2nd qtr cy16

Over the last few years we have been putting out a quarterly newsletter

from the ANG Information Protection and ANG Special Security Offices.

We would now like to introduce the Operations Security and Cybersecurity

Branches to our ANG 2/3/6 Security Division and quarterly newsletters.

Please welcome aboard these 2 branches and we hope you enjoy their

submissions to the newsletters.

Quarterly Journal of Security Information

ISSUE 1, VOLUME 2, April 2016

ANG 2/3/6 SECURITY DIVISION

Information Protection 2

Special Security Office (SS0) 3

Cybersecurity 4

Security Education & Training 5

Operations Security 6-7

Securely Transmitting Sensitive Info 8-9

NGB A2/3/6S Contact Listing 10

INSIDE THIS ISSUE:

NP2 OPM Portal site came on line, 1 April. If you don’t have accounts for all your Security Managers, See

the email that went out on 13 April to submit more account creations. If you have SMs that have gotten

their accounts but cannot get logged in, they will need to email the [email protected]. Currently the

NP2 Helpdesk is taken 4—5 days to reply to tickets.

The new site https://apollo.opm.gov uses your PIV Certificate and Pin off your CAC to login. If the

PIV UPN was not supplied for an account then a username and password was issued. If a username and

password is being used and now you have your PIV Certificate, fill out the NP2 account spreadsheet and

email it to the ANG IP Mailbox to update.

NC4 OPM Portal (old site) will be decommissioned on 19 April 2016!!!!

A great question was brought up a few

weeks ago regarding the requirement for

the Information Protection Office to

properly mark/label all Multi-Function

Devices (MFDs - Printer/Copier/Scanners)

to show whether or not if it was approved

for unclassified or classified reproduction.

That question was…”Is there still a re-

quirement?” For those of you who have

been in this position for some time, you

know of this…for those of you who are

new…you’re probably asking…”is there?”.

Well, a long time ago in an Information

Protection galaxy far, far, away…there

was a requirement, and an inspectable

one at that. But times have changed,

technology has improved and responsibili-

ties have switched hands.

BLUF: There is no longer an IP AFI require-ment for the IPO to mark/label MFDs.

PAGE 2

New NP2 Portal replaces OPM Portal

Is There Still a Requirement?

AN G 2/3/ 6 SEC UR ITY D IVISIO N

Submitted by: Mrs. Christine Watson

Submitted by: SMSgt Robert Vance

For some, you may have noticed your

Communications Flight Information

Assurance personnel have been ask-

ing you to remove them (if you had

them marked to begin with) or soon

they may. Essentially, the responsi-

bilities for marking/labeling have fall-

en to our Comm brethren, where in

all honestly…it should. AFM 33-282,

Computer Security (COMPUSEC),

identifies MFDs as a Peripheral De-

vice, therefore it states: Appropriately

mark and label peripheral devices

according to the highest level of clas-

sification processed or displayed on

the device by either physically mark-

ing or technically configuring to dis-

play the classification banner. Very

simply, you’ll either notice a SF 710

(Unclassified Sticker), SF 707 (Secret

Sticker), the digital display on the

device configured to show the classi-

fication level, or a combination of

both.

Information Protection Office

https://apollo.opm.gov/

NEW! ANG SSO SHAREPOINT SITE ON JWICS

Happy Spring everyone! The ANG SSO office is happy to announce that we have begun development of a

dedicated SharePoint site located on the AF JWICS network. For those of you working on your own site SCIF

and JWICS accreditations, this should be very exciting news for you. Once fully operational the new ANG SSO

JWICS SharePoint site will act as the primary starting point for all references and guidance material you may

need while working on the accreditation processes. The new JWICS SharePoint site is still very early in the

development stages, however we hope to have it completed in its initial design, within the next couple

months.

The new ANG SSO SharePoint can be located on the JWICS network with the following URL: https://

intelshare.intelink.ic.gov/sites/a2-ang-sso/

If you have any questions about the new ANG SSO SharePoint located on the AF JWICS network please con-

tact the ANG SSO office at 612-9636 or you may contact SSgt Kendall Silva at 612-9344.

PAGE 3

Special Security Office


Submitted by: SSgt Kendall Silva

ELIGIBILITY AND ACCESS REQUIREMENTS

The Office of Personnel Management breach put the identities of 21+ million individuals in the hands of

an unauthorized third-party. As a result, the creation of the National Background Investigation Bureau

(NBIB) was created. The NBIB is expected to work closely with the Defense Security Service in ensuring

only individuals who are eligible and meet the prerequisites for being granted a security clearance

receive one.

The ANG SSO is tasked with ensuring that only individuals that require Sensitive Compartmented

Information (SCI) access to perform their daily duties receive access. Therefore, only submit Interim SCI

Requests for individuals that require SCI to effectively carry out the mission. Interim SCI Request required

forms are available on the ANG SSO SharePoint page: https://eis.ang.af.mil/func/intel/A2S/Pages/

default.aspx

Submitted by: MSgt Rodney Hudson

PERIODIC FACILITY PERIMETER CHECKS

Did you know that part of your annual self-inspection requires you to complete a check of your perimeter

walls for gaps, holes, and cracks? Periodic inspections of the perimeter walls and HVAC inspection ports

within the facility should be conducted even after final accreditation is received to ensure the finish work

within the facility remains intact. You should also periodically conduct sound tests on all perimeter doors

to ensure sound attenuation requirements are met. At a MINIMUM, you should be performing these in-

spections once a year in conjunction with your annual self-inspection.

Submitted by: Mr. Kris Gaus

ANG SSO's Newest Addition

Please join us in welcoming Mr. Gregory Bartlett to the ANG SSO Staff! Greg is joining us from the 152nd IS

(Reno, NV) after retiring from the ANG in October 2015. He has over 17 years of experience in the Commu-

nications, Information Systems Security Office, and DCGS mission set and will surely be an asset to our

CISO program working with TSgt Caldwell and SSgt Silva. Welcome Greg!

Submitted by: SMSgt Katie Weisenburg

Q UAR TER L Y JO URN AL OF SEC UR ITY IN FO R MATIO N PAGE 4

CYBER SURETY

Public Key Infrastructure (PKI)

The SIPRNet token facilitates Smart Card Logon, secure e-mail, and access

to secure websites for use on SECRET networks only. SIPRNet Tokens are

issued by Registration Authorities (RAs), Local Registration Authorities

(LRAs) and Trusted Agents (TAs). Due to cost, card stock shortages etc.,

SIPRNet tokens can be reused. All Air National Guard Local Registration

Authorities (LRAs) and Trusted Agents (TAs) are required to review their

Wing’s Out-processing procedures to ensure SIPRNet tokens are collected

from personnel who separate, retire, and PCS.

DIACAP Status: Submitted by: Ms. Priscilla Bates

Recertification is in progress for ALL SIPR Packages and must be submitted on SIPR to CAR.

Recertification SOP has been distributed to all units. Read and start the process! DIACAP Pack-

age ATO will be good until 31 March 2018 once received. SLA is being signed and will be distrib-

uted soon. Please take time to read and become familiar with the required documentation for

RMF. This will help with recertifying your package! RMF Process - DRAFT AFI 33-210 Required

Documentation: CNSSI 1253 Security Categorization & Control Selection for National Security

Systems National Security Institute of Technology & Standards (NIST) SP 800-60, Guide for Map-

ping Types of Information and Information to Security Categories DoDI 8510.01 Risk Manage-

ment Framework (RMF) for DoD Information Technology (IT) NIST SP 800-53r4 Assessing Security

and Privacy Controls in federal Information Systems and Organizations AFI 33-115 Network Oper-

ations AFI 33-141 Portfolio Management.

Submitted by: Mrs. Jacqueline Parker-O’Malley

Submitted by: Mrs. Christine A Watson

VO L UME 1, ISSUE 1

This years training is being held at the MS CRTC in Gulfport MS, June 20—24. The 20th and 24

are official travel days.

Please make sure to sign up for each break out (limited to 25 per topic) and supply flight infor-

mation for car pooling. Go to the ANG IP SharePoint site, https://cs3.eis.af.mil/sites/26493/

default.aspx. In the _6. CIP Workshops - CIP Training 2016 folder you will find the Topic break

out schedule and Flight information spreadsheets.

Remember to get with your Base Training Office to register/reserve your seat, Course name:

ANGC CIP.

Course is SD Funded for Military and Unit funded for Civilians. We will do one SF 182 for all civil-

ians attending,

Welcome, Reporting Letter will be out in the next couple of weeks.

PAGE 5

2016 FDO Courses

2016 CIP Course

There will be 2 FDO courses held in May this

year. Both will be at the 169 FW Eastover SC.

Dates are

May 3 - 5 2016, 0800 - 1600

Travel Days: May 2 and May 6th.

May 24-26 2016, 0800 - 1600

Travel Days: May 23 and May 27th

Course Name in TEAMS: ANGC FDO/FDR

Get with your Base Training office to register.

We are working on a 3rd course to be held on

the West Coast, More to come in the future

on this!!!

Security Education and Training

Hotel registration for the FDO courses:

Hotel Name: Hampton Inn & Suites Colum-

bia/Southeast-Ft. Jackson

Hotel Address: 201 East Exchange

Boulevard, Columbia, South Carolina 29209

Phone Number: 8032173999

Must register by 2 April 2016

Group Name: Swampfox 1

Group Code: SFX

Check-in: 02-MAY-2016

Check-out: 06-MAY-2016

Must register by 2 May 2016

Group Name: Swampfox 2

Group Code: SF2

Check-in: 23-MAY-2016

Check-out: 27-MAY-2016

Submitted by: Mrs. Christine A Watson

Greetings OPSEC PMs and Information Security Professionals

WHO I AM

For those that may not know me, My name is Mr. Daniel (Dan) Tyler and I’m the

OPSEC PM for the Air National Guard. I was recently moved from NGB/A3C, Cyber

Operations to the new NGB/A2/3/6S under Mr. Tommy Bertrand, Security Pro-

gram Executive of the ANG Information Protection Office, Special Security Offices,

Cyber Security, OPSEC & FDO. I’ve been serving the Department of the Air Force

for since 1982 with 22 years active duty service, 2 years as a civilian contractor,

and 10 years as a government civilian. I’ve been working at the ANG Readiness

Center in those 3 capacities since 2002. As the ANG OPSEC PM, my motto has

always been: Sampson slew 10,000 Philistines with the jawbone of an ass; OPSEC

is jeopardized with the same weapon! Practice good OPSEC!


OFFICIAL OPSEC LOGO

Air Force OPSEC Professionals; the Air Force released

the official AF OPSEC Logo in color and monochrome for

your official OPSEC use. Please be sure to follow Air

Force rules when using official AF logos.

I want to thank my wing OPSEC PM’s for providing input to the OPSEC Program Executive Data Call; we

received a 95.5 response rate and based on your input, we are formulating a proper course of action in

regards to the AF Signature Management and Base Profiling Process requirements, IAW AFI 10-701

and the ANG Sup.

ANG OPSEC PROGRAM EXECUTIVE DATA CALL

Operation Security (OPSEC) Office

Submitted by: Mr. Daniel Tyler



Q UAR TER L Y JO URN AL OF SEC UR ITY IN FO R MATIO N PAGE 7

YOUR PERSONAL INFORMATION HAS BEEN HACKED! That sentence can cause chills to run

down your spine; but it’s exactly what

happened to most if not all military,

civilian, and contractor personnel affil-

iated with the Department of Defense.

With over 21.5 million individuals im-

pacted, the odds are 99.9% that your

information has been compromised;

this includes 19.7 million individuals

that applied for a background investi-

gation, and 1.8 million non-applicants,

primarily spouses or co-habitants of

applicants. I'm sure everyone reading

this newsletter is aware that there

were two separate but related cyber-

security incidents that have impacted

the private data of Federal govern-

ment employees, contractors, and

others. By now you should have been

officially notified by OPM. For back-

ground information on these inci-

dents, go to https://www.opm.gov/

cybersecurity/cybersecurity-incidents/

Since DSET Software has been in-

corporated into Outlook, OPSEC, PII,

and FOUO violations have de-

creased by almost 90% by ensuring

messages are signed, encrypted,

and properly marked prior to leaving

the e-mail server. After you have

written an e-mail message that may

to contain either PII or FOUO infor-

mation, if you haven’t already

clicked on one of these buttons and

hit Send, DESET runs a scan of your

message text and any included at-

tachments to identify if there’s po-

tentially any PII and or FOUO infor-

mation that requires additional pro-

tections. If the scan identifies infor-

mation or attachments that requires

additional protection, one of two

pop up boxes comes up; (Digital

Signature Enforcement Tool – Po-

tential PII Alert) or (Digital Signature

Enforcement Tool – FOUO Warning).

This decision box provides you

choices to review the potential PII or

Because of these breaches,

OPM has partnered with MyID-

care to provide you with 3

years of complimentary identity

protection service that include

Identity monitoring, Credit

monitoring, identity restoration

services, and Identity theft in-

surance. You should have also

received a notification letter

and PIN from OPM in order to

sign up for these protection

services. If you received offi-

cial OPM notification and a

notification letter and PIN from

OPM, or you think you may

have been impacted but have

not received a letter, go to

https://www.opm.gov/

cybersecurity to sign up for

services or to verify if you were

impacted. At this time, there is

no information to suggest misuse of

the information that was stolen

from OPM's systems. They continue

to investigate and monitor the situa-

tion.

If you have not yet taken advantage

of the complimentary MyIDcare

identity protection services, your

compromised information continues

to be at risk. Don’t wait until you

become a victim; your information

continues to be at risk as long as

it’s unprotected. If you have not

taken advantage of MyIDcare be-

cause you already pay for Identity

protection services from another

company, taking advantage of

MyIDcare in addition to your other

Identity protection service will only

increase your Identity Protection.

FOUO information. At this point,

“YOU” are the last line of defense,

This is where you click on the

proper box in order to protect PII

or FOUO information before send-

ing . The proper DoD markings

will appear and the Encrypt, Sign,

and either the PII or FOUO but-

tons will be highlighted and your

message will be sent.

After completing this step if your

e-mail identifies that your recipi-

ent or recipients won’t be able to

receive your message because

their digital signature has not

been verified, or your sending to

an organizational e-mail account

that hasn’t been set up to receive

encrypted messages; don’t just

hit the send unencrypted button

because it’s more convenient.

You have the responsibility to pro-

tect FOUO and PII information.

There are other ways to securely

transmit sensitive information. See

pages 8 and 9 of this newsletter

for the Securely Transmitting Sen-

sitve Information Smart Card.

Please provide the widest dissemi-

nation of this smart card . using

the attached smart card which pro-

vides alternative methods of trans-

mitting information that requires

protection.

Bottom line, after writing an e-mail,

take the time to ensure its properly

protected marked, even if your

message or attachments don’t

contain PII or FOUO information,

always click Encrypt and Sign prior

to sending or set Encrypt and Sign

as your default settings. Don’t pro-

vide the adversary with infor-

mation that can be used against

us. Think OPSEC!!

SECURELY TRANSMITTING SENSITIVE INFORMATION Submitted by: Mr. Daniel Tyler


VO L UME 1, ISSUE 1

PAGE 9

NGB A2/3/6S Contact Listings

ANG Security Program Executive: Mr. Tommy Bertrand DSN: 612-8391

ANG IP

General Office Number: DSN: 612-7287, Commercial: (240) 612-7287

[email protected]

Chief, ANG IP: Ms. Toni Kirk DSN: 612-8050

ANG Information Security Program Manager: Mrs. Christine Watson DSN: 612-7804

ANG Foreign Disclosure Program Manager: Mrs. Christine Watson DSN: 612-7804

Industrial Security Manager: SMSgt Robert Vance DSN: 612-9420

Personnel Support Staff: TSgt Rodney Baltrip DSN: 612-7287

ANG SSO


[email protected]

Chief, ANG SSO: Mr. Scott Johnson DSN: 612-9340

Physical Security Specialist: Mr. Kris Gaus DSN: 612-9341

Manager, ANG SSO: SMSgt Katie Weisenburg DSN: 612-7615

NCOIC, SCI Personnel Security: MSgt Rodney Hudson DSN: 612-8426

NCOIC, Command CISO: TSgt Rachel Caldwell DSN: 612-9342

Assistant NCOIC, Command CISO: SSgt Kendall Silva DSN: 612-9433

Information Systems Security Analysis Mr. Gregory Bartlett DSN: 612-7710

ANGRC IP


[email protected]

Chief, Information Protection/FDO Support: SMSgt Robert Vance DSN: 612-9420

Enterprise Security Specialist: MSgt Naira Reyes DSN: 612-8797

ANG SM/OPSEC PM

Chief, ANG SM/OPSEC Mr. Daniel Tyler DSN: 612-9279

ANG CYBER SURETY

Chief, ANG Cyber Surety Mr. Gary Gillepie DSN: 612-8025

IT INFOSEC Specialist Mrs. Jacqueline Parker O’Malley DSN: 612-8580

IT INFOSEC Specialist Ms. Priscilla Bates DSN: 612-7857

IT INFOSEC Specialist Mrs. Latasha Beckles DSN: 612-8203

IT INFOSEC Specialist Mr. Lloyd Goodwin DSN: 612-9550

IT INFOSEC Specialist Mrs. Jamie Downing DSN: 612-7853

Cyber Surety/IA FAM MSgt Richard Hays DSN: 612-8201

2nd qtr cy16

Documents