BY ORDER OF THE SECRETARY AIR FORCE INSTRUCTION 16 …

1 BY ORDER OF THE SECRETARY AIR FORCE INSTRUCTION 16-1404. OF THE AIR FORCE . 29 MAY 2015. Operations Support AIR FORCE INFORMATION. SECURITY PROGRAM. COMPLIANCE WITH THIS PUBLICATION IS MANDATORY. ACCESSIBILITY: Publications and forms are available for downloading or ordering on the e- Publishing website at RELEASABILITY: There are no releasability restrictions on this publication OPR: SAF/AAZ Certified by: SAF/AA. (Ms. Zarodkiewicz). Supersedes: AFI 31-401, 1 November 2005; Pages: 89. AFI 31-406, 29 July 2004. This publication implements Air FORCE Policy Directive (AFPD) 16-14, Security Enterprise Governance; Department of Defense (DoD) Directive , Management of Serious Security Incidents Involving Classified Information, DoD INSTRUCTION (DoDI) , Access and Dissemination of RD and FRD, DoDI , DoD Unclassified Controlled Nuclear Information (UCNI), DoD Manual (DoDM) , DoD Information Security Program, Volume 1, Volume 2, Volume 3, and Volume 4; and DoDM , Instructions for Developing Security Classification Guides.

2 It applies to individuals at all levels who create, handle, or store classified information and CUI, including Air FORCE Reserve, Air National Guard (ANG), and contractors when stated in the contract or DD Form 254, Department of Defense Contract Security Classification Specification, except where noted otherwise. This AFI may be supplemented at any level, but all supplements will be routed to the Office of Primary Responsibility (OPR) prior to certification and approval. Refer recommended changes and questions about this publication to the OPR listed above using the AF Form 847, Recommendation for Change of Publication; route AF Form 847 from the field through the appropriate chain of command. The authorities to waive wing/unit level requirements in this publication are identified with a Tier ( T-0, T-1, T-2, and T-3 ) number following the compliance statement.

3 See AFI 33-360, Publications and Forms Management, Table for a description of the authorities associated with the tier numbers. Submit requests for waivers through the chain of command to the appropriate tier waiver approval authority, or alternately, to the publication OPR for non-tiered compliance items. Ensure that all records created as a result of processes prescribed in this publication are maintained in accordance with Air FORCE Manual (AFMAN) 33-363, Management of Records, and disposed of in accordance with the Air FORCE Records Information Management System (AFRIMS) Records Disposition Schedule (RDS). The 2 AFI16-1404 29 MAY 2015. use of the name or mark of any specific manufacturer, commercial product, commodity, or service in this publication does not imply endorsement by the Air FORCE .

4 SUMMARY OF CHANGES. The publication has been substantially revised and must be completely reviewed. AFI16-1404 29 MAY 2015 3. Chapter 1 PROGRAM OVERVIEW AND ADDITIONAL ROLES AND. RESPONSIBILITIES 7. Air FORCE Security Enterprise.. 7. Information Protection.. 7. Information Protection Oversight.. 7. Information Protection Managers.. 7. Information Protection Implementation.. 8. Air FORCE Information Security.. 8. Other Roles and Responsibilities.. 8. Chapter 2 AIR FORCE INFORMATION SECURITY IMPLEMENTATION 10. Security Program Executives (SPE).. 10. MAJCOM/DRU Director, Information Protection.. 11. MAJCOM/DRU Information Security Specialist.. 11. Wing Commanders.. 12. Wing Chief, Information Protection.. 12. Wing Information Security Specialist.

5 13. Commanders and Directors.. 14. Security Managers.. 17. Chapter 3 CLASSIFICATION, DECLASSIFICATION, AND MANDATORY. DECLASSIFICATION REVIEW (MDR) PROGRAM 18. Classification.. 18. Original Classification.. 18. Tentative Classification.. 20. Derivative Classification.. 20. Declassification and Changes in Classification.. 20. Mandatory Declassification Review (MDR) Program.. 22. Chapter 4 MARKING CLASSIFIED INFORMATION AND CONTROLLED. UNCLASSIFIED INFORMATION (CUI) 26. Classified Information.. 26. Controlled Unclassified Information (CUI).. 28. 4 AFI16-1404 29 MAY 2015. Chapter 5 SAFEGUARDING, storage AND DESTRUCTION, TRANSMISSION. AND TRANSPORTATION OF CLASSIFIED AND CONTROLLED. UNCLASSIFIED INFORMATION (CUI) 29. Safeguarding.. 29. storage and Destruction.

6 31. Transmission and Transportation.. 34. Chapter 6 SECURITY EDUCATION AND TRAINING AWARENESS 36. General Requirement.. 36. Initial Orientation Training.. 36. Special Training Requirements.. 37. Annual Refresher Training.. 37. OCA and Derivative Classifier Training Waivers.. 37. Declassification Authority Training and Certification Program.. 37. Management and Oversight Training.. 37. Chapter 7 SECURITY INCIDENTS INVOLVING CLASSIFIED INFORMATION 40. Introduction.. 40. Reporting and Notifications.. 40. Security Inquires.. 40. Security Investigations.. 43. Security Incident Reporting and Oversight.. 44. Chapter 8 NUCLEAR CLASSIFIED INFORMATION SECURITY (RESTRICTED. DATA (RD), FORMERLY RESTRICTED (FRD), CRITICAL NUCLEAR. WEAPONS DESIGN INFORMATION (CNWDI), AND DOE SIGMA).

7 AND NUCLEAR CUI 45. General.. 45. Restricted Data (RD) Management Official.. 45. The Director, Security, Special Program Oversight, and Information Protection (SAF/AAZ).. 45. The Deputy Chief of Staff, Logistics, Installations and Mission Support (AF/A4).. 45. The Assistant Chief of Staff, Strategic Deterrence & Nuclear Integration (AF/A10) .. 46. Access to FRD.. 46. Access to RD.. 46. AFI16-1404 29 MAY 2015 5. Access to CNWDI.. 47. Access to DOE Sigma Information.. 48. Derivative Classification and Marking of Nuclear Information.. 49. Reciprocity.. 49. Dissemination.. 49. Dissemination Prohibitions.. 49. Protection and Destruction of Nuclear Information.. 49. Declassification of RD and FRD Documents.. 49. Terminating RD/CNWDI Access for Cause.

8 50. CHAPTER 9 NORTH ATLANTIC TREATY ORGANIZATION (NATO). INFORMATION 51. General NATO Information.. 51. NATO Indoctrination Process.. 51. Granting U.. 52. Terminating U.. 52. Access to NATO Information for Citizens of NATO Nations.. 52. Access to NATO Information for non-U.. 52. NATO Security Clearance Certificates.. 53. Use of Coversheets.. 53. storage and U.. 53. Marking, Downgrade/Declassification, Reproduction, Transmission, Destruction of NATO Information.. 53. Chapter 10 AIR FORCE INFORMATION SECURITY PROGRAM SELF- INSPECTION AND OVERSIGHT 54. General.. 54. Frequency.. 54. Execution.. 54. Documentation.. 55. Self-Assessments.. 56. Chapter 11 STANDARD FORM (SF) 311, AGENCY SECURITY CLASSIFICATION. MANAGEMENT PROGRAM DATA 57. General.

9 57. Part A and B.. 57. 6 AFI16-1404 29 MAY 2015. PART C.. 57. Part D.. 58. Parts E, F, and G.. 58. Part H.. 58. Part I.. 59. Attachment 1 GLOSSARY OF REFERENCES AND SUPPORTING INFORMATION 60. Attachment 2 AIR FORCE SECURITY CLASSIFICATION GUIDE TEMPLATE 66. Attachment 3 INSTRUCTIONS FOR COMPLETING DD FORM 2024 82. Attachment 4 CLASSIFIED MEETING/BRIEFING/CONFERENCE CHECKLIST 84. Attachment 5 INSTRUCTIONS FOR COMPLETING DOE FORM 87. Attachment 6 OPERATIONAL VISUAL INSPECTION CHECKLIST 88. AFI16-1404 29 MAY 2015 7. Chapter 1. PROGRAM OVERVIEW AND ADDITIONAL ROLES AND RESPONSIBILITIES. Air FORCE Security Enterprise. AFPD 16-14 defines the Air FORCE Security Enterprise as the organizations, infrastructure, and measures (to include policies, processes, procedures, and products) in place to safeguard AF personnel, information, operations, resources, technologies, facilities, and assets against harm, loss, or hostile acts and influences.

10 Information Protection. Information Protection is a subset of the Air FORCE Security Enterprise. Information Protection consists of a set of three core security disciplines (Personnel, Industrial, and Information Security) used to: Determine military, civilian, and contractor personnel's eligibility to access classified information or occupy a sensitive position (Personnel Security). Ensure the protection of classified information and controlled unclassified information (CUI) released or disclosed to industry in connection with classified contracts (Industrial Security). Protect classified information and CUI that, if subject to unauthorized disclosure, could reasonably be expected to cause damage to national security (Information Security).