PUSO Binder

vinnedgecm

USO/AUSO

WHA/EX/FRC

Security

Information

Binder


Table of Contents

Tab

USO/AUSO Appointment Letter 1

Domestic Controlled Access (DCAA) &

Designated Unclassified Space (DUS)

Memorandums

2

USO/AUSO Security Requirements 3

Office Security Orientation and Acknowledgement 4

Assessment Results 5


Security Requirements

USO Responsibilities are in 12 FAM 512.1-5 and 12 FAM 563.2. As a security representative,

you are responsible for ensuring classified information in your space is properly handled. In the

execution of these duties, USO and AUSO will perform the following duties:

1) Assists in the general administration of the security program within their assigned office.

2) Ensure the marking of all computer equipment, printers, fax machines, and laptops to show

the highest classification of information processed using approved classification labels per 12

FAM 262.1-5.

3) Maintains the following documents:

a. SF 700, Security Container Information – Required to record the combination to all

locks guarding classified information and spaces where classified is maintained and/or

processed.

b. SF 701, Activity Security Check List – Used to record the end of day check.

c. SF 702, Security Container Check Sheet – Used to record the daily opening, closing, and

inspection of security containers.

http://diplopedia.state.gov/index.php?title=Safe_File_Container_Standard_Form

4) Provide new employees an office security orientation brief.

The link below is a useful tool for USOs in the execution of their duties:

https://intranet.ds.state.sbu/DS/SI/IS/APD/USO%20GuideBook/BSO%20-

%20USO%20Security%20Guide.pdf

SECURITY CONTAINERS (SAFES) Per 12 FAM 532.2-3 individuals with a security

container must:

1) Use SF-700 to record combinations for all security containers storing classified information;

section 2a is given to the USO for storage.

2) Combination Change Procedures: Per 12 FAM 532 – Combinations are to be changed for the

following reasons:

a. When a container is first used to store classified information.

b. Upon the compromise of the container.

c. Annually or upon the departure of a person with access to that container.

d. When the container is taken out of service.

Offices may forego changing combinations if they have a means to limit individuals’ access to

the office after they move from a position requiring access to the security container.

In order to comply with this requirement while reducing cost and time, the bureau will conduct

an annual access audit, per 12 FAM 532.


3) Maintaining security container combinations. Members are not authorized to maintain the

combination in written or electronic form except:

a. SF-700 or

b. Master list, which must be handwritten and secured in a designated security container

with access limited to the person or persons responsible for the maintenance of the list

which may be the Office Director, Deputy Director, USO or Assistant USO. The

goal is to minimize or limit access to those who have a requirement for the items in

the specific safe they are being granted access to.

4) Individuals are responsible for all information in their space. It is recommended to complete

an inventory of the security container upon receiving access. If the security container shared,

the USO is responsible for ensuring an inventory is done.

5) Fill out and maintain SF-702 for 30 days. An individual should start a new form every

month regardless of how many blocks are completed; the old form or the previous months

form is maintained for 30 days at the end of each month. If the form is completed prior to

the end of the month, a new form is started and both will be closed out and maintained at the

end of the month.

6) 12 FAM 530 requires that “Open”/”Close” signs be placed on all storage containers.

Office Access: There are three tasks associated with administering an office access program:

granting, removing, and auditing access. All functions are essential elements in protecting the

office’s classified information, systems, and storage devices, as well as personnel.

1. BSO will provide a USO roster to the Access Office quarterly (January, April, July,

October) with the names of individuals authorized to grant access for their office.

2. Requesting Access: USO’s and AUSO’s can request office access for persons needing

unescorted access to their spaces. USO and AUSO’s must provide an email to

DS_DO_ACS at DS_DO_ACS@state.gov and CC the BSO with the following

information:

• Last, First Name: Lett, Dave N.

• Badge number: 411812

• Security Level: S5

• Badge Expiration Date: OCT2017

• Access To: HST/ 5240

3. Removing Individual’s from Access: Utilizing the same format as above, you will request

to remove departing personnel from the office access roster.

4. Audits: In accordance with 12 FAM 532, each office will conduct an access audit to

ensure the access roster properly reflects persons with a working requirement to the entire

space without escort.

a. Access Audits will be conducted between March 1 through 15 each calendar year.

b. Audit Request Format:

As the USO/AUSO for (Office, Bureau) and in accordance with 12 FAM 532, I am requesting

the door access Roster room (#) to conduct an access audit.

c. Editing the roster:

i. Line through any names on the roster that no longer need access to the

space.

ii. In order to add personnel to the roster, you will use the format above.


After Hours Checks 12 FAM 534.

1) The senior member of the office is ultimately responsible for the execution of After

Hours/Closing Procedures Checks.

2) Employees designated to conduct closing hours’ security checks will, at a minimum:

a. Ensure that all repositories containing classified material are secured;

b. Ensure that all classified drives, typewriter, printer ribbons and laser printer cartridges

are secured;

c. Check the tops of all desks, including in and out boxes, and repositories to ensure that

all classified and controlled material has been put away; and

d. Make a visual check of the remainder of the office.

* Offices may modify this process to better fit their operational needs but the method must be

outlined in writing and maintained in the USO/AUSO binder.

Annual Security Training:

1) Refresher Training - All cleared personnel are required to attend Annual Refresher Training

per 12 FAM 564.2.

Original Classification Authorities (OCA) Training – Those designated as OCAs must conduct

training annually which may be found by going to

http://diplopedia.state.gov/index.php?title=Original_Classification_Authority or going to

PK323, Classified and Sensitive But Unclassified Information: Identifying and Marking via the

FSI online training portal.

2) All others with access to classify information are Derivative Classifiers and must complete

PK323 every two years.

Program Evaluation Requirements:

12 FAM 512 identifies assessments as a key method to test the viability of the security program

and ensure compliance with security regulations. Evaluations of the program also serve to build

the knowledge of security professionals and others, as well as foster a positive working

relationship. There are two types of inspections, compliance and management inspection.

1) Annual Self-Assessment Program – Designated by Executive Order 13526 and Information

Security Oversight Office (ISOO) Directive Number 1, all agencies must have a self-inspection

program, now referred to as the self-assessment program.

a. At the bureau level, the self-assessment program should be administered by the senior

security representative within that bureau.

b. The self-assessment is a management level review which serves to aid internal controls,

prepare for compliance inspections, and ensure that security measures are implemented in a costeffective

and consistent manner.


2) Office of the Inspector General Inspection – An agency level formal review that evaluates an

agency’s effectiveness and adherence to security policy. The inspection is conducted based on

the agency’s guidelines. Department of State attempts to conduct OIG Inspections every three to

five years.

3) Information Security Oversight Office (ISOO) – Senior agency within the Executive Branch

responsible for ensuring all Executive agencies are in compliance with senior security guidance.

Evaluations are usually conducted every five years, but annual reporting on the status of the

organization’s security program is required.

Security Incident Program: All members of the cleared community have a responsibility

to report suspected security incidents. As a USO/AUSO you also have a minor role in the

security incident process which is governed by 12 FAM 550 and used to hold members

accountable for mishandling classified material within the Department of State:

1. OF-118, Record of Incident (RoI) – In the event of a security incident, the BSO emails

the RoI to the member cited for the security incident and courtesy copies the USO/AUSO and the

office director/supervisor. Upon receipt of the document, the employee has 5 days to return the

completed form to the BSO. (See below for example)

Good morning, attached is your OF-118 for the security incident on (date). Your OF-118 serves

as a formal notice that DS is reviewing the incident and collecting the pertinent data before the

case is adjudicated. The document must be returned to me within five business days from the

date of this email. You have the following rights:





You may sign the document

You may refuse to sign the document in which case, the USO will make a note on the

form stating your refusal to sign and return within five business days.

You have the right to submit matters in extenuation and mitigation or rebuttal.

Once the matter is adjudicated, if found guilty of an offense you will be given

opportunity to refute the findings. Instructions will be provide on the letter of

notification.

Prior to you signing or refusing to sign the document, you may request to speak with your BSO

and/or Office director. You will sign along with your Office Manager and USO/AUSO, who

will then brief you on corrective action/s. The document will then be returned to the BSO via

hardcopy or electronically. Please feel free to contact me if you have any questions.

2. Signing the document:

a. Employee and USO will sign Part 1A for Security Incident and 1B for Cyber Security

Incident.

b. The BSO will work with the USO/AUSO to make a statement about any corrective action

which is required in Part 2 of the OF-118.

c. Employee and Supervisor signs Part 2

d. USO completes Part 3, sign and return to BSO.


3. The USO will also include a copy of the SF-701, confirming After Hours Security Checks

were completed on the date in question. If an After Hours Roster is not maintained for the given

date, USO/AUSO must provide a statement explaining the missing document. If for any reason

this matter cannot be completed in five business days, please notify me and we will work on

obtaining an extension


STANDARD SECURITY OPERATING PROCEDURES (SOP)

SECURITY IN WHA/EX/FRC FORT LAUDERDALE

All employees working in the WHA/EX/FRC, 4000 N Andrews Ave, Oakland Park Florida should be aware

of the following security information and should follow these security procedures.

A. SECURITY OFFICERS

Bureau Security Officer: DS/IS/APD - Charles Joseph

Unit Security Officer (USO): WHA/EX/FRC – Charles M Vinnedge

Alternate Unit Security Officer (AUSO): WHA/EX/FRC - TBD

B. ACCESS TO THE WHA/EX/FRC

DCAA: The WHA/EX/FRC facilities 2 nd floor is a Domestic Controlled Access Area (DCAA) in it entirety

because of the classified systems and storage it contains. The 2 nd floor of the facility does not have any

unclassified space. The front door remains closed at all times.

Employees: All WHA/EX/FRC employees must have security clearances and their badge must be visible

at all times. Employees use their SMART badge and pin code to enter the facility.

Visitors: All visitors without security clearances must be escorted at all times. An escort cannot leave a

visitor alone without finding a replacement escort.

C. OPENING THE FACILITY IF ALARM IS ARMED

Employees entering the facility when the facility alarm is armed – i.e. the red sign says “Alarm is ‘on’” –

should take the following steps:

1) Unlock the door to the WHA/EX/FRC facility. Alarm will be beeping.

2) Walk into the facility and enter SMART Badge and pin code to disarm the alarm.

3) Beeping will stop. Turn the sign around so it is GREEN and says “Alarm is ‘off’.”

D. PROTECTING CLASSIFIED INFORMATION

Documents and information: Classified documents and information must be protected in accordance

with their classification level. Cover sheets should be used. At no time should classified documents be

left unattended. This means that classified documents and information should not be:


Left on an individual’s desk if the individual is not present;

Left unsecured at the end of the work day;

Taken out of the building without following proper procedures;

Reviewed or discussed in a place not authorized for the level of classification of the documents

and/or information; or

Stored at home, or in a hotel or other facility without proper protection for the level of

classification of the documents and/or information.

Disposal: Employees must shred classified documents to dispose of them. The WHA/EX/FRC facility

does not use burn bags.

Top Secret information: There are no/no documents classified at the Top Secret level in the

WHA/EX/FRC facility. Note that DS requires Top Secret cover sheets on all Top Secret documents.

Equipment: All pieces of equipment (i.e., computer equipment, scanners, printers, copiers) have been

marked with the highest level classification of the information that can be processed on it. For example,

the scanner has an “UNCLASSIFIED” sticker so classified information may not be scanned on it.

Phones: The phones in the facility are all unclassified. Employees may not disclose classified

information via these phones.

E. SECURITY CONTAINERS/SAFES

Combinations: The WHA/EX/FRC Director, USO and AUSO have master lists of combinations of all

security containers/safes in the facility. Employees are responsible for memorizing the combination of

the safe in which they store their computer hard drive or classified documents. Employees must not

write the combination down anywhere.

Magnetic Strips: Employees should turn over the magnetic OPEN/CLOSED or UNLOCKED/LOCKED strips

on safes, as appropriate.

SF-702: An SF 702 (Security Container Check Sheet) must be affixed to each safe. If an employee opens

or closes a safe, they must fill out the appropriate column on the SF 702. SF 702s will be replaced

monthly.

F. PROTECTING COMPUTER SYSTEMS

Classified and unclassified computer systems must be safeguarded. Employees can protect these

systems by:






Not sharing log-on information;

Not allowing others to utilize a computer the employee is logged into;

Ensuring that no device is attached to the computer without the Information Security

Manager’s permission;

Applying information security guidance when opening emails or clicking on links; and

Closing window blinds when accessing the classified/high side, if the monitor screen faces


the window.

G. WHA/EX/FRC OPEN STORAGE AREA (AKA STRONG ROOM)

Employees must read the WHA/EX/FRC SOP for the Open Storage Area, attached.

H. END OF DAY CLOSING PROCEDURES

All WHA/EX/FRC employees: All employees must put their classified hard drive and any other classified

materials in their safe, lock up, and fill out the SF 702, as noted above. All employees must remove their

SMART badge and PKI card from the card readers before leaving the facility.

SF 701: The SF 701 (Activity Security Checklist) is in a plastic “envelope” mounted to the wall by the

front door.

Last employee remaining: The last employee remaining in the facility must:









Check the strong room door;

Check individual offices for hard drives, SMART badges, and PKI cards/IDs;

Look in individual offices for classified documents or files;

Check that all safes are locked;

Check classified printer and shred anything left there;

Sign the SF 701 by the front door;

Arm the alarm by entering his or her SMART Badge and pin code; and

Turn the sign around so it is RED and says “Alarm is ‘on’” before leaving.

I. CLOSING THE WHA/EX/FRC FACILITY AT OTHER TIMES

Rearming the alarm before opening of business: If an employee has arrived early and disarmed the

alarm, that employee should rearm the alarm if he or she subsequently leaves the facility before

another employee arrives.

Locking up if facility will be empty: If an employee is aware that the facility will be empty during

business hours, the employee should remove his or her hard drive and lock his or her facility before

leaving the facility. The last employee remaining should arm the alarm.

Drafted: WHA/EX/FRC – Charles M Vinnedge

January 31, 2017

Approved: WHA/EX/FRC – OFFICE DIRECTOR – Hellen H. Hahn


Security Orientation Acknowledgement

Office Security Orientation Memorandum

By signing below, I acknowledge they have read, understand, and agree to follow the

Individual Security Responsibilities as stated in the Office Security Orientation

Memorandum.

EMPLOYEES

LAST, FIRST, MIDDLE

INIITAL

DOE, JOHN, A

Signature Date EMPLOYMENT STATUS

GS,FS,PSC,WAE,INTERN

Similar magazines