Compartmentalization, in information security, whether public or private, is the limiting of access to information to persons or other entities on a need-to-know basis to perform certain tasks.
It originated in the handling of classified information in military and intelligence applications. It dates back to antiquity, and was successfully used to keep the secret of Greek fire. [1]
The basis for compartmentalization is the idea that, if fewer people know the details of a mission or task, the risk or likelihood that such information will be compromised or fall into the hands of the opposition is decreased. Hence, varying levels of clearance within organizations exist. Yet, even if someone has the highest clearance, certain "compartmentalized" information, identified by codewords referring to particular types of secret information, may still be restricted to certain operators, even with a lower overall security clearance. Information marked this way is said to be codeword–classified. One famous example of this was the Ultra secret, where documents were marked "Top Secret Ultra": "Top Secret" marked its security level, and the "Ultra" keyword further restricted its readership to only those cleared to read "Ultra" documents. [2]
Compartmentalization is now also used in commercial security engineering as a technique to protect information such as medical records.
 |
An example of compartmentalization was the Manhattan Project. Personnel at Oak Ridge constructed and operated centrifuges to isolate uranium-235 from naturally occurring uranium, but most did not know exactly what they were doing. Those that knew did not know why they were doing it. Parts of the weapon were separately designed by teams who did not know how the parts interacted.[ citation needed ]
Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance with a need to know. Mishandling of the material can incur criminal penalties.
A security clearance is a status granted to individuals allowing them access to classified information or to restricted areas, after completion of a thorough background check. The term "security clearance" is also sometimes used in private organizations that have a formal process to vet employees for access to sensitive information. A clearance by itself is normally not sufficient to gain access; the organization must also determine that the cleared individual needs to know specific information. No individual is supposed to be granted automatic access to classified information solely because of rank, position, or a security clearance.
Sensitive compartmented information (SCI) is a type of United States classified information concerning or derived from sensitive intelligence sources, methods, or analytical processes. All SCI must be handled within formal access control systems established by the Director of National Intelligence.
"Born secret" and "born classified" are both terms which refer to a policy under the system of law in the United States of information being classified from the moment of its inception, usually regardless of where it was created, and usually in reference to specific laws in the United States that are related to information that describes the operation of nuclear weapons. The concept is not limited to nuclear weapons, and other ideas and technologies may be considered as born secret under law. There are no other areas of United States law where it is illegal to discuss publicly-available information. In 2006, the United States Department of Energy themselves noted that the born secret/classified doctrine was controversial.
Redaction or sanitization is the process of removing sensitive information from a document so that it may be distributed to a broader audience. It is intended to allow the selective disclosure of information. Typically, the result is a document that is suitable for publication or for dissemination to others rather than the intended audience of the original document.
The United States government classification system is established under Executive Order 13526, the latest in a long series of executive orders on the topic of classified information beginning in 1951. Issued by President Barack Obama in 2009, Executive Order 13526 replaced earlier executive orders on the topic and modified the regulations codified to 32 C.F.R. 2001. It lays out the system of classification, declassification, and handling of national security information generated by the U.S. government and its employees and contractors, as well as information received from other governments.
Special access programs (SAPs) in the U.S. Federal Government are security protocols that provide highly classified information with safeguards and access restrictions that exceed those for regular (collateral) classified information. SAPs can range from black projects to routine but especially-sensitive operations, such as COMSEC maintenance or presidential transportation support. In addition to collateral controls, a SAP may impose more stringent investigative or adjudicative requirements, specialized nondisclosure agreements, special terminology or markings, exclusion from standard contract investigations (carve-outs), and centralized billet systems. Within the Department of Defense, SAP is better known as "SAR" by the mandatory Special Access Required (SAR) markings.
Q clearance or Q access authorization is the U.S. Department of Energy (DOE) security clearance required to access Top Secret Restricted Data, Formerly Restricted Data, and National Security Information, as well as Secret Restricted Data. Restricted Data (RD) is defined in the Atomic Energy Act of 1954 and covers nuclear weapons and related materials. The lower-level L clearance is sufficient for access to Secret Formerly Restricted Data (FRD) and National Security Information, as well as Confidential Restricted Data and Formerly Restricted Data. Access to Restricted Data is only granted on a need-to-know basis to personnel with appropriate clearances.
Classified information in the United Kingdom is a system used to protect information from intentional or inadvertent release to unauthorised readers. The system is organised by the Cabinet Office and is implemented throughout central and local government and critical national infrastructure. The system is also used by private sector bodies that provide services to the public sector.
Information sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security if disclosed to others. Loss, misuse, modification, or unauthorized access to sensitive information can adversely affect the privacy or welfare of an individual, trade secrets of a business or even the security and international relations of a nation depending on the level of sensitivity and nature of the information.
The Joint Worldwide Intelligence Communication System is the United States Department of Defense's secure intranet system that houses top secret and sensitive compartmented information. JWICS superseded the earlier DSNET2 and DSNET3, the Top Secret and SCI levels of the Defense Data Network based on ARPANET technology.
The United States Intelligence Community A-Space, or Analytic Space, is a project started in 2007 from the Office of the Director of National Intelligence's (ODNI) Office of Analytic Transformation and Technology to develop a common collaborative workspace for all analysts from the USIC. It is accessible from common workstations and provides unprecedented access to interagency databases, a capability to search classified and unclassified sources simultaneously, web-based messaging, and collaboration tools. The Defense Intelligence Agency (DIA) is the executive agent for building the first phase of A-Space. Initial operational capability was scheduled for December 2007. A-Space went live on the government's classified Joint Worldwide Intelligence Communications System 22 September 2008. A-Space is built on Jive Software's Clearspace application.
A BIGOT list is a list of personnel possessing appropriate security clearance and who are cleared to know details of a particular operation, or other sensitive information.
Bullrun is a clandestine, highly classified program to crack encryption of online communications and data, which is run by the United States National Security Agency (NSA). The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the Bullrun classification guide published by The Guardian, the program uses multiple methods including computer network exploitation, interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques.
The Government Security Classifications Policy (GSCP) is a system for classifying sensitive government data in the United Kingdom.
In the United Kingdom, government policy requires that staff undergo security vetting in order to gain access to government information.
Eastman Kodak v Harold Worden is a case of industrial espionage involving the sale of information by Harold Worden, a former Kodak manager, to Kodak's competitors in 1995. Worden was caught selling details on the 401 process, a process designed to increase the speed and quality of film during development, during a sting operation conducted by Kodak after two of their competitors, Konica and Agfa-Gevaert, told Kodak that he had approached them selling trade secrets. After the sting operation, Worden was sentenced to 15 months in prison and a fine of $30,000 for interstate transportation of stolen property.
Donald Trump's handling of United States government records, especially those containing classified information, during his tenure as the 45th U.S. president has come under scrutiny. A number of incidents in which the president disclosed classified information to foreign powers and private individuals have become publicly known, sometimes with distinct national security and diplomatic consequences.
A United States security clearance is an official determination that an individual may access information classified by the United States Government. Security clearances are hierarchical; each level grants the holder access to information in that level and the levels below it.