Classified Matter Protection and Control (CMPC)
HQ Classified Matter Protection and Control Program, 301-903-9990
- Classified information and matter that is generated, received, transmitted, used, stored, reproduced, or destroyed must be properly protected and controlled.
- Graded Approach to Protection . When developing and implementing protection and control
programs, the level of effort and magnitude of resources expended for the protection of a
particular safeguards and security interest should be commensurate with its importance or the
effect of the loss, theft, compromise, and/or unauthorized use. Interests whose loss, theft,
compromise, and/or unauthorized use would have serious impacts on National security and/or the
health and safety of DOE and contractor employees, the public, the environment, and/or DOE or
other Government programs must be given the highest level of protection. Protection measures
for other safeguards and security interests are graded accordingly
- Classification level, category and other information attributes must be utilized to determine the
degree of protection and control required to prevent unauthorized access to classified information
- Three Classification Levels – Top Secret, Secret, and Confidential.
- Three Classification Categories – Restricted Data, Formerly Restricted Data, and National Security Information.
- Controls must be established to prevent, deter, and detect unauthorized access to classified matter.
- Buildings and rooms containing classified matter must provide the security measures necessary to deter unauthorized persons from gaining access to classified matter; specifically, security measures that prevent unauthorized physical, visual and/or aural access.
- Custodians and authorized users of classified matter are responsible for protecting classified information and classified matter.
- When not in use, classified matter must be stored in an approved security container, vault, or vault-type room (VTR). All must be kept locked when not under direct supervision of an authorized/cleared individual.
- A check system must be established to ensure that classified matter has been properly stored and that security containers, vaults, and VTRs have been secured at the end of day or shift. Security Container Check Sheets (SF-702s) must be annotated each business day to record openings/closings and end-of-day checks.
Additionally, Activity Security Check Lists (SF 701s) or an equivalent form must be used as a means of checking end-of-day activities for a particular work area wherein classified activities are authorized.
- Classified matter must be processed, handled, or stored in security areas providing protection measures equal to or greater than those in a Limited Area. Appropriate physical security and access control measures must be applied to each area or building within a security area where classified matter is handled or processed.
- Classified information may be disclosed only to individuals who have the appropriate access authorization for the level and category of information involved, all required formal access approval(s), and a legitimate need-to-know.
- Need-to-Know is a determination made by an authorized holder of classified or unclassified controlled information that a prospective recipient requires access to specific classified or unclassified controlled information in order to perform or assist in a lawful and authorized Governmental function.
- Line management must designate in writing the individuals within their organization who are authorized to approve employees to hand-carry or escort classified matter. Stringent requirements including contingency plans must be met before approval to hand carry classified matter may be granted.
- The removal of classified matter from approved facilities to private residences or other unapproved places (e.g., hotel or motel) is prohibited.
- Classified Document Control Stations are established and used to prevent unauthorized access to or removal of classified information.
- Accountability systems for classified matter must be established to provide a system of procedures that provide an audit trail through the use of a verifiable inventory and the establishment of a custodial chain.
- Accountable matter includes Top Secret matter; any matter that requires accountability because of national, international, or programmatic requirements such as NATO ATOMAL, designated UK documents, other FGI designated in international agreements; designated classified computer equipment and media supporting NEST and ARG; national requirements such as cryptography and designated COMSEC material; designated SAPs; and Sigma 14 matter.
- Classified removable electronic media (CREM) containing Secret/Restricted Data or higher classification is accountable CREM, or ACREM. There are stringent storage, reproduction and inventory requirements for ACREM.
- Detailed requirements for marking, accountability and control systems, reproduction, receipt, transmission, and destruction are contained in the Headquarters Facilities Master Security Plan.
- All personnel whose responsibilities include generation, handling, using, storing, reproducing, transmitting, and/or destroying classified matter must receive CMPC training and/or briefings, commensurate with these responsibilities, prior to receiving access to classified matter, and refresher training and/or briefings to ensure that such matter is not lost or compromised.