In the intricate fabric of our nation’s governance and defense, trust is the foundational thread. Public service, especially within the Department of Defense (DoD), goes beyond the duties outlined in job descriptions; it embodies the implicit agreement to act with integrity and in the best interests of the nation and its citizens.
This trust forms the bedrock of the relationships between the government, military personnel, and the public at large. Upholding this trust ensures the continued confidence of the public in the DoD, its mission, and the overarching defense framework of the United States.
Every individual who joins the Department of Defense, whether as a military servicemember or a civilian, takes the Oath of Office. This solemn vow is not a mere formality, but rather a constant reminder of one’s commitment to the nation.
The oath underscores the gravity of our duties, urging us to “support and defend the Constitution of the United States against all enemies, foreign and domestic.”
By emphasizing allegiance, faith, and loyalty, the Oath of Office encapsulates the ideals of service and the unwavering dedication expected from each individual in the DoD.
Responsibilities of Handling Sensitive Information: Being part of the Department of Defense often grants access to sensitive and classified information vital to national security. This privilege is not without its weighty responsibilities. Handling such information requires:
- Discretion: Recognizing the significance of the data and ensuring it doesn’t fall into the wrong hands.
- Security: Actively adopting and following protocols that secure and protect this information.
- Need-to-Know Principle: Ensuring that information is only shared with individuals who have both the necessary security clearance and a direct, operational need for that information.
- Continuous Vigilance: Being perpetually alert to potential threats and vulnerabilities, and reporting any breaches or suspicions immediately.
- Education and Training: Regularly updating one’s knowledge about security protocols, emerging threats, and best practices in information handling.
| Question | Answers |
|---|---|
| When classified information or CUI appear in books, journals, print articles, internet-based articles, etc., this is considered what type of UD? | The correct type of UD is “public domain.” |
| Which of the following types of UD involve the transfer of classified information or CUI onto an information system not authorized at the appropriate security level or having the required CUI protection? | Data Spills |
| Which of the following terms identify activities designed to obtain, deliver, communicate, or transmit classified information or CUI intended to aid a foreign power? | Espionage |
| Improper safeguarding of information is defined as using inappropriate measures and controls to protect classified information or CUI. | True |
| Classified information or CUI that has been put in the public domain is free to share. | False |
| The policy for the Whistleblower Protection Enhancement Act (WPEA) is the same as that of Unauthorized Disclosure (UD). | False |
| Whistleblowing should be used to report which of the following? | gross mismanagement, gross waste of funds, and substantial danger to public health and safety |
| You have a classified document you would like to share with your coworker, Julie. What requirements must Julie meet to be an authorized recipient? | Need-to-know, signed NDA, and a favorable eligibility determination for access to the level of the classified information to be shared. |
| Which of the following describes your responsibility to protect classified information from unauthorized disclosure? | use classified document cover sheets, follow guidelines for the reproduction of classified information, and store classified information in GSA-approved security containers or other approved methods |
| _ is the initial determination that information needs protection, while ___ is the process of using existing classified information to create new material and marking that newly developed material consistent with classification markings | Original classification is the initial determination that information needs protection, while derivative classification is the process of using existing classified information to create new material and marking that newly developed material consistent with the classification marking. |
| As an individual with access to classified information and CUI, you may write books, articles, speeches, and briefings. If they contain official DoD information, those items must go through which of the following? | If a book, article, speech or briefing contains official DoD information, it must go through a security review. |
| The PAO reviews content for classified information and CUI. | False |
| You may disclose classified information when using social media outlets. | False |
| What is the first step in reporting an incident of Unauthorized Disclosure? | place items in a GSA-approved security container or other approved method |
| After completing step one of reporting an Unauthorized Disclosure incident, what is your next step? | Report to your security manager or FSO |
| What must you do if approached or contacted by a representative of the media seeking a response to information appearing in the public domain? | Do not make any statements or comments that confirm or deny the information in question and report it to your security manager or FSO. |
| Question | Answer |
|---|---|
| An authorized recipient must meet three requirements to access classified information. | Possess a signed Nondisclosure Agreement (NDA); Receive a favorable eligibility determination; Have a need-to-know. |
| An individual with access to classified information accidentally left print-outs containing classified info in an office restroom. An unclear facility custodian found the info. Which type of unauthorized disclosure has occurred? | Improper Safeguarding |
| An individual with access to classified infoformation sent a classified email across a network that is not authorized to process classified info. What type of unauthorized disclosure has occurred? | Data Spill |
| If classified info or controlled unclassified info (CUI) is in the public domain, | the information is still classified or designated as CUI |
| How long is your NDA applicable? | For a lifetime |
| Which of the following is a misconception? | -. Classified information or controlled unclassified information (CUI) appearing in the public domain may be freely shared. -. Manuscripts, books, and articles can be submitted to an editor or publisher before undergoing a Defense Office of Prepublication Review (DOPSR) security review. |
| The Whistleblower Protection Enhancement Act (WPEA) relates to reporting all of the following except? | Classified info or controlled unclassifed info (CUI) in the public domain. |
| Is whistleblowing the same as reporting an unauthorized disclosure? | No, they use different reporing procedures. |
| When destroying or disposing of classified info, you must_________. | follow appropriate guidelines |
| Authorized holders must meet the requirements to access_________in accordance with a lawful government purpose: Activity, Mission, Function, Operation and Endeavor. | CUI |
| Which of the following are some tools needed to properly safeguard classified information? | All the above |
| Which of the following statements is true about markings? Select all that apply. | – Markings alert holders to the presence of classified information. – Markings identify exact information needing protection and the level of protection required. |
| Many different types of personnel work with classified information. Which of the following must submit their work for prepublication review? Select all that apply. | Government civilian employees Contractor personnel Retirees Military personnel |
| _ is described as the process by which info proposed for public release is examined by the Defence office of Prepublication and Security Review (DOPSR) for compliance with established national and DOD policies to determine wheater it contains any classified info. | Prepublication Review |
| Before releasing info to the public domain it what order must it be reviewed? | Local command, security manager and then DOPSR |
| When using social networking services, the penalties for ignoring requirements related to protecting classified info and controlled unclassified info (CUI) from unauthorized disclosure are | the same as when using other meadia |
| If you seee classified info or controlled unclassified info (CUI) on a public internet site, what should you do? | Report it to you security manager or FSO. |
| Jane Johnson found classified info in the office breakroom. What should be her first action? | Secure the information in a GSA-approved security container. |
| Which of the following is not the responsibility of the security manger or facility security officer (FSO)? | Sanction |
| One of your co-workers, Yuri, found classified information on the copy machine next to your cubicles. Yuri began questioning surrounding co-workers to see if anyone had left the documents unattended. Is Yuri following DoD policy? | No, Yuri must safeguard the information immediately. |
Basics of Information Classification
Classified information pertains to data that the U.S. government has determined, if unauthorizedly disclosed, could have an adverse effect on national security. The classification process organizes this data based on the severity of impact its unauthorized release might have.
- Levels of Classification:
- Confidential: This is the lowest level of classification. Unauthorized disclosure of Confidential information could cause damage to national security. Examples might include details about certain military exercises or some defense-related contracts.
- Secret: Unauthorized disclosure of Secret information is determined to cause “serious” damage to national security. Examples might encompass specifics about certain weapon systems, troop movements, or intelligence operations.
- Top Secret: This is the highest level of classification. The unauthorized disclosure of Top Secret information is expected to cause “exceptionally grave” damage to national security. Such data could involve details about covert operations, advanced technology research, or real-time intelligence operations.
- Criteria for Classification:The decision to classify information is based on whether its unauthorized disclosure could compromise national security. This includes, but is not limited to:
- Threatening the military strength or diplomatic relations of the U.S.
- Revealing intelligence sources, methods, or activities.
- Jeopardizing ongoing operations or critical infrastructure.
- Benefiting adversaries or competitors in a manner detrimental to the nation’s interests.
Definition of Controlled Unclassified Information (CUI)
Controlled Unclassified Information (CUI) refers to information that, although not classified, requires safeguarding or dissemination controls in accordance with federal laws, regulations, and policies.
- What Makes Information CUI?
Information is designated as CUI when it meets two conditions:- It pertains to the interests of the U.S. government.
- Its unauthorized disclosure could pose a risk to national security, privacy rights, proprietary business interests, or the operational integrity of agencies.
- Categories and Examples of CUI:
CUI encompasses a broad array of topics, organized into different categories for clarity and ease of handling. Some of these categories include:- Privacy: Personally Identifiable Information (PII) like Social Security Numbers or health records.
- Proprietary Business Information: Trade secrets, financial data, or confidential business strategies.
- Law Enforcement: Sensitive investigative techniques, witness identities, or crime reports.
- Critical Infrastructure: Information about utilities, transportation, or other critical infrastructure that, if disclosed, might expose vulnerabilities.
- Natural and Cultural Resources: Details about vital natural resources, cultural heritage sites, or endangered species habitats.
- Nuclear Information: Non-classified details about nuclear facilities, materials, or activities.
In essence, while CUI might not be classified in the traditional sense, it still warrants significant protection due to the potential risks associated with its unauthorized disclosure.
Unauthorized disclosure refers to the communication or physical transfer of classified or controlled unclassified information to an unauthorized recipient. Such a disclosure might be intentional, resulting from negligence, or accidental, but in all cases, it represents a breach of the security protocols established to safeguard such data.
The consequences of unauthorized disclosure range from potentially compromising national security, putting individuals at risk, damaging international relations, to the legal repercussions faced by the individual responsible.
- Verbal Leaks:
- Relating to spoken dissemination of sensitive information, whether in conversations, overheard discussions, or statements made in public forums.
- Examples: Loose talk about a secret operation in a public place, discussing classified information over an unsecured phone line.
- Physical (documents, hardware):
- Involves the unauthorized transfer or exposure of tangible items, be they printed documents, hardware components, or other physical media.
- Examples: Leaving a classified document on a desk in an unsecured area, losing a USB drive containing CUI.
- Electronic (emails, digital storage):
- Pertains to unauthorized digital transmissions or saving of sensitive data in unsecured electronic formats.
- Examples: Sending a classified document via unencrypted email, storing secret files on a personal cloud storage.
- Visual (photos, videos):
- Involves unauthorized photography, videography, or sharing of images/videos of sensitive areas, activities, or documents.
- Examples: Taking a picture inside a restricted facility, posting a video on social media that inadvertently captures classified activities in the background.
Common Misconceptions
- Sharing Among Colleagues Without Need to Know:
- Misconception: “If they work in the same department or have a similar clearance level, it’s okay to share information.”
- Truth: Information, especially classified, should only be shared on a need-to-know basis. Even if someone has the appropriate security clearance, they should not access specific classified data unless it’s necessary for their duties.
- Discussing Classified Topics Off-Duty:
- Misconception: “It’s a casual conversation with a trusted colleague after hours, so it’s harmless.”
- Truth: Classified information remains classified 24/7, irrespective of the setting or context. Discussing it off-duty, even with cleared colleagues, is still a breach of protocol.
- Assuming Declassification Over Time Without Proper Procedure:
- Misconception: “This information is old; it’s probably not classified anymore.”
- Truth: Time doesn’t automatically declassify information. A proper review and official procedure are required to declassify data. Until then, even older information should be treated with the same care as when it was first classified.
Exam Information
- Navigate to the CDSE STEPP portal using your preferred web browser.
- If you haven’t already, create an account or log in using your existing credentials.
- Once logged in, go to the ‘Courses’ tab.
- In the search bar, type “Unauthorized Disclosure of Classified Information and Controlled Unclassified Information” and press Enter.
- Click on the relevant course title from the search results.
- Once inside the course page, look for the “Exam” section, typically located towards the bottom.
- Click on ‘Start Exam’ to begin. Make sure you are in a quiet environment and have a stable internet connection.
Examination Coverage
The examination will assess your understanding and knowledge on:
- The importance and trust in public service.
- Information classification basics, including the levels and criteria of classification.
- Understanding unauthorized disclosures, its types, and common misconceptions.
- Potential damage caused by unauthorized disclosure.
- Sanctions associated with unauthorized disclosures.
- Methods and best practices to prevent unauthorized disclosures.
Passing Criteria
To successfully pass the exam:
- You must achieve a score of 75% or higher.
- Incorrect answers can be reviewed at the end of the examination, offering a chance for learning and improvement.
- If you do not achieve a passing score on your first attempt, review the course materials and retake the exam. There might be a waiting period or limit to retake attempts, so always aim for the best understanding before attempting.
Tips for Successful Completion
- Thorough Review: Before attempting the exam, go through the entire course material again, focusing on sections you found challenging.
- Note-Taking: Keep notes as you progress through the course. These can be invaluable when revising.
- Quiet Environment: Ensure you’re in a quiet and distraction-free environment when taking the exam.
- Time Management: Keep track of the time, ensuring you don’t rush but also don’t spend too long on a single question.
- Stay Calm and Confident: Remember, the goal of the exam is to validate understanding. Stay calm, read every question carefully, and trust in your preparation.
- Post-Exam Review: After the exam, take the time to review any questions you got wrong. This aids in continuous learning.
Best of luck on your examination! Your dedication to understanding and maintaining security protocols is vital to the safety and efficacy of the Department of Defense.
Resources
Was this helpful?
Let us know if this was helpful. That’s the only way we can improve.
