From Traditional Security
Part of Handling of Classified - Use of Cover Sheets on Documents
Associated with IA controls: PESP-1, PESS-1
Failure to protect readable classified information printed from classified systems such as SIPRNet when removed from secure storage can lead to the loss or compromise of classified or sensitive information.
During the review/walk-around be observant for classified documents without cover sheets. Unless an employee is specifically working on the document - a cover sheet must be placed on it to ensure classified information is not inadvertently exposed. If the document without a cover sheet is located in a SCIF, Secret or TS vault or secure room - this should not be written as a finding; however, highly recommend use of cover sheets as a best security practice. If the document w/o cover sheet is found in a Secret Controlled Access Area (CAA) or below, this should be made a finding. TACTICAL ENVIRONMENT: The check is applicable for fixed tactical classified processing environments. It is assumed the type of equipment referenced will be in a fixed environment. Not applicable to a field/mobile environment.
Ensure classified handling procedures address use of cover sheets on classified documents printed from systems such as SIPRNet, when the documents are removed from secure storage. Address use of cover sheets during initial and annual refresher security training. Periodically check areas for use of cover sheets. While not required by regulation it is good security practice to use document cover sheets in a SCIF, Secret or TS vault or secure room to prevent inadvertant access to classified information by persons without need-to-know and uncleared visitors to such classified areas.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer