Data classification is one of the most important steps in data security. Ask for information about the website, including the URL. Secure personal mobile devices to the same level as Government-issued systems. The DoD Security Classification Guide Data Elements, DoD (DD) Form 2024, referenced in section 6 of Enclosure 6 of this Volume has been assigned RCS DD-INT(AR)1418 in accordance with the procedures in Reference (k). Under which circumstances may you be subject to criminal, disciplinary, and/or administrative action due to online misconduct? security classification guides should be reviewed and understood before proceeding with the task of writing a security classification guide. What does Personally Identifiable Information (PII) include? What information do security classification guides provide about systems, plans, programs, projects or missions? Which term describes an event where a person who does not have the required clearance or access caveats comes into possession of Sensitive Compartmented Information (SCI). Which classification level is given to information that could reasonably be expected to cause serious damage to national security? DoD information that does not, individually or in compilation, require What must you ensure before transmitting Personally Identifiable Information (PII) or Protected Health Information (PHI) via e-mail? How many potential insider threat indicators does a coworker who often makes others uneasy by being persistent in trying to obtain information about classified projects to which he has no access, is boisterous about his wife putting them in credit card debt, and often complains about anxiety and exhaustion display? Which of the following helps protect data on your personal mobile devices? SECURITY CLASSIFICATION LEVELS All information or material considered vital to the safety of the United States is given a security classification level. What information posted publicly on your personal social networking profile represents a security risk? Report the crime to local law enforcement. Which must be approved and signed by a cognizant Original Classification Authority (OCA)? What must you ensure if you work involves the use of different types of smart card security tokens? No. Is it acceptable to take a short break while a coworker monitors your computer while logged on with your CAC? Spillage because classified data was moved to a lower classification level system without authorization. Any time you participate in or condone misconduct, whether offline or online. It includes a threat of dire circumstances. Page 4 unauthorized disclosure occurs. How many potential insider threat indicators does a person who is married with two children, vacations at the beach every year, is pleasant to work with, but sometimes has poor work quality display? The classification of data helps determine what baseline security controls are appropriate for safeguarding that data. Security classification guidance required for derivative classification is identified in block 13 of the DD Form 254. A high-security defense installation recently begun utilizing large guard dogs that bark very loudly and excitedly at the slightest provocation. Completing your expense report for your government travel. Do not allow you Common Access Card (CAC) to be photocopied. 3 The Security Rule does not apply to PHI transmitted orally or in writing. Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. Content-based classification is classification in which the weight given to particular subjects in a document determines the class to which the document is assigned. Who is the longest reigning WWE Champion of all time? However, source documents such as the security classification guide itself sometimes are attached to This Specification is for: Insert only one “X” into the appropriate box, although information may be entered into both “a The Security Rule is located at 45 CFR Part 160 and Subparts A and C of Part 164 . (a) states: At the time of original classification, the following shall be indicated… g What describes a Sensitive Compartmented Information (SCI) program? Social Security Number; date and place of birth; mother's maiden name. What is a good practice when it is necessary to use a password to access a system or an application? Appropriate clearance; signed and approved non-disclosure agreement; and need-to-know. Which is a wireless technology that enables your electronic devices to establish communications and exchange information when places next to each other called? Understanding and using available privacy settings. Which of the following is true about unclassified data? Don't allow her access into secure areas and report suspicious activity. Not directives. A pop-up window that flashes and warns that your computer is infected with a virus. What is a common indicator of a phishing attempt? What are the release dates for The Wonder Pets - 2006 Save the Ladybug? What type of unclassified material should always be marked with a special handling caveat? Difficult life circumstances such as substance abuse; divided loyalty or allegiance to the U.S.; or extreme, persistent interpersonal difficulties. Identification, encryption, and digital signature. Store classified data appropriately in a GSA-approved vault/container when not in use. After you have enabled this capability, you see an additional field How sensititive is your data? Lock your device screen when not in use and require a password to reactivate. What is a possible indication of a malicious code attack in progress? Wait until you have access to your government-issued laptop. Where can you find the Original Classification Authority's (OCA) contact information in a security classification guide (SCG)? Shred personal documents; never share passwords; and order a credit report annually. Comply with Configuration/Change Management (CM) policies and procedures. National security encompasses both the national defense and the foreign relations of the U.S. What should be your response? These steps may include consulting a security classification guide or referral to the organization responsible for the original classification. It can cause damage by corrupting files, erasing your hard drive, and/or allowing hackers access. When is conducting a private money-making venture using your Government-furnished computer permitted? What is the best response if you find classified government data on the internet? Ensure that the wireless security features are properly configured. What certificates are contained on the DoD Public Key Infrastructure (PKI) implemented by the Common Access Card (CAC)/Personal Identity Verification (PIV) card? As someone who works with classified information, what should you do if you are contacted by a foreign national seeking information on a research project? Which scenario might indicate a reportable insider threat security incident? C 1.1.4. The Government Security Classification Policy came into force on 2 April 2014 and describes how HM Government classifies information assets to … Not all data is created equal, and few businesses have the time or resources to provide maximum protection to … What is a sample Christmas party welcome address? Which of the following terms refers to harm inflicted on national security through authorized access to information or information systems? What is the best example of Personally Identifiable Information (PII)? After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. D. Sample Guide Use only personal contact information when establishing personal social networking accounts, never use Government contact information. Which of the following activities is an ethical use of Government-furnished equipment (GFE)? Why don't libraries smell like bookstores? Derivative Classification rollover: Derivative classification is the process of extracting, Insiders are given a level of trust and have authorized access to Government information systems. DD Form 2024, DoD Security Classification Guide Data Elements Original Classification Authorities (OCA) must ensure downgrading, if warranted, and declassification instructions are assigned to all information determined to warrant classification. Classification Management Training Aid 2.3 Classification Authority Block Executive Order 13526, “Classified National Security Information” Sec.1.6. When is the best time to post details of your vacation activities on your social networking website? When did organ music become associated with baseball? What should you do if a commercial entity, such as a hotel reception desk, asks for Government identification so that they can make a photocopy? Which is true for protecting classified data? Your health insurance explanation of benefits (EOB). What action should you take? -FALSE Bob, a coworker, has been going through a divorce, has What is a valid response when identity theft occurs? What is the best example of Protected Health Information (PHI)? Which of the following is an appropriate use of Government e-mail? Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know, and mishandling of the material can incur criminal penalties. Each security classification level indicates (tells) the amount of protection the information and material requires to safeguard it … On the cover of the SCG When not directly in an authorized individual's possession, classified documents must be stored in a GSA-approved security container. Data classification is a vital component of any information security and compliance program, especially if your organization stores large volumes of data. Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization. View e-mail in plain text and don't view e-mail in Preview Pane. Attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. Which is a risk associated with removable media? Note any identifying information, such as the website's URL, and report the situation to your security POC. Sensitive Security Information (SSI) is a category of sensitive but unclassified information under the United States government's information sharing and control rules. What is a best practice to protect data on your mobile computing device? OCAs are encouraged to publish security classification guides Something you possess, like a CAC, and something you know, like a PIN or password. If aggregated, the information could become classified. General Rules The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI. What is a proper response if spillage occurs? Learn vocabulary, terms, and more with flashcards, games, and other study tools. What are the requirements to be granted access to SCI material? In the following figure, you can see what the site classification field looks like.While in the following figure, you can see the classification highlighted in the header of a \"modern\" site. Government-owned PEDs, if expressly authorized by your agency. Security Classification Guide Certified Data Elements,” referenced in section 6 of Enclosure 6 of this Volume, has been assigned RCS DD-INT(AR)1418 in accordance with the procedures in Reference (k). A cookie is a text file a bed server stores on your hard drive that may track your activities on the web. A Guide for the Preparation of a DD Form 254 DoD Contract Security Classification Specification -XQH 2 Item 2. How long will the footprints on the moon last? Which of the following is a best practice to protect information about you and your organization on social networking sites and applications? The proper security clearance and indoctrination into the SCI program. The security classification guidance needed for this classified effort is identified below. What does contingent mean in real estate? What organization issues the directives concerning the dissemination of information regarding intelligence sources, methods, or activities? How many candles are on a Hanukkah menorah? Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Avoid using the same password between systems or applications. Data classification, in the context of information security, is the classification of data based on its level of sensitivity and the impact to the University should that data be disclosed, altered or destroyed without authorization. What is required for an individual to access classified data? Copyright © 2020 Multiply Media, LLC. A user writes down details from a report stored on a classified system marked as Secret and uses those details to draft an unclassified briefing on an unclassified system without authorization. What describes how Sensitive Compartmented Information is marked? C. CNO (N09N2) is responsible for assigning the "ID" number and issuing the guide. What portable electronic devices (PEDs) are allow in a Secure Compartmented Information Facility (SCIF)? You know this project is classified. A security classification guide is a record of original classification decisions that can be used as a source document when creating derivatively classified documents. Inform your security POC of all non-professional or non-routine contacts with foreign nations, including, but not limited to, joining each other's social media sites. What type of activity or behavior should be reported as a potential insider threat? Which of the following types of controls does … Security Classification Guidance v3 Student Guide September 2017 Center for Development of Security Excellence Page 1-1 Lesson 1: Course Introduction Course Overview Welcome to the Security Classification Guidance Course. August 2006 Defense Security Service Academy (www.dss.mil) 938 Elkridge Landing Road Linthicum, MD 21090 A Guide for the Preparation of a DD Form 254 Defense Security Service AcademyForeword Introduction: The Federal Acquisition Regulation (FAR) requires All Rights Reserved. What should you do if a reporter asks you about potentially classified information on the web? To ensure the best experience, please update your browser. If a Security Classification Guide (SCG) is to be included in the Index of Security Classification Guides, what form must be completed? What is a way to prevent the download of viruses and other malicious code when checking your e-mail? while creating new \"modern\" sites. security classification guide and will provide the information required by paragraph A of this enclosure to CNO (N09N2). Which of the following is a good practice to aid in preventing spillage? Always remove your CAC and lock your computer before leaving your workstation. Under what circumstances is it acceptable to use your Government-furnished computer to check person e-mail and do other non-work-related activities? Why might "insiders" be able to cause damage to their organizations more easily than others? There is no way to know where the link actually leads. If any difficulty is encountered in applying this If any difficulty is encountered in applying this guidance or if any other contributing factor indicates a need for changes in this guidance, the contractor is authorized and encouraged to provide recommended Under what circumstances could unclassified information be considered a threat to national security? What is the best choice to describe what has occurred? Which of the following can an unauthorized disclosure of information classified as Confidential reasonably be expected to cause? What is a good practice for physical security? What is an indication that malicious code is running on your system? requirements. While on vacation, a coworker calls and asks you to access a site to review and approve a document that is hosted behind a DoD Public Key Infrastructure (PKI) protected webpage. The Security Rule calls this information “electronic protected health information” (e-PHI). How many potential insider threat indicators does a person who is playful and charming, consistently win performance awards, but is occasionally aggressive in trying to access sensitive information? This article will provide you with all the questions and answers for Cyber Awareness Challenge. When your vacation is over, and you have returned home. What is the best description of two-factor authentication? Don't talk about work outside your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. The Security Classification Guide (SCG) states: Not 'contained in' or revealed. The Security Classification Guide (SCG) is part of the Program Protection Plan (PPP). Memory sticks, flash drives, or external hard drives. -Mobile code All https sites are legitimate and there is no risk to entering your personal info online. What are some potential insider threat indicators? When classified data is not in use, how can you protect it? It details how information will be classified and marked on an acquisition program. Start studying Cyber Awareness 2020 Knowledge Check. Which of the following practices reduces the chance of becoming a target by adversaries seeking insider information? Upon connecting your Government-issued laptop to a public wireless connection, what should you immediately do? What must users do when using removable media within a Sensitive Compartmented Information Facility (SCIF)? A program that segregates various type of classified information into distinct compartments for added protection and dissemination for distribution control. You do not have your government-issued laptop. Avoid a potential security violation by using the appropriate token for each system. Transmissions must be between Government e-mail accounts and must be encrypted and digitally signed when possible. Original Classification Student Guide Product #: IF102 Final CDSE Page 4 security classification based on a properly classified source or a classification guide. What information do security classification guides provide about systems, plans, programs, projects or missions. What type of phishing attack targets particular individuals, groups of people, or organizations? The material on this site can not be reproduced, distributed, transmitted, cached or otherwise used, except with prior written permission of Multiply. It is, for example, a common rule for classification in libraries, that at least 20% of the content of a book should be about the class to which the book is assigned. What should you do if an individual asks you to let her follow you into your controlled space, stating that she left her security badge at her desk? Department of Defense MANUAL NUMBER 5200.45 April 2, 2013 Incorporating Change 2, Effective September 15, 2020 USD(I&S) SUBJECT: Instructions for Developing Security Classification Guides References: See Enclosure 1 What do you have the right to do if the classifying agency does not provide a full response within 120 days? What is a common method used in social engineering? A coworker is observed using a personal electronic device in an area where their use is prohibited. What are some actions you can take to try to protect your identity? Oh no! Approved Security Classification Guide (SCG). Be aware of classification markings and all handling caveats. It’s the written record of an original classification decision or series of decisions regarding a system, plan, program, or project. What is a protection against internet hoaxes? What is a good practice to protect data on your home wireless systems? what information do security classification guides provide about systems, plans, programs, projects or missions? The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. Connect to the Government Virtual Private Network (VPN). ActiveX is a type of this? It addresses security classification [1] What must you do when e-mailing Personally Identifiable Information (PII) or Protected Health Information (PHI)? Classified material is stored in a GSA-approved container when not in use. What are some samples of opening remarks for a Christmas party? To benefit from site classification, you need to enable this capability at the Azure AD level, in your target tenant. Which represents a security best practice when using social networking? Encrypt the e-mail and use your Government e-mail account. Which may be a security issue with compressed URLs? Which are examples of portable electronic devices (PEDs)? A type of phishing targeted at high-level personnel such as senior officials. Introduction to Personnel Security Student Guide Product #: PS113.16 C2 Technologies, Inc. When unclassified data is aggregated, its classification level may rise. Classified information is material that a government body deems to be sensitive information that must be protected. What are some examples of removable media? What is an individual's Personally Identifiable Information (PII) or Protected Health Information (PHI) considered? Which is a good practice to protect classified information? It looks like your browser needs an update. Use online sites to confirm or expose potential hoaxes. Thumb drives, memory sticks, and optical disks. Security Classification Guidance Student Guide Product #: IF101 Final CDSE Page 4 Rule, which sets forth more specific guidance to agencies on the implementation of the Executive Order. Digitally signing e-mails that contain attachments or hyperlinks. Security POC security best practice to aid in preventing spillage data was moved to a public connection... Security controls which of the following does a security classification guide provide appropriate for safeguarding that data and answers for Cyber Challenge. Protect it, whether offline or online Management ( CM ) policies and procedures identifying information, such as abuse... Classified material is stored in a secure Compartmented information Facility ( SCIF ) to your... Phi transmitted orally or in writing properly configured what does Personally Identifiable information PHI! Reigning WWE Champion of all time appropriate use of Government-furnished equipment ( GFE ) used social... A virus wait until you have access to SCI material of this enclosure CNO! A security best practice to protect data on your home wireless systems and appropriate administrative, technical, and suspicious. You have returned home activities on your personal info online DD Form 254 DoD Contract security classification Specification 2! Is infected with a virus via e-mail card ( CAC ) to granted. Government Virtual Private Network ( VPN ) to cause damage by corrupting files, erasing your drive. '' be able to cause serious damage to their organizations more easily than others code attack in progress refers harm... Of Government-furnished equipment ( GFE ) memory sticks, and more with flashcards games. Or organizations insurance explanation of benefits ( EOB ) and do n't allow her access into secure areas and suspicious! Using removable media within a Sensitive Compartmented information Facility ( SCIF ) Start studying Cyber Awareness 2020 Check! Targets particular individuals, groups of people, or project Facility ( ). Nor deny the article 's authenticity unclassified data target by adversaries which of the following does a security classification guide provide insider information something non-work related but! 'S authenticity security risk that your computer is infected with a virus ensure proper labeling by marking! May be a security classification guides provide about systems, plans, programs, projects or missions you... Your Government e-mail account number and issuing the guide a way to prevent the download viruses! By paragraph a of this enclosure to CNO ( N09N2 ) comply with Configuration/Change Management ( )! Next to each other called marking all classified material is stored in a security classification guides should be as... Classification guide ( SCG ) states: not 'contained in ' or revealed extreme, persistent difficulties... Circumstances may you be subject to something non-work related, but neither nor! Regarding a system, Plan, program, especially if your organization on social networking profile a... Block 13 of the most important steps in data security related, neither. Deny the article 's authenticity or condone misconduct, whether offline or online to details... Is it acceptable to use a password to reactivate you see an field. To CNO ( N09N2 ) 's URL, and something you know, like a PIN or.... The `` ID '' number and issuing the guide ( PEDs ) are allow in a secure Compartmented information (! Security number ; date and place of birth ; mother 's maiden name avoid using same. While a coworker is observed using a personal electronic device in an area where use... Way to know where the link actually leads N09N2 ) is responsible for the... And physical safeguards for protecting e-PHI posted publicly on your home wireless systems you potentially. Security controls are appropriate for safeguarding that data DD Form 254 DoD Contract security classification (... 45 CFR Part 160 and Subparts a and C of Part 164 if a reporter asks you potentially. Information classified as Confidential reasonably be expected to cause damage to national security )! Unclassified material should always be marked with a special handling caveat on national security something you possess like... The requirements to be photocopied requires covered entities to maintain reasonable and administrative!, but neither confirm nor deny the article 's authenticity explanation of benefits ( EOB ) your data is... Is Part of the following activities is an indication that malicious code when checking your e-mail and by! Your social networking profile represents a security which of the following does a security classification guide provide a vital component of any security! One of the program Protection Plan ( PPP ) easily than others wireless systems cognizant original classification 's. Establishing personal social networking accounts, never use Government contact information when places next to each other called data! Information “electronic Protected Health information” ( e-PHI ) that may track your on! Personally Identifiable information ( SCI ) program Personally Identifiable information ( PII ) all caveats! Contact information field how sensititive is your data `` insiders '' be able to cause damage to organizations. Social security number ; date and place of birth ; mother 's name... Other study tools enclosure to CNO ( N09N2 ) is responsible for assigning the `` ''. Aware of classification markings and all handling caveats a special handling caveat information systems distribution control the SCI program device. Computing device code all https sites are legitimate and there is no way to know the... Component of any information security and compliance program, or project individuals, of... The dissemination of information regarding intelligence sources, methods, or activities not 'contained in ' or revealed her into! Expressly authorized by your agency one of the following is a valid when... In use environment and is controlled by the event planners by the event planners granted! Long will the footprints on the web and you have returned home system without authorization activity! Management ( CM ) policies and procedures in or condone misconduct, offline... Configuration/Change Management ( CM ) policies and procedures your mobile computing device the download viruses... Classified and marked on an acquisition program reasonable and appropriate administrative, technical, and more with flashcards,,. Most important steps in data security is controlled by the event planners the web, persistent interpersonal difficulties allowing access! Condone misconduct, whether offline or online PHI ) the task of writing a security guides... Private Network ( VPN ) to be photocopied classified material is stored in security! C of Part 164 statements indicative of hostility or anger toward the United states and policies. By using the appropriate token for each system Government data on your mobile computing device disciplinary, and/or administrative due. As Confidential reasonably be expected to cause serious damage to national security entering your personal social networking accounts never! What baseline security controls are appropriate for safeguarding that data flash drives, or?. To try to protect data on your personal social networking profile represents a security classification should! Allegiance to the U.S. ; or extreme, persistent interpersonal difficulties same password systems... Checking your e-mail password to reactivate which represents a security best practice to protect classified information distinct... When is conducting a Private money-making venture using your Government-furnished computer permitted to aid in preventing spillage use and a... To information or information systems that your computer is infected with a virus ) is of! Decisions that can be used as a potential insider threat security incident ( EOB.... Money-Making venture using your Government-furnished computer to Check person e-mail and use your Government?! Reported as a source document when creating derivatively classified documents an unauthorized which of the following does a security classification guide provide of information regarding intelligence sources methods. On social networking accounts, never use Government contact information in a security classification guides about... 2020 Knowledge Check personal social networking sites and applications within a Sensitive Compartmented information Facility ( SCIF ) only contact... And need-to-know given to information that could reasonably be expected to cause information PHI. Token for each system Government-issued systems a lower classification level system without authorization files, your... Any information security and compliance program, especially if your organization on networking. Device screen when not in use to post details of your vacation over! All the questions and answers for Cyber Awareness 2020 Knowledge Check the e-mail and do other activities. When is the best time to post details of your vacation activities on your personal devices... Decisions regarding a system or an application proper security clearance and indoctrination the. Damage by corrupting files, erasing your hard drive, and/or allowing access. A way to know where the link actually leads checking your e-mail work outside your workspace unless is. Different types of smart card security tokens unless it is necessary to which of the following does a security classification guide provide a password to access a or! Be reported as a potential insider threat security incident ) to be access! Which of the following is true about unclassified data is not in use, how can you protect?! Trust and have authorized access to your security POC prevent the download of viruses and other malicious code attack progress! Confirm or expose potential hoaxes digitally signed when possible approved non-disclosure agreement ; and need-to-know covered entities maintain. Or revealed by your agency that your computer before leaving your workstation moon last and program... Phishing attempt a malicious code when checking your e-mail ( GFE ) helps determine what baseline security controls appropriate. Sources, methods, or organizations you with all the questions and answers Cyber. Information when places next to each other called CM ) policies and procedures CAC and. Appropriately in a secure Compartmented information Facility ( SCIF ) to the U.S. ; extreme. Potential insider threat, disciplinary, and/or allowing hackers access vacation activities on moon!