GSC - An MOD Brief Guide (DRAFT) v1.9 - DISA
DRAFT
A UK MOD Short Guide to
The UK Government’s New Security Classification System
The Old System:
|UNCLASSIFIED |PROTECT |RESTRICTED |CONFIDENTIAL |SECRET |TOP SECRET |
The New System:
|OFFICIAL[1] |SECRET |TOP SECRET |
Key Points:
o Going from six classifications to three.
o The removal of UNCLASSIFIED reasserts the fact that all Government information has value and should be handled with appropriate care.
o Individuals will have more discretion within OFFICIAL than in the old RESTRICTED domain.
o No direct read-across from old to new system within HMG.
o In certain areas a direct comparison is required for dealing with Industry, International Partners and legacy issues.
The New System (from 2 Apr 14):
|Tier One |Tier Two |Tier Three |
|OFFICIAL[2] |SECRET |TOP SECRET |
Information Handling Guidance – Marking, Sharing, Transmission and Storage (UK officials, partners, industry):
|MOD will not mark documents “OFFICIAL” |Marked “OFFICIAL - SENSITIVE” |Marked “SECRET” |Marked |
| | | |“TOP SECRET” |
|(However, other Government departments may. | | | |
|There is no difference in handling if marked or unmarked) | | | |
|Information to be handled with appropriate care. |Information to be handled with greater care. |Except for the reduction in ‘descriptors’ (detailed to the |As SECRET |
|The document does not normally carry any handling |Can include National caveats[3]. Can include only three additional |left) – No Change | |
|instructions but may do so if the originator thinks it is |descriptors if further handling instructions required |National caveats, codewords and any special handling | |
|needed. |PERSONAL[4] |instructions remain | |
| |COMMERCIAL[5] | | |
| |LIMITED CIRCULATION[6] | | |
|Sharing Information: Author/owner or recipient to determine.|Sharing (no descriptor): HMG author/owner or HMG recipient to |No change to current policy |No change to current policy |
| |determine on a clear ‘need to know’ basis. | | |
| |External organisations to seek HMG authority to share (or already | | |
|Remote working: User to determine but ensure information |authorised under MoU etc) | | |
|cannot be overlooked. | | | |
|IT Transmission of Information: User discretion but in most |Sharing (with descriptor): HMG author/owner to determine on a clear | | |
|circumstances HMG approved IT systems / devices. |‘need to know’ basis. | | |
| |All recipients to seek HMG author /owner authority to share (or | | |
|Storage: User discretion but in most circumstances, HMG |already authorised under MoU etc) | | |
|approved IT systems / devices. or physical ‘standard’ lock &| | | |
|key. | | | |
| | | | |
| | | | |
| | | | |
| |Remote working (All): User to determine but not normally allowed | | |
| |unless suitably configured devices/services are used; essential that | | |
| |information cannot be overlooked. | | |
| | | | |
| |Transmission: HMG approved IT systems / devices. or in priority | | |
| |circumstances, originator approval needed if no approved IT. | | |
| |Storage: HMG approved IT systems / devices, or physical ‘standard’ | | |
| |lock & key. If descriptor/caveat used then mandatory ‘locked-down’ | | |
| |team sites / folders with authorised access lists, are required. | | |
The New System (from 2 Apr 14):
|OFFICIAL[7] |SECRET |TOP SECRET |
LEGACY DOCUMENTS or LEGACY PHYSICAL ASSETS
|UNCLASSIFIED |PROTECT |RESTRICTED |CONFIDENTIAL |SECRET |TOP SECRET |
|Unless an HMG author / owner or HMG recipient reassesses the information, data or asset, it retains original |Unless originator reassesses information, data or asset, it retains original markings and handling caveats / |
|markings and handling caveats / descriptors, and Sy control measures |descriptors, and Sy control measures |
|Sharing Information: Any |Sharing Information: HMG author/owner or HMG recipient to determine. |Sharing Info: No change |No Change |No Change |
|author/owner or recipient to |External organisations to seek approval |Transmission of Information: |HMG approved IT systems / devices for Tier |HMG approved IT systems / |
|determine. |Transmission of Information: HMG approved IT systems / devices mandated.|Legacy[8] ‘CONFIDENTIAL’ system or |Two mandated. |devices for Tier Three |
|Transmission of Information: Over |Storage: Legacy (or post 2 Apr 14) HMG approved IT systems / devices |Tier Two IT system mandated. | |mandated. |
|any system |mandatory or legacy |Storage: Legacy ‘CONFIDENTIAL’ IT | | |
|Storage: Any system |RESTRICTED physical security measures. |system or Tier Two system mandated.| | |
| | | | | |
| | |Legacy Phys Sy measures, moving to | | |
| | |Tier Two as soon as practicable. | | |
SHARING WITH INTERNATIONAL PARTNERS
The New UK System (from 2 Apr 14):
|Tier One |Tier Two |Tier Three |
|OFFICIAL[9] |SECRET |TOP SECRET |
INTERNATIONAL CLASSIFICATIONS – International Information being received by UK
|UNCLASSIFIED |RESTRICTED |CONFIDENTIAL |SECRET |TOP SECRET |
| | |No UK equivalent |UK will treat as SECRET |UK will treat as TOP SECRET |
|UK will treat as OFFICIAL |UK will treat as OFFICIAL – SENSITIVE but with slightly less |UK will treat as SECRET[10] | | |
| |discretion (as mandated in international agreements (see below) | | | |
|Sharing Information: Author/owner or recipient to determine. |Sharing: HMG recipient to determine on a clear ‘need to know’ basis. |Sharing Info: No change |Sharing Info: No change |No Change |
| |External organisations to seek HMG authority to share |Transmission of Information: |. | |
|Remote working: User to determine but ensure information cannot | |Legacy[11] ‘CONFIDENTIAL’ |HMG approved IT systems / | |
|be overlooked. |Remote working: Not permitted unless suitably configured |system or Tier Two IT system |devices for Tier Two |HMG approved IT systems / |
|IT Transmission of Information: User discretion but in most |devices/services are used; essential that information cannot be |mandated. |mandated |devices for Tier Three |
|circumstances HMG approved IT systems / devices. |overlooked. |Storage: Legacy | |mandated |
|Storage: User discretion but in most circumstances, HMG approved| |‘CONFIDENTIAL’ IT system or | | |
|IT systems / devices. or physical ‘standard’ lock & key. |Transmission: Mandatory HMG approved IT systems / devices. |Tier Two system mandated. | | |
| |Storage: HMG approved IT systems / devices, or physical ‘standard’ |Legacy Phys Sy measures | | |
| |lock & key. |moving to Tier Two as soon as| | |
| | |practicable. | | |
-----------------------
[1] The majority of routine HMG business will be conducted in this space. The aim is to have all Tier 1 HMG IT to have Foundation Grade Encryption (or suitable alternative control) and allow considerably more remote working and use of additional mobile IT devices.
[2] The majority of routine HMG business will be conducted in this space. The aim is to have all Tier 1 HMG IT to have Foundation Grade Encryption (or suitable alternative control) and allow considerably more remote working and use of additional mobile IT devices.
[3] Eg: UK EYES ONLY, FIVE EYES, UK/US EYES ONLY etc
[4] OFFICIAL-SENSITIVE PERSONAL Information which MOD has a legal duty to protect under the Data Protection Act. Note: this does not mean that every individual piece of personal date is SENSITIVE. See GSC FAQ 3
[5] OFFICIAL-SENSITIVE COMMERCIAL Information which is SENSITIVE and can only be shared with appropriate contract companies under HMG contracting policies or legal requirement.
[6] The document circulation is limited to that described in the ‘distribution List’ and must be ‘locked down within a controls ‘team site or ‘file folder’
[7] The majority of routine HMG business will be conducted in this space. The aim is to have all Tier 1 HMG IT to have Foundation Grade Encryption (or suitable alternative control) and allow considerably more remote working and use of additional mobile IT devices.
[8] Legacy IT systems accredited for Confidential to be reassessed in line with CIO policy
[9] The majority of routine HMG business will be conducted in this space. The aim is to have all Tier 1 HMG IT to have Foundation Grade Encryption (or suitable alternative control) and allow considerably more remote working and use of additional mobile IT devices.
[10] When UK receive a CONFIDENTIAL document from an international partner it may require to be dual marked eg UK SECRET / NATO CONFIDENTIAL, in order that we do not potentially confuse our partners by sending back a document which they may interpret as INTERNATIONAL SECRET when it is in fact only INTERNATIONAL CONFIDENTIAL.
[11] Legacy IT systems accredited for Confidential to be reassessed in line with CIO policy
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- minecraft crafting guide mod 1.12.2
- minecraft crafting guide mod curse
- crafting guide mod 1.12.2
- minecraft crafting guide mod 1.7.10
- crafting guide mod 1.7.10
- guide book mod 1 12 2
- 1 12 2 crafting guide mod download
- crafting guide mod 1 12 2
- crafting guide mod 1 7 10
- crafting guide mod 1 12 2 curse
- minecraft crafting guide mod 1 7 10
- minecraft crafting guide mod 1 12 2