Five Good Points to Consider In the Reproduction of Classified Information
1. Start at the beginning; establish controls to limit access to classified information. An Information management system, access control system or other means of controlling who accesses classified information, when they access it and what they do with it is the right place to start.
2. Establish policy controlling use of classified reproduction equipment. Copy machines, scanners and other reproduction equipment should be identified and designated for classified information reproduction. Additionally, all other enterprise equipment should be off limits to classified reproduction.
3. Control the use of unclassified reproduction equipment. This will help prevent security violations where authorized employees access classified information and copy it using public copiers, load them to unauthorized disks, fax them using unauthorized machines all in an effort to remove it from the company undetected.
4. The FSO should consider the type of equipment they purchase, lease or rent. When service contracts expire, repairs are needed, equipment is to be replaced or other transactions replacing or removing the equipment occur, the hard drive or memory should be destroyed or wiped in an approved manner to remove all stored classified information.
5. Afford copies the same level of protection as the original. Ensure the markings are legible and stand out. Also, assign document numbers to track the amount of copies made. For example, if a copy of a document assigned an internal document number 401is copied, the new number might be 401 copy1 or 401-01.
Information for the CIO, CSO, FSO, ISSO and other security professionals. Understanding NISPOM and ITAR compliance is tough. With over 12,000 cleared defense contractors, a majority of those don't have a security staff. We'll hope to help fill the gap. From security clearances to performing on classified contracts, you can find help here.
No comments:
Post a Comment