'Aim" Approved For Release 2000108 DIAC 00789ROO2600220012-7 SPECIAL ACCESS PROGRAM TRAINING BULLETIN #ter & I D5-800, DIAC PROGRAM DEVELOPMENT OFFICE 202-373-4073 Number 9 March 1991 Reporting Security Violations During the recent DUSD(SP) inspection of DIA SAP management procedures, the comment was made that each program's security plan should contain procedures for reporting, investigating, and resolving security violations. "Security violation" is a commonly used term that implies a loss or compromise of classified information and subsequent corrective or disciplinary action. Each program's security plan should contain procedures for reporting, investigating, and resolving security violations. Procedures used in investigating and resolving possible compromises of -classified information are explained in DoD 5200. 1 -R and DIAR 50-2. The DIA SAP Manual, DIAM 56- 3 (draft), contains further guidance for when the possible compromise involves SAP material. The following is a brief summary of steps to take to report a possible security violation involving SAP material (refer to abovereferences for a complete explanation): 1. Report. If you suspect that SAP information may have been 4~gW ynised, inform the program security officer or nroar- --ntrol officer and the OSC VAD If the suspected compromise invoives computer security, the program control officer will inform DS. 2. Investigate. The program control officer ensures that a preliminary inquiry is conducted. The program director and the OSC VADD review the results of the preliminary inquiry to determine whether a compromise took place, to determine if any further investigation is necessary, to correct any systemic problems that may have contributed to the violation, and to direct a damage assessment if appropriate. 3. Resolve. Afinalreportof theinvestigation is made to the DIA SAPOC which may recommend further remedies and relief from accountability of any lost materials. While few security violations result in a compromise, all violations should be reported and investigated. The violation not reported may do the most damage. Uprocedures for reporting security violations are not in your security plan, include them when the manual is updated. SAP Training Seminar 27 March 1991 0930 Room D5-800 Approved For Release 2000108/08: CIA-RDP96-00789ROO2600220012-7 Approved For Release 2000/08/08 : CIA-RDP96-00789ROO2600220012-7 SPECIAL ACCESS PROGRAM TRAINING BULLETIN 202-373-4073 D5-800, DIAC PROGRAM DEVELOPMENT OFFICE Number 9 March 1991 Reporting Security Violations During the recent DUSD(SP) inspection of DIA SAP management procedures, thecomment was made that each program's security plan should contain procedures for reporting, investigating, and resolving security violations. "Security violation" is a commonly used term that implies a loss or compromise of classified information and subsequent corrective or disciplinary action. Each program's security plan should contain procedures for reporting, investigating, and resolving security violations. Procedures used in investigating and resolving possible, compromises of classified information are explained in DoD 5200. 1 -R and DIAR 50-2. The DIA SAP Manual, DIAM 56- 3 (draft), contains further guidance for when the possible compromise involves SAP material. The following is a brief summary of steps to take to report a possible security violation involving SAP material (referto abovereferences for a complete explanation): 1. Report. If you suspect that SAP information mayhave beencov"njised, inform the program security officer trol officer and the OSC VAD f the suspected D II M voOves compute compromise invo ves computer security, the program control officer will inform DS. 2. Investigate. The program control officer ensures that a preliminary inquiry is conducted. The program director and the OSC VADD review the results of the preliminary inquiry to determine whether a compromise took place, to determine if any further investigation is necessary, to correct any systemic problems that may have contributed to the violation, and to direct a damage assessment if appropriate. 3. Resolve. A final report of the investigation is made to the DIA SAPOC which may recommend further remedies and relief from accountability of any lost materials. While few security violations result in a compromise, all violations should be reported and investigated. The violation not reported may do the most damage. Uprocedures, for reporting security violations are not in youTsecurity plan, include them when the manual is updated. SAP Training Seminar 27 March 1991 0930 Room D5-800 Approved For Release 2000/08/08 CIA-RDP96-00789ROO2600220012-7