NUHOI31-6
NUHOI31-6
20 February 1996
Security
This Headquarters Operating Instruction (HOI) implements AFI31-401, Managing the Information
Security Program. The purpose of this HOI is to provide procedures for reporting possible security
violations, conducting inquiries, and preparing written summaries for security inquiries. It applies to
all personnel assigned to, or performing duties within, Headquarters North American Aerospace
Defense Command (NORAD) or United States Space Command (USSPACECOM), except for
personnel at Cheyenne Mountain Operations Center and the HQ NORAD and USSPACECOM
Combined Intelligence Center.
SUMMARY OF REVISIONS
This HOI reflects the current organizational structure within both headquarters and establishes new
procedures for coordinating written security inquiries.
1. References:
1.1. DOD 5200.1-R, Information Security Program.
1.2. AFI 31-401, Managing the Information Security Program.
1.3. AFP 205-11, Security Manager's Guide.
1.4. AFP 205-22, Conducting Preliminary Inquiries and Formal Investigations.
2. Terms Explained:
2.1. Compromise. A known or probable disclosure of classified information to unauthorized
individuals.
2.2. Security Deviation. A security violation that can't be defined as a compromise.
2.3. Security Violation. A violation of the information security program standards or procedures that
may classify either as a compromise or a security deviation.
3. General. Protecting classified information is one of our top priorities. When a security violation
occurs, it must be determined if classified information has been compromised. If a compromise took
place, the seriousness of damage to United States and/or NORAD interests must be determined and
appropriate measures taken to negate or minimize the adverse effect. If the preliminary inquiry officer
does suspect the incident caused damage to national security, the office of classifiying authority
conducts a separate damage assessment. In some cases, corrective actions need to be addressed
to minimize the likelihood of a reoccurrence.
4. Objectives/Goals:
4.1. Report all security incidents as soon as they are discovered.
4.2. Eliminate the number of security incidents through education.
4.3. Streamline the process for notification, reporting, and coordination.
5. Responsibilities:
5.1. It is everyone's responsibility to safeguard classified material in accordance with applicable
directives.
5.2. Each directorate and special staff office is responsible for training its personnel on safeguarding
classified documents and reporting any possible security deviations, compromises, or incidents.
5.3. The Joint Secretary appoints a preliminary inquiry officer and administers this program.
6. Procedures:
6.1. Anyone who discovers a possible security violation must report it immediately to their directorate
executive officer, security manager (or alternate security manager), and the senior officer in charge.
6.2. The security manager responsible for the area where the possible security violation occurs
performs an initial assesment of the circumstances surrounding the incident and determines whether
a possible security violation occurred relying upon the preliminary report, if any, and the appropriate
security classification guides.
6.2.1. If the incident was caused by an outside agency, the security manager notifies that office of
the situation and verbally reports it to the Joint Secretary.
6.2.2. If it is determined that a security violation occurred, the security manager immediately reports
it to the senior officer in charge, the directorate security manager, the Joint Secretary, and HQ
AFSPC/SPI.
6.2.2.1. The security manager ensures the director is notified and forwards a staff summary sheet
to the Joint Secretary requesting a preliminary inquiry officer be appointed. Use example at
attachment 1.
6.3. The Joint Secretary appoints a preliminary inquiry officer from another directorate but within the
same Command. The preliminary inquiry officer should be equal to, or superior in grade to the
alleged offender whenever possible. The example in attachment 2 will be used.
6.4. The preliminary inquiry officer follows the instructions outlined in the Joint Secretary appointment
letter.
6.5. The concerned directorate takes no administrative or disciplinary actions until the possible
security violation is closed.
6.6. Only the ND or UD may close a preliminary inquiry.
6.6.1. If it is determined there is a loss or compromise of classified information which could be
expected to damage either nation's security or the probability of damage to national security cannot
be discounted, then a formal investigation is usually required.
6.6.2. The Joint Secretary, if necessary, appoints an investigative official. The investigation is
completed within 30 days of appointment.
7. If Communications Security (COMSEC) material is involved, the USSPACECOM COMSEC office
is notified by the CINSEC Responsible Officer (CRO). The inquiry or investigative official coordinates
with the Base COMSEC Manager, 21 CS/SCUCC, on the conduct of the inquiry. Upon completion
of the inquiry or investigation, the violating unit commander forwards findings to the COMSEC
manager.
8. If Sensitive Compartmented Information (SCI) is involved, the USSPACECOM Special Security
Officer (SSO) is notified by the security manager. The SSO or designated representative conducts
the investigation. Upon completion, the SSO forwards the report through SCI channels and briefs the
Joint Secretary.
9. An Air Force Office Special Investigation report cannot substitute for the investigation required by
this operating instruction. It may be used as an exhibit and attached to the report. Prior approval
from AFOSI is necessary before attaching the report.
RODNEY S. LUSEY
Colonel, USA
Joint Secretary
Attachments
1. Example of Request for Appointment of Inquiry Officer
2. Example of Joint Secretary Appointment Letter
| Staff Summary Sheet |
| To | Action | Signature (Surname), Grade, Date | To | Action | Signature (Surname), Grade, Date | ||
|
1 |
JS | APPR | 6 | ||||
|
2 |
7 | ||||||
|
3 |
8 | ||||||
|
4 |
9 | ||||||
|
5 |
1 |
| Grade and Surname of Action Officer | Symbol | Phone | Suspense Date |
| Subject | SSS Date |
| Request for Appointment of Inquiry Officer | 1 Jan 96 |
| Summary
1. PURPOSE: To address whether or not there was a compromise of classified information.
2. DISCUSSION: On 31 Dec 95, at 1000L, Maj Doe, N/SP JX, discovered a document, marked SECRET, on the floor next to the copier machine. Maj Doe secured the document in Safe #3 and reported the incident to Lt Col Black (the senior officer in charge), SMSgt Brown (directorate security manager), and the Joint Secretary.
3. RECOMMENDATION: JS appoint an inquiry officer.
|
| JEFFREY L. SMITH, Captain, USAF XXXX Security Manager |
AF Form 1768, Staff Summary Sheet (Word for Windows Version 6.0) INQUIRY.DOC
QUEST Template Version 3.0 3 October, 1996 1:30 PMEXAMPLE OF JOINT SECRETARY APPOINTMENT LETTER
MEMORANDUM FOR XXXXXXX
ATTENTION: XXXXXXXXXX
FROM: Joint Secretary
SUBJECT: Appointment of Inquiry Officer, Security Inquiry XX-XX
1. In accordance with DoD 5200.1R/AFI 31-401, Chapter 6, you are appointed to conduct a preliminary
security inquiry. This inquiry is your primary duty for the period necessary for completion. The primary
purpose of your inquiry is to determine if there was a compromise of classified information and whether
a formal investigation is required. You are required to categorize the incident as a COMPROMISE or
SECURITY DEVIATION. You will also determine the facts in sufficient detail to support a trend analysis
and recommend procedural changes, training and/or other corrective actions.
2. To support trend analysis and corrective action, the following specific issues must be addressed:
a. Who was responsible for this incident?
b. Is it the first incident or does he or she have a pattern of carelessness?
c. Was the directorate operating instruction adhered to?
d. Does the Director or office chief have an affective training program?
e. Should the individual(s) responsible be given more training?
f. Does the first line supervisor give adequate emphasis to the importance of security?
3. You are instructed to take the following actions:
a. Contact HQ AFSPC/SPI at 4-9919 for a briefing concerning your responsibilities.
b. Contact Judge Advocate at 4-9193 for a briefing.
c. Prepare your report according to the format provided by the Security Police and submit it to JA within
5-workdays after receiving your briefings. Recommendations for disciplinary action will not be included.
d. After receipt of report from JA, obtain coordination from the director's office which had the "lapse"
and then forward it to HQ AFSPC/SPI.
4. If you determine an officer senior to you is wholly or partially responsible for the incident, immediately
contact the Joint Secretary. If you have any questions, contact the Joint Secretary at 4-5996.
RODNEY S. LUSEY
Colonel, USA
Joint Secretary