home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Freaks Macintosh Archive
/
Freaks Macintosh Archive.bin
/
Freaks Macintosh Archives
/
Textfiles
/
zines
/
Midnight-Raid
/
midnightRAID_iss4.docmaker.sit
/
midnightRAID_iss4.docmaker.rsrc
/
TEXT_143.txt
< prev
next >
Wrap
Text File
|
1999-03-25
|
33KB
|
567 lines
Security Guidelines
This handbook is designed to introduce you to some of the basic
security principles and procedures with which all NSA employees must comply.
It highlights some of your security responsibilities, and provides guidelines
for answering questions you may be asked concerning your association with this
Agency. Although you will be busy during the forthcoming weeks learning your
job, meeting co-workers, and becoming accustomed to a new work environment, you
are urged to become familiar with the security information contained in this
handbook. Please note that a listing of telephone numbers is provided at the
end of this handbook should you have any questions or concerns.
Introduction
In joining NSA you have been given an opportunity to participate in the
activities of one of the most important intelligence organizations of the United
States Government. At the same time, you have also assumed a trust which
carries with it a most important individual responsibility--the safeguarding of
sensitive information vital to the security of our nation.
While it is impossible to estimate in actual dollars and cents the value of the
work being conducted by this Agency, the information to which you will have
access at NSA is without question critically important to the defense of the
United States. Since this information may be useful only if it is kept secret,
it requires a very special measure of protection. The specific nature of this
protection is set forth in various Agency security regulations and directives.
The total NSA Security Program, however, extends beyond these regulations. It
is based upon the concept that security begins as a state of mind. The program
is designed to develop an appreciation of the need to protect information vital
to the national defense, and to foster the development of a level of awareness
which will make security more than routine compliance with regulations.
At times, security practices and procedures cause personal inconvenience. They
take time and effort and on occasion may make it necessary for you to
voluntarily forego some of your usual personal perogatives. But your
compensation for the inconvenience is the knowledge that the work you are
accomplishing at NSA, within a framework of sound security practices,
contributes significantly to the defense and continued security of the United
States of America.
I extend to you my very best wishes as you enter upon your chosen career or
assignment with NSA.
Philip T. Pease
Director of Security
INITIAL SECURITY RESPONSIBILITIES
Anonymity
Perhaps one of the first security practices with which new NSA personnel should
become acquainted is the practice of anonymity. In an open society such as ours,
this practice is necessary because information which is generally available to
the public is available also to hostile intelligence. Therefore, the Agency
mission is best accomplished apart from public attention. Basically, anonymity
means that NSA personnel are encouraged not to draw attention to themselves nor
to their association with this Agency. NSA personnel are also cautioned neither
to confirm nor deny any specific questions about NSA activities directed to them
by individuals not affiliated with the Agency.
The ramifications of the practice of anonymity are rather far reaching, and its
success depends on the cooperation of all Agency personnel. Described below you
will find some examples of situations that you may encounter concerning your
employment and how you should cope with them. Beyond the situations cited, your
judgement and discretion will become the deciding factors in how you respond to
questions about your employment.
Answering Questions About Your Employment
Certainly, you may tell your family and friends that you are employed at or
assigned to the National Security Agency. There is no valid reason to deny them
this information. However, you may not disclose to them any information
concerning specific aspects of the Agency's mission, activities, and
organization. You should also ask them not to publicize your association with
NSA.
Should strangers or casual acquaintances question you about your place of
employment, an appropriate reply would be that you work for the Department of
Defense. If questioned further as to where you are employed within the
Department of Defense, you may reply, "NSA." When you inform someone that you
work for NSA (or the Department of Defense) you may expect that the next
question will be, "What do you do?" It is a good idea to anticipate this
question and to formulate an appropriate answer. Do not act mysteriously about
your employment, as that would only succeed in drawing more attention to
yourself.
If you are employed as a secretary, engineer, computer scientist, or in a
clerical, administrative, technical, or other capacity identifiable by a general
title which in no way indicates how your talents are being applied to the
mission of the Agency, it is suggested that you state this general title. If
you are employed as a linguist, you may say that you are a linguist, if
necessary. However, you should not indicate the specific language(s) with which
you are involved.
The use of service specialty titles which tend to suggest or reveal the nature of
the Agency's mission or specific aspects of their work. These professional
titles, such as cryptanalyst, signals collection officer, and intelligence
research analyst, if given verbatim to an outsider, would likely generate
further questions which may touch upon the classified aspects of your work.
Therefore, in conversation with outsiders, it is suggested that such job titles
be generalized. For example, you might indicate that you are a "research
analyst." You may not, however, discuss the specific nature of your analytic
work.
Answering Questions About Your Agency Training
During your career or assignment at NSA, there is a good chance that you will
receive some type of job-related training. In many instances the nature of the
training is not classified. However, in some situations the specialized
training you receive will relate directly to sensitive Agency functions. In
such cases, the nature of this training may not be discussed with persons
outside of this Agency.
If your training at the Agency includes language training, your explanation for
the source of your linguistic knowledge should be that you obtained it while
working for the Department of Defense.
You Should not draw undue attention to your language abilities, and you may not
discuss how you apply your language skill at the Agency.
If you are considering part-time employment which requires the use of language
or technical skills similar to those required for the performance of your NSA
assigned duties, you must report (in advance) the anticipated part-time work
through your Staff Security Officer (SSO) to the Office of Security's Clearance
Division (M55).
Verifying Your Employment
On occasion, personnel must provide information concerning their employment to
credit institutions in connection with various types of applications for credit.
In such situations you may state, if you are a civilian employee, that you are
employed by NSA and indicate your pay grade or salary. Once again, generalize
your job title. If any further information is desired by persons or firms with
whom you may be dealing, instruct them to request such information by
correspondence addressed to: Director of Civilian Personnel, National Security
Agency, Fort George G. Meade, Maryland 20755-6000. Military personnel should
use their support group designator and address when indicating their current
assignment.
If you contemplate leaving NSA for employment elsewhere, you may be required to
submit a resume/job application, or to participate in extensive employment
interviews. In such circumstances, you should have your resume reviewed by the
Classification Advisory Officer (CAO) assigned to your organization. Your CAO
will ensure that any classified operational details of your duties have been
excluded and will provide you with an unclassified job description. Should you
leave the Agency before preparing such a resume, you may develop one and send it
by registered mail to the NSA/CSS Information Policy Division (Q43) for review.
Remember, your obligation to protect sensitive Agency information extends
beyond your employment at NSA.
The Agency And Public News Media
>From time to time you may find that the agency is the topic of reports or
articles appearing in public news media--newspapers, magazines, books, radio
and TV. The NSA/CSS Information Policy Division (Q43) represents the Agency in
matters involving the press and other media. This office serves at the
Agency's official media center and is the Director's liaison office for public
relations, both in the community and with other government agencies. The
Information Policy Division must approve the release of all information for and
about NSA, its mission, activities, and personnel. In order to protect the
aspects of Agency operations, NSA personnel must refrain from either confirming
or denying any information concerning the Agency or its activities which may
appear in the public media. If you are asked about the activities of NSA, the
best response is "no comment." You should the notify Q43 of the attempted
inquiry. For the most part, public references to NSA are based upon educated
guesses. The Agency does not normally make a practice of issuing public
statements about its activities.
GENERAL RESPONSIBILITIES
Espionage And Terrorism
During your security indoctrination and throughout your NSA career you will
become increasingly aware of the espionage and terrorist threat to the United
States. Your vigilance is the best single defense in protecting NSA
information, operations, facilities and people. Any information that comes to
your attention that suggests to you the existence of, or potential for,
espionage or terrorism against the U.S. or its allies must be promptly reported
by you to the Office of Security.
There should be no doubt in your mind about the reality of the threats. You
are now affiliated with the most sensitive agency in government and are
expected to exercise vigilance and common sense to protect NSA against these
threats.
Classification
Originators of correspondence, communications, equipment, or documents within
the Agency are responsible for ensuring that the proper classification,
downgrading information and, when appropriate, proper caveat notations are
assigned to such material. (This includes any handwritten notes which contain
classified information). The three levels of classification are Confidential,
Secret and Top Secret. The NSA Classification Manual should be used as
guidance in determining proper classification. If after review of this document
you need assistance, contact the Classification Advisory Officer (CAO) assigned
to your organization, or the Information Policy Division (Q43).
Need-To-Know
Classified information is disseminated only on a strict "need-to-know" basis.
The "need-to-know" policy means that classified information will be
disseminated only to those individuals who, in addition to possessing a proper
clearance, have a requirement to know this information in order to perform
their official duties (need-to-know). No person is entitled to classified
information solely by virtue of office, position, rank, or security clearance.
All NSA personnel have the responsibility to assert the "need-to-know" policy
as part of their responsibility to protect sensitive information.
Determination of "need-to-know" is a supervisory responsibility. This means
that if there is any doubt in your mind as to an individual's "need-to-know,"
you should always check with your supervisor before releasing any classified
material under your control.
For Official Use Only
Separate from classified information is information or material marked "FOR
OFFICIAL USE ONLY" (such as this handbook). This designation is used to
identify that official information or material which, although unclassified, is
exempt from the requirement for public disclosure of information concerning
government activities and which, for a significant reason, should not be given
general circulation. Each holder of "FOR OFFICAL USE ONLY" (FOUO) information
or material is authorized to disclose such information or material to persons
in other departments or agencies of the Executive and Judicial branches when it
is determined that the information or material is required to carry our a
government function. The recipient must be advised that the information or
material is not to be disclosed to the general public. Material which bears
the "FOR OFFICIAL USE ONLY" caveat does not come under the regulations
governing the protection of classified information. The unauthorized
disclosure of information marked "FOR OFFICIAL USE ONLY" does not constitute an
unauthorized disclosure of classified defense information. However, Department
of Defense and NSA regulations prohibit the unauthorized disclosure of
information designated "FOR OFFICIAL USE ONLY." Appropriate administrative
action will be taken to determine responsibility and to apply corrective and/or
disciplinary measures in cases of unauthorized disclosure of information which
bears the "FOR OFFICIAL USE ONLY" caveat. Reasonable care must be exercised in
limiting the dissemination of "FOR OFFICIAL USE ONLY" information. While you
may take this handbook home for further study, remember that is does contain
"FOR OFFICIAL USE ONLY" information which should be protected.
Prepublication Review
All NSA personnel (employees, military assignees, and contractors) must submit
for review any planned articles, books, speeches, resumes, or public statements
that may contain classified, classifiable, NSA-derived, or unclassified
protected information, e.g., information relating to the organization, mission,
functions, or activities of NSA. Your obligation to protect this sensitive
information is a lifetime one. Even when you resign, retire, or otherwise end
your affiliation with NSA, you must submit this type of material for
prepublication review. For additional details, contact the Information Policy
Division (Q43) for an explanation of prepublication review procedures.
Personnel Security Responsibilities
Perhaps you an recall your initial impression upon entering an NSA facility.
Like most people, you probably noticed the elaborate physical security
safeguards--fences, concrete barriers, Security Protective Officers,
identification badges, etc. While these measures provide a substantial degree
of protection for the information housed within our buildings, they represent
only a portion of the overall Agency security program. In fact, vast amounts
of information leave our facilities daily in the minds of NSA personnel, and
this is where our greatest vulnerability lies. Experience has indicated that
because of the vital information we work with at NSA, Agency personnel may
become potential targets for hostile intelligence efforts. Special safeguards
are therefore necessary to protect our personnel.
Accordingly, the Agency has an extensive personnel security program which
establishes internal policies and guidelines governing employee conduct and
activities. These policies cover a variety of topics, all of which are
designed to protect both you and the sensitive information you will gain
through your work at NSA.
Association With Foreign Nationals
As a member of the U.S. Intelligence Community and by virtue of your access to
sensitive information, you are a potential target for hostile intelligence
activities carried out by or on behalf of citizens of foreign
countries. A policy concerning association with foreign nationals has been
established by the Agency to minimize the likelihood that its personnel might
become subject to undue influence or duress or targets of hostile activities
through foreign relationships.
As an NSA affiliate, you are prohibited from initiating or maintaining
associations (regardless of the nature and degree) with citizens or officials
of communist-controlled, or other countries which pose a significant threat to
the security of the United States and its interests. A comprehensive list of
these designated countries is available from your Staff Security Officer or the
Security Awareness Division. Any contact with citizens of these countries, no
matter how brief or seemingly innocuous, must be reported as soon as possible
to your Staff Security Officer (SSO). (Individuals designated as Staff
Security Officers are assigned to every organization; a listing of Staff
Security Officers can be found at the back of this handbook).
Additionally, close and continuing associations with any non-U.S. citizens which
are characterized by ties of kinship, obligation, or affection are prohibited.
A waiver to this policy may be granted only under the most exceptional
circumstances when there is a truly compelling need for an individual's
services or skills and the security risk is negligible.
In particular, a waiver must be granted in advance of a marriage to or
cohabitation with a foreign national in order to retain one's access to NSA
information. Accordingly, any intent to cohabitate with or marry a non-U.S.
citizen must be reported immediately to your Staff Security Officer. If a
waiver is granted, future reassignments both at headquarters and overseas may
be affected.
The marriage or intended marriage of an immediate family member (parents,
siblings, children) to a foreign national must also be reported through your
SSO to the Clearance Division (M55).
Casual social associations with foreign nationals (other than those of the
designated countries mentioned above) which arise from normal living and
working arrangements in the community usually do not have to be reported.
During the course of these casual social associations, you are encouraged to
extend the usual social amenities. Do not act mysteriously or draw attention
to yourself (and possibly to NSA) by displaying an unusually wary attitude.
Naturally, your affiliation with the Agency and the nature of your work should
not be discussed. Again, you should be careful not to allow these associations
to become close and continuing to the extent that they are characterized by
ties of kinship, obligation, or affection.
If at any time you feel that a "casual" association is in any way suspicious,
you should report this to your Staff Security Officer immediately. Whenever
any doubt exists as to whether or not a situation should be reported or made a
matter of record, you should decided in favor of reporting it. In this way,
the situation can be evaluated on its own merits, and you can be advised as to
your future course of action.
Correspondence With Foreign Nationals
NSA personnel are discouraged from initiating correspondence with individuals
who are citizens of foreign countries. Correspondence with citizens of
communist-controlled or other designated countries is prohibited. Casual
social correspondence, including the "penpal" variety, with other foreign
acquaintances is acceptable and need not be reported. If, however, this
correspondence should escalate in its frequency or nature, you should report
that through your Staff Security Officer to the Clearance Division (M55).
Embassy Visits
Since a significant percentage of all espionage activity is known to be
conducted through foreign embassies, consulates, etc., Agency policy
discourages visits to embassies, consulates or other official establishments of
a foreign government. Each case, however, must be judged on the circumstances
involved. Therefore, if you plan to visit a foreign embassy for any reason
(even to obtain a visa), you must consult with, and obtain the prior approval
of, your immediate supervisor and the Security Awareness Division (M56).
Amateur Radio Activities
Amateur radio (ham radio) activities are known to be exploited by hostile
intelligence services to identify individuals with access to classified
information; therefore, all licensed operators are expected to be familiar
with NSA/CSS Regulation 100-1, "Operation of Amateur Radio Stations" (23
October 1986). The specific limitations on contacts with operators from
communist and designated countries are of particular importance. If you are
an amateur radio operator you should advise the Security Awareness Division
(M56) of your amateur radio activities so that detailed guidance may be
furnished to you.
Unofficial Foreign Travel
In order to further protect sensitive information from possible compromise
resulting from terrorism, coercion, interrogation or capture of Agency
personnel by hostile nations and/or terrorist groups, the Agency has
established certain policies and procedures concerning unofficial foreign
travel.
All Agency personnel (civilian employees, military assignees, and contractors)
who are planning unofficial foreign travel must have that travel approved by
submitting a proposed itinerary to the Security Awareness Division (M56) at
least 30 working days prior to their planned departure from the United States.
Your itinerary should be submitted on Form K2579 (Unofficial Foreign Travel
Request). This form provides space for noting the countries to be visited,
mode of travel, and dates of departure and return. Your immediate supervisor
must sign this form to indicate whether or not your proposed travel poses a
risk to the sensitive information, activities, or projects of which you may
have knowledge due to your current assignment.
After your supervisor's assessment is made, this form should be forwarded to
the Security Awareness Director (M56). Your itinerary will then be reviewed in
light of the existing situation in the country or countries to be visited, and
a decision for approval or disapproval will be based on this assessment. The
purpose of this policy is to limit the risk of travel to areas of the world
where a threat may exist to you and to your knowledge of classified Agency
activities.
In this context, travel to communist-controlled and other hazardous activity
areas is prohibited. A listing of these hazardous activity areas is
prohibited. A listing of these hazardous activity areas can be found in Annex
A of NSA/CSS Regulation No. 30-31, "Security Requirements for Foreign Travel"
(12 June 1987). From time to time, travel may also be prohibited to certain
areas where the threat from hostile intelligence services, terrorism, criminal
activity or insurgency poses an unacceptable risk to Agency employees and to
the sensitive information they possess. Advance travel deposits made without
prior agency approval of the proposed travel may result in financial losses by
the employee should the travel be disapproved, so it is important to obtain
approval prior to committing yourself financially. Questions regarding which
areas of the world currently pose a threat should be directed to the Security
Awareness Division (M56).
Unofficial foreign travel to Canada, the Bahamas, Bermuda, and Mexico does not
require prior approval, however, this travel must still be reported using Form
K2579. Travel to these areas may be reported after the fact.
While you do not have to report your foreign travel once you have ended your
affiliation with the Agency, you should be aware that the risk incurred in
travelling to certain areas, from a personal safety and/or counterintelligence
standpoint, remains high. The requirement to protect the classified
information to which you have had access is a lifetime obligation.
Membership In Organizations
Within the United States there are numerous organizations with memberships
ranging from a few to tens of thousands. While you may certainly participate
in the activities of any reputable organization, membership in any international
club or professional organization/activity with foreign members should be
reported through your Staff Security Officer to the Clearance Division (M55).
In most cases there are no security concerns or threats to our employees or
affiliates. However, the Office of Security needs the opportunity to research
the organization and to assess any possible risk to you and the information to
which you have access.
In addition to exercising prudence in your choice of organizational
affiliations, you should endeavor to avoid participation in public activities
of a conspicuously controversial nature because such activities could focus
undesirable attention upon you and the Agency. NSA employees may, however,
participate in bona fide public affairs such as local politics, so long as such
activities do not violate the provisions of the statutes and regulations which
govern the political activities of all federal employees. Additional
information may be obtained from your Personnel Representative.
Changes In Marital Status/Cohabitation/Names
All personnel, either employed by or assigned to NSA, must advise the Office of
Security of any changes in their marital status (either marriage or divorce),
cohabitation arrangements, or legal name changes. Such changes should be
reported by completing NSA Form G1982 (Report of Marriage/Marital Status
Change/Name Change), and following the instructions printed on the form.
Use And Abuse Of Drugs
It is the policy of the National Security Agency to prevent and eliminate the
improper use of drugs by Agency employees and other personnel associated with
the Agency. The term "drugs" includes all controlled drugs or substances
identified and listed in the Controlled Substances Act of 1970, as amended,
which includes but is not limited to: narcotics, depressants, stimulants,
cocaine, hallucinogens ad cannabis (marijuana, hashish, and hashish oil).
The use of illegal drugs or the abuse of prescription drugs by persons employed
by, assigned or detailed to the Agency may adversely affect the national
security; may have a serious damaging effect on the safety and the safety of
others; and may lead to criminal prosecution. Such use of drugs either within
or outside Agency controlled facilities is prohibited.
Physical Security Policies
The physical security program at NSA provides protection for classified
material and operations and ensures that only persons authorized access to the
Agency's spaces and classified material are permitted such access. This
program is concerned not only with the Agency's physical plant and facilities,
but also with the internal and external procedures for safeguarding the
Agency's classified material and activities. Therefore, physical security
safeguards include Security Protective Officers, fences, concrete barriers,
access control points, identification badges, safes, and the
compartmentalization of physical spaces. While any one of these safeguards
represents only a delay factor against attempts to gain unauthorized access to
NSA spaces and material, the total combination of all these safeguards
represents a formidable barrier against physical penetration of NSA. Working
together with personnel security policies, they provide "security in depth."
The physical security program depends on interlocking procedures. The
responsibility for carrying out many of these procedures rests with the
individual. This means you, and every person employed by, assign, or detailed
to the Agency, must assume the responsibility for protecting classified
material. Included in your responsibilities are: challenging visitors in
operational areas; determining "need-to-know;" limiting classified
conversations to approved areas; following established locking and checking
procedures; properly using the secure and non-secure telephone systems;
correctly wrapping and packaging classified data for transmittal; and placing
classified waste in burn bags.
The NSA Badge
Even before you enter an NSA facility, you have a constant reminder of
security--the NSA badge. Every person who enters an NSA installation is
required to wear an authorized badge. To enter most NSA facilities your badge
must be inserted into an Access Control Terminal at a building entrance and you
must enter your Personal Identification Number (PIN) on the terminal keyboard.
In the absence of an Access Control Terminal, or when passing an internal
security checkpoint, the badge should be held up for viewing by a Security
Protective Officer. The badge must be displayed at all times while the
individual remains within any NSA installation.
NSA Badges must be clipped to a beaded neck chain. If necessary for the safety
of those working in the area of electrical equipment or machinery, rubber
tubing may be used to insulate the badge chain. For those Agency personnel
working in proximity to other machinery or equipment, the clip may be used to
attach the badge to the wearer's clothing, but it must also remain attached to
the chain.
After you leave an NSA installation, remove your badge from public view, thus
avoiding publicizing your NSA affiliation. Your badge should be kept in a safe
place which is convenient enough to ensure that you will be reminded to bring it
with you to work. A good rule of thumb is to afford your badge the same
protection you give your wallet or your credit cards. DO NOT write your
Personal Identification Number on your badge.
If you plan to be away from the Agency for a period of more than 30 days, your
badge should be left at the main Visitor Control Center which services your
facility.
Should you lose your badge, you must report the facts and circumstances
immediately to the Security Operations Center (SOC) (963-3371s/688-6911b) so
that your badge PIN can be deactivated in the Access Control Terminals. In the
event that you forget your badge when reporting for duty, you may obtain a
"non-retention" Temporary Badge at the main Visitor Control Center which serves
your facility after a co-worker personally identifies your and your clearance
has been verified.
Your badge is to be used as identification only within NSA facilities or other
government installations where the NSA badge is recognized. Your badge should
never be used outside of the NSA or other government facilities for the purpose
of personal identification. You should obtain a Department of Defense
identification card from the Civilian Welfare Fund (CWF) if you need to
identify yourself as a government employee when applying for "government
discounts" offered at various commercial establishments.
Your badge color indicates your particular affiliation with NSA and your level
of clearance. Listed below are explanations of the badge colors you are most
likely to see:
Green (*) Fully cleared NSA employees and certain military
assignees.
Orange (*) (or Gold) Fully cleared representative of other
government agencies.
Black (*) Fully cleared contractors or consultants.
Blue Employees who are cleared to the SECRET level while
awaiting completion of their processing for full
(TS/SI) clearance. These Limited Interim Clearance
(LIC) employees are restricted to certain activities
while inside a secure area.
Red Clearance level is not specified, so assume the holder
is uncleared.
* - Fully cleared status means that the person has been cleared to the Top
Secret (TS) level and indoctrinated for Special Intelligence (SI).
All badges with solid color backgrounds (permanent badges) are kept by
individuals until their NSA employment or assignment ends. Striped badges
("non-retention" badges) are generally issued to visitors and are returned to
the Security Protective Officer upon departure from an NSA facility.
Area Control
Within NSA installations there are generally two types of areas,
Administrative and Secure. An Administrative Area is one in which storage of
classified information is not authorized, and in which discussions of a
classified nature are forbidden. This type of area would include the
corridors, restrooms, cafeterias, visitor control areas, credit union, barber
shop, and drugstore. Since uncleared, non-NSA personnel are often present in
these areas, all Agency personnel must ensure that no classified information is
discussed in an Admini