Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know, and mishandling of the material can incur criminal penalties.
A security clearance is a status granted to individuals allowing them access to classified information or to restricted areas, after completion of a thorough background check. The term "security clearance" is also sometimes used in private organizations that have a formal process to vet employees for access to sensitive information. A clearance by itself is normally not sufficient to gain access; the organization must also determine that the cleared individual needs to know specific information. No individual is supposed to be granted automatic access to classified information solely because of rank, position, or a security clearance.
The Bell–LaPadula Model (BLP) is a state machine model used for enforcing access control in government and military applications. It was developed by David Elliott Bell, and Leonard J. LaPadula, subsequent to strong guidance from Roger R. Schell, to formalize the U.S. Department of Defense (DoD) multilevel security (MLS) policy. The model is a formal state transition model of computer security policy that describes a set of access control rules which use security labels on objects and clearances for subjects. Security labels range from the most sensitive, down to the least sensitive.
Sensitive compartmented information (SCI) is a type of United States classified information concerning or derived from sensitive intelligence sources, methods, or analytical processes. All SCI must be handled within formal access control systems established by the Director of National Intelligence.
A credential is a piece of any document that details a qualification, competence, or authority issued to an individual by a third party with a relevant or de facto authority or assumed competence to do so.
Redaction or sanitization is the process of removing sensitive information from a document so that it may be distributed to a broader audience. It is intended to allow the selective disclosure of information. Typically, the result is a document that is suitable for publication or for dissemination to others rather than the intended audience of the original document.
The United States government classification system is established under Executive Order 13526, the latest in a long series of executive orders on the topic beginning in 1951. Issued by President Barack Obama in 2009, Executive Order 13526 replaced earlier executive orders on the topic and modified the regulations codified to 32 C.F.R. 2001. It lays out the system of classification, declassification, and handling of national security information generated by the U.S. government and its employees and contractors, as well as information received from other governments.
Special access programs (SAPs) in the U.S. Federal Government are security protocols that provide highly classified information with safeguards and access restrictions that exceed those for regular (collateral) classified information. SAPs can range from black projects to routine but especially-sensitive operations, such as COMSEC maintenance or presidential transportation support. In addition to collateral controls, a SAP may impose more stringent investigative or adjudicative requirements, specialized nondisclosure agreements, special terminology or markings, exclusion from standard contract investigations (carve-outs), and centralized billet systems. Within the Department of Defense, SAP is better known as "SAR" by the mandatory Special Access Required (SAR) markings.
Multiple single-level or multi-security level (MSL) is a means to separate different levels of data by using separate computers or virtual machines for each level. It aims to give some of the benefits of multilevel security without needing special changes to the OS or applications, but at the cost of needing extra hardware.
Q clearance or Q access authorization is the U.S. Department of Energy (DOE) security clearance required to access Top Secret Restricted Data, Formerly Restricted Data, and National Security Information, as well as Secret Restricted Data. Restricted Data (RD) is defined in the Atomic Energy Act of 1954 and covers nuclear weapons and related materials. The lower-level L clearance is sufficient for access to Secret Formerly Restricted Data (FRD) and National Security Information, as well as Confidential Restricted Data, Formerly Restricted Data, and National Security Information. Access to Restricted Data is only granted on a need-to-know basis to personnel with appropriate clearances.
Classified information in the United Kingdom is a system used to protect information from intentional or inadvertent release to unauthorised readers. The system is organised by the Cabinet Office and is implemented throughout central and local government and critical national infrastructure. The system is also used by private sector bodies that provide services to the public sector.
Information sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security if disclosed to others.
The Foreign Intelligence Service, or Serviciul de Informații Externe (SIE) in Romanian, is, under Law no. 1/1998, "the state body specialized in foreign intelligence concerning the national security and the safeguarding of Romania and its interests".
The Security of Information Act, formerly known as the Official Secrets Act, is an Act of the Parliament of Canada that addresses national security concerns, including threats of espionage by foreign powers and terrorist groups, and the intimidation or coercion of ethnocultural communities in and against Canada.
Intelligence Analysis Management is the process of managing and organizing the analytical processing of raw intelligence information. The terms "analysis", "production", and "processing" denote the organization and evaluation of raw information used in a phase informally called "connecting the dots", thus creating an "intelligence mosaic". The information may result in multiple analytic products, each with different security classifications, time scales, and levels of detail. Intelligence analysis goes back to the beginning of history. Sherman Kent is often considered the father of modern intelligence analysis. His writings include a 1947 book, Strategic Intelligence for American World Policy.
National intelligence programs, and, by extension, the overall defenses of nations, are vulnerable to attack. It is the role of intelligence cycle security to protect the process embodied in the intelligence cycle, and that which it defends. A number of disciplines go into protecting the intelligence cycle. One of the challenges is there are a wide range of potential threats, so threat assessment, if complete, is a complex task. Governments try to protect three things:
The Government Security Classifications Policy (GSCP) is a system for classifying sensitive government data in the United Kingdom.
In the United Kingdom, government policy requires that staff undergo security vetting in order to gain access to government information.
The National Security and Intelligence Committee of Parliamentarians is a body composed of members of the House of Commons and Senate which reviews the activities of the Government of Canada's national security and intelligence agencies. The committee also performs strategic and systematic reviews of the legislative, regulatory, policy, expenditure and administrative frameworks under which national security activities are conducted.
