confidentiality regulations for CAP?? OPSEC?

[mynetdude]

I'm not aware of any confidentiality regulations other than OPSEC/INFOSEC, which explains that certain information is confidential in the first place.

So is there a separate regulation that governs confidentiality? If so can someone point that out please?

[lordmonar]

There is some IG issues that are confidential.  As are comm frequencies and as you pointed out OPSEC issues.

Also as any leader should know there are times when what you hear and are told by squadron members should be held in confidence and/or non-attribution.

[mynetdude]

There is some IG issues that are confidential.  As are comm frequencies and as you pointed out OPSEC issues.

Also as any leader should know there are times when what you hear and are told by squadron members should be held in confidence and/or non-attribution.

I do know that Chaplain, IG, and comm freqs (opsec) are confidential...

What about staff meetings or ops meetings? I'm not saying these areas should be exempt, but if you can't share ideas because of confidentiality then its pointless or you can't share your own opinions about what was said is also pointless.

Its one thing to state finances, actual assets, where they are, where coming from going to and all involved or actually naming the person by first/last name would be the subject of matter.

Again, the question is... are there any regulations dictating what is to be held confidential?

[Short Field]

You would need to be more clear in your question for a decent answer and this isn't the place to be more clear.  

"Confidential" is a security classification that requires a security clearance to access.  The odds that you are talking about that are slim.

CAP does use "For Offical Use Only".  There are types of infomation that FOUO covers.  I found at least one policy letter covering one type of information.  Tests are another type of information that would be  considered sensitive information.  Most of these are covered by Non-Disclosure Agreements that you agree to prior to being given the information.   Your agreement is not always required in writing but more along the lines of "if you open this document, you are agreeing to...." sort of thing.

I am not aware of a specfic regulation that covers this.  Maybe someone else can find a source.  But the Non-Disclosure Agreements are enough to get you in trouble with CAP.  But look on the bright side, CAP can't put you in prison for the rest of your natural life or have you shot.  The most you can lose is your membership.

If what you are talking about is violating the confidence someone had in you when they gave you certain information, then that is a totally different situation.   If they expected you to hold the information in confidence and told you so, then they would be justified in being upset with you.   That is a matter of violating their trust in you. 

A good staff officer has a obligation to provide his Commander or boss with their honest opinion about things.  However, once a decision is made, they also have a obligation to support that decision (assuming the decision is "legal").   In CAP, failure to do so can make them "upset" with you.  If they are upset with you, don't expect them to be supporting you when it comes to good recommendations. 
 
   

[mynetdude]

well since this isn't the place to be real clear... I won't try.  But I'd like to point something out then...

if what you are talking about is violating the confidence someone had in you when they gave you certain information, then that is a totally different situation.   If they expected you to hold the information in confidence and told you so, then they would be justified in being upset with you.   That is a matter of violating their trust in you.

I have been asked this a number of times, and I have upheld their requests.  I won't give examples or names of those who have asked.  So, is this cause for breach of CAP confidentiality regulations?

I was not aware that everything that goes on during a staff/planning meeting are considered confidential until now.

A good staff officer has a obligation to provide his Commander or boss with their honest opinion about things.  However, once a decision is made, they also have a obligation to support that decision (assuming the decision is "legal").   In CAP, failure to do so can make them "upset" with you.  If they are upset with you, don't expect them to be supporting you when it comes to good recommendations.

I agree, however that should not be the basis for disciplinary action against another member, it is one for them to violate OPSEC because there are regulations however to breach confidentiality could be another.

And as to FOUO regards, that is also covered in OPSEC because it is explained there.  So once again, are there any specific regulations stating what contents that are not covered under OPSEC that would be confidential?
 

[mikeylikey]

I have got to point out that the vast majority of CAP members who took the CAP specific OPSEC training still have no idea what OPSEC really is. 

It is one thing to sit through a 10 minute powerpoint presentation at a SQD meeting and declare "I am OPSEC qualified".  The whole CAP OPSEC program is a huge joke. 

Perhaps we should ask the AF for their training program and actually make the member sit through 12 hours of classes.  Then I will gladly take note of everyone's various OPSEC definitions and Barracks Lawyering, until then, I laugh.

mynetdude......you got screwed over.  I feel bad for you, but don't you think if those who originally screwed you over did it because of stuff you posted at CAPTALK, they are going to check on everything you post from now on.  You are making yourself out to be a disgruntled member, and they will use every thing you type against you from now on.

[mynetdude]

I have got to point out that the vast majority of CAP members who took the CAP specific OPSEC training still have no idea what OPSEC really is. 

It is one thing to sit through a 10 minute powerpoint presentation at a SQD meeting and declare "I am OPSEC qualified".  The whole CAP OPSEC program is a huge joke. 

Perhaps we should ask the AF for their training program and actually make the member sit through 12 hours of classes.  Then I will gladly take note of everyone's various OPSEC definitions and Barracks Lawyering, until then, I laugh.

mynetdude......you got screwed over.  I feel bad for you, but don't you think if those who originally screwed you over did it because of stuff you posted at CAPTALK, they are going to check on everything you post from now on.  You are making yourself out to be a disgruntled member, and they will use every thing you type against you from now on.

Maybe so, but I don't plan on it.  There are a number of events that have recently transpired that will make a difference on its own without my help.

I can't find any regulations stating confidentiality requirements other than OPSEC.  Cadets who have taken OPSEC have no clue... I explain to them of examples of what would be breach of OPSEC.

Mission details, social security numbers, phone numbers, addresses, sharing with people who have  no need to know certain information.  I cannot see how one phrase and my opinion at a meeting has anything to do with OPSEC I didn't state any specifics nor names and I still fail to see how that falls under confidentiality regulations which I cannot find!!!

I'll bet if I were involved in VSAF there are a buttload of confidentiality/OPSEC requirements for that, I am sure they train you to know what is considered confidential and/or OPSEC covered.

They may have screwed me, maybe not... I am bitting back by disappearing altogether I am the squadron's best IT person and they messed that up big time.

[Tubacap]

Is there a way for CAP Personnel to take the USAF OPSEC/INFOSEC courses?  I would be interested in learning more, and meeting at a NG Center, it may be prudent to know.

[jimmydeanno]

Is there a way for CAP Personnel to take the USAF OPSEC/INFOSEC courses?  I would be interested in learning more, and meeting at a NG Center, it may be prudent to know.

I don't know if it's the same thing or not, but when I had a job on base (2004-2006) I had to take "OPSEC/INFOSEC" training before I could start.

All it consisted of was the AF person handing me a printed off power point presentation and reading it.  All it said was things like; "If it is marked confidential and you don't have a security clearance, don't read it, but let someone know it needs to be locked up."

It was just on how to handle each type of material, not how to actually classify it.  Then I had to sign a paper saying I understood.  It took 5 minutes - tops.

[mynetdude]

Is there a way for CAP Personnel to take the USAF OPSEC/INFOSEC courses?  I would be interested in learning more, and meeting at a NG Center, it may be prudent to know.

I don't know if it's the same thing or not, but when I had a job on base (2004-2006) I had to take "OPSEC/INFOSEC" training before I could start.

All it consisted of was the AF person handing me a printed off power point presentation and reading it.  All it said was things like; "If it is marked confidential and you don't have a security clearance, don't read it, but let someone know it needs to be locked up."

It was just on how to handle each type of material, not how to actually classify it.  Then I had to sign a paper saying I understood.  It took 5 minutes - tops.

Well, that works if you're just handling information and needing to know what to do with it if you receive it.

Unfortunately we're a bunch of volunteers that need to make up our own minds what is what.  And sometimes it would help to know how to identify/classify information as confidential or meeting OPSEC requirements and some information is kind of obvious as to what is what.

[lordmonar]

I have got to point out that the vast majority of CAP members who took the CAP specific OPSEC training still have no idea what OPSEC really is. 

It is one thing to sit through a 10 minute powerpoint presentation at a SQD meeting and declare "I am OPSEC qualified".  The whole CAP OPSEC program is a huge joke. 

Perhaps we should ask the AF for their training program and actually make the member sit through 12 hours of classes.  Then I will gladly take note of everyone's various OPSEC definitions and Barracks Lawyering, until then, I laugh.

mynetdude......you got screwed over.  I feel bad for you, but don't you think if those who originally screwed you over did it because of stuff you posted at CAPTALK, they are going to check on everything you post from now on.  You are making yourself out to be a disgruntled member, and they will use every thing you type against you from now on.

In my 22 years in the Air Force I have never sat through a 12 hour OPSEC class.  And the CAP OPSEC training is almost exactly the same....in fact it better, because there is not test at the end....then my last USAF OPSEC training.

[Tubacap]

So I guess my desire would be in the classification realm, does anyone know of a good resource for that?

[lordmonar]

What's to know about OPSEC.

If the informaiton is NOT CLASSIFIED....but could tip our advasaries off to what our operations are...we should protect it.

Specific information that CAP uses...

Flight times for upcoming HLS/CD missions.
Operating Frequencies
Aircraft Tail Numbers
Number of personnel on a mission
Number of planes/vehicles on a mission

"Need to know."

If someone does not need to know the information...don't tell them.

It is not rocket science.

This is OPSEC....it's all no the slide.  It is almost all the same stuff that we teach about media relaitons in the GES class.  Talk about CAP not the mission.

[Tubacap]

Capt,
Understood, but I'm talking more about the stuff that we may inadvertently see while participating in those duties.  I am well aware of the CN side of life, but I may/may not know about things within the RM that would apply under those same principles. 

Also who has the authority to label something FOUO, which I know we have hashed out before, but where is the regulation or ICL?

It would ease my mind to be a little more safety/security conscious in my communications.

[lordmonar]

The FOUO policy can be found on the CAP web site.
Anyone has the authroity to slap FOUO on something if they feel that it needs to be protected.

As for classified information you will know it when you see it.    It will say Confidential/Secret/Top Secret on the top of it....and should have a blue, red, orange or yellow cover sheet on it!

For everthing else...it is not that hard.

If the information can be used by our advasary to get clues into our operations and capabilites.  We should not be talking about it unless you have a clear need to know.

Mainly you just need to think before you talk/write.  Ask yourself....if a terrorist or drug dealer got ahold of this information would it make it harder for us to catch him?

If the answer is no....then press on.  If the andswer is yes....ask yourself....does the person/people I am sending this to really need to know this information?  Can I sanitise it to make it less vulnerable?

Such as....we are having 3 CD flights this saturday at 0600 who can fly these missions? changes to to we have some operational flights coming up in the near term I need to see your availablity over the next two weeks so I can assigne crews.

[Tubacap]

^Thanks!  I didn't know about the fronts of things, although that makes sense.

[davidsinn]

What's to know about OPSEC.

If the informaiton is NOT CLASSIFIED....but could tip our advasaries off to what our operations are...we should protect it.

Specific information that CAP uses...

Flight times for upcoming HLS/CD missions.
Operating Frequencies
Aircraft Tail Numbers
Number of personnel on a mission
Number of planes/vehicles on a mission

"Need to know."

If someone does not need to know the information...don't tell them.

It is not rocket science.

This is OPSEC....it's all no the slide.  It is almost all the same stuff that we teach about media relaitons in the GES class.  Talk about CAP not the mission.

How are tail number's FOUO if they are available to anyone that looks at the FAA's site?

[Tubacap]

I would take that is tails that are going to be involved in a specific operation should be safeguarded.

[FW]

There is a little known but very powerful regulation regarding internet operations.
This reg, CAPR 110-1, lays out guidelines for member operations on the internet.  If not understood, they can cause grief to the member who violates it.  
Violations like, giving out personal information without permission is taboo.  
My advice for all members:  before you post anything of a CAP related nature, understand all of CAPR 110-1.  

[davidsinn]

I would take that is tails that are going to be involved in a specific operation should be safeguarded.

Makes sense.