Monday, July 25, 2016

Transmission of Classified Information

NISPOM
This article continues the series covering the Self-Inspection Handbook For NISP Contractors and guidance found in the National Industrial Security Program Operating Manual (NISPOM) Incorporating Change 2.  

The transmission of classified information is an important concern. Classified information should be controlled as it enters and leaves each facility. Each facility that has a CAGE Code should have it’s own transmission process meeting NISPOM requirements. How is yours doing? Lets find out.


Question:

Are procedures established for proper receipt and inspection of classified transmittals?

Here’s what NISPOM says on the subject. Our narrative follows:

5-202. Receiving Classified Material. Procedures shall be established to ensure that classified material, regardless of delivery method, is received directly by authorized personnel. The material shall be examined for evidence of tampering and the classified contents shall be checked against the receipt. Discrepancies in the contents of a package or absence of a receipt for TOP SECRET and SECRET material shall be reported promptly to the sender.

How to apply the NISPOM (some of this article is from the book DoD Security Clearance and Contracts Guidebook)

Receipt by authorized personnel
The FSO should ensure all arriving classified information is inspected and received into accountability by authorized personnel. Many cleared contractors establish a centralized classified information holding where all classified is processed in and out of the facility and is managed like a library. Others have classified information dispersed throughout the facility where needed. Either way works depending on how it is managed. Regardless of where classified information is stored, it must be properly received by the authorized cleared employees.

What The material shall be examined for evidence of tampering and the classified contents shall be checked against the receipt.
Classified information should arrive in the same condition it was shipped in and contain the exact information as it left with. Due diligence is necessary to ensure that classified information has not been compromised, is related to a contract, and is properly marked.

Inspecting or examining the received material begins with looking at the outside package and looking for condition. Regardless of transmission methods of physical items (mail, courier, overnight, hand carry and etc.) classified material should be double wrapped. Each layer serves to protect the classified material from inadvertent and unauthorized disclosure and should be properly addressed. Anything ripped or seemingly re-taped should be further investigated.

Detailed Inspection Requirements
Regardless of transmission methods, the recipient should examine the outer wrapping for evidence of tampering or to compromise of classified material. Classified material should be double wrapped with two independent layers of protection. Each layer should consists of opaque material such as an envelope, paper, box or other strong wrapping material.

The receiver should look for evidence of tearing, ripping, re-wrapping or some other means of unauthorized access to the material. Then review the shipping label for a classified mailing address and return address. There should be no classification markings on the outer layer of the item as classification markings on the outside of a package are a security violation.

The inner layer should be inspected the same way as the outer layer for evidence of tampering or unauthorized disclosure (Figure 1). However, the inside wrapping should contain the full address of the recipient as well as classification markings on the top, bottom, front and back, and sides (Figure 2). TOP SECRET and SECRET material should have a packing list or receipt. Receipts are not necessary with the shipment of CONFIDENTIAL material. If a receipt is included, the receiver should sign it and return it to the sender.
 
Figure 1 Torn outer cover of classified package
The receiver should then check the receipt against the contents to ensure the items are listed correctly and accounted for. The properly filled out receipt should list the sender, the addressee, and correctly identify the contents by an unclassified title and appropriate quantity. Since the receipt may be filed for administrative and compliance purposes, the inspector should ensure it contains no classified information.

Figure 2 Properly marked classified package (inner wrapper)
The receiver should compare the classification marking on the contents with the wrapper and the receipt to once again verify the classification level and prevent unauthorized disclosure.

Discrepancies in the contents of a package or absence of a receipt for TOP SECRET and SECRET material shall be reported promptly to the sender.

Any problems resulting from the examination and inspection should be addressed with the sender. Both should determine whether or not a security incident exists or other explanation. Sometimes packages are ripped, poorly wrapped, or damaged during shipment. The parties should make that determination.

If the shipment is in order, the receipt shall be signed and returned to the sender. If a receipt is included with CONFIDENTIAL material, it shall be signed and returned to the sender.

Once all the checks and verifications are complete, the receiver can then sign a copy of the receipt and return to the sender, thus closing the loop on the sender’s accounting responsibilities.

 VALIDATION:
  
Capture names of employees authorized to inspect and transmit classified information.

Record of authorized employee securitytraining.

Keep a pedigree of all transmitted classified information from receipt to final disposition. This is a receipt log that explains the lifecycle of classified information as received, stored, transmitted or destroyed.


Present classified transmission procedures if written. 

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

No comments: