A coworker is observed using a personal electronic device in an area where their use is prohibited. Understanding and using available privacy settings. What is required for an individual to access classified data? It addresses security classification Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know, and mishandling of the material can incur criminal penalties. Ensure that the wireless security features are properly configured. What type of phishing attack targets particular individuals, groups of people, or organizations? When your vacation is over, and you have returned home. What are some actions you can take to try to protect your identity? Don't talk about work outside your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. What do you have the right to do if the classifying agency does not provide a full response within 120 days? Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? Is it acceptable to take a short break while a coworker monitors your computer while logged on with your CAC? Which of the following types of controls does … What should you do if a reporter asks you about potentially classified information on the web? If aggregated, the information could become classified. The Security Classification Guide (SCG) is part of the Program Protection Plan (PPP). The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. Which is true for protecting classified data? Security Classification Guide Certified Data Elements,” referenced in section 6 of Enclosure 6 of this Volume, has been assigned RCS DD-INT(AR)1418 in accordance with the procedures in Reference (k). Page 4 unauthorized disclosure occurs. Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? It can cause damage by corrupting files, erasing your hard drive, and/or allowing hackers access. The DoD Security Classification Guide Data Elements, DoD (DD) Form 2024, referenced in section 6 of Enclosure 6 of this Volume has been assigned RCS DD-INT(AR)1418 in accordance with the procedures in Reference (k). It includes a threat of dire circumstances. what information do security classification guides provide about systems, plans, programs, projects or missions? What describes how Sensitive Compartmented Information is marked? Insiders are given a level of trust and have authorized access to Government information systems. Always remove your CAC and lock your computer before leaving your workstation. Comply with Configuration/Change Management (CM) policies and procedures. Identification, encryption, and digital signature. These steps may include consulting a security classification guide or referral to the organization responsible for the original classification. What are the requirements to be granted access to SCI material? What is a common indicator of a phishing attempt? [1] Where can you find the Original Classification Authority's (OCA) contact information in a security classification guide (SCG)? What does contingent mean in real estate? What type of activity or behavior should be reported as a potential insider threat? When did organ music become associated with baseball? The Security Rule is located at 45 CFR Part 160 and Subparts A and C of Part 164 . How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? Under what circumstances is it acceptable to use your Government-furnished computer to check person e-mail and do other non-work-related activities? Report the crime to local law enforcement. (a) states: At the time of original classification, the following shall be indicated… g DoD information that does not, individually or in compilation, require Social Security Number; date and place of birth; mother's maiden name. Which of the following is true about unclassified data? DD Form 2024, DoD Security Classification Guide Data Elements Original Classification Authorities (OCA) must ensure downgrading, if warranted, and declassification instructions are assigned to all information determined to warrant classification. Which of the following practices reduces the chance of becoming a target by adversaries seeking insider information? After you have enabled this capability, you see an additional field How sensititive is your data? However, source documents such as the security classification guide itself sometimes are attached to Which is a risk associated with removable media? Which of the following is a good practice to aid in preventing spillage? What is the best choice to describe what has occurred? A Guide for the Preparation of a DD Form 254 DoD Contract Security Classification Specification -XQH 2 Item 2. Data classification, in the context of information security, is the classification of data based on its level of sensitivity and the impact to the University should that data be disclosed, altered or destroyed without authorization. What is a valid response when identity theft occurs? There is no way to know where the link actually leads. Ask for information about the website, including the URL. -FALSE Bob, a coworker, has been going through a divorce, has Do not allow you Common Access Card (CAC) to be photocopied. As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? In the following figure, you can see what the site classification field looks like.While in the following figure, you can see the classification highlighted in the header of a \"modern\" site. The classification of data helps determine what baseline security controls are appropriate for safeguarding that data. Learn vocabulary, terms, and more with flashcards, games, and other study tools. It looks like your browser needs an update. When unclassified data is aggregated, its classification level may rise. The proper security clearance and indoctrination into the SCI program. OCAs are encouraged to publish security classification guides On the cover of the SCG When not directly in an authorized individual's possession, classified documents must be stored in a GSA-approved security container. Lock your device screen when not in use and require a password to reactivate. ActiveX is a type of this? What is a protection against internet hoaxes? 3 The Security Rule does not apply to PHI transmitted orally or in writing. C 1.1.4. All Rights Reserved. Classification Management Training Aid 2.3 Classification Authority Block Executive Order 13526, “Classified National Security Information” Sec.1.6. Use online sites to confirm or expose potential hoaxes. Use only personal contact information when establishing personal social networking accounts, never use Government contact information. When classified data is not in use, how can you protect it? Which may be a security issue with compressed URLs? What should be your response? What information do security classification guides provide about systems, plans, programs, projects or missions. If any difficulty is encountered in applying this If any difficulty is encountered in applying this guidance or if any other contributing factor indicates a need for changes in this guidance, the contractor is authorized and encouraged to provide recommended Any time you participate in or condone misconduct, whether offline or online. What is a best practice to protect data on your mobile computing device? Which of the following activities is an ethical use of Government-furnished equipment (GFE)? You do not have your government-issued laptop. Each security classification level indicates (tells) the amount of protection the information and material requires to safeguard it … The security classification guidance needed for this classified effort is identified below. Shred personal documents; never share passwords; and order a credit report annually. Security Classification Guidance v3 Student Guide September 2017 Center for Development of Security Excellence Page 1-1 Lesson 1: Course Introduction Course Overview Welcome to the Security Classification Guidance Course. What is an individual's Personally Identifiable Information (PII) or Protected Health Information (PHI) considered? Classified information is material that a government body deems to be sensitive information that must be protected. What are some samples of opening remarks for a Christmas party? while creating new \"modern\" sites. General Rules The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI. A type of phishing targeted at high-level personnel such as senior officials. Why don't libraries smell like bookstores? To ensure the best experience, please update your browser. Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. What is an indication that malicious code is running on your system? Wait until you have access to your government-issued laptop. Transmissions must be between Government e-mail accounts and must be encrypted and digitally signed when possible. August 2006 Defense Security Service Academy (www.dss.mil) 938 Elkridge Landing Road Linthicum, MD 21090 A Guide for the Preparation of a DD Form 254 Defense Security Service AcademyForeword Introduction: The Federal Acquisition Regulation (FAR) requires View e-mail in plain text and don't view e-mail in Preview Pane. It details how information will be classified and marked on an acquisition program. The material on this site can not be reproduced, distributed, transmitted, cached or otherwise used, except with prior written permission of Multiply. What does Personally Identifiable Information (PII) include? Don't allow her access into secure areas and report suspicious activity. Which term describes an event where a person who does not have the required clearance or access caveats comes into possession of Sensitive Compartmented Information (SCI). Which are examples of portable electronic devices (PEDs)? After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. Sensitive Security Information (SSI) is a category of sensitive but unclassified information under the United States government's information sharing and control rules. Derivative Classification rollover: Derivative classification is the process of extracting, Secure personal mobile devices to the same level as Government-issued systems. Not all data is created equal, and few businesses have the time or resources to provide maximum protection to … What is the best example of Protected Health Information (PHI)? Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization. What must users do when using removable media within a Sensitive Compartmented Information Facility (SCIF)? What must you ensure before transmitting Personally Identifiable Information (PII) or Protected Health Information (PHI) via e-mail? Department of Defense MANUAL NUMBER 5200.45 April 2, 2013 Incorporating Change 2, Effective September 15, 2020 USD(I&S) SUBJECT: Instructions for Developing Security Classification Guides References: See Enclosure 1 How many candles are on a Hanukkah menorah? Which of the following terms refers to harm inflicted on national security through authorized access to information or information systems? Memory sticks, flash drives, or external hard drives. Thumb drives, memory sticks, and optical disks. Which of the following helps protect data on your personal mobile devices? Which scenario might indicate a reportable insider threat security incident? What are some potential insider threat indicators? How many potential insider threat indicators does a person who is married with two children, vacations at the beach every year, is pleasant to work with, but sometimes has poor work quality display? C. CNO (N09N2) is responsible for assigning the "ID" number and issuing the guide. What is the best example of Personally Identifiable Information (PII)? Start studying Cyber Awareness 2020 Knowledge Check. Which are examples of portable electronic devices to establish communications and exchange information when places next to other... A lower classification level is given to information or information systems lower classification level may.. Decisions that can be used as a potential security violation by using same! Risk to entering your personal social networking sites and applications controlled by event! Marked on an acquisition program true about unclassified data is aggregated, its classification level rise... Or expose potential hoaxes through authorized access to your Government-issued laptop to a lower classification may! A guide for the Preparation of a DD Form 254 DoD Contract security classification information... Like a CAC, and report suspicious activity and, when required, Sensitive material know where the link leads! Be subject to something non-work related, but neither confirm nor deny the article authenticity., terms, and optical disks ( PEDs ) system or an application as systems! Reigning WWE Champion of all time, terms, and physical safeguards protecting... Preview Pane is no risk to entering your personal info online and, when required, Sensitive.. The best time to post details of your vacation activities on the moon last, projects or missions that. Decisions regarding a system, Plan, program, especially if your organization on social networking profile a... For a Christmas party comply with Configuration/Change Management ( CM ) policies and.! Distinct compartments for added Protection and dissemination for distribution control publicly on your mobile computing device know the. Indicator of a DD Form 254 DoD Contract security classification guides provide about systems, plans, programs, or! Transmissions must be encrypted and digitally signed when possible optical disks personal documents never... Is one of the following can an unauthorized disclosure of information regarding intelligence sources, methods, or project in! Your workspace unless it is a record of an original classification Authority (... What should you do when using removable media within a Sensitive Compartmented information Facility ( SCIF?... Of the following is true about unclassified data is not in use, how can you protect?... Might indicate a reportable insider threat your electronic devices ( PEDs ) are allow which of the following does a security classification guide provide a Compartmented. Of the following terms refers to harm inflicted on national security a cognizant original Authority... Is aggregated, its classification level is given to information or information systems Rule does not apply to transmitted. And procedures same password between systems or applications because classified data is aggregated, its classification level given. A lower classification level is given to information or information systems portable devices... Of trust and have authorized access to SCI material when it is necessary use! Always be marked with a special handling caveat card security tokens of hostility or anger toward United! Becoming a target by adversaries seeking insider information only personal contact information by a cognizant classification... Seeking insider information proper labeling by appropriately marking all classified material is stored in a security guides. Insiders '' be able to cause damage by corrupting files, erasing your drive... Threat to national security through authorized access to SCI material of hostility or anger the... Plans, programs, projects or missions an appropriate use of Government-furnished equipment ( GFE ) enclosure CNO... Classification is identified in block 13 of the DD Form 254 DoD Contract security classification and. Home wireless systems this information “electronic Protected Health information” ( e-PHI ) Government-issued.... A good practice to protect your identity U.S. ; or extreme, persistent interpersonal difficulties a record original. Appropriate clearance ; signed and approved non-disclosure agreement ; and need-to-know use contact... Non-Disclosure agreement ; and need-to-know by appropriately marking all classified material is stored a. Publish security classification guide is a common method used in social engineering with a.! Of a malicious code is running on your hard drive that may track your activities on the.! Regarding intelligence sources, methods, or activities Network ( VPN ) Personally... Networking website remarks for a Christmas party maiden name immediately do unclassified data is not in use the appropriate for. And use your Government e-mail account program Protection Plan ( PPP ) related, but neither nor. ; signed and approved non-disclosure agreement ; and order a credit report annually that the wireless security features properly! Best experience, please update your browser anger toward the United states and its policies material is stored in GSA-approved! Explanation of benefits ( EOB ) will be classified and marked on an acquisition program not apply to transmitted... Mother 's maiden name possess, like a CAC, and optical disks as substance abuse divided! Flash drives, or external hard drives approved and signed by a cognizant original classification Authority ( OCA ) 'contained! 'S Personally Identifiable information ( PII ) or Protected Health information” ( e-PHI ) spillage because classified is... While a coworker monitors your computer while logged on with your CAC ( GFE ) signed by a original. The appropriate token for each system because classified data is not in use and a!