ACP 122 (F) - Multilateral Planners Conference
ACP 122 (F) - Multilateral Planners Conference
ACP 122 (F) - Multilateral Planners Conference
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
UNCLASSIFIED<br />
<strong>ACP</strong> <strong>122</strong>(F)<br />
CHAPTER 12<br />
PERSONNEL SECURITY<br />
OVERVIEW<br />
1201. There is a risk that any person who enters a facility containing CIS equipment may<br />
interfere with or damage the equipment, or see classified or sensitive information being printed,<br />
displayed, copied, etc. Persons requiring legitimate access to such facilities must be duly<br />
authorised and where necessary, cleared to the highest classification of information being<br />
processed. The following is a minimum set of personnel security issues that should be<br />
considered in each combined system’s security policy.<br />
NATIONAL MAPPING<br />
1202. The following table provides details of the national lead authority for any clarification<br />
required on this topic.<br />
Lead<br />
Authority<br />
AUS CAN NZ UK US<br />
DSA<br />
DISSP<br />
D IM Secur<br />
DJCIS<br />
ISEC<br />
DGS&S<br />
InfoSy(Pol)<br />
Joint Staff<br />
J65C<br />
MEASURES REQUIRED<br />
1203. All persons who have access to sensitive CIS should have the appropriate clearances<br />
and formal access approval for the systems, including a need-to-know. The principle of<br />
assigning the least privilege necessary for a user to accomplish his task should be adopted in<br />
personnel security procedures.<br />
1204. All Personnel Security activities in an Allied and Coalition context will be handled in<br />
line with existing national procedures and CJM3IEM (Combined Joint <strong>Multilateral</strong> Master<br />
Military Information Exchange Memorandum of Understanding). To that end, the following<br />
personnel security concerns exist with regard to CIS:<br />
a. Breaches of Security. Procedures must be in place for identifying, reporting and<br />
managing breaches of security,<br />
b. Classification by Users. Originators of information are responsible for the<br />
classification of that information,<br />
c. Clearances and Authorisations. The System Sponsor(s)/Owner(s) are to ensure<br />
that all users of the IT system have appropriate clearance, briefings and<br />
authorisation to the highest level of data processed/stored on the CIS or<br />
commensurate with the Mode of Secure Operation,<br />
12-1 Original<br />
UNCLASSIFIED