THE APEX SPECIAL ACCESS CONTROL SYSTEM A SECURITY MANUAL FOR INDUSTRY

Approved For Release 2005/07/12 : CIA-RDP85T00788R0001000400%fjdential lqq Director of Central Intelligence The APEX Special Access Control System A Security Manual for Industry Confidential April 1980 r Copy) rc:, Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 National Security Unauthorized Disclosure Information Subject to Criminal Sanctions Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 April 1980 An effective date for beginning the use of the APEX Special Access System has not yet been established. This manual is available now-before the start date-in order to allow you to study it, ask questions about its content, and understand what you must do when a firm date for the initiation of the APEX system is established. You will be told when to start to use the manual by your normal chain of command. Questions about the content of this manual may be directed to the nearest control or security officer for whatever existing SCI system governs your working area or your current access to compartmented intelligence. The above information is Unclassified. Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 Confidential This manual sets forth the US Government's procedures for safeguarding extra sensitive materials in industry. As such, it merits and warrants the overall classification of CONFIDENTIAL in its totality. Individual paragraphs may be excised for use at the unclassified level. Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040O1#149ntial Introduction I Organizational Structure I Description of System 3 General 3 Access to APEX Special Access Control System 3 Revalidation of Access 3 Access Approvals 4 Responsibilities of Contractor APEX Control and Security Officers 4 Basic Duties/ Responsibilities of Contractor APEX Control Officers 4 Basic Duties/ Responsibilities of Contractor APEX Security Officers 5 Security Standards for Access Aproval 5 Need-To-Know Policy 5 Personnel Security Standards 6 Reinvestigations 6 Changes in Personal Status 7 Contacts or Association With and Marriages To Foreign Nationals 7 Factors Governing Contractor Access 9 Factors Considered in Selection of Contractor Firms 9 Types of Access 9 Physical Security 12 Construction and Protection Standards 12 Accreditation of CACFs 12 Inspections 12 Colocation Within Facilities 12 Emergency Destruction and Evacuation Planning 13 Personnel Access Controls 13 Two-Person Rule 13 Technical Security 14 Technical Security Countermeasures Inspections 14 Computer Security 14 0 Compromising Emanations Control (TEMPEST Security) 14 Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Confidential Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 Access Approval Certifications 14 Visits to/by Contractors 14 Information Updates 15 Security Classification and Control Guidelines 15 Decompartmentation Sanitization 15 Control Standards and Procedures 16 Labeling 16 Pouching and Transmittal Requirements 18 Reproduction 21 Accountability 21 Procedures for Control of Specialized Hard Copy Documents 22 Automatic Data Processing 22 Film/ Photographic Materials 22 Raw Data 23 Security Violations/Compromises 23 Responsibility to Report 23 Investigative Responsibility 24 Security Education 24 Continuing Security Programs 26 Glossary 27 Enclosure I - Sample Cover Sheets 33 Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R0001000408iiItial S The APEX Special Access Control System 1. This manual describes the Special Access Control System known as APEX. The system was established to control and protect the Special Access programs within the category of national security information called National Foreign Intelligence. (u) 2. This manual will serve as the basic guide for the control of APEX material in industrial facilities. Existing directives and regulations governing the protection and control of Sensitive Compartmented Information (SCI) will be superseded or revised, if necessary, to be in accordance with this manual. The manual is not, however, intended to intrude on the activity of Senior Intelligence Officers (SIOs) of the Intelligence Community, who will continue to prescribe basic direction and classification guidance consistent with this manual. (u) 0 3. Contractors and consultants dealing with participating government agencies or departments will be furnished only that information which is essential to the fulfillment of contractual obligations. This manual will serve as the principal operating directive for the conduct of APEX activities within industry. (u) Organizational Structure 4. Senior Intelligence Officers of the Intelligence Community, program managers, government contracting officers, and industrial contractors authorized access to APEX materials are responsible for enforcing the policy and implementing the procedures outlined in this manual. Whenever the term SIO is used in this manual, it means the SIO or his/her designated representative unless it is specifically stated that the responsibility must personally be performed by the SIO. (u) 5. To fulfill their responsibilities, government officials may provide, as necessary, additional implementing guidance to contractors under their cognizance as long as such guidance does not conflict with the provisions of this manual. Copies of such directives will be provided to the APEX Steering Group. (u) ? Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Confidential Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 0 6. Although the government and industrial officials specified above must have the overall responsibility for policy compliance and implementa- tion of pertinent procedures, adherence to the security and control procedures outlined in this manual is also the personal responsibility of each person indoctrinated into the APEX Special Access Control System. (u) 7. To assist in carrying out the precepts dictated by the APEX Special Access Control System, the cognizant government security official will appoint or cause to be appointed Contractor APEX Control Officers (CACOs) and Contractor APEX Security Officers (CASOs), with alternates, to administer the system within contracting firms. CACOs and CASOs shall be appointed at the appropriate management echelon to ensure executive-level support within each firm. Their responsibility is to actively administer the APEX system within their firms and to ensure full compliance with the provisions of this manual and any subsequent supplemental APEX directives that may be issued. It is preferable that the CACO and CASO positions not be held by the same individual unless management, operational, and organiza- tional considerations clearly dictate otherwise. (u) 8. SIOs are responsible for the establishment, accreditation, and annual inspection of Contractor APEX Control Facilities (CACFs) within industry for the control, storage, and use of APEX materials. These facilities will be consolidated or decentralized within industrial firms, depending on joint security-management concerns. Government guid- ance and assistance should be solicited prior to construction of a CACF. (u) 9. All APEX information will be transmitted and maintained within the APEX Special Access Control System. Compartmentation within the system will be denoted by the use of terms identifying categories of product information (e.g., COMINT, HUMINT, IMAGERY, TECHNICAL) and by project codewords which refer to collection activities. (u) 0 Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12: CIA-RDP85TO0788RO0010004KRt1Rntial Description of System 10. The APEX apparatus provides a single system for controlling access to, and distribution and protection of, selected intelligence information and collection programs requiring extra security measures. Within this unified system there are distinct means of controlling access to operational data, as well as access to generic sources of intelligence information and to finished product. (u) Access to APEX 11. There are three basic requirements for individual access to the APEX Special Access Special Access Control System: Control System A. Certification by the SIO of a need-to-know for specific aspects of the system. In the case of access to operational projects, a nominee's need-to-know must be validated by the SIO and have the approval of the operational Program Manager or director. B. Favorable adjudication by the SIO of the appropriate Government Sponsor that the nominee meets uniform personnel security criteria and investigative requirements set forth in this manual and DCID 1/14. C. Security indoctrination and execution of a nondisclosure agreement as a condition of access to APEX material. The security indoctrination will provide the individual with prescribed information so that he or she will know what is to be protected, his or her responsibilities in doing so, and general information about the APEX system. If additional access approvals are required, the processing steps enumerated above will be repeated. Upon indoctrination for any access to APEX material, the completed indoctrination agreement will be forwarded to the US Government Sponsor. (u) Revalidation 12. It is the responsibility of each US Government Sponsor to maintain a of Access continuous review of access approvals to ensure that only those contractor personnel with documented need-to-know have access at any time. In addition, in January of each year, SIOs and the DCI will review all extant approvals under their cognizance and revalidate need-to-know requirements. Those accesses no longer required will be formally terminated. (u) Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 Termination 13. When it has been determined that certain accesses are no longer required, each individual concerned will be notified that his/her access to specific types of information is being terminated. At that time, each individual will be required to account for and surrender all APEX materials. The responsible SIO will be notified of all terminations of access. (u) 14. When an individual leaves one firm to join another, he/she will be debriefed from all APEX accesses. (u) Access Approvals 15. To control access to information within the APEX Special Access Control System, SIOs will provide only those access approvals required to fulfill the needs of the contract(s). (u) Responsibilities of Contractor APEX Control and Security Officers Basic Duties/ 16. Contractor APEX Control Officers are to administer the APEX Responsibilities Special Access Control System within their firms and will: of Contractor APEX Control A. Ensure that APEX materials are accounted for, controlled, Officers disseminated, destroyed, packaged, and otherwise safeguarded in accordance with provisions of this manual. B. Act as the control point within a Contractor APEX Control Facility for receiving and dispatching APEX materials via electrical, courier, or other means approved for the transmission of APEX materials. C. Complete and return to the sender receipts attached to APEX documents received. Ensure that all outgoing materials have properly prepared receipts and send tracers as required for receipts not returned. D. Ensure that APEX materials are disseminated only to those persons properly indoctrinated and having a need-to-know. E. Provide advice and guidance on the proper classification levels, codewords, and caveats within the APEX Special Access Control System. F. Perform such other duties as might be required. (u) Confidential 4 Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R0001000NRRAeiRtial Basic Duties/ 17. Contractor APEX Security Officers are responsible for all security Responsibilities aspects of the APEX Access Control System within their firms and of Contractor will: APEX Security Officers A. Coordinate and receive prior approval for accreditation and establishment of APEX control facilities. B. Maintain current listings of all APEX-accessed individuals within their jurisdiction, and which APEX contract(s) they support. C. Process all APEX access approval requests for personnel within their jurisdiction. D. When authorized conduct required security indoctrinations and debriefings of personnel approved for APEX access and obtain signed Nondisclosure and Termination Secrecy Reminders as necessary. E. Conduct reindoctrinations on a periodic basis, not to exceed two- year intervals. F. Ensure periodic security inspections of Contractor APEX Control Facilities under their jurisdiction: submit a report of this inspection, with any recommendations for corrective action, to the accrediting official, and conduct followup action on recommended corrective measures. G. Ensure investigation of any possible security infractions involving APEX information under their jurisdiction to determine if a compro- mise has occurred, make appropriate recommendations, and prepare required reports. These reports will be forwarded as soon as feasible to the responsible SIO. H. Notify responsible SIOs of all additions and deletions of access approvals within the APEX system on a timely basis. 1. Perform such other duties as might be required. (u) Security Standards for Access Approval Need-to-Know 18. Access to the APEX Special Access Control System is governed by the Policy need-to-know policy in conjunction with approval criteria established in this manual. The need-to-know policy is defined as that determina- tion made by competent approving authority which attests to the bona Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 fide need for access in order to perform official duties on behalf of the US Government. Need-to-know approval rests with the responsible SIO.(u) Personnel Security 19. Criteria for security approval of an individual on a need-to-know basis Standards for access to the APEX Special Access Control System are as follows: A. The individual shall be stable, of excellent character and discretion, and of unquestioned loyalty to the United States. B. Except where there is a compelling need and a determination has been made by competent authority as described below that every reasonable assurance has been obtained that under the circumstances the security risk is negligible: (1) Both the individual and the members of his/her immediate family shall be citizens of the United States. For these purposes "immediate family" is defined as including the individual's spouse, parents, brothers, sisters, and children. (2) The members of the individual's immediate family and persons to whom he/she is bound by affection or obligation should neither be subject to physical, mental, or other forms of duress by a foreign power, nor advocate the use of force or violence to overthrow the Government of the United States or the alteration of the form of Government of the United States by unconstitutional means. (u) 20. Prior to security approval and indoctrination of an individual into the APEX Special Access Control System, the nominee must have a complete background investigation and meet the additional provisions of DCID 1 / 14 which specifies the investigative and personnel security criteria for access to sensitive compartmented information. (u) Reinvestigations 21. Programs will be instituted requiring the periodic reinvestigation of personnel provided access to APEX information in accordance with DCID 1/ 14. These reinvestigations will be conducted on a five-year recurrent basis under normal circumstances, but on a more frequent basis where the individual has shown some questionable behavioral pattern, where his/her activities are otherwise suspect, or when deemed necessary by the SIO concerned. (u) Confidential 6 Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R0001000 }(}il&e%tial Changes in Personal 22. Responsible officials must take into consideration any change in Status personal status that may have a bearing on the continuing eligibility of individuals approved for access to APEX material. Name changes (resulting from marriage, divorce, or court decree) must be reported to the appropriate US Government ACO/ASO. (u) Contacts or Asso- 23. A close, continuing personal association with a foreign national is a ciations With and matter of APEX security concern if it is characterized by ties of Marriages To Foreign kinship, affection, or obligation. APEX-indoctrinated personnel must Nationals protect themselves against cultivation and possible exploitation by foreign nationals who are or may be working for foreign intelligence services and to whom they might even unwittingly provide APEX classified information. The following types of relationships must be reported to the cognizant US Government Sponsor through the Contractor APEX Security Officers: A. All nonofficial contacts with citizens or representatives of Communist-controlled countries, no matter how brief or apparently trivial the contacts may be. B. Close and continuing or any regular, frequent nonofficial contact with any other foreign national. (u) 24. Casual, inadvertent, or irregular contacts which arise from normal living and working in a community need not be reported. However, if the person with whom the casual contact occurs shows undue interest in employment, assignment, and so forth, then the contact must be promptly reported. Whenever any doubt exists about whether a situation should be reported or made a matter of record, the individual should promptly make a report to the cognizant US Government Sponsor through the Contractor APEX Security Officer. Failure to report such contact may result in withdrawal of access to APEX material. (u) 25. APEX-approved individuals who contemplate marriage to a foreign national must report such plans to their APEX Security Officer along with, at a minimum, basic biographic details about the intended spouse and his/her immediate family (name, date and place of birth, country of origin and current citizenship, current residence, present occupa- tion, and any present or former employment on behalf of any foreign government). A security evaluation will be undertaken by the cognizant SIO in accord with DCID 1/ 14 before there is any determination that a waiver of standards might be made to continue the approved person in APEX-indoctrinated status. (u) Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 Travel Restrictions 26. Unofficial Travel. Persons granted authorization for access to certain categories of extremely sensitive information on foreign intelligence sources and methods protected by the APEX Special Access Control System incur a special security obligation and are to be alerted by their Contractor APEX Security Officer to risks associated with unofficial visits to, or travel through, certain designated countries (DCID 1/20). The Contractor APEX Security Officer concerned should advise that unofficial travel in those countries without cognizant SIO official approval may result in the withdrawal of approval for continued access to APEX information for persons with specific and extensive knowledge of extremely sensitive information on foreign intelligence sources and methods. (u) 27. The CACO/CASO shall advise all persons having access to APEX information who plan unofficial travel to or through designated countries that they must: A. Give advance notice of such planned travel to the CASO. B. Obtain a defensive security briefing from a Contractor APEX Security Officer before traveling to such countries. C. Contact immediately the nearest US consular, attache, or embassy official if they are detained or subjected to significant harassment or provocation while traveling. D. Report upon return from travel, to the cognizant US Government Sponsor through their Contractor APEX Security Officer, any incidents of potential security concern that occurred during the trip. (u) 28. Official Assignment/ Travel. No person with access to APEX infor- mation will be assigned to or directed to participate in hazardous activities (as defined in DCID 1/20) until he/she has been afforded a defensive security briefing and/or risk-of-capture briefing as applica- ble. (u) 29. Individuals With Previous Access. Persons whose access to APEX information is being terminated will be officially reminded of the risks associated with hazardous activities as defined herein and of their obligation to ensure protection of APEX. (u) Confidential 8 Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R00010004OMt'1&ntial Factors Governing Contractor Access Factors Considered in 30. The past record of a contractor or consultant in properly safeguarding Selection of Contractor material will be taken into account when making contractor selections Firms for work on APEX-related activities. In this regard, when an APEX facility is established in industry, the responsible government APEX Security Officer will closely monitor and inspect its activities to ensure that APEX procedures are followed completely and that APEX materials are properly segregated from other classified or unclassified materials of the contractor. (u) Restrictions on Access 31. Contractor companies under foreign ownership, control, or influence will generally be ineligible for access to APEX activities and information. However, a waiver of this provision may be granted, after review by the responsible SIO, if the following conditions apply: the foreign ownership, control, or influence does not involve a Communist- controlled country; the foreign interests own less than 5 percent of the contractor's voting stock; and such minority holdings do not enable the foreign interest to control the appointment and tenure of the contractor's APEX-approved managing officials. Before a waiver is granted, provision must be made to ensure that security safeguards exist to prevent disclosure of APEX-controlled information to any non- US owners and managing officials. Should foreign ownership increase beyond 5 percent during the course of a contract, a review of the contractor's eligibility for continued access will be made. (u) Types of Access 32. Within the APEX Special Access Control System, there are various types of access in industry. These types of access are identified as: APEX-GENERAL; APEX (Operational); APEX-ALPHA (Oper- ational Subcompartment); and APEX (Product). (u) 33. The Security criteria for indoctrination are the same for all categories in that all must be in accord with the APEX security access standards of this manual and DCID 1/ 14 and must withstand strict need-to- know tests. (u) Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 34. The extent of indoctrination for the various categories is as follows: A. Administrative Access Approval. Personnel who do not require substantive access to individual APEX compartments, but who require physical access to APEX-accredited areas or who administratively process APEX materials, will be given an administrative access called APEX-GENERAL. The APEX-GENERAL access may be given in two phases: (1) Phase I accesses will accommodate those personnel who must have physical access to APEX areas but who do not need to see or process clear text APEX materials. Guards, couriers carrying APEX materials in sealed pouches, technical person- nel such as switching center and computer technicians, are examples of types of personnel who might require Phase I access. (2) Phase II accesses will accommodate those personnel who process substantive clear text APEX materials in an adminis- trative capacity. Examples of such personnel include secre- taries, distribution personnel, communications center and ADP output device operators, and document control personnel. (u) 35. Persons indoctrinated for APEX-GENERAL access will be instructed that their industrial firm has a contract or contracts with US Government entities but may not necessarily be told of the specific departments or agencies. They will not be briefed on details of operational programs. They will be instructed in the rules for protecting classified materials, in its proper storage, transport, and destruction, and in the need for it to be disseminated only to appropriately indoctrinated individuals. (u) 36. The Phase I and Phase II briefings will be identical, except that those briefed for Phase II will be advised of the specific codeword relating to the particular project in which they and their firm participate. (u) 37. APEX (Operational Codeword) - Phase I. This level of access is intended for industrial contractors whose personnel need to know about specific operational parameters but have no need to know all aspects of the activity. Included within the Phase I briefing would be the general purpose of the activity, those technical details which are necessary to accomplish that portion of the engineering design, development, fabrication, or installation that is directly within the 1-0 Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12: CIA-RDP85T00788R00010004Q i jl gntia1 I* individual's area of assignment. Reference will not be made to the particular governmental sponsor unless such identity is obvious from the nature of the contract. This category of access should be considered for machinists, engineers not directly involved in total program planning, and others not requiring full knowledge of the activity. (u) 38. APEX (Operational Codeword) - Phase II. This level of operational access is reserved for those in industry who, by virtue of contractual necessity or other duties, are required to have full knowledge of a particular operational activity. The Phase II level of access will permit knowledge of all data released to the Phase I accessed individuals and will allow detailed knowledge of the activity mission, sponsor, financial arrangements, geographic operational bases, system vulnerabilities, and so forth, as may be necessary. A need-to-know policy still exists despite approval for Phase II access, and it should not be assumed that all details will be given to all Phase II accessed individuals. (u) 39. APEX (Operational Subcompartment) - ALPHA. In addition to the above-cited phases of access, it is envisioned that under analytical contracts in industry and academic circles, certain facts about operational compartments will be required by industrial intelligence processors/analysts. To provide relevant operational details to such personnel, a separate operational subcategory, designated by the collection project codeword plus the term ALPHA, is to be used. The intent of this subcompartment is to avoid disclosure of full operational details not considered relevant to the contract. Generally this subcompartment will not allow access to financial or funding details, information pertaining to international agreements, details about governmental sponsorship, interagency arrangements, vulnerability data, and such other operational parameters deemed nonreleasable by the operational program manager or his designee. (u) 40. APEX (Generic Product). The product resulting from operational collection projects will be identified within the APEX Special Access Control System by its generic term. Specific access approval will be required for each of the four generic categories of APEX products. Access to each of these generic products is not controlled by phases of access. The APEX Product accesses will be reserved for personnel engaged in analytical and research projects that produce finished intelligence and for those engaged in developmental research projects requiring access to intelligence product. (u) Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 Physical Security Construction and Pro- 41. All APEX materials held by contractors must be stored in Contractor tection Standards APEX Control Facilities. These standards for construction and protection of CACFs will be as prescribed in Physical Security Standards for Sensitive Compartmented Information Facilities, dated 30 April 1973 or other such guidelines that may supersede it. (u) Accreditation of 42. Before an industrial facility is authorized to handle APEX material, it CACFs must be inspected and certified by the appropriate US Government Sponsor as having met the aforementioned construction and protection standards. Actions concerning accreditation of CACFs will be reported to the APEX Control Staff by the US Government Sponsor. (u) Inspections 43. Periodic inspection of CACFs is mandatory and must be done at least annually. Inspections are to be performed by designated government APEX security officers experienced in conducting security inspections for the control and storage of APEX materials and will assure that procedures and physical safeguards comply with standards prescribed by this manual. Reports of inspection will note all irregularities and will be forwarded to accrediting officials for review and necessary corrective action. Inspections will include inventory of APEX docu- ments of such scope to ensure that accountability and control are being maintained. Failure to locate any such documents will be reported on a priority basis. (u) Colocation Within 44. When it is deemed economically desirable to colocate different APEX Facilities activities within a single industrial CACF, a determination must first be made that such sharing will not have an adverse effect on any of the compartmented activities involved. When security considerations permit, a "Memorandum of Agreement To Share Facilities" will be executed among the industrial contractor and the government agencies sponsoring each separate APEX activity. The agreement will delineate the spaces to be used, storage procedures, access limitations, security responsibilities, and any other provisions considered germane to sharing the facility. (u) Confidential 12 Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 40  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100041.o0fdential Emergency Destruction 45. Each CACF must maintain an emergency plan approved by the and Evacuation responsible government APEX security officer. This plan will nor- Planning mally be part of an overall facility or corporate plan. It will, however, be separately stated for the CACF and will include provisions for the protection, of APEX data as well as protection of assigned personnel. Plans shall include provisions for the emergency destruction of APEX materials as well as action to be taken in the event of fire or other natural disaster. Emergency planning should ensure that adequate protection and firefighting equipment is available, especially in vault areas, and that escape and emergency exit plans are provided for and published.. Updates of emergency plans will be made annually and training provided to familiarize assigned personnel with the plans. (u) Personnel Access 46. Positive controls for personnel access must be established over all areas Controls where APEX information is handled. In areas where only small groups of personnel are involved, this control may be by means of personal identification. Where larger numbers are involved, a system of identification badges may be required for assigned personnel and cleared visitors. The industrial contractor will implement whichever procedure is deemed appropriate by the Government APEX security officer who has original cognizance over the facility. Access to CACFs by uncleared visitors-must be approved in advance by the cognizant US Government Sponsor except in those emergency situations where maintenance, fire, or medical personnel may require access. Uncleared visitors will be escorted at all times while in APEX areas. A visitor control log including the visitor's name and affiliation; date and time of entry/exit; purpose of visit; and point of contact will be maintained and retained by each CACO/CASO. (u) Two-Person Rule 47. To provide security and safety protection to APEX materials, all CACFs will be occupied by at least two APEX indoctrinated persons when in use. Persons selected to work in such areas will be chosen on the basis of proven reliability and maturity. (u) Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 Technical Security * Technical Security 48. Technical Security Countermeasures Inspections will be conducted as Countermeasures part of the accreditation process of a CACF and following major Inspections physical renovations. Reinspections will be scheduled by the cognizant SIO who will also ensure that personnel assigned to CACFs are briefed concerning the threat of technical penetration. (u) Computer Security 49. All automatic data-processing equipment used in CACFs will be operated in compliance with DCID 1/ 16 (Security of Foreign Intelligence in Automated Data-Processing Systems and Networks). No APEX or APEX-related information is to be processed before approval by the responsible SIO. (u) Compromising 50. All equipment used to transmit or process APEX information Emanations Control electronically, including communications, word-processing, and auto- (TEMPEST Security) matic data-processing systems and equipment, must satisfy the requirements of USCSB 4-11 (National Policy on Control of Compromising Emanations). All compromising emanations must be contained within boundaries specified by the TEMPEST accreditation authority. (u) Access Approval Certifications General Guidelines 51. The responsible SIO, normally acting through the ASO, is the authority empowered to certify APEX accesses held by a contractor to other government departments and agencies or to other government contractors or consultants. Such certification will be made only when need-to-know and the neccessity of visit requirements have been established. (u) Visits to/by 52. APEX-related visits will not be undertaken to/by the contractor Contractors without the approval of the cognizant government APEX contract authority. Normally, certification for a visit will be made on a one- time basis only. In unusual cases, however, when constant contact is required, term certifications for a period not exceeding one year may be authorized. Visit certifications are to be made in writing, either by * All requirements for technical security approvals are in addition to physical security approvals outlined in this manual. (u) Confidential -14 Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  0 Approved For Release 2005/07/12 : CIA-RDP85T00788R00010004000fJfi9ential letter or secure communications circuits, or otherwise as directed by the program manager. (u) Information Updates 53. A critical need of the APEX Special Access Control System is to maintain an accurate record of personnel currently indoctrinated for various compartments of the system. To enable the system to function properly, all CACO/CASOs must provide timely information on changes in the status of their personnel to the US Government Sponsor. These updates will also ensure that all briefing or debriefing actions are recorded as soon as possible. (u) Security Classification and Control Guidelines Basic Guidance 54. Only those government officials specifically authorized under EO 12065. may decide security classifications. Compartmentation caveats will be used solely, to provide need-to-know or access protection where normal management and safeguarding procedures are not, as protec- tive measures, considered sufficient. (u) Decompartmentation 55. Contractors are not authorized to decompartment or sanitize APEX Sanitization materials. CACO/CASOs may request or make recommendations for decompartmentation or sanitization of specific materials if essential to contract performance. (u) Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 Control Strandards and Procedures Classification Levels 56. Information in the APEX Special Access Control System will be classified and use of derivative classification will be in accordance with EO 12065, reserving CONFIDENTIAL for "identifiable damage," SECRET for "serious damage," and TOP SECRET for "exception- ally grave damage." No other classification levels are authorized. The following terms used in this system are unclassified when standing alone or not connected to the intelligence activities or intelligence information they designate: APEX; the APEX Special Access Control System; the codewords which identify the categories or intelligence product within the system (i.e., COMINT, HUMINT, IMAGERY, TECHNICAL). Project identifiers may be used outside the APEX control system, but must be protected by the standard classification level of CONFIDENTIAL or SECRET. The nature of individual contracts, however, may require that the connection of a contractor to APEX activity be treated as classified by virtue of the association. (u) Classification Guides 57. Contractors will be furnished classification guides by APEX govern- ment program managers or contracting officers to assist in the marking and control of information, hardware, or other items originating in contractor firms. These guides will be made as specific as possible and will be the means by which contractor firms assign classification categories. Responsible SIOs will provide individual guidance as required. (u) Labeling 58. The following labeling requirements are established for all written or graphic materials that contain APEX information and are dissemi- nated within the APEX Special Access Control System: A. Classification. The overall classification of a document, whether or not permanently bound, or any copy or reproduction thereof, will be conspicuously marked or stamped at the top and bottom of the outside of the front cover (if any), on the title page (if any), on the first page, on the back page, and on the outside of the back cover (if any). Each interior page of a document will be conspicuously marked or stamped at the top and bottom with the highest classification of the document. Portions of documents, to include paragraphs, subparagraphs, and titles, will be marked to reflect the level of classification, codewords, caveats, and other dissemination control markings or to state that the Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040PgJfigential particular portion is unclassified. Major components of some docu- ments are likely to be used separately. In such instances, each major component will be marked as a separate document. Examples include each annex, appendix, or similar component of a plan, program, or operations order; attachments and appendixes to a memorandum or letter; and each chapter of a report or document. B. Control System Caveats. All documents controlled within the system will be marked "HANDLE VIA APEX CONTROL SYS- TEM" on the front cover (if any), title page (if any), back page, and first page of all documents. Each interior page that contains APEX information will bear the same markings. C. Codewords and Indicators. Codewords for operational projects and product indicators will be placed following or below the classification marking on the front and back covers (if any), top and bottom of the title page (if any), first page, and each page which contains information requiring specific codeword/indicator protection. D. Control Numbers. APEX control numbers for hard copy docu- ments generated by contractors will be directed by the US Govern- ment Sponsor. They will consist of the letter "A", a three-digit number identifying the contractor, a dash, a five-digit assigned number, a slant or oblique stroke, and the last two digits of the current year; e.g., A123-12345/80. A sequential ("one up") system, beginning with 00001 each year for each contractor, will be used as the assigned number. The control number will be placed immediately below the classification in the upper right-hand corner of the front cover (if any), title page (if any), and first page of the document. Copy numbers of individual documents will be reflected as Copy _ of _ on the cover and first page of the document. Copy numbers of finished publications may be shown as Copy _ on the cover sheet, cover (if any), and first page. Electrical messages will be excluded from the requirement for APEX Control Numbers. E. Classification Review Notice. APEX materials are classified for a period of 20 years (except for foreign government information which will remain protected for 30 years). The following Classification Review Notice will be used on the cover (if any), title page (if any), or first page of typescript text, or inside cover of formal publications: 10 Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 CLASSIFIED BY: (designated government authority) REVIEW ON: (indicate date, 20 or 30 years from date of issuance) REASON FOR EXTENDED CLASSIFICATION: APEX 59E The abbreviation "REVW (date 20/30 yrs)" may be substituted in electrically transmitted messages. If derivative classification, use the following format: DERIVATIVE CL BY REVIEW ON DERIVED FROM (source document or classification guide citation) F. Marking Files, Folders, or Groups of Documents. Files, folders, or groups of documents shall be conspicuously marked to assure the protection of all APEX material contained therein. The classification and handling controls for such material should be marked on the file folder tab or other prominent location, or the marking should be affixed to an appropriate APEX cover sheet. (u) Pouching and Trans- 59. APEX material to be transmitted from one CACF to another must be mittal Requirements carried by two approved couriers, or by the Armed Forces Courier Service (ARFCOS). Courier procedures will ensure that APEX materials are adequately protected against the possibility of unauthorized viewing, loss, or other form of compromise during the transmission. Transmittal of APEX material via non-US-Govern- ment-operated or chartered aircraft is prohibited.* The responsible SIO must specifically approve all exceptions. Special contracting relationships with unique security requirements may be arranged by US Government Sponsors or program managers. Such arrangements must be approved by the appropriate SIO and coordinated with the APEX Steering Group. (u) 60. APEX couriers will be active-duty military or US Government civilian employees meeting APEX access approval standards of this manual and be specifically designated by the cognizant sponsoring agency. Couriering of APEX material by contractor employees is prohibited except when specifically approved by the responsible SIO. (u) 61. APEX materials will be enclosed for delivery in two opaque envelopes or otherwise be suitably double-wrapped using canvas bags, cartons, crates, leather pouches, and so forth. Containers will be secured with tape, lead seals, or tumbler padlocks, or by other means which would reasonably protect against surreptitious access. This container will be marked: * Does not apply to ARFCOS. (u) Confidential ~ 18 Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R00010004031"t&ntial PROPERTY OF THE US GOVERNMENT DO NOT OPEN If found call: (insert Phone No.) Collect (city state) 62. The inner and outer container will be annotated to show the pouch address and package number of the sending APEX facility. The notation "TO BE OPENED BY THE CACO" shall be placed above the pouch address of the receiving APEX facility on both containers. The proper security classification and the caveat "CONTAINS APEX-CONTROLLED MATERIAL" will be annotated on each side of the inner wrapper only. The inner container will contain the document receipt and should also reflect the name or office symbol of the person/activity for whom the material is intended. (u) Electrical 63. APEX material transmitted electrically will be controlled according to Transmissions procedures prescribed below. Senders must assure that electrical transmissions are made only to authorized recipients, who must provide procedures for the proper protection of APEX material received in this manner. These procedures will include the establish- ment of a recipient's need-to-know in circumstances where no hard copy or record copy of the material will result. (u) 64. Electrical transmission of APEX material will be limited to specifically accredited communications circuits secured by a govern- ment-approved cryptographic and/or protected distribution system. (u) 65. Material transmitted by accredited communications circuits or other specialized means will be marked at the top and bottom with the assigned classification and portion marked in the manner prescribed above for documents. Applicable codewords, designators, caveats, and so forth, will be clearly shown, consistent with the design of the message form or format being used. (u) 66. The first item in the text of a message will be the overall classification of the message, applicable codeword(s), the words "HANDLE VIA APEX CONTROL SYSTEM ONLY," and such other markings as may be required to note dissemination controls. (u) Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Confidential, Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 Cover Sheets 67. An APEX cover sheet will be used when transmitting APEX materials outside a CACF. Publications need not have a separate document cover sheet affixed if the publication cover includes all prescribed markings. A. TOP SECRET APEX hard copy material will be covered with unique cover sheets. There are cover sheets for TOP SECRET APEX publications which incorporate on the reverse side a dissemination control log and a certification of destruction. There are cover sheets for TOP SECRET APEX documents (less formal issuance than publica- tions) which incorporate on the front of the cover sheet a dissemination control log and a certificate of destruction. B. There are separate cover sheets for TOP SECRET documents and publications. Operational compartments (Yellow) Operational subcompartments (Brown) Product compartments (Red) C. SECRET and CONFIDENTIAL level APEX material will be covered with a Gray cover sheet. D. Cover sheets need not be used on electrical transmissions or on hard copy material that does not leave an APEX facility. E. Samples of the cover sheets are at Enclosure I. Cover sheets are available through the US Government Sponsor. (u) Destruction 68. As soon as possible after its purpose has been served, all APEX material will be destroyed in a manner that will preclude reconstruc- tion in any intelligible form. However, only those items approved by the cognizant government agency may be destroyed, by only those methods of destruction specifically authorized by the responsible SIO. (These methods may include burning, pulping, pulverizing, melting, or chemical decomposition, depending on the type of materials to be destroyed.) All destruction shall be supervised and witnessed by at least two APEX-indoctrinated individuals. Destruction certificates will be completed for all items destroyed. APEX material contained within computer or automated data-processing systems or other magnetic media will be degaussed or destroyed only by equipment specifically approved by the contracting authority. (u) Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R00010004q% ntial Reproduction 69. Reproduction of APEX material will be subject to the restrictions and procedures established by the responsible SIO. Copies of documents are subject to the same controls as the original. Adherence to stated prohibitions against reproduction is mandatory. Any equipment used for APEX reproduction must be thoroughly inspected and sanitized before removal from an APEX facility. (u) 70. Reproduction of all hard copy APEX materials within the APEX Special Access Control System requires the consent of the originator, and shall be accomplished by the CASO or ACASO following procedures approved by the US Government Sponsor. (u) Accountability 71. All hard copy APEX TOP SECRET documents will be inventoried at least annually or when there is a termination of contract, a change of designated CACO, or a change of authorized custodians of such material. (u) 72. Random inventories will be conducted at least annually for all APEX materials classified SECRET or CONFIDENTIAL according to formulas provided by the responsible SIO. (u) 73. Should the random inventory of APEX material fail to locate the sampled documents, the CASO will order a complete inventory of all APEX documents received by a CACF. (u) 74. Reports of discrepancies will be provided immediately to the responsi- ble US Government Sponsor. The CASO will initiate a search for all of the missing documents and the Sponsor will conduct an investiga- tion. (u) 75. CACOs will keep a record of all APEX-numbered material received by or dispatched from their CACFs. This dissemination record will include for each item a brief entry that identifies the nature of the APEX material and the specific organizations-outside or within the CACF-for whom the material is intended. Dissemination records of incoming or dispatched APEX materials will be retained for two years. Records of incoming or dispatched TOP SECRET APEX documents will be detroyed five years after the documents are transferred, downgraded, or destroyed. (u) 76. Working materials containing APEX-controlled information that are used and retained exclusively within a CACF-such as preliminary drafts of reports or studies, film clips included in analysts' reference Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 files, and waste materials such as carbon sheets, carbon ribbons, reproduction plates, stencils, composition tapes, masters, stenographic notes, and worksheets-do not require an APEX number or dissemi- nation record but must be safeguarded and marked as "WORKING PAPERS" in accordance with the storage requirements for APEX- controlled materials. If they are to be removed from the CACF they will be controlled as regular APEX materials. (u) 77. Contractors or consultants will not distribute APEX materials outside a CACF without the permission of the contract monitor or the responsible SIO. (u) Procedures for Control of Specialized Hard Copy Documents Automatic Data 78. All automatic processing of APEX-controlled information and mate- Processing: rial will be conducted in accordance with instructions provided by the responsible SIO. To facilitate identification, accounting, and control of APEX-controlled data in magnetic form, each reel or casette of tape, and each magnetic card or disk pack that contains APEX-controlled data will be prominently labeled with security classifications, APEX Special Access Control System markings, and other required APEX caveat designators. To the extent possible, other ADP-related media will be similarly marked. (u) Film/ Photographic 79. Roll film, flats, slides, or other forms of photographic negatives or Materials positives used for photographic interpretation are considered raw intelligence data and need not be.subject to individual accountability controls, but must be labeled as to security classification and controlled under APEX control procedures. (u) 80. Labels on roll film placed in opaque containers will be located as follows: A. One on end of spool flange. B. One on side of spool container.- C. One on container cover. (u) 81. Film in transparent containers needs only one label placed visibly on the spool flange. This procedure is intended to facilitate reuse of the containers. (u) Confidential 22 Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040i fdential 82. The film itself will include all APEX control system markings on the heading and tail identification. (u) Microfiche 83. Each microfiche will have a heading whose elements are readable without magnification. The heading elements will specify: the long and short titles of the documents; security classification and codewords, which will not be abbreviated; and standard abbreviations or codes for handling caveats, APEX control numbers, copy numbers, dissemina- tion control marking, and distribution restrictions. The exact place- ment of the heading elements will be as prescribed by the cognizant SIO. Individual microfiche are also to be placed in separate envelopes that are color-coded to reflect the level of security protection to be accorded them. (u) Microfilm 84. Each role of microfilm, whether mounted on an open reel or in a cartridge, will contain security information which is readable without magnification. The boxes containing processed film in open reels and the film cartridges will be labeled with the appropriate security information. In addition, the labeling will include the document's long and short titles. Microfilms containing documents with individual titles and APEX numbers too numerous to be included on the label may be identified by a generalized composite title and a new APEX number. (u) Raw Data 85. Bulk receipts will be used on raw data that is dispatched to or from any ACF or CACF via the APEX CONTROL SYSTEM. (u) Security Violations/Compromises Responsibility to 86. Persons approved and briefed for APEX access are responsible for Report reporting any possible security violations or compromises of APEX information to their CASO. Such reporting must be done immediately to keep damage to an absolute minimum. The primary focus is to determine the damage to the nation's security and secondly to ascertain management or individual actions to minimize recurrence. The cognizant government ASO is to be notified in a timely fashion of both the incident and the results of the investigation of it. (u) 23 Confidential Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 Investigative 87. CASOs and ASOs of cognizant government agencies are jointly Responsibility responsible for the investigation of all security violations and possible compromises of APEX materials within their jurisdiction. Investiga- tions will attempt to develop full details of the violation or compromise, determine whether and how much information was exposed, the damage that resulted, and whether culpability was apparent in allowing the violation or compromise to occur. Sanctions will be prescribed by the responsible SIO. These sanctions will be adminis- tered by the ASO and the action taken will be recorded in security files of the contractor and the cognizant government agency. (u) 88. When it is determined that material has, in fact, been revealed inadvertently to an unauthorized person, the contractor will immedi- ately advise the responsible government ASO of the incident and will secure an inadvertent-exposure agreement, unless otherwise directed. (u) 89. In all cases of inadvertent exposure a written report will be provided by the CASO to the cognizant government ASO. (u) 90. If personnel to whom inadvertent exposure has been made can be expected to maintain absolute secrecy of the APEX material to which they have been exposed and execute an inadvertent-exposure agree- ment, the cognizant government ASO may make a finding that no compromise has occurred. (u) Corrective Action 91. In the course of investigating security violations and compromises, it may become clear that there are weaknesses in operating procedures in the affected components. It is the responsibility of each CASO, when identifying such basic deficiencies, to initiate corrective action. The corrective action recommended will be incorporated in the investiga- tive report to the ASO of the cognizant government agency. (u) Security Education General 92. Security education is a continuing process, which must be initiated at the time of indoctrination, periodically reinforced, and emphasized when access is terminated. ASOs and CASOs as well as all indoctrinated personnel must continually maintain and increase security awareness through day-to-day vigilance and reinforcement of basic security principles. (u) Confidential 24 Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040o%lr9ential Initial 93. Personnel are to be indoctrinated by a designated ASO. The Indoctrination indoctrination will cover: A. The need for, purpose of, and structure of the APEX Special Access Control System and the adverse effects on the national security that could result from unauthorized disclosure of APEX information. B. An explanation of the sensitivity of APEX information and its relationship to other intelligence information processed by the US Government. C. The administrative, physical, and other procedural security requirements of the APEX Special Access Control System. D. Individual classification management responsibilities of personnel in the APEX system, including classification guidelines and marking requirements. E. The criminal penalties for espionage and unauthorized disclosure. F. The sanctions for violation or disregard of APEX security procedures. G. The techniques employed by foreign intelligence organizations in attempting to obtain national security information. H. The security responsibilities of the individual, who must be made aware of: (1) The prohibition against disclosing any classified informa- tion to unauthorized persons, with special emphasis upon nonsecure telephones and nonsecure places. (2) Procedures to determine that prospective recipients are approved for access. (3) The administrative reporting requirements involving such things as nonofficial foreign travel, contacts with foreign nationals, attempts by unauthorized persons to obtain APEX information, possible loss or compromise of APEX material, physical security deficiencies, and personnel security concerns that would probably have an adverse effect on APEX security. 25 Confidential Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Confidential Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 (4) The requirement for prior review of public speeches or writings related to work done or in progress involving APEX compartmented materials or materials from predecessor programs. 1. Execution of a Nondisclosure Secrecy Agreement. (u) Continuing 94. Security education programs will be established as directed by the US Security Government Sponsor to ensure that persons granted access to APEX Programs material are periodically instructed as to its unique sensitivity and their personal responsibility for protection of APEX materials. (u) Termination of Access 95. When it has been determined that an individual no longer requires access to any type of APEX information, he/she should be debriefed and provided with final instructions and guidelines on the protection of APEX information and his/her personal responsibilities. This debrief- ing will include: A. A reminder of the appropriate sections of Titles 18 and 50 of the US Code, their provisions, and criminal sanctions relative to espionage and unauthorized disclosure. B. The continuing obligation never to divulge, publish, or otherwise reveal to any unauthorized person any APEX information without express permission of the appropriate responsible officials. C. An acknowledgment of individual responsibility to report to appropriate US Government officials any attempt by an unauthorized person to solicit APEX information. D. A declaration that the individual no longer has any APEX materials in his/her possession. E. A reminder of the risks associated with hazardous activities. F. Execution of a Termination of Access/Security Reminder. (u) Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040OAldOntia1 Glossary APEX Control Facility (ACF) A formally accredited area, room, group of rooms, or installation where APEX material may be stored, used, discussed, and/or electrically processed. Procedural and physical measures prevent the free access of persons unless they have been formally indoctrinated for the particular APEX material authorized for use or storage within the ACF. APEX Control Officer (ACO) The US Government-designated individual charged with responsibility for administration of the APEX Special Access Control System. SIOs will appoint or cause to be appointed ACOs and alternates to administer the system within their organizations and jurisdictions. APEX Control Staff A staff of professionals supporting the APEX Steering Group and the DCI in establishing and operating a single Community special access system for national foreign intelligence (APEX). APEX Security Officer (ASO) The US Government-designated individual charged with responsibilty for- all security aspects of the APEX Special Access Control System. SIOs will appoint or cause to be appointed ASOs and alternates to enforce APEX security within their organizations and jurisdictions. APEX Special Access Control System A system which provides for the security control of Special Access Programs within the category of national security information called National Foreign Intelligence. It includes collection programs, its product categories of COMINT, HUMINT, IMAGERY, and TECHNICAL Intelligence, and especially sensitive material in the ROYAL category. Codeword Generally a word or term which conveys a prearranged meaning other than the conventional one. Compartmentation Formal systems of restricted access established and/or managed by the Director of Central Intelligence (DCI) to protect the sensitive aspects of sources, methods, and analytical procedures of foreign intelligence programs. Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Confidential Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 Contractor APEX Control Officer (CACO) The contractor-employed individual charged with responsibility for admin- istration of the APEX Special Access Control System within his firm. Appointments of CACOs will be approved by the cognizant US Government Sponsor. Contractor APEX Security Officer (CASO) The contractor-employed individual charged with responsibilty for all security aspects of the APEX Special Access Control System within his firm. Appointment of CASOs will be approved by the cognizant US Government Sponsor. Decompartmentation The removal of information from a compartmentation system without attempting to conceal the generic source. Defensive Security Briefing Formal advisories which alert personnel to the potential for harassment, provocation, or entrapment while traveling within hazardous areas. They should be based on actual experience when available, and include information on courses of action helpful in minimizing adverse security and personal consequences. Document Any recorded information regardless of its physical form or characteristics, including, without limitation, written or printed matter, data-processing cards and tapes, maps, charts, paintings, drawings, photos, engraving, sketches, working notes and papers, reproductions of such things by any means or process, and sound, voice, magnetic or electronic recordings in any form. In the context of this manual, publications are documents which have been produced by a printing plant. Executive Agent Within the meaning of this manual, that person, organization, or entity which functions on behalf of another in the accomplishment of specific intelligence tasks mandated by higher government authority. Executive Agent Program A program wherein a single department, agency, or organization collects or processes foreign intelligence for the Intelligence Community at the direction of the DCI or higher national authority. Foreign Government Information Information that has been provided to the United States in confidence by, or produced by the United States pursuant to a written joint arrangement Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12: CIA-RDP85T00788R00010004QQ1d&tial requiring confidentiality with, a foreign government or international organization of governments. Such a written joint arrangement may be evidenced by an exchange of letters, a memorandum of understanding, or other written record. Hard Copy Document Any document that is initially published and distributed by the originating component in paper form and that is not stored or transmitted by electrical means. Hazardous Activities Hazardous activities include assignments or visits to, and travel through, countries listed in DCID 1/20. Hazardous activities also include assignment or travel in combat zones or other areas where hostilities are taking place, duties behind hostile lines, and duties or travel in isolated or exposed areas where individuals cannot reasonably be protected against hostile action. Intelligence Sources and Methods A collective term for those persons, organizations, things, conditions, or events that provide intelligence information and those means used in the collection, processing, and production of such information which, if compromised, would be vulnerable to counteraction that could reasonably be expected to reduce their ability to support US intelligence activities. National Collection Program A program wherein a single department, agency or organization collects or processes foreign intelligence for the Intelligence Community at the direction of the Director of Central Intelligence (DCI) or higher national authority. National Foreign Intelligence Information collected about foreign entities collected by or in the name of the DCI to satisfy national level policymakers. It includes the means and sources through which this information is collected. It does not include departmental efforts to collect information to satisfy needs unique to their mission. It recognizes a difference between classified defense materials an( classified national level information. Operational Compartments Within the APEX Security Control System, those collection activities whic. deal with proposed, developing, or functional foreign intelligence collectior operations. Included within the definition are all policy, planning, research development contracting, systems operations, budgeting, and mission- related data. Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Confidential =:.:-. .. -Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 Operational Subcompartments .:: e. A special category created to give. analysts, processors, tasking officers, and resource. managers access to specified-operational project data needed to perform their jobs. Product Compartments Intelligence resulting from APEX-controlled-collection activities which is segregated into generic categories of information. Product includes some raw-.data and intelligence information as well as finished intelligence such as estimates,'reports, and other written matter. ' Program Manager/Director The head of an operational activity; which collects or processes foreign intelligence. for;the=Intelligence Community at.the direction of the Director of Central Intelligence; (DCI) :or higher national authority. Release of Classified Intelligence. For the purpose of this directive, release is the authorized visual, oral, or physical: disclosure, of classified intelligence. - - . Sanitization The concealment of sensitive intelligence sources, methods, and analytical procedures to permit dissemination of information outside of compartmentation systems. Sensitive Compartmented Information (SCI) The term SCI means all information and material bearing special controls for restricted handling within compartmented foreign intelligence systems. The term does not include Restricted Data as defined in the Atomic Energy Act of 1954, as amended. Sensitive Sources, Methods, and Analytical Procedures Those aspects of foreign intelligence collection, processing, or exploitation activities which are vulnerable to hostile actions that nullify or curtail their effectiveness or continuing productivity. Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R00010004QMeetial Senior Intelligence Officer (SIO) For purposes of implementing the APEX Special Access Control System, the SIOs are defined as those senior principals and observers to the NFIB who head intelligence organizations- or intelligence producing agencies within the Intelligence Community. For purposes of expediency and workability, the principals may delegate this authority to other persons within their organization. Technical Surveillance Countermeasures (TSCM) Inspections A thorough physical, electronic, and visual examination to detect technical surveillance devices, technical security hazards, and physical security weaknesses. TSCM inspections differ from TEMPEST surveys in that the latter are limited to investigation and studies of compromising emanations whereas the TSCM inspections are basically designed to prevent or discover the technical penetration efforts of hostile intelligence services. TEMPEST Security Inspections . A thorough technical investigation and study of compromising electromag- netic emanations through the use of sensitive electronic listening devices and recorders. US Government Sponsor In the context of this manual, that US Government office which has designated responsibility for the contract. This glossary is Unclassified Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R00010004 tial APEX operational publica- tion cover sheet (front). Cover sheet for use with APEX operational publica- tions. Project name(s)/ codeword(s)/product indica- tor(s) will be placed as shown. Cover sheet stock is unclassified. Cover sheets are classified when classi- fied project name(s), codeword(s), and/or titles are affixed. Controlled Publication This is an APEX publication Restricted to those approved for access to: Dissemination Control Log The APEX Control Officer of each organization receiving this document must sign on the reverse side and maintain a record of its internal dissemination. Each indviidual who sees this document will also sign and indicate the date of handling. Pub. No. 00-00000 Day Month Year Copy Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Confidential Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 ? Dissemination Control Log The APEX Control Officer of each organization receiving this document must sign here and maintain a record of its internal dissemination. Each individual who sees this document will also sign and indicate the date of handling. Certification of Destruction When document is destroyed, this control sheet may be kept or returned to the originator and be destroyed when five years old. APEX operational publica- tion cover sheet (rear) with integral dissemination con- trol log and certificate of destruction. 0 Confidential Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R0001000%Aetgtial ? Handle via APEX Control System Top Secret X7/7 7 /l/-/ APEX operational docu- ment cover sheet (front). Cover sheet for use with APEX operational docu- ments. Project name(s)/ codeword(s)/product indica- tor(s) will be placed as shown. Cover sheet stock is unclassified. Cover sheets are classified when classi- fied project name(s) or Controlled Document Dissemination Control Log The APEX Control Officer of each organization receiving this document must sign here and maintain a record of its internal dissemination Each individual who sees this document will also sign and indicate the date of handling This is an APEX document Restricted to those approved for access to: codeword(s) is/(are) affixed. /I / [Project Name(s) / Codewrd(s) / Product Indicator(s)] V ~ V Certification of Destruction When document is destroyed, this control sheet may be kept or returned to the originator and be destroyed when five years old. Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 is Dissemination Control Log The APEX Control Officer of each organization receiving this document must sign here and maintain a record of its internal dissemination. Each individual who sees this document will also sign and indicate the date of handling. APEX operational docu- ment cover sheet (rear). Continuation of the dissemi- nation control Log. 0 Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12: CIA-RDP85T00788R00010004%9 ntial Cover sheet for operational subcompartment publica- tion (front). Operational project name(s) with the suffix ALPHA, other oper- ational subcompartment name(s), codeword(s), and product indicator(s), if ap- propriate, will be placed as shown. Cover stock is un- classified. Cover sheets are classified when classified project name(s) with ALPHA suffix, code- word(s), and/or titles are affixed. This is an ,cation Restricted pproved for a o: Dissemination Control Log The APEX Control Officer of each organization receiving this document must sign on the reverse side and maintain a record of its internal dissemination. Each indviidual who sees this document will also sign and indicate the date of handling. Control Number A-00000000/80 Pub. No. 00-00000 Day Month Year Copy 37 Confidential Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 Dissemination Control Log The APEX Control Officer of each organization receiving this document must sign here and maintain a record of its internal dissemination. Each individual who sees this document will also sign and indicate the date of handling. Certification of Destruction When document is destroyed, this control sheet may be kept or returned to the originator and be destroyed when five years old. Cover sheet for operational subcompartment publica- tion (rear) with integral dis- semination control log and certificate of destruction. Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R00010004NRAiantial Cover sheet for use with operational subcompart- ment document (front). Operational project name(s) with the suffix ALPHA, other operational subcompartment name(s), codeword(s), and product indicator(s), if appropriate, will be placed as shown. Cover sheet stock is unclas- sified. Cover sheets are clas- sified when classified project name(s) with ALPHA suffix, and/or codeword(s) is/(are) affixed. Dissemination Control Log The APEX Control Officer of each organization receiving this document must sign here and maintain a record of its internal dissemination Each individual who sees this document will also sign and indicate the date of handling This is a ment Resl'cte approved for Certification of Destruction When document is destroyed, this control sheet may be kept or returned to the originator and be destroyed when five years old. Control Number Copy of Date Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12: CIA-RDP85T00788R000100040001-9 Dissemination Control Log The APEX Control Officer of each organization receiving this document must sign here and maintain a record of its internal dissemination. Each individual who sees this document will also sign and indicate the date of handling. Cover sheet for use with operational subcompart- ment document (rear). Continuation of the dissemi- nation control log. Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 Confidential ? ? ? Enclosure I-E Cover sheet for product pub- I lications (front). Product generic source indicator(s) and/or codeword(s), as ap- propriate, will be placed as shown. Cover sheet stock is unclassified. Cover sheets are classified when classi- fied codeword(s) and/or titles are affixed. G (Publication Title Goes in this Position) Top Secret Control Number A-00000000/80 Dissemination Control Log The APEX Control Officer of each organization receiving this document must sign on the reverse side and maintain a record of its internal dissemination. Each indviidual who sees this document will also sign and indicate the date of handling. Handle via APEX Control System Top Secret Pub. No. 00-00000 Day Month Year copy See overleaffor opposite side of this sheet. Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 40 Dissemination Control Log The APEX Control Officer of each organization receiving this document must sign here and maintain a record of its internal dissemination. Each individual who sees this document will also sign and indicate the date of handling. S Certification of Destruction When document is destroyed, this control sheet may be kept or returned to the originator and be destroyed when five years old. Cover sheet for product pub- lications (rear) with integral dissemination control log and certificate of destruction. Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100049 tial ? Cover sheet for product documents (front). Product generic source indicator(s) and/or codeword(s), as ap- propriate, will be placed as shown. Cover sheet stock is unclassified. Cover sheets are classified when classi- fied codeword(s) is/(are) affi xed. Dissemination Control Log The APEX Control Officer of each organization receiving this document must sign here and maintain a record of its internal dissemination Each individual who sees this document will also sign and indicate the date of handling \\\\/ This is anti FA EX doum Restricted't&those approved for acfiess-to: t [Productfndlcator(s)/Codeword(s)] Certification of Destruction When document is destroyed, this control sheet may be kept or returned to the originator and be destroyed when five years old. Control Number Copy of Date OOOOOOOOOOOOOOOOa Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9 I Dissemination Control Log The APEX Control Officer of each organization receiving this document must sign here and maintain a record of its internal dissemination. Each individual who sees this document will also sign and indicate the date of handling. Cover sheet for product doc- uments (rear). Continuation of dissemination control log. Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Approved For Release 2005/07/12 : CIA-RDP85T00788R0001000499OMtia1 0 Cover sheet for all CONFI- DENTIAL and SECRET documents in the APEX Control System. Project name(s)/codeword (s)/prod- uct indicator(s) will be placed as shown. Cover sheet stock is unclassified. Cover sheets are classified when classified project name(s) and/orcodeword(s) is (are) affixed. N // This is an APEX documet\v"> Restricted to those approved for access to: Certifcation of Destruction When document is destroyed, this control sheet may be kept or returned to the originator and be destroyed when two years old. Date CoDY' OOOOOOOOOOOOOOL/ Oa Approved For Release 2005/07/12 : CIA-RDP85T00788R000100040001-9  Confidential Approved For Release 2005/07/12: CIA-RDP85T00788R000100040001-9