Classified Information Workshop Part 4
Data Killers has years of experience rendering classified hard drive and media destruction for customers throughout the United States. With such a high demand for classified data destruction services, we know our readers will greatly benefit from our classified information workshop part 4. This section, originally posted on Wikipedia, discusses the proper procedures for protecting classified information. We thought the following information would greatly benefit new customers with classified information as well as those that just need a touch-up on the procedures:
Protecting classified information
Facilities and handling
“One of the reasons for classifying state secrets into sensitivity levels is to allow the level of protection to be tailored to risk. The U.S. government specifies in some detail the procedures for protecting classified information. The rooms or buildings where classified material is stored or handled must have a facility clearance at the same level as the most sensitive material to be handled. Good quality commercial physical security standards generally suffice for lower levels of classification; at the highest levels, people sometimes have to work in rooms designed like bank vaults (see Sensitive Compartmented Information Facility – SCIF). The U.S. Congress has such facilities inside the Capitol Building, among other Congressional handling procedures for protecting confidentiality. The U.S. General Services Administration sets standards for locks and containers used for storage of classified material. The most ubiquitous approved security containers look like heavy-duty file cabinets with a combination lock in the middle of one drawer. Advances in methods for defeating mechanical combination locks have led the U.S. government to switch to electromechanical locks that limit the rate at which combinations can be tried out. After a certain number of failed attempts, these locks will permanently lock, requiring a locksmith to reset them.
Classified U.S. government documents are typically required to be stamped with their classification on the cover and at the top and bottom of each page. It is often a requirement that each paragraph, title and caption in a document be marked with the highest level of information it contains, usually by placing appropriate initials in parentheses at the beginning of the paragraph, title, or caption. It is common to require that a brightly colored cover sheet be affixed to the cover of each classified document to prevent observation of a possibly classified title by someone unauthorized (shoulder surfing) and to remind users to lock up the document when it is unattended. The most sensitive material requires two-person integrity, where two cleared individuals are responsible for the material at all times. Approved containers for such material have two separate combination locks, both of which must be opened to access the contents.
There are restrictions on how classified documents can be shipped. Top Secret material must go by special courier. Secret material can be sent within the U.S. via registered mail, and Confidential material by certified mail. Electronic transmission of classified information largely requires the use of National Security Agency approved/certified “Type 1” cryptosystems utilizing NSA’s unpublished and classified Suite A algorithms. The classification of the Suite A algorithms categorizes the hardware that store them as a Controlled Cryptographic Item (CCI) under the International Traffic in Arms Regulations, or ITAR. CCI equipment and keying material must be controlled and stored with heightened physical security, even when the device is not processing classified information or contain a cryptographic key. NSA is currently moving towards implementing what it’s calling Suite B which is a group of commercial algorithms such as Advanced Encryption Standard (AES), Secure Hash Algorithm (SHA), Elliptic Curve Digital Signature Algorithm (ECDSA) and Elliptic curve Diffie–Hellman (ECDH). Suite B provides protection for data up to Top Secret on non-CCI devices. This is especially useful in high risk environments or operations needed to prevent Suite A compromise. These less stringent hardware requirements stem from the device not having to “protect” classified Suite A algorithms.
Specialized computer operating systems known as trusted operating systems are available for processing classified information. These enforce the classification and labeling rules described above in software. However, as of 2005, they are not considered secure enough to allow un-cleared users to share computers with classified activities. So if one creates an unclassified document on a secret device, the resultant data is classified secret until it can be manually reviewed. Computer networks for sharing classified information are segregated by the highest sensitivity level they are allowed to transmit, for example, SIPRNet (Secret) and JWICS (Top Secret-SCI).
The destruction of certain types of classified documents requires burning, shredding, pulping or pulverizing using approved procedures and must be witnessed and logged. Classified computer data presents special problems.
When a cleared individual leaves the job or employer for which they were granted access to classified information, they are formally debriefed from the program. Debriefing is an administrative process that accomplishes two main goals: it creates a formal record that the individual no longer has access to the classified information for that program; and it reminds the individual of their lifetime commitment to protect that information. Typically, the individual is asked to sign another non-disclosure agreement (NDA), similar to that which they signed when initially briefed, and this document serves as the formal record. The debriefed individual does not lose their security clearance; they have only surrendered the need to know for information related to that particular job.”
Data Killers sales and management staff are all thoroughly trained in the latest procedures for protecting classified information. This is extremely important as it ensures complete project accuracy from our technicians and for our customers. We are consistently cleared for on-site classified hard drive destruction and tape destruction at our customer’s locations. Our on-site hard drive shredding service helps you maintain DSS requirements for destruction of classified materials.