Responsible Office: none

Subject: NASA Security Policy

1. POLICY

It is NASA policy to perform the following:

a.  Provide appropriate and reasonable protection or security
for its onsite (within the boundary of the NASA Center)
personnel, including authorized contractors or other invitees,
during official duty or tour hours, and for its facilities, property,
and information that are in its possession or under its control.
  
b.  Reserve the right to conduct an inspection of any person,
including any property in the person's possession or control, 
as a condition of admission to or continued presence on or upon 
exiting from, any NASA Center consistent with applicable law or
international agreement.   

c.  Use a security reporting and alerting system to provide
timely notification of security threats and serious security incidents
involving NASA Centers and/or personnel and to conduct 
investigations for Personnel Security Adjudications to resolve criminal 
and counterintelligence issues as appropriate.

d.  Undertake a security education and motivation program to solicit
the support and involvement of all its employees in the NASA
security program.  Types and content of the educational and 
motivational programs are tailored to address specific current needs
or events and take into consideration the participating audience.

e.  Impose official controls on all foreign travel by its employees when
such controls are required in the interest of national security.  NASA
will impose access controls on all visitors to NASA Centers in
keeping with the purpose of the visit, mission, international relations,
and existing threats.

f.  Apply the Department of Defense (DoD) Industrial Security Program to
NASA classified contracts, in accordance with the NASA/DoD Memorandum(s)
of Understanding, on file in the NASA Office of External Relations. 

g.  Maintain a classified National Security Information program which is
controlled and protected in accordance with Executive Order (EO) 12958,
Title 32 Code of Federal Regulations (CFR) 2001 Information Security 
Oversight Office (ISOO) Directive Number 1, and Section 4., References, 
a.-k. below. 

h.  Maintain a program of delegation and redelegation of authority 
as delineated in section 6, below.

i.  Ensure that any person performing security functions for or on 
behalf of NASA at any NASA Center has been properly trained to carry 
out such duties and that their qualifications remain current.

j.  Ensure that use of force is in strict compliance with 14 CFR 
Part 1203b--Security Programs; Arrest Authority and Use of Force by 
NASA Security Force Personnel.

2. APPLICABILITY

a.  This directive applies to NASA Headquarters and NASA Centers,
including Component Facilities.

b.  This Directive provides a security baseline for all NASA activities.  
On occasion, there may be programs that enhance the security baseline.  
Those enhancements will be captured in separate NASA directives or 
regulations.  Arrest authority, use of force, control, and issuance of 
firearms are governed by separate NASA directives or regulations.

3. AUTHORITY

a.  42 U.S.C. Sections 2455, 2456, 2456a, and 2473(c)(1)--Sections 304
and 203(c)(1), respectively, of the National Aeronautics and Space Act 
of 1958, as amended.  

b.  5 U.S.C. 552(b)(1)-(9), Exemptions, Freedom of Information Act (FOIA).

c.  5 U.S.C. 7311, Loyalty and Striking.

d.  5 U.S.C. 7312, Employment and Clearance.  

e.  5 U.S.C. 7511, Definitions and Application.

f.  5 U.S.C. 7512, Actions Covered.

g.  5 U.S.C. 7532, Suspension and Removal.

h.  40 U.S.C. 1441, et seq., Computer Security Act of 1987, as amended.

i.  50 U.S.C. 435, Access to Classified Information - Procedures. 

j.  40 U.S.C. 13041 et seq. (Pub.L. 101-647, 104 Stat. 4809, Subtitle E, 
Child Care Worker Employee Background Checks, November 29, 1990).
  
k.  Pub.L. 103-236, 95 Stat. 525, Protection and Reduction of Government
Secrecy Act, April 30, 1994.

l.  32 CFR 2001 (ISOO Directive Number 1).

m.  E.O. 12829, National Industrial Security Program.

n.  E.O. 12958, Classified National Security Information and 32 CFR 2001,
ISOO Directive No. 1.

o.  E.O. 12968, Access to Classified Information.

p.  Security Policy Board (SPB) Issuance 1-97, Investigative Standards,
March 24, 1997.

q.  SPB Issuance 2-97, Adjudicative Guidelines, March 24, 1997.

r.  National Security Directive (NSD) 63, Single Scope Background 
Investigation.

s.  OMB Circular A-130, "Security of Federal Automated Information 
Resources," (Appendix III).
 

4. REFERENCES

a.  NPD 1620.2, "NASA Badging System."

b.  NPD 2800.1, "Managing Information Technology."  

c.  NPG 1361.x, "Procedures and Guidelines for Processing Requests for 
Access to NASA by Foreign Nationals or Representatives."

d.  NPG 1600.6, "NASA COMSEC Procedures and Guidelines."

e.  NPG 1620.x, "NASA Security Procedures and Guidelines."

f.  14 CFR, Chapter V, Part 1203, Subpart H, Delegation of Authority to
Make Determinations in Original Classification Matters.

g.  14 CFR, Chapter V, Part 1203a - NASA Security Areas.

h.  14 CFR, Chapter V, Part 1203b - Security Programs; Arrest Authority
and Use of Force by NASA Security Force Personnel.

i.  14 CFR, Chapter V, Subpart 1214.5, Mission Critical Space System Personnel 
Reliability Program.

j.  14 CFR, Chapter V, Part 1204, Subpart 10 - Inspection of Persons and 
Personal Effects on NASA Property.

k.  NASA Export Control Program, 1995.
 

5. RESPONSIBILITY

a.  The Associate Administrator for Management Systems and Facilities
is responsible for the overall management of the NASA Security Program.

b.  Officials-in-Charge of Headquarters Offices are responsible for the
implementation of this policy within their respective organization(s),
including NASA Centers and Component Facilities.

c.  The Director, NASA Security Management Office, through the Director,
Security, Logistics, Aircraft, and Industrial Relations Division is
responsible for the functional management and leadership for implementing 
the NASA Security Program, including the following:
 
(1)  Developing and issuing, subject to coordination with 
and approval by NASA Legal Counsel, security policy and procedures in 
collaboration with Center Chiefs of Security and Lead Centers.  

(2)  Denying, revoking, or suspending, in accordance with applicable
processes, an employee's security clearance.  Procedures for the
suspension, revocation, or denial of NASA Personnel Security Clearances
are set forth in Reference 4.e.

d.  The Director of each Center and the Associate Administrator for 
Headquarters Operations, are responsible for the following:

(1)  Ensuring that local security procedures are established and
managed which ensure the successful implementation of this policy. 

(2)  Keeping the Institutional Associate Administrators informed of
the threats directed against the Center, as well as the capabilities and
limitations of the Center security program to counter such activities.

(3)  Ensuring that security self assessments are conducted on schedule
and in a forthright manner.

(4)  Ensuring that physical access to Headquarters and NASA Centers
is controlled through the utilization of a NASA Identification Badge Card, 
meeting the NASA badge standards prescribed at ANNEX A to NPD 1620, NASA 
Badging System.  The NASA identification Badge Card--

(a)  May not be used to identify levels of National Security
Clearances, and

(b)  Will be color coded to designate NASA civil service
personnel (white); NASA civil service retirees (blue); NASA 
nonappropriated fund employees (silver); and NASA consultants (orange).

(5) Funding, implementation, and quality control of the NASA identification
Badge Card System.
 

6. DELEGATION OF AUTHORITY

a.  The Associate Administrator for Headquarters Operations and the Center
Directors are authorized to perform the following:

(1)  Grant security clearances to employees under their jurisdiction,
subject to the eligibility standards set forth in Reference 4.a.
and based realistically on the access requirements of the person
concerned.  This authority may be redelegated to the Center Chief of 
Security.

(2)  Suspend an employee's security clearance.  Procedures for the 
suspension of NASA personnel security clearances are set forth in 
Reference 4.e., as amended.  This authority may be redelegated to the 
Center Chief of Security.

b.  The Associate Administrator for Management Systems and Facilities is
delegated the authority, appearing in 42 U.S.C. 2456, to authorize
such NASA employees and contractor and subcontractor employees engaged
in the protection of property owned by the United States and located
at facilities owned by or contracted to the United States, as is
deemed necessary in the public interest, to carry firearms while in
the conduct of their official duties. 
         
c.  Authority is delegated to the officials designated below to make the
determination and certification required by 42 U.S.C. 2455(b), Section 
304(b) of the National Aeronautics and Space Act of 1958, as amended, for 
access by NASA representatives to Restricted Data in the possession of
personnel of the Nuclear Regulatory Commission (NRC) and the
Department of Energy and their contractors, and NRC and DoD-cleared
personnel of other Federal departments and agencies (except that
access to Restricted Data within NASA and the DoD, based on a NASA or
DoD clearance, is handled in the same manner as access to other
classified information) and their contractors.  The officials
designated below may also authorize, in writing, subordinate
officials under their jurisdiction to exercise the authority in their
names.  Such certification will identify, by position title, the following
official in whose name the subordinate is acting:

(1)  Enterprise Associate Administrators/Institutional Program Officers

(2)  Center Directors

(3)  Director, NASA Security Management Office

d.  The NASA officials listed in 14 CFR, Chapter V, Part 1203, Subpart H, 
Delegation of Authority to Make Determinations in Original Classification 
and Declassification Matters, are authorized to make, modify, or eliminate
security classification assignments to information under their jurisdiction
for which NASA has Original Classification Authority.
 

7. MEASUREMENTS

a.  Metrics will be focused on the NASA Strategic Plan to document
performance and progress.  Reports are due on February 15 and August 15 and
will cover the 6-month period immediately preceding the reporting date.

b.  Stolen Property:  Dollar value of stolen property; number of items
stolen; dollar value of items recovered.

c.  Incidents: Number of violent incidents occurring in the workplace;
number and method of threats received.

d.  Security Clearances: Number of clearances granted; number of 
clearances denied; number of clearances suspended; number of clearances
revoked; number of clearances administratively reduced or increased, based
upon direct support requirements to the NASA Strategic Plan.

e.  Security Violations: Number of compromises of INFOSEC or classified
information; number of physical security compromises reported.

f.  NASA Strategic Plan Support: Promote the Center Self Assessments to
become metrics, i.e., reducing costs and paper work; eliminating unecessary
work or processes; creation of faster, better, cheaper processes to facilitate 
personnel security, badging, classification management, physical security,
communications security, computer security, implementation of Executive
orders, legislation, security education, briefings, and familiarization. 
Percent of Fiscal Year Security Program Operating Funds committed, obligated, 
and costed prior to June 1.
 

8. CANCELLATION

NMI 1600.2, "NASA Security Program," dated December 31, 1991 

---

/s/ Daniel S. Goldin
Administrator

ATTACHMENT A: (TEXT)

None.
 

(URL for Graphic)

None.

DISTRIBUTION:
NODIS