OCR of the Document

View the Document >>

Committee on National Security Systems, CNSSI No. 1100, Consistency and Synchronization During Classification and Declassification on Information Related to Cybersecurity of National Security Systems. Unclassified. [1323]

Committee on National Security Systems CNSSI No 1100 April 2016 CONSISTENCY AND SYNCHRONIZATION DURING CLASSIFICATION AND DECLASSIFICATION OF INFORMATION RELATED TO CYBERSECURITY OF NATIONAL SECURITY SYSTEMS THIS DOCUMENT PRESCRIBES MINIMUM STANDARDS YOUR DEPARTMENT OR AGENCY MAY REQUIRE FURTHER IMPLEMENTATION     NATIONAL MANAGER FOREWORD 1 The Committee on National Security Systems CNSS pursuant to its authority under National Security Directive 42 NSD-42 National Policy for the Security of National Security Telecommunications and Information Systems Reference a is issuing CNSS Instruction CNSSI No 1100 Consistency and Synchronization During Classification and Declassification of Information Related to Cybersecurity of National Security Systems This Instruction directs adherence at a minimum to national information security requirements and provides guidance to increase consistency and synchronization across Departments and Agencies D As when considering the classification and declassification of information related to cybersecurity of national security systems NSS 2 Additional copies of this Instruction may be obtained from the CNSS Secretariat or the CNSS website http www cnss gov                                                               s CURTIS W DUKES   CNSS Secretariat  IE412  National Security Agency  9800 Savage Road  STE 6740  Ft Meade  MD 20755­6716  Office   410  854­6805 Unclassified FAX   443  479­4700   CNSS@nsa gov CNSS Instruction No 1100 TABLE OF CONTENTS SECTION PAGE SECTION I – PURPOSE…… ……… ……… ………………………………………… …1 SECTION II – AUTHORITY…………… … …………………………………………… 1 SECTION III – SCOPE………………… … …………………………………………… … 1 SECTION IV – POLICY………………… … …………………………………………… 2 SECTION V – RESPONSIBILITIES…… …… …………………………………………2 SECTION VI – DEFINITIONS…………… …………………………………………… …3 SECTION VII – REFERENCES…………… …………………………………………… 3 ANNEXES ANNEX A – REFERENCES……………………………………………………………… A-1 ANNEX B – ACRONYM LIST…………………………………………………………… B-1 i CNSS Instruction No 1100 CONSISTENCY AND SYNCHRONIZATION DURING CLASSIFICATION AND DECLASSIFICATION OF INFORMATION RELATED TO CYBERSECURITY OF NATIONAL SECURITY SYSTEMS SECTION I – PURPOSE 1 CNSSI No 1100 directs adherence at a minimum to national information security requirements when classifying and declassifying information related to cybersecurity of NSS herein referred to as applicable information per Executive Order E O 13526 Classified National Security Information Reference b and as implemented in 32 Code of Federal Regulations CFR Parts 2001 and 2003 Reference c to help ensure consistency across and synchronization among D As 2 Due diligence in correctly and consistently classifying and declassifying applicable information is paramount to providing the assurance needed to reduce gaps in protection that United States U S adversaries may exploit This instruction outlines clear guidance to help ensure U S Original Classification Authorities OCAs take a consistent approach in classifying and declassifying applicable information This consistency reduces overclassification thereby facilitating sharing of information needed to establish a common defense It also reduces underclassification thereby ensuring information is not divulged to adversaries who may exploit NSS containing the information 3 This Instruction also clarifies the role of the National Security Agency NSA as National Manager for NSS regarding both the development of classification guides that contain applicable information and the consistency and uniformity of classification and declassification decisions expressed within such classification guides SECTION II – AUTHORITY 4 The authority to issue this Instruction derives from NSD-42 National Policy for the Security of National Security Telecommunications and Information Systems Reference a which outlines the roles and responsibilities for securing NSS consistent with applicable law E O 12333 United States Intelligence Activities Reference d and other Presidential Directives 5 Nothing in this Instruction alters or supersedes the authorities of the Director of National Intelligence DNI SECTION III – SCOPE 6 This Instruction applies to all OCAs who direct the classification and declassification of applicable information The requirements of this Instruction apply to all U S Government USG Departments Services Agencies and their contractors when implemented via contractual requirements consultants and licensees who own procure use operate or maintain NSS or who own or process national security information NSI This Instruction does not address information classified under the Atomic Energy Act of 1954 as amended Public Law 2 CNSS Instruction No 1100 83-703 Reference e SECTION IV – POLICY 7 In developing and maintaining classification guides for NSS OCAs with purview over that NSS the information residing in that NSS or the mission relying on that NSS must include classification and declassification guidance on applicable information for NSS and supporting components 8 In organizing the contents of their classification guides containing applicable information per Reference c Part 2001 Section 2001 15 OCAs must pay particular attention to ensure classification guide developers communicate within their D As with other D As developing guides for similar activities with prospective users of the classification guides and with other subject matter experts SMEs This communication will help ensure the consistency and uniformity of classification and declassification decisions within and across D As 9 All classification guides containing applicable information must be substantively reviewed and properly classified per Reference b SECTION V – RESPONSIBILITIES 10 The heads of D As designated or delegated as OCAs per Reference b must a Make releasable classification guides which contain applicable information for programs under their purview available to other D As helping to ensure consistency and uniformity of classification and declassification decisions b Enter into agreements when necessary with other D A OCAs to develop cross-organizational classification guides that include applicable information to clearly articulate respective responsibilities for cross-organizational classification guide development coordination maintenance reissuance and dispute resolution In the case of disputes between the parties entering into cross-organizational agreements a D A may pursue a classification challenge per section 1 8 of Reference b with the responsible D A c Consult with NSA and other relevant SMEs during development of and decisions on classification guides that include applicable information 11 NSA as National Manager for NSS per References a d and CNSS Directive No 502 National Directive on Security of National Security Systems Reference f must a Act as the focal point and SME for classification guides that include applicable information b Support D As during development of and decisions on classification guides that include applicable information 3 CNSS Instruction No 1100 c Maintain an online repository or repositories to make available approved releasable classification guides that include applicable information helping to ensure consistency and uniformity across D As during classification and declassification decisions classification guide revisions and new classification guide development SECTION VI - DEFINITIONS 12 All definitions of terms used in this issuance are defined in CNSSI No 4009 Committee on National Security Systems CNSS Glossary Reference g The only exceptions are the definitions of “OCA” and “classification guide” which are defined in Reference b SECTION VII - REFERENCES 13 Future updates to referenced documents must be considered applicable to this Instruction References applicable to this Instruction are found in Annex A 4 CNSS Instruction No 1100 ANNEX A – REFERENCES a National Security Directive 42 NSD-42 National Policy for the Security of National Security Telecommunications and Information Systems 5 July 1990 b Executive Order E O 13526 Classified National Security Information 29 December 2009 c National Archives and Records Administration Information Security Oversight Office 32 CFR Parts 2001 and 2003 Classified National Security Information 28 June 2010 d Executive Order E O 12333 United States Intelligence Activities dated 4 December 1981 as amended by EOs 13284 2003 13355 2004 and 13470 2008 e Atomic Energy Act of 1954 as amended Public Law 83-703 30 August 1954 f Committee on National Security Systems Directive CNSSD No 502 National Directive on Security of National Security Systems 16 December 2004 g Committee on National Security Systems Instruction CNSSI No 4009 Committee on National Security Systems CNSS Glossary 6 April 2015 A-1 CNSS Instruction No 1100 ANNEX B – ACRONYM LIST CFR CNSS CNSSD CNSSI D A DNI E O NSA NSD NSI NSS OCA SME U S USG Code of Federal Regulations Committee on National Security Systems Committee on National Security Systems Directive Committee on National Security Systems Instruction Department Agency Director of National Intelligence Executive Order National Security Agency National Security Directive National Security Information National Security System Original Classification Authority Subject Matter Expert United States United States Government B-1