Limit Access to Computer Media. The computer area should be designated as restricted to provide greater
control of assets. A master list of computer media must be maintained if the media are classified. Top Secret and
Secret materials must be inventoried at prescribed intervals. Approved users must have access on a need-to-know
basis only. All others are refused access, and even approved users are admitted only to the areas where they
work. This keeps one individual from adversely affecting the whole system. Barriers (such as escorts,
receptionists, locked doors, counters, access rosters, and sign-in/sign-out logs for people and for computer media
should be used to restrict access to the computer media.
Computer components (media), as well as the computers themselves, are vulnerable. Computer input is often
stored on magnetic tapes, disks, or other media. Since they are easily portable, these media are especially subject
to tampering, theft, or destruction. Media containing classified information must be protected by marking.
Punched Cards. When 25 or fewer cards are classified, each card must be marked on the front and back with
the appropriate classification. When a large number of cards are classified, the appropriate classification marking
must be placed on the first and last cards of the deck, or on header and trailer cards. Cards removed from the deck
are individually marked as needed.
Magnetic Tapes and Disk Packs. These items are marked externally with labels. They may be marked
internally with a notation indicating the classification.
Punched "Paper" Tape. Rolls must be marked externally with labels. If not on rolls, mark the tape at the
beginning and the end on a readily observable portion.
Media Impossible to Mark. When the medium itself cannot be marked, the container in which it is stored
must be marked.
Classified GMLR, or other classified items, must be segregated from unclassified items stored in the same
facility, when possible. Strict access and accountability control procedures must be established by the
commander. See AR 190-11, paragraph 5-9, for the two-person rule for access to category I missiles and rockets.
Personnel whose duties require access to such storage facilities must have a security clearance commensurate with
the classification of the items involved. Commanders must establish appropriate lock and key control procedures
to preclude defeat of the two-person rule. MACOMs may exempt the two-person rule requirement without
instituting formal exemption provisions. Examples of valid exemptions include contingency operations and other
When conditions warrant, commanders of Army installations may designate restricted areas in writing to protect
classified defense information or to safeguard property or materials for which they are responsible.
Tenant units and activities on the installation must request the authority of the installation commander to
designate restricted areas. The designation of restricted areas for Army activities not on an installation is done
under the authority of the activity commander or officer in charge. When required, adequate physical safeguards
are installed to deter unauthorized persons from entering the restricted area.
Commanders designating or terminating restricted areas to meet the requirements of AR 380-40; AR 380-19,
Information Systems Security, dated 1 August 1990; AR 381-14,