Regulation 17 Sep 93
No. 380-5
Paragraph Page
Chapter 1
Introduction
Purpose 1-1 2
References 1-2 2
Applicability 1-3 2
Chapter 2
Information Security
Responsibilities 2-1 2
Security Manager Duties 2-2 3
Downgrading and Declassification 2-3 5
Marking 2-4 6
Storage and Safeguarding 2-5 6
Discrepancies/Violations/
Compromises of Classified
Information 2-6 9
Access, Dissemination,
Accountability and
Reproduction 2-7 10
Transmission of Classified
Material 2-8 11
Disposal and Destruction 2-9 15
Chapter 3
Management
Security Education 3-1 15
Program Management 3-2 16
Sanctions 3-3 16
Chapter 4
Foreign Visitors 4-1 17
Foreign Disclosure 4-2 18
Integrated Exchange Officers/
Foreign Liaison Officers 4-3 18
Chapter 5
Industrial Security Program
Industrial Security Program 5-1 18
Appendices
Appendix A - References 21
Appendix B - SM Inspection Requirements 22
Appendix C - Activity Entry/Exit
Inspection Program (EEIP) 37
Appendix D - Restrictions on Handcarrying
Classified Information 42
1-1. Purpose. To implement the XVIII Airborne Corps and Fort Bragg Information Security Program.
1-2. References. Required and related references are listed in Appendix A.
1-3. Applicability. This regulation is applicable to all organizations and activities which are within the purview of the Commander, XVIII Airborne Corps and Fort Bragg.
2-1. Responsibilities.
a. Directorate of Counterintelligence and Security. IAW FORSCOM policy, the Directorate of Counterintelligence and Security, (DCIS) is the Fort Bragg Installation Security Manager and is responsible for implementing the Command Information Security Program.
b. Commanders/Staff Directors. Security is the responsibility of the Commander/Staff Director. Although the Commander may delegate the authority to perform local security functions, the responsibility may not be delegated. Commanders at all levels will establish an effective Information Security Program and implement local information security policies and procedures IAW paragraph 13-304a.2, AR 380-5 UPDATE, and FORSCOM Supplement 1 to AR 380-5. This will include: initiating and supervising directives necessary to insure continuous protection of classified information; assuring that persons requiring access to classified information are properly cleared and that leaders at all levels constantly assess the individual trustworthiness of personnel under their supervision who possess a security clearance; and, initiating and maintaining an active security education program. The commander/director of each unit/activity is responsible for appointing a primary and alternate Information Security Manager in the grade of commis- sioned officer, warrant officer, E6 (or above) or civilian GS-6 (or above). Major Subordinate Commands (MSC) and Staff Directorates will forward a copy of the Security Manager appointment orders to this head- quarters, ATTN: AFZA-DS, within 15 days after the appointment.
c. Security Managers. The Security Manager and alternate will be appointed by the commander/director in writing, be properly cleared, and will be the commander/director's authorized representative, responsible for the administration of an effective organizational information security program. The Security Manager will be in the grade E6/GS-6 or above; will be retainable in the organization for at least 6-12 months; and will execute their duties IAW paragraph 13-304c.1, subparagraphs (a) through (l), AR 380-5 UPDATE, page 53, and this regulation. Duties of the Security Manager are listed in
paragraph 2-2 below. Assistant Security Managers must also be appointed in areas e.g. offices, sections, branches, divisions, etc,. where classified information is stored or processed.
d. Individuals. The protection of classified information is the responsibility of each individual who possess or has knowledge of such information. These individuals will not allow another person access to classified information until a valid need-to-know and the proper security clearance has been established and verified.
2-2. Security Manager Duties.
a. The Security Manager will:
(1) Advise and represent the commander/director on matters related to the classification, downgrading and declassification, and safeguarding of national defense information. The Security Manager will also advise and assist the commander/director in the enforcement of regulations on the dissemination, reproduction, transmission, protection, and destruction of classified material.
(2) Establish, implement, and maintain an effective security education program. Maintain individual records of training presented (e.g. initial security briefings, SAEDA training, etc.) on an automated system or a locally reproduced form.
(3) Serve as the unit/activity single point of contact (POC) for all matters relating to the security of national defense information within that unit/activity, (i.e., guidance on classification and declassification problems; assisting in the development of classification guidance; issuance of DD Forms 2501 [Courier Authorization Card]; protection of classified informa- tion/material during meetings, briefings, symposiums sponsored by the unit/ activity, etc.).
(4) Display posters identifying themselves by name and means of contact, throughout their unit/activity. (Use FORSCOM Poster 102-R).
(5) Establish procedures for ensuring that all persons handling classified material are properly cleared and have a need to know. The clearance status of each individual must be recorded and available for verification.
(6) Ensure that classification guides for classified plans, programs, and projects are created early and reviewed and updated when required.
(7) Conduct periodic (at least annually) reviews of classifications assigned within the activity to ensure that such decisions are proper; ensure the review and continual reduction of classified information within the activity by declassification, destruction, or retirement. Oversee annual review/cleanout days.
(8) Conduct security manager inspections and spot checks as specified in paragraph 2-2-5 below and Appendix B, this regulation. Copies of inspection reports and spot checks will be retained on file for review by the next higher Security Manager.
(9) Make recommendations regarding requests for visits by foreign nationals. Brief unit/activity personnel on restrictions on the dissemination and discussion of classified information prior to visits by foreign personnel.
(10) Whenever there is loss or possible compromise of classified material, the commander/director shall be notified as soon as possible that a preliminary inquiry must be initiated. The DCIS (396-1946/8292) will be
notified NLT the next working day, by the fastest means available consistent with sound security. Guidance on the appointment of an investigating officer and on processing security investigations is in Appendix R, FORSCOM Supplement 1 to AR 380-5.
b. Collateral Security Manager Duties. The appointed activity Security Manager has the additional duty of security coordination beyond the Informa-
tion Security Program. This requires coordination with those persons respon- sible for personnel security and information systems security (formerly called automation security or computer security). Refer to the respective AR, FORSCOM Supplement and/or the Fort Bragg Regu-lation for specific functions. Collateral Security Manager duties include the following:
(1) Review the security clearance/investigative requirements of TDA/TOE positions within the organization. Submit changes
through the supporting S2/G2 office to the DCIS as applicable. Note that changes to the designation of civilian positions as "Critical-Sensitive" or "Noncritical-Sensitive" must be coordinated through the DCIS Personnel Security Investigations Division.
(2) Continually assess the individual trustworthiness of personnel who have a security clearance. When the Commander/ Director or Security Manager learns of credible derogatory information on a member of their organization that falls within the scope of paragraph 2-200, AR 380-67, the activity will immediately submit DA Form 5248-R through the DCIS to the Army Central Clearance Facility (CCF). The Security Manager should recommend to the Commander/Director appropriate action, e.g., suspension of the individual's access to classified information.
(3) While the appointed organization/activity Information Systems Security Officer (ISSO) is responsible for the Information Systems Security Program, the Security Manager should coordinate closely with the ISSO, especially where automated information systems (computers) are used for processing classified information.
(4) The organization Security Manager will coordinate with the DCIS on requirements for Technical Surveillance Countermeasures (TSCM) (technical sweep for listening devices) support from INSCOM.
(5) The organization Security Manager will maintain cognizance over STU-III telephones within the activity. STU-III's are keyed by the supporting signal or security office at the level required by the activity, i.e., TOP SECRET or SECRET. [Note: the area must be approved for discussions at the designated level, i.e. STU-III's keyed for TOP SECRET must be in an area approved for TOP SECRET discussions]. The STU-III by itself is unclassified, but is a Controlled Cryptographic Item (CCI). When the Crypto Ignition Key (CIK) is inserted into the STU-III, the device becomes classified at the level to which it has been set. Whenever the CIK Key must be stored in the vicinity of the STU-III to which it is keyed, the CIK will be stored in a GSA approved security container. A STU-III should not be located in an area where uncleared personnel in the room may hear the classified conversations. The organization Property Book Officer or Hand Receipt Holder can provide a list- ing of STU-III's in the unit/activity. The Security Manager will conduct periodic inventories to assure that accountability of STU-III's and CIK keys is maintained. In areas where STU-III telephones are located, the SF Form 701 (Daily Activity Security Checklist), will be modified to require a check of
the STU-III, to verify that the CIK key has not been left installed. Requests to install STU-III's in on-post quarters will be forwarded through DCIS to
FORSCOM. The FORSCOM J2 is the approving authority for STU-III's installed in quarters. Each request must be justifified; use must be strictly controlled
and will be authorized by FORSCOM J2 only for a specified period of time when necessary because of a compelling operational need. The STU-IIIA (portable mode/brief case) is the only version of the STU-III which may be authorized for use in an off-post personal residence.
(6) Facsimile Equipment. The activity Security Manager will maintain cognizance of the location and use of facsimile equipment in the organization,
especially in areas where classified information is processed. Only a Secure Facsimile may be used to transmit classified information. Non-secure fac- simile devices will not be installed in classified processing areas.
c. Waivers. Requests to waive the minimum rank/grade requirements for designation as a Security Manager (see paragraph 1c above) will be forwarded to Commander, XVIII Airborne Corps and Fort Bragg, ATTN: AFZA-DS, Fort Bragg, NC 28307-5000.
d. Training. Personnel appointed as Security Managers, down to and including Battalion level, will attend the Security Managers Orientation Course (SMOC) within ninety (90) days of their appointment to this duty.
(1) The SMOC is a two-day course of instruction designed to provide the Security Manager with an overview of their responsi-bilities and duties. During the course, students will be excused from all other duties and/or responsibilities.
(2) Requests for attendance at SMOC training will be coordinated through the unit/activity Major Subordinate Command to the DCIS, ATTN: AFZA-DS. Requests must be received no later than close-of-business on the Wednesday preceding the scheduled course dates.
e. Security Manager Inspections. Security managers will conduct security inspections, IAW AR 380-5 and will coordinate with others on AR 380-19, and AR 380-67 with FORSCOM Supplements, and DA Pam 25-380-2, of each subordinate element or subdivision. An Announced and an Unannounced After Duty-Hours inspection will be conducted of each sub-element annually (see Appendix B). Periodic Duty Hour Spot Checks of each sub-element will also be conducted semi-annually. Security managers will notify the Commander/Director of the results of such inspections. Additionally, the security manager will forward to the security manager of the next higher command, (to DCIS when the next higher command is not on the installation) written copies of inspection reports within ten (10) working days following such inspections.
f. Security Briefings. All individuals, regardless of their security clearance status, will receive an initial security orientation upon assignment or employment by any element of this command. The office or unit granting access to classified information will record receipt of initial security orientation and refresher briefings. See paragraph 3-1-2 below for a listing of required briefings.
2-3. Downgrading and Declassification
a. Downgrading and Declassification.
(1) All classified material should bear specific markings on the front cover (if any) or the front page, which advises the holder of when the information may be downgraded to a lower level of classification, and/or when it may be declassified.
(2) The determination as to when a particular piece of classified information may be downgraded or declassified must be determined by the originator of the information, at the time of origin. This facilitates the required action at the specified time. Should the information be marked to be down-graded/ declassified on "OADR" or "Originating Agency's Determination Required", contact will be made with the originator for specific instructions on downgrading or declassifying.
b. To downgrade or declassify information which has reached the date or event as marked on the front of the information, the following procedures will be used:
(1) Downgrading:
(a) Cross out the existing classification markings
(b) Write in or stamp the new classification, initial and date the new markings to show who did the changing and when.
(2) Declassification:
(a) Cross out the existing classification markings
(b) Mark the information as "Unclassified", initial and date the new markings to show who did the changing and when.
2-4. Marking
a. Marking. All classified material will be conspicuously marked on the top and bottom of the front cover (if any), front page, and the back cover (if any) or the back of the last page, with the overall classification of the material.
b. Classified Distribution. Security managers will establish procedures to ensure that all incoming classified distribution is reviewed for proper markings. All classified information received should reflect applicable markings as specified by AR 380-5, Chapter IV, to include: overall classification, portion markings, classified "By Line," declassification date/event, etc. If the appropriate markings cannot be determined, the originator or sending activity will be contacted to obtain guidance.
2-5. Storage and Safeguarding
a. Security Containers. Only containers approved by the General Services Administration (GSA) as meeting their standards for security containers may be used for the storage of classified material. GSA Approved containers have a label designating this approval affixed to the front of the container, or in the case of older containers, on the inside of a drawer. Security containers
without a GSA-Approved label will not be used for storage of classified information. GSA-Approved containers which are missing the label should be inspected by the locksmith for recertification.
b. Open Storage.
(1) Open storage of classified information will be approved only when the material to be stored is too large to be stored in a GSA approved security container. Areas to be approved for such storage must meet the requirements as specified in Appendix H, AR 380-5, with FORSCOM Supplement.
(2) All requests for the approval of open storage of classi-fied material will be sent to the DCIS, ATTN: AFZA-DS. No area may be used for such storage until approval is received in writing.
(3) Certifications/approval for open storage of classified material will be valid for a period of two (2) years from the date of issue, unless structural changes have been made to the area which degrade the security measures which were in-place at the time approval was granted.
c. Custodial Precautions. Cover Sheets. Only SF 705 (CONFIDENTIAL Cover Sheet), SF 704 (SECRET Cover Sheet), or SF 703 (TOP SECRET Cover Sheet) are authorized for use with collateral classified information in this command. Special cover sheets for Special Intelligence (SI) information may be used as required by the Special Security Officer (SSO) on information within their purview. Locally reproduced cover sheets may be used for classified material requiring Special Access Program (SAP) protection.
d. Activity Entry/Exit Inspection Program (EEIP). The XVIII Airborne Corps and Fort Bragg Entry and Exit Inspection Program will be conducted as prescribed by AR 380-5 with FORSCOM Supple-ment, and Appendix C of this regulation.
(1) Commanders/Security Managers will become familiar with the provisions of AR 380-5, paragraph 5-300 through 5-303, with FORSCOM Supplement, and Appendix C of this regulation, for detailed guidance on the Activity Entry and Exit Inspection Program.
(2) Inspections will be held on a random/irregular basis at locations where classified information/material is usually processed.
(3) Individuals designated as couriers and personnel who hand-carry classified information will have a DD Form 2501 (Courier Authorization Card) in their possession at all times when transporting classified material. The authorizing official must be knowledgeable of the classified material being transported by the courier, the reason, and the anticipated time and date of return.
(4) DD Form 2501 is intended as courier authorization for local handcarry of classified information between on-post buildings and local subordinate activities, subinstallations, and CONUS DOD facilities within a 200 MILE driving radius of Fort Bragg. Courier cards are NOT intended for blanket authorization to randomly transport classified material.
(5) Courier Letters of Authorization issued by the security manager, down to battalion/separate company level, are required whenever classified material is handcarried by any means of transportation, military or commercial (air, rail, etc.) outside of the 200 MILE driving radius of Fort Bragg (see AR 380-5, Chap VIII, Section 3, with FORSCOM Supplement 1, App D).
(6) DD Forms 2501 are controlled as sequentially serial numbered items and will be issued by DCIS to security mangers of:
(a) Principle Staff (XVIII Airborne Corps, and Installation),
(b) Major Subordinate Commands (MSCs)
(c) Separate Battalions and Separate Companies
(d) Tenant Activities
(e) Subinstallations
(7) Security managers will establish and maintain accountability records to control DD Forms 2501. The following will be entered in the control log:
(a) Card number;
(b) Issued to;
(c) Grade;
(d) SSN;
(e) Signature;
(f) Issue Date;
(g) Expiration Date;
(h) Turn-in Date;
(i) Verified By (Initials).
(8) Commanders will institute unit/activity clearance procedures to recover DD Forms 2501 issued to personnel who no longer require courier cards due to change of duty assignment, permanent change of station, expiration term of service (ETS), suspended access, etc. Invalidated DD Forms 2501 will be annotated in the courier card control log and a record of destruction main- tained in security files. The serial number of courier cards lost or other- wise unaccounted for will be reported to DCIS immediately. Accountability of DD Forms 2501 will be an item of interest during inspections.
e. TOP SECRET Controls.
(1) TOP SECRET (TS) material will be stored only in an authorized TOP SECRET storage area under the control of a TOP SECRET Control Officer. TS information may be temorarily receipted by the activity security manager, who will further have the individual working with the information sign for it. All TS material must be returned to the TS Control Office within seventy-two (72) hours. While signed out, the TS material must be safeguarded in an area/container approved for the storage of TS material. The Two-Person Integrity rule must also be followed. If additional time is needed while working with the information, it may again be signed out.
(2) All signatures for TOP SECRET information will be on a TOP SECRET Accountability Record, DA Form 626.
f. TEMPEST Security. TEMPEST is the name given to the investigation, study, and control of compromising emanations from electronic equipment used to process classified information. Requests to purchase electronic equipment which will be used to process classified information must be forwarded to the TEMPEST Coordination Officer (TCO) within DCIS for review. Organizations planning on constructing or modifying areas where classified information will be processed will coordinate construction plans with the TCO.
g. Restricted Areas.
(1) Requests for areas to be designated as a Restricted Area, will be sent to the DCIS, ATTN: AFZA-DS-C for review and approval or denial, IAW AR 190-13.
(2) IAW AR 381-14, personally-owned receiving, recording, transmitting and amplification equipment such as tape recorders, radios, televisions, stereos, etc., are not permitted within the controlled space of classified electronic processing offices/ rooms designated as Restricted Areas under any circum-stances. Requests for the introduction of Government-owned radios, tele-visions, etc., will be coordinated through the TEMPEST Coordination Office.
(3) Care will be exercised in the control of personnel entering classified processing and/or discussion Restricted Areas. Only individuals having the appropriate security clearance and "need-to-know" will be allowed into these areas unescorted. Personnel who are awaiting a security clearance or a higher clearance level will NOT be allowed to commence work in a classified Restricted Area. The only uncleared personnel who may enter a classified Restricted Area when escorted are those who have official business, e.g. repairman, fire inspector, etc. Personnel who do not have official business will not be allowed into classified Restricted Areas.
2-6. Discrepancies/Violations/Compromises of Classified Information.
a. Definitions.
(1) Discrepancies. Those items which, although may conflict with regulatory or directive guidance, are more administrative in nature and do not constitute a viable threat to the national security. Discrepancies are considered as minor deficiencies to an organizations overall security posture.
(2) Violations. Those deficiencies which are in direct conflict of rules, regulations and/or directives. Violations may or may not constitute a compromise.
(3) Compromise. A compromise is the unauthorized disclosure of classified information. Compromises result from violations of security regulations or security weaknesses; however, not all
violations or weaknesses result in a compromise. Each security violation or security related incident must be investigated to determine if a compromise of classified information is likely.
b. Procedures.
(1) Upon discovery of a violation of security regulations and/or a security compromise, it is the responsibility of the discoverer to immediately notify their security manager.
(2) When notified of a security violation or a possible compromise of classified information, the security manager will notify the unit/activity commander/director and the DCIS, ATTN: AFZA-DS, NLT the next working day.
c. Inquiries. Once notified of a security violation or possible compromise, the DCIS will assign a control number to the reporting unit/activity and direct that a Preliminary Inquiry (PI) be initiated.
d. Conduct of an Inquiry. Upon receiving a control number from the DCIS, the responsible unit/activity will initiate a PI in accordance with paragraph 6-103 of AR 380-5 and Appendix R, FORSCOM Supplement to AR 380-5. As a minimum, the following steps will be taken:
(1) Commander/Director will immediately assign in writing, a preliminary inquiry (PI) officer. This officer must be at least an E-7/GS-7 or above, be senior in grade to anyone involved in the incident, and not within the rating scheme of anyone involved in the incident. That officer will cease all other duties until such time as the inquiry is completed.
(2) The PI officer will have a total of ten (10) working days in which to complete the inquiry and return it to the appointing authority for review. The inquiry will include all findings, conclusions, recommendations for corrective actions, and any punitive action deemed necessary.
(3) Upon receiving the PI officer's report, the appointing official has three (3) working days in which to review the report, make any changes or further recommendations, and forward to the DCIS for review/comment.
(4) Upon determination by DCIS that the preliminary inquiry findings are sufficient and that the compromise could not cause damage to the national security, or that a compromise did not occur, the PI will be closed and returned through channels to the appointing authority for recommended action and retention.
(5) If the Commander, XVIII Airborne Corps and Fort Bragg determines that further investigation is warranted, an investigating officer will be appointed by the Command under the provisions of AR 15-6.
(6) Extensions of the deadlines for reporting to DCIS will be given only if extenuating circumstances arise which are beyond the control of the PI officer or the appointing official.
e. Reporting.
(1) All discrepancies, violations, or compromises occurring while in a field environment or while deployed will be reported to the S2/G2 of the unit's MSC and to the Corps ACofS, G2.
(2) All insecurities occurring while in Garrison will be reported to the DCIS, and upon completion of the PI, the full written report will be forwarded to DCIS for further reporting to higher headquarters.
(3) Should actual compromise have taken place, notification will be as follows:
(a) CONFIDENTIAL: HQ FORSCOM
(b) SECRET or TOP SECRET: DA, and Info to HQ FORSCOM
(4) In all cases, the originator of the information will be notified of the possible compromise of their material.
2-7. Access, Dissemination, Accountability and Reproduction.
a. Access. Only those persons having a security clearance equal to or greater than that of the information concerned, and the "need-to-know", (defined as the need to have access to information in order to perform one's official duties), will have access to classified information, regardless of rank or position.
b. Dissemination. Classified information may be disseminated only to those individuals whose appropriate security clearance and "need-to-know" has been verified by the holder of the information.
c. Accountability. Accountability of classified information is the responsibility of the holder of that information, regard-less of how that information was obtained or how it is kept.
d. Reproduction. Copying classified documents shall be minimized.
(1) Reproduction equipment used to reproduce classified information must be certified for that purpose. Under no circumstances will classified information be reproduced on equipment which has not been certified.
(2) The Fort Bragg Directorate of Counterintelligence and Security (DCIS) and supporting G2 offices on Fort Bragg may certify reproduction equipment for their respective commands. In all cases wherein a supporting G2 certifies reproduction equipment for use by a subordinate element, to include tenant activities, an information copy of that certification will be forwarded to DCIS.
(3) Units/activities and tenant activities who can justify a valid need to reproduce classified material on a frequent or recurring basis may submit a request for certification of reproduction equipment to their supporting G2 for approval. Directorate staffs, major subordinate commands (MSCs), and sub-installations will submit requests for certification of reproduction equipment directly to DCIS.
(4) Commanders, primary staff officers, directors, and heads of activities will designate officials authorized to approve reproduction of classified material by name and position title.
(5) DA Form 3964 (Classified Document Accountability Record)
will be completed by the approving official when required.
(6) When reproduction of classified VU-graphs, slides, briefing charts and other classified audiovisual aids are produced by the Training Aids Support Center (TASC), users will comply with TASC and all other applicable security requirements.
(7) TOP SECRET material may be reproduced only when authorized by the original classification authority. In such cases, the TOP SECRET Control Officer (TSCO) is the approving authority for local reproduction.
(8) Each request for certification will contain:
(a) Justification as to why unit/activity cannot use DOIM, ISSB, or 82nd AG/ASB for classified reproduction support.
(b) Description of copier machine to be used for reproduction of classified material to include manufacturer, model, and serial number.
(c) A copy of local standing operating procedure for reproduction of classified material.
(d) The designated official(s) by position title and name, who are authorized to approve reproduction of classified material. Those authorities will ensure DA Forms 3964 are properly prepared as required.
(e) A copy of FORSCOM Form 138-R (Equipment Designated for Reproduction of Classified Material) identifying the official designated to
approve requests for classified reproduction. This form must be posted on or adjacent to the reproduction equipment.
(f) FORSCOM Poster 93 (Warning Notice), prohibiting reproduction of classified information, shall be posted on all equipment used only for reproduction of unclassified information.
(g) All requests must be signed by the commander, primary staff officer, director, or head of activity.
2-8. Transmission of Classified Material.
a. Transmission. Transmission of classified information must be in accordance with the procedures established in AR 380-5. ON-POST. While in/around Fort Bragg, personnel having a need to handcarry classified material will:
(1) Have in their possession a valid Courier Authorization Card (DD Form 2501), issued by their Security Manager, indicating that they have a security clearance equal to or greater than the material being handcarried. Written authorization for the handcarry of classified information on Fort Bragg and within a 200 MILE driving radius of Fort Bragg will be accomplished by the issuance of DD Form 2501. Procedures for the issuance of these forms are found in Appendix C of this regulation.
(2) Have all classified material double-wrapped in opaque containers (information may be placed in one envelope then placed inside a locked briefcase for handcarry in/around Fort Bragg).
b. CONUS. Written authorization for the handcarry of classified information within the United States, its territories, and Canada will be approved by unit/activity commander/director, down to battalion and separate company level. Written authorization will consist of a DD Form 2501 and a Courier Letter of Authorization (LOA). Statements in Block 16, DD Form 1610, Request and Authorization for TDY Travel of DOD Personnel, which indicate an individual is acting as a classified courier, will not suffice as official courier appointment. When handcarrying classified material from one installation to another within CONUS, the courier will:
(1) Travel by Commercial Aircraft.
(a) Have in their possession a LOA to handcarry such material, (Sample LOA is at Figure 8-2, FORSCOM Supplement 1 to AR 380-5). This letter
may be issued by the Security Manager at the MSC, Separate Brigade, Directorate level or higher. The Security Manager must certify in the LOA that there is neither time nor alternate means of transmission available to get the material to the destination to meet operational objectives.
(b) All material will be double-wrapped, sealed in opaque envelopes/containers and addressed as if for mailing,
(c) The Security Manager will maintain a complete listing of all material being handcarried.
(d) Under no circumstances will classified material be placed in detachable storage (i.e., aircraft travel pods).
(e) Material Safeguarding. Couriers are responsible for ensuring the integrity of the material in their custody at all times.
(f) When transporting classified material by commercial aircraft, couriers must use only U.S. Carriers.
(g) When handcarrying classified material by commercial aircraft, airport security personnel may be allowed to handle the sealed container(s), feel them, etc., and unless they contain magnetic media, X-ray them, but MAY NOT open them under any circumstances. Should security personnel insist on opening the container(s), the courier will refuse to allow them to do so. The courier will not board the aircraft and will return the material to its approved security container.
(h) Last-On-First-Off Procedure. When the physical bulk or configuration of the material being transported will not permit the courier to keep the material on his person or in view at all times, arrangements will be made with the carrier to effect a "last-on-first-off" procedure. This proce- dure ensures the material will not be moved without the courier being present.
(2) Travel by Ground Transport.
(a) Have in their possession a LOA to handcarry such material, (Sample LOA is at Figure 8-2, FORSCOM Supplement 1 to AR 380-5). This letter may be issued by the Security Manager at the MSC, Separate Brigade, Directorate level or higher. The Security Manager must certify in the LOA that there is neither time nor alternate means of transmission available to get the material to the destination to meet operational objectives.
(b) All material will be double-wrapped, sealed in opaque envelopes/containers and addressed as if for mailing,
(c) The Security Manager will maintain a complete listing of all material being handcarried.
(d) Under no circumstances will classified material be placed in detachable storage (i.e., trailers, roof racks, etc.).
(e) Material Safeguarding. Couriers are responsible for ensuring the integrity of the material in their custody at all times.
c. OCONUS. Handcarry of classified material OCONUS by commercial aircraft requires the approval of the Director of Counterintelligence and Security, (DCIS). To obtain approval the following must be submitted to DCIS:
(1) Complete justification as to why the information must be taken from the installation and why it could not be sent through other approved means.
(2) Complete itinerary of the courier(s), to include flight times, carriers, etc., (Note: When transporting classified material by commercial aircraft, couriers must use only U.S. Carriers.)
(3) All material will be double-wrapped, sealed in opaque envelopes/containers and addressed as if for mailing.
(4) Material Safeguarding. Couriers are responsible for ensuring the integrity of the material in their custody at all times.
d. Under no circumstances will classified information be read, displayed or used while in transit. The containers must still be sealed upon arrival.
e. All couriers will be given a briefing regarding their duties and responsibilities in the safeguarding of the classified material, prior to being allowed to handcarry such information. This briefing will be conducted by the unit/activity Security Manager for CONUS transport, and by a member of the Counterintelligence and Security Countermeasures Division, DCIS, Bldg. 1-1621 (basement), for OCONUS transport. A statement will be executed in writ-ing by the courier, indicating that they have received the "Handcarry Briefing" from the Security Manager/DCIS representative. A sample briefing statement is at Figure D-3.
f. When handcarrying classified material by commercial aircraft, airport security personnel may be allowed to handle the sealed container(s), feel them, etc., and unless they contain magnetic media, X-ray them, but MAY NOT open them under any circumstances. Should security personnel insist on opening the container(s), the courier will refuse to allow them to do so. In such cases the courier will not board the aircraft and will return the material to its approved security container.
g. Last-On-First-Off Procedure. When the physical bulk or configuration of the material being transported will not permit the courier to keep the material on thier person or in view at all times, arrangements will be made with the carrier to effect a "last-on-first-off" procedure. This procedure ensures the material will not be moved without the courier being present.
h. OCONUS Transport of NATO Classified Documents. During international travel, NATO classified documents shall be carried by persons other than regular couriers (Defense Courier Service) only when such transmission is determined to be mission essential, in the best interests of NATO, and is approved by the J2 (FCJ2-CIC), FORSCOM. This restriction applies regardless of mode of travel. Additional restrictions and requirements pertaining to handcarrying NATO classified documents during international travel are outlined in USSAN Instruction 1-69, as quoted in AR 380-15 (C), paragraphs 105 and 108, Attachment 1 to Enclosure 2, and Section III, Attachment 3 to Enclosure 2. (Para 8-300g, FORSCOM Suppl to 380-5).
i. Handcarry of COMSEC Material Aboard Commercial Aircraft.
(1) Courier Requirements. Official couriers for classified COMSEC material will be designated in writing by the commander or his COMSEC Custodian. The following requirements apply to all couriers of COMSEC material:
(a) Security Clearance - Couriers will be properly cleared.
(b) Safeguarding the Material. The designating authority will make sure that couriers are briefed on how to safeguard material in transit. Safeguarding the material is particularly important during delays and stopovers.
(c) The courier must be taught how to destroy the material in case of an emergency.
(d) Weapons Requirement. The designating authority will determine the need for carrying weapons. Couriers will not normally be armed; however, if the tactical or environmental conditions warrant the use of weapons, they willbe issued and couriers briefed on their use as appropriate.
(2) Courier Responsibilities.
(a) Material Safeguarding. Couriers are responsible for ensuring the integrity of the COMSEC material in their custody at all times.
(b) Transporting into Foreign Countries. Couriers transporting COMSEC material into foreign countries must prevent foreign inspection by unauthorized persons. Under no circumstances will U.S. COMSEC material be permitted to enter foreign distribution channels unless HQDA (DAMI-CIC) has previously and specifically authorized its release.
(c) Last-On-First-Off Procedure. When the physical bulk or configuration of the material being transported will not permit the courier to
keep the material on his person or in view at all times, arrangements will be made with the carrier to effect a "last-on-first-off" procedure. This proce-dure ensures the material will not be moved without the courier being present.
(d) CRYPTO Key Escort. The courier will escort CRYPTO key at all times. Should the material be placed in a locked compartment during shipment, the courier will check the locked area as frequently as possible. (Section 3-7, TB 380-41-5).
j. Distribution Systems.
(1) At no time will classified information be placed within the normal distribution system for standard distribution. All incoming classified distribution is to be picked up at Classified Distribution Center and handcarried by an authorized courier to the destination unit/activity. Authorized personnel must be on the access list at the Classified Message Center and have in their possession a valid DD Form 2501. Couriers must take with them appropriate envelopes and/or briefcases to "double-wrap" and other-wise provide for the secure transport of the material.
(2) Under no circumstances may classified information be placed into a "Shotgun Envelope" (SF Form 65-B). Transporting of classified information in such an envelope is a security violation and will be reported as such, in accordance with paragraph 6-105, AR 380-5.
2-9. Disposal and Destruction
a. There are two established facilities on Fort Bragg for the disposal and destruction of classified material. They are:
(1) Main facility, (Bldg. C-1629) located on Ardennes Street at Long-street. An incinerator unit, collocated with the Main facility, is used to destroy those items which cannot be destroyed by pulverizing or shredding. Customers should call the facility before arrival to ensure sufficient time is available to complete the destruction of their classified material. (Mornings are set aside for special appointments for recurring customers only.)
(2) Alternate facility, (Bldg. 1-1354) located in the main post area between Scott and Macomb streets, opened only when the Main facility in inoperative for more than three consecutive days, or upon special request.
b. FOR OFFICIAL USE ONLY (FOUO) material will NOT be destroyed at any of the classified destruction facilities. These facilities are solely for the destruction of CLASSIFIED material. Special destruction needs will be coordinated with the DCIS prior to attempting to use these facilities.
c. Security Managers are responsible for ensuring that personnel transporting material to the destruction facilities are cleared to access the information, and that measures are taken to ensure loss does not occur during transport. Personnel assigned to destroy material at the facilities will be made aware that the facility operator cannot destroy material for them, and
that any material not destroyed must be returned to the unit/activity for safeguarding.
3-1. Security Education
a. Security Managers are responsible for security training to personnel within their units/activities, as well ensuring that security managers at subordinate units/activities provide such training to their personnel.
b. Security Managers will ensure that personnel receive:
(1) Initial Security Briefings
(2) Annual Refresher Briefings, to include as a minimum:
XVIII Abn Corps and Fort Bragg Regulation 380-5
(a) SAEDA Training (initial and annual).
(b) AR 381-10 (initial and annual) Familiarization for all personnel assigned to intelligence units/activities.
(c) AR 380-5, (initial and annual) For all personnel with access to classified information, or who hold a security clearance.
(d) AR 380-13 (initial and annual) Familiarization for Commanders/ Directors, persons having responsibility for maint-enance of personnel records and all other personnel not receiving the AR 381-10 briefing.
(e) Security standards and procedures for CCI, IAW Para 3b, FORSCOM Memo on CCI, 11 Jul 89.
(3) Foreign Travel Briefings (as required) to personnel with a security clearance traveling OCONUS. Travel threat briefings to all personnel deploy-ing OCONUS.
c. Security Managers will maintain records reflecting attendance at all security related training by personnel assigned to their unit/activity. Records of training will be an item of interest during command security inspections and in announced inspections from higher headquarters.
3-2. Program Management.
Each MSC/activity on Fort Bragg shall establish a Security Standing Operating Procedure (SOP) for their organization. A copy of the Security SOP of any subordinate units or activities will also be maintained.
3-3. Sanctions.
a. All personnel, military or civilian, of the Department of Army are individually responsible for complying with the pro-visions of AR 380-5, and as outlined on the Classified Information Non-Disclosure Agreement, (SF Form 189 and/or its replacement, SF Form 312). All personnel having access to classified information shall complete and sign an SF Form 312 (those persons having completed an SF Form 189 prior to January 1988 are not required to also complete an SF Form 312 unless they so desire). The organization Security Manager will ensure the completion of these forms and maintain them on file until the individual departs the organization. Once an individual departs, the SF Form 189 (or SF Form 312) will be forwarded IAW the provisions of AR 380-67.
b. Sanctions for the unauthorized disclosure of classified information vary. These sanctions may be no more than a written or verbal reprimand, or they may be more severe action e.g. suspension, fines and/or imprisonment. Specific sanctions for violations of the provisions of AR 380-5 may be found in Appendices L through P of that regulation.
4-1. Foreign Visitors (AR 380-10).
a. Foreign visitors are described as any person not a citizen of the United States. In accordance with Department of the Army policy, the DCIS has been designated as the Foreign Contact Office to approve all foreign visits to Fort Bragg, and serve as liaison between Fort Bragg and the Department of the Army Foreign Liaison Office (DAMI-CIT).
b. All foreign visitors are required to go through their embassy to request permission to visit military installations within the US. An exception to this policy is what are known as LATAM COOP Visits. IAW Army policy, all requests for visits of foreign personnel must be coordinated in advance with the DCIS. Procedures for such visits are as follows:
(1) Foreign personnel submit a request through their respective embassy in this country, to Department of the Army, ATTN: DAMI-CIT.
(2) DAMI-CIT then sends a Foreign National Embassy Visit Request to the DCIS, Fort Bragg.
(3) After determining what organization/activity is to be visited, the visit request will be forwarded to the appropriate office for action.
(4) The action office(s) will then contact the host unit/activity to determine the following:
(a) Is the date of the requested visit acceptable to the unit/activity to be visited;
(b) Is the subject matter to be discussed, either classified or unclassified (if classified, all information to be released must be approved in advance by the Original Classification Authority (OCA), through DAMI-CIT);
(c) If approved by the host, a POC name and COMMERCIAL phone number must be provided; and,
(d) The action office will return this information to the DCIS for reporting to FORSCOM and DAMI-FLO-CIT, NLT five days prior to the visit date or twenty-one days of the request.
(5) The hosting unit/activity is responsible for making all arrangements with the visitor and ensuring that the purpose of the visit is fulfilled.
(6) Personnel assigned as escort officer(s) for visiting foreign personnel will be briefed by the organization Security Manager or the DCIS, prior to the visit, to ensure that the escort officer does not allow classified information (other than that which may already have been approved
by HQDA) to be released to the visitor(s). This includes allowing visual exposure to classified information, as well as oral or written disclosure/ exposure.
c. IAW AR 380-10, HQDA DCSINT is the point of contact for military attaches diplomatically accredited to the U.S. Government and other repre-sentatives of foreign governments wishing to conduct official business with DA. ALL official foreign contacts with the Army must be authorized by a diplomatically accredited military attache on behalf of his or her government. Except as authorized by the DCSINT or senior Army leadership (Vice Chief of Staff, U.S. Army; Chief of Staff, U.S. Army; Under Secretary of the Army; or Secretary of the Army), foreign representatives are not authorized official contact with either DA personnel or DA organizations in any manner pertaining to any aspect of official business. Indiv-iduals/units are not authorized to extend an invitation to foreign personnel to visit Fort Bragg without coordinating the request through this headquarters and HQDA.
4-2. Foreign Disclosure.
a. U.S. classified information may be released to foreign nationals, foreign governments and international organizations ONLY when authorized under the provisions of the National Disclosure Policy, DoD Directive 5230.11 and AR 380-10.
b. Material marked Not Releasable to Foreign Nationals - "NOFORN" cannot be released to foreign nationals without approval from the Original Classification Authority (OCA).
c. Security clearance verifications from foreign governments DO NOT mean that U.S. classified material at that level may be disclosed to a foreign national, i.e. a visiting French officer has provided a clearance certificate from his government which reflects that the officer is cleared for "Tres Secret" (Top Secret) information. This "verification of clearance" has no
bearing on the release of any level (Confidential, Secret, or Top Secret) of U.S. classified material to that officer. See DCIS and AR 380-10 for additional information.
4-3. Integrated Exchange Officers/Foreign Liaison Officers.
a. Integrated Exchange Officers and Foreign Liaison Officers are foreign military personnel who are assigned to a particular unit for specific duties and time-period. The terms of the Delegation of Disclosure Authority Letter are established in writing in advance of the assignment. Disclosure of infor-mation outside of the approved level and subject areas is not authorized.
b. A U.S. Army Contact Officer and alternate is assigned for all Integrated Exchange Officers and Foreign Liaison Officers. The Foreign Contact Officer is responsible for coordinating all visit and information requests which are outside the terms of the Delegation of Disclosure Authority.
5-1. Industrial Security Program.
a. At Fort Bragg, the Directorate of Counterintelligence and Security, (DCIS) has been designated as the Cognizant Security Office (CSO) for all
contractors working on classified contracts, and performs this function for the command IAW the provisions of DOD 5220.22-R.
b. As the CSO, the DCIS is the point of contact for verification of security clearances of personnel working for contractors with facility clear-ances granted by the Defense Industrial Security Clearance Office (DISCO), as well as the facility clearances of the contractors themselves.
c. Contractor facility security officers shall provide the DCIS with verification of security clearances of their personnel working on Fort Bragg, prior to those personnel being allowed to perform work on a classified cont-ract. This applies to all activities on Fort Bragg, to include tenant activities.
d. Should a unit/activity receive a Classified Visit Request (CVR) from a contractor firm, the unit will contact the DCIS Industrial Security repre-sentative to verify that a duplicate request is on file in that office. If such a request is not on file within the DCIS, the unit will notify the cont-ractor that before any company individuals may come to Fort Bragg, a copy of the visit request must be sent to DCIS for approval.
e. Requests for visits shall be furnished in writing (mail, facsimile, or teletype) to the contractor or User Agency (UA) activity being visited (DCIS) in advance of the proposed visit. In exceptional cases, the telephone may be used, provided the visit request is confirmed in writing. Under no circum-stances, however, may visit requests be handcarried to the place being visited. All Category 1 and 2 requests shall contain the following:
(1) Name and address of the activity to be visited;
(2) Name and title of person(s) to be visited;
(3) Name of proposed visitor, his or her date and place of birth, and citizenship (if immigrant alien, so indicate);
(4) Job title or position of the proposed visitor;
(5) Requesting contractor's or UA activity's certification of the level of clearance of the proposed visitor. If the visitor possesses an interim Personal Clearance (PCL), a contractor granted CONFIDENTIAL PCL, or a Letter of Access Authorization (LAA), so indicate. (See paragraph 5-1-7 below for special access requirements).
(6) Purpose and justification for the visit in sufficient detail to allow for a determination for the necessity of the visit -- including the contract, project, or program number or name will assist the DCIS in making this determination;
(7) Date or period during which the request is to be valid;
(8) Requesting contractor's name, address, telephone number, assigned Government Entity (CAGE) identification code number of the contractor and address of the UA activity; and
(9) The requesting contractor's certification of his or her Facility Clearance (FCL) (not required for representatives of the U.S. Government); if the contractor has a reciprocal FCL, so indicate.
f. When visits involve access to classified information requiring special access authorization (i.e., CRYPTO, NATO, or special/limited access programs), the request will, in addition to other requirements:
(1) Specify the program or project,
(2) Specify the level of the information to be released,
(3) Certify that the visitor has been authorized access to such information, and
(4) Identify the office or UA activity granting such authorization.
g. When appropriate, the visit request shall ask approval for subsequent visits within a 12-month period. The contractor or UA activity initiating the visit request shall immediately notify the contractor or activity being visited of any change in the visitor's status, such as the termination of employment, suspension of employment, leave of absence, and the suspension, revocation, administrative termination or the downgrading of clearance, which will require the visit authorization to be cancelled/amended as appropriate, prior to its normal termination date. In the event the initiating contractor's FCL, as indicated in paragraph 5-105i above, has changes in a reciprocal clearance, the initiating contractor shall immediately notify contractors or UA's honoring current visit requests so as to preclude the visitor's access to certain types of classified information, as set forth in
paragraph 2-108, DOD 5220.22-M. A downgrading or termination of the FCL also requires an immediate notification to contractors and UA's honoring current visit requests.
(AFZA-DS/Tel 6-8292)
FOR THE COMMANDER:
OFFICIAL:
FRANK H. AKERS, JR.
Brigadier General, GS
Chief of Staff
//S//
LARRY C. LAUDERDALE
LTC, SC
Director of Information Management
DISTRIBUTION:
A & E
Section I
Required Publications
1. AR 380-1, Department of the Army Guide to Marking Classified Documents, 23 Mar 90
2. AR 380-5, DA Information Security Program, UPDATE, 22 Feb 88.
3. AR 380-10, Disclosure of Information, Visits and Accreditation of Foreign Nationals, 29 Jul 88 (Required for activities which host or could come into contact with foreign personnel).
4. AR 380-13, Acquisition and Storage of Information pertaining to Non-Affiliated Personnel and Organizations, 30 Sep 74 (Required for non-MI units and activities).
5. AR 381-10, US Army Intelligence Activities, 1 Jul 84 (Required for MI units and S2/G2 Staff elements).
6. AR 381-12, Subversion and Espionage Directed Against US Army, (SAEDA)
1 Jul 81.
7. DA Pamphlet 25-380-2, Security Procedures for Controlled Crypto-graphic Items, 10 Jan 91 (Required for activities which have CCI items, e.g. STU-III secure telephones, KG encryption devices or other CCI items).
8. FORSCOM Suppl 1 to AR 380-5, 15 Dec 88.
9. FORSCOM Supplement 1 to AR 380-67, Personnel Security, 15 Feb 90.
Section II
Related Publications.
1. DOD 5200.1-R, Department of Defense Information Security Regulation, Jun 86, w/change.
2. DOD 5220.22-R, Department of Defense Industrial Security Regulation, Dec 85.
3. DOD 5220.22-M, Department of Defense Industrial Security Manual for Safeguarding Classified Information, Jan 91
4. AR 190-13, Army Physical Security Program, 20 Jun 85.
5. AR 340-17, Release of Information and Records From Army Files, 1 Oct 82.
6. AR 381-14, Technical Surveillance Countermeasures (TSCM) (U), 3 Oct 86
7. AR 381-20, US Army Counterintelligence (CI) Activities, 26 Sep 88.
8. AR 530-1, Operations Security, 1 May 91.
9. DA Pamphlet 380-1, Department of the Army Guide to Marking Classified Documents, 23 Mar 90.
10. XVIII Airborne Corps & Fort Bragg Reg 1-201, Inspection Policy, 31 Jul 90.
B-1. IAW the provisions of AR 380-5, Security Managers will conduct inspections of their own organization and subordinate elements of their organization. Three (3) different types of inspections are required. They are:
a. An Annual Announced Inspection
b. An Unannounced, After Duty-Hours Inspection, and
c. Periodic Spot Checks.
B-2. The Announced inspections are to be conducted annually with a formal report of the results prepared, as specified in FORSCOM Supplement 1 to AR 380-5. The original copy of that report will be sent to the Commander/ Director of the organization or subelement which was inspected, and will be retained on file by that organization's Security Manager until the next comparable inspection is conducted. A copy will be maintained in the files of the inspecting Security Manager, subject to review during Security Manager inspection by the next higher headquarters. Security Managers will as a minimum, check for the items listed in the Security Managers Inspection Checklist (see Fig. 1, below).
B-3. The Unannounced Inspection will be conducted annually and will be after duty hours. A written record of the findings will be provided to the inspected organization and a copy maintained for the Commander/Director by the Security Manager conducting the inspection. As this is an "Unannounced" inspection, no advance notice is to be given.
B-4. Periodic Spot Checks will be performed during duty-hours, at least twice annually, more often if indicators exist that reveal a recurring problem area. These spot checks are performed to determine the day-to-day security posture/ attitude of the organization being checked. A written record of spot checks will be maintained for the Commander/Director. It will include the date of the spot check, areas and personnel involved, observations/findings; and, if necessary, corrective actions taken.
B-5. In conducting announced inspections, Security Managers will check the following areas for regulatory/directed compliance, and/or ensure that the ISSO or personnel security officer are following the regulations for their specific areas of responsibility and those actions are in compliance with the requirements of AR 380-5:
a. Information Security, (AR 380-5)
b. Information Systems Security (ADP), (AR 380-19)
c. Personnel Security, (AR 380-67)
d. Security of Controlled Cryptographic Items (CCI), (DA Pam 25-380-2)
e. Internal Controls Checklists (as applicable)
B-6. In preparing a report of an inspection or spot check, Security Managers will remember that unless the deficiency can be specifically identified in a regulation or directive as being a deficiency, it cannot be considered as such. Problems identified but not supported by regulatory guidance or directive, are to be identified as the inspector's comments only.
SECTION I
PREPARATION
1. Identity of Unit/Activity: (Your Unit/Activity).
2. Commander/OIC: (Your Commander/OIC's Name).
3. Security Manager (SM):(Your name),(Alt)(Alt's Name).
Telephone: Comm: (919)123-1234/DSN:ABC-1234/FAX:(if you have one).
4. Date of Inspection:(Date you conducted the inspection).
5. Inspection Officials: (Your name, plus the names of any one who assisted you).
NOTE: For the remaining items, ask yourself if these items apply to your operation. If they do not apply, you have no concern. If they DO apply, ask yourself if you have accomplished the particular item. If you have accom-plished the particular item, again you have no concern. If, however, it applies to your operation and you have NOT accomplished that item, it must be resolved in order that the answer would be in the affirmative.
6. Reviewed report of last inspection?
Dated: (date of the inspection?)
Comments: (What comments resulted from the last inspection, if any)?
7. Reviewed Security Services files?
8. Reviewed Unit/Activity Security SOP?
9. Reviewed next higher HQ Security SOP?
10. Coordinated/Conducted In-brief?
11. Identity of escort(s) accompanying inspector(s)
(Identify any persons from the inspected activity who assisted in the conduct of that inspection)?
SECTION II
PROGRAM MANAGEMENT
1. Is the Security Manager (SM)/Alternate appointed in writing? (Para 13-304a1(a), AR 380-5).
2. Do the SM/Alt. meet Rank/Grade requirements? (Para 2-103, XVIII Abn Corps & FB Reg 380-5).
3. Has the SM received training in duties/responsibilities of a SM? (Para 13-304b, AR 380-5).
4. Has the SM conducted annual review of class. holdings in writing? (Para 13-304c1(g), AR 380-5, FORSCOM Suppl).
5. Are there posters identifying the SM by name/means of contact displayed throughout the command? (Para 13-304c1, FORSCOM Suppl to AR 380-5).
6. Does the Unit Security SOP implement programs required by AR 380-5? (Para 13-304a1(b), AR 380-5).
7. Does the SM take appropriate action to correct deficiencies noted during security inspections? (Para 13-304, AR 380-5).
SECTION III
INSPECTION PROGRAM
1. Does the SM conduct required Annual Announced Security Manager Inspections (AASMIs) of their activity as well as subordinate SMs? (Para 13-304c1(h), AR 380-5).
2. Does the SM conduct required Unannounced After-Duty Hours Inspections (UADHIs) of subordinates? (Para 13-304c1(h), AR 380-5).
3. Does the SM conduct required Duty Hour Spot Checks? (Para 13-304c1(h), AR 380-5).
4. Does the SM maintain required reports of:
a. Annual announced SMIs from higher HQ?
b. Announced SMIs of lower?
c. Duty Hour Spot Checks?
d. UADH Security Inspections?
e. IG Inspections?
5. Is the overall Inspection program adequate?
SECTION IV
ACCESS AND DISSEMINATION
1. Does the SM maintain a current security Access Roster? (Para 7-100a, AR 380-5).
2. Are personnel w/access properly cleared? (Para 7-100a, AR 380-5).
3. Are "Need-to-know" principles used in dissemination of classified? (Para 7-100a, AR 380-5).
4. Are appropriate security measures and access rosters used for classified conferences/meetings? (Para 5-205, AR 380-5).
5. Are adequate procedures in effect for handling foreign visitors? (Para 7-102, AR 380-5).
6. Is foreign disclosure strictly IAW applicable regulations? (Para 7-102, AR 380-5).
7. Are Special Access Programs (SAPs) used within the command?
(Para 12-101, AR 380-5). (If not, you have no concern and may skip to question 10)
8. Are SAPs closely monitored/only essential personnel included? (Paras 12-100b/12-107, AR 380-5).
9. Is documentation for DA approved SAPs maintained at DCSINT, DA? (Para 12-101, AR 380-5).
10. Is handcarry of classified kept to an absolute minimum? (Para 8-300, AR 380-5).
11. Are personnel who are authorized to hand-carry classified briefed and given written documentation? (Para 8-300d,f, AR 380-5).
12. Does the SM maintain a list of all classified being handcarried? (Para 8-300e, AR 380-5).
13. Does the SM maintain briefing certificates on individuals
authorized to hand-carry classified material? (Para 8-300f, AR 380-5).
14. Are adequate procedures in effect to verify clearances of contractor personnel? (Para 7-105, AR 380-5).
SECTION VI
SECURITY EDUCATION
1. Are initial security briefings given to all personnel upon arrival? (Para 10-102, AR 380-5).
2. Are SAEDA classes given annually for all personnel? (Para 10-103, AR 380-5).
3. Are unit personnel aware of SAEDA program reporting requirements? (Para 10-101, AR 380-5).
4. Are information security classes (AR 380-5) given annually?
(Para 10-101 and 10-103, AR 380-5).
5. Are appropriate personnel made aware of the prohibitions and/or reporting requirements of ARs 380-13/381-10? (Para 10-106b4, AR 380-5).
6. Are adequate foreign travel briefings conducted? (Para 10-104, AR 380-5).
7. Are Security Termination statements executed as required? (Para 10-105, AR 380-5).
8. Are Security Termination Statements maintained for 2 years? (Para 10-105c, AR 380-5).
9. Does the SM maintain/have access to required training records (AR 380-5/381-12 training, etc.) (Para 13-304b1(b), AR 380-5).
10. Is the Security Education program adequate? Are unit personnel aware.
SECTION VII
SECURITY VIOLATIONS (Chapter 6, AR 380-5)
1. Are unit personnel aware of the need to report security violations? (Para 6-102, AR 380-5).
2. Is the SM aware of and do they train personnel on correct procedures for reporting violations (Para 6-102,AR 380-5)
3. Is the SM aware of action requirements in the event of a violation, loss or compromise (notification, suspenses, etc.)? (Para 6-102b, AR 380-5).
4. Does the SM notify DCIS of security incidents requiring reports of Preliminary Inquiries (PI's) /AR 15-6 investigations? (Para 6-105, AR 380-5).
SECTION VIII
REPRODUCTION AND DISTRIBUTION (Chapter 7, AR 380-5)
1. Is reproduction equipment properly certified and is the certification posted? (Para 7-305c, AR 380-5).
2. Are required forms and reproduction SOP posted? (Para 7-305c/d, FORSCOM Suppl AR 380-5).
3. Does the reproduction SOP provide adequate guidance/controls?
(Para 7-305, AR 380-5).
4. Are approval authorities designated in writing by position title? (Para 7-305c, AR 380-5 w/Suppl).
5. Are records of reproduction approval authorization (DA FORM 3964) for TOP SECRET documents, classified material covered by special access programs distributed outside the originating agency, and SECRET and CONFIDENTIAL documents that are marked with special dissemination and reproduction limitations maintained for two years? (Para 7-305g, AR 380-5).
6. Is the system for Continuous Administrative Accountabilty (CAA) adequate? (Para 8-202, AR 380-5 and FORSCOM Suppl 1).
7. Is CAA properly used? (Para 7-301, AR 380-5)
8. Do distribution personnel/mail clerks have SECRET clearances? (Para 7-100, AR 380-5).
9. Are internal/external distro/mail procedures adequate and understood by all personnel? (Para 7-100, AR 380-5).
10. Is a GSA Approved container available to secure unopened
Official Mail, (US Registered and US 1st Class w/caveat)?
(Paras 8-102 & 8-103, AR 380-5).
SECTION IX
CONTAINER/STORAGE AREAS (Paras 5-100, 5-200, AR 380-5)
1. Are Containers GSA Approved? (Para 5-102, AR 380-5)
2. Do Non-GSA approved containers have exception-to-policy
letter posted? (Para 5-102b, FORSCOM Suppl to AR 380-5)
3. Is the SF Form 700 properly used? (Para 5-104, AR 380-5)
a. Is the Daily Activity Security Checklist (SF Form 701) properly used? (Para 5-202, AR 380-5)
b. Is the Security Container Check Sheet (SF Form 702) properly used? (Para 5-202, AR 380-5)
4. Has a control container been designated? (Para 5-104b3(d), FORSCOM Suppl to AR 380-5)
5. Containers have proper ID markings? (Para 5-104a, AR 380-5)
6. Emergency Evacuation Plan posted, practiced and viable? (Para 5-203a, FORSCOM Suppl to AR 380-5)
7. Combinations to containers current? (Para 5-104, AR 380-5)
8. Are containers/drawers appropriately marked w/priority? (Para 5-203e, FORSCOM Suppl to AR 380-5)
9. Are unrelated classified/unclassified material separated?
(Para 5-100c, FORSCOM Suppl 1 to AR 380-5).
10. Cover sheets available/properly used? (Para 5-201a, AR 380-5)
11. If an Open Storage area exists: (Para 5-102b, FORSCOM Suppl to AR 380-5)
a. Is it currently certified?
b. Is it manned/guarded at all times while open?
c. Is an access badge system and a Visitor Sign-In/Out log used?
SECTION X
MARKINGS (Chapter 4, AR 380-5)
1. Classified documents have correct overall markings? (Para 4-200, AR 380-5).
2. Correct portion markings? (Paras 4-201 & 4-202, AR 380-5).
3. Correct "CLASSIFIED BY/DECLASSIFY ON" markings applied? (Para 4-103, AR 380-5).
4. Is the unit aware of need to review holdings for downgrading/declassification? (Para 3-202, AR 380-5).
5. Are classified working papers correctly marked/dated? (Para 7-304a, AR 380-5).
6. Is classified material other than documents correctly marked? (Para 4-200, AR 380-5).
7. Are classification markings applied in black or dark ink to facilitate reproduction? (Para 4-200c, AR 380-5).
8. How many linear feet of TOP SECRET/SECRET/CONFIDENTIAL material does the unit maintain?
9. What percentage of each classification level did you check? (Must be at least ten percent).
SECTION XI
CLASSIFICATION, DECLASSIFICATION & DOWNGRADING (Chapter 2, AR 380-5)
1. Does the unit generate classified material?
2. Are personnel aware of classification guidance (compilation, level of source documents, etc)? (Para 2-200, AR 380-5).
3. Is material of questionable classification protected until a security determination is made? (Para 2-600, AR 380-5).
4. Does the SM assist in resolving classification questions? (Para 13-304a, AR 380-5).
5. Are additional protective markings applied as required (NOFORN, WINTEL, etc.)? (Para 4-503, AR 380-5)
6. Are declassification dates applied whenever possible? (Para 4-400, AR 380-5).
7. Are OADR markings used only when required? (Para 4-103, AR 380-5).
8. Do record (originals) copies of documents citing "CLASSIFIED BY: MULTIPLE SOURCES" have a listing of all sources attached to the back of the document? (Para 4-104a3, AR 380-5).
9. Are files maintained on challenges/requests for clarification of classification? (Para 2-103, AR 380-5).
10. Is there an adequate Classified Holdings Review process in effect in the command and only mission-essential documents maintained? (Para 3-202, AR 380-5).
SECTION XII
ENTRY/EXIT INSPECTION PROGRAM (EEIP)
1. Does the unit conduct EEIP IAW FORSCOM directive?
(Para 5-300, FORSCOM Suppl to AR 380-5).
2. When was last EEIP conducted?
3. Does the unit maintain records of EEIP? (Para 5-301f, AR 380-5 & FORSCOM Suppl 1).
4. Does the unit provide reports of EEIP to DCIS? (Para 5-303, FORSCOM Suppl to AR 380-5).
5. Has the unit experienced any problems w/EEIP? (Para 5-303c, AR 380-5).
6. Has the unit conducted EEIP during the last quarter? (Para 5-300g1(i), FORSCOM Suppl)
7. Does the unit notify DCIS of violations found during EEIP? (Para 5-303c, AR 380-5 & Suppl).
8. Does the unit have a POC identified to contact when violations are found? (Para 5-301f,Suppl)
9. What measures are taken by the unit when violations are noted during the EEIP?
SECTION XIII
OVERALL EVALUATION AND COMMENTS
1. Is the Information Security Program integrated with other security programs (ADP Security, TEMPEST, COMSEC Control, etc.)?
2. What areas need to be recommended for command emphasis?
3. What areas that need to be addressed to a higher headquarters
(systemic problems)?
4. What is the overall evaluation of the command's Information Security Management Program?
5. What are the inspectors' comments?
SECTION I
PREPARATION
1. Identity of Unit/Activity: (Your Unit/Activity).
2. Commander/OIC: (Your Commander/OIC's Name).
3. Security Manager (SM):(Your name),(Alt)(Alt's Name).
Telephone: Comm: (919)123-1234/DSN:ABC-1234/FAX: ?
4. Date of Inspection:(Date you conducted the inspection).
5. Inspection Officials: (Your name, and those who assist).
NOTE: For the remaining items, ask yourself if these items apply to your operation. If they do not apply, you have no concern. If they DO apply, ask yourself if you have accomplished the particular item. If you have accomplished the particular item, again you have no concern. If, however, it applies to your operation and you have NOT accomplished that item, it must be resolved in order that the answer would be in the affirmative.
6. Did you review the report of the last inspection? When?
What comments were made in that report?
7. Has the SM reviewed the Security Services files?
8. Has the SM reviewed Unit/Activity Security SOP?
9. Has the SM reviewed next higher HQ Security SOP?
10. Was an In-brief coordinated/conducted?
11. What persons escorted/accompanied the inspector(s)?
SECTION II
PERSONNEL SECURITY (AR 380-67)
1. Are proper procedures for processing personnel security clearances followed/based on actual need? (Para 2-501, AR 380-67)
2. Are lists of civilian sensitive positions maintained in current status? (Para 3-103, AR 380-67).
3. Are incumbents of critical-sensitive positions required to submit a PR every 5 years? (Para 3-703, AR 380-67).
4. Are military personnel with an MOS requiring eligibility to SCI the subject of a PR every 5 years? (Para 3-703.1, AR 380-67)
5. Is a system set up to notify those in paras 3 and 4 above at the 4 year, 6 month point that their PR is due? (Pers. Scty Msg 9-88).
6. Are TS clearances based on investigations over 5 years old being reissued at the SECRET level if individual does not need it for MOS qualification/ access? (Para 7-103 and Pers Scty Msg 9-88)
7. Are persons with an MOS requiring eligibility to SECRET or who require access the subject of a SECRET PR every 15 years? (Msg, SECRET PR Prgm, 061900Z Jun 91, DAMI-CIS, 050825Z Jun 91)
8. Are SECRET clearances based on investigations over 15 years old being reissued at the CONFIDENTIAL level if individual does not need it for MOS qualification/access? (Msg, SECRET PR Prgm, 061900Z Jun 91, DAMI-CIS, 050825Z Jun 91)
9. Are DD Forms 398 submitted for SSBI's or SSBI-PR's furnished to subject's immediate supervisor for review? (Para 9-102, AR 380-67)
10. Are investigations promptly cancelled if circumstances dictate? (App C-1e, AR 380-67)
11. Is derogatory information, applicable to criteria of para 2-200, reported to CCF? (Para 8-101, AR 380-67)
12. Is a suspense system set up to ensure follow-up reports are submitted at 90-day intervals? (Para 8-101b(2), AR 380-67)
13. Are subjects of adverse actions advised of their right to appeal? (Para 8-201b, AR 380-67)
14. Is suspense file maintained for Letters of Intent? (Para 8-201b, AR 380-67)
15. Are SF 189s or SF 312s executed and maintained for all personnel with a security clearance? (Ch 2, DA Cir 380-85-1)
16. Are those authorized to conduct Local Records Checks and SCI interviews designated in writing? (Para 2-308d(2), AR 380-67)
SECTION I
PREPARATION
1. Identity of Unit/Activity: (Your Unit/Activity).
2. Commander/OIC: (Your Commander/OIC's Name).
3. Security Manager (SM):(Your name),(Alt)(Alt's Name).
Telephone: Comm: (919)123-1234/DSN: ABC-1234/ FAX:(if you have one).
4. Date of Inspection: (Date you conducted the inspection).
5. Inspection Officials: (Your name, plus the names of any one who assisted you).
NOTE: For the remaining items, ask yourself if these items apply to your operation. If they do not apply, you have no concern. If they DO apply, ask yourself if you have accomplished the particular item. If you have accomplished the particular item, again you have no concern. If, however, it applies to your operation and you have NOT accomplished that item, it must be resolved in order that the answer would be in the affirmative.
6. Did you review the report of the last inspection?
When was it dated?
What comments were made in that report?
7. Has the SM reviewed the Security Services files?
8. Has the SM reviewed Unit/Activity Security SOP?
9. Has the SM reviewed next higher HQ Security SOP?
10. Was an In-brief coordinated/conducted?
11. What persons escorted/accompanied the inspector(s)?
SECTION II
1. Has the MSC/Staff activity appointed an Assistant Information Systems Security Manager (AISSM) or an Information Systems Security Officer (ISSO), in writing? (Para 1-6, AR 380-19 and paras 1-6d(1a) & (2b) FORSCOM Suppl to AR 380-19)
a. Has the AISSM/ISSO attended the Information Systems Security Course (ISSC) or equivalent? (Para 2-16, AR 380-19)
b. Does the AISSM/ISSO have experience with and/or have knowledge of computer commands and operations? (Para 1-6d(2b), FORSCOM Suppl 1 to AR 380-19).
2. Does the AISSM/POC have a listing of all ISSOs and NSOs for contact purposes? (Para 1-6, AR 380-19 and para 1-6d(1a), FORSCOM Suppl 1 to AR 380-19).
3. Has the MSC/Staff activity appointed a unit/section Network Security Officer (NSO) and/or a Terminal Area Security Officer (TASO), in writing (when applicable)? (Para 1-6, AR 380-19 and paras 1-6d(1a) & (2b) FORSCOM Suppl to AR 380-19).
a. Has the NSO/TASO attended the ISSC or equivalent? (Para 2-16, AR 380-19).
b. Does the NSO/TASO have experience with and/or have knowledge of computer commands and operations? (Para 1-6d(2b), FORSCOM Suppl 1 to AR 380-19).
4. Are required references available for the Information Systems Security Program (ISSP) personnel? (Para 1-2, AR 380-19).
5. Have all automated information systems (AIS) personnel (personnel who have access to or use the AIS), been given an appropriate security briefing upon assignment to the activity and prior to beginning their assigned duties? (Para 2-16, AR 380-19).
6. Is an inventory of all AIS maintained for systems within AISSM/ISSO/NSOs area of responsibility? (Para 2-14, AR 380-19).
7. Is an inventory of software maintained by the ISSO/NSO? (Para 2-4, AR 380-19).
8. Has a system been established to control installation and/or use of unauthorized software on AIS? (Para 2-4, AR 380-19).
9. Is a current version of anti-virus software installed (no more than 2 versions older than current version), IAW Fort Bragg Anti-Virus Instructions & General Information? (XVIII Airborne Corps Master Policy Letter #6).
10. Are all personnel who use an AIS, trained in the procedures for scanning of disks for viruses? (XVIII Airborne Corps Master Policy Letter #6 and Fort Bragg Installation Instructions and General information).
11. Have procedures been established to report suspected or actual virus infections to AISSM/ISSO, and reporting to the ISSM (DCIS)? (XVIII Airborne Corps Master Policy Letter #6 and Fort Bragg Installation Instructions and General information).
12. Has the equipment been properly marked as indicating that
the property belongs to the US Government? (XVIII Airborne Corps Master Policy Letter #6).
13. Are AIS assets protected with cost-effective security measures and in compliance with physical security and procedural requirements? (Paras 2-13 & 2-19, AR 380-19).
14. Are all AIS or Network AIS accredited/certified IAW AR 380-19? (Para 3-1, AR 380-19).
15. Are the accreditation/certification approval letters on file? (Para 3-7, AR 380-19).
16. If a password system is used, do the AISSM/ISSO/NSOs generate, issue, and change passwords IAW AR 380-19? (Para 2-15, AR 380-19).
17. Has an automation SOP been established? Is it being utilized by systems users? (Para 2-3, AR 380-19).
18. Are procedures in place for reporting known/suspected security violations/incidents to the Installation ISSM? (Para 2-28, AR 380-19).
19. Are procedures in place which properly safeguarded diskettes/data/ hardware to prevent unauthorized duplication or tampering? (Paras 2-13(2), 2-14c(4) & 2-24, AR 380-19).
20. Do AIS have appropriate classification labels affixed: (Para 2-20, AR 380-19).
a. Unclassified warning labels "THIS EQUIPMENT WILL NOT BE USED TO PROCESS CLASSIFIED MATERIAL"? (Para 2-20b, FORSCOM Suppl 1 to AR 380-19).
b. Classification label for notebook/laptop computers (inside and out of cover)? (Para 2-27, AR 380-19).
21. Are procedures in place which limit access to the data and equipment to only those personnel properly cleared and/or with a need to know? (Para 2-3a(6), AR 380-19 and para 7-100, AR 380-5).
22. Are unclassified diskettes, ribbons, etc., properly marked when unclassified data is processed in the same general area as classified? (Para 2-20b, AR 380-19).
23. Are all classified materials (i.e., diskettes, ribbons, etc.) marked and stored IAW appropriate guidelines/regulations? (Para 5-201, AR 380-5).
24. Is classified information that is being processed on systems with non-removable hard drives being properly protected? (Is the system in an area approved for open storage? Is the system stored in a GSA approved security container?) (Para 2-13 & 2-22, AR 380-19).
25. Is all classified information transmitted only by secure means? (Para 4-2, AR 380-19).
26. Is unclassified-sensitive information protected in transmission by NSA-approved techniques or has a waiver been approved for the transmissions? Is waiver on file? (Para 4-3(b&c), AR 380-19).
27. Are privately owned computers being used to process Government data at the unit/activity? (This response should be a negative. If affirmative, answer question 28). (Para 2-25, AR 380-19 and XVIII Airborne Corps Master Policy Letter #6).
28. Is an approval letter to use privately owned computers on file? (Para 2-25, AR 380-19 and XVIII Airborne Corps Master Policy Letter #6)
SECTION III.
What overall comments does the inspector have regarding AIS security?
SECTION I
PREPARATION
1. Identity of Unit/Activity: (Your Unit/Activity).
2. Commander/OIC: (Your Commander/OIC's Name).
3. Security Manager (SM):(Your name),(Alt)(Alt's Name).
Telephone: Comm: (919)123-1234/DSN:ABC-1234/FAX:(if you have one).
4. Date of Inspection:(Date you conducted the inspection).
5. Inspection Officials: (Your name, plus the names of any one who assisted you).
NOTE: For the remaining items, ask yourself if these items apply to your operation. If they do not apply, you have no concern. If they DO apply, ask yourself if you have accomplished the particular item. If you have accomplished the particular item, again you have no concern. If, however, it applies to your operation and you have NOT accomplished that item, it must be resolved in order that the answer would be in the affirmative.
6. Did you review the report of the last inspection? When?
What comments were made in that report?
7. Has the SM reviewed the Security Services files?
8. Has the SM reviewed Unit/Activity Security SOP?
9. Has the SM reviewed next higher HQ Security SOP?
10. Was an In-brief coordinated/conducted?
11. What persons escorted/accompanied the inspector(s)?
SECTION II
1. Does the unit/activity have CCI devices?
2. If so, have the following actions been taken:
a. Is the CCI stored keyed within the facility and protected to the required classification level? (DA Msg 151704Z Oct 90, & para. 2-14, AR 380-40).
b. Is CCI key secured as required within GSA approved security containers when stored within the facility? (DA Msg 151704Z Oct 90).
c. Is the CIK removed from the STU-III at the end of the duty day and are appropriate security checks made and recorded of these checks? (DA Msg 151704Z Oct 90).
d. Are all personnel granted access to CCI key devices and
materials properly cleared to the level authorized for processing? (Para 2-1, AR 380-40).
e. Are inventories of CCI materials and devices conducted on the required minimum basis and are records of these inventories available? (Para 2-1, DA PAM 25-380-2).
f. Is CCI stored as required for unkeyed CCI? (Para 2-7, DA PAM 25-380-2).
g. Is an access discrepancy report submitted as required upon detection? (App B, DA PAM 25-380-2).
h. Are personnel familiar with recognition and reporting procedures for CCI incidents? (App B, DA PAM 25-380-2).
i. Is CCI material properly prepared and inspected prior to shipment? (App C, DA PAM 25-380-2).
j. Are personnel indoctrinated in security standards and procedures for CCI? (Para 3b, FORSCOM Memo on CCI, 11 Jul 89).
k. Are security managers periodically conducting CCI training classes? (Para 3b(2), FORSCOM Memo on CCI, 11 Jul 89).
l. Are emergency procedures adequate for the protection of CCI? (Para 3c(3), FORSCOM Memo on CCI, 11 Jul 89).
m. Do all STU-IIIs installed in on-post quarters have the appropriate approval from MACOM commander? (FORSCOM Memo on STU III, 1 Aug 90).
n. Have all users been instructed/provided guidance and security procedures for use of a STU III in on-post quarters? (FORSCOM Memo on STU-III, 1 Aug 90).
o. Is a safe provided for on-post quarters when the STU-III is installed? (FORSCOM Memo on STU-III, 1 Aug 90).
p. Do STU-IIIs used in off-post quarters have appropriate approval from the MACOM Commander? (FORSCOM Memo on STU-III, 1 Aug 90).
q. Have all users been instructed/provided guidance and security proce-dures for use of a STU-III in off-post quarters? (FORSCOM Memo on STU-III, 1 Aug 90).
SECTION III
What overall comments does the inspector have regarding CCI security?
C-1. Purpose. To establish and maintain an inspection program to deter and detect the unauthorized introduction or removal of classified material from buildings and activities on Fort Bragg and subinstallations of Fort Bragg where classified work is usually performed. This program will implement the provisions of AR 380-5 and FORSCOM Supplement 1 thereto, paragraph 5-300 thru 5-303; however, it does not replace any existing policies or procedures for facility and installation security nor does it replace any law enforcement requirements.
C-2. Policy.
a. This policy applies to all units, staff sections, directorates, and activities located on Fort Bragg or a subinstallation of Fort Bragg under the command jurisdiction of Headquarters, XVIII Airborne Corps and Fort Bragg.
b. The Entry and Exit Inspection Program (EEIP) is a DOD directed program intended to deter and detect unauthorized introduction or removal of classi-fied material from buildings and activities.
c. The Directorate of Counterintelligence and Security, (DCIS), XVIII Airborne Corps and Fort Bragg, is responsible for the implementation and management of the installation EEIP. Commanders (and staff activity directors where applicable) are responsible for implementation and management of this program within their units/activities, down to Brigade level.
d. Non-FORSCOM units and activities, MSCs, and tenant activities located on Fort Bragg or on a subinstallation of Fort Bragg, are expected to comply with DOD EEIP policy.
e. Inspections carried out under this program shall be conducted in a manner:
(1) That does not interfere unduly with the performance of assigned missions.
(2) That does not significantly disrupt the ingress or egress of persons to Fort Bragg buildings and activities.
(3) That, to the extent feasible, be limited to areas where classified work is usually performed.
(4) That provides a credible deterrent to those who would be inclined to remove classified material without authorization.
f. DD Form 2501 (Courier Authorization Card), is a serial numbered, wallet-size card, and will be issued by Security Managers to personnel required to handcarry classified infor-mation locally within designated geographical limits. A 200 MILE driving radius of Fort Bragg is established as the maximum geo-graphical limit for use of the DD Form 2501.
g. All individuals, regardless of rank, entering or exiting a building where an EEIP is being conducted are subject to inspection by designated personnel, and will have a DD Form 2501 or other written courier authorization in their possession at all times when couriering classified material between Fort Bragg buildings and activities.
h. Inspection will not be conducted on the individuals person, and shall be limited to that which is necessary to determine whether classified material is contained in briefcases, shoulder or handbags, luggage, athletic bags, packages, and other similar containers carried into or out of the facility by visitors and employees.
i. Inspection will not be conducted on items that are obviously personal, such as wallets, change purses, clothing, cosmetic cases, or other objects of a usually personal nature.
j. Inspection will be conducted as prescribed by AR 380-5 and FORSCOM Supplement 1, paragraph 5-300 thru 5-303.
k. Major Subordinate Commands (MSCs) shall establish an entry/exit ins-pection program within their headquarters (down through brigade level). A copy of the MSC entry/exit inspection program SOP shall be forwarded to the DCIS, ATTN: AFZA-DS-C, NLT 20 days following the implementation of this regulation. Inter-agency Reports Control Number IRCN-0230-GSA applies.
C-3. Procedures.
a. Commanders will ensure each individual designated to perform duty as an EEIP inspector is officially appointed in writing, citing AR 380-5 as authority. (Example at Figure C-1)
(1) The DCIS will ensure that all XVIII Airborne Corps and Fort Bragg Installation staffs, units and activities conduct Entry and Exit Inspections for a minimum total of six hours per quarter.
(2) MSCs and tenant activities will each conduct EEIPs a minimum of two (2) hours per quarter.
b. Inspections may be conducted on a random basis using standards such as: all personnel, every other person, or every third person, etc.
c. Continuous inspections may be conducted in lieu of random inspections; that is, inspection of all individuals entering or exiting a facility during the designated period. Either method may be chosen for a particular inspection period; however, once chosen, the method must be consistent throughout the inspection period.
d. Commanders of units/activities listed will submit a report of inspections completed to the Directorate of Counter-intelligence and Security, ATTN: AFZA-DS-C, NLT 10 working days following the end of each calendar quarter. (Report format is at Figure C-2).
e. Prior to commencing inspections, commanders will:
(1) Ensure all individuals appointed as inspectors are fully trained in their responsibilities under this program IAW AR 380-5, paragraph 5-300g1(a) thru (i).
(2) Predesignate a control center for referral of individuals found couriering classified material without authorization. (i.e., Visited Unit's Security Office).
f. Inspectors require a security clearance. However, inspectors will not be required to "read" documents during inspections. Inspectors will check for cover sheets and other acceptable methods of transporting classified material
such as opaque envelopes, briefcases, etc., as well as ensuring all couriers have a valid DD Form 2501 in their possession.
g. If classified information is found during an inspection, the indiv-idual in possession of the classified material will be asked to present a DD Form 2501, written courier orders, or other documented proof of authorization to handcarry classified material. If the individual does not have such authorization, he or she will be referred to the unit/activity's predesignated control center for further action.
h. The date, time of day, name, rank/grade, and unit/activity of assign-ment of all individuals referred to the control center will be entered in an inspection log and reported to DCIS quarterly. (Figure C-2).
i. In all cases, when an inspector cannot verify the authority of an individual for removal of classified material from the employing office, the commander/supervisor will be notified to take necessary action.
C-4. DD Forms 2501 are issued by DCIS to G2/S2/Security Managers of principle XVIII Airborne Corps, installation, and 82nd Abn Div staff, MSCs, separate battalions, tenant activities, and subinstallations.
a. Issue of DD Forms 2501 to couriers will be controlled as prescribed by this regulation.
b. Accountability of DD Forms 2501 will be an item of interest during annual security inspections.
c. The expiration date of DD Forms 2501 will not exceed one year from date of issue.
d. Security Managers will destroy all expired or invalidated DD Forms 2501. The serial number of DD Forms 2501 lost or destroyed will be annotated in Security Managers control log.
e. Extra DD Forms 2501 maintained by Security Managers will be safeguarded in a locked container.
f. Control logs and related forms will be maintained under MARKS file number 380-5d, Classified Material Access Files, DEST on transfer, reassignment, or separation of the person, or when obsolete.
(OFFICE SYMBOL) (380-5d) Date:
MEMORANDUM FOR SEE DISTRIBUTION
SUBJECT: Appointment of Entry and Exit Inspection Program (EEIP)
Inspector
1. Effective (date), John A. Doe, 000-00-0000, (ID Card No.), (unit/activity) is assigned the following special duty.
EEIP Inspector
2. AUTHORITY: AR 380-5, paragraph 5-300
3. PURPOSE: To perform duties as Inspector for the XVIII Airborne Corps and Fort Bragg, Activity Entry and Exit Inspection Program.
4. PERIOD: (Inclusive dates)
5. SPECIAL INSTRUCTIONS: All individuals appointed as inspectors under the Activity Entry and Exit Inspection Program must receive required training as prescribed by AR 380-5, paragraph 5-300g1(a) thru (i).
COMMANDER
(Signature Block)
DISTRIBUTION:
XXXXXX XXXXX
XXXX
DCIS
Inspection Program (EEIP) Inspector.
(OFFICE SYMBOL) (380-5d) DATE
MEMORANDUM FOR Director of Counterintellligence and Security,
ATTN: AFZA-DS, Fort Bragg, NC 28307-5000
SUBJECT: Report of EEIPs Conducted for (1st, 2d, 3d, 4th Qtr),(year)
1. During (1st, 2d, 3d, 4th Qtr), (year), Entry and Exit Inspections were conducted at the following locations:
a. (unit/activity) (total hours)
b. (unit/activity) (total hours)
2. Number of incidents of persons found handcarrying classified material without a DD Form 2501 in their possession: (if none, so state)
3. Remarks: (Disposition of incidents, if any, from paragraph 2 above).
4. POC/unit/telephone.
COMMANDER
Signature Block
D-1. Handcarrying classified information aboard commercial passenger aircraft is an exception to Department of the Army policy. Each time an individual carries classified material aboard a commercial aircraft, the potential for loss, compromise through carelessness, theft or confiscation and subsequent disclosure through hijacking, increases. Even sleeping on an airplane by a courier is unacceptable when the security of classified defense information is at stake. Any loss or compromise could result in damage to national security.
D-2. Classified material shall not be handcarried unless there is neither time nor means available to move the information in the time required to accomplish operational objectives by other approved methods. The appropriate official shall authorize the handcarry in writing to the individual who is to handcarry the classified material. The courier must be properly cleared.
D-3. Request for exception to policy shall not be submitted merely for convenience or because there was a lack of prior planning. A true priority/ emergency must exist. A request to handcarry shall not be submitted if an agency at the TDY location has the material or if there is sufficient time to mail the material. If handcarrying of classified material is required, a request (Figure D-1) will be submitted to the security manager for approval and issuance of a courier certificate.
D-4. Justifications for handcarry are extremely important since they are the basis for the approval/disapproval of request. Requests for handcarry OCONUS will be forwarded to DCIS.
D-5. Arrangements must be made in advance for overnight storage in a GSA approved container when stopovers are involved. Classi-fied material will be prepared as if for mailing, double-wrapped, addressed, and contained in a suitable package or briefcase which will be kept in the handcarrier's possession at all times. The individual designated as the courier will have the authorized identification named in his Memorandum of Authorization to Handcarry in their possession.
D-6. The courier will ensure that the material is not read, studied, displayed, or used in any manner in public places or conveyances. Couriers must keep the material in their possession and under their control at all times. At no time will the material be left unattended or in a locked vehicle, car trunk, luggage rack, or other unsecured location. Couriers will leave a complete list of all classified material being handcarried with
their unit/section security manager. Couriers will be briefed by the security manager on restrictions, procedures, and authori-zation concerning handcarrying classified material (See Figure D-3).
a. The classified material may be inspected by X-ray examination. The material will contain no metal bindings and must be in sealed envelopes or packages. Packages may also be inspected by flexing, feel, weight, etc. Opening of the envelopes containing classified material by screening personnel is not authorized.
b. The memorandum authorizing the individual to carry classified material will be presented to carrier/security personnel upon request.
D-7. Requests for exception to policy will contain a signed statement indicating that an emergency does exist which precludes the mailing of classified material.
D-8. Request will be submitted to DCIS, ATTN: AFZA-DS-C.
D-9. Couriers will use US Flag aircraft at all times.
D-10. Sensitive Compartmented Information (SCI). The transfer of Sensitive Compartmented Information must be coordinated with the servicing Special Security Office (SSO). Likewise, NATO information must be coordinated with the Classified Records Repository. Both types of material require special controls and documentation which differ from those established in AR 380-5 for collateral Classified Military Information (CMI).
AFZA-XX (380-5d) DATE:
MEMORANDUM FOR Director of Counterintelligence and Security
SUBJECT: Request to Handcarry Classified Information Aboard Commercial Passenger Aircraft - (CONUS) or (OCONUS)
1. Request an exception to policy authorizing the individual(s) identified below to handcarry classified information on commercial aircraft. Information required by AR 380-5, paragraph 8-303b, and FORSCOM Supplement 1 thereto, follows:
FULL NAME OF COURIER: _____John E. Doe_________
GRADE: MAJ
SSN: 000-00-0000
ID CARD NUMBER: J000000
UNIT/ACTIVITY: Corps G3
PHONE: 6-4321
DUTY POSITION: Plans Officer
SECURITY CLRC: TS
REASON FOR TDY: Attend Planning Conference for Exercise Bold Dragon
CLASSIFICATION OF MATERIAL TO BE HANDCARRIED: SECRET
TYPE OF MATERIAL: SECRET OPLANS and Briefing Material
DESCRIPTION OF PACKAGE: (Include Addressee on Package)
JUSTIFICATION: (Note: Specific reason the material couldn't be transmitted by other means to the destination in sufficient time for the stated purpose must be included. Also include the adverse effect on mission accomplishment if request is denied, etc.)
ITINERARY:
Depart Date Time Airline Flt Arrive Date Time
Fytvl 10Jan90 0600 ASA 1234 Atlanta 10Jan 0830
Atlanta 10Jan90 0930 Delta 567 JFK 10Jan 1200
JFK 10Jan90 1330 AA 78 Fkft 11Jan 0600
Fkft 17Jan90 1400 PA 89 JFK 17Jan 1430
JFK 17Jan90 1545 Delta 69 Char 17Jan 1815
Char 17Jan90 1900 ASA 5782 Fytvl 17Jan 2030
INTRANSIT STORAGE ARRANGEMENTS: Documents will be double wrapped, properly addressed and stored in a locked briefcase for travel.
STORAGE ARRANGEMENTS AT TDY LOCATION: Documents will be stored in a GSA approved security container at HQ, USAREUR, during TDY period.
JUSTIFICATION FOR HANDCARRY ON RETURN TRIP: (Explain why documents are needed prior to earliest date received if sent by USPS.)
2. I certify that the material to be handcarried is not present at the destination and is urgently needed for the specified mission essential purpose.
(SIGNATURE BLOCK)
1. FULL NAME: Self-explanatory
2. SSN: Self-explanatory
3. SECURITY CLEARANCE: Self-explanatory
4. DUTY POSITION: Self-explanatory
5. ID CARD NUMBER: Self-explanatory
6. OFFICE PHONE: Self-explanatory
7. RANK OR GRADE: Self-explanatory
8. REASON FOR TDY: Provide the specific reason for TDY;
example: planning conference for Exercise Troubled Water (U), briefing for USAR unit, etc.
9. CLASSIFICATION OF MATERIAL TO BE HANDCARRIED: Self-explanatory
10. TYPE OF MATERIAL: Example: Briefing slides and text, OPLAN, film, etc.
11. DESCRIPTION OF PACKAGE: Provide the dimensions, in inches, of the package(s)/ envelope(s), (example: two envelopes, 11" x 9" x 1 1/2") and to whom the package/ envelope is addressed at TDY location.
12. JUSTIFICATION: Provide specific reason(s) which precludes
the material from being mailed to the TDY locations. Remember, handcarry is an exception to policy NOT the policy.
13. ITINERARY: List all stops even if the courier will not deplane the aircraft. Include all changes in airlines and modes of travel (POV, rented vehicle, etc.) If requesting to handcarry on the return trip, include the return trip itinerary.
14. INTRANSIT STORAGE ARRANGEMENTS: If it will be required to store the material while enroute, provide the location and facility at which it will be stored. Arrangements to do this must be made in advance and approved by DCIS.
15. STORAGE ARRANGEMENTS AT TDY LOCATION: Example: GSA Security Container, G2, Third US Army, Ft McPherson, GA.
16. JUSTIFICATION FOR HANDCARRY ON RETURN TRIP: Describe reason for handcarrying back to Fort Bragg. This must include a description of the adverse effects on the mission if the material is mailed back to Fort Bragg. The request must be signed by either the G2, S2, or the activity Security Manager. All material to be handcarried must be packaged in the same manner as required for mailing (See paragraph 8-200, AR 380-5, for packaging requirements).
The undersigned is fully cognizant of the restrictions and responsibilities inherent to handcarry classified material outside of areas within military control IAW AR 380-5, Chapter VIII, and outlined below:
a. A complete list of all classified material being handcarried will be kept on file with the unit/section security manager.
b. Classified material will be kept under personal control or stored in a GSA approved security container at all times.
c. Classified material will not be read, studied, displayed, or used in any manner in public places or conveyances.
d. The classified material will not be left unattended in luggage rack, aircraft travel pods, locked vehicles, car trunks, or any other unsecured location.
e. The original Memorandum of Authorization to Handcarry Classified Material and the official military or civilian identification card (DA Form 2A, DD Form 1173, or DA Form 1602) will be in the handcarrier's possession at all times.
f. The undersigned will have sufficient copies of the Memorandum of Authorization to provide to airline or government officials, if necessary.
g. Classified material will be double-wrapped with the inner wrapping marked to indicate overall classification/restrictions. Both wrappings will be addressed to the receiving station or to the handcarrier's unit (include office symbols), properly sealed, and free of metal bindings. No markings will be used to indicate classified or restricted material on the outer wrapping. The use of names or titles on addresses is unauthorized.
h. A locked briefcase may be used as an outer wrapping on military conveyances. However, the briefcase may be opened by airline officials for inspection for weapons, contraband, etc. The sealed wrapping may not be opened. Locked briefcases are not authorized as an outer wrapping for travel on commercial aircraft.
i. The sealed package may be inspected by weighing, feeling, flexing, and X-raying (except for material subject to damage by Xray). The sealed package may NOT be opened.
j. When contained inside a piece of carry-on luggage, the luggage may be opened by aircraft/customs authorities for inspection for weapons, contraband, etc.
SIGNATURE OF COURIER DATE
SIGNATURE OF SECURITY MANAGER DATE