Frequently Asked Questions

Generally, ships cannot disclose specific information on friendly force troop movement or size tactical deployments, and dispositions that would jeopardize OPSEC or lives. This would include unit designations and names of operations.

  • NAVSO P-5728.03 - September 2013

Information on any ongoing or future operations to include details of specific combat missions, bomb damage assessments, force movements, employment schedules, and current location of underway units (i.e. latitude and longitude) is considered confidential and can only be released to authorized individuals.


Contact your local information assurance manager and describe the suspected phishing event to them. Do not forward any phishing emails.

Service members who are assigned as an OPSEC program manager should attend the two-day OPSEC course offered by the Naval OPSEC Support Team. This course outlines all requirements for an OPSEC program and covers what program managers need to do to be successful. For information on the two-day OPSEC course visit:

OPSEC is a systematic and proved process by which the U.S. Government and its supporting contractors can deny to potential adversaries information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive Government activities. (National Security Decision Directive 298)

OPSEC is as a critical thinking process with five steps:

  • Identify critical information
  • Analyze threat
  • Analyze vulnerabilities
  • Assess risk
  • Apply Countermeasures

The U.S. Intelligence Community offers many resources to DOD personnel on threats. The DON’s primary sources of threat information are Naval Criminal Investigative Service and the Office of Naval Intelligence. Contact your local NCIS office for threat information pertaining to your command.

Critical information is different for everyone. Your critical information is that which you have determined is critical to the success of your mission at a given time and if it were to fall into the hands of an adversary, could be used to cause significant negative impacts to the accomplishment of your mission. Determining your critical information is vital to your success as an OPSEC practitioner.

There are two types of OPSEC assessments:

  • Internal OPSEC assessments must be conducted annually by the OPSEC program manager
  • External OPSEC assessments must be conducted once every three years by an outside entity (i.e. your ISIC or an OPSEC support element such as the NOST)