Department of the Army Information Security …

1 army Regulation 380 5 SecurityDepartment ofthe ArmyInformationSecurityProgramHeadquarte rsDepartment of the ArmyWashington, DC29 September 2000 UNCLASSIFIEDSUMMARY of CHANGEAR 380 5 Department of the army Information Security ProgramThis revision--o Emphasizes the responsibilities of Headquarters Department of the army , theCommander, the Command Security Manager, the Supervisor, and the Individual(chap 1).o Updates Information relating to Restricted Data, Formerly Restricted Data,Sensitive Compartmented Information , Communications Security Information ,and Special Access Program Information (chap 1).o Expands and clarifies exceptional situations and waivers (chap 1).o Specifies the process for applying original classification (chap 2).

2 O Removes the declassification statement Originating Officials DeterminationRequired or OADR (para 2-11).o Changes the distribution process for Security classification guides (para 2-18).o Outlines the procedures for challenges to classification (para 2-22).o Updates Information regarding the army Declassification Program (chap 3).o Updates Information relating to the deadline for automatic declassification,adding an additional 18 months (para 3-5).o Gives clearer Information in regards to destruction, declassification,purging, and clearing (chap 3).o Replaces the statement US ONLY with NOFORN (para 4-6).o Updates Warning Notices for printed documents and those on AutomatedInformation Systems (para 4-12).

3 O Lists the obsolete restrictions and control markings (para 4-13).o Outlines the requirements relating to For Official Use Only (FOUO) Information (chap 5).o Replaces the statement Limited Official Use with Sensitive ButUnclassified (para 5-7).o Outlines the requirements relating to Drug Enforcement AdministrationSensitive Information (chap 5).o Outlines the requirements relating to Department of Defense UnclassifiedControlled Nuclear Information (chap 5).o Outlines the requirements relating to sensitive Information and the ComputerSecurity Act of 1987 (chap 5).o Outlines the requirements relating to distribution statements on scientificand technical documents (para 5-24).

4 O Outlines the requirements regarding the SF 312 (Classified InformationNondisclosure Agreement (NDA) (chap 6).o Explains the requirements to access Department of the army classifiedinformation by individuals or agencies outside the Executive Branch (para 6-8).o Adds guidance to the use of speakerphones (para 6-14).o Updates guidance on classified meetings, conferences, and acquisitionmeetings (para 6-18).o Removes the requirement for the Entry/Exit Inspection Program and the Two-Person Integrity Program (para 6-36).o Updates the federal specifications for locks (para 7-4).o Updates procedures for handcarrying of classified material (chap 8).o Outlines requirements for transportation plans (para 8-7).)

5 O Emphasizes annual refresher training requirements for the Security educationprogram (para 9-7).o Rescinds DA Form 2134 ( Security Violation(s) Report) (para 10-3).o Updates Security controls on dissemination and marking of warning notices onintelligence Information to include the latest version of Director of CentralIntelligence Directive 1/7 (app D).o Addresses Security procedures for documents created for and on automatedinformation systems and Internet web-based display (app E).o Updates the Management Control Evaluation Checklist (app F, section I).o Lists and describes the modern army recordkeeping system file numbersassociated with this Regulation (app F, section II).

6 O Updates Information of Special Access Programs (app I).o Updates the abbreviations and terminology lists (glossary).HeadquartersDepartment of the ArmyWashington, DC29 September 2000 SecurityDepartment of the army Information Security Program* army Regulation 380 5 Effective 31 October 2000H i s t o r y . T h i s p u b l i c a t i o n p u b l i s h e s ar e v i s i o n o f t h i s p u b l i c a t i o n . B e c a u s e t h ep u b l i c a t i o n h a s b e e n e x t e n s i v e l y r e v i s e d ,t h e c h a n g e d p o r t i o n s h a v e n o t b e e u m m a r y . T h i s r e g u l a t i o n i m p l e m e n t sthe policy set forth in Executive Order ( ) 12958, Classified National SecurityI n f o r m a t i o n , A p r i l 1 7 , 1 9 9 5 , w i t hamendments, and DOD R, Infor-mation Security Program.

7 It establishesthe policy for classification, downgrading,declassification, and safeguarding of in-formation requiring protection in the inter-est of national This regulation applies toall military and civilian members of theActive army , army National Guard ofthe United States (ARNGUS), and Reserve (USAR) and Departmentof the army (DA) personnel. During mo-bilization, chapters and policies containedin this regulation may be modified by and exception proponent of this regulation is theD e p u t y C h i e f o f S t a f f f o r I n t e l l i g e n c e .The Deputy Chief of Staff for Intelligencehas the authority to approve exceptions tot h i s r e g u l a t i o n t h a t a r e c o n s i s t e n t w i t hc o n t r o l l i n g l a w a n d r e g u l a t i o n , a n d a sstated in this regulation.

8 Paragraph 1 20of this regulation further delineates waiverand exception to policy management control regulation contains management con-trol provisions and identifies key manage-ment controls that must be u p p l e m e n t a t i o n . S u p p l e m e n t a t i o n o fthis regulation is permitted at commandoption, but is not Improvements. Users areinvited to send comments and suggestionso n D A F o r m 2 0 2 8 , R e c o m m e n d e dChanges to Publications and Blank Forms,t h r o u g h c o m m a n d c h a n n e l s t o H Q D AD C S I N T ( D A M I C H ) , 2 5 1 1 J e f f e r s o nDavis Highway, Suite #9300, Arlington,VA 22209 This publication is availa-ble in electronic media only and is in-tended for command levels A, B, C, D,and E for the Active army , the ArmyN a t i o n a l G u a r d , a n d t h e U.

9 S . A r m (Listed by paragraph and page number)Chapter 1 General Provisions and Program Management, page 2 Section IIntroduction, page 1 Purpose 1 1, page 1 References 1 2, page 1 Explanation of abbreviations and terms 1 3, page 1 Section IIResponsibilities, page 1 Secretary of the army 1 4, page 1 Headquarters Department of the army (HQDA) 1 5, page 1 The Commander 1 6, page 2 The Command Security Manager 1 7, page 2 The Supervisor 1 8, page 3*This regulation supersedes AR 380 5, 25 February 1988; AR 380 150, 15 September 1982; AR 381 1, 12 February 1990; DA Pamphlet 380 1, 23 March1990, and rescinds DA Form 2134, Security Violation(s) Report, January 380 5 29 September 2000iUNCLASSIFIEDC ontents ContinuedThe Individual 1 9, page 3 Section IIIP rogram Management, page 4 Applicability definition 1 10, page 4 General principles 1 11, page 4 Legal authority 1 12, page 4 Recordkeeping Requirements 1 13, page 4 Section IVProgram Direction, page 4 Background 1 14, page 4 Information Security Oversight Office Responsibility 1 15, page 5 Section VSpecial Types of Information , page 5 Atomic Energy Information (Restricted Data (RD)/Formerly Restricted Data (FRD))

10 1 16, page 5 Sensitive Compartmented Information , Communications Security Information , and Special Access ProgramsInformation 1 17, page 5 Section VIExceptional Situations, page 5 Military Operations, Exercises, and Unit Deactivations 1 18, page 5 Waivers and Exceptions to Policy 1 19, page 5 Section VIIC orrective Actions and Sanctions, page 6 General 1 20, page 6 Sanctions 1 21, page 6 Reporting of Incidents 1 22, page 6 Section VIIIR eports, page 7 Reporting Requirements 1 23, page 7 Command Security inspections 1 24, page 7 Chapter 2 Classification, page 7 Section IClassification Principles, page 7 Original vs.