Operations Security or OPSEC is an analytical process used to deny or delay our adversaries of Sandia National Laboratories’ (Sandia) critical information. Using OPSEC enhances mission success. OPSEC is not just a program—it supplements  security disciplines.


  • Identifies vulnerabilities in programs and activities
  • Determines the risk associated with identified critical information
  • Where appropriate, provides OPSEC measures to protect information from inadvertent release or intentional disclosure
  • Assists leadership in making OPSEC risk-management-based decisions

The OPSEC Process

  • Determine critical information
  • Analyze the threat
  • Determine vulnerabilities
  • Analyze the risk
  • Develop and implement countermeasures
  • Assess Effectiveness

OPSEC Practices

  • Have an OPSEC Plan
  • Properly handle and destroy sensitive and critical unclassified information
  • Maintain situational awareness when conducting activities
  • Use the most secure means of communicating
  • Guard against unsolicited inquiries to obtain sensitive and/or critical information
  • When offsite, secure your badge and keep it out of sight
  • Don’t reveal sensitive and/or critical info on social networking sites and/or other apps
  • Avoid listing your workplace association on social networking sites
  • Observe the need-to-know principle
  • Be mindful of what applications you install
  • Be adversary aware, the threat is real

OPSEC Simplified

Three Steps: Think. Assess. Protect.

  • Think about the information you need to protect and the adversaries who want it
  • Assess the ways they can acquire the information and risk if it is lost
  • Protect the information by implementing appropriate OPSEC Measures