Upload
tranquynh
View
223
Download
0
Embed Size (px)
Citation preview
SELF-INSPECTIONS
May 8 2015
Presentation Outline
bull Background
bull Requirements of EO 13526 amp 32 CFR Part 2001
bull What Self-Inspections Should Accomplish
bull Self-Inspection Reports Observations
bull Self-Inspection Reporting to ISOO
Background
In what year did this quote appear in the ISOO annual report
Dedicated and effective agency self-inspection is the best means of assuring that the provisions of the Order are being carried out
FY 1979
Background
Why the detailed self-inspection reporting under EO 13526
Requirements
EO 13526 Classified National Security Information Section 54d)4))
32 CFR Part 2001 (sect 200160)
bull Self-Inspection Program Requirements of the Order
o On-going program
o Regular reviews of representative samples of the agencys original and derivative classification actions
o Authorize appropriate agency officials to correct misclassification actions
o Report annually to the Director of ISOO on the agencys selfshyinspection program
bull Self-Inspection Program Requirements of the Directive
o SAO responsible for directing and administering
o SAO designates personnel to carry out responsibility
o Program to be structured to provide SAO with
information necessary
bullto assess the effectiveness of the CNSI program
)-within individual activities and
)-the agency as a whole
bull Self-Inspection Program Requirements of the Directive
o Evaluate adherence to the principles and requirements of the Order and Directive
o Evaluate effectiveness of agency programs covering
bull Original Classification
bull Derivative Classification
bull Declassification
bull Safeguarding
bull Security Violations
bull Education and Training
bull Management and Oversi
bull Self-Inspection Program Requirements of the Directive
o Review of Classification Actions bull Regular reviews of representative samples of the agencys
original and derivative actions
bull Encompass all activities that generate classified information
bull Include a sample of varying types of classified information (in document and electronic format)
bull Proportionally sufficient to enable a credible assessment of agencys classified product
bull Personnel who conduct are knowledgeable of classification and marking requirements and have access to pertinent classification guides
bull SAO authorize appropriate agency officials to correct misclassification
bull Self-Inspection Program Requirements of the Directive
o Frequency At least annually with SAO setting frequency based on program needs and degree of classification activity
o Coverage SAO establishes self-inspection coverage requirements based on program or policy needs
o Reporting Internal
bull SAO sets format for documenting
bull Security education and training should address underlying causes of findings and concerns of a systemic nature
o Reporting External
bull SAO reports annually to the Director of ISOO
The self- structured to
inspection provide the program SAO with must be information
necessary to assess the effectiveness of the CNSI program
within individual activities and
the agency as a whole
l~Q~
What Self-1nspections Should Accomplish
What Self-Inspections Should Accomplish
)) LL ~ ~) oU
Observations FY2014
Self-Inspection Reports to 1500
Observations FY 2014 Self-Inspection Reports
bull Reports have continued to improve bull Agencies are providing responses in nearly all of the
required areas bull Many agencies have refined their program descriptions
and appear to have made improvements to their selfshyinspection programs
bull For a number of agencies the reports suggest that a strong and effective self-inspection program is in place
bull While a few agencies reports suggest their selfshyinspection programs may not be getting the attention they require
Observations FY 2014 Self-Inspection Reports
The Good
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
Presentation Outline
bull Background
bull Requirements of EO 13526 amp 32 CFR Part 2001
bull What Self-Inspections Should Accomplish
bull Self-Inspection Reports Observations
bull Self-Inspection Reporting to ISOO
Background
In what year did this quote appear in the ISOO annual report
Dedicated and effective agency self-inspection is the best means of assuring that the provisions of the Order are being carried out
FY 1979
Background
Why the detailed self-inspection reporting under EO 13526
Requirements
EO 13526 Classified National Security Information Section 54d)4))
32 CFR Part 2001 (sect 200160)
bull Self-Inspection Program Requirements of the Order
o On-going program
o Regular reviews of representative samples of the agencys original and derivative classification actions
o Authorize appropriate agency officials to correct misclassification actions
o Report annually to the Director of ISOO on the agencys selfshyinspection program
bull Self-Inspection Program Requirements of the Directive
o SAO responsible for directing and administering
o SAO designates personnel to carry out responsibility
o Program to be structured to provide SAO with
information necessary
bullto assess the effectiveness of the CNSI program
)-within individual activities and
)-the agency as a whole
bull Self-Inspection Program Requirements of the Directive
o Evaluate adherence to the principles and requirements of the Order and Directive
o Evaluate effectiveness of agency programs covering
bull Original Classification
bull Derivative Classification
bull Declassification
bull Safeguarding
bull Security Violations
bull Education and Training
bull Management and Oversi
bull Self-Inspection Program Requirements of the Directive
o Review of Classification Actions bull Regular reviews of representative samples of the agencys
original and derivative actions
bull Encompass all activities that generate classified information
bull Include a sample of varying types of classified information (in document and electronic format)
bull Proportionally sufficient to enable a credible assessment of agencys classified product
bull Personnel who conduct are knowledgeable of classification and marking requirements and have access to pertinent classification guides
bull SAO authorize appropriate agency officials to correct misclassification
bull Self-Inspection Program Requirements of the Directive
o Frequency At least annually with SAO setting frequency based on program needs and degree of classification activity
o Coverage SAO establishes self-inspection coverage requirements based on program or policy needs
o Reporting Internal
bull SAO sets format for documenting
bull Security education and training should address underlying causes of findings and concerns of a systemic nature
o Reporting External
bull SAO reports annually to the Director of ISOO
The self- structured to
inspection provide the program SAO with must be information
necessary to assess the effectiveness of the CNSI program
within individual activities and
the agency as a whole
l~Q~
What Self-1nspections Should Accomplish
What Self-Inspections Should Accomplish
)) LL ~ ~) oU
Observations FY2014
Self-Inspection Reports to 1500
Observations FY 2014 Self-Inspection Reports
bull Reports have continued to improve bull Agencies are providing responses in nearly all of the
required areas bull Many agencies have refined their program descriptions
and appear to have made improvements to their selfshyinspection programs
bull For a number of agencies the reports suggest that a strong and effective self-inspection program is in place
bull While a few agencies reports suggest their selfshyinspection programs may not be getting the attention they require
Observations FY 2014 Self-Inspection Reports
The Good
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
Background
In what year did this quote appear in the ISOO annual report
Dedicated and effective agency self-inspection is the best means of assuring that the provisions of the Order are being carried out
FY 1979
Background
Why the detailed self-inspection reporting under EO 13526
Requirements
EO 13526 Classified National Security Information Section 54d)4))
32 CFR Part 2001 (sect 200160)
bull Self-Inspection Program Requirements of the Order
o On-going program
o Regular reviews of representative samples of the agencys original and derivative classification actions
o Authorize appropriate agency officials to correct misclassification actions
o Report annually to the Director of ISOO on the agencys selfshyinspection program
bull Self-Inspection Program Requirements of the Directive
o SAO responsible for directing and administering
o SAO designates personnel to carry out responsibility
o Program to be structured to provide SAO with
information necessary
bullto assess the effectiveness of the CNSI program
)-within individual activities and
)-the agency as a whole
bull Self-Inspection Program Requirements of the Directive
o Evaluate adherence to the principles and requirements of the Order and Directive
o Evaluate effectiveness of agency programs covering
bull Original Classification
bull Derivative Classification
bull Declassification
bull Safeguarding
bull Security Violations
bull Education and Training
bull Management and Oversi
bull Self-Inspection Program Requirements of the Directive
o Review of Classification Actions bull Regular reviews of representative samples of the agencys
original and derivative actions
bull Encompass all activities that generate classified information
bull Include a sample of varying types of classified information (in document and electronic format)
bull Proportionally sufficient to enable a credible assessment of agencys classified product
bull Personnel who conduct are knowledgeable of classification and marking requirements and have access to pertinent classification guides
bull SAO authorize appropriate agency officials to correct misclassification
bull Self-Inspection Program Requirements of the Directive
o Frequency At least annually with SAO setting frequency based on program needs and degree of classification activity
o Coverage SAO establishes self-inspection coverage requirements based on program or policy needs
o Reporting Internal
bull SAO sets format for documenting
bull Security education and training should address underlying causes of findings and concerns of a systemic nature
o Reporting External
bull SAO reports annually to the Director of ISOO
The self- structured to
inspection provide the program SAO with must be information
necessary to assess the effectiveness of the CNSI program
within individual activities and
the agency as a whole
l~Q~
What Self-1nspections Should Accomplish
What Self-Inspections Should Accomplish
)) LL ~ ~) oU
Observations FY2014
Self-Inspection Reports to 1500
Observations FY 2014 Self-Inspection Reports
bull Reports have continued to improve bull Agencies are providing responses in nearly all of the
required areas bull Many agencies have refined their program descriptions
and appear to have made improvements to their selfshyinspection programs
bull For a number of agencies the reports suggest that a strong and effective self-inspection program is in place
bull While a few agencies reports suggest their selfshyinspection programs may not be getting the attention they require
Observations FY 2014 Self-Inspection Reports
The Good
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
Background
Why the detailed self-inspection reporting under EO 13526
Requirements
EO 13526 Classified National Security Information Section 54d)4))
32 CFR Part 2001 (sect 200160)
bull Self-Inspection Program Requirements of the Order
o On-going program
o Regular reviews of representative samples of the agencys original and derivative classification actions
o Authorize appropriate agency officials to correct misclassification actions
o Report annually to the Director of ISOO on the agencys selfshyinspection program
bull Self-Inspection Program Requirements of the Directive
o SAO responsible for directing and administering
o SAO designates personnel to carry out responsibility
o Program to be structured to provide SAO with
information necessary
bullto assess the effectiveness of the CNSI program
)-within individual activities and
)-the agency as a whole
bull Self-Inspection Program Requirements of the Directive
o Evaluate adherence to the principles and requirements of the Order and Directive
o Evaluate effectiveness of agency programs covering
bull Original Classification
bull Derivative Classification
bull Declassification
bull Safeguarding
bull Security Violations
bull Education and Training
bull Management and Oversi
bull Self-Inspection Program Requirements of the Directive
o Review of Classification Actions bull Regular reviews of representative samples of the agencys
original and derivative actions
bull Encompass all activities that generate classified information
bull Include a sample of varying types of classified information (in document and electronic format)
bull Proportionally sufficient to enable a credible assessment of agencys classified product
bull Personnel who conduct are knowledgeable of classification and marking requirements and have access to pertinent classification guides
bull SAO authorize appropriate agency officials to correct misclassification
bull Self-Inspection Program Requirements of the Directive
o Frequency At least annually with SAO setting frequency based on program needs and degree of classification activity
o Coverage SAO establishes self-inspection coverage requirements based on program or policy needs
o Reporting Internal
bull SAO sets format for documenting
bull Security education and training should address underlying causes of findings and concerns of a systemic nature
o Reporting External
bull SAO reports annually to the Director of ISOO
The self- structured to
inspection provide the program SAO with must be information
necessary to assess the effectiveness of the CNSI program
within individual activities and
the agency as a whole
l~Q~
What Self-1nspections Should Accomplish
What Self-Inspections Should Accomplish
)) LL ~ ~) oU
Observations FY2014
Self-Inspection Reports to 1500
Observations FY 2014 Self-Inspection Reports
bull Reports have continued to improve bull Agencies are providing responses in nearly all of the
required areas bull Many agencies have refined their program descriptions
and appear to have made improvements to their selfshyinspection programs
bull For a number of agencies the reports suggest that a strong and effective self-inspection program is in place
bull While a few agencies reports suggest their selfshyinspection programs may not be getting the attention they require
Observations FY 2014 Self-Inspection Reports
The Good
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
Requirements
EO 13526 Classified National Security Information Section 54d)4))
32 CFR Part 2001 (sect 200160)
bull Self-Inspection Program Requirements of the Order
o On-going program
o Regular reviews of representative samples of the agencys original and derivative classification actions
o Authorize appropriate agency officials to correct misclassification actions
o Report annually to the Director of ISOO on the agencys selfshyinspection program
bull Self-Inspection Program Requirements of the Directive
o SAO responsible for directing and administering
o SAO designates personnel to carry out responsibility
o Program to be structured to provide SAO with
information necessary
bullto assess the effectiveness of the CNSI program
)-within individual activities and
)-the agency as a whole
bull Self-Inspection Program Requirements of the Directive
o Evaluate adherence to the principles and requirements of the Order and Directive
o Evaluate effectiveness of agency programs covering
bull Original Classification
bull Derivative Classification
bull Declassification
bull Safeguarding
bull Security Violations
bull Education and Training
bull Management and Oversi
bull Self-Inspection Program Requirements of the Directive
o Review of Classification Actions bull Regular reviews of representative samples of the agencys
original and derivative actions
bull Encompass all activities that generate classified information
bull Include a sample of varying types of classified information (in document and electronic format)
bull Proportionally sufficient to enable a credible assessment of agencys classified product
bull Personnel who conduct are knowledgeable of classification and marking requirements and have access to pertinent classification guides
bull SAO authorize appropriate agency officials to correct misclassification
bull Self-Inspection Program Requirements of the Directive
o Frequency At least annually with SAO setting frequency based on program needs and degree of classification activity
o Coverage SAO establishes self-inspection coverage requirements based on program or policy needs
o Reporting Internal
bull SAO sets format for documenting
bull Security education and training should address underlying causes of findings and concerns of a systemic nature
o Reporting External
bull SAO reports annually to the Director of ISOO
The self- structured to
inspection provide the program SAO with must be information
necessary to assess the effectiveness of the CNSI program
within individual activities and
the agency as a whole
l~Q~
What Self-1nspections Should Accomplish
What Self-Inspections Should Accomplish
)) LL ~ ~) oU
Observations FY2014
Self-Inspection Reports to 1500
Observations FY 2014 Self-Inspection Reports
bull Reports have continued to improve bull Agencies are providing responses in nearly all of the
required areas bull Many agencies have refined their program descriptions
and appear to have made improvements to their selfshyinspection programs
bull For a number of agencies the reports suggest that a strong and effective self-inspection program is in place
bull While a few agencies reports suggest their selfshyinspection programs may not be getting the attention they require
Observations FY 2014 Self-Inspection Reports
The Good
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
bull Self-Inspection Program Requirements of the Order
o On-going program
o Regular reviews of representative samples of the agencys original and derivative classification actions
o Authorize appropriate agency officials to correct misclassification actions
o Report annually to the Director of ISOO on the agencys selfshyinspection program
bull Self-Inspection Program Requirements of the Directive
o SAO responsible for directing and administering
o SAO designates personnel to carry out responsibility
o Program to be structured to provide SAO with
information necessary
bullto assess the effectiveness of the CNSI program
)-within individual activities and
)-the agency as a whole
bull Self-Inspection Program Requirements of the Directive
o Evaluate adherence to the principles and requirements of the Order and Directive
o Evaluate effectiveness of agency programs covering
bull Original Classification
bull Derivative Classification
bull Declassification
bull Safeguarding
bull Security Violations
bull Education and Training
bull Management and Oversi
bull Self-Inspection Program Requirements of the Directive
o Review of Classification Actions bull Regular reviews of representative samples of the agencys
original and derivative actions
bull Encompass all activities that generate classified information
bull Include a sample of varying types of classified information (in document and electronic format)
bull Proportionally sufficient to enable a credible assessment of agencys classified product
bull Personnel who conduct are knowledgeable of classification and marking requirements and have access to pertinent classification guides
bull SAO authorize appropriate agency officials to correct misclassification
bull Self-Inspection Program Requirements of the Directive
o Frequency At least annually with SAO setting frequency based on program needs and degree of classification activity
o Coverage SAO establishes self-inspection coverage requirements based on program or policy needs
o Reporting Internal
bull SAO sets format for documenting
bull Security education and training should address underlying causes of findings and concerns of a systemic nature
o Reporting External
bull SAO reports annually to the Director of ISOO
The self- structured to
inspection provide the program SAO with must be information
necessary to assess the effectiveness of the CNSI program
within individual activities and
the agency as a whole
l~Q~
What Self-1nspections Should Accomplish
What Self-Inspections Should Accomplish
)) LL ~ ~) oU
Observations FY2014
Self-Inspection Reports to 1500
Observations FY 2014 Self-Inspection Reports
bull Reports have continued to improve bull Agencies are providing responses in nearly all of the
required areas bull Many agencies have refined their program descriptions
and appear to have made improvements to their selfshyinspection programs
bull For a number of agencies the reports suggest that a strong and effective self-inspection program is in place
bull While a few agencies reports suggest their selfshyinspection programs may not be getting the attention they require
Observations FY 2014 Self-Inspection Reports
The Good
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
bull Self-Inspection Program Requirements of the Directive
o SAO responsible for directing and administering
o SAO designates personnel to carry out responsibility
o Program to be structured to provide SAO with
information necessary
bullto assess the effectiveness of the CNSI program
)-within individual activities and
)-the agency as a whole
bull Self-Inspection Program Requirements of the Directive
o Evaluate adherence to the principles and requirements of the Order and Directive
o Evaluate effectiveness of agency programs covering
bull Original Classification
bull Derivative Classification
bull Declassification
bull Safeguarding
bull Security Violations
bull Education and Training
bull Management and Oversi
bull Self-Inspection Program Requirements of the Directive
o Review of Classification Actions bull Regular reviews of representative samples of the agencys
original and derivative actions
bull Encompass all activities that generate classified information
bull Include a sample of varying types of classified information (in document and electronic format)
bull Proportionally sufficient to enable a credible assessment of agencys classified product
bull Personnel who conduct are knowledgeable of classification and marking requirements and have access to pertinent classification guides
bull SAO authorize appropriate agency officials to correct misclassification
bull Self-Inspection Program Requirements of the Directive
o Frequency At least annually with SAO setting frequency based on program needs and degree of classification activity
o Coverage SAO establishes self-inspection coverage requirements based on program or policy needs
o Reporting Internal
bull SAO sets format for documenting
bull Security education and training should address underlying causes of findings and concerns of a systemic nature
o Reporting External
bull SAO reports annually to the Director of ISOO
The self- structured to
inspection provide the program SAO with must be information
necessary to assess the effectiveness of the CNSI program
within individual activities and
the agency as a whole
l~Q~
What Self-1nspections Should Accomplish
What Self-Inspections Should Accomplish
)) LL ~ ~) oU
Observations FY2014
Self-Inspection Reports to 1500
Observations FY 2014 Self-Inspection Reports
bull Reports have continued to improve bull Agencies are providing responses in nearly all of the
required areas bull Many agencies have refined their program descriptions
and appear to have made improvements to their selfshyinspection programs
bull For a number of agencies the reports suggest that a strong and effective self-inspection program is in place
bull While a few agencies reports suggest their selfshyinspection programs may not be getting the attention they require
Observations FY 2014 Self-Inspection Reports
The Good
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
bull Self-Inspection Program Requirements of the Directive
o Evaluate adherence to the principles and requirements of the Order and Directive
o Evaluate effectiveness of agency programs covering
bull Original Classification
bull Derivative Classification
bull Declassification
bull Safeguarding
bull Security Violations
bull Education and Training
bull Management and Oversi
bull Self-Inspection Program Requirements of the Directive
o Review of Classification Actions bull Regular reviews of representative samples of the agencys
original and derivative actions
bull Encompass all activities that generate classified information
bull Include a sample of varying types of classified information (in document and electronic format)
bull Proportionally sufficient to enable a credible assessment of agencys classified product
bull Personnel who conduct are knowledgeable of classification and marking requirements and have access to pertinent classification guides
bull SAO authorize appropriate agency officials to correct misclassification
bull Self-Inspection Program Requirements of the Directive
o Frequency At least annually with SAO setting frequency based on program needs and degree of classification activity
o Coverage SAO establishes self-inspection coverage requirements based on program or policy needs
o Reporting Internal
bull SAO sets format for documenting
bull Security education and training should address underlying causes of findings and concerns of a systemic nature
o Reporting External
bull SAO reports annually to the Director of ISOO
The self- structured to
inspection provide the program SAO with must be information
necessary to assess the effectiveness of the CNSI program
within individual activities and
the agency as a whole
l~Q~
What Self-1nspections Should Accomplish
What Self-Inspections Should Accomplish
)) LL ~ ~) oU
Observations FY2014
Self-Inspection Reports to 1500
Observations FY 2014 Self-Inspection Reports
bull Reports have continued to improve bull Agencies are providing responses in nearly all of the
required areas bull Many agencies have refined their program descriptions
and appear to have made improvements to their selfshyinspection programs
bull For a number of agencies the reports suggest that a strong and effective self-inspection program is in place
bull While a few agencies reports suggest their selfshyinspection programs may not be getting the attention they require
Observations FY 2014 Self-Inspection Reports
The Good
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
bull Self-Inspection Program Requirements of the Directive
o Review of Classification Actions bull Regular reviews of representative samples of the agencys
original and derivative actions
bull Encompass all activities that generate classified information
bull Include a sample of varying types of classified information (in document and electronic format)
bull Proportionally sufficient to enable a credible assessment of agencys classified product
bull Personnel who conduct are knowledgeable of classification and marking requirements and have access to pertinent classification guides
bull SAO authorize appropriate agency officials to correct misclassification
bull Self-Inspection Program Requirements of the Directive
o Frequency At least annually with SAO setting frequency based on program needs and degree of classification activity
o Coverage SAO establishes self-inspection coverage requirements based on program or policy needs
o Reporting Internal
bull SAO sets format for documenting
bull Security education and training should address underlying causes of findings and concerns of a systemic nature
o Reporting External
bull SAO reports annually to the Director of ISOO
The self- structured to
inspection provide the program SAO with must be information
necessary to assess the effectiveness of the CNSI program
within individual activities and
the agency as a whole
l~Q~
What Self-1nspections Should Accomplish
What Self-Inspections Should Accomplish
)) LL ~ ~) oU
Observations FY2014
Self-Inspection Reports to 1500
Observations FY 2014 Self-Inspection Reports
bull Reports have continued to improve bull Agencies are providing responses in nearly all of the
required areas bull Many agencies have refined their program descriptions
and appear to have made improvements to their selfshyinspection programs
bull For a number of agencies the reports suggest that a strong and effective self-inspection program is in place
bull While a few agencies reports suggest their selfshyinspection programs may not be getting the attention they require
Observations FY 2014 Self-Inspection Reports
The Good
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
bull Self-Inspection Program Requirements of the Directive
o Frequency At least annually with SAO setting frequency based on program needs and degree of classification activity
o Coverage SAO establishes self-inspection coverage requirements based on program or policy needs
o Reporting Internal
bull SAO sets format for documenting
bull Security education and training should address underlying causes of findings and concerns of a systemic nature
o Reporting External
bull SAO reports annually to the Director of ISOO
The self- structured to
inspection provide the program SAO with must be information
necessary to assess the effectiveness of the CNSI program
within individual activities and
the agency as a whole
l~Q~
What Self-1nspections Should Accomplish
What Self-Inspections Should Accomplish
)) LL ~ ~) oU
Observations FY2014
Self-Inspection Reports to 1500
Observations FY 2014 Self-Inspection Reports
bull Reports have continued to improve bull Agencies are providing responses in nearly all of the
required areas bull Many agencies have refined their program descriptions
and appear to have made improvements to their selfshyinspection programs
bull For a number of agencies the reports suggest that a strong and effective self-inspection program is in place
bull While a few agencies reports suggest their selfshyinspection programs may not be getting the attention they require
Observations FY 2014 Self-Inspection Reports
The Good
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
The self- structured to
inspection provide the program SAO with must be information
necessary to assess the effectiveness of the CNSI program
within individual activities and
the agency as a whole
l~Q~
What Self-1nspections Should Accomplish
What Self-Inspections Should Accomplish
)) LL ~ ~) oU
Observations FY2014
Self-Inspection Reports to 1500
Observations FY 2014 Self-Inspection Reports
bull Reports have continued to improve bull Agencies are providing responses in nearly all of the
required areas bull Many agencies have refined their program descriptions
and appear to have made improvements to their selfshyinspection programs
bull For a number of agencies the reports suggest that a strong and effective self-inspection program is in place
bull While a few agencies reports suggest their selfshyinspection programs may not be getting the attention they require
Observations FY 2014 Self-Inspection Reports
The Good
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
What Self-1nspections Should Accomplish
What Self-Inspections Should Accomplish
)) LL ~ ~) oU
Observations FY2014
Self-Inspection Reports to 1500
Observations FY 2014 Self-Inspection Reports
bull Reports have continued to improve bull Agencies are providing responses in nearly all of the
required areas bull Many agencies have refined their program descriptions
and appear to have made improvements to their selfshyinspection programs
bull For a number of agencies the reports suggest that a strong and effective self-inspection program is in place
bull While a few agencies reports suggest their selfshyinspection programs may not be getting the attention they require
Observations FY 2014 Self-Inspection Reports
The Good
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
What Self-Inspections Should Accomplish
)) LL ~ ~) oU
Observations FY2014
Self-Inspection Reports to 1500
Observations FY 2014 Self-Inspection Reports
bull Reports have continued to improve bull Agencies are providing responses in nearly all of the
required areas bull Many agencies have refined their program descriptions
and appear to have made improvements to their selfshyinspection programs
bull For a number of agencies the reports suggest that a strong and effective self-inspection program is in place
bull While a few agencies reports suggest their selfshyinspection programs may not be getting the attention they require
Observations FY 2014 Self-Inspection Reports
The Good
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
Observations FY2014
Self-Inspection Reports to 1500
Observations FY 2014 Self-Inspection Reports
bull Reports have continued to improve bull Agencies are providing responses in nearly all of the
required areas bull Many agencies have refined their program descriptions
and appear to have made improvements to their selfshyinspection programs
bull For a number of agencies the reports suggest that a strong and effective self-inspection program is in place
bull While a few agencies reports suggest their selfshyinspection programs may not be getting the attention they require
Observations FY 2014 Self-Inspection Reports
The Good
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
Observations FY 2014 Self-Inspection Reports
bull Reports have continued to improve bull Agencies are providing responses in nearly all of the
required areas bull Many agencies have refined their program descriptions
and appear to have made improvements to their selfshyinspection programs
bull For a number of agencies the reports suggest that a strong and effective self-inspection program is in place
bull While a few agencies reports suggest their selfshyinspection programs may not be getting the attention they require
Observations FY 2014 Self-Inspection Reports
The Good
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
Observations FY 2014 Self-Inspection Reports
The Good
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
Observations FY 2014 Self-Inspection Reports
Areas Were Attention is Required
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
Observations FY 2014 Self-Inspection Reports
(01 TIYI =40 of the Agencies that Identified CNSI Program Deficiencies Did Not Report Corrective Actions for Some or All of the Deficiencies that They Identified
bull 155 reported no corrective actions bull 244 reported corrective actions for some but not all
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
Observations FY 2014 Self-Inspection Reports
Many of the reported deficiencies for which no corrective actions were provided are in the key areas of training performance evaluations and classification challenges
Percentage of Agencies with 100 Percent Compliance
Percentage of Agencies with 90 Percent Compliance
Initial Training 913 9565
Refresher Training 500 7609 OCA Training 500 6364
Derivative Classifier Training 6389 8056 Performance Element 3696 4783
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
Observations FY 2014 Self-Inspection Reports
Other Core Requirements
Percentage of Agencies Reporting They Meet the Requirement
OCA Delegations Limited to Minimum Required 800 Classification Challenge Procedures 6739
Document Markings
Number Documents Reviewed
Percentage of Documents that Include the Required Marking
Identification of Derivative Classifiers 287446 7142
Listing of Multiple Sources
179650 6686
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
The Report to 1500
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
Endosure 2 AGENCY AIltWAL SELF-INSPECTION PROGRUf DATA FY 201~
~~-~)
PAKTA ~-
l poundmer lbt lpriCfGilD p l Emrdle-ofdislpOil l
3 Eimlb nDI Dile sctnss ~fA aDd Hrlliladdressof~ sior 3 AcYOIIicill (SAO) (01 - iDEO USl6 - S4(lfl) _lt fiordislpOil
14r-~~~-_filgtiop
s ampm lilt llllmlliie pbaat fuIIDd t-trlilil adfress filt die H( s -_ qttpdlacllllsnpct
PAitTB ~-scrily--(CNSI)rrp-rr--
6 JIM_ lpocf-dttipuolldolopMIISIDqldoloibioo-iry(OCAf 6 OYos ONo 1 Oots-_-porinapwdls-oaioiy 1 O YII ONo
I o v ONoI Oots-_-porina--1lt1irify 9 DotiylaquoJtIIltYhlwaa_wd~ruideaod~aru 9 ov ONo
PAitT C __
______SAO ______ofdltCNSIA~ofcbo ysself__iDlthldo_IIUISSed_s_ m~~- n
DRmllwitiD iDcbridlaJ IIIIICY Kliuies llldtltMIICTfi whole
10 BowIS theSAO ilmllwd iD 1bt wlf hista iiMtleam 1rirhdltstU -~==~~~~~10-_lllltISWJdgte_ sCgtiSlprornmmmriD
ll ~~~~~~=~=-~~-=i ~ibo_dle_impedxm
( or amrnn~r middot lGampm middot
Al1lllOIJZZI) - LOCAllPIODIIC1IINn cn200t Eo ll)26
The Report to ISOO
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov
Questions
BERT S W Senior Program Anaryst
Information Security 0 ve sight office
T 2023575398 F 2023575908
robertskwirotnaragov