National Security Information Handbook
epa-nsi-handbook-2012
epa-nsi-handbook-2012
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
NSI <strong>Handbook</strong><br />
Policy and Program Management<br />
2. The actual or possible loss or compromise of classified information presents a threat<br />
to national security and must be reported to an immediate supervisor, NSI<br />
Representative, or the NSI Program Team.<br />
<br />
<br />
Loss: occurs when it cannot be physically accounted for or located<br />
Compromise: occurs when classified information is disclosed to an unauthorized<br />
person(s) who does not have a security clearance, is not authorized access, or does<br />
not have a valid need-to-know<br />
3. A successful security management system incorporates many facets of information<br />
security including the possible occurrences of violations and infractions.<br />
<strong>Security</strong> Violation: Any knowing, willful, or negligent action that:<br />
Could reasonably be expected to result in unauthorized disclosure of classified<br />
information<br />
Classifies or continues the classification of information contrary to the<br />
requirements of E.O. 13526, 32 C.F.R. 2001, or this handbook<br />
Creates or continues a Special Access Program contrary to the requirements of<br />
E.O. 13526<br />
The ISOO Director shall be notified when a violation occurs when the<br />
violation is reported to oversight committees in the Legislative branch; may<br />
attract significant public attention; involves large amount of classified<br />
information; or reveals a potential systemic weakness in classification,<br />
safeguarding, or declassification policy or practices.<br />
<strong>Security</strong> Infraction: Any unintentional action contrary to the requirements of E.O.<br />
13526, 32 C.F.R. 2001, or this handbook<br />
1-301 Incident Reporting Procedures<br />
1. Any individual who has knowledge of a security incident shall:<br />
Report the circumstances of the incident within 24 hours, in writing, to the<br />
immediate supervisor, the assigned NSI Representative, or the NSI Program Team<br />
Notify the successive supervisor within the office if the incident involves the<br />
direct supervisor or NSI Representative<br />
Notify the NSI Program Team and/or Director, SMD if the circumstances of the<br />
incident make it impractical to notify the NSI Representative, supervisor, or next<br />
successive supervisor thus ensuring proper security<br />
Under no circumstances are individuals authorized to report security incidents to<br />
Agencies/Departments outside EPA<br />
2. The supervisor or NSI Representative shall:<br />
Immediately notify the NSI Program Team<br />
3. The NSI Program Team shall:<br />
Assign an individual to conduct a Preliminary Inquiry (PI) to gather the facts<br />
surrounding the security incident<br />
Using the format provided in Appendix B, the assigned individual shall<br />
forward the PI to the NSI Program Team within 72 hours<br />
1-4