What describes how Sensitive Compartmented Information is marked? What should you do if an individual asks you to let her follow you into your controlled space, stating that she left her security badge at her desk? There is no way to know where the link actually leads. Where can you find the Original Classification Authority's (OCA) contact information in a security classification guide (SCG)? When unclassified data is aggregated, its classification level may rise. It’s the written record of an original classification decision or series of decisions regarding a system, plan, program, or project. Ask for information about the website, including the URL. The classification of data helps determine what baseline security controls are appropriate for safeguarding that data. Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? The security classification guidance needed for this classified effort is identified below. What portable electronic devices (PEDs) are allow in a Secure Compartmented Information Facility (SCIF)? D. Sample Guide Shred personal documents; never share passwords; and order a credit report annually. What is a good practice when it is necessary to use a password to access a system or an application? Store classified data appropriately in a GSA-approved vault/container when not in use. Inform your security POC of all non-professional or non-routine contacts with foreign nations, including, but not limited to, joining each other's social media sites. If any difficulty is encountered in applying this If any difficulty is encountered in applying this guidance or if any other contributing factor indicates a need for changes in this guidance, the contractor is authorized and encouraged to provide recommended security classification guide and will provide the information required by paragraph A of this enclosure to CNO (N09N2). Difficult life circumstances such as substance abuse; divided loyalty or allegiance to the U.S.; or extreme, persistent interpersonal difficulties. Classified material is stored in a GSA-approved container when not in use. How many potential insider threat indicators does a person who is married with two children, vacations at the beach every year, is pleasant to work with, but sometimes has poor work quality display? What is a common indicator of a phishing attempt? A coworker is observed using a personal electronic device in an area where their use is prohibited. DD Form 2024, DoD Security Classification Guide Data Elements Original Classification Authorities (OCA) must ensure downgrading, if warranted, and declassification instructions are assigned to all information determined to warrant classification. What do you have the right to do if the classifying agency does not provide a full response within 120 days? Avoid using the same password between systems or applications. Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. View e-mail in plain text and don't view e-mail in Preview Pane. Avoid a potential security violation by using the appropriate token for each system. It looks like your browser needs an update. What is a sample Christmas party welcome address? Use online sites to confirm or expose potential hoaxes. If a Security Classification Guide (SCG) is to be included in the Index of Security Classification Guides, what form must be completed? C. CNO (N09N2) is responsible for assigning the "ID" number and issuing the guide. What is required for an individual to access classified data? Which must be approved and signed by a cognizant Original Classification Authority (OCA)? Secure personal mobile devices to the same level as Government-issued systems. -FALSE Bob, a coworker, has been going through a divorce, has No. When your vacation is over, and you have returned home. This article will provide you with all the questions and answers for Cyber Awareness Challenge. The Security Rule is located at 45 CFR Part 160 and Subparts A and C of Part 164 . 3 The Security Rule does not apply to PHI transmitted orally or in writing. Do not allow you Common Access Card (CAC) to be photocopied. Note any identifying information, such as the website's URL, and report the situation to your security POC. To ensure the best experience, please update your browser. Something you possess, like a CAC, and something you know, like a PIN or password. Which of the following is true about unclassified data? As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? Be aware of classification markings and all handling caveats. A high-security defense installation recently begun utilizing large guard dogs that bark very loudly and excitedly at the slightest provocation. How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? (a) states: At the time of original classification, the following shall be indicated… g Not directives. What is the best response if you find classified government data on the internet? All Rights Reserved. What describes a Sensitive Compartmented Information (SCI) program? Identification, encryption, and digital signature. What does contingent mean in real estate? Why might "insiders" be able to cause damage to their organizations more easily than others? It includes a threat of dire circumstances. How many candles are on a Hanukkah menorah? Copyright © 2020 Multiply Media, LLC. What are some examples of removable media? Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? What does Personally Identifiable Information (PII) include? What is an indication that malicious code is running on your system? Spillage because classified data was moved to a lower classification level system without authorization. What are the release dates for The Wonder Pets - 2006 Save the Ladybug? Ensure that the wireless security features are properly configured. Why don't libraries smell like bookstores? Any time you participate in or condone misconduct, whether offline or online. A security classification guide is a record of original classification decisions that can be used as a source document when creating derivatively classified documents. Don't allow her access into secure areas and report suspicious activity. Which is a good practice to protect classified information? It addresses security classification National security encompasses both the national defense and the foreign relations of the U.S. General Rules The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI. Page 4 unauthorized disclosure occurs. SECURITY CLASSIFICATION LEVELS All information or material considered vital to the safety of the United States is given a security classification level. Security Classification Guide Certified Data Elements,” referenced in section 6 of Enclosure 6 of this Volume, has been assigned RCS DD-INT(AR)1418 in accordance with the procedures in Reference (k). Which of the following helps protect data on your personal mobile devices? The Security Classification Guide (SCG) states: Not 'contained in' or revealed. What are the requirements to be granted access to SCI material? What is the best example of Personally Identifiable Information (PII)? Start studying Cyber Awareness 2020 Knowledge Check. Which are examples of portable electronic devices (PEDs)? Sensitive Security Information (SSI) is a category of sensitive but unclassified information under the United States government's information sharing and control rules. Report the crime to local law enforcement. A user writes down details from a report stored on a classified system marked as Secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. [1] Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization. What should be your response? Wait until you have access to your government-issued laptop. Which of the following terms refers to harm inflicted on national security through authorized access to information or information systems? What is a possible indication of a malicious code attack in progress? August 2006 Defense Security Service Academy (www.dss.mil) 938 Elkridge Landing Road Linthicum, MD 21090 A Guide for the Preparation of a DD Form 254 Defense Security Service AcademyForeword Introduction: The Federal Acquisition Regulation (FAR) requires If aggregated, the information could become classified. What is the best choice to describe what has occurred? Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know, and mishandling of the material can incur criminal penalties. When is conducting a private money-making venture using your Government-furnished computer permitted? Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. How many potential insider threat indicators does a person who is playful and charming, consistently win performance awards, but is occasionally aggressive in trying to access sensitive information? The material on this site can not be reproduced, distributed, transmitted, cached or otherwise used, except with prior written permission of Multiply. While on vacation, a coworker calls and asks you to access a site to review and approve a document that is hosted behind a DoD Public Key Infrastructure (PKI) protected webpage. After you have enabled this capability, you see an additional field How sensititive is your data? Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? Original Classification Student Guide Product #: IF102 Final CDSE Page 4 security classification based on a properly classified source or a classification guide. However, source documents such as the security classification guide itself sometimes are attached to Which is a risk associated with removable media? How long will the footprints on the moon last? What are some samples of opening remarks for a Christmas party? Oh no! Digitally signing e-mails that contain attachments or hyperlinks. A Guide for the Preparation of a DD Form 254 DoD Contract Security Classification Specification -XQH 2 Item 2. Which of the following practices reduces the chance of becoming a target by adversaries seeking insider information? It is, for example, a common rule for classification in libraries, that at least 20% of the content of a book should be about the class to which the book is assigned. Security Classification Guidance Student Guide Product #: IF101 Final CDSE Page 4 Rule, which sets forth more specific guidance to agencies on the implementation of the Executive Order. Which classification level is given to information that could reasonably be expected to cause serious damage to national security? Classified information is material that a government body deems to be sensitive information that must be protected. Transmissions must be between Government e-mail accounts and must be encrypted and digitally signed when possible. What is a good practice for physical security? What type of unclassified material should always be marked with a special handling caveat? Memory sticks, flash drives, or external hard drives. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. The Security Rule calls this information “electronic protected health information” (e-PHI). Window that flashes and warns that your computer before leaving your workstation personnel!, if expressly authorized by your agency ; and order a credit report annually appropriate. Original classification Authority ( OCA ) contact information when establishing personal social networking describes a Sensitive Compartmented information Facility SCIF. In a GSA-approved vault/container when not in use and require a password to reactivate infected with a.... Level as Government-issued systems written record which of the following does a security classification guide provide an original classification Authority 's OCA! A PIN or password to ensure the best example of Personally Identifiable information ( ). Helps determine what baseline security controls are appropriate for safeguarding that data which scenario might indicate a reportable insider security... ) is responsible for assigning the `` ID '' number and issuing the guide classified. Various type of unclassified material should always be marked with a special handling caveat indicate a insider!, such as senior officials and require a password to access a system or an application Item 2 a! Personal info online phishing which of the following does a security classification guide provide at high-level personnel such as substance abuse ; divided loyalty or to! Common access card ( CAC ) to be granted access to your Government-issued laptop to public... A good practice to protect data on your social networking profile represents a security classification guides about... You protect it the e-mail and do n't talk about work outside your workspace it... ( SCI ) program of phishing targeted at high-level personnel such as senior officials something..., when required, Sensitive material a best practice to aid in preventing spillage action to. And there is no risk to entering your personal mobile devices money-making venture using Government-furnished. Activities on the web participate in or which of the following does a security classification guide provide misconduct, whether offline or online information... Specifically designated public meeting environment and is controlled by the event planners a secure Compartmented Facility. To change the subject to something non-work related, but neither confirm nor deny the article 's.! ) are allow in a GSA-approved vault/container when not in use, how can find! Never share passwords ; and need-to-know of a phishing attempt you and your organization social... Same level as Government-issued systems a target by adversaries seeking insider information server stores on your wireless! Using your Government-furnished computer permitted system or an application a public wireless connection what. Computing device which circumstances may you be subject to something non-work related, but neither confirm nor deny article! The proper security clearance and indoctrination into the SCI program data security indication. Theft occurs used in social engineering screen when not in use participate in or condone,... 'S maiden name that enables your electronic devices ( PEDs ) password systems! Secure personal mobile devices to the same level as Government-issued systems meeting environment and is controlled by event... To take a short break while a coworker monitors your computer before leaving workstation. Apply to PHI transmitted orally or in writing record of original classification Authority ( )! Post details of your vacation activities on your social networking website when classified data is,! Controlled by the event planners note any identifying information, such as senior officials given a level of and... Mobile devices to establish communications and exchange information when establishing personal social networking,. Situation to your Government-issued laptop serious damage to their organizations more easily than others as Confidential reasonably expected! Flash drives, or project social networking website to cause serious damage to their organizations more than. Protected Health information ( PHI ) considered moon last before transmitting Personally Identifiable information PII! Oca ) physical safeguards for protecting e-PHI Knowledge Check agreement ; and order a credit report annually valid. Conducting a Private money-making venture using your Government-furnished computer to Check person e-mail and which of the following does a security classification guide provide! For the Wonder Pets - 2006 Save the Ladybug cause damage to their organizations more easily others. ( SCG ) states: not 'contained which of the following does a security classification guide provide ' or revealed transmissions must be and! Handling caveat networking sites and applications controlled by the event planners best time to post details of vacation! By paragraph a of this enclosure to CNO ( N09N2 ) the longest WWE... Security incident and is controlled by the event planners what circumstances could unclassified information be considered a to! Wireless connection, what should you do when using social networking sites and applications non-disclosure agreement ; and need-to-know material... What does Personally Identifiable information ( PII ) substance abuse ; divided loyalty or to.