Department of the Air Force AFSPACECOM HOI 205-3
Headquarters Air Force Space Command
Peterson Air Force Base, Colorado 80914-5001 10 February 1989



This headquarters operating instruction (HOI) tells how to report, investigate,
and prepare written summaries of security incident inquiries. It applies to HQ
Air Force Space Command (AFSPACECOM).

1. References:

a. DOD 5200.1-R/AFR 205-1, Information Security Program.

b. AFP 205-11, Security Manager's Guide.

c. AFP 205-22, Conducting Preliminary Inquiries and Formal Investigations.

2. General. Protecting our nation's secrets is one of our top priorities.
When a security incident occurs, it must be determined if a compromise occurred.
Determine the damage to US interests and take proper measures to negate or mini-
mize the adverse effect of the compromise.

3. Procedures:

a. Reporting Security Incidents. Persons who learn of a security incident
must promptly report it to either their security manager or a higher authority
in their chain of command. The unit commander or agency chief verbally reports
the incident by the end of the first duty day to HQ AFSPACECOM/SPT. This
initial notification is followed up the next duty day by a staff summary sheet
(attachment 1) routed to the Chief, Security Police (SP). This staff summary
sheet gives a brief summary of the possible incident and requests an inquiry
officer be appointed.

b. Appointment of Inquiry Officer. The Chief of Staff has delegated the
responsibility of appointing the inquiry officer to the Chief of Security
Police. The Security Police staff determines which office should provide a dis-
interested inquiry officer. That office gives the name of the individual to the
Security Police staff which prepares the appointment letter. The appointed
inquiry officer contacts the Security Police (SP) and the Staff Judge Advocate
(JA) for briefings before conducting the inquiry. If COMSEC material is
involved, an additional briefing from the COMSEC Office (LKHC) is required.

c. Investigating the Incident. Use AFP 205-22 for "how to" guidance in
conducting an inquiry. The inquiry should determine if classified material was

Supersedes S HOI 205-3, 21 November 1986. (For summary of changes see page 3.)
No. of Printed Pages: 5
OPR: SPI (J. R. Smith)
Approved by: Col S. C. Mannell
Editor: P. S. Stricklin
Distribution: F

2 S HOI 205-3 10 February 1989

subjected to actual or possible compromise. If the possibility of compromise
exists, or the material was compromised, then the category of the security
incident and whether or not a formal investigation is required must be
determined. Cause factors and corrective recommendations are included in the
report. Recommendations for disciplinary action are not included. The cate-
gories of incidents (excluding COMSEC and SCI incidents) are:

(1) Compromise.

(2) Possible Compromise.

(3) Inadvertent Access.

(4) Security Deviation.

d. Submitting the Report. Prepare the report in the prescribed format
(attachment 2) and submit to SP within 5 duty days. The Security Police route
it through the concerned DCS or CSSE and JA for coordination. The DCS or CSSE
takes no administrative or disciplinary action until the Chief of Staff approves
the report.

(1) If there was no loss, compromise, possible compromise, inadvertent
access, or security deviation, the Security Police close the incident and file
the report.

(2) If loss, compromise, or possible compromise occurred or the inci-
dent is an inadvertent access or a security deviation, then administrative or
disciplinary action can be taken against the responsible person(s) and remedial
training accomplished.

(3) If loss, compromise, or possible compromise of classified material
occurred and there is no reasonable expectation of damage to national security,
then the inquiry report is sufficient for the Chief of Staff to close the inci-

(4) If the loss, compromise, or possible compromise of classified could
be expected to damage national security or the probability of damage to national
security cannot be discounted, then a formal investigation normally is required.

a. Formal Investigations and Damage Assessments. If the inquiry officer
cannot rule out the possibility of damage to national security, then:

(1) An official from the office responsible for the security incident
immediately notifies the original classification authority for the material to
obtain a damage assessment. Once this assessment is received, forward it to SP
to be filed with the inquiry report.

(2) If no additional substantive information can be obtained through a
formal investigation, the Chief of Staff closes the incident without further
inquiry or investigation.

(3) If further investigation is warranted, the Chief of Staff appoints
an investigative official.

S HOT 205-3 10 February 1989 3

(4) An AFOSI report cannot be substituted for the investigation
required by this HOI. However, it may be used as an exhibit attached to the
report. Prior approval is necessary from AFOSI before attaching their report.

(5) The Security Police notify other agencies according to AFR 205-1,
table 6-1 (Added) (AF).

f. Incidents Involving COMSEC Material. Once it is determined COMSEC mate-
rial is involved, notify the COMSEC office. Upon completion of the appointed
official's inquiry and review by the concerned DCS or CSSE, the Security Police
close the inquiry and forward the findings to the COMSEC custodian. The COMSEC
custodian notifies the necessary agencies.

g. Incidents Involving Sensitive Compartmented Information (SCI). Once it
is determined SCI material is involved, notify the Special Security Officer
(SSO). The SSO or SSO staff members investigate all SCI security incidents.
The Special Security Officer notifies the necessary agencies in SCI chan-
nels. The appointed official completes his or her portion of the inquiry, and
forwards it to the concerned DCS or CSSE for review. If the Special Security
Officer takes over the entire inquiry, the Security Police close the inquiry and
forward the findings to the Special Security Officer. If non-SCI material is
involved with SCI material, the appointed official completes his or her inquiry
on the non-SCI material and follows the procedures outlined in d above.

Lieutenant General, USAF

G. A. STANSELL 2 Attachments
Colonel, USAF 1. Sample Staff Summary Sheet
Director of Information Management 2. Sample Security Inquiry Report

Updates policy and procedures for processing security incident inquiries. Adds
additional procedures for possible security incidents involving COMSEC and SCI

S HOI 205-3 Attachment 2 10 February 1989 5



ATTN OF (Office Symbol and Telephone Number of Inquiry Officer) (Date)

SUBJECT Security Inquiry Report A8X-XX


1. AUTHORITY FOR INQUIRY: (Cite letter of appointment and DOD 5200.lR/AFR
205-1, paragraph 6-103).

2. FACT(S): (Give unclassified title, classification, date, OPR, number of
copies, and any special access requirements of the document(s) involved).

3. DOCUMENT(S) DESCRIPTION: (Give unclassified title, classification, date,
OPR, number of copies, and any special access requirements of the document(s)

4. PERSONNEL INTERVIEWED: (Give name, rank, duty title, and office symbol).

S. DISCUSSION; (State what the testimony and observations of the inquiry
officer revealed).

6. CAUSE FACTORS: (state why the security incident happened in terms which
allow application of corrective action).

7. CONCLUSION: (Determine whether a compromise of classified information did
or did not occur, and whether the compromise could be expected to cause damage
to national security. State the category of security incident - compromise,
possible compromise, inadvertent access, or security deviation - and rationale).

Signature Block 1 Arch
Letter of Appointment and any
supporting documentation necessary
to clarify report.