When Should documents be marked within a SCIF cyber awareness?
Overview: The Cyber Awareness Challenge serves as an annual refresher of security requirements, security best practices, and your security responsibilities. Show
The answers here are current and are contained within three (3) incidents: spillage, Controlled Unclassified Information (CUI), and malicious codes. Whether you have successfully completed the previous version or starting from scratch, these test answers are for you. SpillageWhich of the following does NOT constitute spillage? NOTE: Spillage occurs when information is “spilled” from a higher classification or protection level to a lower classification or protection level. Spillage can be either inadvertent or intentional. Which of the following is NOT an appropriate way to protect against inadvertent spillage? NOTE: Being cognizant of classification markings and labeling practices are good strategies to avoid inadvertent spillage. While it may seem safer, you should NOT use a classified network for unclassified work. Which of the following should you NOT do if you find classified information on the internet? NOTE: Remember that leaked classified or controlled information is still classified or controlled even if it has already been compromised. Do NOT download it or you may create a new case of spillage. Classified data[Incident]: What level of damage to national security can you reasonably expect Top Secret information to cause if disclosed? NOTE: Top Secret information could be expected to cause exceptionally grave damage to national security if disclosed. [Scene]: Which of the following is true about telework? NOTE: You must have permission from your organization to telework. When teleworking, you should always use authorized equipment and software. Insider threat[Alex’s statement]: In addition to avoiding the temptation of greed to betray his country, what should Alex do differently? NOTE: Don’t talk about work outside of your workspace unless it is a specifically designated public meeting environment and is controlled by the event planners. Be careful not to discuss details of your work with people who do not have a need-to-know. [Ellen’s statement]: How many insider threat indicators does Alex demonstrate? NOTE: Alex demonstrates a lot of potential insider threat indicators, including difficult life circumstances, unexplained affluence, and unusual interest in classified information [Mark’s statement]: What should Alex’s colleagues do? NOTE: By reporting Alex’s potential risk indicators, Alex’s colleagues can protect their organization and potentially get Alex the help he needs to navigate his personal problems. Controlled Unclassified Information (CUI)Which of the following is NOT an example of CUI? NOTE: CUI includes, but is not limited to, Controlled Technical Information (CUI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data, and operational information. Which of the following is NOT a correct way to protect CUI? NOTE: CUI may be stored only on authorized systems or approved devices. Physical security[Incident #1]: What should the employee do differently? NOTE: Always remove your CAC and lock your computer before leaving your workstation. [Incident #2]: What should the employee do differently? NOTE: Don’t allow others access or piggyback into secure areas. Always challenge people without proper badges and report suspicious activity. Identity Management✅ Always take your Common Access Card (CAC) when you leave your workstation. Sensitive Compartmented Information (SCI)[Incident #1]: When is it appropriate to have your security badge visible? NOTE: Badges must be visible and displayed above the waist at all times when in the facility. Badges must be removed when leaving the facility. [Incident #2]: What should the owner of this printed SCI do differently? NOTE: Always mark classified information appropriately and retrieve classified documents promptly from the printer. [Incident #3]: What should the participants in this conversation involving SCI do differently? NOTE: Even within SCIF, you cannot assume that everyone present is cleared and has a need-to-know. Assess your surroundings to be sure no one overhears anything they shouldn’t. Removable Media in a SCIF[Evidence]: What portable electronic devices (PEDs) are permitted in a SCIF? NOTE: No personal PEDs are allowed in a SCIF. Government-owned PEDs must be expressly authorized by your agency. [Incident]: What is the response to an incident such as opening an uncontrolled DVD on a computer in a SCIF? NOTE: Classified DVD distribution should be controlled just like any other classified media. If an incident occurs, you must notify your security POC immediately. Malicious code[Prevalence]: Which of the following is an example of malicious code? NOTE: Malicious code can mask itself as a harmless email attachment, downloadable file, or website. In reality, once you select one of these, it typically installs itself without your knowledge. [Damage]: How can malicious code cause damage? NOTE: Malicious code can cause damage by corrupting files, erasing your hard drive, and/or allowing hackers access. [Spread]: How can you avoid downloading malicious code? NOTE: To avoid downloading malicious code, you should avoid accessing website links, buttons, or graphics in email messages or popups. Website use✅ Cookies may pose a security threat, particularly when they save unencrypted personal information. Travel[Incident]: What should Sara do when using publicly available Internet, such as hotel Wi-Fi? NOTE: Use caution when connecting laptops to hotel Internet connections. Use public for free Wi-Fi only with the Government VPN. [Incident]: What is the danger of using public Wi-Fi connections? NOTE: If you are directed to a login page before you can connect by VPN, the risk of malware loading of data compromise is substantially increased. Mobile devices[Incident]: When is it okay to charge a personal mobile device using government-furnished equipment (GFE)? NOTE: Never charge personal mobile devices using GFE nor connect any other USB devices (like a coffer warmer) to GFE. When should you have your security badge visible within a SCIF Cyber Awareness 2022?When is it appropriate to have your security badge visible within a sensitive compartmented information facility (SCIF)? At all times while in the facility. What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)?
What guidelines is available for marking sensitive compartmented information?The guidelines for marking sensitive compartmented information imply specific requirements. One of such requirements is the mandatory usage of color-coded cover sheets and markings for each SCI document. The cover sheet must contain color-coded bars in the upper right-hand corner of the cover page.
What actions should you take when printing classified material within a SCIF cyber awareness?What actions should you take when printing classified material within a Sensitive Compartmented Information Facility (SCIF)? Retrieve classified documents promptly from printers.
How should you Label removable media in a SCIF?How should you label removable media used in a Sensitive Compartmented Information Facility (SCIF)? With the maximum classification, date of creation, point of contact, and Change Management (CM) Control Number.
|