Unauthorized Disclosures: Prevention And Reporting - Archives
1y ago
13 Views
1 Downloads
1.22 MB
14 Pages
Report/dmca
Download PDF

Transcription

Unauthorized Disclosures: Prevention and Reporting

Outline What is Controlled Unclassified Information?Why protect CUI?Impacts to National SecurityLeaks, Espionage, and SpillsSafeguarding MeasuresThe Insider ThreatReporting2

What is Controlled Unclassified Information or CUI? CUI is information that needs protection. Laws, Regulations, orGovernment wide policies call for this information to be protected.– The CUI Registry provides information on the specific categories and subcategoriesof information that the Executive branch protects. The CUI Registry can be found at:https://www.archives.gov/cui CUI includes, but is not limited to:–––––Privacy (including Health)TaxLaw EnforcementCritical InfrastructureExport geUnclassified NuclearProcurement and Acquisition3

Why Protect CUI? The loss or improper safeguarding of CUI could be expected to have aserious adverse effect on organizational operations, organizational assets,or individuals.― significant degradation in mission capability to an extent and duration that theorganization is able to perform its primary functions, but the effectiveness of thefunctions is significantly reduced;― significant damage to organizational assets;― significant financial loss; or― significant harm to individuals that does not involve loss of life or serious lifethreatening injuries The loss or improper safeguarding of CUI has a direct impact on nationalsecurity4

Impacts to National Security The OPM Data breach is a significant CUI incident- Personnel files of 4.2 million former and current government employees.- Security clearance background investigation information on 21.5 millionindividuals.“The intelligence and counterintelligence value of the stolen backgroundinvestigation information for a foreign nation cannot be overstated, nor will itever be fully known.”– The OPM Data Breach: How the Government Jeopardized Our National Security for More than a GenerationSeptember 7, 2016.Government expense (to notify and protect those impacted) 350 Million5

Leaks, Espionage, and Spills Leaks – When CUI is deliberately disclosed (media). Espionage – Activities designed to obtain or transmit CUI inorder to harm the United States or to provide advantage to aforeign nation or transnational entity. Spill – The willful, negligent, or inadvertent disclosure of CUIacross computer systems (internet and email).6

Safeguarding measures Policy and proceduresTraining and awarenessPhysical and Electronic protectionsOversight MeasuresReporting7

CUI Registry What we protectThe CUI Registry is the repository for allinformation, guidance, policy, andrequirements on handling CUI.The CUI Registry is a catalogue of whatthe Executive branch should beprotecting.The CUI Registry identifies all approvedCUI categories and subcategories,provides general descriptions for each ,identifies the basis for controls,establishes markings, and includesguidance on handling procedures.www.archives.gov/cui Controlled Unclassified Information (CUI)Home OJIEstablished by Executive Order 13556, the Controlled Unclassified Information (CUI) programstandardizes the way the Executive branch handles unclassified information that requiressafeguarding or dissemination controls pursuant to and consistent with law. regulations, andGovernment-wide policies. Learn About CUI Categories and SubcategoriesLimited Dissemination ControlsMarking GuidanceCUI NoticesTraining and awarenessAnnual Reports to the PresidentU lA\\lfllD,,,. """'' "Use the CUI LogoConlact UsNews nd NoticesRegistryThe CUI R 11y is lilt .-t ontw.1 SOl.ltt for gim.ce ltgardng CUI policies and prKlices, S.ptfmber 14, 2016 - 32 CfRPirt 2002 s bffn pulllishod, StpUmbtr 14, 2016 - CUI Nooe 201Hl: lmplfmenu:ionGlldooc s b.n issued.Search Ille Regisuy.Under Deve/opmenr Access Regisuy by Category.Subcotegory M r\Jng H ndboolc 32 CFR Pilf1 2002 Mir' 1ngs CUI NollcesAdditional Information CUI Glossary limited ()jssem nation DtcomolOversightTrainingLearn about tJanig deYeloped by 1heExeaJWe Pqen.RegisuyPolicy end Guidance Executive Order 13556Omplemerlllg RtglJllion) miCO'lriillOlllO' ' ru users, W Trarwig / Learn abcxA W OYelSlghC recp: and tools ru ReportsCONTRO LLEDUNC LASS IFIEDI N FORMATION8

General Safeguarding Policy Agencies must safeguard CUI at all times in a manner that minimizes therisk of unauthorized disclosure while allowing for access by authorizedholders.– For categories designated as CUI Specified, personnel must also follow theprocedures in the underlying law, regulation, or Government-wide policy thatestablished the specific category or subcategory involved. Safeguarding measures that are authorized or accredited for classifiedinformation are sufficient for safeguarding CUI. Follow agency policy and procedure.9

Controlled Environments (physical)Controlled environment is any area or space an authorized holder deems tohave adequate physical or procedural controls (e.g., barriers and managedaccess controls) for protecting CUI from unauthorized access or disclosure. When outside a controlled environment, you mustkeep the CUI under your direct control or protectit with at least one physical barrier. You or thephysical barrier must reasonably protect the CUIfrom unauthorized access or observation.Reception Area usedto control accessto workspace.10

Controlled Environments (Electronic)Limit and control access to CUI within the workforce by establishing electronicbarriers.- Dedicated network drives, SharePoint sites, intranet sites- Assess who has a lawful government purpose for access11

The Insider Threat Any person with authorized access to any government resourceto include personnel, facilities, information, equipment,networks or systems. Indicators:– General disregard for security procedures– Seeking access to information outside the scope of currentresponsibilities– Attempting to enter or access to sensitive areas (where CUI is stored,discussed, or processed)– Inconsistent working hours (staying late or arriving early)– Unusual insistence on working in private– Depressed or disgruntled12

Reporting Employees are required to report:– Any actual or suspected mishandling of CUI– Any suspicious behaviors among the workforce that could potentiallycompromise or lead to the misuse of CUI Report to your security manager or officer. When in doubt, report it!13

Summary Review any applicable agency/organizational policy Familiarize yourself with what to protect and how toprotect it. Be on the lookout for suspicious behavior among theworkforce Know how to report to security14

Impacts to National Security The OPM Data breach is a significant CUI incident - Personnel files of 4.2 million former and current government employees. - Security clearance background investigation information on 21.5 million individuals. "The intelligence and counterintelligence value of the stolen background

Related Books

What is considered an advertisement?: MAP Ad Rule - Olympia Mortgage Broker

What is considered an advertisement?: MAP Ad Rule - Olympia Mortgage Broker

Revenue Recognition: New Disclosures - BKD

Revenue Recognition: New Disclosures - BKD

Financial and Corporate Reporting

Financial and Corporate Reporting

NOTICE OF PRIVACY PRACTICES - First Urology

NOTICE OF PRIVACY PRACTICES - First Urology

Union Savings Bank Online Banking Terms and Conditions & Electronic .

Union Savings Bank Online Banking Terms and Conditions & Electronic .

10.0 Mandatory Disclosures

10.0 Mandatory Disclosures

Report on Promoting Climate-related Disclosures - FSB

Report on Promoting Climate-related Disclosures - FSB

Neurosurgery Program Director Workshop - ACGME

Neurosurgery Program Director Workshop - ACGME

COURT REPORTING PROGRAM Judicial Court Reporter

COURT REPORTING PROGRAM Judicial Court Reporter

CAPITALS - Integrated Reporting

CAPITALS - Integrated Reporting

National Prevention Strategy - HHS.gov

National Prevention Strategy - HHS.gov

PopularTags

Recent Views