Spillage of Classified Information
Spillage of classified information is a contamination of lower level systems with material of a higher classification.[1] Examples would include burning a CD with classified data from a SIPRNet machine and inserting it into a NIPRNet machine. The act of insertion is sufficient to be called a spillage even if the system may not have copied the files, since it is possible to have resided in memory (such as by a virus scan or stored in a swap file).
The formal definition by the US Government is found in[2] as: "Security incident that results in the transfer of classified or CUI information onto an information system not accredited (i.e., authorized) for the appropriate security level."
References
- ↑ CNSSI No. 1001 "National Instruction on Classified Information Spillage", February 2008
- ↑ CNSSI No. 4009 "National Information Assurance (IA) Glossary", Page 70, 26 April 2010