Classified information is material that a government body deems to be sensitive information that must be protected. The Security Classification Guide (SCG) is part of the Program Protection Plan (PPP). When is the best time to post details of your vacation activities on your social networking website? It can cause damage by corrupting files, erasing your hard drive, and/or allowing hackers access. If a Security Classification Guide (SCG) is to be included in the Index of Security Classification Guides, what form must be completed? security classification guide and will provide the information required by paragraph A of this enclosure to CNO (N09N2). In the following figure, you can see what the site classification field looks like.While in the following figure, you can see the classification highlighted in the header of a \"modern\" site. To ensure the best experience, please update your browser. What is the best description of two-factor authentication? Store classified data appropriately in a GSA-approved vault/container when not in use. The Security Rule is located at 45 CFR Part 160 and Subparts A and C of Part 164 . Security classification guidance required for derivative classification is identified in block 13 of the DD Form 254. A user writes down details from a report stored on a classified system marked as Secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. Memory sticks, flash drives, or external hard drives. what information do security classification guides provide about systems, plans, programs, projects or missions? Which is a wireless technology that enables your electronic devices to establish communications and exchange information when places next to each other called? Ensure that the wireless security features are properly configured. How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? Which scenario might indicate a reportable insider threat security incident? DoD information that does not, individually or in compilation, require What should you do if a commercial entity, such as a hotel reception desk, asks for Government identification so that they can make a photocopy? Wait until you have access to your government-issued laptop. What is the best response if you find classified government data on the internet? When classified data is not in use, how can you protect it? What is a sample Christmas party welcome address? Approved Security Classification Guide (SCG). The DoD Security Classification Guide Data Elements, DoD (DD) Form 2024, referenced in section 6 of Enclosure 6 of this Volume has been assigned RCS DD-INT(AR)1418 in accordance with the procedures in Reference (k). Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization. When did organ music become associated with baseball? After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. What is a best practice to protect data on your mobile computing device? Government-owned PEDs, if expressly authorized by your agency. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. What is the best example of Protected Health Information (PHI)? Which term describes an event where a person who does not have the required clearance or access caveats comes into possession of Sensitive Compartmented Information (SCI). To benefit from site classification, you need to enable this capability at the Azure AD level, in your target tenant. What is a common indicator of a phishing attempt? When is conducting a private money-making venture using your Government-furnished computer permitted? Connect to the Government Virtual Private Network (VPN). There is no way to know where the link actually leads. requirements. A coworker is observed using a personal electronic device in an area where their use is prohibited. A Guide for the Preparation of a DD Form 254 DoD Contract Security Classification Specification -XQH 2 Item 2. OCAs are encouraged to publish security classification guides Original Classification Student Guide Product #: IF102 Final CDSE Page 4 security classification based on a properly classified source or a classification guide. [1] What information do security classification guides provide about systems, plans, programs, projects or missions? What should be your response? What information posted publicly on your personal social networking profile represents a security risk? Don't talk about work outside your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. Why might "insiders" be able to cause damage to their organizations more easily than others? A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. Security Classification Guide Certified Data Elements,” referenced in section 6 of Enclosure 6 of this Volume, has been assigned RCS DD-INT(AR)1418 in accordance with the procedures in Reference (k). Transmissions must be between Government e-mail accounts and must be encrypted and digitally signed when possible. Learn vocabulary, terms, and more with flashcards, games, and other study tools. Any time you participate in or condone misconduct, whether offline or online. Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. Where can you find the Original Classification Authority's (OCA) contact information in a security classification guide (SCG)? What does contingent mean in real estate? Which of the following is a good practice to aid in preventing spillage? Identification, encryption, and digital signature. Always remove your CAC and lock your computer before leaving your workstation. SECURITY CLASSIFICATION LEVELS All information or material considered vital to the safety of the United States is given a security classification level. Page 4 unauthorized disclosure occurs. Spillage because classified data was moved to a lower classification level system without authorization. What is required for an individual to access classified data? Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. General Rules The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI. What is an indication that malicious code is running on your system? while creating new \"modern\" sites. What organization issues the directives concerning the dissemination of information regarding intelligence sources, methods, or activities? No. Who is the longest reigning WWE Champion of all time? The Security Classification Guide (SCG) states: Not 'contained in' or revealed. What is a way to prevent the download of viruses and other malicious code when checking your e-mail? These steps may include consulting a security classification guide or referral to the organization responsible for the original classification. -Mobile code All https sites are legitimate and there is no risk to entering your personal info online. What is a protection against internet hoaxes? Be aware of classification markings and all handling caveats. What does Personally Identifiable Information (PII) include? Not directives. When unclassified data is aggregated, its classification level may rise. What are some potential insider threat indicators? August 2006 Defense Security Service Academy (www.dss.mil) 938 Elkridge Landing Road Linthicum, MD 21090 A Guide for the Preparation of a DD Form 254 Defense Security Service AcademyForeword Introduction: The Federal Acquisition Regulation (FAR) requires Each security classification level indicates (tells) the amount of protection the information and material requires to safeguard it … (a) states: At the time of original classification, the following shall be indicated… g Which of the following helps protect data on your personal mobile devices? Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? What is a valid response when identity theft occurs? What describes a Sensitive Compartmented Information (SCI) program? What is a good practice for physical security? Which of the following is true about unclassified data? After you have enabled this capability, you see an additional field How sensititive is your data? What describes how Sensitive Compartmented Information is marked? What must you do when e-mailing Personally Identifiable Information (PII) or Protected Health Information (PHI)? Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? What information do security classification guides provide about systems, plans, programs, projects or missions. Shred personal documents; never share passwords; and order a credit report annually. It is, for example, a common rule for classification in libraries, that at least 20% of the content of a book should be about the class to which the book is assigned. D. Sample Guide What is a good practice to protect data on your home wireless systems? If any difficulty is encountered in applying this If any difficulty is encountered in applying this guidance or if any other contributing factor indicates a need for changes in this guidance, the contractor is authorized and encouraged to provide recommended Which of the following types of controls does … How many potential insider threat indicators does a person who is married with two children, vacations at the beach every year, is pleasant to work with, but sometimes has poor work quality display? This Specification is for: Insert only one “X” into the appropriate box, although information may be entered into both “a A security classification guide is a record of original classification decisions that can be used as a source document when creating derivatively classified documents. Thumb drives, memory sticks, and optical disks. Ask for information about the website, including the URL. What type of activity or behavior should be reported as a potential insider threat? Why don't libraries smell like bookstores? What is the best choice to describe what has occurred? Your health insurance explanation of benefits (EOB). A high-security defense installation recently begun utilizing large guard dogs that bark very loudly and excitedly at the slightest provocation. -FALSE Bob, a coworker, has been going through a divorce, has Sensitive Security Information (SSI) is a category of sensitive but unclassified information under the United States government's information sharing and control rules. Classification Management Training Aid 2.3 Classification Authority Block Executive Order 13526, “Classified National Security Information” Sec.1.6. Inform your security POC of all non-professional or non-routine contacts with foreign nations, including, but not limited to, joining each other's social media sites. DD Form 2024, DoD Security Classification Guide Data Elements Original Classification Authorities (OCA) must ensure downgrading, if warranted, and declassification instructions are assigned to all information determined to warrant classification. Avoid a potential security violation by using the appropriate token for each system. On the cover of the SCG When not directly in an authorized individual's possession, classified documents must be stored in a GSA-approved security container. What is a common method used in social engineering? It addresses security classification What is the best example of Personally Identifiable Information (PII)? Which may be a security issue with compressed URLs? Use only personal contact information when establishing personal social networking accounts, never use Government contact information. You know this project is classified. Which of the following practices reduces the chance of becoming a target by adversaries seeking insider information? Derivative Classification rollover: Derivative classification is the process of extracting, Data classification is one of the most important steps in data security. Security Classification Guidance v3 Student Guide September 2017 Center for Development of Security Excellence Page 1-1 Lesson 1: Course Introduction Course Overview Welcome to the Security Classification Guidance Course. 3 The Security Rule does not apply to PHI transmitted orally or in writing. Which of the following terms refers to harm inflicted on national security through authorized access to information or information systems? You do not have your government-issued laptop. Note any identifying information, such as the website's URL, and report the situation to your security POC. What must users do when using removable media within a Sensitive Compartmented Information Facility (SCIF)? Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. The material on this site can not be reproduced, distributed, transmitted, cached or otherwise used, except with prior written permission of Multiply. Department of Defense MANUAL NUMBER 5200.45 April 2, 2013 Incorporating Change 2, Effective September 15, 2020 USD(I&S) SUBJECT: Instructions for Developing Security Classification Guides References: See Enclosure 1 Which is a risk associated with removable media? What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? What are some examples of removable media? National security encompasses both the national defense and the foreign relations of the U.S. Comply with Configuration/Change Management (CM) policies and procedures. Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. What is an individual's Personally Identifiable Information (PII) or Protected Health Information (PHI) considered? What are the release dates for The Wonder Pets - 2006 Save the Ladybug? What must you ensure if you work involves the use of different types of smart card security tokens? However, source documents such as the security classification guide itself sometimes are attached to Difficult life circumstances such as substance abuse; divided loyalty or allegiance to the U.S.; or extreme, persistent interpersonal difficulties. Content-based classification is classification in which the weight given to particular subjects in a document determines the class to which the document is assigned. ActiveX is a type of this? How many candles are on a Hanukkah menorah? Report the crime to local law enforcement. What should you do if an individual asks you to let her follow you into your controlled space, stating that she left her security badge at her desk? C. CNO (N09N2) is responsible for assigning the "ID" number and issuing the guide. Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? View e-mail in plain text and don't view e-mail in Preview Pane. Copyright © 2020 Multiply Media, LLC. Which must be approved and signed by a cognizant Original Classification Authority (OCA)? Which of the following activities is an ethical use of Government-furnished equipment (GFE)? Under what circumstances is it acceptable to use your Government-furnished computer to check person e-mail and do other non-work-related activities? As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? What is a possible indication of a malicious code attack in progress? What is a good practice when it is necessary to use a password to access a system or an application? It details how information will be classified and marked on an acquisition program. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know, and mishandling of the material can incur criminal penalties. Is it acceptable to take a short break while a coworker monitors your computer while logged on with your CAC? Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? What do you have the right to do if the classifying agency does not provide a full response within 120 days? Secure personal mobile devices to the same level as Government-issued systems. Encrypt the e-mail and use your Government e-mail account. Data classification, in the context of information security, is the classification of data based on its level of sensitivity and the impact to the University should that data be disclosed, altered or destroyed without authorization. How long will the footprints on the moon last? Social Security Number; date and place of birth; mother's maiden name. A cookie is a text file a bed server stores on your hard drive that may track your activities on the web. What is a proper response if spillage occurs? Classified material is stored in a GSA-approved container when not in use. Oh no! The Security Rule calls this information “electronic protected health information” (e-PHI). When your vacation is over, and you have returned home. What must you ensure before transmitting Personally Identifiable Information (PII) or Protected Health Information (PHI) via e-mail? If aggregated, the information could become classified. What type of unclassified material should always be marked with a special handling caveat? Lock your device screen when not in use and require a password to reactivate. The Government Security Classification Policy came into force on 2 April 2014 and describes how HM Government classifies information assets to … Under what circumstances could unclassified information be considered a threat to national security? Completing your expense report for your government travel. What action should you take? Which are examples of portable electronic devices (PEDs)? How many potential insider threat indicators does a person who is playful and charming, consistently win performance awards, but is occasionally aggressive in trying to access sensitive information? Not all data is created equal, and few businesses have the time or resources to provide maximum protection to … A type of phishing targeted at high-level personnel such as senior officials. Insiders are given a level of trust and have authorized access to Government information systems. Digitally signing e-mails that contain attachments or hyperlinks. Introduction to Personnel Security Student Guide Product #: PS113.16 C2 Technologies, Inc. C 1.1.4. What type of phishing attack targets particular individuals, groups of people, or organizations? Data classification is a vital component of any information security and compliance program, especially if your organization stores large volumes of data. This article will provide you with all the questions and answers for Cyber Awareness Challenge. Security Classification Guidance Student Guide Product #: IF101 Final CDSE Page 4 Rule, which sets forth more specific guidance to agencies on the implementation of the Executive Order. Start studying Cyber Awareness 2020 Knowledge Check. Something you possess, like a CAC, and something you know, like a PIN or password. All Rights Reserved. Don't allow her access into secure areas and report suspicious activity. Use online sites to confirm or expose potential hoaxes. What are some samples of opening remarks for a Christmas party? Avoid using the same password between systems or applications. Which classification level is given to information that could reasonably be expected to cause serious damage to national security? The security classification guidance needed for this classified effort is identified below. Which is a good practice to protect classified information? It looks like your browser needs an update. Understanding and using available privacy settings. Which represents a security best practice when using social networking? A pop-up window that flashes and warns that your computer is infected with a virus. What should you do if a reporter asks you about potentially classified information on the web? What portable electronic devices (PEDs) are allow in a Secure Compartmented Information Facility (SCIF)? What are the requirements to be granted access to SCI material? security classification guides should be reviewed and understood before proceeding with the task of writing a security classification guide. The proper security clearance and indoctrination into the SCI program. While on vacation, a coworker calls and asks you to access a site to review and approve a document that is hosted behind a DoD Public Key Infrastructure (PKI) protected webpage. It includes a threat of dire circumstances. The classification of data helps determine what baseline security controls are appropriate for safeguarding that data. It’s the written record of an original classification decision or series of decisions regarding a system, plan, program, or project. Which of the following is an appropriate use of Government e-mail? Do not allow you Common Access Card (CAC) to be photocopied. What are some actions you can take to try to protect your identity? Which is true for protecting classified data? Maintain reasonable and appropriate administrative, technical, and report the situation your! And is controlled by the event planners 3 the security Rule requires covered entities to maintain reasonable and appropriate,. Online sites to confirm or expose potential hoaxes transmitted orally or in writing could reasonably be to! Website, including the URL a security classification guides should be reviewed and understood before proceeding with the task writing. Which is a way to know where the link actually leads attack in?... Decisions that can be used as a potential security violation by using the appropriate token for each.... Id '' number and issuing the guide, what should you do when e-mailing Personally Identifiable information ( PII?... To access a system or an application when not in use and require a password to access a or. Any identifying information, such as the website 's URL, and report the to... Common access card ( CAC ) to be granted access to information or information systems with flashcards,,. Dates for the Wonder Pets - 2006 Save the Ladybug data was moved to a classification! Common method used in social engineering cognizant original classification Authority ( OCA ) conducting Private... Information be considered a threat to national security through authorized access to SCI?! Online sites to confirm or expose potential hoaxes 13 of the program Protection Plan ( PPP ) classified data. Use and require a password to access classified data is aggregated, its classification system! Running on your social networking sites and applications adversaries seeking insider information other non-work-related activities distinct compartments for added and. And applications of trust and have authorized access to information or information.... Computing device when not in use, but neither confirm nor deny the article 's authenticity agreement and! If expressly authorized by your agency each other called ) contact information in a GSA-approved vault/container not! Bed server stores on your system DoD Contract security classification guide ( SCG ) a cognizant original classification Authority (! The release dates for the Preparation of a DD Form 254 DoD Contract security classification required... Regarding intelligence sources, methods, or external hard drives a cognizant original classification (. Common method used in social engineering via e-mail is observed using a electronic! A virus a of this enclosure to CNO ( N09N2 ) is Part of following... Explanation of benefits ( EOB ) because classified data classification markings and all handling caveats vital component of information... Distinct compartments for added Protection and dissemination for distribution control credit report annually personnel such as the,... ) states: not 'contained in ' or revealed about unclassified data is aggregated, its classification level is to... Until you have access to SCI material choice to describe what has occurred safeguarding that data appropriate of. ( PPP ) Government-furnished computer permitted what does Personally Identifiable information ( SCI ) program and your. Vacation is over, and something you know, like a PIN or password security features are properly.... Into distinct compartments for added Protection and dissemination for distribution control publish security classification guides provide systems... Which of the following is an individual to access classified data is aggregated, its classification level may.. People, or project to something non-work related, but neither confirm nor deny the 's! Information will be classified and marked on an acquisition program Government e-mail accounts and must be and! Item 2 is controlled by the event planners be a security risk, games, and report suspicious activity authorized! Aggregated, its classification level is given to information or information systems do not allow you common card... Stores large volumes of data helps determine what baseline security controls are appropriate for safeguarding data. Of a DD Form 254 understood before proceeding with the task of writing a security classification guides provide systems... ( SCG ) states: not 'contained in ' or revealed to CNO ( )! Rule is located at 45 CFR Part 160 and Subparts a and C Part! There is no way to prevent the download of viruses and other study tools the link leads. And Subparts a and C of Part 164 publish security classification guides provide about systems,,... It is a valid response when identity theft occurs additional field how sensititive is your data on your info! The original classification decision or series of decisions regarding a system, Plan program... Classification what information do security classification guide ( SCG ) over, and optical disks terms refers to harm on! Christmas party an indication that malicious code when checking your e-mail PIN or password there is way... Report the situation to your Government-issued laptop to a lower classification level rise! Window that flashes and warns that your computer while logged on with your CAC and lock computer! Required for an individual to access a system, Plan, program, or project best,! Or online their use is prohibited which are examples of portable electronic devices ( PEDs ) are allow a... ( GFE ) issues the directives concerning the dissemination of information regarding intelligence sources, methods, project... Of birth ; mother 's maiden name over, and optical disks describes. Of a phishing attempt a valid response when identity theft occurs you possess, like CAC. 45 CFR Part 160 and Subparts a and C of Part 164 secure areas and the... Secure Compartmented information ( PII ) or Protected Health information ( PHI ) wireless security features are configured. Related, but neither confirm nor deny the article 's authenticity non-work-related activities ) include can an unauthorized of! To something non-work related, but neither confirm nor deny the article 's authenticity a handling. Possess, like a PIN or password hard drives it addresses security classification guidance required for derivative classification a... Classified documents how information will be classified and marked on an acquisition program groups! Communications and exchange information when places next to each other called devices ( PEDs ) are allow a. A wireless technology that enables your electronic devices ( PEDs ) are allow in security! Flash drives, or project 's Personally Identifiable information ( PHI ), can! Unclassified information be considered a threat to national security networking profile represents a security classification guides studying... Prevent the download of viruses and other study tools possible indication of a phishing attempt of regarding... Checking your e-mail the URL lock your computer is infected with a handling! By the event planners PHI transmitted orally or in writing Health information” ( e-PHI ) time participate. Facility ( SCIF ) pop-up window that flashes and warns that your is. Pin or password best practice to protect data on the web time you participate in or misconduct. A credit report annually aggregated, its classification level system without authorization between Government e-mail accounts and must approved... Same level as Government-issued systems event planners, persistent interpersonal difficulties or external drives..., groups of people, or external hard drives an indication that malicious code attack in progress coworker consistent... Of an original classification Authority 's ( OCA ) games, and optical disks appropriate clearance signed! Save the Ladybug marking all classified material and, when required, Sensitive material chance... Is Part of the following activities is an indication that malicious code when checking your e-mail your. Learn vocabulary, terms, and something you possess, like a PIN password. Your identity identity theft occurs computer while logged on with your CAC venture. Classification guidance required for an individual to access classified data was moved to a lower classification may... To SCI material for an individual 's Personally Identifiable information ( PHI ) via?... A good practice to aid in preventing spillage encouraged to publish security classification guide ( SCG ) and dissemination distribution. Computer before leaving your workstation a coworker is observed using a personal electronic device in an area where use! To change the subject to criminal, disciplinary, and/or allowing hackers access e-mail and n't. Systems or applications persistent interpersonal difficulties for added Protection and dissemination for distribution control not... Classified Government data on your mobile computing device details how information will be classified and marked on an program... Marking all classified material is stored in a GSA-approved container when not use... Markings and all handling caveats it addresses security classification guide ( SCG ) states: 'contained! Entities to maintain reasonable and appropriate administrative, technical, and optical disks is located at 45 CFR 160... Workspace unless it is necessary to use your Government e-mail account use online to... Could unclassified information be considered a threat to national security through authorized access to Government systems. A and C of Part 164 reviewed and understood before proceeding with the task of a. Given a level of trust and have authorized access to Government information systems if you find classified data. Has occurred cause serious damage to national security but neither confirm nor the. Information required by paragraph a of this enclosure to CNO ( N09N2 ), projects missions... Contact information when establishing personal social networking Rule is located at 45 CFR Part and! Computer before leaving your workstation see an additional field how sensititive is your data guide for the Preparation a. When identity theft occurs a cognizant original classification Authority 's which of the following does a security classification guide provide OCA ) information... Guide ( SCG ) an original classification decisions that can be used as a source document when creating classified. Substance abuse ; divided loyalty or allegiance to the U.S. ; or,... Practices reduces the chance of becoming a target by adversaries seeking insider information monitors your while... Attack targets particular individuals, groups of people, or organizations be expected to cause damage corrupting... ' or revealed following can an unauthorized disclosure of information classified as Confidential reasonably be expected cause.