialist
Department of Homeland Security
Office of SecurityAdministrative Security Division
For Official Use Only (FOUO)MD 11042.1
Meegan Kriley, Security Specialist
June 1, 2005
Administrative Security Division
Our Responsibilities
MissionTo safeguard information and assets vital to the security and integrity of the homeland.
VisionTo establish and maintain a vital, robust, credible, and proactive program for the administration and management of programs associated with the protection of classified and sensitive but unclassified information.
Administrative Security Division
Classified Confidential (C)
Secret (S)
Top Secret (TS)
Sensitive But Unclassified (SBU)For Official Use Only (FOUO)
Sensitive Security Information (SSI)
Protected Critical Infrastructure Information (PCII)
Sensitive But Unclassified Information (SBU)
Examples: For Official Use Only (FOUO) - DHS MD 11042.1
Sensitive Security Information (SSI) – 49 USC 40119
Protected Critical Infrastructure Information (PCII/CII) – 6 USC 131(3)
Law Enforcement Sensitive (LES)
Other Similar Terms Used For Information That Is Considered Sensitive, But Does Not Meet E.O. 12958, As Amended, Standards For Classification
Privacy Act Information
For Official Use Only (FOUO)
Definition (from MD 11042.1):
Used within DHS to identify unclassified information of a sensitive nature, not otherwise categorized by statute or regulation, the unauthorized disclosure of which could adversely impact a person’s privacy or welfare, the conduct of Federal program, or other programs or operations essential to the national interest.
Information impacting the National Security of the United States and classified Confidential, Secret, or Top Secret under Executive Order 12958, “Classified National Security Information,’ as amended, or its predecessor or successor orders, is not to be considered FOUO.
For Official Use Only (FOUO) Designation Categories (11)Designation Categories (11)
Exempt under FOIA
Exempt under Privacy Act
Protected by treaty, statute or other agreement
Could be sold for profit
Would result in physical risk to personnel
It is internal systems data
Data revealing the security posture of a system
Reveals security vulnerabilities
Indicates intentions or capabilities of operations
Overly revealing of developing or current technology
Marked in a similar manner from another department or agency
For Official Use Only (FOUO) Designation AuthorityDesignation Authority
Categories:
Any DHS employee, detailee, or contractor, can mark information falling within one or more of the categories’ as FOUO.
Without Categories:
Officials occupying supervisory or managerial positions are authorized to designate other information, not listed and originating under their jurisdiction, as FOUO.
For Official Use Only (FOUO) DurationDuration
Information marked FOUO will retain its designation until determined otherwise by the originator.
Duration markings are not required.
FOUO marking does not automatically exempt information from release under FOIA.
For Official Use Only (FOUO) MarkingMarking
Mark bottom of ALL document pages:
“FOR OFFICIAL USE ONLY” FOUO Cover Sheet
Front Page, Back Page, individual pages
Portion markings are not required if there is no classified information in the document
Optional:WARNING: This document is FOR OFFICIAL USE ONLY (FOUO). It is to be controlled, stored, handled, transmitted, distributed, and disposed of in accordance with DHS policy relating to FOUO Information.
Department of Homeland Security
FOR OFFICIAL USE ONLY
The attached materials contain Department of Homeland Security
Information that is “For Official Use Only.”
The attached materials will be handled and safeguarded in accordance with DHS
management directives governing protection and dissemination of such
information.
MD11042.1
For Official Use Only (FOUO) Handling / StorageHandling / Storage
When unattended, FOUO information will be stored in a locked filing cabinet, locked desk drawer, a locked overhead storage compartment such as systems furniture credenza, or a similar locked compartment.
Information can also be stored in a room or area that has sufficient physical access control measures to afford adequate protection and prevent unauthorized access by members of the public, visitors, or other persons without a need-to-know, such as a locked room or an area where access is controlled by a guard, cipher lock, or card reader.
For Official Use Only (FOUO) Handling / TransmittalHandling / Transmittal
No clearance is needed for access; however, there has to be a ‘need to know’.
Stored in a locked drawer or file, unless otherwise protected from unauthorized access.
Not stored with classified unless there is a correlation.
Mailed First Class Mail with the U.S. Postal Service, or a commercial delivery service such as DHL.
For Official Use Only (FOUO) Handling / TransmittalHandling / Transmittal
Use of secure phone and faxes for transmittal although not required, is encouraged.
FOUO transmitted over email should be protected by encryption. When encryption is impractical or unavailable transmit over regular email channels.
FOUO should not be posted to public websites.
For Official Use Only (FOUO) DestructionDestruction
Hard copy FOUO materials will be destroyed by shredding, burning, pulping, or pulverizing, sufficient to assure destruction beyond recognition & reconstruction. After destruction, materials may be disposed of with normal waste.
Electronic storage media shall be sanitized appropriately by overwriting or degaussing. After destruction, materials may be disposed of with normal waste.
For Official Use Only (FOUO) Incident ReportingIncident Reporting Incidents on DHS IT systems will be reported to the organizational
element’s Computer Security Incident Response Center.
Suspicious or inappropriate requests for information shall be reported to the DHS Office of Security.
At the originator’s request, an inquiry will be conducted by the local security official or other designee to determine the cause and affect of the incident and, if any, the appropriate administrative or disciplinary actions.
For Official Use Only (FOUO) ExampleExample
For Official Use For Official Use OnlyOnly
SECRETSECRET
SECRET
FOR OFFICIAL USE ONLY
CONFIDENTIAL
Classification ofInformation
Information designated as FOUO will be sufficiently
marked so that persons having access to it are aware of its sensitivity and protection
requirements.
FOR OFFICIAL USE ONLY
11
TITLE PAGE
For Official Use Only (FOUO)Classification of
Information
FIRST PAGE and INTERNAL PAGES – FIRST PAGE and INTERNAL PAGES – Mark “FOR OFFICIAL USE ONLY”
FIRST PAGE and INTERNAL PAGES – FIRST PAGE and INTERNAL PAGES – Mark “FOR OFFICIAL USE ONLY”
SAMPLE
DEPARTMENT Of
HOMELAND SECURITY
June 1, 2005
Training Class
FOR OFFICIAL USE ONLY
FRONT COVER, TITLE PAGE, and OUTSIDE FRONT COVER, TITLE PAGE, and OUTSIDE BACK COVERBACK COVER – Mark the bottom “FOR OFFICIAL USE ONLY”
FRONT COVER, TITLE PAGE, and OUTSIDE FRONT COVER, TITLE PAGE, and OUTSIDE BACK COVERBACK COVER – Mark the bottom “FOR OFFICIAL USE ONLY”
3
FOR OFFICIAL USE ONLY
OFFICIAL USE ONLY
2
FOR OFFICIAL USE ONLY
QUIZQUIZ What is the term used within DHS to identify unclassified
information of a sensitive nature, not otherwise categorized by statute or regulation?
For Official Use Only (FOUO)
Who can mark information FOUO?ANY DHS employee, detailee, or contractor can mark
information falling within one or more of the categories cited
How can FOUO materials be transmitted?U.S. Postal Service First Class, DHL, or inter-office mail
Where can you find answers regarding questions on DHS FOUO?MD 11042.1
DHS Office of Security – Administrative Security Division
DHS Office of Security Customer Service CenterDHS Office of Security Customer Service Center(202) 692-4432(202) 692-4432
(202) 358-1426(202) [email protected]@dhs.gov