Doc:DoD 5220.22-M Chapter 11

From FISMApedia
Jump to: navigation, search

CHAPTER 11

Miscellaneous Information



Section 1. TEMPEST

11-100 General
  TEMPEST is an unclassified short name referring to investigations and studies of compromising emanations. Compromising emanations are unintentional intelligence-bearing signals that, if intercepted and analyzed, will disclose classified information when it is transmitted, received, handled, or otherwise processed by any information processing equipment.
11-101 TEMPEST Requirements
 

a. TEMPEST countermeasures will be applied only in proportion to the threat of exploitation and the resulting damage to the national security should the information be intercepted and analyzed by a foreign intelligence organization. It is the responsibility of the GCA to identify in writing what TEMPEST countermeasures may be required. The GCA will identify any TEMPEST requirements within the United States to the CSA for approval prior to imposing requirements for TEMPEST countermeasures on contractors. Contractors may not impose TEMPEST countermeasures upon their subcontractors without GCA and CSA approval.
b. The government is responsible for performing threat assessment and vulnerability studies when it is determined that classified information may be exposed to TEMPEST collection.
c. Contractors will assist the GCA in conducting threat and vulnerability surveys by providing the following information upon request:
(1) The specific classification and special categories of material to be processed/handled by electronic means.
(2) The specific location where classified processing will be performed.
(3) The name, address, title, and contact information for a point-of-contact at the facility where processing will occur.
11-102 Cost
  All costs associated with applying TEMPEST countermeasures, when such countermeasures are imposed upon the contractor by a GCA, shall be recoverable by direct charge to the applicable contract. The GCA should provide TEMPEST shielding and shielded equipments as government-furnished equipment (GFE) when such extreme countermeasures are deemed essential to the protection of the information being processed.


Section 2. Defense Technical Information Center (DTIC)

11-200 General
  The Department of Defense operates certain activities to assist individuals and organizations in gaining access to scientific and technical information describing planned or on-going research, development, technical and engineering (RDT&E) efforts of the Department of Defense. DTIC is the central point within the Department of Defense for acquiring, storing, retrieving, and disseminating scientific and technical information to support the management and conduct of DoD RDT&E and study programs.
11-201 User Community
  DTIC services are available to the Department of Defense and its contractors, as well as to other U.S. Government organizations and their contractors. Contractors may also become eligible for services under the Defense Potential Contractors Program.
11-202 Registration Process
  All users are required to register for service. Registration, which is free, generally involves completing two forms which are available from DTIC as part of a registration kit.
a. DD Form 1540, Registration for Scientific and Technical Information Services. This form shall be completed for each contract that authorizes use of DTIC services. This authorization is included in the Contract Security Classification Specification. The DD Form 1540 is submitted to DTIC through the sponsoring GCA for certification and approval. If a subcontract is involved, the DD Form 1540 is submitted through the prime contractor. The DD Form 1540 remains in force until completion of the classified contract or subcontract.
b. DD Form 2345, Militarily Critical Technical Data Agreement. Qualified contractors are eligible for access to militarily critical technical data after certification with Defense Logistics Services Center (DLSC) by completing the DD Form 2345. This DLSC certification is supplementary to registration with the DTIC. Upon certification with DLSC, the user also may be eligible for access to unclassified, militarily critical technical data from other DoD sources.
11-203 Safeguarding Requirements
  Classified information acquired from DTIC shall be safeguarded according to the requirements of this Manual and with any restrictions that are marked on the material itself. The specific contract number that authorized contractor access to the information shall be placed on each classified document. When the contract to which the DD Form 1540 applies is completed or terminated, the contractor shall either destroy or request retention for the material.
11-204 DTIC Downgrading or Declassification Notices
  DTIC re-marks downgraded or declassified paper documents only on the front and back covers and the title, first, and back pages. It is the responsibility of the recipient to complete any remarking required. Documents originally marked under the provisions of previous E.O.s may contain pages that do not bear any classification markings. Before extracting or reproducing the information from these pages, contractors should direct any questions they may have to the originator of the document.
11-205 Questions Concerning Reference Material
  Most material made available to contractors by DTIC and other distribution agencies is reference material. Therefore, the GCA that authorized the services of DTIC under a specific contract may not be in a position to provide the contractor with classification guidance for the reference material. Classification jurisdiction always is the responsibility of the originating agency, or its successor. Classification jurisdiction is not necessarily the responsibility of the authorizing GCA. When a contractor needs assistance in identifying the responsible department or agency for classification guidance for reference material the CSA should be consulted.
11-206 Subcontracts
  If a contractor awards a subcontract that authorizes the subcontractor to use the services of DTIC and is expected to require access only to classified reference material, the Contract Security Classification Specification issued to the subcontractor shall show the highest category of classification required. The Contract Security Classification Specification will have a statement similar to the following: "Information extracted from classified reference material shall be classified according to the markings on such material. The DD Form 1540 prepared under this subcontract shall be forwarded through (name of prime contractor)."


Section 3. Independent Research and Development (IR&D) Efforts

11-300 General
  This section provides special procedures and requirements necessary for safeguarding classified information when it is incorporated in contractors’ IR&D efforts.
11-301 Information Generated Under an IR&D Effort that Incorporates Classified Information
  Under reference (b) information that is in substance the same as information currently classified requires a derivative classification. Therefore, information in a contractor's IR&D effort will require a derivative classification.
11-302 Classification Guidance
  The releasing contractor may extract guidance appropriate for the IR&D effort from:
a. An existing Contract Security Classification Specification that was previously furnished by a GCA in connection with performance of a classified contract;
b. A final Contract Security Classification Specification that was issued in connection with retention of classified documents under a completed contract;
c. A security classification guide obtained from DTIC; or
d. A classified source document.
NOTE: The Department of Defense "Index of Security Classification Guides" and many of the listed security classification guides are available to contractors who are registered with the DTIC. Contractors are encouraged to use the Index and the listed guides to obtain up-to-date security guidance for the classified information involved when developing guidance appropriate for their IR&D efforts.
11-303 Preparation of Security Guidance
  Contractors shall use the Contract Security Classification Specification to provide security guidance for the classified information released in their IR&D efforts.
11-304 Retention of Classified Documents Generated Under IR&D Efforts
  Contractors may retain the classified documents that were generated in connection with their classified IR&D efforts for the duration of their FCL provided they have proper storage capability. Documents shall be clearly identified as "IR&D DOCUMENTS." A contractor's facility clearance will not be continued solely for the purpose of retention of classified IR&D documents without specific retention authorization from the GCA that has jurisdiction over the classified information contained in such documents. Contractors shall establish procedures for review of their IR&D documents on a recurring basis to reduce their classified inventory to the minimum necessary


Source