Was talking with somebody (DoD contractor) and they mentioned something about how their facility requires red/black clearances in addition to DoD clearance. What does this mean?
May be the CAC/PIV card color. Some are red-bordered, others blue, white, yellow, etc.
2 Likes
This could also be something internal . . . Perhaps they have two contracts where “need to know” doesn’t cross boundaries and the “red” project employees don’t have access to “black” project areas?
Of course . . . I’m just guessing . . .
2 Likes
I used to work at a place where the level of clearance was indicated by a colored stripe on the badge. One time there was a security inspection and they asked someone what level of clearance they had. They promptly responded, “Red!”
PS That was not the correct answer 
4 Likes
I was thinking the same. Like how IC folks use blue cards.
What are the blue cards? Just another version of a PIV card or something?
Red/Black security may be the concept from cryptography discussed here: https://en.wikipedia.org/wiki/Red/black_concept where red is internal information and black is publicly accessible information. Presumably Red/Black means you would know both what the public is told (black) and the unpublished internal information (red).
Just to be clear, when they talk about “red” and “black” they are talking about unencrypted data and encrypted data… plain text and encrypted text.
So the red data may look like this: “This is what red data looks like”
And once it is encrypted, it may look like this: “94e9ba96c48f0824f26a”
The encrypted data can then safely be transmitted over any available means, and then be decrypted again when it gets to its destination.
Sure it’s a stretch, but it felt more useful than anecdotes from unrelated workplace experiences or speculation about card colors. A lot of cryptographic concepts either give names to or are rooted in real-world security policies.