Effective Date: October 11, 2011
Expiration Date: October 11, 2016
|| TOC | Preface | Chapter1 | Chapter2 | AppendixA | AppendixB | AppendixC | ALL ||
a. This NASA Procedural Requirement (NPR) establishes Agency-wide policy for the protection of Classified National Security Information (CNSI).
b. This NPR prescribes personnel responsibilities and procedural requirements for the management of CNSI to assist NASA Centers and Component Facilities in executing the NASA security program designed to protect people, property, and information.
c. In accordance with Classified National Security Information, Exec. Order No. 13526 and its implementing directive, Information Security Oversight Office (ISOO) Directive No. 1, 32 C.F.R Parts 2001 and 2003, this NPR establishes Agency procedures for the proper implementation and management of a uniform system for classifying, accounting, safeguarding, and declassifying national security information generated by or in the possession of NASA.
This NPR is applicable to NASA Headquarters and NASA Centers, including Component Facilities and Technical and Service Support Centers. This language applies to Jet Propulsion Laboratory, other contractors, grant recipients, or parties to agreements only to the extent specified or referenced in the appropriate contracts, grants, or agreements.
The National Aeronautics and Space Act, 51 United States Code (U.S.C.) § 20132 Pub. L. No. 111-314, Dec 18, 2010.
a. Freedom of Information Act, 5 U.S.C. 552.
b. Atomic Energy Act of 1954, as amended, 42 U.S.C. § 2011 et seq.
c. Records Management by Federal Agencies, 44 U.S.C. § 2905, § 3101, and § 3102.
d. Privacy Act of 1974, Pub. L. No. 93-579, 1974.
e. Access to Classified Information, as amended, Exec. Order No. 12968, 60 Fed. Reg. 40245 (Aug. 7, 1995).
f. Classified National Security Information, as amended, Exec. Order No. 13526, 75 Fed. Reg.707 (Jan. 5, 2010).
g. Information Security Program, 14 C.F.R. Part 1203. h. NASA Policy Directive (NPD) 1600.2, NASA Security Policy.
i. NPR 1371.2, Procedural Requirements for Processing Requests for Access to NASA Installations or Facilities by Foreign Nationals or U.S. Citizens Who Are Reps of Foreign Entities.
j. NPR 1441.1, NASA Records Retention Schedule.
k. NPR 1450.10, NASA Correspondence Management and Communications Standards and Style.
l. NPR 7120.5, NASA Space Flight Program and Project Management Requirements.
m. NPR 7120.8, NASA Research and Technology Program and Project Management Requirements.
n. NASA Central Office of Record Standard Operating Procedures (CSOP).
o. NASA Declassification Management Plan.
p. NASA Handbook for Writing Security Classification Guides.
q. NASA Special Access Program Security Guide (SAPSG).
r. Advisory Circular, "Federal Aviation Administration, Subject: Screening of Persons Carrying U.S. Classified Material, AC 108-3."
s. Committee on National Security Systems (CNSS), National Policy for the Destruction of Paper COMSEC Material, Policy No. 16.
t. ISOO Directive No. 1, 32 C.F.R Parts 2001 and 2003.
u. National Industrial Security Program Operation Manual (NISPOM) DoD 5220.22-M
v. National Security Agency (NSA)/Central Security Service Policy 9-12, Storage Device Declassification Manual.
w. National Security Telecommunications and Information Systems Security Instruction (NSTISSI) 4004, Annex B.
x. NSTISSI/CNSS Information (CNSSI) 4005, Safeguarding Communication Security (COMSEC) Facilities and Materials.
y. North Atlantic Treaty Organization (NATO) Affairs Instructions 1-07.
a. To determine Center compliance with this NPR, Center Directors and Center Chiefs of Protective Services/Chief of Security (CCPS/CCS) or their designees shall determine and document compliance by applying a verification approach, coordinated with the Office of Protective Services (OPS) that is tailored to meet the needs of the Center. The OPS will provide the Centers with an OPS Checklist to be used in conjunction with the NPR to ensure that all Center reviews will be tailored to include all steps necessary to perform a comprehensive review of all pertinent areas within a Center. The OPS surveys the Centers and conducts inspections of Center compliance and implementation. Each Center Protective Services Office will conduct audits of select organizations throughout their Center on a yearly basis to determine if Center organizations are in compliance with this NPR. If Center organizations are in compliance with this NPR, the findings will be forwarded to the Center Director and the Assistant Administrator (AA) for Protective Services no later than 45 days from the date of completion. If the Center has some areas that are not compliant with the policy, the Center will be required to submit an action plan outlining the non-compliant area along with the corrective action for compliance. The OPS will review the findings within 30 days and inform the Center of the approval or disapproval of the corrective actions. The OPS will conduct reviews/audits of each Center at least every three years, or sooner if required, using the OPS Security Review Checklist to determine compliance with this NPR. The findings from the OPS review will be provided to the Center Director no later than 30 days after completion of the review.
b. To determine the OPS' compliance with the requirements contained in this NPR, internal and external auditors responsible for verifying Headquarters requirements and processes shall evaluate performance.
c. The ISOO maintains continuous liaison with their agency counterparts on all matters relating to the Government-wide security classification program and the National Industrial Security Program. ISOO also conducts on-site inspections and special classified document reviews to monitor agency compliance with applicable Executive Orders. Each year ISOO gathers relevant statistical data regarding each agency's security classification program. ISOO analyzes these data and reports them, along with other relevant information, in its Annual Report to the President. NASA follows ISOO guidance and is subject to ISOO inspections and reviews.
NPR 1600.1, NASA Security Program Procedural Requirements, Chapter 5, dated November 8, 2005.
| TOC | Preface | Chapter1 | Chapter2 | AppendixA | AppendixB | AppendixC | ALL |
|| NODIS Library | Organization and Administration(1000s) | Search ||