Temporary Sensitive Compartmented Information Facilities ... · PDF filePage 2 Welcome to T-SCIF Training Welcome to T-SCIF Training Welcome to Temporary Sensitive Compartmented Information

January 2013

Temporary Sensitive

Compartmented Information

Facilities (T-SCIF) Training Guide

Page 2

Welcome to T-SCIF Training Welcome to T-SCIF Training

Welcome to Temporary Sensitive Compartmented Information Facilities or T-SCIF Training

The goal of this course is to ensure responsible security professionals are provided

adequate training in protecting National Security Information (NSI) at the Sensitive Compartmented Information (SCI) level while supporting the needs of the mission.

The course is designed to help you understand the Department of Defense (DoD)

guiding principles for Sensitive Compartmented Information, the critical importance of Temporary Sensitive Compartmented Information Facilities (T-SCIFs), and how to prepare for and implement a T-SCIF.

The course provides quality training to both newly assigned or appointed individuals

with little or no SCI experience in their performance as an SCI security official and to those in the field who are engaged in implementing a T-SCIF. Anyone involved with T-SCIFs can benefit from this training.

Navigation Instructions

Host: Before you begin this course for the first time please take a minute to review the navigation information and meet your guide, Sgt. Jones. Navigating through this course requires that you are aware of the options available for changing slides, viewing the transcript, and searching for key words.

The panel on the left contains three tabs. The outline tab shows the slide titles to enable you to move to a specific slide. The Transcript tab allows you to read along with the audio. The Search tab provides a search engine that will help you locate specific words or topics in either the slide or the notes.

In the upper right of the slide you can click to view a searchable glossary, find downloadable references and resources, and exit the course.

There are two types of slide navigation. The main buttons are on the bottom of the

screen and allow volume and slide direction control. Clicking on the large arrow will either play or pause the current slide. Use the smaller arrows to advance or retreat through the slides. Throughout the course there are several internal slide shows. For each of these arrows will appear on the upper right hand corner. These are the only way to advance through the internal slide shows without missing any of the information.

Now I’d like to introduce you to Sgt. Jones. Sergeant Jones: Good day ma’am.

T-SCIF Training—Welcome

Page 3

Host: You will meet Sgt. Jones at various places throughout the course. Sergeant Jones: That is correct. Together we will strive to teach you what you need to

know to set up and break down a temporary SCIF. Now go start the course. Course Purpose

All personnel with access to classified information must maintain a heightened sense of awareness and immediately take action to report all instances of suspicious and malicious behavior to their Security Manager, Special Security Office, and/or Chain of Command.

This course is intended to:

Provide guidance for the approval and operation of T-SCIFs, when required, in support of tactical, contingency, emergency, and other immediate operational needs, and

Ensure the execution and protection of a sound command security program to protect classified information and prevent unauthorized disclosure.

Table of Contents

This course is divided into two parts. Part I is an introduction to and overview of Temporary Sensitive Compartmented Information Facilities, or T-SCIFs, including lists of resources that define regulations and procedures for setting up and reviewing a T-SCIF. This section is intended to provide a solid foundation for anyone assigned the job of implementing a T-SCIF.

Part II goes deeper into the details of creating and managing a T-SCIF. This portion of

the course is intended to be used as initial training but also as an important reference tool for the day-to-day workings of a T-SCIF, including how to withdraw from a T-SCIF, and how to report security incidents and violations.

To start the course, click on the Part I title, or if you have already viewed those lessons,

you can go directly to Part II by clicking on the Part II title. There are knowledge checks throughout the course, and these are not scored. However, at the end of the course is a cumulative assessment. You must pass this test at the end with at least a score of 75% to qualify for a Certificate of Completion for this course.

T-SCIF Training—Part 1

Page 4

Part 1 - Introduction

Overview of Temporary Sensitive Compartmented Information Facilities Objectives

By the end of Part 1 of this course you should be able to: Define SCI Identify SCI Leadership Responsibilities Explain T-SCIF Security Requirements Locate Resources to Set Up and Review a T-SCIF

Lesson 1: Timeline and SCI Authority

Lesson 1: National Security and U.S. Army timelines for SCI and defines SCI and

security. National Security Policy and US Army SCI Authorities Timeline

US Army SCI Authorities Timeline This timeline shows the history of the authorities that have been put in place to assure

the security of sensitive compartmented information. Click on each button on the timeline to see a short explanation of what each document contains.

What is SCI?

All classified information is divided into one of three categories: Confidential applies to information or material the unauthorized disclosure of

which could be reasonably expected to cause damage to the national security. Secret applies to information or material the unauthorized disclosure of which

reasonably could be expected to cause serious damage to the national security. Top Secret applies to information or material the unauthorized disclosure of

which could reasonably be expected to cause exceptionally grave damage to the national security.

"For Official Use Only" or FOUO is not a security classification. It is used to protect information covered under the Privacy Act and other sensitive data.

In addition to the above, some classified information is so sensitive that even the extra

protection measures applied to Top Secret information are not sufficient. This information is known as "Sensitive Compartmented Information" (SCI) or Special Access Programs (SAP). An individual needs special "SCI Access" or SAP approval to be given access to this information.


Page 5

Sensitive Compartmented Information or SCI, is classified national intelligence concerning, or derived from, intelligence sources, methods, or analytical processes that is required to be protected within formal access control systems established and overseen by the Director of National Intelligence.

Access to SCI is closely controlled and granted only after a clear need-to-know for such

access has been established. Who Owns the Program?

E.O. 13470 amended E.O. 12333 and established the Director of National Intelligence (DNI) as the Head of the Intelligence Community for intelligence matters related to National Security. DNI oversees and directs the implementation of the National Intelligence Program.

Part 1 Lesson 1 Knowledge Check

Read the question and answers carefully to determine the correct answer. Drag and drop the role to the matching responsibility on the left. When you have made your selection click Submit to check your answer.

Lesson 2: SCI Leadership Responsibilities

Lesson 2: SCI Leadership Responsibilities describes the SCI Community network and provides a listing of leadership responsibilities. It also includes the training requirements for those involved with SCI.

SCI Community Network

The SCI Community Network is composed of all personnel assigned the responsibility of managing, safeguarding, storing, and/or transmitting intelligence information over an SCI Network.

This includes but is not limited to: Special Security Officers (SSOs), Special Security Representatives (SSRs), and Information Assurance Managers (IAMs) in your chain of command, your ACOM/ASCC & DRU SCI Program Managers, HQDA SCI Program Managers, and SSO DIA. All of these resources are available to support you!

NOTE: When deployed: SSOs will follow COCOM representative guidelines.

Required Training

The major organizations providing SSO training are the DIA, ODNI and DSS. All


Page 6

personnel assigned to the position of SSO and/or ASSO will attend the SCI Security Officials course within 120 days of being appointed to these security duties. Security courses are sponsored by ODNI and DSS.

SSRs will be trained by the respective SSO within 30 days of assignments to the position and, when possible, allowed attendance at the Security Officials course as a security baseline. SSOs will provide annual refresher training and maintain strategic communications with SSRs and security managers at all echelons to ensure the integrity of the SCI program. SSOs will provide security training to subordinate commands for T-SCIF operations and further safeguarding of classified information during the redeployment phase.

The SCI Security Officials course is listed in STEPP as Course #SCI 201.01. Part 1 Lesson 2 Knowledge Check

Read the question and answers carefully to determine the correct answer. Drag and drop the role to the matching responsibility on the left. When you have made your selection click Submit to check your answer.

Lesson 3: T-SCIF Overview Lesson 3: T-SCIF Overview begins with a definition of T-SCIF and covers Planning

Considerations, how to make a T-SCIF Request, and reviews certain required Policies, Procedures, and Standard Operating Procedures.

T-SCIF Requirements

A Temporary SCIF is a facility determined to be necessary for a limited time to meet tactical, emergency, or immediate operational requirements as defined in ICS 705-1.

In accordance with IC Tech Spec-for ICD/ICS 705, Chapter 6, Ground-Based T-SCIFs

may be established in hardened structures, for example, buildings and bunkers, or semi-permanent structures like truck-mounted or towed military shelters, prefabricated buildings, or tents.

Permanent-type hardened structures shall be used to the greatest extent possible for T-SCIFs. Prior to the T-SCIF activation, the Accrediting Official (AO) may require submission of a standard Fixed Facility Checklist (Attachment 8a) or a T-SCIF Checklist produced before or after a deployment.


Page 7

T-SCIF Planning Considerations

Establishing a T-SCIF requires detailed planning and coordination. Listed below are procedures to follow:

Provide proper protection, use, and dissemination of SCI documents and

material by enforcing SCI, information, personnel, physical, communications, industrial, and IA security rules and by developing standard operating procedures also known as SOPs and practices in accordance with regulatory guidance (DoDM 5105.21 Volumes 1,2,& 3).

Ensure SCI is disseminated to persons with authorized access to the material. They also must have an established "need-to-know".

Ensure an Accrediting Official-approved Emergency Action Plan or EAP is developed and rehearsed periodically by all personnel assigned to the T-SCIF; the results of the rehearsal drills shall be documented.

Ensure SCI cleared personnel receive proper security education training and awareness and are trained to perform their respective duties and responsibilities in the protection of SCI and equipment.

Ensure when employing a T-SCIF, a risk management approach is used that balances the operational mission with the protection of SCI.

Pre-Deployment Considerations

SCIF security, temporary or permanent, starts with the decision to build a SCIF. Adequate planning and design will prevent many of the security risks to SCI. If you have been assigned responsibility for creating a T-SCIF, then site planning should have already taken place, including looking at the standoff distance for AT/FP as well as TEMPEST requirements.

Pre-deployment considerations are covered in the T-SCIF Request which must be

submitted at least 14 days prior to T-SCIF activation. Other items to consider include:

Access Control Procedures Visitor and Escorting Procedures

Let’s start with the T-SCIF request.

T-SCIF Request Required Information The information listed here is required to complete the T-SCIF REQUEST JWICS M3

MESSAGE FORMAT It must be submitted at least 14 days prior to T-SCIF activation.


Page 8

Indicate parent SCIF ID# and Exercise/Operation Name, parent group SSO, and the name of your SSO.

Indicate where training will take place if it will be held at a different installation or command.

Indicate where you will be deployed from and the 8 digit map coordinates (if possible) of the deployment location.

Describe the facility to be used, and the type of T-SCIF configuration. For example, tents, shelters, vehicles, existing shelters, caves, etc.

Provide dates of operation from STARTEX to ENDEX. Note that T-SCIFs will be 24-hour mode of operation. This cannot be waivered. How many SSO/SSR personnel will be present per shift? There must be at least

one SCI-cleared individual present at all times. List the name, rank, unit, and contact number, if available for the SSO/SSR

responsible for onsite operations of the T-SCIF. Describe how the SCI will be stored. Describe how SCI will be transported from the SCIF to the field site. Include

means of transportation and storage of SCI while in transit. Note: Couriers must be appointed on orders.

Describe the physical aspects of the T-SCIF's defensive perimeter, and use of concertina.

Include the number, type and placement of guards fixed or roving, clearance level of guards, and access point. Provide nomenclature of guard's weapons and storage point of ammunition if applicable.

What are the type and classification level of SCI being processed or utilized. What is the nomenclature of systems used to process SCI?

Will hardcopy SCI storage be required, if so, what is the nomenclature of the approved GSA security container?

Is there proper sound attenuation for open discussion of SCI in the T-SCIF? If not, what counter measures will be used. For example, power generator, white noise generators, etc.

T-SCIF Request Required Information

List other sections/elements/units and methods where SCI links are established. Will foreign nationals or visitors require access to the T-SCIF? If so, describe them.

List the type and number of phones or voice communication devices to be used in the T-SCIF. Describe protection/encryption or Telephone Security Group (TSG) rating to be used for classified voice traffic.

If there are passive receivers and television equipment, provide type and use for each system listed.


Page 9

An Emergency Action Plan/Standard Operating Procedure is required. Ensure that the EAP/SOP is reviewed by Unit SIO (G-2/S-2) at least annually.

Use the “Remarks” section to add any items or processes that are not covered in the format of this request. Describe all requested waivers. Provide date, division and corps, or Unit MSC reviewed, and provide local approval.

Give the name, rank, unit/SSO, phone: DSN, CML, unclassified fax, and classified fax for the message POC.

As needed be sure to use proper "Classified By," “Derived From,” and "Declassify On" markings. For example:

Classified: John Doe, Director, Space Command Derived from: DoDM 5105.21, Volumes 1-3, Sensitive Compartmented

Information (SCI) Administrative Security Manual, October 19, 2012. Declassify on: 20190206 As always, ensure paragraph markings are use in accordance with the ICD

710 and the Controlled Access Program Coordination Office Authorized Classification and Control Office (CAPCO) Markings Register, Volume 4, Edition 1 (version 4.1), December 10, 2010.

Common Errors

Below is a list of the five most common errors found in T-SCIF request submission: Top 5 T-SCIF Request Discrepancies addressed/corrected by HQDA SSO

(1) SOP/EAP not signed/dated and/or reviewed annually (2) Specify if personnel will transport SCI by courier deployed from/deployed to,

how safeguarded, and distance (miles) (3) Specify storage/safeguarding of SCI during non-duty hours (duty hours may

only be 8 hours p/day, but operational period w/security is 24/7) (4) Purpose of T-SCIF request not stated (training, exercise, maintenance, and pre-

deployment) (5) Memorandum of Understanding (MOU) or Memorandum of Agreement (MOA)

not in place with Parent Facility (if required) Policies and Procedures

Per Policies, Procedures, & SOPs the following information is required or recommended.

There is no cell phone use in T-SCIFs. This is not strictly enforced, but needs to be. It is recommended to get C of S to sign list of authorized personnel for cell phone usage in Tactical Operations Centers (TOCs).


Page 10


For escorting, visitors, and badge reciprocity, it is recommended that trained access point personnel (band & commandant) control visitors and enforce proper procedures. Higher ranks should not "vouch" for personnel not on access rosters. To prevent confusion resulting from potentially invalid badges or old badges from old units, only allow MNCI badges and your unit badges.

Concerning badging and who gets what badge and who is authorized a badge, it is

recommended to only issue badges to those personnel with daily business in TOC or SCIF. Minimize the number of badges. Make sure access guards making badges are only authorized Secret level badges. SSO only issues SCI-level badges.

Policies and Procedures (Cont.)

The following recommendations are related to T-SCIF & SSR Requirements. An SSR must complete online training, have signed orders, and present SSO with a copy of certificate of completed training. The T-SCIF must have at least one SSR present at all times. Also, make sure SSRs submit T-SCIF requests in timely manner and do not try to operate illegally. They must be in compliance.

Interim Access Requirements cover policy & procedure for the Standard Paperwork or

Packet. The Standard Packet includes:

Memo signatures from: The S2 who conducts the screening in accordance with AR 380-67 The Commander (O-5 or above) in the soldier's chain of command (not just

any O-5), The soldier’s statement that he understands this is not a clearance and that

it is only for the duration of the deployment. Memo is signed by the Commander once he or she reviews the entire packet A signed SF 312, the Screening Sheet filled out and signed, and a security

briefing on how to handle classified information, signed by the soldier who is then added to the Interim Access Roster and issued a badge. This roster is then also used to debrief and collect all badges upon redeployment.

Policies and Procedures (Cont.)

Drives and M3 Accounts On “Control and Storage of SCI Hard Drives for BCTs ,” the recommendation is that the

SSO stores all SCI hard drives in his or her SCIF until all SSR requirements, IASO requirements, and T-SCIF approval is met and completed. This prevents the SSO from not completing minimum requirements and training, and ensures the SSO is

Page 11


operating legally. Thumb drives are not authorized for use in a T-SCIF. Finally, concerning M3 access, it might prove beneficial to provide SSRs with limited

access to M3 to only view T-SCIF approval messages and visit certificates in case of last-minute access or updates.


Read each question carefully and select the correct answer. Click Submit to check your response.

Lesson 4: T-SCIF Security Requirements Lesson 4: In the T-SCIF security requirements lesson we will discuss location, physical

security and access requirements, as well as communication and connectivity. Location

When possible, T-SCIFs shall be established within the perimeters of U.S. - controlled areas or compounds.

If a U.S.-controlled area or compound is not available, the T-SCIF shall be located

within the area that affords the greatest degree of protection against surreptitious or forced entry.

Minimum Security Requirements

Minimum security requirements are essential for tactical operations. Each T-SCIF configuration offers unique security challenges.

Each will be improved upon, using the security considerations and requirements for permanent secure facilities as an ultimate goal. While in a tactical environment, a 24-hour operation is mandatory.

T-SCIF security features shall provide acoustical, visual, and surreptitious entry

protection. TSCM Inspection

A TSCM inspection shall be requested for any structure proposed for T-SCIF use if the space was previously occupied by a non-U.S. element.

It is the Accrediting Official’s (AOs) responsibility to evaluate operating the SCIF prior

to TSCM inspection and formally assume all risk associated with early operation.

Page 12

Physical Security Requirements The AO, in collaboration with the CTTA, shall provide red/black separation and

“protected distribution” guidance for field installation in accordance with NSTISSAM TEMPEST 2-95 and 2-95A and CNSSI 7003.

When a T-SCIF is no longer required, the responsible SCI security official shall conduct

a thorough facility inspection to ensure all SCI material has been removed. Access Requirements

It is critical that the T-SCIF has only one point of entry. According to the Tech Spec “The T-SCIF shall have only one entrance which shall be

controlled during hours of operation by an SCI-indoctrinated person using an access roster.”

That single entry point must be continuously manned by an SCI indoctrinated person with an access control roster. It is important to note that automated access control is not authorized.

Ensure you list detailed procedures for your entry control in your SOP’s.

Communication and Connectivity Unclassified telecommunications equipment shall meet the requirements outlined in

the IC Tech Spec -for ICD/ICS 705 to the greatest extent practical. Telephones obtained in a foreign country shall not be used within a T-SCIF.

Communication and Connectivity

Cables and wires penetrating the T-SCIF perimeter shall be provided protections in accordance with Tech Spec 705.

The AO may require inspections and routing of cables and wiring through protective

distribution systems (PDS) or may require other countermeasures. Part 1 Lesson 4 Knowledge Check


Lesson 5: T-SCIF Set Up & Review

Lesson 5: T-SCIF Set Up and Review covers the three types of T-SCIFs, acceptable barriers, where to place signs, and gives a high level overview of storage and destruction of SCI.


Page 13

Types of T-SCIFs

In this section we will look at the three major types of T-SCIFs, and required Physical Barriers.

There are three major types of T-SCIFs, those within a DTOC (Division Tactical

Operations Center), those adjacent to a DTOC and a Stand Alone T-SCIF. The T-SCIF may be established in a room, building, bunker, tent, truck-mounted or

towed shelter, prefabricated modular trailer or building, part of a compartment located on an aircraft, including unmanned aerial vehicles, surface/subsurface vessels.

Regardless of what configuration is adopted, it must provide appropriate acoustical, visual, and surreptitious entry protection.

Based upon a local risk assessment, the approving authority may require additional physical security safeguards, (i.e. the installation of sound-masking devices, locks, access controls, alarms, or physical barriers (temporary walls, fences, radio frequency shielded shelter, etc.) in order to prevent non-SCI indoctrinated personnel located in adjacent T-SCIF areas from gaining access (deliberate or unintentional) to SCI information. An example of where this may be needed is a T-SCIF that is physically co-located within a collateral facility or a host nation installation.

T-SCIF Within a DTOC

This T-SCIF is located within the boundaries of another facility but is isolated by the addition of a separate barrier.

This might include a T-SCIF that was constructed within an existing building. If that building has previously been occupied by a non-U.S. element, you must request a TSCM.

The Type of T-SCIF to be constructed depends on the location of the building, the positioning of the generators, positioning of physical security, and how the physical area can be controlled.

T-SCIF Adjacent to DTOC

This T-SCIF is located next to and adjacent to the boundaries of another facility, and has its own barrier.

Standalone T-SCIF

Stand Alone T-SCIF – Connected To Types of T-SCIFS This T-SCIF could be located anywhere and it must have its own barrier.


Page 14


T-SCIF Physical Barrier When possible, locate your T-SCIF within pre-established perimeters. If this is not possible, place it where it can get the greatest protection from

surreptitious or forced entry. Use whatever type of items you have available to construct a barrier. Use concertina

and Jersey barriers if possible. Make sure that there are no gaps in the perimeter. You should continually build on your perimeter security. Note: The T-SCIF approval authority shall determine whether proposed security

measures provided adequate protection based on local threat conditions. T-SCIF Perimeter

The perimeter of your T-SCIF will have a continuous guard force observing the entire perimeter. It can be guarded by roving or fixed guards.

The guard force must have a Secret clearance. This clearance may be waivable with mitigation. (For information on waivers see DoDM 5105.21 Volumes 1,2,& 3)

They also need to carry emergency communication equipment and be armed if necessary. For example, in a war zone you would have armed guards, but for a training exercise it is unlikely to be necessary.

Signs

Wherever practical, T-SCIFs will be designated as a restricted area according to the "Internal Security Act of 1950" (64 Statute 987). The Special Security Officer (SSO) will ensure the T- SCIF is listed within the post or installation directive which defines and designates all local controlled areas and will post outside the T-SCIF the proper English and foreign (overseas areas only) language Restricted Area signs as appropriate.

SCI Storage

Under field or combat conditions open storage of SCI media and materials requires a continuous presence by SCI-indoctrinated personnel.

Every effort shall be made to obtain from any available host command necessary support for the storage and protection of SCI, for example, security containers, generators, guards, weapons, etc.

The quantity of SCI material within a T-SCIF shall be limited, to the extent possible, to an amount consistent with operational needs.

All SCI shall be stored in GSA-approved security containers. The Action Officer (AO) may approve exceptions to the storage of SCI material in GSA-

Page 15


approved storage containers for a specified period of time. SCI Destruction

The Action Officer shall approve the means by which SCI material will be destroyed when it is no longer needed.

Approved methods of destruction: SCI must be destroyed in a manner that will prevent reconstruction (i.e., Burning ,

Pulping, Shredding, Pulverizing, Melting, and Chemical Decomposition). All Information Systems (IS) and magnetic media must be destroyed in accordance

with the NSA. Activation Checklist

Activating a T-SCIF is the culmination of several weeks and perhaps months of planning and coordination.

Go to the Reference tab to print out the Activation Checklist containing examples of items to consider when activating a T-SCIF.

The security identified should be improved upon as the situation warrants. This checklist should be modified to include specific or unique unit requirements.



Lesson 6: Examples of T-SCIF Configurations

Lesson 6: Example of T-SCIF Configurations is a narrated slide show that includes some of the many variations that occur in T-SCIF set ups.

The following slide show has examples of T-SCIF configurations. Click the arrow to

advance from slide to slide or click ‘Slide Show.’ it will cover five important areas of the T-SCIF.

T-SCIF types Perimeters Protection Entry ways Interior

Page 16


Examples of T-SCIF Configurations

Part 1 Lesson 6 Knowledge Check Read each question carefully and select the correct answer. Click Submit to check your

response.

Lesson 7: Deployment Considerations

Lesson 7: Deployment Considerations Lesson 7: Topics covered in this section include:

Deployment Considerations Transporting SCI Materials, and Redeployment Considerations

Deployment Considerations

When deployed to a T_SCIF, there are two questions to consider:

Is the physical layout and overall security of the T-SCIF in accordance with IC Tech Spec for ICD/ICS 705?

Is the Accreditation Paperwork for the “Stay Behind Equipment” available if equipment was left from a previous unit?

In regard to equipment, the following is a list of Required Equipment:

1. NIPR, SIPR, JWICS terminals / laptops 2. DSN and VOIP Phones Lines 3. Digital Scanner - Fax not available over there 4. Document Shredder 5. Safe 6. Cipher Locks on doors 7. DCS Deployed account 8. Indoctrination DVD - A print copy should be available in-case DVD players are

unavailable in a T-SCIF. For backup, coordinate indoctrinations with another SSO in the vicinity of deployed location.

In related issues, make sure you know the Open Storage Policy in the Deployed Environment (DIV SEC MGR), who is in charge of these, and when they are deployed.

Page 17


Part Two - Application

PART 2 Managing Temporary Sensitive Compartmented Information Facilities (T-SCIFs)

Objectives By the end of Part 2 of this course you should be able to:

Create a T-SCIF Emergency Action Plan (EAP) Courier SCI in a Tactical Environment Apply Proper Media Control & PED Mitigation Prepare a T-SCIF for Withdrawal Properly Report Security Incidents & Violations Securely Manage a T-SCIF Site including Information Security (IS) and

Information Assurance (IA)

Lesson 1: T-SCIF Emergency Action Plan (EAP) Lesson 1: This section covers how to create a T-SCIF Emergency Action Plan (EAP)

EAP Overview

Each T-SCIF will establish and maintain an Emergency Action Plan that accounts for:

Fire Natural disaster (i.e. floods, hurricanes) Combat Conditions during times of war Communication outages Entrance of emergency personnel (e.g., host country police and firemen) into

the SCIF Physical protection and safety of those working in T-SCIFs

EAP Planning

Planning should address the following: Protection of persons and SCI Emergency Response Personnel Evacuation plans for persons and SCI Destruction of SCI when evacuation is not possible

Page 18


Security Container Labels Label security containers containing materials identified for emergency destruction/

removal in the following manner: Priority One: All cryptographic equipment and related documents Priority Two: All operational SCI/SAP code word material and multimedia which

might divulge: Targets and successes Documents dealing with U.S. SCI activities Documents concerning compartment projects Other sensitive intelligence materials Top secret collateral materials

Priority Three: Less sensitive administrative SCI material and collateral classified

material (not included above). The SIO responsible for SCI will validate the EAP.

EAP Review and Drills Emergency plans will be reviewed annually and updated as necessary: All personnel must be familiar with the plans. In war zone areas where the possibility that the T-SCIF might be overrun, the SSO/SSR

will conduct drills to ensure dependability of the EAP. Drills are to be conducted as circumstances warrant, but no less frequently than

annually. Note: Where the risk of overrun is significant, reduce SCI holdings to absolute

minimum needed for current working purposes and conditions.

Emergency Action Plan - TOC - Minimum Requirements An EAP report has 3 areas of minimum requirements. These requirements include an

introduction, annexes, and attachments. *** Letter of Introduction Table of Contents Distribution *** Emergency Destruction Procedures Fire Protection Bomb Threat

Page 19


Natural Disasters Sabotage or Terrorist Attack Riots or Civil Disorders Loss of Utilities *** (Organization) Evacuation Emergency Transportation or Material for Destruction Fire Protection Emergency Exit Routes Bomb Threat Emergency Phone Numbers Notification Alert Checklist-Evacuation Notification Alert Checklist-Emergency Destruction Notification Alert Checklist-Secure Storage Notification Alert Checklist-Fire Notification Annual Review of EAP by Assigned Personnel


response.

Lesson 2: Couriering SCI in a Tactical Environment

Lesson 2: By the end of this section you should be able to: Identify proper Courier procedures

Transport

SCI will be transferred from one SCIF to another in a manner that ensures proper protection of the material. Convenience will not be a consideration.

The preferred method of transporting SCI from one SCIF to another will be via secure email or other secure electronic means.

Alternatively, SCI will be transported by:

SCI-indoctrinated persons (certified or designated couriers) DCS (Defense Courier Service) Establishing an account can be done in accordance with DoDI 5200.33 Defense

Courier Operations (DCO), June 30, 2011 or in accordance with their website http://www.transcom.mil/dcd

Diplomatic pouch

Page 20


When transporting SCI within the confines of a single building (military headquarters or DoD-controlled building), SCI material should be placed in a locked brief case or locked pouch. The briefcase or pouch will bear an inconspicuous notice asking anyone finding the container unattended to notify the owner immediately and to arrange to return it unopened to the owner. Formal designation or dedication of a courier is not required.

Additional Transport Information

More information is available concerning transportation. Go to DoDM 5105.21 Volumes 1,2,& 3 for additional guidance.

Transmission and transportation using a briefcase or pouch Authorizations Requirements Procedures

Forms DA Form 3964 identifies documents, along with routing and destruction information,

reproduction authority and receipt or traces action. AR 380-5 provides further information needed to complete the DA Form 3964.

Couriers must possess a DD Form 2501 (Courier Authorization Card), or memo with

the acronym “SCI” displayed prominently in the subject line. This form provides specific courier information and approval as well as a list of precautions to follow while in transit.

SCI Wrapping Requirements

SCI will be transported from one SCIF to another in a manner that ensures it is properly protected. For local travel, SCI material may be hand-carried using a locked briefcase or pouch as the outer wrapper along with an inner wrapper. Attach an unobtrusive luggage tag with the following notation to the briefcase or pouch:

PROPERTY OF THE U.S. GOVERNMENT TO BE RETURNED UNOPENED TO - include the name of the appropriate organization and a telephone number that will

be manned at all times. Note: Additional requirements are located in the see DoDM 5105.21 Volumes 1,2,& 3.

Inner Container Wrapping Requirements SCI requires double-wrapping. Use two opaque envelopes, Kraft wrapping paper, or

canvas bags, cartons, leather or plastic pouches, or similar containers which prevent observation of the contents.

Seal all seams of both wrappers with reinforced paper tape. Do not use masking,

Page 21


cellophane or duct tape. Retain an inventory of the material until verification is received that the information was delivered to an authorized recipient.

Inner Wrapper. Place address of receiving SCIF in the center of package; place address of sending SCIF

in upper left corner. Include originator package control number if applicable (lower right corner

recommended). Stamp or print in large letters above the address of the receiving SCIF: "TO BE

OPENED ONLY BY (SCI security official, i.e. SSO, GCO, TCO, HCO or appropriately cleared recipient).“

Type, print or ink stamp in large letters at the top and bottom on each side, the appropriate security classification. SCI code words and caveats will not be used on any wrapper.

Stamp or print the statement: "CONTAINS SENSITIVE COMPARTMENTED INFORMATION" on each side.

Outer Container Wrapping Requirements

Outer Wrapper. 1. Place the address of receiving SCIF in the center of the package; place address of

sending SCIF in the upper left corner. Include the originator package control number, if used (lower right corner is recommended).

2. Secure outer containers with reinforced paper tape, lead seals, tumbler padlocks, or other means which reasonably protect against surreptitious access.

3. The Military Shipping Label (MSL) replaced the DCS Form 29. 4. The Advanced Transportation Control Movement Document (ATCMD) located at

URL: http://www.pats.wpafb.af.mil/actmd/index.cfm - enables automated submittal of advance transportation control and movement data. The data supplied when filling out the ATCMD will also be used to create the MSL. Shippers are still required to add DCS two line address (In-The-Clear) to clarify destination delivery address.

5. After the ATCMD is submitted it will generate a Transportation Control and Movement Document (TCMD) which is used in place of the DCS Form 1. Once all the requested information has been provided, including the weight and measurements of the package, the application will generate a bar coded formatted MSL.



Page 22


Lesson 3: Media Control & Personal Electronic Device (PED) Mitigation

Lesson 3: By the end of this lesson you should be able to: Apply proper media control & PED mitigation Use the Portable Distribution Device (PED) Mitigation Table for PED permission

determination

Media Control Pre-existing media or newly created media containing SCI will be externally labeled, as

appropriate, with the standard forms (SF 711 and SF 712), or other identifying color-coded markings to show its classification and SCI control system caveats.

Examples of media items include, but are not limited to magnetic tapes, disk packs,

floppy disks, magnetic cassettes, and compact disks. Internal AIS (Automated Information Systems) media identification will include

security markings in a form suitable for the media (i.e., classification; SCI system caveats, and see DoDM 5105.21 Volumes 1,2,& 3 for reference marking, if applicable.)

The introduction and/or removal of media from an SCI facility (environment) will be

accounted for by document control procedures under the control of the SSO.

PEDs Current policy provides the PED Mitigation Table to assist in determining authorized

and unauthorized PED introduction. The table lists types of PEDs and if they are prohibited, require approval, registration, or mitigation.

Prohibited items include: MP3 players, RF transmitters, any PED with wireless transmitting capabilities,

privately owned laptops, PEDs with recording capabilities, removable storage media for privately owned non-laptop PEDs, and privately owned PEDs capable of connection to system within the SCIF without interface cables or cradles.

Thumb Drives are not authorized for use in a T-SCIF. These are minimum standards, SIOs may impose stricter requirements if local

conditions warrant.


response.

Page 23


Lesson 4: Withdrawal of T-SCIF Accreditation Lesson 4: This lesson outlines the steps to take in order to withdraw T-SCIF

accreditation. Withdrawal of Accreditation of a T SCIF

The following steps outline the initial steps for Withdrawal of Accreditation from a T-SCIF

1. Determine that the T-SCIF is no longer needed 2. SSO/CSSO initiates request 3. Accrediting Officer issues formal SCI withdrawal correspondence 4. Conduct a closeout inspection to ensure all SCI is removed and the facility is

sanitized.

SCIF Closeout Procedures SCIF closeouts and withdrawals of accreditation shall comply with the following

procedures: 1. Inspect all areas, storage containers, and furniture for the presence of classified,

sensitive, or proprietary information. 2. Reset safe combinations to 50-25-50 and lock the containers. 3. Affix written certification to all storage containers that the container does not

contain classified, sensitive, or proprietary information. The certification shall include the date of inspection and the name and signature of the inspector.

4. Ensure that reproduction and printing equipment is decertified or disposed of in

accordance with AO guidance. 5. Dispose of, or relocate, SCI computer equipment, media, hard drives, and portable

storage media as approved by the AO. 6. Request revocation of Automated Information Systems (AIS) accreditation. 7. Request revocation of SCIF accreditation 8. If the SCIF will be used for another mission or project that requires alarms, transfer

alarm service to the new activity.

Page 24


9. If the SCIF will not be used for another mission or project and all classified information has been removed, the following shall occur:

a. Alarm service shall be discontinued. b. Combinations on the entrance door and any GSA containers shall be changed to

50-25-50. c. All keys shall be accounted for



Lesson 5: Security Incidents, Violations, & Infractions Lesson 5: By the end of this section you should be able to locate the guidance to: Properly Report Security Incidents Create a preliminary inquiry report Complete a damage assessment Review an investigation report for completeness

Security Incidents - Overview Security incidents are categorized as either Violations or Infractions. It is the responsibility of all SCI indoctrinated personnel to do the following: Report any security incidents affecting or involving SCI to the appropriate SSO or SCI

Security Official and prepare an appropriate report that provides sufficient information to explain the incident.

Security Violations

A security violation involves:

(1) any action that results in or could reasonably be expected to result in an unauthorized disclosure or compromise of classified information (including national intelligence); (2) any knowing, willful, or negligent action to classify or continue the classification of information contrary to the requirements of Executive Order 13526, or its implementing directives; (3) any knowing, willful, or negligent action to create or continue a special access

Page 25


program contrary to the requirements of Executive Order 13526; or (4) Contravene or violate any other provision of EO 13526 or its implementing

directives.

Security Violations (Cont.) Security violations can be a result of many incidents. Loss or exposure of SCI require

immediate reporting, an investigation, and a damage assessment describing the impact on national security.

Some of these incidents include, but are not limited to:

Deliberate or accidental exposure of SCI resulting from loss Loss, theft, or capture Recovery by salvage Defection Press leaks or public declarations Release of unauthorized publications Discovery of clandestine surveillance and listening devices Loss that could reveal intelligence sources and methods Other unauthorized means

Security Infractions

As mentioned in the security overview, security incidents fall into two distinct categories: infractions and violations

An Infraction is a security incident involving a deviation from current governing

security regulations that does not result in an unauthorized disclosure or compromise of national intelligence information nor otherwise constitute a unauthorized disclosure or compromise of national intelligence information nor otherwise constitute a security violation (Previously “Practices Dangerous to Security”).

An infraction requires immediate corrective action, but does not require investigation

and does not constitute a security violation, but can lead to security violations or compromises if left uncorrected.

Security Violations

Examples of infractions include, but are not limited to: A courier who is carrying classified documents stopping at a public establishment to

conduct personal business. An employee placing burn bags adjacent to unclassified trash containers. Personnel failing to change security container combinations as required.

Page 26


With all reported infractions, management officials will ensure prompt corrective

action is taken and that those actions are documented.

Reporting Security Incidents Report all security incidents to an SCI security official in the following manner:

Incidents where SCI is compromised as a result of espionage or suspected espionage

will be reported immediately by the most secure means to the appropriate HICE or designee.

Activity concerning the violation will cease pending a counterintelligence assessment by the appropriate HICE or designee.

Security Incidents - Compromise Certain

For a security violation with a determination of "Compromise Certain" the cognizant HICE will immediately report the incident to the appropriate Intelligence Community program manager.

The steps to this procedure are to first send a copy of the report to SSO DIA/DAC-3D. Next, an investigation will be conducted to identify full details of the violation/

compromise, and to determine what specific information was involved, what damage resulted, and whether culpability was involved in the incident.

Security Incidents - Summary Reports

HICEs will provide summaries of investigations to the DNI and a copy to SSO DIA/DAC-3D under the following conditions:

When investigations show that SCI was inadvertently disclosed to foreign nationals or

deliberately disclosed to unauthorized persons When cases under investigation involve espionage, flagrant dereliction of security

duties, or serious inadequacy of security policies or procedures Local SCI security officials will advise the parent command SCI security officials of SCI

security violations that occur within their security cognizance and involve personnel assigned to that parent command

Security Incidents - Outside the AOR

If a security violation is committed by an activity that does not belong to the organization exercising security cognizance where the violation occurred, procedures are as follows:

The SSO notifies both organizations of the security violation.

Page 27


The organization with security cognizance ensures that an investigation is conducted. A report of investigation is forwarded to both organizations. The organization whose activity committed the violation will determine what

corrective action should be taken. The report of this determination will be forwarded to the other organization involved.

Security Incidents - Information Systems All security violations occurring on computer systems, terminals, or equipment which

process SCI will be reported through command SCI channels SCI security officials and the DoDIIS site Information Assurance Manager will

coordinate security incidents involving SCI systems Examples of serious incidents on a SCI network include, but are not limited to: Human error in reviewing media for content and classification, resulting in

compromise Incorrect setting of a security filter that results in the compromise of intelligence

Intrusion Attempts Intrusion attempts, can either be either physical, through hacking or Virus attacks Failure of a system or network security feature Note: Commanders, supervisors, and their security managers must ensure that SCI

security violations or other information that could impact on an individual's continued eligibility for access to SCI are reported to the appropriate Central Adjudication Authority.

Preliminary Inquiry Report

When the SCI security official determines that a security violation has occurred, the SCI security official must report the violation within 72 hours of discovery to the appropriate HICE/SIO with information copies to SSO DIA/DAC-3D.

The local SIO must ensure the appointment of an inquiry official. Preliminary Inquiries will not be conducted by the SSO or staff member. In addition, classify the notification according to content, but at least Confidential, to

prevent further possible disclosure. Send the notification by priority DSSCS message or other secure channel.

Page 28


Security Violation Investigation Report Reports of investigation will include sufficient detail to explain the incident. The report will assess intent, location of incident, risk of compromise, sensitivity of

information, and mitigating factors in arriving at a final analysis of the incident.

Damage Assessment Damage Assessment of Compromised Information Be aware that loss or exposure of SCI from any cause requires immediate reporting,

investigation, and submission of a damage assessment describing the impact on national security.

The original classification authority (OCA) must: 1. Reevaluate lost or compromised information. 2. Determine if a change in classification is needed. 3. Indicate damage to national security.


response.

Part II Summary In the second part of this course you learned to create a T-SCIF Emergency Action Plan,

how to apply proper media and PED control, securely manage the IS, prepare a T-SCIF for withdrawal of accreditation and report security incidents.

Page 29

T-SCIF Training—Summary/Exam

Managing a Site Depending on your role is in the set-up and maintenance of a T-SCIF, you may be

required to: Get to know the connectivity of all systems in the site Be knowledgeable about the accreditation status of systems Train support staff Maintain Site Certification Documents

Things You Must Do There are some things that you must always remember to do: 1. Inspect facility (work stations, containers, etc.) 2. Establish control entry point 3. Scan network before transmitting data 4. Maintain configuration management 5. Remember NEED-TO-KNOW

Responsibilities and Focus IAM Responsibilities are many and sometimes difficult and stressful. To manage Information Assurance Manager (IAM) responsibilities, Delegate the authority to execute duties to Assistant IAMs and Systems Administrators

(SAs) Manage and oversee actions of Assistant IAMs, and SAs Always remember, the primary Focus is--- Security management, not security

operations

Always Think Security! Cost of poor security could be the loss of valuable assets. You have the ability to save lives. So when in doubt – report it!

Temporary SCIF Final Exam
