Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Department of Energy’s Official Use Only

Published byAndy Suffern Modified over 9 years ago

Similar presentations

Presentation on theme: "The Department of Energy’s Official Use Only"— Presentation transcript:

1 The Department of Energy’s Official Use Only
OUO The Department of Energy’s Official Use Only

2 Why Official Use Only? Consolidates most CUI information within DOE
4/8/2017 Why Official Use Only? Consolidates most CUI information within DOE Includes unclassified controlled information which is not governed by a DOE-wide directive (e.g., Export Controlled Information, Protected Cooperative Research and Development Information, Applied Technology) Does not include Unclassified Controlled Nuclear Information (UCNI), which is governed by DOE Order 471.1A and DOE Manual Unclassified Naval Nuclear Propulsion Information, which is Naval Reactors information OUO ensures consistent handling and protection of unclassified information throughout the complex OUO ensures information is not released through informal methods (posted on a website or sent to a person without a need-to-know the information) OUO consolidates most unclassified controlled information. Some types of unclassified controlled information has program-issued guidance, but is not governed by a DOE-wide directive. In the past, people were uncertain how protect such information. OUO provides minimal and consistent protection standards for all unclassified controlled information. OUO does not mean the information CANNOT be released to the public. It only means that the information must have an appropriate review to determine if it may be released. The OUO marking also ensures that information a DOE employee feels meets the criteria for OUO is not released through informal means (posted on a website or given to a person without a need-to-know).

3 What is OUO Information?
4/8/2017 What is OUO Information? Official Use Only Draft Documents Applied Technology Prior to the creation of OUO, there were over 60 different markings for controlling information within the DOE. When this information was sent outside the office of origin, there were no instructions or standards for how to handle the information, who could have access to the information, or how to protect the information. Most of these types of information now fall under the OUO umbrella. OUO includes may different types of information, including Export Controlled Information, Personally Identifiable Information, and many others. Some of these may require supplemental markings, and some may have additional access restrictions or stricter protection requirements, but they are all OUO. Attorney-Client Attorney-Work Patent Information Personally Identifiable Information Export Controlled Information Intellectual Property Source Selection Information Sensitive Nuclear Technology Business Confidential Privacy Act Information Proprietary Information

4 Who has Responsibility for OUO?
The Office of Classification is responsible for developing DOE’s overall policy and guidelines for identifying and protecting OUO The Chief Information Officer (CIO) issues guidance regarding the protection of OUO and other sensitive information on DOE information systems and the identification of PII Program Offices determine the specific information within their purview that is OUO

5 When Must a Document be Reviewed for OUO?
4/8/2017 When Must a Document be Reviewed for OUO? “An unclassified document originated within a program element must be evaluated to determine whether it contains OUO information.”* If the originator believes the document contains sensitive information, it should be reviewed prior to being finalized, released by the originator outside of the activity or office, or filed Documents originated prior to April 9, 2003 (when the OUO program was established), must be reviewed if they are going to be publicly released if the possessor believes there is a potential for the document to contain sensitive information *DOE Order 471.3, Identifying and Protecting Official Use Only

6 Who has Authority to Identify OUO?
4/8/2017 Who has Authority to Identify OUO? Any employee, Federal or contractor, from an office with cognizance over the information, may make OUO determinations for unclassified documents originated within his/her office, produced for his/her office, or under the control of his/her office

7 Who has Authority to Identify OUO?
4/8/2017 Who has Authority to Identify OUO? No special authority or designation or training required Training is highly recommended Training via PowerPoint presentation is available from the Office of Quality Management Should be familiar with OUO directives Some Program Offices may have additional requirements (training, specific personnel, etc.)

8 What is the Criteria for OUO Information?
4/8/2017 What is the Criteria for OUO Information? Certain unclassified information that meets the following two criteria Damage: In the opinion of the person making the determination, has the potential to damage Governmental, commercial, or private interests if released to persons who don’t need it to do their jobs or DOE-authorized activity Potentially Falls under a FOIA Exemption: In the opinion of the person making the determination, may fall under at least one of the FOIA exemptions (2-9) AND

9 What is the Basis for OUO Determinations?
4/8/2017 What is the Basis for OUO Determinations? Guidance Approved by the Office of Classification Issued by the Office of Classification, a program office or a DOE/NNSA contractor Individual Determination Release could cause damage May fall under a FOIA exemption

10 How Do You Make an OUO Determination?
Step 1 Is the information covered by Guidance? If there is guidance Information that is OUO according to guidance must be identified as OUO If there is no guidance, proceed to Step 2

11 How Do You Make an OUO Determination?
Step 2 Do you think the information could damage Governmental, commercial, or private interests if given to someone who doesn’t need it to perform his or her job or other DOE-authorized activity? If not, the information is not OUO If you feel the release of the information could cause damage, the information might be OUO Proceed to Step 3

12 How Do You Make an OUO Determination?
4/8/2017 How Do You Make an OUO Determination? Step 3 Do you think the information could fall under one of the FOIA exemptions (2-9)? If, you feel the release of the information could case damage and the information potentially falls under a FOIA exemption, the information is OUO

13 How does OUO relate to the FOIA Exemptions?
NSI OUO CLASSIFIED NOT DOE RD/FRD OUO 3, Statutory Exemption UCNI Controlled by UCNI Directives

14 Does OUO Mean the Information is Exempt from Release under the FOIA?
4/8/2017 Does OUO Mean the Information is Exempt from Release under the FOIA? OUO is not a determination that information is FOIA exempt OUO is a determination that the information may be FOIA exempt OUO markings ensure a document is not publicly released without an appropriate review If an OUO document is requested under the FOIA, a FOIA Authorizing Official must determine whether the information must be released Only a FOIA Official may determine that information is FOIA exempt The threshold for withholding information under the FOIA is higher, requires in-depth knowledge of FOIA OUO  FOIA Exempt

15 OUO and the FOIA Exemptions
4/8/2017 OUO and the FOIA Exemptions Exemption 1 – National Security Information Information classified by Executive order Identification and protection governed by executive order, regulation and directives IS NEVER OUO

16 OUO and the FOIA Exemptions
4/8/2017 OUO and the FOIA Exemptions Exemption 2 – Circumvention of Statute Disclosure of the information would benefit someone trying to violate a law or regulation Note: The statute or regulation does not have to be identified

17 4/8/2017 OUO Based on Exemption 2 OUO based on “circumvention of statute” may be applied to many unclassified documents that could be misused by an adversary

18 OUO Based on Exemption 2 Exemption 2 Examples
4/8/2017 OUO Based on Exemption 2 Exemption 2 Examples Security-related information Inspection and appraisal procedures Self-assessments Vulnerability assessments Agency computer access codes Information concerning critical systems, facilities, stockpiles, or other assets subject to harm OUO based on exemption 2 is often security-related information that could be used to gain access to facilities. Such information may be in a classified subject area, and may be found in a classification guide. If the information is in a classified subject area, you should have a DC review it to be sure it isn’t classified. Note: OUO based on FOIA Exemption 2 is often found in security-related classification guides – may have to consult a DC to make sure the information is not classified

19 OUO and FOIA Exemptions
4/8/2017 OUO and FOIA Exemptions Exemption 3 – Statutory Exemption Disclosure of information is prohibited by statute Not OUO if Information is otherwise classified or controlled (e.g., RD, FRD, UCNI, NNPI) Several Exemption 3 statues are routinely used within DOE If not sure Exemption 3 applies, should ask for interpretation from General Counsel to determine if statute qualifies NOTE: The determination must be based on statute, but the statute does not have to be identified on the stamp.

20 Exemption 3 Examples OUO Based on Exemption 3
4/8/2017 OUO Based on Exemption 3 Exemption 3 Examples Federal Technology Transfer Act – Protected CRADA information Procurement Integrity Act – Source selection information Internal Revenue Code – taxpayer identification numbers

21 OUO and the FOIA Exemptions
4/8/2017 OUO and the FOIA Exemptions Exemption 4 – Commercial/Proprietary Trade secrets Commercial or financial information whose release would Impair the government’s ability to obtain information in the future, or Cause competitive harm

22 Corporate/Private Documents Marked Proprietary
OUO Based on Exemption 4 Corporate/Private Documents Marked Proprietary Indicates a company feels release of the information would cause competitive harm Examples Business Confidential Company Proprietary Proprietary Information

23 Note: Not all contractor information is OUO under Exemption 4
4/8/2017 OUO Based on Exemption 4 Exemption 4 Examples Trade secret information (Coca Cola) Financial information, such as income, profits, losses, costs Contract proposal, solicited or unsolicited Customer/supplier lists Note: Not all contractor information is OUO under Exemption 4

24 OUO and the FOIA Exemptions
Exemption 5 – Privileged Information Three primary privileges Deliberative process (a.k.a. “predecisional”) Attorney Work-Product Attorney-Client

25 Exemption 5 – Privileged Information
OUO Based on Exemption 5 Exemption 5 – Privileged Information Reasons deliberative process information is not released To encourage open, frank discussions on matters of policy between subordinates and superiors To protect against premature disclosure of proposed policies before they are adopted To protect against public confusion that might result from disclosure of reasons and rationales that were not the grounds for an agency's action

26 OUO Based on Exemption 5 Not just any deliberative process document
Must have the potential for damage Refer to the reasons for not releasing to make determination

27 OUO Based on Exemption 5 May protect review/comment process even after decision is made Examples Protected only before final document is released - a draft report of an enforcement action may be OUO during the decision making process and the final report might not be OUO if it must be publicly released Protected before and after final document is released - a draft report of a directive could be OUO during decision making and after the final report is issued because release of the draft may cause confusion between the draft and the final directive

28 OUO Based on Exemption 5 Exemption 5 Examples
Documents concerning budget cuts Documents concerning cancellation of a program Documents concerning DOE property purchases

29 OUO and the FOIA Exemptions
4/8/2017 OUO and the FOIA Exemptions Exemption 6 – Personal Privacy Constitutes a “clearly unwarranted invasion of personal privacy” Personal information that might cause distress or embarrassment, or risk identity theft

30 Personally Identifiable Information (PII)
OUO Based on Exemption 6 4/8/2017 Personally Identifiable Information (PII) Certain OUO information based on exemption 6 (personal privacy) Examples (when associated with an individual) Social Security Number (even when not associated with an individual) Place of birth, date of birth Mother’s maiden name Medical history Financial data Performance ratings Within DOE there are special requirements for certain information in electronic format. This information is referred to as Personally Identifiable Information. The CIO has distributed guidance for PII. In hard copy, PII should be marked and protected as OUO>

31 Personally Identifiable Information (PII)
OUO Based on Exemption 6 4/8/2017 Personally Identifiable Information (PII) In hard copy - mark and protect as OUO, using Exemption 6, Personal Privacy Within DOE there are special requirements for certain information in electronic format. This information is referred to as Personally Identifiable Information. The CIO has distributed guidance for PII. In hard copy, PII should be marked and protected as OUO>

32 Not OUO Based on Exemption 6
4/8/2017 Not OUO Based on Exemption 6 Information not OUO under Exemption 6 Federal employee’s name, title, grade, position description, and duty station Note: May be OUO if release of information would pose a risk to person’s safety or interfere with intelligence or law enforcement programs

33 OUO and the FOIA Exemptions
4/8/2017 OUO and the FOIA Exemptions Exemption 7 – Law Enforcement Investigative information Law enforcement procedures Exemption 7 Examples Law enforcement manuals and guidelines Statements of witnesses during an investigation

34 OUO and the FOIA Exemptions
4/8/2017 OUO and the FOIA Exemptions Exemption 8 – Financial Institutions Evaluations of financial institution’s stability prepared by, on behalf of, or for use of an agency responsible for regulation of financial institutions (FDIC, etc.) Exemption 8 Example Bank examination reports The exemption does not apply to documents created by DOE because DOE is not responsible for the regulation of financial institutions.

35 OUO and the FOIA Exemptions
4/8/2017 OUO and the FOIA Exemptions Exemption 9 – Wells Technical and scientific information about any type of well Exemption 9 Examples Geothermal well BTU production Ground water inventories and well yields in gallons per minute Natural gas reserves

36 Often-used Exemptions in DOE
4/8/2017 Often-used Exemptions in DOE Commonly used exemptions Exemption 2, Circumvention of Statute Usually covered by classification guidance May need to consult a Derivative Classifier to ensure information is not classified Exemption 4, Commercial/Proprietary Exemption 5, Privileged Information Very little guidance Decision depends on perception of damage Exemption 6, Personal Privacy The most commonly used exemptions in the DOE are exemptions 2, 5, and 6. Exemption 2, circumvention of statute is usually in a classified subject area and covered by classification guidance. You may need to consult a derivative classifier to make sure the information is not classified. Unlike 2, there is very little guidance for exemption 5. When using exemption 5 consider that the reason for the exemption is to protect the decision making process. If you do not feel the release of a document would cause harm to the process, it is not OUO. The other commonly used exemption is 6, personal privacy information. Any information linked to an individual which may cause embarrassment, should be identified as OUO.

37 OUO Determinations - Summary
4/8/2017 OUO Determinations - Summary If guidance states information is OUO it must be identified as OUO If there is no guidance Information must meet criteria of damage and In the opinion of the person, fall under FOIA exemptions 2-9 Many determinations are discretionary Assessment may vary among program offices/employees What is sensitive for one agency/employee may not be for another YOU decide when to use the tool

38 Basing OUO Determinations on FOIA Exemptions
For more information refer to DOE G

39 What Should You do if You Aren’t Sure it’s OUO?
4/8/2017 What Should You do if You Aren’t Sure it’s OUO? Seek advice Other employees Supervisor Office of Classification

40 How is OUO Marked?

41 Markings are Important
XXXXX XX X XXXXXX XXX XX XXXXXXXXXX XXXXXXXX XXXXXXXXX. DRAFT XXXXX XX X XXXXXX XXX XX XXXXXXXXXX XXXXXXXX XXXXXXXXX. BUSINESS CONFIDENTIAL Various markings used to indicate sensitive information cause confusion Not certain if document needs protection Not certain how to protect document May have to call to determine intent No mandated protection XXXXX XX X XXXXXX XXX XX XXXXXXXXXX XXXXXXXX XXXXXXXXX. PROPRIETARY XXXXX XX X XXXXXX XXX XX XXXXXXXXXX XXXXXXXX XXXXXXXXX. PRE-DECISIONAL

42 OUO Marking OUO Markings Without OUO markings
Ensures everyone understands a documents must be protected Ensures everyone knows how it must be protected Without OUO markings Does not require protection No recourse if information is released

43 How are OUO Documents Marked?
4/8/2017 How are OUO Documents Marked? Front Marking – Determination based on Guidance (Classification/Control Guides) Exemption Number Exemption Name OFFICIAL USE ONLY May be exempt from public release under the Freedom of Information Act (5 U.S.C. 552), exemption number and category: 5, Privileged Information Department of Energy review required before public release Name/Org: John Smithson, NA Date: 4/11/07 Guidance (if applicable): CG-SS-4 Name AND Organization Date of Determination Short Name of Guide Markings are for example purposes only

44 How are OUO Documents Marked?
4/8/2017 How are OUO Documents Marked? Front Marking – Determination based on Damage and FOIA Exemption Exemption Number Exemption Name OFFICIAL USE ONLY May be exempt from public release under the Freedom of Information Act (5 U.S.C. 552), exemption number and category: 5, Privileged Information Department of Energy review required before public release Name/Org: John Smithson, NA Date: 4/11/07 Guidance (if applicable): N/A Name AND Organization Date of Determination Suggest N/A if guidance is not used Markings are for example purposes only

45 Requirements – Front Marking
4/8/2017 Requirements – Front Marking Exemption Category Name Circumvention of Statute Statutory Exemption Commercial/Proprietary Privileged Information Personal Privacy Law Enforcement Financial Institutions Wells

46 How are OUO Documents Marked?
4/8/2017 How are OUO Documents Marked? Page Marking OFFICIAL USE ONLY On bottom of all pages OR On bottom of only those pages containing OUO information XXXXX XX X XXXXXX XXX XX XXXXXXXXXX XXXXXXXX XXXXXXXXX. XX XXXXXXX XXXXX XXXX XXXXXXXXX XX XXXXXX. XX XXXX XXXXXXX X XXXXX XXXXXX XXXX XXXX. OFFICIAL USE ONLY Markings are for example purposes only

47 How are OUO Documents Marked?
4/8/2017 How are OUO Documents Marked? Mandatory Supplemental Markings Markings required by law, regulation, or other DOE directives that convey additional advice on handling or access restrictions Used in addition to, not in place of, OUO markings (both types of markings must appear on the document) OUO markings ensure consistent protection and handling throughout DOE Examples Protected Cooperative Research and Development Agreement (CRADA) Information Export Controlled Information (ECI) Applied Technology information (AT) Source Selection Information – See FAR and 3.104

48 Sample of OUO Document with Supplemental Marking (CRADA)
4/8/2017 Sample of OUO Document with Supplemental Marking (CRADA) XXX XXXXXX XX XXXXXXX XXXXX XXXXXXXXXXXX XXXXXX XXXXXXX. Xxxx xxxxxx xxxxxxxxx xxx xxxxxxxx xxxx xxxxxxx xxxxxxxxx xxx xxxxxxxxxxx, xxxxxxx, xxx xxxxxxxxxx Xxxxxxxx Xxx Xxxx (XXX) xxxxxxxxxxx. Xxxxx xxxxxxxx xxxxxxx xxxxxxxxx xxxxxxxxxx xxx xxxxxxxxxx xxxxxxxxx. Xxxxxxx X xxxxxxxxx xxx xxxxxxxxxxxx xxx xxxxxxxxxxx xxx xxxxxxx XXX xxxxxxxxxxx; Xxxxxxx XX xxxxxxxxx xxxxxxxxxx XXX xxxxxxxxxxx. Xxx Xxxxxxxxxx Xxxxxxxxxxxx Xxxxxxxx (XXX), Xxxxxxxxxx x, xxxx xxxxx xxxxxxxxxxxx xx xxx Xxxxxx xxx xxxxx xx xxx/xxxxxxxx xxxxxxxxxx xxxxxxxxxxx. XXXXXXX. Xxxxxxxx xxxxxxxxxx xxxx Xxxxxx xxxxxx xx xxxxxxxxx xx Xxxxxxxxxxx Xxxxxxxxxxxxxx xxx Xxxxxxx Xxxxxx xx xxx-xxx-xxxx. Protected CRADA Information This product contains Protected CRADA Information which was produced on 11/6/06 under CRADA No and is not to be further disclosed for a period of five years from the date it was produced except as expressly provided for in the CRADA. OFFICIAL USE ONLY Markings are for example purposes only

49 Markings are for example purposes only
4/8/2017 How is Document Containing OUO and National Security Information Marked? Do not apply OUO front and page markings Do apply title marking portion marking Markings. OUO markings are not applied to classified matter unless the marking is being used for portion marking or for marking the title or subject of a document. In essence, the marking serves as a warning to prevent the document from being released to the public inadvertently or unintentionally. It does not necessarily exempt the information from release, but identifies that the information may be exempt if it were to be requested. review required prior to Derivative Declassifier declassification Classified By: Jane Doe, General Engineer, HS-93 Derived From: CG-SS-4, 09/12/00, DOE OC Declassify On: September 20, 2009 Markings are for example purposes only

50 How is a Document Containing OUO and UCNI Marked?
4/8/2017 How is a Document Containing OUO and UCNI Marked? Apply front marking to unclassified documents containing OUO information even if there is an UCNI marking to alert holder of presence of OUO information For interior pages may use only highest category of information (UCNI) in the document or on individual pages UCNI UCNI INTERIOR PAGE FRONT PAGE OFFICIAL USE ONLY (5 U.S.C. 552), exemption number and Category: _2, Circumvention____ May be exempt from public release under the Freedom of Information Act __of Statute__________________________________________________ Department of Energy Review required before public release Name/Org: ___Jane Doe, SP-51________________ Date: __4/14/06__ Guidance (if applicable): __CG-SS-4_______________ UCNI Markings. OUO markings are not applied to classified matter unless the marking is being used for portion marking or for marking the title or subject of a document. In essence, the marking serves as a warning to prevent the document from being released to the public inadvertently or unintentionally. It does not necessarily exempt the information from release, but identifies that the information may be exempt if it were to be requested. UNCLASSIFIED CONTROLLED NUCLEAR INFORMATION NOT FOR PUBLIC DISSEMINATION Unauthorized dissemination subject to civil and criminal sanctions under Section 148 of the Atomic Energy Act of 1954, as amended (42 U.S.C. 2168). Reviewing Official: __Jane Doe, HS-91_________________________________ Date: _____4/15/03_______________________________________ Guidance Used: ____CG-UCNI-1______________________________________________ Markings are for example purposes only

51 How Do You Mark Other-agency CUI?
4/8/2017 How Do You Mark Other-agency CUI? Work for Others Markings dictated by sponsoring organization Follow sponsoring organization guidance Use in DOE documents Apply OUO markings to documents that use other-agency CUI information Portion mark as OUO Examples of other agency CUI markings

52 Who Has Authority to Remove OUO Markings?
4/8/2017 Who Has Authority to Remove OUO Markings? If markings applied are based on guidance Any person authorized to use guidance when guidance specifies information is no longer OUO FOIA Authorizing Official who approves release of document requested under the FOIA

53 Who Has Authority to Remove OUO Markings?
4/8/2017 Who Has Authority to Remove OUO Markings? If markings applied are based on an individual’s determination Employee who initially applied markings That employee’s supervisor FOIA Authorizing Official who approves release of document requested under FOIA

54 How are OUO Markings Removed?
4/8/2017 How are OUO Markings Removed? Person making the determination Crosses out OUO front, page, and any supplemental markings Places following marking on front of document: DOES NOT CONTAIN OFFICIAL USE ONLY INFORMATION Name/Org: Michael Kieszkowski, IM Date: _4/30/03_

55 How is a Document Transmitting OUO Marked?
4/8/2017 How is a Document Transmitting OUO Marked? Required if transmittal document itself does not contain classified or controlled information Calls attention to presence of OUO information in attachment Document transmitted contains OUO information Markings are for example purposes only

56 Sample Marking of Document Transmitting OUO
4/8/2017 Sample Marking of Document Transmitting OUO XXX XXXXXX XX XXXXXXX XXXXX XXXXXXXXXXXX XXXXXX XXXXXXX. Xxxx xxxxxx xxxxxxxxx xxx xxxxxxxx xxxx xxxxxxx xxxxxxxxx xxx xxxxxxxxxxx, xxxxxxx, xxx xxxxxxxxxx Xxxxxxxx Xxx Xxxx (XXX) xxxxxxxxxxx. Xxxxx xxxxxxxx xxxxxxx xxxxxxxxx xxxxxxxxxx xxx xxxxxxxxxx xxxxxxxxx. Xxxxxxx X xxxxxxxxx xxx xxxxxxxxxxxx xxx xxxxxxxxxxx xxx xxxxxxx XXX xxxxxxxxxxx; Xxxxxxx XX xxxxxxxxx xxxxxxxxxx XXX xxxxxxxxxxx. Xxx Xxxxxxxxxx Xxxxxxxxxxxx Xxxxxxxx (XXX), Xxxxxxxxxx x, xxxx xxxxx xxxxxxxxxxxx xx xxx Xxxxxx xxx xxxxx xx xxx/xxxxxxxx xxxxxxxxxx xxxxxxxxxxx. XXXXXXX. Xxxxxxxx xxxxxxxxxx xxxx Xxxxxx xxxxxx xx xxxxxxxxx xx Xxxxxxxxxxx Xxxxxxxxxxxxxx xxx Xxxxxxx Xxxxxx xx xxx-xxx-xxxx. Attachment contains OUO, transmitting document does not contain OUO Document transmitted contains OUO Information Markings are for example purposes only

57 How is an OUO Document that Transmits a Classified Document Marked?
4/8/2017 How is an OUO Document that Transmits a Classified Document Marked? SECRET XXX XXXXXX XX XXXXXXX XXXXX XXXXXXXXXXXX XXXXXX XXXXXXX. Xxxx xxxxxx xxxxxxxxx xxx xxxxxxxx xxxx xxxxxxx xxxxxxxxx xxx xxxxxxxxxxx, xxxxxxx, xxx xxxxxxxxxx Xxxxxxxx Xxx Xxxx (XXX) xxxxxxxxxxx. Xxxxx xxxxxxxx xxxxxxx xxxxxxxxx xxxxxxxxxx xxx xxxxxxxxxx xxxxxxxxx. Xxxxxxx X xxxxxxxxx xxx xxxxxxxxxxxx xxx xxxxxxxxxxx xxx xxxxxxx XXX xxxxxxxxxxx; Xxxxxxx XX xxxxxxxxx xxxxxxxxxx XXX xxxxxxxxxxx. Xxx Xxxxxxxxxx Xxxxxxxxxxxx Xxxxxxxx (XXX), Xxxxxxxxxx x, xxxx xxxxx xxxxxxxxxxxx xx xxx Xxxxxx xxx xxxxx xx xxx/xxxxxxxx xxxxxxxxxx xxxxxxxxxxx. XXXXXXX. Xxxxxxxx xxxxxxxxxx xxxx Xxxxxx xxxxxx xx xxxxxxxxx xx Xxxxxxxxxxx Xxxxxxxxxxxxxx xxx Xxxxxxx Xxxxxx xx xxx-xxx-xxxx. Document must be portion marked if document transmitted is NSI Document transmitted herewith contains Secret/Restricted Data When separated from enclosures, handle this document as OUO SECRET Markings are for example purposes only

58 How is an E-mail containing OUO Marked?
4/8/2017 How is an containing OUO Marked? First line of message Insert “OUO” before text If attachment to message is OUO Message must so indicate Attachment must be marked correctly

59 Are there Marking Exceptions?
Restricted Access Files Centralized records storage locations or systems where access is limited to only those specific individuals with a need to know the information in the records, such as central personnel files Do not need to be reviewed and marked while in these files or when retrieved from these files if they will be returned to the files and they are not accessible by unauthorized personnel If document is not to be returned to files, it must be reviewed for OUO and, if appropriate, marked

60 Are there Marking Exceptions?
4/8/2017 Are there Marking Exceptions? Documents Containing OUO Generated Before DOE M (4/9/03) No requirement to update markings to conform to the new manual No requirement to review unless to be publicly released OUO determination may be made by anyone in organization that currently has cognizance over information in document must use current markings if contains OUO

61 OUO Protecting OUO

62 Who May have Access to OUO?
4/8/2017 Who May have Access to OUO? Anyone needing the information to perform his/her job or other DOE-authorized activity No security clearance required Not limited to DOE employees No requirement for US citizenship Some OUO may have additional access restrictions (Export Controlled Information, Source Selection Information, etc.) Determination made by person possessing document – not person wanting the document

63 What are the Cyber Security Requirements for OUO?
Since the OUO Manual was published, the Office of the Chief Information Officer issued Technical and Management Requirements, Protection of Sensitive Unclassified Information, Including Personally Identifiable Information (TMR-22) TMR-22 requires senior management to develop Program Cyber Security Plans (PCSP) which are consistent with TMR-22 The DOE HQ PSCP requires HQ to follow TMR-22 If not with DOE HQ, recommend following TMR-22 requirements until you receive clarification from local cyber security

64 What are the Cyber Security Requirements for OUO?
TMR-22 (and DOE HQ) Requirements OUO must be encrypted during transmission (If person receiving OUO does not have Entrust, contact cyber security for approved alternate method of transmission) OUO on portable/mobile devices and removable media (e.g., CDROMS, thumb drives) must be encrypted

65 How is OUO Transmitted by phone?
4/8/2017 How is OUO Transmitted by phone? Transmitting over voice circuits Use encryption whenever possible If unavailable and other encrypted means not feasible alternative, regular voice circuits allowed

66 4/8/2017 How is OUO Transmitted? Transmitting by hand between facilities or within a facility May be hand-carried Must control access to document

67 How is OUO Transmitted? Transmitting by mail – inside facility
4/8/2017 How is OUO Transmitted? Transmitting by mail – inside facility Place in sealed, opaque envelope or wrapping with recipient’s address, and “TO BE OPENED BY ADDRESSEE ONLY” on outside TO BE OPENED BY ADDRESSEE ONLY

68 How is OUO Transmitted? Transmitting by mail – outside facility
4/8/2017 How is OUO Transmitted? Transmitting by mail – outside facility Place in sealed, opaque envelope or wrapping with recipient’s address, return address, and “TO BE OPENED BY ADDRESSEE ONLY” on outside (same requirements as inside facility, but must include return address) U.S. mail – First Class, Express, Certified, Registered Any commercial carrier

69 How is OUO Protected? In Use
4/8/2017 How is OUO Protected? In Use Take reasonable precautions to prevent access by persons who don’t need the information to do their jobs For example, don’t read an OUO document in a public place (in the cafeteria, on public transportation) OUO

70 How is OUO Protected? Storing
4/8/2017 How is OUO Protected? Storing With internal building security during non-duty hours - Unlocked file cabinet, desk, briefcase, etc. No internal building security during non-duty hours - Locked room or locked file cabinet, desk, briefcase, etc.

71 How is OUO Protected? Copying No permission from originator needed
4/8/2017 How is OUO Protected? Copying No permission from originator needed Make minimum number of copies Mark and protect copies

72 How is OUO Protected? Destroying
4/8/2017 How is OUO Protected? Destroying Strip-cut shredder with strips no more than ¼” wide Any other method approved by local security office

73 Protection Requirements
4/8/2017 Protection Requirements Apply to DOE OUO documents Other-agency CUI documents AND FOUO SBU LOU ACI

74 What are Inappropriate Uses of OUO?
OUO must not be used to Conceal violations of law, inefficiency, or administrative error Prevent embarrassment to an organization or agency Prevent or delay the release of information that does not meet the criteria to be designated as OUO

75 Are There Penalties for Misuse of OUO?
4/8/2017 Are There Penalties for Misuse of OUO? Imposed if person Intentionally releases OUO information from document marked “OUO” Intentionally or negligently releases an OUO document Intentionally does not mark a document known to contain OUO information Intentionally marks a document “OUO” known not to contain OUO information

76 What Penalties are Possible?
4/8/2017 What Penalties are Possible? Examples of penalties (DOE ) Verbal admonishment Written reprimand Suspension Termination Supervisor

77 Directives OUO Directives Issued 4/9/03
4/8/2017 Directives OUO Directives Issued 4/9/03 DOE Order Requirements and responsibilities DOE Manual Detailed instructions for implementing requirements DOE Guide Assists an employee in deciding whether information falls under one of the eight FOIA exemptions

78 Questions or comments? Call TPMC Security at ext . 3452 or e-mail

Download ppt "The Department of Energy’s Official Use Only"

Similar presentations

EcoTherm Plus WGB-K 20 E 4,5 – 20 kW.

EcoTherm Plus WGB-K 20 E 4,5 – 20 kW.
AGVISE Laboratories %Zone or Grid Samples – Northwood laboratory

AGVISE Laboratories %Zone or Grid Samples – Northwood laboratory
Trend for Precision Soil Testing % Zone or Grid Samples Tested compared to Total Samples.

Trend for Precision Soil Testing % Zone or Grid Samples Tested compared to Total Samples.
FREEDOM OF INFORMATION EXECUTIVE BRIEFING PART II.

FREEDOM OF INFORMATION EXECUTIVE BRIEFING PART II.
EuroCondens SGB 125- 300 E.

EuroCondens SGB E.
Select from the most commonly used minutes below.

Select from the most commonly used minutes below.
Sequential Logic Design

Sequential Logic Design
Copyright © 2013 Elsevier Inc. All rights reserved.

Copyright © 2013 Elsevier Inc. All rights reserved.
David Burdett May 11, 2004 Package Binding for WS CDL.

David Burdett May 11, 2004 Package Binding for WS CDL.
NTDB ® Annual Report 2010 © American College of Surgeons 2010. All Rights Reserved Worldwide National Trauma Data Bank 2010 Annual Report.

NTDB ® Annual Report 2010 © American College of Surgeons All Rights Reserved Worldwide National Trauma Data Bank 2010 Annual Report.
EQUS Conference - Brussels, June 16, 2011 Ambros Uchtenhagen, Michael Schaub Minimum Quality Standards in the field of Drug Demand Reduction Parallel Session.

EQUS Conference - Brussels, June 16, 2011 Ambros Uchtenhagen, Michael Schaub Minimum Quality Standards in the field of Drug Demand Reduction Parallel Session.
Create an Application Title 1Y - Youth Chapter 5.

Create an Application Title 1Y - Youth Chapter 5.
Add Governors Discretionary (1G) Grants Chapter 6.

Add Governors Discretionary (1G) Grants Chapter 6.
CALENDAR.

CALENDAR.
CHAPTER 18 The Ankle and Lower Leg

CHAPTER 18 The Ankle and Lower Leg
The 5S numbers game..

The 5S numbers game..
A Fractional Order (Proportional and Derivative) Motion Controller Design for A Class of Second-order Systems Center for Self-Organizing Intelligent.

A Fractional Order (Proportional and Derivative) Motion Controller Design for A Class of Second-order Systems Center for Self-Organizing Intelligent.
Welcome. © 2008 ADP, Inc. 2 Overview A Look at the Web Site Question and Answer Session Agenda.

Welcome. © 2008 ADP, Inc. 2 Overview A Look at the Web Site Question and Answer Session Agenda.
Student & Work Study Employment Facts & Time Card Training

Student & Work Study Employment Facts & Time Card Training
Break Time Remaining 10:00.

Break Time Remaining 10:00.

Similar presentations

Ads by Google