Doc:DoD 5220.22-M Appendix C

From FISMApedia
Jump to: navigation, search

APPENDIX C



Definitions

Access

The ability and opportunity to gain knowledge of classified information.

Adverse Information

Any information that adversely reflects on the integrity or character of a cleared employee, that suggests that his or her ability to safeguard classified information may be impaired, or that his or her access to classified information clearly may not be in the interest of national security.

Affiliate

Any entity effectively owned or controlled by another entity.

Approved Access Control Device

An access control device that meets the requirements of this manual as approved by the FSO.

Approved Built-in Combination Lock

A combination lock, equipped with a top-reading dial that conforms to UL Standard Number UL 768 Group 1R.

Approved Combination Padlock

A three-position dial-type changeable combination padlock listed on the GSA Qualified Products List as meeting the requirements of Federal Specification FF-P-110.

Approved Electronic, Mechanical, or Electro-Mechanical Device

An electronic, mechanical, or electro-mechanical device that meets the requirements of this manual as approved by the FSO.

Approved Key-Operated Padlock

A padlock, which meets the requirements of MIL-SPEC-P-43607 (shrouded shackle), National Stock Number 5340-00-799-8248, or MIL-SPEC-P-43951 (regular shackle), National Stock Number 5340-00-799-8016.

Approved Security Container

A security file con-tainer, originally procured from a Federal Supply Schedule supplier that conforms to federal specifica¬tions and bears a "Test Certification Label" on the locking drawer attesting to the security capabilities of the container and lock. Such containers will be labeled "General Services Administration Approved Security Container" on the face of the top drawer. Acceptable tests of these containers can be performed only by a test¬ing facility specifically approved by GSA.

Approved Vault

A vault constructed in accordance with this Manual and approved by the CSA.

Approved Vault Door

A vault door and frame unit originally procured from the Federal Supply Schedule (FSC Group 71, Part III, Section E, FSC Class 7110), that meets Federal Specification AA-D-600.

Authorized Person

A person who has a need-to-know for classified information in the performance of official duties and who has been granted a PCL at the required level.

Classified Contract

Any contract requiring access to classified information by a contractor or his or her employees in the performance of the contract. (A contract may be a classified contract even though the contract document is not classified.) The requirements prescribed for a "classified contract" also are applicable to all phases of precontract activity, including solicitations (bids, quotations, and proposals), precontract negotiations, post-contract activity, or other GCA program or project which requires access to classified information by a contractor.

Classification Guide

A document issued by an authorized original classifier that identifies the elements of information regarding a specific subject that must be classified and prescribes the level and duration of classification and appropriate declassification instructions. (Classification guides are provided to contractors by the Contract Security Classification Specification.)

Classified Information

Official information that has been determined, pursuant to reference (b) or any predecessor order, to require protection against unauthorized disclosure in the interest of national security and which has been so designated. The term includes NSI, RD, and FRD.

Classified Information Procedures Act

A law that provides a mechanism for the courts to determine what classified information defense counsel may access.

Classified Visit

A visit during which a visitor will require, or is expected to require, access to classified information.

Classifier

Any person who makes a classification determination and applies a classification category to information or material. The determination may be an original classification action or it may be a derivative classification action. Contractors make derivative classification determinations based on classified source material, a security classification guide, or a Contract Security Classification Specification.

Cleared Commercial Carrier

A carrier authorized by law, regulatory body, or regulation to transport SECRET material and has been granted a SECRET facility clearance.

Cleared Employees

All contractor employees granted PCLs and all employees being processed for PCLs.

Closed Area

An area that meets the requirements of this manual for safeguarding classified material that, because of its size, nature, or operational necessity, cannot be adequately protected by the normal safeguards or stored during nonworking hours in approved containers.

Cognizant Security Agency (CSA)

Agencies of the Executive Branch that have been authorized by reference (a) to establish an industrial security program to safeguard classified information under the jurisdiction of those agencies when disclosed or released to U.S. Industry. These agencies are: The Department of Defense, DOE, CIA, and NRC.

Cognizant Security Office (CSO)

The organizational entity delegated by the Head of a CSA to administer industrial security on behalf of the CSA.

Colleges and Universities

Educational institutions that award academic degrees, and related research activ¬ities directly associated with a college or university through organization or by articles of incorporation. .

Communications Security (COMSEC)

Protective measures taken to deny unauthorized persons information derived from telecommunications of the U.S. Government relating to national security and to ensure the authenticity of such communications.

Company

A generic and comprehensive term which may include sole proprietorships, individuals, partner¬ships, corporations, societies, associations, and organi¬zations usually established and operating to carry out a commercial, industrial or other legitimate business, enterprise, or undertaking.

Compromise

An unauthorized disclosure of classified information.

CONFIDENTIAL

The classification level applied to information, the unauthorized disclosure of which reasonable could be expected to cause damage to the national security that the original classification authority is able to identify or describe.

Consignee

A person, firm, or government activity named as the receiver of a shipment; one to whom a shipment is consigned.

Consignor

A person, firm, or government activity by which articles are shipped. The consignor is usually the shipper.

Constant Surveillance Service

A transportation protective service provided by a commercial carrier qualified by SDDC to transport CONFIDENTIAL shipments. The service requires constant surveillance of the shipment at all times by a qualified carrier representative; however, an FCL is not required for the carrier. The carrier providing the service must maintain a signature and tally record for the shipment.

Contracting Officer

A government official who, in accordance with departmental or agency procedures, has the authority to enter into and administer contracts and make determinations and findings with respect thereto, or any part of such authority. The term also includes the designated representative of the contracting officer act¬ing within the limits of his or her authority.

Contractor

Any industrial, educational, commercial, or other entity that has been granted an FCL by a CSA.

Courier

A cleared employee, designated by the con¬tractor, whose principal duty is to transmit classified material to its destination. The classified material remains in the personal possession of the courier except for authorized overnight storage.

Corporate Family

The corporation, its subsidiaries, divisions and branch offices.

Custodian

An individual who has possession of, or is otherwise charged with, the responsibility for safeguard¬ing classified information.

Declassification

The determination that classified information no longer requires, in the interest of national security, any degree of protection against unau-thorized disclosure, together with removal or cancella¬tion of the classification designation.

Derivative Classification

The incorporating, paraphrasing, restating, or generating in new form information that is already classified, and marking the newly developed material consistent with the classification markings that apply to the source information. Derivative classification includes the classification of information based on classification guidance. The duplication or reproduction of existing classified information is not derivative classification. Persons who apply deriva¬tive classification markings shall observe and respect original classification decisions and carry forward to any newly created documents any assigned authorized markings.

Document

Any recorded information, regardless of the nature of the medium or the method or circumstances of recording.

Downgrade

A determination that classified informa¬tion requires, in the interest of national security, a lower degree of protection against unauthorized disclosure than currently provided, together with a changing of the classification designation to reflect a lower degree of protection.

Embedded System

An IS that performs or controls a function, either in whole or in part, as an integral ele-ment of a larger system or subsystem such as, ground support equipment, flight simulators, engine test stands, or fire control systems.

Escort

A cleared person, designated by the contractor, who accompanies a shipment of classified material to its destination. The classified material does not remain in the personal possession of the escort but the conveyance in which the material is transported remains under the constant observation and control of the escort.

Facility

A plant, laboratory, office, college, university, or commercial structure with associated warehouses, storage areas, utilities, and components, that, when related by function and location, form an operating entity. (A business or educational organization may con¬sist of one or more facilities as defined herein.) For purposes of industrial security, the term does not include Government installations.

Facility (Security) Clearance (FCL)

An administrative determination that, from a security viewpoint, a company is eligible for access to classified information of a certain category (and all lower categories).

Foreign Government Information (FGI)

Information that is:
a. Provided to the U.S. by a foreign government or governments, an international organization of governments, or any element thereof with the expectation, expressed or implied, that the information, the source of the information, or both, are to be held in confidence; or
b. Produced by the U.S. pursuant to, or as a result of, a joint arrangement with a foreign government or governments, an international organization of governments, or any element thereof, requiring that the information, the arrangement, or both are to be held in confidence.

Foreign Interest

Any foreign government, agency of a foreign government, or representative of a foreign government; any form of business enterprise or legal entity organized, chartered or incorporated under the laws of any country other than the United States or its territories, and any person who is not a citizen or national of the United States.

Foreign National

Any person who is not a citizen or national of the United States.

Formerly Restricted Data (FRD)

Information that has been removed from the RD category after DOE and the Department of Defense have jointly determined that the information: (1) relates primarily to the military utilization of nuclear weapons and (2) can be adequately safeguarded as NSI in the United States.

Freight Forwarder (Transportation Agent)

Any agent or facility designated to receive, process, and transship U.S. material to foreign recipients. In the con¬text of this manual, an agent or facility cleared specifically to perform these functions for the transfer of U.S. classified material to foreign recipients.

Government Contracting Activity (GCA)

An element of an agency designated by the agency head and delegated broad authority regarding acquisition functions.

Handcarrier

A cleared employee, designated by the contractor, who occasionally handcarries classified material to its destination in connection with a classified visit or meeting. The classified material remains in the personal possession of the handcarrier except for authorized overnight storage.

Home Office Facility (HOF)

The headquarters company of a multiple facility organization.

Industrial Security

That portion of information security concerned with the protection of classified information in the custody of U.S. industry.

Information

Any knowledge that can be communicated or documentary material, regardless of its physical form or characteristics.

Information Security

The result of any system of administrative policies and procedures for identifying, controlling, and protecting from unauthorized disclosure, information the protection of which is authorized by executive order.

Information System (IS)

An assembly of computer hardware, software, and firmware configured for the purpose of automating the functions of calculating, computing, sequencing, storing, retrieving, displaying, communicating, or otherwise manipulating data, information and textual material.

Intelligence

The product resulting from the collection, evaluation, analysis, integration, and interpretation of all available information, that concerns one or more aspects of foreign nations or of areas of foreign operations, and that is immediately or potentially significant to military planning and operations.

Limited Access Authorization (LAA)

Security access authorization to CONFIDENTIAL or SECRET infor¬mation granted to non-U.S. citizens requiring such lim¬ited access in the course of their regular duties.

Material

Any product or substance on or in which information is embodied.

Multiple Facility Organization (MFO)

A legal entity (single proprietorship, partnership, association, trust, or corpo¬ration) composed of two or more contractors.

National of the United States

A citizen of the United States or a person who, though not a citizen of the United States, owes permanent allegiance to the United States.
NOTE: 8 USC 1101(a)(22), 8 USC 1401, subsection (a) (reference (y)) lists in paragraphs (1) through (7) categories of persons born in and outside the United States or its possessions who may qualify as nationals of the United States. This subsection should be consulted when doubt exists as to whether or not a person can qualify as a national of the United States.

NATO Information

Information bearing NATO markings, indicating the information is the property of NATO, access to which is limited to representatives of NATO and its member nations unless NATO authority has been obtained to release outside of NATO.

Need-to-Know

A determination made by an authorized holder of classified information that a prospective recipi¬ent has a requirement for access to, knowledge, or possession of the classified information to perform tasks or services essential to the fulfillment of a classified contract or program.

Network

A system of two or more IS that can exchange data or information.

Original Classification

An initial determination that information requires, in the interest of national security, protection against unauthorized disclosure, together with a classification designation signifying the level of protection required. (Only government officials who have been designated in writing may apply an original classification to information.)

Parent Corporation

A corporation that owns at least a majority of another corporation's voting securities.

Personnel (Security) Clearance (PCL)

An administrative determination that an individual is eligible, from a secu¬rity point of view, for access to classified information of the same or lower category as the level of the personnel clearance being granted.

Prime Contract

A contract let by a GCA to a contractor for a legitimate government purpose.

Prime Contractor

The contractor who receives a prime contract from a GCA.

Proscribed Information

a. Top Secret information;
b. COMSEC information, except classified keys used for data transfer;
c. RD as defined in reference (c);
d. SAP information; or
e. SCI.

Protective Security Service

A transportation protective service provided by a cleared commercial carrier qualified by the SDDC to transport SECRET shipments.

Reference Material

Documentary material over which the GCA, who lets the classified contract, does not have classification jurisdiction, and did not have classification jurisdiction at the time the material was originated. Most material made available to contractors by the DTIC and other secondary distribution agencies is reference material as thus defined.

Remote Terminal

A device for communication with an automated information system from a location that is not within the central computer facility.

Restricted Area

A controlled access area established to safeguard classified material, that because of its size or nature, cannot be adequately protected during working hours by the usual safeguards, but that is capable of being stored during non-working hours in an approved repository or secured by other methods approved by the CSA.

Restricted Data (RD)

All data concerning the design, man-ufacture, or use of atomic weapons; the production of special nuclear material; or the use of special nuclear material in the production of energy, but shall not include data declassified or removed from the RD category pursuant to section 142 of reference (c).

SECRET

The classification level applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe.

Security in Depth

A determination made by the CSA that a contractor's security program consists of layered and complementary security controls sufficient to deter and detect unauthorized entry and movement within the facility.

Security Violation

Failure to comply with the policy and procedures established by this Manual that reasonably could result in the loss or compromise of classified information.

Shipper

One who releases custody of material to a carrier for transportation to a consignee. (See "Consignor.")

Source Document

A classified document, other than a classification guide, from which information is extracted for inclusion in another document.

Special Access Program (SAP)

Any program that is established to control access, distribution, and to provide protection for particularly sensitive classified information beyond that normally required for TOP SECRET, SECRET, or CONFIDENTIAL information. A Special Access Program can be created or continued only as authorized by a senior agency official delegated such authority pursuant to reference (b).

Standard Practice Procedures (SPP)

A document(s) prepared by a contractor that implements the applicable requirements of this manual for the contractor's operations and involvement with classified information at the contractor's facility.

Subcontract

Any contract entered into by a contractor to furnish supplies or services for performance of a prime contract or a subcontract. For purposes of this Manual a subcontract is any contract, subcontract, purchase order, lease agreement, service agreement, request for quotation (RFQ), request for proposal (RFP), invitation for bid (IFB), or other agreement or procurement action between contractors that requires or will require access to classified information to fulfill the performance requirements of a prime contract.

Subcontractor

A supplier, distributor, vendor, or firm that furnishes supplies or services to or for a prime contractor or another subcontractor, who enters into a contract with a prime contractor. For purposes of this Manual, each subcontractor shall be considered as a prime contractor in relation to its subcontractors.

Subsidiary Corporation

A corporation in which another corporation owns at least a majority of its voting securities.

System Software

Computer programs that control, monitor, or facilitate use of the IS; for example, operating systems, programming languages, communication, input-output control, sorts, security packages and other utility-type programs. Considered to also include off-the-shelf application packages obtained from manufacturers and commercial vendors, such as for word processing, spreadsheets, data base management, graphics, and computer-aided design.

Technical Data

Information governed by reference (w) and the Export Administration Regulation (EAR) (reference (z)) The export of technical data that is inherently military in character is con¬trolled by reference (w). The export of technical data that has both military and civil¬ian uses is controlled by reference (z).

TOP SECRET

The classification level applied to information, the unauthorized disclosure of which reasonable could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe.

Transmission

The sending of information from one place to another by radio, microwave, laser, or other nonconnective methods, as well as by cable, wire, or other connective medium. Transmission also includes movement involving the actual transfer of custody and responsibility for a document or other classified material from one authorized addressee to another.

Transshipping Activity

A government activity to which a carrier transfers custody of freight for reshipment by another carrier to the consignee.

Unauthorized Person

A person not authorized to have access to specific classified information in accordance with the requirements of this Manual.

United States

The 50 states and the District of Columbia.

United States and its Territorial Areas

The 50 states, the District of Columbia, Puerto Rico, Guam, American Samoa, the Virgin Islands, Wake Island, Johnston Atoll, Kingman Reef, Palmyra Atoll, Baker Island, Howland Island, Jarvis Island, Midway Islands, Navassa Island, and Northern Mariana Islands.
NOTE: From 18 July 1947 until 1 October 1994, the United States administered the Trust Territory of the Pacific Islands; it entered into a political relationship with all four political units: the Northern Mariana Islands is a commonwealth in political union with the United States (effective 3 November 1986); the Republic of the Marshall Islands signed a Compact of Free Association with United States (effective 21 October 1986); the Federated States of Micronesia signed a Compact of Free Association with the United States (effective 3 November 1986); Palau concluded a Compact of Free Association with the United States (effective 1 October 1994).

U.S. Person

Any form of business enterprise or entity organized, chartered or incorporated under the laws of the United States or its territories and any person who is a citizen or national of the United States. .

Upgrade

A determination that certain classified information, in the interest of national security, requires a higher degree of protection against unauthorized disclosure than currently provided, coupled with a changing of the classification designation to reflect such a higher degree.

Voting Securities

Any securities that presently entitle the owner or holder thereof to vote for the election of directors of the issuer or, with respect to unincorporated entities, individuals exercising similar functions.

Working Hours

The period of time when:
a. There is present in the specific area where classified material is located, a work force on a regularly scheduled shift, as contrasted with employees working within an area on an overtime basis outside of the scheduled work shift; and
b. The number of employees in the scheduled work force is sufficient in number and so positioned to be able to detect and challenge the presence of unauthorized personnel. This would, therefore, exclude janitors, maintenance personnel, and other individuals whose duties require movement throughout the facility.


Source