DOCSLIB.ORG

Department of the Treasury Security Manual, TD P 15-71, 2011-2014

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Department of the Treasury Security Manual, TD P 15-71, 2011-2014 Description of document: Department of the Treasury Security Manual, TD P 15-71, 2011-2014 Requested date: 12-November-2016 Release date: 16-May-2018 Posted date: 04-March-2019 Source of document: FOIA Request Department of the Treasury Washington, D.C. 20220 Fax: (202) 622-3895 Treasury Department online request portal: https://www.treasury.gov/foia/pages/gofoia.aspx The governmentattic.org web site (“the site”) is noncommercial and free to the public. The site and materials made available on the site, such as this file, are for reference only. The governmentattic.org web site and its principals have made every effort to make this information as complete and as accurate as possible, however, there may be mistakes and omissions, both typographical and in content. The governmentattic.org web site and its principals shall have neither liability nor responsibility to any person or entity with respect to any loss or damage caused, or alleged to have been caused, directly or indirectly, by the information provided on the governmentattic.org web site or in this file. The public records published on the site were obtained from government agencies using proper legal channels. Each document is identified as to the source. Any concerns about the contents of the site should be directed to the agency originating the document in question. GovernmentAttic.org is not responsible for the contents of documents published on the website. DEPARTMENTOFTHETREASURY WASHINGTON, D.C. May 16, 2018 RE: 2016-06-021 VIA ELECTRONIC MAIL This is the final response to your Freedom of Information Act (FOIA) request dated November 12, 2016, filed with the U.S. Department of the Treasury. You seek a copy of Treasury's Security Manual. Your request has been processed under the provisions of the FOIA 5 U.S.C. § 552. Treasury's Departmental Offices conducted a reasonable search for responsive records and located 474 pages. After carefully reviewing the materials, I am releasing all 474 pages in full. Copies of the releasable pages are enclosed. There are no fees assessed at this time since allowable charges fell below $25. If any questions arise concerning this action, please contact Karen Edwards at (202) 927-8989, or email at [email protected]. Please reference FOIA Request 2016-06-021 when mqumng. Sincerely, Digitally signed Pa U I by Paul Levitan Date: Levitan 20,s.os.16 . 19:41 :51 -04'00' Paul Lt: vitan Director, FOIA and Transparency Enclosure Document set (4 74 pages) Original FOIA request Treasury Security Manual-TD P 15-71 General Information Updated Treasury-wide Security Programs 6/ 17 / 11 1. Introduction Treasury security programs consist of the following security functions including operational suppo1i for the Departmental Offices persom1el security, industrial security, physical security and se,curity education/training programs. 2. Treasury-wide Security Programs a. Personnel Security (Policy). Establishes Treasury-wide minimum standards for background investigations and unifo1med guidelines for adjudication of those investigations; inte1prets and assists bureaus in implementing gove1mnental and departmental policy; and evaluating the effectiveness of bureau implementation. b. Information Security. Establishes Treasury-wide minimum standards for safeguarding classified infmmation and support for sensitive information. This includes protective requirements for: • Identifying. • Marking (including downgrading/ declassification and decontrolling). • Handling. • Processing. • Storing. • Transmitting. • Accounting for/tracking. • Destruction. c. Physical Security. Establishes Treasury-wide minimum standards to ensure protection of Departmental persoilllel, facilities, and assets; and assisting and evaluating the effectiveness of bureau implementation. d. Industrial Security. Establishes Treasury-wide minimum standards to protect the Department's classified and sensitive information assets, and facilities accessed by contractors throughout all stages of the acquisition process. e. Security Education/Training. Establishing Treasury-wide training for persons authorized access to classified information (including ailllually for Original Classification Authorities identified in Treasury Order 105-19) and suppmi for sensitive information. Treasury Security Manual-TD P 15-71 f. Counterintelligence (CJ). Establishes Treasury-wide policies to identify and deter intelligence collection activities conducted against the Department's personnel, information and programs. Also develops CI awareness training programs and coordinates CI investigations and activities with the law enforcement and intelligence communities. 2 Treasury Security Manual-TD P 15-71 General Information Updated Departmental Offices 6/17/11 1. Introduction The Treasury Security Manual serves as the Departmental Offices (DO) regulations with respect to security programs administered by the Director, Office of Security Programs (OSP). 2. Departmental Offices - Operations a. DO Personnel Security (Operations). Ensures the integrity and trustworthiness of the DO, Office ofinspector General (OIG), Special Inspector General for the Troubled Asset Recovery Program (TARP), TARP employees, the Office of Technical Assistance, HR Connect, and Community Development Financial Institutions workforce by: • Initiating and adjudicating required background investigations (BI). • Granting security clearances for access to classified information. • Maintaining corresponding security files and electronic database records. • Providing verification of security clearances for clients and customers. • Adjudicating sensitive compattmented information (SCI) requests for the entire Department. b. DO Physical Security (Operations). Implements Treasury and national policies for protection of DO personnel, property, and information within the Treasury Complex Qviain Treasury and Annex Buildings) and DO satellite office locations. This includes: • Access controls, badges, keys, key-cards, etc., for DO-occupied space. • Repair/maintenance of security equipment protecting classified and sensitive inf01mation. • Reporting/resolving security incidents, infractions and violations. • Liaison with the United States Secret Service (USSS), Federal Protective Service (FPS), General Services Administration (GSA), et al. • Collection/destruction of paper classified/sensitive waste. c. DO Information Security (Operations). Provides required initial, annual refresher training and specialized training for employees authorized access to classified and sensitive information. Treasury Security Manual-TD P 15-71 General Information Updated Treasury and Btffeau Responsibilities 6/17/11 1. Introduction The provisions of the Treasury Security Manual apply to the Departmental Offices (DO), all Treasury bureaus, the Office oflnspector General (OlG), the Treasury Inspector General for Tax Administration (TIGTA), the Special Inspector General for the Troubled Asset Recovery Program, the TARP, the Office of Technical Assistance, HR Connect, and Community Development Financial Institutions. In addition to the authority defined in applicable Treasury Directives, the Director, Office of Security Programs (OSP) is responsible for the Treasury security programs described herein. 2. Personnel Security (Policy) Program Responsibilities a. Establishing Departmental and Treasury-wide minimum standards: (1) For background investigations. (2) For uniform guidelines for adjudication. (3) In dete1mining suitability for employment. (4) For access to classified information and in support of access to sensitive information. (5) To maintain a central index ofDepmtment-granted security clearances. b. Interpreting and assisting bureaus in implementing national and Treasury personnel security policies. This entails providing supplemental program advice and policy guidance through instructional memoranda addressing specific problems or topics when significant suitability or security information is developed. c. Providing verification of security clearance and investigation information for personnel security representatives requiring Departmental accreditation to perform on-site personnel security file reviews at other Federal agencies/departments. d. Evaluating implementation and effectiveness of Treasury and bureau-wide personnel security practices and procedures. e. Recommending program enhancements through periodic bureau evaluations and staff visits to ensure compliance with minimum Federal personnel security program standards. Treasury Security Manual-TD P 15-71 f. Developing policies to control granting security clearances for access to information or material designated "Restricted Data" and "Formerly Restricted Data" consistent with requirements of the Energy Department. g. Representing Treasury/bureau interests on interagency forums and meetings with personnel security concerns, to share best practices, and actively promote personnel security programs within the Federal government. This includes serving as the principal contact with the Office of Personnel Management (OPM) for Treasury and with other Federal agencies and entities on personnel security matters. h. Serving as the determination authority for eligibility for access to sensitive compartmented information (SCI) pursuant to a delegation from Treasury's Senior Official of the Intelligence Community (SOIC). 3. Information Security Program Responsibilities a. Establishing Depatimental standards to protect classified information based on Executive Order (EO) 13526, Classified National Security
Load more

Recommended publications
  • Balancing Ex Ante Security with Ex Post Mitigation
    Is an Ounce of Prevention Worth a Pound of Cure? Balancing Ex Ante Security with Ex Post Mitigation Veronica Marotta ), Heinz College, Carnegie Mellon University Sasha Romanosky ) RAND Corporation Richard Sharp ), Starbucks Alessandro Acquisti ( ), Heinz College, Carnegie Mellon University Abstract Information security controls can help reduce the probability of a breach, but cannot guarantee that one will not occur. In order to reduce the costs of data breaches, firms are faced with competing alternatives. Investments in ex ante security measures can help prevent a breach, but this is costly and may be inefficient; ex post mitigation efforts can help reduce losses following a breach, but would not prevent it from occurring in the first place. We apply the economic analysis of tort and accident law to develop a two-period model that analyzes the interaction between a firm and its consumers. The firm strategically chooses the optimal amount of ex ante security investments and ex post mitigation investments in the case of a breach; consumers, that can engage in ex post mitigation activities. We show that it can be optimal for a firm to invest more in ex post mitigation than in ex ante security protection. However, there also exist situations under which a firm finds it optimal to not invest in ex post mitigation, and simply invest a positive amount ex ante. In addition, we find that a social planner seeking to minimize the social cost from a breach should not incentivize the firm to bear all consumers loss: as long as consumers have feasible tools for mitigating the downstream impact of data breaches, they should be responsible for a fraction of the expected loss caused by the breach.
    [Show full text]
  • Camp Delta Standard Operating Procedures (SOP)
    UNCLASSIFIED//FOR OFFICIAL USE ONLY Camp Delta Standard Operating Procedures (SOP) Headquarters, Joint Task Force - Guantanamo (JTF-GTMO) Guantanamo Bay, Cuba 28 March 2003 UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY Intentionally Left Blank Camp Delta SOP 28 March 2003 UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY Headquarters Joint Detention Operations Group (JDOG) Joint Task Force Guantanamo (JTF-GTMO) Guantanamo Bay, Cuba Effective 28 March 2003 28 March 2003 Camp Delta Standard Operating Procedures (SOP) By Order of the Commander procedures established herein apply to Supplementation. the services and agencies that Supplementation of this SOP and function in, and support thereof, establishment of command or local GEOFFREY D. MILLER detainee operations at JTF-GTMO in forms is prohibited without prior Major General, United States Army general and Camp Delta specifically. approval of the JDOG Commander, JTF-GTMO Applicability. This is a multi- Commander. service, multi-agency set of standard Suggested Improvements. Users Official: operating procedures. It applies to the are invited to send comments and Army, Navy, Air Force, Marine suggested improvements through ADOLPH MCQUEEN Corps, and Coast Guard as well as their chain of command to the Colonel, Military Police United States Government JDOG S3 for proper consideration Commander, JDOG organizations and international non- and staffing. governmental organizations operating Interim Changes. Policies and inside Camp Delta 1 - 3. procedures will be reviewed every History. This is a revised update to Proponent and exception authority. 120 days. Any interim changes the Joint Task Force Guantanamo The proponent of this set of operating will be signed by the JDOG (JTF-GTMO) standard operating procedures and special orders is the Commander and posted to the front procedures (SOP) for Camp Delta.
    [Show full text]
  • Tenders 30 Wide Selection of Tenders Liros Ropes 46 Comprehensive Range Stocked
    Equip for adventure Full range catalogue with spirit Without risk there is no adventure. But the best coupled with the unknown and the horizon- equipment minimises risk while expanding expanding. horizons. We are our customers’ companion in this This spirit lives in everything we do, design, make adventure. Mutual safety is our first priority. and maintain. Our equipment is meticulously designed and Our aim is to equip you as we would a friend, as crafted to push the boundaries of sea safety many of our customers are, with what you need - to go further, reach higher - and allow our to be safe, in pursuit of your adventure. We customers to do the same. seek the best of life — the near and nurtured Equipped for adventure Founded on friendships Navigation Lifejackets 6 Featuring our brand new range Life Rafts 18 New comprehensive range Recovery 26 Including the revolutionary new RP500+ Tenders 30 Wide selection of tenders Liros Ropes 46 Comprehensive range stocked Fenders 38 Bags 42 Mooring & rigging 44 Leisure & equipment 54 New Tough, waterproof cover fabric Large capacity Soft, ventilated shoulder straps Mesh pocket Padded back new Stay Dry / 20l A 20 litre Staydry backpack with secure internal pocket and mesh side pockets making this an essential kit item. Page 43 New Grab handles 1100 Decitex fabric Airdeck floor Pin rowlocks Dual adjustable seats Lifting handles new New design sponsons Spirit 320 The flagship model from the brand new Spirit range. Page 31 “Never fear quarrels, but seek hazardous adventures.” Alexandre Dumas, The Three Musketeers A new dimension in Lifejackets Lifejackets new 2 4 Models Pro Sensor (with harness) 5 Hammar hydrostatic Buoyancy (n) 190 300 3 ISO 12402-3 12402-2 Rearming Part number Kit no HRK 38 Ham 10 1 HRK 60 Ham 14 PSRK 38 Auto 8 PSRK 60 Auto 12 3Dynamic Rapid release (1) SOS Light (4) Fast on and off Water activated Seago’s completely redesigned flagship lifejacket.
    [Show full text]
  • CDC Policy on Sensitive but Unclassified Information
    Manual Guide - Information Security CDC-02 Date of Issue: 07/22/2005 Proponents: Office of Security and Emergency Preparedness SENSITIVE BUT UNCLASSIFIED INFORMATION Sections I. PURPOSE II. BACKGROUND III. SCOPE IV. ACRONYMS AND DEFINITIONS V. POLICY VI. PROCEDURES VII. RESPONSIBILITIES VIII. REFERENCES Exhibit 1: Common Information Types with Sensitivity Guidance Exhibit 2: Summary Listing of Common Information Types I. PURPOSE The purpose of this document is to provide policy and procedures to the Centers for Disease Control and Prevention[1] (CDC) that allow for the accomplishment of our public health service mission while safeguarding the various categories of unclassified data and document information that, for legitimate government purposes and good reason, shall be withheld from distribution or to which access shall be denied or restricted. II. BACKGROUND There are various categories of information, data and documents that are sensitive enough to require protection from public disclosure–for one or more reasons outlined under the exemptions of the Freedom of Information Act but may not otherwise be designated as national security information. III. SCOPE This policy applies to all individuals, employees, fellows, attached uniform service members, Public Health Service Commissioned Corps, Department of Defense employees and service members, contractors and subcontractors working at CDC, or under the auspices thereof. IV. ACRONYMS AND DEFINITIONS A. For the purposes of this policy, the following acronyms apply. 1. CARI: Contractor Access Restricted Information 2. CSASI: Computer Security Act Sensitive Information 3. CUI: Controlled Unclassified Information 4. DCO: document control officer 5. DEA-S: Drug Enforcement Agency Sensitive 6. DOD: Department of Defense 7. DOE-OUO: Department of Energy Official Use Only 8.
    [Show full text]
  • Dod Instruction 8520.03, May 13, 2011; Incorporating Change 1, July 27, 2017
    Department of Defense INSTRUCTION NUMBER 8520.03 May 13, 2011 Incorporating Change 1, July 27, 2017 ASD(NII)/DoD CIO SUBJECT: Identity Authentication for Information Systems References: See Enclosure 1 1. PURPOSE. In accordance with the authority in DoD Directive (DoDD) 5144.1 (Reference (a)), this Instruction: a. Implements policy in DoDD 8500.01E DoD Instruction (DoDI) 8500.01 (Reference (b)), assigns responsibilities, and prescribes procedures for implementing identity authentication of all entities to DoD information systems. b. Establishes policy directing how all identity authentication processes used in DoD information systems will conform to Reference (b) and DoD Instruction (DoDI) 8500.2 (Reference (c)). c. Implements use of the DoD Common Access Card, which is the DoD personal identity verification credential, into identity authentication processes in DoD information systems where appropriate in accordance with Deputy Secretary of Defense Memorandum (Reference (dc)). d. Aligns identity authentication with DoD identity management capabilities identified in the DoD Identity Management Strategic Plan (Reference (ed)). e. Establishes and defines sensitivity levels for the purpose of determining appropriate authentication methods and mechanisms. Establishes and defines sensitivity levels for sensitive information as defined in Reference (b) and sensitivity levels for classified information as defined in DoD 5200.1-R Volume 1 of DoD Manual 5200.01 (Reference (fe)). 2. APPLICABILITY a. This Instruction applies to: DoDI 8520.03, May 13, 2011 (1) OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the DoD, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD (hereinafter referred to collectively as the “DoD Components”).
    [Show full text]
  • Identity Threat Assessment and Prediction
    Cover page Inside cover with acknowledgment of partners and partner lo- gos 1-page executive summary with highlights from statistics. 3 main sections – each of these will have all of the graphs from the list of 16 that pertain to each respective section: Events Victims Fraudsters Identity Threat Assessment and The format for each of these sections will more or less like a prettier version of the ITAP Template document I sent you. Ba- Prediction sically each page will have 3+ graphs depending on design lay- out (however many fit) and then 2 text sections copy for: Jim Zeiss “Explanations”: A 1-2 sentence description of the graph Razieh Nokhbeh Zaeem “Insights” a 1-paragraph exposition on what the statistic indi- K. Suzanne Barber cates. UTCID Report #18-06 MAY 2018 Sponsored By Identity Threat Assessment and Prediction Identity theft and related threats are increasingly common occurrences in today’s world. Developing tools to help understand and counter these threats is vitally important. This paper discusses some noteworthy results obtained by our Identity Threat Assessment and Prediction (ITAP) project. We use news stories to gather raw data about incidents of identity theft, fraud, abuse, and exposure. Through these news stories, we seek to determine the methods and resources actually used to carry out these crimes; the vulnerabilities that were exploited; as well as the consequences of these incidents for the individual victims, for the organizations affected, and for the perpetrators themselves. The ITAP Model is a large and continually growing, structured repository of such information. There are currently more than 5,000 incidents captured in the model.
    [Show full text]
  • CMS Information Systems Security and Privacy Policy
    Centers for Medicare & Medicaid Services Information Security and Privacy Group CMS Information Systems Security and Privacy Policy Final Version 2.0 Document Number: CMS-CIO-POL-SEC-2019-0001 May 21, 2019 Final Centers for Medicare & Medicaid Serv ices Record of Changes This policy supersedes the CMS Information Systems Security and Privacy Policy v 1.0 , April 26, 2016. This policy consolidates existing laws, regulations, and other drivers of information security and privacy into a single volume and directly integrates the enforcement of information security and privacy through the CMS Chief Information Officer, Chief Information Security Officer, and Senior Official for Privacy. CR Version Date Author/Owner Description of Change # 1.0 3/15/2016 FGS – MITRE Initial Publication 2.0 05/17/2019 ISPG Edits addressing the HIPAA Privacy Rule, some Roles and Responsibilities, Role-Based Training/NICE, High Value Assets, and references, CR: Change Request CMS Information Sy stems Security and Priv acy Policy i Document Number: CMS-CIO-POL-SEC-2019-0001 May 17, 2019 Final Centers for Medicare & Medicaid Serv ices Effective Date/Approval This policy becomes effective on the date that CMS’s Chief Information Officer (CIO) signs it and remains in effect until it is rescinded, modified, or superseded by another policy. This policy will not be implemented in any recognized bargaining unit until the union has been provided notice of the proposed changes and given an opportunity to fully exercise its representational rights. /S/ Signature: Date: 05/21/19 Rajiv Uppal Chief Information Officer Policy Owner’s Review Certification This document will be reviewed in accordance with the established review schedule located on the CMS website.
    [Show full text]
  • A History of U.S. Communications Security (U)
    A HISTORY OF U.S. COMMUNICATIONS SECURITY (U) THE DAVID G. BOAK LECTURES VOLUME II NATIONAL SECURITY AGENCY FORT GEORGE G. MEADE, MARYLAND 20755 The information contained in this publication will not be disclosed to foreign nationals or their representatives without express approval of the DIRECTOR, NATIONAL SECURITY AGENCY. Approval shall refer specifically to this publication or to specific information contained herein. JULY 1981 CLASSIFIED BY NSA/CSSM 123-2 REVIEW ON 1 JULY 2001 NOT RELEASABLE TO FOREI6N NATIONALS SECRET HA~mLE YIA COMINT CIIA~HJELS O~JLY ORIGINAL (Reverse Blank) ---------- • UNCLASSIFIED • TABLE OF CONTENTS SUBJECT PAGE NO INTRODUCTION _______ - ____ - __ -- ___ -- __ -- ___ -- __ -- ___ -- __ -- __ --- __ - - _ _ _ _ _ _ _ _ _ _ _ _ iii • POSTSCRIPT ON SURPRISE _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I OPSEC--------------------------------------------------------------------------- 3 ORGANIZATIONAL DYNAMICS ___ -------- --- ___ ---- _______________ ---- _ --- _ ----- _ 7 THREAT IN ASCENDANCY _________________________________ - ___ - - _ -- - _ _ _ _ _ _ _ _ _ _ _ _ 9 • LPI _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I I SARK-SOME CAUTIONARY HISTORY __ --- _____________ ---- ________ --- ____ ----- _ _ 13 THE CRYPTO-IGNITION KEY __________ --- __ -- _________ - ---- ___ -- ___ - ____ - __ -- _ _ _ 15 • PCSM _ _ _ _ _ _ _ _ _ _ _ _ _ _
    [Show full text]
  • First Aid & Healthcare
    First Aid & Healthcare First Aid Kits Burn Care Supports & Tapes Bandages & Dressings Plasters Eye Care Hot & Cold treatment Biohazard Gloves Medisure Personal Care Sure Thermal Dispensary Contents Workplace First Aid Workplace Kits Recommendations and guideline standards for workplace first aid provision in the UK are provided by HSE workplace 4 the two main official bodies of The Health and Safety BSI workplace 5 HAS 6 Executive (HSE) and The British Standards Institute HSE catering 7 (BSI). BSI catering 8 Whilst these recommendations may set out the Specialist Kits minimum guidelines, all workplaces must undertake a Retail kits 9 First Aid Risk Assessment to ensure that their Burn Kits & care 10 individual first aid provision meets the needs and risks Children’s Kits 11 Training Kits 11 associated with the actual working activities Emergency Grab Bags 11 undertaken at any given site. Motoring & Travel 12-14 Sports Kits 15 The Health and Safety Executive (HSE) First Aid Essentials Under The Health and Safety (First Aid) Regulations 1981, the HSE have issued official guidance for Sports supports/tapes 16 employers on managing the provision of first aid in the Guardsocks/pool caps 17-18 Bandages/dressings 19-21 workplace. The HSE Guidance on Regulations Plasters 22 (publication L74) applies to all employers and provides Tapes 23 guidance on managing first aid (kit types, equipment Wipes 23 and facilities), first aid personnel (cover levels, training Resuscitation 23 Eye care 24 and appointed persons) and first aid awareness across Biohazard 25 the workplace. Gloves 26 Boxes 27 Bags 27 The British Standards Institute (BSI) Misc first aid 28-29 As a world renown standards authority the BSI have developed a full set of first aid kit recommendations Personal care that build upon the requirements of The Health and Steam inhaler cup 30 Safety (First Aid) Regulations 1981.
    [Show full text]
  • A Framework for Technology-Assisted Sensitivity Review: Using Sensitivity Classification to Prioritise Documents for Review
    A Framework for Technology-Assisted Sensitivity Review: Using Sensitivity Classification to Prioritise Documents for Review Graham McDonald Submitted in fulfilment of the requirements for the Degree of Doctor of Philosophy School of Computing Science College of Science and Engineering University of Glasgow March 2019 Abstract More than a hundred countries implement freedom of information laws. In the UK, the Freedom of Information Act 2000 (c. 36) (FOIA) states that the government’s documents must be made freely available, or opened, to the public. Moreover, all central UK government departments’ documents that have a historic value, for example the minutes from significant meetings, must be transferred to the The National Archives (TNA) within twenty years of the document’s cre- ation. However, government documents can contain sensitive information, such as personal in- formation or information that would likely damage the international relations of the UK if it was opened to the public. Therefore, all government documents that are to be publicly archived must be sensitivity reviewed to identify and redact the sensitive information, or close the document un- til the information is no longer sensitive. Historically, government documents have been stored in a structured file-plan that can reliably inform a sensitivity reviewer about the subject-matter and the likely sensitivities in the documents. However, the lack of structure in digital document collections and the volume of digital documents that are to be sensitivity reviewed mean that the traditional manual sensitivity review process is not practical for digital sensitivity review. In this thesis, we argue that the automatic classification of documents that contain sensitive information, sensitivity classification, can be deployed to assist government departments and human reviewers to sensitivity review born-digital government documents.
    [Show full text]
  • Guide for Mapping Types of Information and Information Systems to Security Categories
    NIST Special Publication 800-60 Volume I Revision 1 Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories Kevin Stine Rich Kissel William C. Barker Jim Fahlsing Jessica Gulick I N F O R M A T I O N S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 August 2008 U.S. DEPARTMENT OF COMMERCE Carlos M. Gutierrez, Secretary NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY James M. Turner, Deputy Director Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof-of-concept implementations, and technical analyses to advance the development and productive use of information technology. ITL’s responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems. This Special Publication 800-series reports on ITL’s research, guidelines, and outreach efforts in information system security and its collaborative activities with industry, government, and academic organizations. ii Authority This document has been developed by the National Institute of Standards and Technology (NIST) to further its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, P.L. 107-347. NIST is responsible for developing standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets but such standards and guidelines shall not apply to national security systems.
    [Show full text]
  • 'Inside Out' 833.Pdf
    Miscarriages of JusticeUK (MOJUK) that it has a separate responsibility to consider the disclosure of confidential material as a result 22 Berners St, Birmingham B19 2DR of its receipt of a referral from the CCRC. It considered that henceforth in every such case: (i) Tele: 0121- 507 0844 Email: [email protected] Web: www.mojuk.org.uk The PPS should, within a period of not more than ten weeks from receipt of the referral, determine which of the confidential materials should be disclosed to the appellant and proceed to do so. This MOJUK: Newsletter ‘Inside Out’ No 833 (10/02/2021) - Cost £1 timeframe should provide adequate time and opportunity for any necessary communication between the PPS and the CCRC. (ii) Within a further period of ten weeks the appellant should make Wrongfully Convicted Jack Whomes to be Released From Prison any appropriate representations about disclosure to the PPS and a comprehensive response should Jack was ‘wrongfully’ convicted of the notorious "Essex Boys" farmland murders is to be be made. (iii) If the processes outlined above do not yield a consensual outcome the appellant released from jail. Now 59, he was given a life sentence in 1998 for the execution of three men should, within a further period of four weeks, make a disclosure application to this court (as in whose Range Rover had been ambushed in Rettendon in December 1995. He has always main- Holden). (iv) If any such disclosure application fails to generate a consensual outcome or the court tained his innocence and in 2018 saw his minimum term cut from 25 to just over 22 years for considers it necessary having reviewed the confidential annex there will be a combined ex parte and "exemplary" behaviour behind bars.
    [Show full text]