National Industrial Security Program Operating Manual
by DOD
National Industrial Security Program Operating Manual (NISPOM)
FOREWORD
On behalf of the Secretary of Defense as Executive Agent, pursuant
to Executive Order 12829, "National Industrial Security Program"
(NISP), and with the concurrence of the Secretary of Energy, the
Chairman of the Nuclear Regulatory Commission, and the Director
of Central Intelligence, I am pleased to promulgate the inaugural
edition of the NISP Operating Manual (NISPOM). The NISPOM
was developed in close coordination with industry and it represents
a concerted effort on behalf of hundreds of individuals throughout
the Executive Branch and industry.
I believe the NISPOM represents the beginning of a new industrial
security process which is based on sound threat analysis and risk
management practices and which establishes consistent security
policies and practices throughout the government. I also believe it
creates a new government and industry partnership which
empowers industry to more directly manage its own administrative
security controls.
The President has recently created a Security Policy Board to
ensure the protection of our nation's sensitive information and
technologies within the framework of a more simplified, uniform
and cost effective security system. The Security Policy Board and
the Executive Agent will continue the process of consultation with
industry on the NISPOM to make further improvements, especially
in the complex and changing areas of automated information
systems security and physical security.
All who use the NISPOM should ensure that it is implemented so
as to achieve the goals of eliminating unnecessary costs while
protecting vital information and technologies. Users of the
NISPOM are encouraged to submit recommended changes through
their Cognizant Security Agency to the Executive Agent's
designated representative at the following address:
Department of Defens
Assistant Secretary of Defense for
Command, Control, Communications and Intelligence
ATTN: DASD(I&S)/CI&SP, Room 3E160
6000 Defense Pentagon
Washington, D.C. 20301-6000
The NISPOM replaces the Department of Defense Industrial
Security Manual for Safeguarding Classified Information, dated
January 1991.
John M. Deutch Deputy Secretary of Defense
CHAPTER 1. GENERAL PROVISIONS AND REQUIREMENTS
Section 1. Introduction 1-1-1
Section 2. General Requirements 1-2-1
Section 3. Reporting Requirements 1-3-1
CHAPTER 2. SECURITY CLEARANCES
Section 1. Facility Clearances 2-1-1
Section 2. Personnel Clearances 2-2-1
Section 3. Foreign Ownership, Control, or Influence (FOCI) 2-3-1
CHAPTER 3. SECURITY TRAINING AND BRIEFINGS
Section 1. Security Training and Briefings 3-1-1
CHAPTER 4. CLASSIFICATION AND MARKING
Section 1. Classification 4-1-1
Section 2. Marking Requirements 4-2-1
CHAPTER 5. SAFEGUARDING CLASSIFIED INFORMATION
Section 1. General Safeguarding Requirements 5-1-1
Section 2. Control and Accountability 5-2-1
Section 3. Storage and Storage Equipment 5-3-1
Section 4. Transmission 5-4-1
Section 5. Disclosure 5-5-1
Section 6. Reproduction 5-6-1
Section 7. Disposition and Retention 5-7-1
Section 8. Construction Requirements 5-8-1
Section 9. Intrusion Detection Systems 5-9-1
CHAPTER 6. VISITS and MEETINGS
Section 1. Visits 6-1-1
Section 2. Meetings 6-2-1
CHAPTER 7. SUBCONTRACTING
Section 1. Prime Contractor Responsibilities 7-1-1
CHAPTER 8. AUTOMATED INFORMATION SYSTEM
SECURITY
Section 1. Responsibilities 8-1-1
Section 2. Accreditation and Security Modes 8-2-1
Section 3. Controls and Maintenance 8-3-1
Section 4. Networks 8-4-1
CHAPTER 9. SPECIAL REQUIREMENTS
Section 1. Restricted Data and Formerly Restricted Data 9-1-1
Section 2. DoD Critical Nuclear Weapon Design Information 9-2-1
Section 3. Intelligence Information 9-3-1
CHAPTER 10. INTERNATIONAL SECURITY
REQUIREMENTS
Section 1. General and Background Information 10-1-1
Section 2. Disclosure of U.S. Information to Foreign Interests 10-2-
1
Section 3. Foreign Government Information 10-3-1
Section 4. International Transfers 10-4-1
Section 5. International Visits and Control of Foreign Nationals
10-5-1
Section 6. Contractor Operations Abroad 10-6-1
Section 7. NATO Information Security Requirements 10-7-1
CHAPTER 11. MISCELLANEOUS INFORMATION
Section 1. TEMPEST 11-1-1
Section 2. Defense Technical Information Center 11-2-1
Section 3. Independent Research and Development 11-3-1
APPENDICES
Appendix A. Organizational Elements for Industrial Security A-1
Appendix B. Foreign Marking Equivalents B-1
Appendix C. Definitions C-1
SUPPLEMENTS TO THE NISPOM
Document
NISPOM Supplement TBD
Chapter 1.
General Provisions And Requirements
Section 1. Introduction
1-100. Purpose.
This Manual is issued in accordance with the National Industrial
Security Program (NISP). The Manual prescribes requirements,
restrictions, and other safeguards that are necessary to prevent
unauthorized disclosure of classified information and to control
authorized disclosure of classified information released by U.S.
Government Executive Branch Departments and Agencies to their
contractors. The Manual also prescribes requirements, restrictions,
and other safeguards that are necessary to protect special classes of
classified information, including Restricted Data, Formerly
Restricted Data, intelligence sources and methods information,
Sensitive Compartmented Information, and Special Access Program
information. These procedures are applicablto licensees, grantees,
and certificate holders to the extent legally and practically possible
within the constraints of applicable law and the Code of Federal
Regulations. 1-101. Authority.
a. The NISP was established by Executive Order 12829, 6 January
1993, "National Industrial Security Program" for the protection of
information classified pursuant to Executive Order 12356, April 2,
1982, "National Security Information," or its successor or
predecessor orders, and the Atomic Energy Act of 1954, as
amended. The National Security Council is responsible for
providing overall policy direction for the NISP. The Secretary of
Defense has been designated Executive Agent for the NISP by the
President. The Director, Information Security Oversight Office
(ISOO) is responsible for implementing and monitoring the NISP
and for issuing implementing directives that shall be binding on
agencies.
b. The Secretary of Defense, in consultation with all affected
agencies and with the concurrence of the Secretary of Energy, the
Chairman of the Nuclear Regulatory Commission and the Director
of Central Intelligence is responsible for issuance and maintenance
of this Manual. The Secretary of Energy and the Nuclear
Regulatory Commission shall prescribe that portion of the Manual
that pertains to information classified under the Atomic Energy Act
of 1954, as amended. The Director of Central Intelligence shall
prescribe that portion of the Manual that pertains to intelligence
sources and methods, including Sensitive Compartmented
Information. The Director of Central Intelligence retains authority
over access to intelligence sources and methods, including
Sensitive Compartmented Information. The Director of Central
Intelligence may inspect and monitor contractor, licensee, and
grantee programs and facilities that involve access to such
information. The Secretary of Energy and the Nuclear Regulatory
Commission retain authority over access to information under their
respective programs classified under the Atomic Energy Act of
1954, as amended. The Secretary or the Commission may inspect
and monitor contractor, licensee, grantee, and certificate holder
programs and facilities that involve access to such information.
c. The Secretary of Defense serves as Executive Agent for
inspecting and monitoring contractors, licensees, grantees, and
certificate holders who require or will require access to, or who
store or will store classified information; and for determining the
eligibility for access to classified information of contractors,
licensees, certificate holders, and grantees and their respective
employees. The Heads of agencies shall enter into agreements with
the Secretary of Defense that establish the terms of the Secretary's
responsibilities on their behalf.
d. The Director, ISOO, will consider and take action on complaints
and suggestions from persons within or outside the Government
with respect to the administration of the NISP.
e. Nothing in this Manual shall be construed to supersede the
authority of the Secretary of Energy or the Chairman of the Nuclear
Regulatory Commission under the Atomic Energy Act of 1954, as
amended; or detract from the authority of installation Commanders
under the Internal Security Act of 1950; the authority of the
Director of Central Intelligence under the National Security Act of
1947, as amended, or Executive Order No. 12333 of December 8,
1981; or the authority of any other federal department or agency
Head granted pursuant to U.S. statute or Presidential decree.
1-102. Scope.
a. The NISP applies to all executive branch departments and
agencies and to all cleared contractor facilities located within the
United States, its Trust Territories and Possessions.
b. This Manual applies to and shall be used by contractors to
safeguard classified information released during all phases of the
contracting, licensing, and grant process, including bidding,
negotiation, award, performance, and termination. This Manual
also applies to classified information not released under a contract,
license, certificate or grant, and to foreign government information
furnished to contractors that requires protection in the interest of
national security. The Manual implements applicable Federal
Statutes, Executive orders, National Directives, international
treaties, and certain government-to- government agreements.
c. If a contractor determines that implementation of any provision
of this Manual is more costly than provisions imposed under
previous U.S. Government policies, standards or requirements, the
contractor shall notify the Cognizant Security Agency (CSA). The
notification shall indicate the prior policy, standard or requirement
and explain how the NISPOM requirement is more costly to
implement. Contractors shall, however, implement any such
provision within three years from the date of this Manual, unless a
written exception is granted by the CSA. When implementation is
determined to be cost neutral, or where cost savings or cost
avoidance can be achieved, implementation by contractors shall be
effected no later than 6 months from the date of this Manual.
d. This Manual does not contain protection requirements for
Special Nuclear Material.
1-103. Agency Agreements.
a. E.O.12829 requires the heads of agencies to enter into
agreements with the Secretary of Defense that establish the terms of
the Secretary's responsibilities on behalf of these agency heads.
b. The Secretary of Defense has entered into agreements with the
departments and agencies listed below for the purpose of rendering
industrial security services. This delegation of authority is
contained in an exchange of letters between the Secretary of
Defense and: (1) The Administrator, National Aeronautics and
Space Administration (NASA); (2) The Secretary of Commerce; (3)
The Administrator, General Services Administration (GSA); (4)
The Secretary of State; (5) The Administrator, Small Business
Administration (SBA); (6) The Director, National Science
Foundation (NSF); (7) The Secretary of the Treasury; (8) The
Secretary of Transportation; (9) The Secretary of the Interior; (10)
The Secretary of Agriculture; (11) The Director, United States
Information Agency (USIA); (12) The Secretary of Labor; (13) The
Administrator, Environmental Protection Agency (EPA); (14) The
Attorney General, Department of Justice; (15) The Director, U.S.
Arms Control and Disarmament Agency (ACDA); (16) The
Director, Federal Emergency Management Agency (FEMA); (17)
The Chairman, Board of Governors, Federal Reserve System
(FRS); (18) The Comptroller General of the United States, General
Accounting Office (GAO); (19) The Director of Administrative
Services, United States Trade Representative (USTR); and (20) The
Director of Administration, United States International Trade
Commission (USITC). NOTE: Appropriate interagency agreements
have not yet been effected with the Department of Defense by the
Department of Energy, the Nuclear Regulatory Commission and the
Central Intelligence Agency.
1-104. Security Cognizance.
a. Consistent with 1-101e, above, security cognizance remains with
each federal department or agency unless lawfully delegated. The
term "Cognizant Security Agency" (CSA) denotes the Department
of Defense (DoD), the Department of Energy, the Nuclear
Regulatory Commission, and the Central Intelligence Agency. The
Secretary of Defense, the Secretary of Energy, the Director of
Central Intelligence and the Chairman, Nuclear Regulatory
Commission may delegate any aspect of security administration
regarding classified activities and contracts under their purview
within the CSA or to another CSA. Responsibility for security
administration may be further delegated by a CSA to one or more
"Cognizant Security Offices (CSO)." It is the obligation of each
CSA to inform industry of the applicable CSO.
b. The designation of a CSO does not relieve any Government
Contracting Activity (GCA) of the responsibility to protect and
safeguard the classified information necessary for its classified
contracts, or from visiting the contractor to review the security
aspects of such contracts.
c. Nothing in this Manual affects the authority of the Head of an
Agency to limit, deny, or revoke access to classified information
under its statutory, regulatory, or contract jurisdiction if that
Agency Head determines that the security of the nation so requires.
The term "agency head" has the meaning provided in 5 U.S.C.
552(f).
1-105. Composition of Manual.
This Manual is comprised of a "baseline" portion (Chapters 1
through 11). That portion of the Manual that prescribes
requirements, restrictions, and safeguards that exceed the baseline
standards, such as those necessary to protect special classes of
information, are included in the NISPOM Supplement
(NISPOMSUP). Until officially revised or canceled, the existing
COMSEC, Carrier, and Marking Supplements to the former
"Industrial Security Manual for Safeguarding Classified
Information" will continue to be applicable to DoD-cleared
facilities only.
1-106. Manual Interpretations.
All contractor re-quests for interpretations of this Manual shall be
forwarded to the Cognizant Security Agency (CSA) through its
designated Cognizant Security Office (CSO). Requests for
interpretation by contractors located on any U.S. Government
installation shall be forwarded to the CSA through the Commander
or Head of the host installation. Requests for interpretation of
DCIDs referenced in the NISPOM Supplement shall be forwarded
to the DCI through approved channels.
1-107. Waivers and Exceptions to this Manual.
Requests shall be submitted by industry through government
channels approved by the CSA. When submitting a request for
waiver, the contractor shall specify, in writing, the reasons why it is
impractical or unreasonable to comply with the requirement.
Waivers and exceptions will not be granted to impose more
stringent protection requirements than this Manual provides for
CONFIDENTIAL, SECRET, or TOP SECRET information.
Section 2. General Requirements
1-200. General.
Contractors shall protect all classified information to which they
have access or custody. A contractor performing work within the
confines of a Federal installation shall safeguard classified
information in accordance with provisions of this Manual and/or
with the procedures of the host installation or agency.
1-201. Facility Security Officer (FSO).
The contractor shall appoint a U.S. citizen employee, who is
cleared as part of the facility clearance (FCL), to be the FSO. The
FSO will supervise and direct security measures necessary for
implementing this Manual and related Federal requirements for
classified information. The FSO, or those otherwise performing
security duties, shall complete security training as specified in
Chapter 3 and as deemed appropriate by the CSA.
1-202. Standard Practice Procedures.
The contractor shall implement all terms of this Manual applicable
to each of its cleared facilities. Written procedures shall be
prepared when the FSO believes them to be necessary for effective
implementation of this Manual or when the cognizant security
office (CSO) determines them to be necessary to reasonably
foreclose the possibility of loss or compromise of classified
information.
1-203. One-Person Facilities.
A facility at which only one person is assigned shall establish
procedures for CSA notification after death or incapacitation of
that person. The current combination of the facility's security
container shall be provided to the CSA, or in the case of a multiple
facility organization, to the home office.
1-204. Cooperation with Federal Agencies.
Contractors shall cooperate with Federal agencies during official
inspections, investigations concerning the protection of classified
information, and during the conduct of personnel security
investigations of present or former employees and others. This
includes providing suitable arrangements within the facility for
conducting private interviews with employees during normal
working hours, providing relevant employment and security records
for review, when requested, and rendering other necessary
assistance.
1-205. Agreements with Foreign Interests.
Contractors shall establish procedures to ensure compliance with
governing export control laws before executing any agreement with
a foreign interest that involves access to U.S. classified information
by a foreign national. Contractors must also comply with the
foreign ownership, control or influence requirements in this
Manual. Prior to the execution of such agreements, review and
approval are required by the State Department and release of the
classified information must be approved by the U.S. Government.
Failure to comply with Federal licensing requirements may render a
contractor ineligible for a facility clearance.
1-206. Security Training and Briefings.
Contractors are responsible for advising all cleared employees,
including those outside the United States, of their individual
responsibility for safeguarding classified information. In this
regard, contractors shall provide security training as appropriate,
and in accordance with Chapter 3, to cleared employees by initial
briefings, refresher briefings, and debriefings.
1-207. Security Reviews.
a. Government Reviews. Aperiodic security reviews of all cleared
contractor facilities will be conducted to ensure that safeguards
employed by contractors are adequate for the protection of
classified information.
(1) Review Cycle. The CSA will determine the frequency of
security reviews, which may be increased or decreased for sufficient
reason, consistent with risk management principals. Security
reviews may be conducted no more often than once every 12
months unless special circumstances exist.
(2) Procedures. Contractors will normally be provided notice of a
forthcoming review. Unannounced reviews may be conducted at the
discretion of the CSA. Security reviews necessarily subject all
contractor employees and all areas and receptacles under the
control of the contractor to examination. However, every effort will
be made to avoidunnecessary intrusion into the personal effects of
contractor personnel. The physical examination of the interior
space of equipment not authorized to secure classified material will
always be accomplished in the presence of a representative of the
contractor.
(3) Reciprocity. Each CSA is responsible for ensuring that
redundant and duplicative security review, and audit activity of its
contractors is held to a minimum, including such activity conducted
at common facilities by other CSA's. Appropriate intra and/or inter-
agency agreements shall be executed to fulfill this cost-sensitive
imperative. Instances of redundant and duplicative security review
and audit activity shall be reported to the Director, Information
Security Oversight Office (ISOO) for resolution.
b. Contractor Reviews. Contractors shall review their security
system on a continuing basis and shall also conduct a formal self-
inspection at intervals consistent with risk management principals.
1-208. Hotlines.
Federal agencies maintain hotlines to provide an unconstrained
avenue for government and contractor employees to report, without
fear of reprisal, known or suspected instances of serious security
irregularities and infractions concerning contracts, programs, or
projects. These hotlines do not supplant contractor responsibility to
facilitate reporting and timely investigation of security matters
concerning its operations or personnel, and contractor personnel
are encouraged to furnish information through established company
channels. However, the hotline may be used as an alternate means
to report this type of information when considered prudent or
necessary. Contractors shall inform all employees that the hotlines
may be used, if necessary, for reporting matters of national security
significance. CSA hotline addresses and telephone numbers are as
follows:
Defense Hotline
The Pentagon
Washington, DC 20301-1900
(800) 424-9098
(703) 693-5080
NRC Hotline
U.S. Nuclear Regulatory Commission
Office of the Inspector General
Mail StopTSD 28
Washington, D.C. 20555-0001
(800) 233-3497
CIA Hotline
Office of the Inspector General
Central Intelligence Agency
Washington, D.C. 20505
(703) 874-2600
DOE Hotline
Department of Energy
Office of the Inspector General
1000 Independence Avenue, S.W.
Room 5A235
Washington, D.C. 20585
(202) 586-4073
(800) 541-1625
1-209. Classified Information Procedures Act (CIPA). (P.L. 96-
456, 94 STAT. 2025) The provisions of this Manual do not apply
to proceedings in criminal cases involving classified information,
and appeals therefrom, before the United States District Courts, the
Courts of Appeal, and the Supreme Court. Contractors and their
employees are not authorized to afford defendants, or persons
acting for the defendant, regardless of their personnel security
clearance status, access to classified information except as
otherwise authorized by a protective order issued pursuant to the
CIPA.
SECTION 3. REPORTING REQUIREMENTS
1-300. General
Contractors are required to report certain events that have an impact
on the status of the facility clearance (FCL), that impact on the
status of an employee's personnel clearance (PCL), that affect
proper safegarding of classified information, or that indicate
classified information has been lost or compromised. Contractors
shall establish such internal procedures as are necessary to ensure
that cleared employees are aware of their responsibilities for
reporting pertinent information to the FSO, the Federal Bureau of
Investigation (FBI), or other Federal authorities as required by this
Manual, the terms of a classified contract, and U.S. law.
Contractors shall provide complete information to enable the CSA
to ascertain whether classified information is adequately protected.
Contractors shall submit reports to the FBI, and to their CSA, as
specified in this Section.
a. When the reports are classified or offered in confidence and so
marked by the contractor, the information will be reviewed by the
CSA to determine whether it may be withheld from public
disclosure under applicable exemptions of the Freedom of
Information Act (5 U.S.C. 552).
b. When the reports are unclassified and contain information
pertaining to an individual, the Privacy Act of 1974 (5 U.S.C.
552a) permits withholding of that infomation from the individual
only to the extent that the disclosure of the information would
reveal the identity of a source who furnished the information to the
U.S. Government under an expressed promise that the identity of
the source would be held in confidence. The fact that a report is
submitted in confidence must be clearly marked on the report.
1-301 Reports to be Submitted to the FBI.
The contractor shall promptly submit a written report to the nearest
field office of the FBI, regarding information coming to the
contractor's attention concerning actual, probable or possible
espionage, or subversive activities at any of its locations. An initial
report may be made by phone, but it must be followed in writing,
regardless of the disposition made of the report by the FBI. A copy
of the written report shall be provided to the CSA.
1-302 Reports to be Submitted to the CSA.
a. Adverse Information. Contractors shall report adverse
information coming to their attention concerning any of their
cleared employees. Reports based on rumor or innuendo should not
be made. The subsequent termination of employment of an
employee does not obviate the requirement to submit this report.
The report shall include the name and telephone number of the
individual to contact for further information regarding the matter
and the signature, typed name and title of the individual submitting
the report. If the individual is employed on a Federal installation, a
copy of the report and its final disposition shall be furnished by the
contractor to the Commander or Head of the installation. NOTE: In
two court cases, Becker vs. Philco and Taglia vs. Philco (389 U.S.
979), the U.S. Court of Appeals for the 4th Circuit decided on
February 6, 1967, that a contractor is not liable for defamation of
an employee because of reports made to the Government pursuant
to the requirements of this Manual.
b. Suspicious Contacts. Contractors shall report efforts by any
individual, regardless of nationality, to obtain illegal or
unauthorized access to classified information or to compromise a
cleared employee. In addition, all contacts by cleared employees
with known or suspected intelligence officers from any country, or
any contact which suggests the employee concerned may be the
target of an attempted exploitation by the intelligence services of
another country shall be reported.
c. Change in Cleared Employee Status. Contractors shall report (1)
The death; (2) A change in name; (3) The termination of
employment; (4) Change in marital status; (5) Change in
citizenship; and (6) When the possibility of access to classified
information in the future has been reasonably foreclosed. Such
changes shall be reported by submission of a CSA designated form.
d. Representative of a Foreign Interest. Any cleared employee, who
becomes a representative of a foreign interest (RFI) or whose status
as an RFI is materially changed.
e. Citizenship by Naturalization. A. non-U.S. citizen granted a
Limited Access Authorization (LAA) who becomes a citizen
through naturalization. Submission of this report shall be made on
a CSA designated form, and include the (1) city, county, and state
where naturalized; (2) date naturalized; (3) court; and (4) certificate
number.
f. Employees Desiring Not to Perform on Classified Work.
Evidence that an employee no longer wishes to be processed for a
clearance or to continue an existing clearance.
g. Standard Form (SF) 312. Refusal by an employee to execute the
"Classified Information Nondisclosure Agreement" (SF 312).
h. Change Conditions Affecting the Facility Clearance.
(1) Any change of ownership, including stock transfers that effect
control of the company.
(2) Any change of operating name or address of the company or any
of its cleared locations.
(3) Any change to the information previously submitted for key
management personnel including, as appropriate, the names of the
individuals they are replacing. In addition, a statement shall be
made indicating: (a) Whether the new key management personnel
are cleared, and if so, to what level and when, their dates and places
of birth, social security numbers, and their citizenship; (b) Whether
they have been excluded from access; or © Whether they have
been temporarily excluded from access pending the granting of
their clearance. A new complete listing of key management
personnel need only be submitted at the discretion of the contractor
and/or when requested in writing by the CSA.
(4) Action to terminate business or operations for any reason,
imminent adjudication or reorganization in bankruptcy, or any
change that might affect the validity of the FCL.
(5) Any material change concerning the information previously
reported by the contractor concerning foreign ownership, control or
influence (FOCI). This report shall be made by the submission of a
CSA- designated form. When submitting this form, it is not
necessary to repeat answers that have not changed. When entering
into discussions, consultations or agreements that may reasonably
lead to effective ownership or control by a foreign interest, the
contractor shall report the details by letter. If the contractor has
received a Schedule 13D from the investor, a copy shall be
forwarded with the report. A new CSA-designated form regarding
FOCI shall also be executed every 5 years.
i. Changes in Storage Capability. Any change in the storage
capability that would raise or lower the level of classified
information the facility is approved to safeguard.
j. Inability to Safeguard Classified Material. Any emergency
situation that renders the facility incapable of safeguarding
classified material.
k. Security Equipment Vulnerabilities. Significant vulnerabilities
identified in security equipment, intrusion detection systems (IDS),
access control systems, communications security (COMSEC)
equipment or systems, and automated information system (AIS)
security hardware and software used to protect classified material.
l. Unauthorized Receipt of Classified Material. The receipt or
discovery of any classified material that the contractor is not
authorized to have. The report should identify the source of the
material, originator, quantity, subject or title, date, and
classification level.
m. Employee Information in Compromise Cases. When requested
by the CSA, information concerning an employee when the
information is needed in connection with the loss, compromise, or
suspected compromise of classified information.
n. Disposition of Classified Material Terminated From
Accountability. When the whereabouts or disposition of classified
material previously terminated from accountability is subsequently
determined.
o. Foreign Classified Contracts. Any precontract negotiation or
award not placed through a GCA that involves, or may involve, (1)
The release or disclosure of U.S. classified information to a foreign
interest, or (2) Access to classified information furnished by a
foreign interest.
1-303. Reports of Loss, Compromise, or Suspected Compromise.
Any loss, compromise or suspected compromise of classified
information, foreign or domestic, shall be reported to the CSA.
Classified material that cannot be located within a reasonable
period of time shall be presumed to be lost until an investigation
determines otherwise. If the facility is located on a Government
installation, the report shall be furnished to the CSA through the
Commander or Head of the host installation.
a. Preliminary Inquiry. Immediately on receipt of a report of loss,
compromise, or suspected compromise of classified information,
the contractor shall initiate a preliminary inquiry to ascertain all of
the circumstances surrounding the reported loss, compromise or
suspected compromise.
b. Initial Report. If the contractor's preliminary inquiry confirms
that a loss, compromise, or suspected compromise of any classified
information occurred, the contractor shall promptly submit an
initial report of the incident unless otherwise notified by the CSA.
Submission of the initial report shall not be deferred pending
completion of the entire investigation.
c. Final Report. When the investigation has been completed, a final
report shall be submitted to the CSA. The report should include:
(1) Material and relevant information that was not included in the
initial report;
(2) The name, position, social security number, date and place of
birth, and date of the clearance of the individual(s) who was
primarily responsible for the incident, including a record of prior
loss, compromise, or suspected compromise for which the
individual had been determined responsible;
(3) A statement of the corrective action taken to preclude a
recurrence and the disciplinary action taken against the responsible
individual(s), if any; and
(4) Specific reasons for reaching the conclusion that loss,
compromise, or suspected compromise occurred or did not occur.
1-304. Individual Culpability Reports.
Contractors shall establish and enforce policies that provide for
appropriate administrative actions taken against employees who
violate requirements of this Manual. They shall establish and apply
a graduated scale of disciplinary actions in the event of employee
violations or negligence. A statement of the administrative actions
taken against an employee shall be included in a report to the CSA
when individual responsibility for a security violation can be
determined and one or more of the following factors are evident:
a. The violation involved a deliberate disregard of security
requirements.
b. The violation involved gross negligence in the handling of
classified material.
c. The violation involved was not deliberate in nature but involves a
pattern of negligence or carelessness.
Chapter 2.
Security Clearances
Section 1. Facilities Clearances
2-100. General.
A facility clearance (FCL) is an administrative determination that a
facility is eligible for access to classified information or award of a
classified contract. Contract award may be made prior to the
issuance of an FCL. However, in those cases, the contractor will be
processed for an FCL at the appropriate level and must meet
eligibility requirements for access to classified information. The
FCL requirement for a prime contractor includes those instances in
which all classified access will be limited to subcontractors.
Contractors are eligible for custody (possession) of classified
material, if they have an FCL and storage capability approved by
the CSA.
a. An FCL is valid for access to classified information at the same,
or lower, classification level as the FCL granted.
b. FCLs will be registered centrally by the U.S. Government.
c. A contractor shall not use its FCL for advertising or promotional
purposes.
2-101. Reciprocity.
An FCL shall be considered valid and acceptable for use on a fully
reciprocal basis by all Federal departments and agencies, provided
it meets or exceeds the level of clearance needed.
2-102. Eligibility Requirements.
A contractor or prospective contractor cannot apply for its own
FCL. A GCA or a currently cleared contractor may sponsor an
uncleared contractor for an FCL. A company must meet the
following eligibility requirements before it can be processed for an
FCL.
a. The contractor must need access to the classified information in
connection with a legitimate U.S. Government or foreign
requirement.
b. The contractor must be organized and existing under the laws of
any of the fifty states, the District of Columbia, or Puerto Rico, and
be located in the U.S. and its territorial areas or possessions.
c. The contractor must have a reputation for integrity and lawful
conduct in its business dealings. The contractor and its key
managers, must not be barred from participating in U.S.Government
contracts.
d. The contractor must not be under foreign ownership, control, or
influence (FOCI) to a such a degree that the granting of the FCL
would be inconsistent with the national interest.
2-103. Processing the FCL.
The CSA will advise and assist the company during the FCL
process. As a minimum, the company will:
a. Execute CSA-designated forms.
b. Process key management personnel for personnel clearances
(PCLs).
c. Appoint a U.S. citizen employee as the facility security officer
(FSO).
2-104. Personnel Clearances Required in Connection with the
FCL.
The senior management official and the FSO must always be
cleared to the level of the FCL. Other officials, as determined by
the CSA, must be granted a PCL or be excluded from classified
access pursuant to paragraph 2-106.
2-105. PCLs Concurrent with the FCL.
Contractors may designate employees who require access to
classified information during the negotiation of a contract or the
preparation of a bid or quotation pertaining to a prime contract or a
subcontract to be processed for PCLs concurrent with the FCL. The
granting of an FCL is not dependent on the clearance of such
employees.
2-106. Exclusion Procedures.
When, pursuant to paragraph 2-104, formal exclusion action is
required, the organization's board of directors or similar executive
body shall affirm the following, as appropriate.
a. Such officers, directors, partners, regents, or trustees (designated
by name) shall not require, shall not have, and can be effectively
excluded from access to all classified information disclosed to the
organization. They also do not occupy positions that would enable
them to adversely affect the organization's policies or practices in
the performance of classified contracts. This action shall be made a
matter of record by the organization's executive body. A copy of the
resolution shall be furnished to the CSA.
b. Such officers or partners (designated by name) shall not require,
shall not have, and can be effectively denied access to higher-level
classified information (specify which higher level(s)) and do not
occupy positions that would enable them to adversely affect the
organization's policies or practices in the performance of higher-
level classified contracts (specify higher level(s)). This action shall
be made a matter of record by the organization's executive body. A
copy of the resolution shall be furnished to the CSA.
2-107. Interim FCLs.
An interim FCL may be granted to eligible contractors by the CSA.
An interim FCL is granted on a temporary basis pending
completion of the full investigative requirements.
2-108. Multiple Facility Organizations.
The home office facility must have an FCL at the same, or higher,
level of any cleared facility within the multiple facility
organization.
2-109. Parent-Subsidiary Relationships.
When a parent-subsidiary relationship exists, the parent and the
subsidiary will be processed separately for an FCL. As a general
rule, the parent must have an FCL at the same, or higher, level as
the subsidiary. However, the CSA will determine the necessity for
the parent to be cleared or excluded from access to classified
information. The CSA will advise the companies as to what action
is necessary for processing the FCL. When a parent or its cleared
subsidiaries are collocated, a formal written agreement to utilize
common security services may be executed by the two firms,
subject to the approval of the CSA.
2-110. Termination of the FCL.
Once granted, an FCL remains in effect until terminated by either
party. If the FCL is terminated for any reason, the contractor shall
return all classified material in its possession to the appropriate
GCA or dispose of the material as instructed by the CSA. The
contractor shall return the original copy of the letter of notification
of the facility security clearance to the CSA.
2-111. Records Maintenance.
Contractors shall maintain the original CSA designated forms for
the duration of the FCL.
Section 2. Personnel Clearances
2-200. General.
a. An employee may be processed for a personnel clearance (PCL)
when the contractor determines that access is essential in the
performance of tasks or services related to the fulfillment of a
classified contract. A PCL is valid for access to classified
information at the same, or lower, level of classification as the level
of the clearance granted.
b. The CSA will provide written notice when an employee's PCL
has been granted, denied, suspended, or revoked. The contractor
shall immediately deny access to classified information to any
employee when notified of a denial, revocation or suspension. The
CSA will also provide written notice when processing action for
PCL eligibility has been discontinued. Contractor personnel may
be subject to a reinvestigation program as specified by the CSA.
c. Within a multiple facility organization (MFO), PCLs will be
issued to a company's home office facility (HOF) unless an
alternative arrangement is approved by the CSA. Cleared employee
transfers within an MFO, and classified access afforded thereto,
shall be managed by the contractor.
d. The contractor shall limit requests for PCLs to the minimal
number of employees necessary for operational efficiency,
consistent with contractual obligations and other requirements of
this Manual. Requests for PCLs shall not be made to establish
"pools" of cleared employees.
e. The contractor shall not submit a request for a PCL to one
agency if the employee applicant is cleared or is in process for a
PCL by another agency. In such cases, to permit clearance
verification, the contractor should provide the new agency with the
full name, date and place of birth, current address, social security
number, clearing agency, and type of clearance.
2-201. Investigative Requirements.
Investigations conducted by a Federal Agency shall not be
duplicated by another Federal Agency when those investigations
are current within 5 years and meet the scope and standards for the
level of PCL required. The types of investigations required are as
follows:
a. Single Scope Background Investigation (SSBI). An SSBI is
required for TOP SECRET, Q, and SCI. Application shall be made
on an SF Form 86 for DOE and NRC contractors. All others shall
submit a DD Form 398.
b. National Agency Check and Credit Check (NACC). An NACC
is required for a SECRET, L, and CONFIDENTIAL PCL.
Application shall be made on an SF Form 86 for DOE and NRC
contractors. All others shall submit a DD Form 398-2.
c. Polygraph. Agencies with policies sanctioning the use of the
polygraph for PCL purposes may require polygraph examinations
when necessary. If issues of concern surface during any phase of
security processing, coverage will be expanded to resolve those
issues.
2-202. Common Adjudicative Standards.
Security clearance and SCI access determinations shall be based
upon uniform common adjudicative standards.
2-203. Reciprocity.
Federal agencies that grant security clearances (TOP SECRET,
SECRET, CONFIDENTIAL, Q or L) to their employees or their
contractor employees are responsible for determining whether such
employees have been previously cleared or investigated by the
Federal Government. Any previously granted PCL that is based
upon a current investigation of a scope that meets or exceeds that
necessary for the clearance required, shall provide the basis for
issuance of a new clearance without further investigation or
adjudication unless significant derogatory information that was not
previously adjudicated becomes known to the granting agency.
2-204. Pre-employment Clearance Action.
Contractors shall not initiate any pre-employment clearance action
unless the recruitment is for a specific position that will require
access to classified information. Contractors shall include the
following statement in such employment advertisements:
"Applicants selected will be subject to a government security
investigation and must meet eligibility requirements for access to
classified information." The completed PCL application may be
submitted to the CSA by the contractor prior to the date of
employment, provided a written commitment for employment has
been made by the contractor that prescribes a fixed date for
employment within the ensuing 180 days, and the candidate has
accepted the employment offer in writing.
2-205. Contractor-Granted Clearances.
Contractors are no longer permitted to grant clearances. Contractor-
granted Confidential clearances in effect under previous policy are
not valid for access to: Restricted Data; Formerly Restricted Data;
COMSEC information; Sensitive Compartmented Information;
NATO information (except RESTRICTED); Critical or Controlled
Nuclear Weapon Security positions; and classified foreign
government information.
2-206. Verification of U.S. Citizenship.
The contractor shall require each applicant for a PCL who claims
U.S. citizenship to produce evidence of citizenship. A PCL will not
be granted until the contractor has certified the applicant's U.S.
citizenship.
2-207. Acceptable Proof of Citizenship.
a. For individuals born in the United States, a birth certificate is the
primary and preferred means of citizenship verification. Acceptable
certificates must show that the birth record was filed shortly after
birth and it must be certified with the registrar's signature. It must
bear the raised, impressed, or multicolored seal of the registrar's
office. The only exception is if a state or other jurisdiction does not
issue such seals as a matter of policy Uncertified copies of birth
certificates are not acceptable. A delayed birth certificate is one
created when a record was filed more than one year after the date of
birth. Such a certificate is acceptable if it shows that the report of
birth was supported by acceptable secondary evidence of birth.
Secondary evidence may include: baptismal or circumcision
certificates, hospital birth records, or affidavits of persons having
personal knowledge about the facts of birth. Other documentary
evidence can be early census, school, or family bible records,
newspaper files, or insurance papers. All documents submitted as
evidence of birth in the U.S. shall be original or certified
documents.
b. If the individual claims citizenship by naturalization, a certificate
of naturalization is acceptable proof of citizenship.
c. If citizenship was acquired by birth abroad to a U.S. citizen
parent or parents, the following are acceptable evidence:
(1) A Certificate of Citizenship issued by the Immigration and
Naturalization Service (INS); or
(2) A Report of Birth Abroad of a Citizen of the United States of
America (Form FS-240); or
(3) A Certificate of Birth (Form FS-545 or DS-1350).
d. A passport, current or expired, is acceptable proof of citizenship.
e. A Record of Military Processing-Armed Forces of the United
States (DD Form 1966) is acceptable proof of citizenship, provided
it reflects U.S. citizenship. 2-208. Letter of Notification of
Personnel Clearance (LOC). An LOC will be issued by the CSA to
notify the contractor that its employee has been granted a PCL.
Unless terminated, suspended or revoked by the Government, the
LOC remains effective as long as the employee is continuously
employed by the contractor.
2-209. Representative of a Foreign Interest.
The CSA will determine whether a Representative of a Foreign
Interest (RFI) is eligible for a clearance or continuation of a
clearance.
a. An RFI must be a U.S. citizen to be eligible for a PCL.
b. The RFI shall submit a statement that fully explains the foreign
connections and identifies all foreign interests. The statement shall
contain the contractor's name and address and the date of
submission. If the foreign interest is a business enterprise, the
statement shall explain the nature of the business and, to the extent
possible, details as to its ownership, including the citizenship of
the principal owners or blocks of owners. The statement shall fully
explain the nature of the relationship between the applicant and the
foreign interest and indicate the approximate percentage of time
devoted to the business of the foreign interest.
2-210. Non-U.S.Citizens.
Only U.S. citizens are eligible for a security clearance. Every effort
shall be made to ensure that non-U.S. citizens are not employed in
duties that may require access to classified information. However,
compelling reasons may exist to grant access to classified
information to an immigrant alien or a foreign national. Such
individuals may be granted a Limited Access Authorization (LAA)
in those rare circumstances where the non-U.S. citizen possesses
unique or unusual skill or expertise that is urgently needed to
support a specific U.S. Government contract involving access to
specified classified information and a cleared or clearable U.S.
citizen is not readily available. In addition, the LAA may only be
issued under the following circumstances:
a. With the concurrence of the GCA in instances of special
expertise.
b. With the concurrence of the CSA in furtherance of U.S.
Government obligations pursuant to U.S. law, treaty, or
international agreements.
2-211. Access Limitations of an LAA.
An LAA granted under the provisions of this Manual is not valid
for access to the following types of information.
a. TOP SECRET information;
b. Restricted Data or Formerly Restricted Data;
c. Information that has not been determined releasable by a U.S.
Government Designated Disclosure Authority to the country of
which the individual is a citizen;
d. COMSEC information;
e. Intelligence information;
f. NATO Information. However, foreign nationals of a NATO
member nation may be authorized access to NATO Information
provided that: (1) A NATO Security Clearance Certificate is
obtained by the CSA from the individual's home country; and (2)
NATO access is limited to performance on a specific NATO
contract.
g. Information for which foreign disclosure has been prohibited in
whole or in part; and
h. Information provided to the U.S. Government in confidence by a
third party government and classified information furnished by a
third party government.
2-212. Interim Clearances.
Interim TOP SECRET PCLs shall be granted only in emergency
situations to avoid crucial delays in precontract negotiation, or in
the award or performance on a contract. The contractor shall submit
applications for Interim TOP SECRET PCLs to the pertinent GCA
for endorsement. Applicants for TOP SECRET, SECRET, and
CONFIDENTIAL PCLs may be routinely granted interim PCLs at
the SECRET or CONFIDENTIAL level, as appropriate, provided
there is no evidence of adverse information of material significance.
The interim status will cease if results are favorable following
completion of full investigative requirements. At that time the CSA
will issue a new LOC. Non-U.S. citizens are not eligible for interim
clearances.
a. An interim SECRET or CONFIDENTIAL PCL is valid for
access to classified information at the level of the interim PCL
granted, except for Sensitive Compartmented Information,
Restricted Data, COMSEC Information, SAP, and NATO
information. An interim TOP SECRET PCL is valid for access to
TOP SECRET information and Restricted Data, NATO
Information and COMSEC information at the SECRET and
CONFIDENTIAL level.
b. An interim PCL granted by the CSA negates any existing
contractor-granted CONFIDENTIAL clearance. When an interim
PCL has been granted and derogatory information is subsequently
developed, the CSA may withdraw the interim pending completion
of the processing that is a prerequisite to the granting of a final
PCL.
c. When an interim PCL for an individual who is required to be
cleared in connection with the FCL is withdrawn, the interim FCL
will also be withdrawn, unless action is taken to remove the
individual from the position requiring access.
d. Withdrawal of an interim PCL is not a denial or revocation of
the clearance and is not appealable during this stage of the
processing.
2-213. Consultants.
A consultant is an individual under contract to provide professional
or technical assistance to a contractor or GCA in a capacity
requiring access to classified information. The consultant shall not
possess classified material off the premises of the using (hiring)
contractor or GCA except in connection with authorized visits. The
consultant and the using contractor or GCA shall jointly execute a
consultant certificate setting forth respective security
responsibilities. The using contractor or GCA shall be the
consumer of the services offered by the consultant it sponsors for a
PCL. For security administration purposes, the consultant shall be
considered an employee of the hiring contractor or GCA. The CSA
shall be contacted regarding security procedures to be followed
should it become necessary for a consultant to have custody of
classified information at the consultant's place of business.
2-214. Concurrent PCLs.
A concurrent PCL can be issued if a contractor hires an individual
or engages a consultant who has a current PCL (LOC issued to
another contractor). The gaining contractor must be issued an LOC
prior to the employee having access to classified information at that
facility. Application shall be made by the submission of the CSA
designated form.
2-215. Converting PCLs to Industrial Clearances.
PCLs granted by government agencies may be converted to
industrial clearances when: (a) A determination can be made that
the investigation meets standards prescribed for such clearances;
(b) No more than 24 months has lapsed since the date of
termination of the clearance; and, © No evidence of adverse
information exists since the last investigation. Contractors
employing persons eligible for conversion of clearance may request
clearance to the level of access required by submitting the CSA
designated form to the CSA. Access may not be granted until
receipt of the LOC. The following procedures apply.
a. Former DOE and NRC Personnel. A Q access authorization can
be converted to a TOP SECRET clearance. An L access
authorization can be converted to a SECRET clearance. Annotate
the application: "DOE (or NRC) Q (or L) Conversion Requested."
b. Federal Personnel. Submit a copy of the "Notification of
Personnel Action" (Standard Form 50), which terminated
employment with the Federal Government with the application.
c. Military Personnel. Submit a copy of the "Certificate of Release
or Discharge From Active Duty" (DD Form 214).
d. National Guard and Reserve Personnel in the Ready Reserve
Program. Include the individual's service number, the identity and
exact address of the unit to which assigned, and the date such
participation commenced on the application. For those individuals
who have transferred to the standby or retired Reserve, submit a
copy of the order effecting such a transfer.
2-216. Clearance Terminations.
The contractor shall terminate a PCL (a) Upon termination of
employment; or (b) When the need for access to classified
information in the future is reasonably foreclosed. Termination of a
PCL is accomplished by submitting a CSA-designated form to the
CSA.
2-217. Clearance Reinstatements.
A PCL can be reinstated provided (a) No more than 24 months has
lapsed since the date of termination of the clearance; (b) There is
no known adverse information; © The most recent investigation
must not exceed 5 years (TS, Q) or 10 years (SECRET, L); and (d)
Must meet or exceed the scope of the investigation required for the
level of PCL that is to be reinstated or granted. A PCL can be
reinstated at the same, or lower, level by submission of a CSA-
designated form to the CSA. The employee may not have access to
classified information until receipt of the LOC.
2-218. Procedures for Completing the Application Form.
The application forms shall be completed jointly by the employee
and the contractor. Contractors shall inform employees that page 5
of the DD Form 398-2 and the DD Form 398 or part 2 of the SF-86
may be completed in private and returned to security personnel in a
sealed envelope. The contractor shall not review any information
that is contained in the sealed envelope. The contractor shall review
the remainder of the application to determine its adequacy and to
ensure that necessary information has not been omitted. The
contractor shall ensure that the applicant's fingerprints are
authentic, legible, and complete to avoid subsequent clearance
processing delays. An employee of the contractor shall witness the
taking of the applicant's fingerprints to ensure that the person
fingerprinted is, in fact, the same as the person being processed for
the clearance. All PCL forms required by this Section are available
from the CSA.
2-219. Records Maintenance.
The contractor shall maintain a current record at each facility (to
include uncleared locations) of all cleared employees. Records
maintained by a HOF and/or PMF for employees located at
subordinate facilities (cleared and uncleared locations) shall
include the name and address at which the employee is assigned.
When furnished with a list of cleared personnel by the CSA,
contractors are requested to annotate the list with any corrections
or adjustments and return it at the earliest practical time. The reply
shall include a statement by the FSO certifying that the individuals
listed remain employed and that a PCL is still required.
Section 3. Foreign Ownership, Control, or Influence (FOCI)
2-300. General.
a. This Section establishes the policy concerning the initial or
continued clearance eligibility of U.S. companies with foreign
involvement; provides criteria for determining whether U.S.
companies are under foreign ownership, control or influence
(FOCI); prescribes responsibilities in FOCI matters; and outlines
security measures that may be considered to negate or reduce to an
acceptable level FOCI-based security risks .
b. The foreign involvement of U.S. companies cleared or under
consideration for a facility security clearance (FCL) is examined to
ensure appropriate resolution of matters determined to be of
national security significance. The development of security
measures to negate FOCI determined to be unacceptable shall be
based on the concept of risk management. The determination of
whether a U.S. company is under FOCI, its eligibility for an FCL,
and the security measures deemed necessary to negate FOCI shall
be made on a case-by-case basis.
2-301. Policy.
Foreign investment can play an important role in maintaining the
vitality of the U.S. industrial base. Therefore, it is the policy of the
U.S. Government to allow foreign investment consistent with the
national security interests of the United States. The following
FOCI policy for U.S. companies subject to an FCL is intended to
facilitate foreign investment by ensuring that foreign firms cannot
undermine U.S. security and export controls to gain unauthorized
access to critical technology, classified information and special
classes of classified information:
a. A U.S. company is considered under FOCI whenever a foreign
interest has the power, direct or indirect, whether or not exercised,
and whether or not exercisable through the ownership of the U.S.
company's securities, by contractual arrangements or other means,
to direct or decide matters affecting the management or operations
of that company in a manner which may result in unauthorized
access to classified information or may affect adversely the
performance of classified contracts.
b. A U.S. company determined to be under FOCI is ineligible for
an FCL, or an existing FCL shall be suspended or revoked unless
security measures are taken as necessary to remove the possibility
of unauthorized access or the adverse affect on classified contracts.
c. The Federal Government reserves the right and has the obligation
to impose any security method, safeguard, or restriction it believes
necessary to ensure that unauthorized access to classified
information is effectively precluded and that performance of
classified contracts is not adversely affected.
d. Changed conditions, such as a change in ownership,
indebtedness, or the foreign intelligence threat, may justify certain
adjustments to the security terms under which a company is
operating or, alternatively, that a different FOCI negation method
be employed. If a changed condition is of sufficient significance, it
might also result in a determination that a company is no longer
considered to be under FOCI or, conversely, that a company is no
longer eligible for an FCL.
e. Nothing contained in this Section shall affect the authority of the
Head of an Agency to limit, deny or revoke access to classified
information under its statutory, regulatory or contract jurisdiction.
For purposes of this Section, the term "agency" has the meaning
provided at 5 U.S.C. 552(f), to include the term "DoD Component."
2-302. Factors.
a. The following factors shall be considered in the aggregate to
determine whether an applicant company is under FOCI; its
eligibility for an FCL; and the protective measures required:
(1) Foreign intelligence threat;
(2) Risk of unauthorized technology transfer;
(3) Type and sensitivity of the information requiring protection;
(4) Nature and extent of FOCI, to include whether a foreign person
occupies a controlling or dominant minority position; source of
FOCI, to include identification of immediate, intermediate and
ultimate parent organizations;
(5) Record of compliance with pertinent U.S. laws, regulations and
contracts; and
(6) Nature of bilateral and multilateral security and information
exchange agreements that may pertain.
b. In addition to the factors shown above, the following information
is required to be furnished to the CSA on the CSA-designated
form. The information will be considered in the aggregate and the
fact that some of the below listed conditions may apply does not
necessarily render the applicant company ineligible for an FCL.
(1) Ownership or beneficial ownership, direct or indirect, of 5
percent or more of the applicant company's voting securities by a
foreign person;
(2) Ownership or beneficial ownership, direct or indirect, of 25
percent or more of any class of the applicant company's non-voting
securities by a foreign person;
(3) Management positions, such as directors, officers, or executive
personnel of the applicant company held by non U.S. citizens;
(4) Foreign person power, direct or indirect, to control the election,
appointment, or tenure of directors, officers, or executive personnel
of the applicant company and the power to control other decisions
or activities of the applicant company;
(5) Contracts, agreements, understandings, or arrangements
between the applicant company and a foreign person;
(6) Details of loan arrangements between the applicant company
and a foreign person if the applicant company's (the borrower)
overall debt to equity ratio is 40:60 or greater; and details of any
significant portion of the applicant company's financial obligations
that are subject to the ability of a foreign person to demand
repayment;
(7) Total revenues or net income in excess of 5 percent from a
single foreign person or in excess of 30 percent from foreign
persons in the aggregate;
(8) Ten percent or more of any class of the applicant's voting
securities held in "nominee shares," in "street names," or in some
other method that does not disclose the beneficial owner of
equitable title;
(9) Interlocking directors with foreign persons and any officer or
management official of the applicant company who is also
employed by a foreign person;
(10) Any other factor that indicates or demonstrates a capability on
the part of foreign persons to control or influence the operations or
management of the applicant company; and
(11) Ownership of 10% or more of any foreign interest.
2-303. Procedures.
a. If there are any affirmative answers on the form, or other
information is received which indicates that the applicant company
may be under FOCI, the CSA shall review the case to determine the
relative significance of the information in regard to:
(1) Whether the applicant is under FOCI, which shall include a
review of the factors listed at 2-302;
(2) The extent and manner to which the FOCI may result in
unauthorized access to classified information or adversely impact
classified contract performance; and
(3) The type of actions, if any, that would be necessary to negate
the effects of FOCI to a level deemed acceptable to the Federal
Government. Disputed matters may be appealed and the applicant
shall be advised of the government's appeal channels by the CSA.
b. When a company with an FCL enters into negotiations for the
proposed merger, acquisition, or takeover by a foreign person, the
applicant shall submit notification to the CSA of the
commencement of such negotiations. The submission shall include
the type of transaction under negotiation (stock purchase, asset
purchase, etc.), the identity of the potential foreign person investor,
and a plan to negate the FOCI by a method outlined in 2-306. The
company shall submit copies of loan, purchase and shareholder
agreements, annual reports, bylaws, articles of incorporation,
partnership agreements and reports filed with other federal agencies
to the CSA.
c. When a company with an FCL is determined to be under FOCI,
the facility security clearance shall be suspended. Suspension
notices shall be made as follows:
(1) When the company has current access to classified information,
the GCAs and prime contractor(s) of record shall be notified of the
suspension action along with full particulars regarding the
reason(s) therefor. Cognizant contracting agency security and
acquisition officials shall be furnished written, concurrent notice of
the suspension action. All such notices shall include a statement
that the award of additional classified contracts is prohibited so
long as the FCL remains in suspension.
(2) The company subject to suspension action shall be notified that
its clearance has been suspended, that current access to classified
information and performance on existing classified contracts may
continue unless notified by the CSA to the contrary, and that the
award of new classified contracts will not be permitted until the
FCL has been restored to a valid status.
d. When necessary, the applicant company shall be advised that
failure to adopt required security measures, may result in denial or
revocation of the FCL. When final agreement by the parties with
regard to the security measures required by the CSA is attained, the
applicant shall be declared eligible for an FCL upon
implementation of the required security measures. When a
previously suspended FCL has been restored to a valid status, all
recipients of previous suspension notices shall be notified.
e. A counterintelligence threat assessment and technology transfer
risk assessment shall be obtained by the CSA and considered prior
to a final decision to grant an FCL to an applicant company under
FOCI or to restore an FCL previously suspended. These
assessments shall be updated periodically under circumstances and
at intervals considered appropriate by the CSA.
f. Whenever a company has been determined to be under FOCI, the
primary consideration shall be the safeguarding of classified
information. The CSA is responsible for taking whatever interim
action necessary to safeguard classified information, in
coordination with other affected agencies as appropriate. If the
company does not have possession of classified material, and does
not have a current or impending requirement for access to classified
information, the FCL shall be administratively terminated.
2-304. Foreign Mergers, Acquisitions and Takeovers, and the
CFIUS.
a. Proposed merger, acquisition, or takeover (transaction) cases
voluntarily filed for review by the Committee on Foreign
Investment in the United States (CFIUS) under Section 721 of Title
VII of the Defense Production Act (DPA) of 1950 (P.L. 102-99)
shall be processed on a priority basis. The CSA shall determine
whether the proposed transaction involves an applicant subject to
this Section and convey its finding to appropriate agency
authorities. If the proposed transaction would require FOCI
negation measures to be imposed if consummated, the parties to the
transaction shall be promptly advised of such measures and be
requested to provide the CSA with their preliminary acceptance or
rejection of them as promptly as possible.
b. The CFIUS review and the industrial security review are carried
out in two parallel, but separate, processes with different time
constraints and considerations. Ideally, when industrial security
enhancements (see Sections 2-305 and 2-306) are required to
resolve industrial security concerns of a case under review by
CFIUS, there should be agreement before a recommendation on the
matter is formulated. As a technical matter, however, a security
agreement cannot be signed until the proposed foreign investor
legally completes the transaction, usually the date of closing. When
the required security arrangement, (1) Has been rejected; or (2)
When it appears agreement will not be attained regarding material
terms of such an arrangement; or (3) The company has failed to
comply with the reporting requirements of this Manual, industrial
security authorities may recommend that the Department position
be an investigation of the proposed transaction by CFIUS to assure
that national security concerns are protected.
2-305. FOCI Negation Action Plans.
If it is determined that an applicant company may be ineligible for
an FCL or that additional action would be necessary to negate the
FOCI, the applicant shall be promptly advised and requested to
submit a negation plan.
a. In those cases where the FOCI stems from foreign ownership, a
plan shall consist of one of the methods prescribed at 2-306.
Amendments to purchase and shareholder agreements may also
serve to remove FOCI concerns.
b. When factors not related to ownership are present, the plan shall
provide positive measures that assure that the foreign person can be
effectively denied access to classified information and cannot
otherwise adversely affect performance on classified contracts.
Examples of such measures include: modification or termination of
loan agreements, contracts and other understandings with foreign
interests; diversification or reduction of foreign source income;
demonstration of financial viability independent of foreign persons;
elimination or resolution of problem debt; assignment of specific
oversight duties and responsibilities to board members; formulation
of special executive-level security committees to consider and
oversee matters that impact upon the performance of classified
contracts; physical or organizational separation of the facility
component performing on classified contracts; the appointment of a
technology control officer; adoption of special board resolutions;
and other actions that negate foreign control or influence.
2-306. Methods to Negate Risk in Foreign Ownership Cases.
Under normal circumstances, foreign ownership of a U.S. company
under consideration for an FCL becomes a concern to the U.S.
Government when a foreign shareholder has the ability, either
directly or indirectly, whether exercised or exercisable, to control
or influence the election or appointment of one or more members to
the applicant company's board of directors by any means
(equivalent equity for unincorporated companies). Foreign
ownership which cannot be so manifested is not, in and of itself,
considered significant.
a. Board Resolution. When a foreign person does not own voting
stock sufficient to elect, or otherwise is not entitled to
representation to the applicant company's board of directors, a
resolution(s) by the applicant's board of directors will normally be
adequate. The Board shall identify the foreign shareholder and
describe the type and number of foreign owned shares;
acknowledge the applicant's obligation to comply with all industrial
security program and export control requirements; certify that the
foreign shareholder shall not require, shall not have, and can be
effectively precluded from unauthorized access to all classified and
export-controlled information entrusted to or held by the applicant
company; will not be permitted to hold positions that may enable
them to influence the performance of classified contracts; and
provide for an annual certification to the CSA acknowledging the
continued effectiveness of the resolution. The company shall be
required to distribute to members of its board of directors and its
principal officers copies of such resolutions and report in the
company's corporate records the completion of such distribution.
b. Voting Trust Agreement and Proxy Agreement. The Voting Trust
Agreement and the Proxy Agreement are substantially identical
arrangements whereby the voting rights of the foreign owned stock
are vested in cleared U.S. citizens approved by the Federal
Government. Neither arrangement imposes any restrictions on a
company's eligibility to have access to classified information or to
compete for classified contracts.
(1) Establishment of a Voting Trust or Proxy Agreement involves
the selection of three trustees or proxy holders respectively, all of
whom must become directors of the cleared company's board. Both
arrangements must provide for the exercise of all prerogatives of
ownership by the voting trustees or proxy holders with complete
freedom to act independently from the foreign person stockholders.
The arrangements may, however, limit the authority of the trustees
or proxy holders by requiring that approval be obtained from the
foreign person stockholder(s) with respect to matters such as: (a)
The sale or disposal of the corporation's assets or a substantial part
thereof; (b) Pledges, mortgages, or other encumbrances on the
capital stock; © Corporate mergers, consolidations, or
reorganizations; (d) The dissolution of the corporation; and (e) The
filing of a bankruptcy petition. However, nothing herein prohibits
the trustees or proxy holders from consulting with the foreign
person stockholders, or vice versa, where otherwise consistent with
U.S. laws, regulations and the terms of the Voting Trust or Proxy
Agreement.
(2) The voting trustees or proxy holders must assume full
responsibility for the voting stock and for exercising all
management prerogatives relating thereto in such a way as to ensure
that the foreign stockholders, except for the approvals enumerated
in (1) above, shall be insulated from the cleared company and
continue solely in the status of beneficiaries. The company shall be
organized, structured, and financed so as to be capable ofoperating
as a viable business entity independent from the foreign
stockholders.
(3) Individuals who serve as voting trustees or proxy holders must
be: (a) U.S. citizens residing within the United States, who are
capable of assuming full responsibility for voting the stock and
exercising management prerogatives relating thereto in a way that
ensures that the foreign person stockholders can be effectively
insulated from the cleared company; (b) Completely disinterested
individuals with no prior involvement with the applicant company,
the corporate body with which it is affiliated, or the foreign person
owner; and © Eligible for a PCL at the level of the FCL.
(4) Management positions requiring personnel security clearances
in conjunction with the FCL must be filled by U.S. citizens
residing in the United States.
c. Special Security Agreement and Security Control Agreement.
The Special Security Agreement (SSA) and the Security Control
Agreement (SCA) are substantially identical arrangements that
impose substantial industrial security and export control measures
within an institutionalized set of corporate practices and
procedures; require active involvement of senior management and
certain Board members in security matters (who must be cleared,
U.S. citizens); provide for the establishment of a Government
Security Committee (GSC) to oversee classified and export control
matters; and preserve the foreign person shareholder's right to be
represented on the Board with a direct voice in the business
management of the company while denying unauthorized access to
classified information.
(1) A company effectively owned or controlled by a foreign person
may be cleared under the SSA arrangement. However, access to
"proscribed information" is permitted only with the written
permission of the cognizant U.S. agency with jurisdiction over the
information involved. A determination to disclose proscribed
information to a company cleared under an SSA requires that a
favorable National Interest Determination (see 2-309) be rendered
prior to contract award. Additionally, the Federal Government must
have entered into a General Security Agreement with the foreign
government involved.
(2) A company not effectively owned or controlled by aforeign
person may be cleared under the SCA arrangement. Limitations on
access to classified information are not required under an SCA.
d. Limited Facility Clearance. The Federal Government has entered
into Industrial Security Agreements with certain foreign
governments. These agreements establish arrangements whereby a
foreign-owned U.S. company may be considered eligible for an
FCL. Access limitations are inherent with the granting of limited
FCLs.
(1) A limited FCL may be granted upon satisfaction of the
following criteria: (a) There is an Industrial Security Agreement
with the foreign government of the country from which the foreign
ownership is derived; (b) Access to classified information will be
limited to performance on a contract, subcontract or program
involving the government of the country from which foreign
ownership is derived; and © Release of classified information
must be in conformity with the U.S. National Disclosure Policy.
(2) A limited FCL may also be granted when the criteria listed in
paragraph (1) above cannot be satisfied, provided there exists a
compelling need to do so consistent with national security
interests.
2-307. Annual Review and Certification.
a. Annual Review. Representatives of the CSA shall meet at least
annually with senior management officials of companies operating
under a Voting Trust, Proxy Agreement, SSA, or SCA to review the
purpose and effectiveness of the clearance arrangement and to
establish common understanding of the operating requirements and
their implementation. These reviews will also include an
examination of the following:
(1) Acts of compliance or noncompliance with the approved
security arrangement, standard rules, and applicable laws and
regulations.
(2) Problems or impediments associated with the practical
application or utility of the security arrangement.
(3) Whether security controls, practices, or procedures warrant
adjustment.
b. Annual Certification. Depending upon the security arrangement
in place, the Voting trustees, Proxy holders or the Chairman of the
GSC shall submit annually to the CSA an implementation and
compliance report. Such reports shall include the following:
(1) A detailed description of the manner in which the company is
carrying out its obligations under the arrangement.
(2) Changes to security procedures, implemented or proposed, and
the reasons for those changes.
(3) A detailed description of any acts of noncompliance, whether
inadvertent or intentional, with a discussion of steps that were
taken to prevent such acts from recurring.
(4) Any changes, or impending changes, of senior management
officials, or key Board members, including the reasons therefore.
(5) Any changes or impending changes in the organizational
structure or ownership, including any acquisitions, mergers or
divestitures.
(6) Any other issues that could have a bearing on the effectiveness
of the applicable security clearance arrangement.
2-308. Government Security Committee (GSC).
Under a Voting Trust, Proxy Agreement, SSA and SCA, an
applicant company is required to establish a permanent committee
of it's Board of Directors, known as the GSC.
a. The GSC normally consists of Voting Trustees, Proxy Holders or
Outside Directors, as applicable, and those officers/directors who
hold PCLs.
b. The members of the GSC are required to ensure that the company
maintains policies and procedures to safeguard export controlled
and classified information entrusted to it.
c. The GSC shall also take the necessary steps to ensure that the
company complies with U.S. export control laws and regulations
and does not take action deemed adverse to performance on
classified contracts. This shall include the appointment of a
Technology Control Officer (TCO) and the development, approval,
and implementation of a Technology Control Plan (TCP).
d. The Facility Security Officer (FSO) shall be the principal
advisor to the GSC and attend GSC meetings. The Chairman of the
GSC, must concur with the appointment of replacement FSOs
selected by management. FSO and TCO functions shall be carried
out under the authority of the GSC.
2-309. National Interest Determination.
a. A company cleared under an SSA and its cleared employees may
only be afforded access to "proscribed information" with special
authorization. This special authorization must be manifested by a
favorable national interest determination (NID) that must be
program/project/contract-specific. Access to proscribed information
must be predicated on compelling evidence that release of such
information to a company cleared under the SSA arrangement
advances the national security interests of the United States. The
authority to make this determination shall not be permitted below
the Assistant Secretary or comparable level of the agency
concerned.
b. A proposed NID will be prepared and sponsored by the GCA
whose contract or program, is involved and it shall include the
following information:
(1) Identification of the proposed awardee along with a synopsis of
its foreign ownership (include solicitation and other reference
numbers to identify the action);
(2) General description of the procurement and performance
requirements;
(3) Identification of national security interests involved and the
ways in which award of the contract helps advance those interests;
(4) The availability of any other U.S. company with the capacity,
capability, and technical expertise to satisfy acquisition,
technology base, or industrial base requirements and the reasons
any such company should be denied the contract; and
(5) A description of any alternate means available to satisfy the
requirement, and the reasons alternative means are not acceptable.
c. An NID shall be initiated by the GCA. A company may assist in
the preparation of an NID, but the GCA is not obligated to pursue
the matter further unless it believes further consideration to be
warranted. The GCA shall, if it is supportive of the NID, forward
the case through appropriate agency channels to the ultimate
approval authority within that agency. If the proscribed information
is under the classification or control jurisdiction of another agency,
the approval of the cognizant agency is required; e.g., NSA for
COMSEC, DCI for SCI, DOE for RD and FRD, the Military
Departments for their TOP SECRET information, and other
Executive Branch Departments and Agencies for classified
information under their cognizance.
d. It is the responsibility of the cognizant approval authority to
ensure that pertinent security, counterintelligence, and acquisition
interests are thoroughly examined. Agency-specific case processing
details and the senior official(s) responsible for rendering final
approval of NID's shall be contained in the implementing
regulations of the U.S. agency whose contract is involved.
2-310. Technology Control Plan.
A TCP approved by the CSA shall be developed and implemented
by those companies cleared under a Voting Trust Agreement, Proxy
Agreement, SSA and SCA and when otherwise deemed appropriate
by the CSA. The TCP shall prescribe all security measures
determined necessary to reasonably foreclose the possibility of
inadvertent access by non-U.S. citizen employees and visitors to
information for which they are not authorized. The TCP shall also
prescribe measures designed to assure that access by non-U.S.
citizens is strictly limited to only that specific information for
which appropriate Federal Government disclosure authorization has
been obtained; e.g., an approved export license or technical
assistance agreement. Unique badging, escort, segregated work
area, security indoctrination schemes, and other measures shall be
included, as appropriate.
2-311. Compliance.
Failure on the part of the company to ensure compliance with the
terms of any approved security arrangement may constitute grounds
for revocation of the company's FCL.
Chapter 3.
Security Training and Briefings
Section 1. Security Training and Briefings
3-100. General
Contractors shall provide all cleared employees with security
training and briefings commensurate with their involvement with
classified information.
3-101. Training Materials.
Contractors may obtain defensive security, threat awareness, and
other education and training information and material from their
CSA or other sources.
3-102. FSO Training.
Contractors shall be responsible for ensuring that the FSO, and
others performing security duties, complete security training
deemed appropriate by the CSA. Training requirements shall be
based on the facility's involvement with classified information and
may include an FSO orientation course and for FSOs at facilities
with safeguarding capability, an FSO Program Management
Course. Training, if required, should be completed within 1 year of
appointment to the position of FSO.
3-103. Government-Provided Briefings.
The CSA is responsible for providing initial security briefings to
the FSO, and for ensuring that other briefings required for special
categories of information are provided.
3-104. Temporary Help Suppliers.
A temporary help supplier, or other contractor who employs cleared
individuals solely for dispatch elsewhere, shall be responsible for
ensuring that required briefings are provided to their cleared
personnel. The temporary help supplier or the using contractor may
conduct these briefings.
3-105. Classified Information Nondisclosure Agreement (SF 312).
The SF 312 is an agreement between the United States and an
individual who is cleared for access to classified information. An
employee issued an initial PCL must execute an SF 312 prior to
being granted access to classified information. The contractor shall
forward the executed SF 312 to the CSA for retention. If the
employee refuses to execute the SF 312, the contractor shall deny
the employee access to classified information and submit a report
to the CSA. The SF 312 shall be signed and dated by the employee
and witnessed. The employee's and witness' signatures must bear
the same date.
3-106. Initial Security Briefings.
Prior to being granted access to classified information, an employee
shall receive an initial security briefing that includes the following:
a. A Threat Awareness Briefing.
b. A Defensive Security Briefing.
c. An overview of the security classification system.
d. Employee reporting obligations and requirements.
e. Security procedures and duties applicable to the employee's job.
3-107. Refresher Briefings.
The contractor shall conduct periodic refresher briefings for all
cleared employees. As a minimum, the refresher briefing shall
reinforce the information provided during the initial briefing and
inform employees of appropriate changes in security regulations.
Contractors may satisfy this requirement by use of audio/video
materials and by issuing written materials on a regular basis.
3-108. Debriefings.
Contractors shall debrief cleared employees at the time of
termination of employment (discharge, resignation, or retirement);
when an employee's PCL is terminated, suspended, or revoked; and
upon termination of the FCL.
Chapter 4.
Classification and Marking
Section 1. Classification
4-100. General.
Information is classified pursuant to E.O. 12356 by an original
classification authority and is designated and marked as TOP
SECRET, SECRET, or CONFIDENTIAL. The designation
UNCLASSIFIED is used to identify information that does not
require a security classification. Except as provided by statute, (see
Chapter 9) no other terms may be used to identify classified
information. An original classification decision at any level can be
made only by a U.S. Government official who has been delegated
the authority in writing. Original classification decisions may
require a security classification guide to be issued for use in
making derivative classification decisions. Contractors make
derivative classification decisions based on the guidance provided
by the Contract Security Classification Specification that is issued
with each classified contract.
4-101. Original Classification.
A determination to originally classify information may be made
only when: (a) The information falls into one or more of the
categories set forth in E.O. 12356, and (b) The unauthorized
disclosure of the information, either by itself or in context with
other information, reasonably could be expected to cause damage to
the national security.
4-102. Derivative Classification Responsibilities.
Contractors who, extract, or summarize classified information, or
who apply classification markings derived from a source document,
or as directed by a classification guide or a Contract Security
Classification Specification, are making derivative classification
decisions. The FSO shall ensure that all employees authorized to
perform derivative classification actions are sufficiently trained and
that they possess, or have ready access to, the pertinent
classification guides and/or guidance necessary to fulfill these
important actions. Any specialized training required to implement
these responsibilities will be provided by the CSA upon request.
a. The manager or supervisor at the operational level where material
is being produced or assembled shall determine the necessity,
currency, and accuracy of the classification applied to that material.
b. The manager or supervisor whose signature or other form of
approval is required before material is transmitted outside the
facility shall determine the necessity, currency, and accuracy of the
security classification applied to that material.
c. Individual employees who copy or extract classified information
from another document, or who reproduce or translate an entire
document, shall be responsible for
(1) Marking the new document or copy with the same classification
markings as applied to the information or document from which the
new document or copy was prepared and
(2) Challenging the classification if there is reason to believe the
information is classified unnecessarily or improperly.
d. Questions on the classification assigned to reference material are
referred as indicated in paragraph 11-206.
e. Commensurate with their involvement, security classification
guidance, shall be provided to all employees, including but not
limited to, other cleared locations, sales, marketing, technical,
production, accounting, clerical, and overseas personnel who have
access to classified information in connection with performance on
a classified contract.
f. Appropriate security classification guidance shall be provided to
subcontractors in connection with classified subcontracts.
Subcontractors assume the security classification responsibilities of
prime contractors in relation to their subcontractors. (See Chapter 7
for Subcontracting.)
4-103. Security Classification Guidance.
The GCA is responsible for incorporating appropriate security
requirements clauses in a classified contract and for providing the
contractor with the security classification guidance needed during
the performance of the contract. This guidance is provided to a
contractor by means of the Contract Security Classification
Specification. The Contract Security Classification Specification
must identify the specific elements of classified information
involved in the contract which require security protection.
Contractors shall, to the extent practicable, advise and assist in the
development of the original Contract Security Classification
Specification. It is the contractor's responsibility to understand and
apply all aspects of the classification guidance. Classification
guidance is, not withstanding the contractor's input, the exclusive
responsibility of the GCA, and the final determination of the
appropriate classification for the information rests with that
activity. The Contract Security Classification Specification is a
contractual specification necessary for performance on a classified
contract. If a classified contract is received without a Contract
Security Classification Specification, the contractor shall advise
the GCA.
a. The GCA is required to issue an original Contract Security
Classification Specification to a contractor in connection with an
IFB, RFP, RFQ, or other solicitation; and with the award of a
contract that will require access to, or development of, classified
information in the performance of the classified contract.
b. The GCA is required to review the existing guidance periodically
during the performance stages of the contract and to issue a revised
Contract Security Classification Specification when a change
occurs to the existing guidance or when additional security
classification guidance is needed by the contractor.
c. Upon completion of a classified contract, the contractor must
dispose of the classified information in accordance with Chapter 5,
Section 7. If the GCA does not advise to the contrary, the
contractor may retain classified material for a period of 2 years
following completion of the contract. The Contract Security
Classification Specification will continue in effect for this 2-year
period. If the GCA determines the contractor has a continuing need
for the material, the GCA must issue a final Contract Security
Classification Specification for the classified contract. A final
specification is provided to show the retention period and to
provide final disposition instructions for the classified material
under the contract.
4-104. Challenges to Classification.
Contractors who believe
(a) That information is classified improperly or unnecessarily; or
(b) That current security considerations justify downgrading to a
lower classification or upgrading to a higher classification; or
© That the security classification guidance provided is improper or
inadequate, are required to discuss such issues with the pertinent
GCA for remedy. If a solution is not forthcoming, and the
contractor believes that corrective action is still required, a formal
challenge shall bemade to the agency that originally classified the
information. Such challenges shall include a description sufficient
to identify the issue, the reasons why the contractor believes that
corrective action is required, and any recommendations for
appropriate corrective action. In any case, the information in
question shall be safeguarded as required by this Manual for its
assigned or proposed level of classification, whichever is higher,
until action is completed. If no answer is received within 45 days,
the CSA may be requested to provide assistance in obtaining a
response. The fact that a contractor has initiated such a challenge
will not, in any way, serve as a basis for adverse action by the
Government. If a contractor believes that adverse action did result
from a classification challenge, full details should be furnished
promptly to the ISOO for resolution.
4-105. Contractor Developed Information.
Whenever a contractor develops an unsolicited proposal or
originates information not in the performance of a classified
contract, the following rules shall apply:
a. If the information was previously identified as classified, it shall
be classified in accordance with an appropriate Contract Security
Classification Specification, classification guide, or source
document and marked as required by this Chapter.
b. If the information was not previously classified, but the
contractor believes the information may, or should, be classified,
the contractor should protect the information as though classified at
the appropriate level and submit it to the agency that has an interest
in the subject matter for a classification determination. In such a
case, the following marking, or one that clearly conveys the same
meaning, may be used: CLASSIFICATION DETERMINATION
PENDING- Protect as though classified (TOP SECRET, SECRET,
or CONFIDENTIAL).This marking shall appear conspicuously at
least once on the material but no further markings are necessary
until a classification determination is received. In addition,
contractors are not precluded from marking such material as
company-private or proprietary information. Pending a final
classification determination, the contractor should protect the
information. It should be noted however, that E.O. 12356 prohibits
classification of information over which the
Government has no jurisdiction. To be eligible for classification,
the information must
(1) Incorporate classified information to which the contractor was
given prior access, or
(2) The Government must first acquire a proprietary interest in the
information.
4-106. Classified Information Appearing in Public Media.
The fact that classified information has been made public does not
mean that it is automatically declassified. Contractors shall
continue the classification until formally advised to the contrary.
Questions as to the propriety of continued classification in these
cases should be brought to the immediate attention of the GCA.
4-107. Downgrading or Declassifying Classified Information.
Information is downgraded or declassified based on the loss of
sensitivity of the information due to the passage of time or on
occurrence of a specific event. Contractors downgrade or declassify
information based on the guidance provided in a Contract Security
Classification Specification, upon formal notification, or as shown
on the material. These actions constitute implementation of a
directed action rather than an exercise of the authority for deciding
the change or cancellation of the classification. At the time the
material is actually downgraded or declassified, the action to
update records and change the classification markings shall be
initiated and performed. Declassification, either automatically or by
individual review, is not automatically an approval for public
disclosure.
Section 2. Marking Requirements
4-200. General.
Physically marking classified information with appropriate
classification markings serves to warn and inform holders of the
degree of protection required to protect it. Other notations facilitate
downgrading, declassification, and aid in derivative classification
actions. Therefore, it is essential that all classified information and
material be marked to clearly convey to the holder the level of
classification assigned, the portions that contain or reveal classified
information, the period of time protection is required, and any other
notations required for protection of the information or material.
4-201. Marking Requirements for Information and Material.
As a general rule, the markings specified in paragraphs 4-202
through 4-208 are required for all classified information, regardless
of the form in which it appears. Some material, such as documents,
letters, and reports, can be easily marked with the required
markings. Marking other material, such as equipment, AIS media,
and slides, will be more difficult due to size or other physical
characteristics. Since the principal purpose of the markings is to
alert the holder that the information requires special protection, it
is essential that all classified material be marked to the fullest
extent possible to ensure that it is afforded the necessary
safeguards.
4-202. Identification Markings.
All classified material shall be marked to show the name and
address of the facility responsible for its preparation, and the date
of preparation. These markings are required on the face of all
classified documents.
4-203. Overall Markings.
The highest level of classified information contained in a document
is its overall marking. The overall marking shall be conspicuously
marked or stamped at the top and bottom on the outside of the front
cover (if any), on the title page (if any), on the first page, and on the
outside of the back cover (if any). If the document does not have a
back cover, the outside of the back or last page, which may serve as
a cover, may also be marked at the top and bottom with the overall
classification of the document. All copies of classified documents
shall also bear the required markings. Overall markings shall be
stamped, printed, etched, written, engraved, painted, or affixed by
means of a tag, sticker, decal, or similar device on classified
material, other than documents, and on containers of such material,
if possible. If marking the material or container is not practical,
written notification of the markings shall be furnished to recipients.
4-204. Page Markings.
Interior pages of classified documents shall be conspicuously
marked or stamped at the top and bottom with the highest
classification of the information appearing thereon, or the
designation UNCLASSIFIED, if all the information on the page is
UNCLASSIFIED. Alternatively, the overall classification of the
document may be conspicuously marked or stamped at the top and
bottom of each interior page, when necessary to achieve production
efficiency, and the particular information to which classification is
assigned is adequately identified by portion markings in accordance
with 4-206. In any case, the classification marking of a page shall
not supersede a lower level of classification indicated by a portion
marking applicable to information on that page.
4-205. Component Markings.
The major components of complex documents are likely to be used
separately. In such cases, each major component shall be marked as
a separate document. Examples include: (a) each annex, appendix,
or similar component of a plan, program, or project description; (b)
attachments and appendices to a letter; and © each major part of a
report. If an entire major component is UNCLASSIFIED, the first
page of the component may be marked at the top and bottom with
the designation UNCLASSIFIED and a statement included, such
as: "All portions of this (annex, appendix, etc.) are
UNCLASSIFIED." When this method of marking is used, no
further markings are required on the unclassified major component.
4-206. Portion Markings.
Each section, part, paragraph, or similar portion of a classified
document shall be marked to show the highest level of its
classification, or that the portion is unclassified. Portions of
documents shall be marked in a manner that eliminates doubt as to
which of its portions contain or reveal classified information. For
the purpose of applying these markings, a portion or paragraph
shall be considered a distinct section or subdivision of a chapter,
letter, or document dealing with a particular point or idea which
begins on a new line and is often indented. Classification levels of
portions of a document shall be shown by the appropriate
classification symbol placed immediately following the portion's
letter or number, or in the absence of letters or numbers,
immediately before the beginning of the portion. In marking
portions, the parenthetical symbols (TS) for TOP SECRET, (S) for
SECRET, (C) for CONFIDENTIAL, and (U) for UNCLASSIFIED
shall be used.
a. Portions of U.S. documents containing foreign government
information shall be marked to reflect the foreign country of origin
as well as the appropriate classification, for example, (U.K.-C).
b. Portions of U.S. documents containing extracts from NATO
documents shall be marked to reflect "NATO" or "COSMIC" as
well as the appropriate classification, for example, (NATO-S) or
(COSMIC-TS).
c. When illustrations, photographs, figures, graphs, drawings,
charts, or similar portions are contained in classified documents
they shall be marked clearly to show their classified or unclassified
status. These classification markings shall not be abbreviated and
shall be prominent and placed within or contiguous (touching or
near) to such a portion. Captions of such portionsshall be marked
on the basis of their content alone by placing the symbol (TS), (S),
(C), or (U) immediately preceding the caption.
d. If, in an exceptional situation, parenthetical marking of the
portions is determined to be impractical, the classified document
shall contain a description sufficient to identify the exact
information that is classified and the classification level(s) assigned
to it. For example, each portion of a document need not be
separately marked if all portions are classified at the same level,
provided a full explanation is included in the document.
4-207. Subject and Title Markings.
Unclassified subjects and titles shall be selected for classified
documents, if possible. An unclassified subject or title shall be
marked with a (U) placed immediately following and to the right of
the item. A classified subject or title shall be marked with the
appropriate symbol (TS), (S), or (C) placed immediately following
and to the right of the item.
4-208. Markings for the "Classified by," "Downgrade to," or
"Declassify on" Lines.
All classified information shall be marked to reflect the source of
the classification; downgrading instructions, if appropriate; and
declassification instructions. The markings used to show this
information are as follows: CLASSIFIED BY
DOWNGRADE TO ON
DECLASSIFY ON
Documents shall show the required information either on the cover,
first page, title page, or in another prominent position. Other
material shall show the required information on the material itself
or, if not practical, in related or accompanying documentation.
a. The "CLASSIFIED BY" Line. The purpose of the "Classified by"
line is to provide justification for the classification applied to the
material by the contractor and to trace it to the contract under
which it was prepared. In completing the "Classified by" line, the
contractor shall identify the applicable guidance that authorizes the
classification of the material. Normally this will be a Contract
Security Classification Specification for a contractor. However,
many Contract Security Classification Specifications cite more
than one security guide and many times the contractor is extracting
information from a classified source document. In these cases, the
contractor may cite the Contract Security Classification
Specification, use the phrase "multiple sources" or cite the specific
guide or source document that authorizes the classification. When
the phrase "multiple sources" is used, the contractor shall maintain
records that support the classification for the duration of the
contract under which the material was created. These records may
take the form of a bibliography identifying the applicable
classification sources and be included in the text of a document or
they may be maintained separately. When identifying the Contract
Security Classification Specification on the "Classified by" line,
always include the date of the Contract Security Classification
Specification and the specific contract number for which it was
issued. The "Classified by" line is not required on electronic
messages.
b. The "DECLASSIFY ON" Line. The purpose of the "Declassify
On" line is to provide any declassification instructions appropriate
for the material. When completing this line, the contractor shall use
the information specified in the Contract SecurityClassification
Specification or guide furnished with a classified contract or cite
the source document. Material containing Restricted Data or
Formerly Restricted Data shall not have a "Declassify On" line.
c. The "DOWNGRADE TO" Line. The purpose of the "Downgrade
To" line is to provide any downgrading instructions appropriate for
the material. When completing this line, the contractor shall insert
SECRET or CONFIDENTIAL and an effective date or event as
indicated in the Contract Security Classification Specification, a
guide, or the source document.
4-209. Extracts of Information.
Most classified material originated under recent Executive orders
contains overall, portion, paragraph, and appropriate downgrading
and declassification markings that will provide sufficient guidance
for the classification of extracted information. However, some
classified material may not have these markings. If contractors
encounter source documents that do not provide the needed
markings the following procedures apply.
a. Information extracted from a classified source document shall be
classified according to the classification markings on the source.
(1) If the source document contains portion markings, the
classification of the extracted portions shall be carried forth to the
new material.
(2) If the source document does not contain portion markings, the
overall classification of the source document shall be carried forth
to the extracted information in the new document.
(3) If the new material is classified based on "multiple sources," the
highest level of classification contained in the document shall be
shown as the overall classification on the new material.
b. Downgrading and declassification markings shown on the source
shall be carried forth to the new material.
(1) If only one source is used, the downgrading and declassification
markings shown on the source shall be carried forth to the new
material. If no date or event is shown on the source, the new
material shall show "Originating Agency's Determination Required"
or "OADR" on the "Declassify on" line.
(2) If the new material is classified based on "multiple sources," the
most remote date or event for declassification shown on any source
shall be assigned to the new material. If any source shows "OADR,"
or no date of event is shown, the "Declassify on" line on the new
document or material shall show "Originating Agency's
Determination Required" or "OADR."
c. If the contractor requires more definitive guidance, the originator
of the source document, or the GCA that provided the document,
may be contacted and requested to provide appropriate markings or
an appropriate security classification guide. In any case, the
classification markings for a source document are the responsibility
of the originator, and not the contractor extracting the information.
Contractors are encouraged to contact the originator to avoid
improper or unnecessary classification of material.
4-210. Marking Special Types of Material.
The following procedures are for marking special types of material,
but are not all inclusive. The procedures cover the types of
materials that are most often produced by contractors and may be
varied to accommodate the physical characteristics of the material,
organizational and operational requirements, and ultimate use of
the item produced. The intent of the markings is to ensure that the
classification of the item, regardless of its form, is clear to the
holder.
a. Files, Folders, or Groups of Documents. Files, folders, binders,
envelopes, and other items, containing classified documents, when
not in secure storage, shall be conspicuously marked with the
highest classification of any classified item included therein. Cover
sheets may be used for this purpose.
b. Messages. Electronically transmitted messages shall be marked
in the same manner required for other documents except as noted
herein. The overall classification of the message shall be the first
item of information in the text. A "Classified By" line is not
required on messages. When messages are printed by an automated
system, all markings may be applied by that system, provided the
classification markings are clearly distinguished from the printed
text. Included in the last line of text of the message is the date or
event for declassification or the notation Originating Agency's
Determination Required or OADR, and the downgrading action, if
applicable. In record communications systems, electronically
transmitted messages shall be marked in accordance with JANAP
128 format requirements.
c. Microforms. Microforms contain images or text in sizes too
small to be read by the unaided eye. The applicable markings
specified in 4-202 through 4-208 shall be conspicuously marked on
the microform medium or its container, to be readable by the
unaided eye. These markings shall also be included on the image so
that when the image is enlarged and displayed or printed, the
markings will be conspicuous and readable. Further markings and
handling shall be as appropriate for the particular microform
involved.
d. Translations. Translations of U.S. classified information into a
language other than English shall be marked to show the U.S. as
the country of origin, with the appropriate U.S. markings as
specified in 4-202 through 4-208, and the foreign language
equivalent thereof. (See Appendix B).
4-211. Marking Transmittal Documents.
A transmittal document shall be marked with the highest level of
classified information contained therein and with an appropriate
notation to indicate its classification when the enclosures are
removed. An unclassified document that transmits a classified
document as an attachment shall bear a notation substantially as
follows: Unclassified when Separated from Classified Enclosures.
A classified transmittal that transmits higher classified information
shall be marked with a notation substantially as follows:
CONFIDENTIAL (or SECRET) when Separated from Enclosures.
In addition, a classified transmittal itself must bear all the
classification markings required by this Manual for a classified
document.
4-212. Marking Wholly Unclassified Material.
Normally, wholly UNCLASSIFIED material will not be marked or
stamped UNCLASSIFIED unless it is essential to convey to a
recipient of such material that: (a) The material has been examined
specifically with a view to impose a security classification and has
been determined not to require classification; or (b) The material
has been reviewed and has been determined to no longer require
classification and it is declassified.
4-213. Marking Compilations.
a. Documents. In some instances, certain information that would
otherwise be unclassified when standing alone may require
classification when combined or associated with other unclassified
information. When classification is required to protect a
compilation of such information, the overall classification assigned
to the document shall be conspicuously marked or stamped at the
top and bottom of each page and on the outside of the front and
back covers, if any. The reason for classifying the compilation shall
be stated at an appropriate location at or near the beginning of the
document. In this instance, the portions of a document classified in
this manner need not be marked.
b. Portions of a Document. If a classified document contains
certain portions that are unclassified when standing alone, but
classified information will be revealed when they are combined or
associated, those portions shall be marked as unclassified, the page
shall be marked with the highest classification of any information
on the page, and a statement shall be added to the page, or to the
document, to explain the classification of the combination or
association to the holder. This method of marking may also be used
if classified portions on a page, or within a document, will reveal a
higher classification when they are combined or associated than
when they are standing alone.
4-214. Marking Miscellaneous Material.
Unless a requirement exists to retain material such as rejects,
typewriter ribbons, carbons, and similar items for a specific
purpose, there is no need to mark, stamp, or otherwise indicate that
the material is classified. (NOTE: Such material developed in
connection with the handling, processing, production, and
utilization of classified information shall be handled in a manner
that ensures adequate protection of the classified information
involved and destruction at the earliest practical time.)
4-215. Marking Training Material.
Unclassified documents or material that are created to simulate or
demonstrate classified documents or material shall be clearly
marked to indicate the actual UNCLASSIFIED status of the
information. For example: SECRET FOR TRAINING PURPOSES
ONLY, OTHERWISE UNCLASSIFIED or UNCLASSIFIED
SAMPLE, or a similar marking may be used.
4-216. Marking Downgraded or Declassified Material.
Classified information, which is downgraded or declassified, shall
be promptly and conspicuously marked to indicate the change. If
the volume of material is such that prompt remarking of each
classified item cannot be accomplished without unduly interfering
with operations, a downgrading and declassification notice may be
attached to the inside of the file drawers or other storage container
in lieu of the remarking otherwise required. Each noticeshall
specify the authority for the downgrading or declassification action,
the date of the action, and the storage container to which it applies.
When documents or other material subject to downgrading or
declassification are withdrawn from the container solely for transfer
to another, or when the container is transferred from one place to
another, the transfer may be made without remarking, if the notice
is attached to the new container or remains with each shipment.
When the documents or material are withdrawn for use or for
transmittal outside the facility, they shall be remarked in
accordance with a or b below.
a. Automatic Downgrading or Declassification Actions. Holders of
classified material may take automatic downgrading or
declassification actions as specified by the markings on the
material without further authority for the action. All old
classification markings shall be canceled and the new markings
substituted, whenever practical. In the case of documents, as a
minimum, the outside of the front cover (if any), the title page (if
any), the first page, and the outside of the back cover (if any), shall
reflect the new classification markings, or the designation
UNCLASSIFIED. Other material shall be remarked by the most
practical method for the type of material involved to ensure that it
is clear to the holder what level of classification is assigned to the
material. Old markings shall be canceled, if possible, on the
material itself. If not practical, the material may be marked by
affixing new decals, tags, stickers, and the like to the material or its
container.
b. Other than Automatic Downgrading or Declassification Actions.
When contractors are notified of downgrading or declassification
actions that are contrary to the markings shown on the material, the
material shall be remarked to indicate the change. All old
classification markings shall be canceled and the new markings
substituted, whenever practical. In the case of documents, as a
minimum, the outside of the front cover (if any), the title page (if
any), the first page, and the outside of the back cover (if any), shall
reflect the new classification markings or the designation
UNCLASSIFIED. In addition, the material shall be marked to
indicate the authority for the action, the date of the action, and the
identity of the person or contractor taking the action. Other holders
shall be notified if further dissemination has been made by the
contractor.
4-217. Upgrading Action.
When a notice is received to upgrade material to a higher level, for
example from CONFIDENTIAL to SECRET, the new markings
shall be immediately entered on the material in accordance with the
notice to upgrade, and all the superseded markings shall be
obliterated. The authority for, and the date of, the upgrading action
shall be entered on the material. As appropriate, other holders shall
be notified if further dissemination of the material has been made
by the contractor. (See 4-218 below).
4-218. Miscellaneous Actions.
If classified material is inadvertently distributed outside the facility
without the proper classification assigned to it, or without any
markings to identify the material as classified, the contractor shall,
as appropriate:
a. Determine whether all holders of the material are cleared and are
authorized access to it.
b. Determine whether control of the material has been lost.
c. If recipients are cleared for access to the material, promptly
provide written notice to all holders of the proper classification to
be assigned. If control of the material has been lost, if all copies
cannot be accounted for, or if unauthorized personnel have had
access to it, report the compromise to the CSA.
4-219. Documents Generated Under Previous Executive Orders.
Documents classified under previous executive orders need not be
remarked to comply with the marking requirements of E.O. 12356.
Any automatic downgrading or declassification action specified on
such documents may be taken without further authority.
Information extracted from these documents for use in new
documents shall be marked for downgrading or declassification
action as specified on the source document. If automatic markings
are not included on the source documents, the documents shall
remain classified until authority is obtained from the originating
agency for downgrading or declassification action. Information
extracted from such documents for use in new documents shall
specify "Originating Agency's Determination Required" on the
"Declassify on" line.
Chapter 5.
Safeguarding Classified Information
Section 1. General Safeguarding Requirements
5-100. General.
Contractors shall be responsible for safeguarding classified
information in their custody or under their control. Individuals are
responsible for safeguarding classified information entrusted to
them. The extent of protection afforded classified information shall
be sufficient to reasonably foreclose the possibility of its loss or
compromise.
5-101. Safeguarding Oral Discussions.
Contractors shall ensure that all cleared employees are aware of the
prohibition against discussing classified information over
unsecured telephones, in public conveyances or places, or in any
other manner that permits interception by unauthorized persons.
5-102. End of Day Security Checks.
a. Contractors that store classified material shall establish a system
of security checks at the close of each working day to ensure that
all classified material and security repositories have been
appropriately secured.
b. Contractors that operate multiple work shifts shall perform the
security checks at the end of the last working shift in which
classified material had been removed from storage for use. The
checks are not required during continuous 24-hour operations.
5-103. Perimeter Controls.
Contractors authorized to store classified material shall establish
and maintain a system to deter and detect unauthorized
introduction or removal of classified material from their facility.
The objective is to discourage the introduction or removal of
classified material without proper authority. If the unauthorized
introduction or removal of classified material can be reasonably
foreclosed through technical means, which are encouraged, no
further controls are necessary. Employees who have a legitimate
need to remove or transport classified material should be provided
appropriate authorization media for passing through designated
entry/exit points. The fact that persons who enter or depart the
facility are subject to an inspection of their personal effects shall be
conspicuously posted at all pertinent entries and exits.
a. All persons who enter or exit the facility shall be subject to an
inspection of their personal effects, except under circumstances
where the possibility of access to classified material is remote.
Inspections shall be limited to buildings or areas where classified
work is being performed. Inspections are not required of wallets,
change purses, clothing, cosmetic cases, or other objects of an
unusually personal nature.
b. The extent, frequency, and location of inspections shall be
accomplished in a manner consistent with contractual obligations
and operational efficiency. Inspections may be done using any
appropriate random sampling technique. Contractors are
encouraged to seek legal advice during the formulation of
implementing procedures and to surface significant problems to the
CSA.
5-104. Emergency Procedures.
Contractors shall develop procedures for safeguarding c | 
