Army Regulation 380–5 Security Department of the Army Information Security Program Headquarters Department of the Army Washington, DC 29 September 2000 UNCLASSIFIED Management Control Section I Management Control Evaluation Checklist F–1. Purpose The purpose of this checklist is to assist Command Security Managers and Management Control Administrators (MCAs) in evaluating the key management controls outlined below. It is not intended to cover all controls. It is to be answered in a YES/NO/NA format. A negative response (NO) is to be explained at the end of the question. The locations in bold are provided as reference points within AR 380–5. F–2. Instructions Answers must be based on the actual testing of key management controls (e.g., document analysis, direct observation, sampling, simulation, etc.). Answers that indicate deficiencies must be explained and corrective action indicated in supporting documentation. These key management controls must be formally evaluated at least once every five years. Certification that this evaluation has been conducted must be accomplished on DA Form 11–2–R (Management Control Evaluation Certification Statement). All Department of the Army units, with access to classified information, will develop and implement an inspection program for annual inspections. This checklist can serve as the base for the annual inspection and can include other questions as determined by the agency or command performing the inspection. Inspection programs are used to evaluate the effectiveness of these key management controls as well as other requirements of this regulation as they apply to the command being inspected. F–3. Test questions Chapter 1 General Provisions and Program Management Paragraph 1–5 Responsibilities of Deputy Chief of Staff for Intelligence (DCSINT), Headquarters Department of the Army. Does the DCSINT, DAMI–CH— a. Promulgate (or cause to promulgate) policy, procedures, and programs necessary for the implementation of EO 12958 and resulting national and DOD directives? b. Monitor, evaluate, and report on the administration of the Army Information Security Program? c.EnsuretheMajorArmyCommands(MACOM),andother agencies,establishandmaintainanongoing self–inspection program, to include periodic reviews and assessments of their classified products? d. Respond to information security matters pertaining to classified information that originated in an Army activity that no longer exists and for which there is no successor in function? e. Delegate SECRET and CONFIDENTIAL Original Classification Authority (OCA) to other Army officials? f. Commit needed resources for effective policy development and oversight of the programs established by this regulation? Paragraph 1–6 Responsibilities of the Commander. Does the Commander— a. Establish written local information security policies and procedures? b. Initiate and supervise measures or instructions necessary to ensure continual control of classified information and materials? c. Assure that persons requiring access to classified information are properly cleared? d. Continually assess the individual trustworthiness of personnel who possess a security clearance? grade to effectively discharge assigned duties and responsibilities? f. Make sure the Command Security Manager is afforded security training consistent to the duties assigned? g. Make sure adequate funding and personnel are available to allow security management personnel to manage and administer applicable information security program requirements? h. Review and inspect annually the effectiveness of the Information Security Program in subordinate commands? i. Make sure prompt and appropriate responses are given, or forward for higher echelon decision, any problems, suggestions, requests, appeals, challenges, or complaints arising out of the implementation of this regulation? Paragraph 1-7 Responsibilities of the Command Security Manager. Does the Command Security Manager— a. Advise and represent the Commander on matters related to the classification, downgrading, declassification, and safeguarding of national security information? b. Establish and implement an effective security education program, as required by chapter 9 of this regulation? c. Establish procedures for assuring that all persons handling classified material are properly cleared? Is the clearance status of each individual recorded and accessible for verification? d. Advise and assist officials on classification problems and the development of classification guidance? e.Ensurethatclassificationguidesforclassifiedplans, programs,andprojectsareproperlypreparedand maintained? f. Conduct a periodic review of classifications assigned within the activity to ensure that classification decisions are proper? g. Review all classified documents, in coordination with the agency or command records management officer, to ensure consistency with operational and statutory requirements? h. Continually reduce, by declassification, destruction, or retirement, unneeded classified material? i. Submit, in a timely manner, Standard Form 311 (Information Security Program Data Report) to DAMI–CH, annually, as required? j. Supervise or conduct security inspections and spot checks and notify the Commander regarding compliance with this regulation and other applicable security directives? k. Assist and advise the Commander on matters pertaining to the enforcement of regulations governing the dissemination, reproduction, transmission, safeguarding, and destruction of classified material? l. Make recommendations on requests for visits by foreign nationals, and provide security and disclosure guidance if visit is approved? m. Make sure of the completion of inquiries and reporting of security violations occur including compromises or other threats to the safeguarding of classified information? n. Recommend to the decision official whether or not administrative sanction is warranted, and/or indicate corrective action that should be taken concerning security violations? o. Make sure proposed public releases on classified programs are reviewed to preclude the release of classified information, or other sensitive unclassified information covered under the Freedom of Information Act? p. Establish and maintain visit control procedures for visitors are authorized access to classified information? q. Issue contingency plans for the emergency destruction of classified information and, where necessary, for the safeguarding of classified information used in or near hostile or potentially hostile areas? r. Act as the single point of contact to coordinate and resolve classification or declassification problems? s. Report data as required by this regulation? Paragraph 1–8 Responsibilities of the Supervisor. Does the Supervisor— a. Make sure subordinate personnel who require access to classified information are properly cleared and are given access only to that information for which they have a need–to–know? b. Make sure subordinate personnel are trained in, understand, and follow the requirements of this regulation and local command policy and procedures concerning the information security program? c. Continually assess the eligibility for access to classified information of subordinate personnel and report to the Command Security Manager any information that may have a bearing on that eligibility? d. Supervise personnel in the execution of procedures necessary to allow the continuous safeguarding and control of classified information? e. Include the management of classified information as a critical element/item/objective in personnel performance evaluations, where deemed appropriate, in accordance with Army personnel policy and paragraph 1–5c of this regulation? (A supervisor should include the protection of classified information as a performance evaluation factor or objective for other personnel as the supervisor deems appropriate.) f. Lead by example? Does he/she follow Command and Army policy and procedures to properly protect classified information and to appropriately classify and declassify information as stated in this regulation?
Pages to are hidden for
"Army Regulation 380â€“5"Please download to view full document