ANSWERS THREAT ASSESSMENT PRACTICE
RESOURCE
◉ Elements that should be considered in identifying Critical
Program
Information.
Answer: Elements which if compromised could:
1. cause significant degradation in mission effectiveness,
2. shorten expected combat-effective life of system
3. reduce technological advantage
4. significantly alter program direction; or
5. enable adversary to defeat, counter, copy, or reverse engineer
technology/capability.
◉ Elements that security professional should consider when
assessing and managing risks to DoD assets (risk management
process).
Answer: 1. Assess assets
2. Assess threats
3. Assess Vulnerabilities
4. Assess risks
,5. Determine countermeasure options
6. Make RM decision
◉ The three categories of Special Access Programs.
Answer: acquisition, intelligence, and operations & support
◉ Types of threats to classified information.
Answer: Insider Threat, Foreign Intelligence Entities (FIE), criminal
activities, cyber threats, business competitors
◉ The concept of an insider threat.
Answer: An employee who may represent a threat to
national security. These threats encompass potential espionage,
violent acts against the Government or the nation, and unauthorized
disclosure of classified information
◉ The purpose of the Foreign Visitor Program.
Answer: To track and approve access by a foreign entity to
information that is classified; and to approve access by a foreign
entity to information that is unclassified, related to a U.S.
Government contract, or plant visits covered by ITAR.
◉ Special Access Program.
,Answer: A program established for a specific class of
classified information that imposes safeguarding and access
requirements that exceed those normally required for information at
the same classification level.
◉ Enhanced security requirements for protecting Special Access
Program (SAP) information.
Answer: Within Personnel Security:
• Access Rosters;
• Billet Structures (if required);
• Indoctrination Agreement;
• Clearance based on appropriate investigation completed within
last 5/6
years;
• Individual must materially contribute to program and have need to
know (NTK);
• SAP personnel subject to random counterintelligence scope
polygraph;
• Polygraph examination, if approved by the DepSecDef, may be used
as a
mandatory access determination;
• Tier review process;
• Personnel must have Secret or TS clearance;
• SF-86 must be current within one year;
, • Limited Access;
• Waivers required for foreign cohabitants, spouses, and immediate
family
members.
Within Industrial Security:
The SecDef or DepSecDef can approve carve-out provision to relieve
Defense
Security Service of industrial security oversight responsibilities.
Within Physical Security:
• Access Control;
• Maintain SAP Facility;
• Access Roster;
• All SAPs must have unclassified nickname/ Codeword (optional).
Within Information Security:
• The use of HVSACO;
• Transmission requirements (order of precedence).
◉ Responsibilities of the Government SAP Security
Officer/Contractor Program
Security Officer (GSSO/
CPSO).
Answer: • Possess personnel clearance and Program access at least
equal to highest level of Program classified information involved.