Presentation is loading. Please wait.

Presentation is loading. Please wait.

Section Three: Protection of Controlled Unclassified Information Note: All classified markings contained within this.

Published byOphelia Liliana Goodman Modified over 8 years ago

Similar presentations

Presentation on theme: "Section Three: Protection of Controlled Unclassified Information Note: All classified markings contained within this."— Presentation transcript:

1 Section Three: Protection of Controlled Unclassified Information Note: All classified markings contained within this presentation are for training purposes only.

2 Protection of Controlled Unclassified Information Overview
Controlled Unclassified Information (CUI) is information that has not been given a security classification but which is withheld from public disclosure such as: Private Information Export Controlled Information Sensitive But Unclassified (SBU) For Official Use Only (FOUO) Proprietary Proposal Information Company Proprietary / Private Information Competition Sensitive Personally Identifiable Information (PII) The loss, theft, or corruption of this information would likely have a serious or detrimental impact on the execution of {Company} programs and/or its personnel

3 Protection of Controlled Unclassified Information Protected and Unprotected Environments
Protection measures may vary depending on the environment in which the information is stored or handled Environments are defined as: Protected Environment Area where {Company} controls access (proximity readers, security officers, etc.) to help ensure that only authorized employees, resident subcontractors, and visitors are permitted entry Unprotected Environment Area where {Company} does not control access to building or work area (e.g., applicable remote sites and unprotected areas during business travel such as airplane cabins, coffee shops, etc.)

4 Protection of Controlled Unclassified Information Protected and Unprotected Environments (cont.)
While in unprotected environments individuals must Be cognizant of their surroundings while viewing and processing this information Take precautions to avoid unauthorized disclosure or loss Use laptop privacy screens and unclassified coversheets Encrypt all systems, media, and devices leaving {Company} facilities (Tailor to your facility’s policy) Any loss should be reported to the Security Department While in protected environments individuals must Attach unclassified coversheet to material (if available/used) Store in unlocked file, desk, office, or briefcase, or obscure from unauthorized viewing as a minimum

5 Protection of Controlled Unclassified Information Transmission and Disposition
When sending or receiving sensitive unclassified information individuals must Implement need-to-know criterion Employ available methods of safeguarding data while in transit (i.e., digital signatures, encryption methods, and classified fax machines, first class mail, password protected attachments, etc.) When no longer required, materials containing sensitive unclassified information will be promptly destroyed Cross-cut shred or dispose in shredder bins Sanitize IT systems Information owner may have additional protection requirements that will be addressed on a case-by-case basis

6 Protection of Controlled Unclassified Information Unclassified Marking Overview
Controlled unclassified documents should be marked accordingly: Bottom labeled appropriately (i.e., “For Official Use Only”) Outside of the front cover On each page containing controlled unclassified information Other material (i.e., slides, photos) will be marked to make recipients aware of the sensitivity NOTE: Controlled unclassified material being transmitted outside the DoD or its contractors facilities requires a statement explaining the marking “This document contains information EXEMPT FROM MANDATORY DISCLOSURE under the FOIA. Exemptions… (list FOIA exemption being used)… apply” FOR OFFICIAL USE ONLY Sample MEMORANDUM FROM: DS/ISP/APB TO: INR/EUR SUBJECT: (U) SECURITY AWARENESS TRAINING 1. (U//FOUO) I think that my Security Office is great and provides awesome support. I don’t know what I would do with out them. 2. This is the best security awareness training I have ever received. 3. Other agencies, like the State Department may use “Sensitive But Unclassified” (SBU) to mark CUI.

7 Protection of Controlled Unclassified Information Personally Identifiable Information (PII)
Defined as: Individual’s first name and last name or first initial and last name used in combination with any one or more of the following data elements: Social Security Number Driver’s license number or state-issued identification card number Financial account number, or credit card number, with or without any required security code, access code, personal information number or password, that would permit access to a financial account

8 Protection of Controlled Unclassified Information Personally Identifiable Information (PII) (cont.)
Protection measures: Maintain a need-to-know principle Utilize Unclassified protection coversheets and notice labels (if available/used) When at rest, hand carrying, sending via interoffice mail, or faxing (external mail, only use coversheets) Use classified copiers or printers without hard drives, if available If unavailable, device hard drives must be destroyed or sanitized when no longer used by {Company} Lock in a cabinet, desk, or office, or properly destroy if no longer required Use proper disposal and destruction methods Destruction Bags (If used, maintain positive control at all times) Classified Shredders Approved unclassified shredder bins Use data encryption for internal and external transmittal Use password protected screensavers (Always lock your system when leaving your work area) When possible, whole disk encryption should be implemented on systems containing this information

9 Protection of Controlled Unclassified Information Export Control
Export-controlled material Must be controlled as sensitive information and marked accordingly to maintain U.S. national security interest Cannot be disclosed to or accessed by foreign nationals or representatives of a foreign entity U.S. persons employed by Foreign entities are treated as Foreign representatives themselves for the purpose of export compliance Approval or a license must be obtained from the Department of State for items controlled by the International Traffic in Arms Regulations (ITAR), or the Department of Commerce for items controlled by the Export Administration Regulations (EAR) If the U.S. State Department has not issued an Export License (based on a Technical Assistance Agreement or Manufacturing License Agreement), a violation of ITAR has occurred Per the International Traffic in Arms Regulations (ITAR), Technical data in any form that pertains to the U.S. Munitions List (a list of defense-related articles or services) is “export controlled” A defense article or service is specifically designed, developed, configured, adapted or modified for a military application and does not have predominant civil applications

10 Protection of Controlled Unclassified Information Export Control (cont
The export of information or material is defined as Shipping or transporting technical data or hardware out of the U.S. Transferring control or disclosing hardware, technical data, technology, software, electronic data to a foreign person (whether in the U.S. or abroad) Providing a Defense Service or Technical Assistance to a Foreign Person Providing site visits/tours to Foreign Persons where export controlled technical data is disclosed A foreign person is Any individual representing or working for a foreign corporation, agency or division of a foreign government and can include U.S. Citizens U.S. Permanent Residents (e.g., Green Card) Foreign Nationals or visitors "Protected Individuals" (e.g., Refugee or Asylee) ITAR violations can result in Hefty fines and/or debarment from international business arrangements and U.S. Government contracts Personal criminal liability Violation of the {Company} Standards of Conduct, which may result in disciplinary action to include suspension, termination and/or criminal prosecution Prior to the export of technical data or hardware, contact your local Export Control Officer

11 Protection of Controlled Unclassified Information Export Control (cont
Trade Show export and security guidance Foreign citizens attend trade shows and export laws still apply If you engage in conversation with someone that you expect is not a U.S. person please use the following guidance: Be alert to overly inquisitive people asking about the type of work you do, business information about your company, or about your personal life Never provide anyone with more information than is absolutely necessary to accomplish your objectives Do not share any contractual, classified, Controlled Unclassified Information (CUI) such as For Official Use Only (FOUO), or company proprietary information with anyone who does not have a legitimate need for the information Information coming to your attention that you believe, suggests the existence of, or potential for espionage, compromise of classified information, or terrorism must be promptly reported to Security Report any suspected attempts to gain information or other suspicious circumstances to your local Security Department

12 Protection of Controlled Unclassified Information Export Control (cont
What marketing activities can {Company} employees engage in without a license? Discuss {Company} products without providing technology or technical data Distribute brochures that have been approved for public release Receive technical data from a foreign customer Discuss business terms and conditions Discuss the statement of work, without technical information (yes we can do that, no we cannot do that) Transfer data that is publicly available (catalog, anything on web site) Discuss basic information on function or purpose Provide general system descriptions Discuss general capabilities Do not bring any ITAR hardware that has not been pre-approved by the customer and TCO Be aware of social engineering and remain vigilant

Download ppt "Section Three: Protection of Controlled Unclassified Information Note: All classified markings contained within this."

Similar presentations

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
Regulatory Environment

Regulatory Environment
Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
Overview of the Privacy Act

Overview of the Privacy Act
EXPORT CONTROLS. Export Controls are established to implement treaties and national security laws, generally protect national security and to combat terrorism.

EXPORT CONTROLS. Export Controls are established to implement treaties and national security laws, generally protect national security and to combat terrorism.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
SAFEGUARDING UNCLASSIFIED INFORMATION PROTECTED FOR RELEASE BY THE ARMS EXPORT CONTROL ACT Arms Export Control Act; Executive Order 12470 and DoD Directive.

SAFEGUARDING UNCLASSIFIED INFORMATION PROTECTED FOR RELEASE BY THE ARMS EXPORT CONTROL ACT Arms Export Control Act; Executive Order and DoD Directive.
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.

Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.
1 Export Control Information University of Southern California Office of Compliance Daniel Shapiro.

1 Export Control Information University of Southern California Office of Compliance Daniel Shapiro.
Data Classification & Privacy Inventory Workshop

Data Classification & Privacy Inventory Workshop
Legal Issues and Export Controls Career-Ending Opportunities and Ways to Get Fitted for an Orange Jumpsuit David Lombard Harrison, Associate Vice President.

Legal Issues and Export Controls Career-Ending Opportunities and Ways to Get Fitted for an Orange Jumpsuit David Lombard Harrison, Associate Vice President.
1-129 Form Deemed Export Attestation UTHSC May 16, 2011.

1-129 Form Deemed Export Attestation UTHSC May 16, 2011.
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
Security Policies Group 1 - Week 8 policy for use of technology.

Security Policies Group 1 - Week 8 policy for use of technology.

Similar presentations

Ads by Google