Effective Date: August 12, 2013
Expiration Date: August 12, 2018
|| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | AppendixF | AppendixG | AppendixH | ALL ||
1.1.1 This NPR establishes Agency-wide program policy and guidance for security operations, program security, and NASA Federal Arrest Authority (FAA).
1.1.2 This NPR establishes standards and specifications required to maintain consistency and uniformity for the protection of NASA assets, while considering the unique requirements, circumstances, and environments of individual NASA Centers and locations. During emergencies or periods of increased threat, exigent circumstances may require suspension of certain provisions of this NPR. In that event, immediate coordination with the Assistant Administrator, Office of Protective Services (AA, OPS) is required.
1.1.3 This NPR also presents terminology, definitions, and security measures that are intended to facilitate coordination and support with other U.S. Federal agencies such as the Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the Department of Defense (DoD).
1.1.4 This NPR provides for the assignment and delegation of certain security and protection responsibilities as required by law, regulation, and sound management practice.
1.2.1 Security is the direct, immediate, and inherent responsibility of all NASA personnel, contractors, and all others who are granted access to NASA Centers, facilities, information, and technology. General security responsibilities are set forth in this NPR. Specific policy requirements are cited in this NPR.
1.2.2 The NASA Administrator is responsible for implementing a comprehensive and effective security program for the protection of people, property, operations, and information associated with the NASA mission. The Administrator shall appoint an AA, OPS.
1.2.3 The AA, OPS shall:
a. Oversee Agency implementation, integration of, and compliance with the NASA security program by providing executive management policy direction and ensuring through Agency advocacy, adequate resources are identified and committed to accomplish the security mission in support of the overall NASA mission, NASA Strategic Plan, and national-level security requirements.
b. Provide functional and operational support for physical and program security policy formulation.
c. Provide overall focus and direction for protecting the NASA workforce, visitors, programs, and infrastructure.
d. Develop and implement Agency policy and procedural requirements to ensure law enforcement and investigative activity performed in conjunction with OPS security responsibilities at NASA installations are developed and implemented in consistence with authorities granted under the Public Law 111-314. This shall be consistent with the NASA Office of Inspector General (OIG) investigative authorities and in close coordination and cooperation with local, state, and Federal law enforcement agencies as defined in the appropriate memoranda of agreement (MOA).
e. Serve as the Agency Risk Acceptance Authority (RAA) for all NASA security program risk management determinations that require a waiver of Agency security requirements. This does not include IT Security RAA, which is the Chief Information Officer's (CIO) responsibility.
f. Serve as the Agency point of contact with the intelligence community for intelligence matters and ensure development and issuance of policy and requirements related to NASA's counterintelligence program.
g. Serve as the Agency Critical Infrastructure Assurance Officer (ACIAO) responsible for approving all Center proposals for additions and deletions to the NASA Critical Infrastructure (NCI) Inventory List when such proposals are concurred on by the respective Mission Directorate Associate Administrator.
h. Comply with all relevant Executive Orders, Presidential Directives, Presidential Policy Directives (PPDs), and other binding directives including the requirements of PPD-217, Critical Infrastructure Security and Resilience.
i. Provide central oversight and conduct assessments of the NASA Critical Infrastructure Protection Program (NCIPP).
j. Effectively coordinate and collaborate with the CIO to ensure critical cyber assets are identified and included in the NCI inventory.
k. Establish and implement organizational standards that ensure NASA security programs are appropriately configured, properly staffed with qualified security professionals, and adequately funded to enable each NASA Center to properly and efficiently manage day-to-day security operations while allowing for transition to increased threat environments and emergency scenarios, including appropriate continuity of operations and contingency operations capabilities.
l. Develop and issue, under separate NPR, facility security assessment requirements and physical security requirements for NASA facilities and property. These NPRs shall include the facility assessment, physical and procedural standards to ensure consistency and uniformity in the application of security measures that comply with Interagency Security Committee (ISC) standards.
m. Establish, disseminate, and enforce comprehensive performance standards that address overall security capabilities, training, response to likely emergencies and contingencies, and general compliance with Agency standards. Conduct inspections, as well as scheduled and unscheduled reviews, to ensure compliance and efficiency.
n. Establish, disseminate, and ensure adherence to NASA Protective Services Contract (NPSC) standards. Serve as the final approving official for technical portions of each Center contract prior to solicitation in order to maintain consistent contract standards.
o. Implement and manage procedures for certifying and obtaining accreditation of IT resources that process CNSI.
p. Serve as the Agency oversight official for implementation and management of the Agency FAA Program and Use of Force policy in compliance with 51 U.S.C. § 20133, 20134, and 14 C.F.R. Part 1203b-Security Programs; Arrest Authority and Use of Force by NASA Security Force Personnel.
q. Establish and maintain a Central Adjudication Facility to adjudicate all Agency requests for security clearances for access to CNSI.
r. Coordinate security and law enforcement policy with the Office of General Counsel.
s. Evaluate compliance with this NPR and overall effectiveness of the NASA security program through periodic site visits and functional reviews.
t. Ensure that the NASA security program operates in compliance with national security policy, applicable DHS program directives, and other national-level regulations.
u. Coordinate NASA representation on all security policy development forums and committees.
v. Serve as NASA representative to the DHS ISC.
w. Responsible for the NASA TSCM program.
1.2.4 Center Directors shall:
a. Provide current and effective security for all Center and Component Facility personnel, property, facilities, operations, and CNSI consistent with this NPR.
b. Appoint a qualified and experienced CCPS/CCS in coordination with and after obtaining the concurrence of the AA, OPS, in accordance with NPD 1000.3D, The NASA Organization. Minimum qualifications include:
(1) Sufficient authority and resources to accomplish national, Agency, and Center security goals and objectives with coordination and concurrence of the AA, OPS.
(2) Relevant experience in the security management, national security intelligence, emergency management, or law enforcement professions.
(3) Leadership and managerial experience at a proven level commensurate with the expectations and requirements of the CCPS/CCS position.
(4) Ability to obtain and maintain a Top Secret security clearance.
c. In accordance with this NPR, establish, fund, and maintain a comprehensive security program through the CCPS/CCS. This includes:
(1) Personnel, facilities, and equipment necessary to implement and sustain an effective security program.
(2) Appropriate training and professional certification of security personnel, as established by the AA, OPS.
(3) The development and management of Center-specific security program policy and procedural requirements that implement this NPR's requirements.
d. When recommended by the CCPS/CCS and Center CIAO, propose NCI and Key Resource assets for inclusion in the NCI Inventory to the Mission Directorate Associate Administrator(s).
e. Act as the Designated Official (DO) and RAA for Center security program risk management determinations that are not designated as NCI or do not require waiver of national security requirements.
f. Appoint in writing a Center Designated Approval Authority (DAA) and Certifying Authority (CA) responsible for certifying to the Agency DAA, Center information technology (IT) resources identified to process CNSI.
1.2.5 Under authority delegated from the AA, OPS, the CCPS/CCS shall:
a. Act as the principal advisor and authority to the Center Director in all matters relating to the NASA security program, as established and defined in NPD 1600.2, NASA Security Policy, as amended.
b. Develop, implement, and maintain written Center-specific security program policy and procedural requirements that implement the requirements of this NPR.
c. Direct, plan, control, and evaluate the overall Center security program, regardless of the specific security discipline and processes involved.
d. Through periodic assessments, determine the adequacy of physical security, loss prevention, and antiterrorism programs and recommend improvements and associated budget requirements to the Center Director.
e. Coordinate with the Center CIAO and oversee all aspects of the Center NCIPP.
f. Using all available sources of intelligence information (i.e., NASA counterintelligence/counterterrorism program, local law enforcement, the NASA OIG, and other Federal agencies), continuously evaluate Center and program-level criticality and vulnerabilities and local threats and prepare appropriate countermeasures tailored to the resources requiring protection, specifically identifying Center Critical Infrastructure and Key Resources, in coordination with the Center CIO and CIAO, for inclusion in the NCIPP.
g. Establish priorities for the effective deployment of Center security resources and processes during routine and emergency situations.
h. Ensure FAA is properly administered at their respective Center and act as the Center Certifying Official for the authority to carry and use concealed or unconcealed firearms by security forces, both NASA civil service personnel and contractor.
i. Notify the OIG of suspected criminal activity consistent with existing Memoranda of Understanding (MOU) or agreements.
j. Integrate and maintain oversight of all Center security activity, including those of tenant organizations to the extent feasible.
k. Ensure appropriate training and professional certifications for security staff and armed security force personnel commensurate with their assigned tasks, weapons, and equipment. To the extent possible, follow NASA standard processes, procedures, and certifications.
l. Ensure the AA, OPS provides concurrence on NPSCs prior to solicitation.
m. Act as the Center Director's primary staff advisor during any security-related crisis or serious incident and as primary representative to all external law enforcement agencies on security matters.
n. Establish and maintain annual security awareness and training programs for Center employees.
o. Participate as a principal member of Center teams dealing with resolution of workplace violence and protection issues as set forth in NPD 1600.3, NASA Policy Directive on Prevention of and Response to Workplace Violence.
p. Maintain a Center map of the precise jurisdictional boundaries of Center geographical areas, as determined by the Chief Counsel.
q. Maintain Center security program statistics and provide quarterly reports to the AA, OPS utilizing the format in Appendix C, Property Loss and Incident Details of this NPR.
r. Establish and maintain all organization informational and operational files pursuant to NPD 1440.6H, NASA Records Management, and NPR 1441.1D, NASA Records Retention Schedules.
s. Establish a system that ensures security requirements and provisions are identified at the outset of new or changing programs, acquisitions, new construction, major renovations, and modifications.
t. Ensure compliance with NPR 4200.1, NASA Equipment Management Procedural Requirements.
1.2.6 Program, Line Managers, and Supervisors shall:
a. Support the CCPS/CCS in the implementation of comprehensive security programs and mission-oriented protective services for the Center, along with individual programs and projects.
b. Ensure deployment of CCPS/CCS recommended security and loss-prevention measures within their programs and/or project or organizations.
c. Report adverse information discovered to the CCPS/CCS.
d. When an employee's clearance, eligibility for a sensitive position, or access to NASA facilities is suspended or revoked and when an employee violates security rules and procedures, take appropriate action as directed by the CCPS/CCS.
1.2.7 Individual employees shall:
a. Report suspicious activity, criminal activity, violations or suspected violations of national security, and other Center security requirements to the Center Protective Services or Security Office.
b. Recognize and comply with individual responsibilities and roles in maintaining the Agency and Center security program.
c. Protect Government property, programs, IT systems, CNSI, and sensitive information in accordance with the requirements of this NPR, NPR 1600.2, NASA CNSI, and NPR 1382.1, Privacy Procedural Requirements.
d. Cooperate with NASA security officials during inquiries and investigations.
e. Complete security education, awareness orientation, and refresher training as required.
In conjunction with other programs, directories, or offices, the AA, OPS and CCPS/CCS shall develop and share "best practices" programs and processes where appropriate.
1.4.1 Centers may occasionally experience difficulty in meeting specific security program requirements established in this NPR and may request an exception or waiver.
18.104.22.168 An "exception" is a request for a one-time deviation or exemption from compliance otherwise with a specific procedural requirement, typically for a single event granted by the Associate Administrator, Mission Support Directorate (AA, MSD). Exceptions are for a specified period of time, normally not exceeding one year, and are based upon appropriate justification to allow a Center, organization, or program time to achieve compliance. Upon expiration of the approved exception, compliance is mandatory unless an extension is granted by the AA, MSD.
22.214.171.124 A "waiver" is a request for a permanent or extended deviation or exemption (for the foreseeable future) for compliance with a specific procedural requirement granted by the AA, MSD. Waiver requests may be approved only in part, such as for a period less than requested or for only parts of the measures requested to be waived.
1.4.2 The process for submitting requests for exceptions or waivers to specific elements of the NASA security program requires that the program or project manager and CCPS/CCS justify the waiver request through:
a. Security risk analysis (e.g., cost of implementation).
b. Effect of potential loss of capability to the Center.
c. Compromise of CNSI.
d. Injury or loss of life; loss of one-of-a-kind capability.
e. Inability of the Center to perform its missions and goals.
(1) Justification will also include an explanation of any compensatory security measures implemented in lieu of specific requirements.
(2) The waiver request shall be submitted to the Center Director.
1.4.3 The Center Director shall either recommend approval or return the waiver request to the CCPS/CCS for further study or closure. The Center Director forwards concurrence to the AA, MSD.
1.4.4 The AA, MSD shall review waiver requests and forward to the AA, OPS requesting concurrence and/or comments.
1.4.5 The AA, OPS shall return the waiver request to the AA, MSD with a recommendation for approval of the waiver, further study, or denial.
1.4.6 The AA, MSD shall return the waiver requests to the Center Director with his approval or disapproval.
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | AppendixF | AppendixG | AppendixH | ALL |
|| NODIS Library | Organization and Administration(1000s) | Search ||