Related Research Articles
Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance with a need to know. Mishandling of the material can incur criminal penalties.
Data remanence is the residual representation of digital data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written to the media, or through physical properties of the storage media that allow previously written data to be recovered. Data remanence may make inadvertent disclosure of sensitive information possible should the storage media be released into an uncontrolled environment.
The Defense Counterintelligence and Security Agency (DCSA) is a federal security and defense agency of the United States Department of Defense (DoD) that reports to the Under Secretary of Defense for Intelligence. DCSA is the largest counterintelligence and security agency in the federal government and is responsible for providing personnel vetting, critical technology protection, counterintelligence, training, education and certification. DCSA services over 100 federal entities, oversees 10,000 cleared companies, and conducts approximately 2 million background investigations each year.
Redaction or sanitization is the process of removing sensitive information from a document so that it may be distributed to a broader audience. It is intended to allow the selective disclosure of information. Typically, the result is a document that is suitable for publication or for dissemination to others rather than the intended audience of the original document.
Critical Nuclear Weapon Design Information is a U.S. Department of Defense (DoD) category of Top Secret Restricted Data or Secret Restricted Data that reveals the theory of operation or design of the components of a thermonuclear or fission bomb, warhead, demolition munition, or test device. Specifically excluded is information concerning arming, fuzing, and firing systems; limited life components; and total contained quantities of fissionable, fusionable, and high explosive materials by type. Among these excluded items are the components that DoD personnel set, maintain, operate, test or replace. The sensitivity of DoD CNWDI is such that access is granted to the absolute minimum number of employees who require it for the accomplishment of assigned responsibilities on a classified contract. Because of the importance of such information, special requirements have been established for its control.
The Information Security Oversight Office (ISOO) is responsible to the President for policy and oversight of the government-wide security classification system and the National Industrial Security Program in the United States. The ISOO is a component of the National Archives and Records Administration (NARA) and receives policy and program guidance from the National Security Council (NSC).
Information security standards are techniques generally outlined in published materials that attempt to protect a user's or organization's cyber environment. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.
The United States government classification system is established under Executive Order 13526, the latest in a long series of executive orders on the topic of classified information beginning in 1951. Issued by President Barack Obama in 2009, Executive Order 13526 replaced earlier executive orders on the topic and modified the regulations codified to 32 C.F.R. 2001. It lays out the system of classification, declassification, and handling of national security information generated by the U.S. government and its employees and contractors, as well as information received from other governments.
Special access programs (SAPs) in the U.S. Federal Government are security protocols that provide highly classified information with safeguards and access restrictions that exceed those for regular (collateral) classified information. SAPs can range from black projects to routine but especially-sensitive operations, such as COMSEC maintenance or presidential transportation support. In addition to collateral controls, a SAP may impose more stringent investigative or adjudicative requirements, specialized nondisclosure agreements, special terminology or markings, exclusion from standard contract investigations (carve-outs), and centralized billet systems. Within the Department of Defense, SAP is better known as "SAR" by the mandatory Special Access Required (SAR) markings.
Restricted Data (RD) is a category of proscribed information, per National Industrial Security Program Operating Manual (NISPOM). Specifically, it is defined by the Atomic Energy Act of 1954 as:
Security controls or security measures are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.
Data erasure is a software-based method of data sanitization that aims to completely destroy all electronic data residing on a hard disk drive or other digital media by overwriting data onto all sectors of the device in an irreversible process. By overwriting the data on the storage device, the data is rendered irrecoverable.
The Department of the Navy Central Adjudication Facility, a Naval Criminal Investigative Service (NCIS) organization, was responsible for determining who within the Department of the Navy is eligible to hold a security clearance, to have access to Sensitive Compartmented Information (SCI), or to be assigned to sensitive duties. The aggregate body of DoN personnel consists of Active Duty and Reserve components of the United States Navy and Marine Corps, as well as civilians and contractors. In addition, DoN CAF makes SCI eligibility determinations for select contractor personnel. Collateral clearance determinations for contractor personnel are established by DISCO.
Managed Trusted Internet Protocol Service (MTIPS) was developed by the US General Services Administration (GSA) to allow US Federal agencies to physically and logically connect to the public Internet and other external connections in compliance with the Office of Management and Budget's (OMB) Trusted Internet Connection (TIC) Initiative.
ISO/IEC 27040 is part of a growing family of International Standards published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in the area of security techniques; the standard is being developed by Subcommitee 27 (SC27) - IT Security techniques of the first Joint Technical Committee 1 of the ISO/IEC. A major element of SC27's program of work includes International Standards for information security management systems (ISMS), often referred to as the 'ISO/IEC 27000-series'.
The US Department of Commerce Office of Security is a division of the United States Department of Commerce (DOC) that works to provide security services for facilities of the department. Its aim is to provide policies, programs, and oversight as it collaborates with facility managers to mitigate terrorism risks to DOC personnel and facilities, program managers to mitigate espionage risks to DOC personnel, information, and facilities, and Department and Bureau leadership to increase emergency preparedness for DOC operations.
The Cybersecurity Maturity Model Certification (CMMC) is an assessment framework and assessor certification program designed to increase the trust in measures of compliance to a variety of standards published by the National Institute of Standards and Technology.
Data sanitization involves the secure and permanent erasure of sensitive data from datasets and media to guarantee that no residual data can be recovered even through extensive forensic analysis. Data sanitization has a wide range of applications but is mainly used for clearing out end-of-life electronic devices or for the sharing and use of large datasets that contain sensitive information. The main strategies for erasing personal data from devices are physical destruction, cryptographic erasure, and data erasure. While the term data sanitization may lead some to believe that it only includes data on electronic media, it also broadly covers physical media, such as paper copies. These data types are termed soft for electronic files and hard for physical media paper copies. Data sanitization methods are also applied for the cleaning of sensitive data, such as through heuristic-based methods, machine-learning based methods, and k-source anonymity.
A United States security clearance is an official determination that an individual may access information classified by the United States Government. Security clearances are hierarchical; each level grants the holder access to information in that level and the levels below it.
References
- ↑ Manual reissues DoD 5220.22-M, "National Industrial Security Program Operating. 2006. CiteSeerX 10.1.1.180.8813 .
- ↑ "Executive Order 12829". FAS website. Retrieved 2007-04-01.
- ↑ "NISP Brochure" (PDF). DSS. Archived from the original (PDF) on 2006-04-20. Retrieved 2007-04-01. (59 KB)
- ↑ "Download NISPOM". DSS . Retrieved 2010-11-10.
- ↑ DoD (2006-02-28). "National Industrial Security Program Operating Manual (NISPOM)" (PDF). DSS. pp. 8–3–1. Retrieved 2013-03-07. (1.92 MB)
- ↑ "DSS Clearing & Sanitization Matrix" (PDF). DSS. 2007-06-28. Retrieved 2011-04-26. (98 KB)
- ↑ NIST (2014-12-18). Unrelated to NISP or NISPOM, National Institute of Standards and Technology (NIST) Computer Security Division Released Special Publication 800-88 Revision 1, Guidelines for Media Sanitization, 18 December 2014. Retrieved from https://csrc.nist.gov/pubs/sp/800/88/r1/final.
