Security Incidents occur when there is a known or suspected loss, compromise, or mishandling of Classified National Security Information (CNSI) or controlled unclassified information (CUI). Information Security personnel conduct Security Incident Inquiries (SIIs) to determine the circumstances surrounding an actual, or potential, compromise of CNSI or CUI to determine individual responsibility, notifying outside stakeholders when necessary, and making recommendations to prevent similar occurrences going forward. SIIs are often conducted in partnership with the Personnel Security Division regarding suspension of an individual’s clearance and CNSI access and with Human Resources if such an action would affect an individual’s ability to remain in their current position or regarding individuals who hold positions of trust who are suspected of mishandling or losing CUI.

Security Incidents and Violations

The loss, compromise, and mishandling of CNSI presents a threat to national security. Once a loss, compromise, or mishandling has occurred, the damage to the U.S. national security interests must be determined and appropriate measures taken to negate or minimize the adverse effect. In all cases, appropriate action must be taken to identify the source of the loss, compromise, or mishandling, determine the reason, and identify and take corrective action necessary to ensure further loss, compromise, or mishandling of CNSI does not occur. 

Any person who has knowledge of or suspects there has been a loss, compromise, or mishandling of CNSI in any form or any person who discovers NSI outside of required controls shall take the following steps: 

1. If applicable, take immediate custody of such information and safeguard it in an appropriate manner. This responsibility includes protecting CNSI that is discovered improperly safeguarded or unsecured. 
2. Immediately notify your supervisor and the Field Security Servicing Officer (FSSO).
3. Complete part one of National Security Information Incident Report and submit to the FSSO. The FSSO completes Part 2 and submits to the Department Security Incidents Program Manager within the Information Security Division at [email protected].
4. If the incident involves any spill of CNSI on an unclassified or classified system (email, computer, copier, laptop, etc.), notify the Enterprise Security Operations Center (ESOC) at (202) 482-4000 or [email protected] upon discovery or knowledge of the incident. The ESOC is open 24 hours a day, 7 days a week, 365 days a year.