Decision of the High Representative of the Union for Foreign Affairs and Secu... (32023D0726(01))
INHALT
Decision of the High Representative of the Union for Foreign Affairs and Security Policy of 19 June 2023 on the security rules for the European External Action Service 2023/C 263/04
- DECISION OF THE HIGH REPRESENTATIVE OF THE UNION FOR FOREIGN AFFAIRS AND SECURITY POLICY
- of 19 June 2023
- on the security rules for the European External Action Service
- Article 1
- Purpose and scope
- Article 2
- Definitions
- Article 3
- Duty of care
- Article 4
- Physical and infrastructure security
- Article 5
- Alert states and crisis situations
- Article 6
- The protection of classified information
- Article 7
- Security incidents, emergencies and crisis response
- Article 8
- Security of communication and information systems
- Article 9
- Security breaches and compromise of classified information
- Article 10
- Investigation of security incidents, breaches and/or compromises and corrective actions
- Article 11
- Security risk management
- Article 12
- Security awareness and training
- Article 13
- Organisation of security in the EEAS
- Article 14
- CSDP Operations and EU Special Representatives
- Article 15
- The EEAS Security Committee
- Article 16
- Security inspections
- Article 17
- Assessment visits
- Article 18
- Business continuity planning
- Article 19
- Travel advice for missions outside the EU
- Article 20
- Health and Safety
- Article 21
- Implementation and review
- Article 22
- Replacement of previous decisions
- Article 23
- Final provisions
- ANNEX A
- PRINCIPLES AND STANDARDS FOR PROTECTING EUCI
- Article 1
- Purpose, scope and definitions
- Article 2
- Definition of EUCI, security classifications and markings
- Article 3
- Classification management
- Article 4
- Protection of classified information
- Article 5
- Personnel security for handling EU classified information
- Article 6
- Physical security of EU classified information
- Article 7
- Management of classified information
- Article 8
- Protection of EUCI handled in communication and information systems
- Article 9
- Industrial security
- Article 10
- Exchange of classified information with third States and International Organisations
- Article 11
- Breaches of security and compromise of classified information
- ANNEX A I
- PERSONNEL SECURITY
- I. INTRODUCTION
- II. AUTHORISING ACCESS TO EUCI
- PSC request procedures in the EEAS
- Records of PSCs
- Exemptions from the PSC requirement
- III. SECURITY EDUCATION AND AWARENESS
- IV. EXCEPTIONAL CIRCUMSTANCES
- V. ATTENDANCE AT MEETINGS IN THE EEAS HEADQUARTERS AND UNION DELEGATIONS.
- VI. POTENTIAL ACCESS TO EUCI
- ANNEX A II
- PHYSICAL SECURITY OF EU CLASSIFIED INFORMATION
- I. INTRODUCTION
- II PHYSICAL SECURITY REQUIREMENTS AND MEASURES
- III. EQUIPMENT FOR THE PHYSICAL PROTECTION OF EUCI
- IV. PHYSICALLY PROTECTED AREAS
- V. PHYSICAL PROTECTIVE MEASURES FOR HANDLING AND STORING EUCI
- VI. CONTROL OF KEYS AND COMBINATIONS USED FOR PROTECTING EUCI
- ANNEX A III
- MANAGEMENT OF CLASSIFIED INFORMATION
- I. INTRODUCTION
- II. CLASSIFICATION MANAGEMENT
- Classifications and markings
- CONFIDENTIEL UE/EU CONFIDENTIAL Without attachment(s) RESTREINT UE/EU RESTRICTED
- Markings
- Abbreviated classification markings
- Creation of EUCI
- Downgrading and declassification of EUCI
- III. REGISTRATION OF EUCI FOR SECURITY PURPOSES
- TRES SECRET UE/EU TOP SECRET registries
- IV. COPYING AND TRANSLATING EU CLASSIFIED DOCUMENTS
- V. CARRIAGE OF EUCI
- Within a building or self-contained group of buildings
- Within the EU
- From within the EU to the territory of a third State, or between EU entities in third States
- VI. DESTRUCTION OF EUCI
- VII. SECURITY INSPECTIONS
- EEAS security inspections
- Conduct of and reporting on EEAS security inspections
- Conduct of and reporting on security inspections in EU agencies and bodies established under Title V, Chapter 2 of the TEU
- EEAS security inspections checklist
- ANNEX A IV
- PROTECTION OF EUCI HANDLED IN CIS
- I. INTRODUCTION
- II. INFORMATION ASSURANCE PRINCIPLES
- Security risk management
- Security throughout the CIS-life cycle
- Best practice
- Defence in depth
- Principle of minimality and least privilege
- Information Assurance awareness
- Evaluation and approval of IT-security products
- Transmission within Secured Areas
- Secure interconnection of CIS
- Computer storage media
- Emergency circumstances
- III. INFORMATION ASSURANCE FUNCTIONS AND AUTHORITIES
- Information Assurance Authority (IAA)
- TEMPEST Authority
- Crypto Approval Authority (CAA)
- Crypto Distribution Authority (CDA)
- Security Accreditation Authority (SAA)
- Security Accreditation Board (SAB)
- Information Assurance Operational Authority
- ANNEX A V
- INDUSTRIAL SECURITY
- I. INTRODUCTION
- II. SECURITY ELEMENTS IN A CLASSIFIED CONTRACT
- Security classification guide (SCG)
- Security aspects letter (SAL)
- Programme/project security instructions (PSI)
- III. FACILITY SECURITY CLEARANCE (FSC)
- IV. Personnel Security Clearances (PSCs) for Contractors’ personnel
- V. CLASSIFIED CONTRACTS AND SUB-CONTRACTS
- VI. VISITS IN CONNECTION WITH CLASSIFIED CONTRACTS
- VII. TRANSMISSION AND CARRIAGE OF EUCI
- VIII. TRANSFER OF EUCI TO CONTRACTORS LOCATED IN THIRD STATES
- IX. HANDLING AND STORAGE OF INFORMATION CLASSIFIED RESTREINT UE/EU RESTRICTED
- ANNEX A VI
- EXCHANGE OF CLASSIFIED INFORMATION WITH THIRD STATES AND INTERNATIONAL ORGANISATIONS
- I. INTRODUCTION
- II. FRAMEWORKS GOVERNING THE EXCHANGE OF CLASSIFIED INFORMATION
- III ASSESSMENT VISITS
- IV. AUTHORITY TO RELEASE EUCI TO THIRD STATES OR INTERNATIONAL ORGANISATIONS
- V. EXCEPTIONAL AD HOC RELEASE OF EUCI
- Appendix A
- Definitions
- Appendix B
- Equivalence of security classifications
Feedback