Welcome to the Sensitive Security Information (SSI) Web Based Training for Airport Operator Employees.
This training should take about 15 minutes to complete.
The MAA must handle Sensitive Security Information in a manner that complies with the Transportation Security Administration’s regulations.
It is important that all MAA employees, and other individuals who work within transportation security, understand how to handle SSI.
The procedures in this presentation are TSA requirements and best practices for covered persons to follow when handling SSI.
This presentation is organized to inform and explain:
1. What MAA means by SSI;
2. Who MAA considers SSI-covered employees;
3. Why it is important to properly handle SSI at MAA;
4. How SSI is to be protected, disseminated and destroyed;
5. Where is SSI to be stored for future reference;
6. When is SSI no longer considered SSI.
You will be presented with the presentation and then you will be asked a few questions to ensure retention.
By the end of this presentation, we want you to be able to:
Recognize SSI
Use the Protective Marking and Distribution Limitation Statement
Protect SSI
Share SSI
Package and Transmit SSI
Destroy SSI Properly
Introduction to Sensitive Security Information (SSI)
DefinitionSensitive Security Information is a category of information that requires protection because public disclosure would be detrimental to the security of transportation. SSI is considered Sensitive But Unclassified (SBU). SSI is used extensively by the government and private sectors. Civil penalties are assigned for unauthorized disclosure of SSI. Classified national security information is subject to more stringent handling requirements. Criminal penalties can be incurred for unauthorized release of classified national security information.
Introduction to Sensitive Security Information (SSI)
Access to SSI......is limited to
"covered persons" listed in 49 CFR 1520.7 with a
"need to know" as defined in 49 CFR 1520.11.
"Need to know" is limited to persons who carry out, supervise, or are in training for transportation security activities, if necessary, for the performance of their job.
Source: 49 CFR 1520.7 and 49 CFR 1520.11
Material
Material that would normally be recognized as SSI according to the regulation may no longer be considered SSI if it is readily available to the public through "open source" information.
Examples:
Statutes - Information released by TSA
Newspapers - Congressional or GAO Reports
Books & Magazines
Google
Trade Journals
Recognition of SSI
Using ReasonWhen analyzing information to identify SSI, ask:
"How might this information be detrimental to transportation security?"
SSI – Protective Marking and Distribution Limitation Statement
Any person who creates a record containing SSI shall include a protective marking and distribution limitation statement.
Even if there is only one sentence containing SSI in a 50-page document, the entire document must be marked accordingly.
All SSI documents shall contain the protective (header)
"Sensitive Security Information". This protective marking should be stamped or typed in plain style bold text.
SSI – Protective Marking and Distribution Limitation Statement
The distribution limitation statement (footer) informs the viewer that the record must be protected from unauthorized disclosure.
"WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a "need to know," as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520."

SSI – Protective Marking and Distribution Limitation Statement
What should I do if someone sends me a SSI document that is unmarked?
A person who receives an unmarked record containing SSI should apply the protective marking and distribution limitation statement, and inform the sender of the omission.

SSI – Protective Marking and Distribution Limitation Statement
Placement: Charts, Maps, and Drawings
Charts, maps, and drawings designated as SSI must have the appropriate protective marking and the distribution limitation statement affixed in a manner that is plainly visible.

SSI – Protective Marking and Distribution Limitation Statement
Placement: Electronic and Magnetic Media
SSI contained on electronic media and magnetic media must have the protective marking and the distribution limitation statement applied at the beginning and end of the electronic and magnetic text; on each side of the disk and the disk sleeve/jacket; on the non-optical side of the CD-ROM, DVD or other format disk; and on both sides of the CD-ROM, DVD or other format disk case.

SSI – Protective Marking and Distribution Limitation Statement
Transmittal Documents
Documents used to transmit SSI (like fax cover sheets,) but do not themselves contain SSI, must be marked with the protective marking and distribution limitation statement. The following statements must be affixed to the front page of the cover sheet:
"This facsimile is intended for the recipient only. If this is received by someone other than the intended recipient, the person receiving the message should immediately contact the sender for further instructions."
"The protective marking SENSITIVE SECURITY INFORMATION and/or the distribution limitation statement on this page are canceled when the attachments containing SSI are removed."

Who is responsible for protecting SSI?
Anyone possessing SSI is responsible for ensuring that the information and records containing SSI are protected at all times from disclosure to anyone who does not have a
"need to know."
What do I do when SSI is on the computer or desk and not under my direct physical control?
When SSI is not under your direct physical control, you must ensure that it is protected in such a way that it is not physically or visually accessible to persons who do not have a
"need to know."
Sharing of SSI
SSI may be shared with "covered persons" with a "need to know."
Covered Person:
A covered person is an individual or entity with transportation security or transportation security-related responsibilities. Covered persons include State employees, contractors, as well as stakeholders and industry partners.
Persons with a "Need to Know":
An individual or entity has a need to know SSI when they require access to that specific SSI to accomplish assigned transportation security or transportation security-related tasks, as determined by an authorized holder of SSI.
Authority to Share SSI
The authority to share SSI with any person or entity without a "need to know" is limited to the TSA Administrator.
Unauthorized Sharing of SSI
Every covered party has the responsibility to safeguard SSI according to the CFR and TSA policies. If you encounter SSI that has been inadvertently shared, immediately notify the Airport Security Division.
Packaging and Transmission of SSI
Physical Transmission of SSI
The non-electronic methods of transmitting SSI materials are:
- Mail – SSI may be transmitted by First class mail, regular parcel post, or by delivery services (Federal Express, UPS, or DHL).
- Interoffice mail – SSI must be transmitted in a sealed envelope to prevent inadvertent visual disclosure.
- Hand-carrying between buildings – SSI material carried by hand within or between buildings must be protected to prevent inadvertent visual disclosure.
SSI Transmission: E-Mail
SSI information transmitted by e-mail should be password protected. Passwords used must:
- Have eight character minimum length
- Have at least one letter capitalized
- Contain at least one number
SSI Transmission
Web Posting SSI is not authorized for posting on the internet, or on industry partner intranets, except for postings on secure sites specifically authorized by TSA.
Facsimile
The sender of faxed SSI must confirm that the fax number of the recipient is current and valid and the intended recipient can promptly retrieve the information.
Facsimiles sent to a controlled, secure area where unauthorized people cannot intercept the SSI material may be sent without requiring the recipient to be there.
Telephone
For SSI communicated via telephone, the caller must ensure that the person receiving the SSI is a "covered person" with a "need to know."
People transmitting SSI via telephone should avoid cellular or cordless phones.

Destruction of SSI
When copies of records containing SSI are no longer needed, they must be promptly and completely destroyed. The objective of destruction is to preclude recognition or reconstruction of the information.
The most common methods used to destroy SSI material include:
- SSI bins
- Cross-cut shredders
- Cutting or tearing into pieces that are no longer than 1/2 inch on a side
Now, let's see what you have learned about SSI...
Access to SSI is limited to?
Which of the following is the SSI protective marking?
What should you do if someone sends you a SSI document that is unmarked?
Fax cover sheets must contain which of the following statements?
What should you do when SSI is on a computer or desk that is not under your direct physical control?
SSI can be sent through first class mail without a protective marking and distribution limitation statement on the exterior of the envelope?