Security Army Information Security Program

Army Regulation 380?5

Security

Army Information Security Program

Headquarters Department of the Army Washington, DC 22 October 2019

UNCLASSIFIED

SUMMARY of CHANGE

AR 380?5 Army Information Security Program

This major revision, dated 22 October 2019--

o Changes the title of the publication from "Department of the Army Information Security Program" to "Army Information Security Program" (cover).

o Removes marking guidance (formerly chap 4) and requires all Department of the Army personnel to apply marking standards set forth in Department of Defense Manual 5200.01, Volume 2 (para 1?15a).

o Updates language that addresses controlled unclassified information to meet the requirements outlined in Department of Defense Manual 5200.01, Volume 4 (chap 1, 4, and 8).

o Changes the requirements of self-inspections to be conducted at least annually versus biennially (para 1?24).

o Adds training requirements for derivative classifiers (para 2?6).

o Removes appendix G and refers to Department of Defense Manual 5200.45 for guidance on developing security classification guides (paras 2?17 and 8?7c).

o Updates the distribution list and process for security classification guides (para 2?18).

o Adds figure 3?1, Letter of Certification required by the Army Declassification Activity that address automatic and systematic declassification reviews (para 3?2c).

o Adds language requiring only equipment listed on an evaluated products list issued by National Security Agency/Central Security Service to be used to destroy classified information and materials (para 3?18).

o Removes language prohibiting cover sheets from being stored in security containers (formerly chap 4).

o Updates the language that addresses the Standard Form 312. Removes outdated mailing addresses for filing the Standard Form 312 and prohibits digital signatures on the Standard Form 312 (paras 5?2 and 5?3).

o Cancels DA Form 2962 and requires the use of the debriefing acknowledgement section of a Standard Form 312 (Classified Information Nondisclosure Agreement) for termination briefings (para 5?5).

o Changes the mandatory requirement for accountability and control of Top Secret (collateral) information (para 5?18).

o Adds section detailing guidance on control and safeguarding of Foreign Government information, addressing North Atlantic Treaty Organization unclassified and allowing the processing on the non-classified internet protocol router network (para 5?19).

o Clarifies language on removal of classified information for work at home (para 6?6).

o Adds requirement for Part 1 of the Standard Form 700 be sealed in an opaque envelope before storing inside of the locked drawer (or door) of the container for protection of the personally identifiable information (para 6?8d(1)).

o Updates instructions on applying the classification authority block of Part 2 of the Standard Form 700 envelope, treating such as a derivative classification (para 6?8d(2)).

o Changes minimum requirements from 4 hours to 8 hours for emergency power for intrusion detection equipment (para 6?16g(1)).

o Removes outdated language that addresses "lock replacement priorities" (formerly chap 6).

o Removes language related to transportation plans and requires DA commands to follow guidance outlined in the Department of Defense Manual 5200.01, V3 and the appendix in enclosure 4 (para 7?6b).

o Removes deviations to construction standards for open storage (secure room) areas (formerly para 7?20).

o Updates language addressing security incident reporting and unauthorized disclosure of classified information in the public media (chap 9).

o Removes language on alternate compensatory control measures and refers to AR 380?381 for guidance (throughout).

o Cancels DA Form 455, Mail and Document Register; DA Form 969, Top Secret Document Record, and DA Form 1575, Request for/or Notification of Regrading Action.

Headquarters Department of the Army Washington, DC 22 October 2019

*Army Regulation 380?5

Effective 22 November 2019 Security

Army Information Security Program

Applicability. This regulation applies to the Regular Army, the Army National Guard/Army National Guard of the United States, the U.S. Army Reserve, and DA civilian personnel, unless otherwise stated.

Army internal control process. This regulation contains internal control provisions in accordance with AR 11?2 and identifies key internal controls that must be evaluated (see appendix B).

History. This publication is a major revision.

Summary. This regulation implements the policy set forth in EO 13526 and DODM 5200.01, Volumes 1 through 4. It establishes the policy for classification, downgrading, declassification, and safeguarding of information requiring protection in the interest of national security.

Proponent and exception authority. The proponent of this regulation is the Deputy Chief of Staff, G?2. The proponent has the authority to approve exceptions to this regulation that are consistent with controlling law and regulation. The proponent may delegate this approval authority in writing to a division chief within the proponent agency in the grade of Colonel or the civilian equivalent. Activities may request a waiver to this regulation by providing justification that includes a full analysis of the expected benefits and must include formal review by the activity's senior legal officer. All waiver requests will be endorsed by the commander or senior leader of the requesting activity and forwarded through their higher headquarters to the policy proponent. Refer to AR 25?30 for specific guidance.

Supplementation. Supplementation of this regulation and establishment of command and local forms are prohibited without prior approval by the Deputy Chief of Staff, G?2 (DAMI?CDS), 1000 Army Pentagon, Washington, DC 20310?1000.

Suggested improvements. Users of this regulation are invited to send comments and suggestions for improvements on DA Form 2028 (Recommended Changes to Publications and Blank Forms) directly to the Deputy Chief of Staff, G?2 (DAMI?CDS), 1000 Army Pentagon, Washington, DC 20310?1000.

Distribution. This regulation is available in electronic media only and is intended for the Regular Army, the Army National Guard/Army National Guard of the United States, and the U.S. Army Reserve.

Contents (Listed by paragraph and page number)

Chapter 1 General Provisions and Program Management, page 1

Section I Introduction, page 1 Purpose ? 1?1, page 1 References and forms ? 1?2, page 1 Explanation of abbreviations and terms ? 1?3, page 1 Responsibilities ? 1?4, page 1 Record management (recordkeeping) requirements ? 1?5, page 1

Section II Responsibilities, page 1 Administrative Assistant to the Secretary of the Army ? 1?6, page 1 Deputy Chief of Staff, G?1 ? 1?7, page 1 Deputy Chief of Staff, G?2 ? 1?8, page 1 Commanders of Army commands, Army service component commands, and direct reporting units ? 1?9, page 2 Commanders at all levels ? 1?10, page 2 The security manager ? 1?11, page 3

*This regulation supersedes AR 380-5, dated 29 September 2000, and rescinds DA Form 455, dated 1 July 1962, DA Form 969, dated 1 October 1978, DA

Form 1575, dated 1 September 1977, and DA Form 2962, dated 1 September 1977.

AR 380?5 ? 22 October 2019

i

UNCLASSIFIED

Contents--Continued

Supervisors ? 1?12, page 4 All Army personnel ? 1?13, page 4

Section III Program Management, page 4 Applicability ? 1?14, page 4 General principles ? 1?15, page 4

Section IV Special Types of Information, page 5 Restricted data and/ or formerly restricted data ? 1?16, page 5 Sensitive Compartmented Information, Communications Security information, and Special Access Program infor-

mation ? 1?17, page 5

Section V Exceptional Situations, page 5 Military operations, exercises, and unit deactivations ? 1?18, page 5 Waivers and exceptions to policy ? 1?19, page 6

Section VI Corrective Actions and Sanctions, page 6 General ? 1?20, page 6 Sanctions ? 1?21, page 6 Reporting of security incidents ? 1?22, page 7

Section VII Reports, page 7 Reporting requirements ? 1?23, page 7 Command security inspections ? 1?24, page 7

Chapter 2 Classification, page 7

Section I Classification Principles, page 7 Original versus Derivative classification ? 2?1, page 7 Delegation of authority ? 2?2, page 8 Required training ? 2?3, page 8

Section II Derivative Classification, page 8 Policy ? 2?4, page 8 Accuracy responsibilities ? 2?5, page 8 Required training ? 2?6, page 9

Section III The Original Classification Process, page 9 General ? 2?7, page 9 Classification criteria ? 2?8, page 9 Levels of classification ? 2?9, page 9 Duration of classification ? 2?10, page 10 Reclassification of information declassified and released to the public under proper authority ? 2?11, page 10 Communicating the classification decision ? 2?12, page 10 Compilation ? 2?13, page 10 Acquisition process ? 2?14, page 10 Limitations and prohibitions ? 2?15, page 10

ii

AR 380?5 ? 22 October 2019

Contents--Continued

Section IV Security Classification Guides, page 10 Policy ? 2?16, page 11 Content ? 2?17, page 11 Approval, distribution, and indexing ? 2?18, page 11 Review, revision, and cancellation ? 2?19, page 12

Section V Non-Government Research and Development Information, page 12 Policy ? 2?20, page 12 Nothing ? 2?21, page Error! Bookmark not defined.

Chapter 3 Declassification, Downgrading, Upgrading, and Destruction, page 12

Section I Army Declassification Program, page 12 General ? 3?1, page 13 Special program manager ? 3?2, page 13 Declassification of restricted data and formerly restricted data ? 3?3, page 15 Declassification of other than Army information ? 3?4, page 15

Section II The Automatic Declassification System, page 15 General ? 3?5, page 15 Exemption from automatic declassification ? 3?6, page 15 Marking records exempted from automatic declassification ? 3?7, page 16 Records review guidelines ? 3?8, page 17 Army commands, Army service component commands, direct reporting units requirements ? 3?9, page 17

Section III Mandatory Declassification and Systematic Declassification Reviews, page 18 Mandatory declassification reviews ? 3?10, page 18 Mandatory declassification review appeals ? 3?11, page 18 Systematic declassification reviews ? 3?12, page 18

Section IV Change in the Level of Classification, page 18 General ? 3?13, page 19 Downgrading ? 3?14, page 19 Upgrading ? 3?15, page 19

Section V Classified Material Destruction Standards, page 19 General ? 3?16, page 19 Approved routine methods of destruction ? 3?17, page 19 Technical advice on approved destruction devices and methods ? 3?18, page 20

Chapter 4 Controlled Unclassified Information, page 20 General ? 4?1, page 20

Chapter 5 Access, Control, Safeguarding, and Visits, page 20

Section I Access, page 20

AR 380?5 ? 22 October 2019

iii

Contents--Continued

Responsibilities ? 5?1, page 20 Nondisclosure agreement ? 5?2, page 21 Signing and filing the Nondisclosure agreement ? 5?3, page 21 Refusal to execute the nondisclosure agreement ? 5?4, page 21 Debriefing and termination of classified access ? 5?5, page 21 Access to restricted data, formerly restricted data, and critical nuclear weapon design information ? 5?6, page 22 Access by persons outside the Executive Branch ? 5?7, page 22

Section II Control Measures and Visits, page 23 Responsibilities ? 5?8, page 23 Care during working hours ? 5?9, page 23 End-of-day security checks ? 5?10, page 24 Emergency planning ? 5?11, page 24 Classified discussions ? 5?12, page 25 Removal of classified storage and information technology equipment ? 5?13, page 25 Visits ? 5?14, page 25 Classified meetings and conferences ? 5?15, page 25

Section III Accountability and Administrative Procedures, page 27 Equipment used in Information Technology networks ? 5?16, page 27 Receipt of classified material ? 5?17, page 27 Top Secret information ? 5?18, page 27 Foreign Government Information ? 5?19, page 28 Working papers ? 5?20, page 29 Reproduction of Classified Material ? 5?21, page 29

Section IV Disposition and Destruction of Classified Material, page 30 Policy ? 5?22, page 30 Methods and standards for destruction ? 5?23, page 30 Records of destruction ? 5?24, page 31

Chapter 6 Storage and Physical Security Standards, page 31

Section I General, page 31 Policy ? 6?1, page 31 Physical security policy ? 6?2, page 31

Section II Storage Standards, page 31 Standards for storage equipment ? 6?3, page 31 Storage of classified information ? 6?4, page 31 Procurement of new storage equipment ? 6?5, page 32 Removal of classified information for work at home ? 6?6, page 33 Safeguarding of U.S. classified information located in foreign countries ? 6?7, page 33 Equipment designations and combinations ? 6?8, page 34 Neutralization and Repair of Government Services Agency-approved security containers and vault doors ? 6?9, page 34 Maintenance and operating inspections ? 6?10, page 35 Turn-in or transfer of security equipment ? 6?11, page 35

Section III Physical Security Standards, page 35 General ? 6?12, page 35

iv

AR 380?5 ? 22 October 2019

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download