Army Regulation 380–5 by smb11581


									Army Regulation 380–5


Department of the Army Information Security Program

Headquarters Department of the Army Washington, DC

29 September 2000


Management Control
Section I
Management Control Evaluation Checklist
F–1. Purpose
The purpose of this checklist is to assist Command Security Managers and
Management Control Administrators
(MCAs) in evaluating the key management controls outlined below. It is not
intended to cover all controls. It is to be
answered in a YES/NO/NA format. A negative response (NO) is to be explained
at the end of the question. The
locations in bold are provided as reference points within AR 380–5.
F–2. Instructions
Answers must be based on the actual testing of key management controls (e.g.,
document analysis, direct observation,
sampling, simulation, etc.). Answers that indicate deficiencies must be explained
and corrective action indicated in
supporting documentation. These key management controls must be formally
evaluated at least once every five years.
Certification that this evaluation has been conducted must be accomplished on
DA Form 11–2–R (Management Control
Evaluation Certification Statement). All Department of the Army units, with
access to classified information, will
develop and implement an inspection program for annual inspections. This
checklist can serve as the base for the
annual inspection and can include other questions as determined by the agency
or command performing the inspection.
Inspection programs are used to evaluate the effectiveness of these key
management controls as well as other
requirements of this regulation as they apply to the command being inspected.
F–3. Test questions
Chapter 1 General Provisions and Program Management
Paragraph 1–5
Responsibilities of Deputy Chief of Staff for Intelligence (DCSINT), Headquarters
Department of the Army.
a. Promulgate (or cause to promulgate) policy, procedures, and programs
necessary for the implementation of EO
12958 and resulting national and DOD directives?
b. Monitor, evaluate, and report on the administration of the Army Information
Security Program?
self–inspection program, to include periodic reviews and assessments of their
classified products?
d. Respond to information security matters pertaining to classified information
that originated in an Army activity
that no longer exists and for which there is no successor in function?
e. Delegate SECRET and CONFIDENTIAL Original Classification Authority
(OCA) to other Army officials?
f. Commit needed resources for effective policy development and oversight of the
programs established by this
Paragraph 1–6
Responsibilities of the Commander.
Does the Commander—
a. Establish written local information security policies and procedures?
b. Initiate and supervise measures or instructions necessary to ensure continual
control of classified information and
c. Assure that persons requiring access to classified information are properly
d. Continually assess the individual trustworthiness of personnel who possess a
security clearance?
grade to effectively discharge assigned duties and responsibilities?
f. Make sure the Command Security Manager is afforded security training
consistent to the duties assigned?
g. Make sure adequate funding and personnel are available to allow security
management personnel to manage and
administer applicable information security program requirements?
h. Review and inspect annually the effectiveness of the Information Security
Program in subordinate commands?
i. Make sure prompt and appropriate responses are given, or forward for higher
echelon decision, any problems,
suggestions, requests, appeals, challenges, or complaints arising out of the
implementation of this regulation?
Paragraph 1-7
Responsibilities of the Command Security Manager.
Does the Command Security Manager—
a. Advise and represent the Commander on matters related to the classification,
downgrading, declassification, and
safeguarding of national security information?
b. Establish and implement an effective security education program, as required
by chapter 9 of this regulation?
c. Establish procedures for assuring that all persons handling classified material
are properly cleared? Is the
clearance status of each individual recorded and accessible for verification?
d. Advise and assist officials on classification problems and the development of
classification guidance?
f. Conduct a periodic review of classifications assigned within the activity to
ensure that classification decisions are
g. Review all classified documents, in coordination with the agency or command
records management officer, to
ensure consistency with operational and statutory requirements?
h. Continually reduce, by declassification, destruction, or retirement, unneeded
classified material?
i. Submit, in a timely manner, Standard Form 311 (Information Security Program
Data Report) to DAMI–CH,
annually, as required?
j. Supervise or conduct security inspections and spot checks and notify the
Commander regarding compliance with
this regulation and other applicable security directives?
k. Assist and advise the Commander on matters pertaining to the enforcement of
regulations governing the dissemination,
reproduction, transmission, safeguarding, and destruction of classified material?
l. Make recommendations on requests for visits by foreign nationals, and provide
security and disclosure guidance if
visit is approved?
m. Make sure of the completion of inquiries and reporting of security violations
occur including compromises or
other threats to the safeguarding of classified information?
n. Recommend to the decision official whether or not administrative sanction is
warranted, and/or indicate corrective
action that should be taken concerning security violations?
o. Make sure proposed public releases on classified programs are reviewed to
preclude the release of classified
information, or other sensitive unclassified information covered under the
Freedom of Information Act?
p. Establish and maintain visit control procedures for visitors are authorized
access to classified information?
q. Issue contingency plans for the emergency destruction of classified
information and, where necessary, for the
safeguarding of classified information used in or near hostile or potentially hostile
r. Act as the single point of contact to coordinate and resolve classification or
declassification problems?
s. Report data as required by this regulation?
Paragraph 1–8
Responsibilities of the Supervisor.
Does the Supervisor—
a. Make sure subordinate personnel who require access to classified information
are properly cleared and are given
access only to that information for which they have a need–to–know?
b. Make sure subordinate personnel are trained in, understand, and follow the
requirements of this regulation and
local command policy and procedures concerning the information security
c. Continually assess the eligibility for access to classified information of
subordinate personnel and report to the
Command Security Manager any information that may have a bearing on that
d. Supervise personnel in the execution of procedures necessary to allow the
continuous safeguarding and control of
classified information?
e. Include the management of classified information as a critical
element/item/objective in personnel performance
evaluations, where deemed appropriate, in accordance with Army personnel
policy and paragraph 1–5c of this
regulation? (A supervisor should include the protection of classified information
as a performance evaluation factor or
objective for other personnel as the supervisor deems appropriate.)
f. Lead by example? Does he/she follow Command and Army policy and
procedures to properly protect classified
information and to appropriately classify and declassify information as stated in
this regulation?

To top