Spillage of Classified Information

Spillage of classified information is a contamination of lower level systems with material of a higher classification.[1] Examples would include burning a CD with classified data from a SIPRNet machine and inserting it into a NIPRNet machine. The act of insertion is sufficient to be called a spillage even if the system may not have copied the files, since it is possible to have resided in memory (such as by a virus scan or stored in a swap file).

The formal definition by the US Government is found in[2] as: "Security incident that results in the transfer of classified or CUI information onto an information system not accredited (i.e., authorized) for the appropriate security level."

References

  1. CNSSI No. 1001 "National Instruction on Classified Information Spillage", February 2008
  2. CNSSI No. 4009 "National Information Assurance (IA) Glossary", Page 70, 26 April 2010