NASA Procedures and Guidelines
This Document is Obsolete and Is No Longer Used. Check the NODIS Library to access the current version: http://nodis3.gsfc.nasa.gov
NPR 1600.1 Eff. Date: November 03, 2004 Cancellation Date: October 22, 2013	NASA Security Program Procedural Requirements w/Change 2 (4/01/2009)
| TOC | ChangeHistory | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | Chapter6 | Chapter7 | Chapter8 | Chapter9 | Chapter10 | AppendixA | AppendixB | AppendixC | AppendixD | AppendixE | AppendixF | AppendixG | AppendixH | AppendixI | AppendixJ | AppendixK | AppendixL | AppendixM | AppendixN | AppendixO | ALL |

Chapter 3: NASA Personnel Security Program: Position Risk Designation Process, Background Investigations, and Employment Suitability Determinations for NASA Employees

3.1 General

3.1.1. As required by 5 CFR part 731, Executive Order 10450, HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors, and Federal Information Processing Standards (FIPS) 201, "Personnel Identity Verification (PIV) of Federal Employees and Contractors," all Federal employees are subject to a personnel security background investigation as set forth in this chapter to assist NASA in determining their suitability for Government employment.

3.1.2. The investigation provides NASA management necessary information to determine if an individual's judgment, trustworthiness, and suitability promote the efficiency of the Government and NASA's mission, and is consistent with the safety and security of the Agency and individual Center.

3.1.3. No personnel actions associated with recruitment, hiring, or position change shall take place without the appropriate prior designation of position risk and sensitivity levels by Center OHR.

3.1.4. No one shall be issued a permanent NASA employee photo-ID, granted access to NASA Centers or facilities, granted access to NASA IT systems, or sensitive information without, at a minimum, immediate completion of a NAC and subsequent completion of a NACI within 6 months. The NAC must be accomplished prior to or NLT than 10 working days after receipt of the written offer of appointment .

a. Temporary photo-ID or visitor badges, issued to new employees, who have not submitted the appropriate investigative forms, will expire at the 10 working days time period.

b. Further delays in forms submittal will require the individuals' supervisor to sponsor one-day visit requests up to an additional 5 working days. The supervisor will also be required to escort the individual.

c. Upon expiration of the additional 5 working days, all issued temporary badges/passes and approved accesses will be terminated pending submittal of forms.

d. Centers shall establish the necessary procedures to ensure abuse of the visitor/temporary photo-ID system does not occur.

3.2 Applicability

3.2.1. This chapter prescribes the requirements and process for the proper conduct of personnel suitability investigations for all NASA civil service personnel, under part-time or full-time employment. A t a minimum, NASA shall conduct the appropriate investigation required by position risk designation, but no less than a National Agency Check with Inquiries (NACI), and shall make an employment suitability determination on all NASA employees. Their assignment, employment, or retention must be clearly consistent with National-level suitability guidelines, regulations, and employee safety considerations.

3.2.2. Federal employees from other Federal Government agencies and members of the U.S. military who are detailed to NASA or who are members of a tenant Federal Government organization are assumed to have been properly adjudicated for employment suitability by their respective Agency. The CCS shall coordinate with the Center HRO to validate investigative and suitability results for detailees. Upon validation, no further investigation is required relative to issuance of the NASA photo-ID and access to NASA facilities unless specifically required by Center policy or for cause. All subsequent suitability issues associated with personnel identified in this paragraph shall be coordinated with the Center HRO or respective detailee's official Agency personnel office for resolution.

3.3 Responsibilities

3.3.1. The AA/OSPP is responsible for establishing and maintaining a viable and consistent personnel security program in accordance with current personnel security and suitability policies as established by the Office of Personnel Management (OPM).

3.3.2. Center Directors are responsible for ensuring full Center compliance with the provisions set forth in this chapter.

3.3.3. The CCS shall:

3.3.3.1. Maintain close coordination with OPM Investigations Service (OPM-IS) and Federal Investigations Processing Service (OPM-FIPS) and process the appropriate requests for background investigations conducted under this chapter.

3.3.3.2. Assist and support Center HRO personnel in the identification of the type of personnel investigation required for each position, including updating or upgrading requirements, as appropriate.

3.3.3.3. Refer all employment suitability cases to the appropriate HRO.

3.3.3.4. Assist the Center HRO by conducting local records checks, when necessary, to clarify, expand, or mitigate information that has been forwarded to HRO.

3.3.4. The Director of Human Resources at each Center shall:

3.3.4.1. Following the procedures contained in Appendix M, " D esignation of Public Trust Positions and Investigation Requirements," and applying the process flow established in Appendix N " Determining Position Risk and Sensitivity Levels, Process Flow Chart" , ensure management and supervisory personnel use NASA Form 1722 located at Appendix M, Figure 1, "NASA Position Designation Record," to determine and annotate the appropriate risk designation and sensitivity levels for all Civil Service personnel positions per 5 CFR parts 731 and 732 and EO 10450, respectively.

3.3.4.2. Ensure the appropriate investigative forms, as indicated in section 3.7, are completed by the incumbent or prospective employee in a timely manner and forwarded to the CCS for submittal to OPM for investigative action. Use of web-based e-QIP forms (e.g., SF 85 and SF 85P) will be made mandatory when they become available on-line.

3.3.4.3. Verify applicant birth and citizenship status in accordance with Federal Investigations Notice 03-01, dated October 30, 2002, or subsequently issued directive or notice.

3.3.4.4. Ensure the continued familiarity of HRO personnel regarding position risk designation and sensitivity level requirements and procedures, and suitability adjudication standards, criteria, and processes as established by OPM.

3.3.4.5. Refer medical related data in investigative files to the NASA medical authority for review and evaluation, as appropriate.

3.3.4.6. Ensure that supervisors are advised on the proper processing of any personnel who may be reassigned or are the subject of other personnel actions, including termination, resulting from application of this chapter.

3.3.5. Program, Line Managers, and Supervisors shall:

3.3.5.1. As a critical element of their supervisory and management duties, ensure appropriate and accurate position risk designation and sensitivity levels are assigned for all positions under their purview per 5 CFR Parts 731, 732, and EO 10450, as implemented by Appendix M.

3.3.5.2. Assist HRO during the suitability determination process, as appropriate.

3.3.6. The NASA General Counsel or the Chief Counsel of each Center, as appropriate, shall provide legal counsel with regard to implementation of this chapter.

3.4 Submitting Requests for Suitability Investigations

Upon selection for employment in Government service or as a result of a change in position risk and sensitivity level designation the Center HRO shall ensure the completed forms are forwarded to the CCS for review and submittal to OPM.

3.5 Position Types and Risk Levels

3.5.1. Designation of Public Trust Positions . Each position shall be designated at the High, Moderate, or Low risk level depending on the position's potential for adverse impact to the integrity and efficiency of the service (5 CFR 731.106). Positions at the High and Moderate risk levels are referred to as "Public Trust" positions

3.5.1.2. PUBLIC TRUST POSITIONS - The criteria for Public Trust Positions are defined in 5 CFR, Section 731.106 The designations of positions indicate the potential for action or inaction by the incumbent of the position to affect the integrity, efficiency, and effectiveness of Government operations. Public trust risk designations are used in conjunction with security clearance requirements to determine the investigative requirements for the position. Positions involving high degrees of public trust, e.g., those with broad policy making authority or fiduciary responsibilities, trigger a more thorough investigation than do positions requiring only the finding that an applicant or an incumbent has the requisite stability of character to hold Federal employment. The three public trust risk designation levels are high, moderate, and low.

a. HIGH RISK: A position that has potential for exceptionally serious impact involving duties especially critical to the Agency or a program mission of the Agency with broad scope of policy or program authority such as:

(1) Policy development and implementation;

(2) Higher level management assignments;

(3) Independent spokespersons or non-management positions with authority for independent action;

(4) Significant involvement in life-critical or mission critical systems; or

(5) Relatively high risk assignments associated with or directly involving the accounting, disbursement, or authorization of disbursement from systems of dollar amounts of $10 million per year or greater, or lesser amounts if the activities of the individual are not subject to technical review by higher authority to ensure the integrity of the system.

(6) Positions in which the incumbent is responsible for the planning, direction, and implementation of a computer security program; has a major responsibility for the direction and control of risk analysis and/or threat assessment, planning, and design of the computer system, including the hardware and software; or, can access a system during the operation or maintenance in such a way, and with the relatively high risk for causing grave damage or realize a significant personal gain;

b. MODERATE RISK: A position that has the potential for moderate to serious impact involving duties of considerable importance to the Agency or a program mission of the Agency with significant program responsibilities and delivery of customer services to the public such as:

(1) Assistants to policy development and implementation;

(2) Mid-level management assignments;

(3) Non-management positions with authority for independent or semiindependent action;

(4) Delivery of service positions that demand public confidence or trust; or

(5) Positions with responsibility for the direction, planning, design, operation, or maintenance of a computer system and whose work is technically reviewed by a higher authority at the high risk level to ensure the integrity of the system. Such positions may include but are not limited to:

(a) Access to and/or processing of proprietary data, information protected by the Privacy Act of 1974, and government-developed privileged information involving the award of contracts;

(b) Accounting, disbursement, or authorization for disbursement from systems of dollar amounts of less than $10 million per year; or

(c) Other positions as designated by the Agency head that involve degree of access to a system that creates a significant potential for damage or personal gain less than that in high risk positions.

c. LOW RISK: Positions that have the potential for impact involving duties of limited relation to the Agency mission with program responsibilities which affect the efficiency of the service. It also refers to those positions that do not fall within the definition of a high or moderate risk position.

3.5.1.3. Position risk level determinations are inclusive of many factors, IT positions and/or access being the most prevalent. Provided below are categories of IT positions and/or specific duties that may influence the risk level designation for each individual position.

a. In accordance with the Federal Information Systems Management Act (FISMA), the Office of Management and Budget (OMB) Circular A-130, and NPR 2810.1, NASA has established requirements and procedures to assure an adequate level of protection for NASA IT systems, which includes the appropriate security screening of all individuals having access to NASA IT systems:

(1). High Risk or 6C positions include positions in which the incumbent is responsible for planning, directing, and implementing a computer security program; has major responsibility for directing, planning, and designing an IT system, including the hardware and software; or, can access a system with relatively high risk for causing grave damage or realizing a significant personal gain. High risk IT positions may include positions, which involve the following:

(a) Development or administration of Agency IT Security Programs, directing or controlling IT risk analysis and threat assessments, or conducting investigations.

(b) Significant involvement in life-critical or mission-critical systems; (See section 3.5.6. for further requirements).

(c) Privileged access to NASA IT Systems designated as High Risk systems.

(d) Access to data or systems whose misuse can cause very serious adverse impact or result in significant personal gain.

(e) Assignments involving accounting, disbursement, or authorization of $10 million or more per year.

(2) Moderate Risk or 5C positions include positions where the incumbent is responsible for directing, planning, designing, operating, or maintaining IT systems and whose work is technically reviewed by a higher authority (at the high risk level) to ensure the integrity of the system: Moderate risk IT positions may involve:

(a) Systems design, operation, testing maintenance or monitoring which is under technical review of IT-1 and includes:

(1) Those that contain the primary copy of data whose cost to replace exceeds $1 million dollars.

(2) Those that control systems which affect personal safety and/or physical security, fire, or Hazmat warning safety systems.

(3) Privileged information on contract awards in excess of $10 million dollars.

(4) Accounting disbursement or authorization of more than $1 million dollars but less than $10 million dollars per year.

(b) Access to data or systems whose misuse can cause serious adverse impact or result in personal gain, which includes but is not limited to:

(1) Proprietary data;

(2) Privacy Act protected information;

(3) Export Control Regulation (EAR), International Traffic in Arms Regulations (ITAR), and the Militarily Critical Technologies List (MCTL) information.

(c) Limited privileged access to NASA IT Systems designated as Moderate Risk systems.

(3) Low Risk or 1C positions are all IT system positions that do not fall in the categories above and includes all non-sensitive positions and all other positions involving IT Systems whose misuse has limited potential for adverse impact or sensitive data is protected with password and encryption. Low risk IT positions may involve:

(a) General word processing;

(b) Systems containing no IT-I or IT-II level information or IT-1 or IT-2 level information that is protected from unauthorized access

b. Specific requirements and criteria for designating Computer/ADP risk levels are contained in Appendix M.

3.5.2. If a NASA employee's duties require any overlap into a higher or lower risk level, the position sensitivity designation must then be set at the highest risk level anticipated.

3.5.3. Risk Levels. The four suitability position risklevels are defined and explained in the table below.

3.5.4. Risk Designation System. NASA's procedure for designating public trust positions is provided at Appendix M. NASA Centers shall follow this procedure for designating public trust to ensure uniformity and consistency.

3.5.5. Relationship of Suitability Risk and National Security Sensitivity to Investigation Type. Basic suitability screening is required for all positions. The first determination NASA must make is whether the person has the character traits and past conduct expected of someone who is to carry out the duties and responsibilities of a Federal job in order to protect the integrity and promote the efficiency of the service.

3.5.6. Once a suitability determination is made, if appropriate, the person then can be screened based on National Security considerations, including considerations for access to classified information and sensitive, restricted facilities (as outlined in 5 CFR Part 732). Because Public Trust duties and responsibilities may outweigh National Security considerations at the lower access levels (Secret and Confidential), NASA HR and personnel security offices must consider both suitability and security aspects of a position in determining the appropriate type of investigation to conduct.

For example: If a position is designated High Risk under suitability, but the incumbent of that position needs a Secret clearance, a Background Investigation (BI), at a minimum, is required. A BI is the minimum investigation required for a position designated High Risk. An Access National Agency Check with written inquiries (ANACI) for the Secret clearance would not be appropriate. Of the two investigation types, ANACI and BI, the BI provides the higher level of screening required for the High Risk position. The BI also meets the investigative requirement for Secret access. The ANACI does not meet the screening requirements for a High Risk position.

3.5.7. Such screening must occur before the individual is authorized access and periodically thereafter. See chapter 2 for requirements for security clearances to access CNSI.

3.6 Suitability and the Investigative Process

3.6.1. Suitability. Eligibility for employment with NASA (Federal Employment) is based on suitability as measured from past and present conduct, which determines whether or not an employee can perform his or her duties with efficiency and effectiveness. Suitability is distinguishable from a person's ability to fulfill the qualification requirements of a job, as measured by experience, education, knowledge, skills, and abilities.

3.6.2. Appointments Subject to Investigation. As required in 5 CFR Part 731, persons appointed in the competitive service must undergo an investigation by OPM or by an agency conducting investigations under delegated authority from OPM. Except when required because of risk level changes, a person in the competitive service who has undergone a suitability investigation need not undergo another investigation simply because the person has been:

a. Promoted;

b. Demoted;

c. Reassigned;

d. Converted from career-conditional to career tenure;

e. Appointed (or converted to an appointment) when that employee has been serving with that agency for at least one year in one or more positions under an appointment subject to investigation; or,

f. Transferred, provided the individual has served continuously for at least one year in a position subject to investigation.

3.6.3. Reemployments.

3.6.3.1. Reemployments are not one of the general exceptions to the subject to investigation rule. When individuals are reemployed in Federal service, they must complete a new Declaration for Federal Employment (OF 306). They must also complete new investigative questionnaires (or update their prior form if the public trust or sensitivity level of their new position is the same as the old one). If suitability issues are admitted on the OF 306 or investigative questionnaire, or if they are otherwise developed, they must be investigated and adjudicated.

3.6.3.2. If there are no suitability issues, and there has not been a break in service of longer than the 24 months, a new investigation is not necessary unless it is required under 5 CFR Part 732, or other authority, or because of a higher public trust risk level. The adjudicative guidelines established by 5 CFR Part 731 shall be used for all reemployments that are subject to investigation and adjudication.

3.6.4. Investigative Requirements. Pursuant to the authority delegated by the President of the United States under 5 U.S.C. sections 1104 and 3301, and Executive Order 10577, OPM requires individuals seeking admission to the civil service to undergo a background investigation to establish their suitability for employment. OPM has determined that varying levels of investigation are appropriate, depending on the responsibilities of the position. The minimum level of investigation required for entry into the Federal service is the National Agency Check and Inquiry (NACI) investigation. The type of investigation to conducted is a product of the risk level designation of a position and, if appropriate, National Security requirements. OPM has established the following minimum levels of required investigation for positions at the Low, Moderate, and High Risk levels:

In some cases, OPM recommends a more comprehensive investigation to take into account unique factors specific to the duties and responsibilities of a position, the organizational need for uniformity of operations, or National Security considerations. Refer to Appendix M for further requirements on determining the appropriate level of investigation.

3.6.5. Timing of Investigations. Investigations shall be initiated before appointment or, at most, within 10 working days of placement in the position. If, at any time, it is determined that a required investigation has never been conducted for the initial appointment, the appropriate required investigation must be conducted even if there have been subsequent personnel actions that would not be subject to investigation (such as transfers, promotions, or , reassignments).

3.6.6. Change in Position Risk Level. All employees moving to a new position at a higher risk level than the risk level of the position they left must meet the investigative requirements of the risk level designation of the new position. It is a good practice to complete the required investigation before the individual moves to the new position. Any required higher level investigation must be initiated within 10 working days of the date the new position is occupied. If the risk level of an incumbent's position is increased due to a change in duties and responsibilities, the incumbent may remain in the position, but the investigation required by the higher risk level shall be initiated within 10 working days of the effective date of the new position designation. This requirement applies to details as well as permanent reassignments.

If there are new potentially disqualifying suitability issues , after , such an investigation, the authority the agency uses to adjudicate shall depend on the subject's emp , loyment status: 5 CF , R Part 315, to terminate a temporary appointment; 5 CFR Part 752, if an adverse action under that authority is warranted; etc.

3.6.7. Exceptions to Investigative Requirements. Exceptions to the investigative requirements are made for positions at the Low risk level: intermittent, seasonal, per diem, or temporary, not to exceed an aggregate of 180 days in either a single continuous appointment or series of appointments. Centers must still conduct sufficient checks (minimum NAC and local records checks (LRC) as appropriate) to ensure that the employment or retention of the individual is clearly consistent with the integrity and efficiency of the service (5 CFR Section 732.202).

3.6.7.1. Centers shall establish the appropriate checks and balances to ensure abuse of the aforementioned exception does not occure and that the exception is not granted to individuals falling under higher risk levels.

3.6.7.2. Personnel granted access under this provision will be issued a Center-specific temporary photo-ID granting access only to their respective center.

3.7 Coding of Position Risk Level on Personnel Documents

The code for the position risk level is required on Optional Form 8. HR Offices shall place the code for the position risk level in the Remarks section of the Standard Forms 50 and 52.

The codes are:

Identify a Computer/ADP position by placing the letter "C" after the code (i.e 6C, 5C, 1C).

3.8 Forms Required to Initiate Suitability Investigations for NASA Employees Requiring No Access to CNSI

*When only the September 1994 version of the OF 306 is available, the subject of the investigation shall complete items 1, 2, 7 through 12, 15, and 16a. When more recent versions of the form are used, the subject of the investigation shall complete items 1, 2, 8 through 13, 16, and 17a. If the form is not available, the specific questions shall be duplicated on a separate attachment and completed by the Subject.

3.9 Suitability Determination Procedures for NASA Federal Employees

3.9.1. The Office of Personnel Management (OPM) establishes the regulations, guidelines, procedures, and criteria governing this program and conducts all suitability investigations.

3.9.2. As required by 5 CFR, Part 731, EO 10450, and FIPS 201, each prospective Federal employee must undergo an initial entry on duty (EOD) personnel security investigation to determine suitability for employment with the Federal Government. This investigation shall take place before appointment to a Government position or no later than 14 days after appointment.

3.9.3. Determining suitability for Government employment involves a review of completed personnel security investigations for issues of trust, criminal activity, etc., that could impact the employees' ability to perform their job, or in some instances, make them ineligible for Government employment.

3.9.4. The suitability determination process does not stop at submittal, completion of the initial investigation, and the requisite suitability determination. It is a continuous evaluation process whereby the employee must maintain eligibility throughout the employment cycle. Subsequent receipt of reports of a derogatory or objectionable nature (e.g., DUI, illegal drugs, or criminal activity) shall also be evaluated for suitability concerns.

3.9.5. Established below are the processes and procedures required to ensure that the suitability requirement is appropriately managed for each NASA employee. These processes and procedures address two primary aspects of suitability determinations:

a. Entry On Duty (EOD) personnel security investigation and subsequent favorable adjudication for high, moderate, and low risk positions.

b. Report of derogatory or objectionable information subsequent to a favorable suitability determination or during required periodic reinvestigations for high, moderate or low risk positions.

3.9.6. Pre-appointment Checks for High Risk Positions.

3.9.6.1. Civil service positions that have been designated as High Risk as identified in subparagraph 3.5.2.1.a have major impacts on the success of NASA missions. Personnel placed in these positions must meet the highest standards of personal behavior. Upon selection, but prior to official appointment, the Center HRO shall direct the individual to complete the appropriate investigative forms per section 3.8 and return them to the Center HRO. The Center HRO shall review the forms for completeness and then forward them to the CCS for appropriate action. [NOTE: Required forms shall be made available via U.S. Mail or via an online forms management system (e.g., e-QIP)].

3.9.6.2. Upon review of information in the submitted forms the CCS may:

a. Interview the selectee to attempt to resolve any issues of concern;

b. Submit to the OPM for investigation and await final results; or

c. Approve interim favorable facility and/or IT access pending completion of final investigation and subsequent final suitability determination conducted by HRO.

3.9.7. Receipt of EOD Personnel Security Report of Investigation (ROI) from OPM.

3.9.7.1. Upon receipt of the Personnel Security ROI from OPM-FIPS or other investigative documents containing potential derogatory information, the CCS shall review the file.

3.9.7.2. If any suitability issues exist, the CCS shall verify that the coding of the issue(s) is consistent with OPM suitability criteria and that the file is complete. Inconsistent or incomplete cases shall be brought to the attention of OPM-FIPS, as appropriate.

3.9.7.3. The suitability issues shall then be referred to and adjudicated by the Center Human Resources Office per OPM and NASA policies and procedures.

3.9.8. Receipt of Derogatory or Objectionable Information Subsequent to a Favorable Employment Suitability Determination.

Follow the requirements outlined in subparagraph 3.9.7.2.

3.9.9. When a security clearance is being denied, revoked, or suspended as a result of a security determination, the CCS shall initiate the procedure set forth in chapter 2 of this handbook.

3.10 Adverse Information

3.10.1. When adverse information is developed or received in the course of any personnel security investigation, or subsequent to such investigation and initial favorable determination, the scope of inquiry will normally be expanded to the extent necessary to obtain sufficient information to make a sound determination that the employee may or may not be (or continue to be) employed by the Government.

3.10.1.1. These expanded inquiries shall be conducted by a NASA security official with appropriate investigative experience, NASA contracted investigators, by the original investigating agency, or by another agency of the Government at NASA's request.

3.10.1.2. Any expanded investigation may consist of many different lines of inquiry including, but not limited to, interviews of the subject, supervisors, co-workers, neighbors, and physicians; records checks with various local agencies; and credit checks.

3.10.1.3. Appropriate signed releases from the subject shall be obtained when required to pursue some of these additional leads, e.g., medical records and credit checks.

3.10.2. Counterintelligence-related adverse information is to be relayed as soon as possible, but no later than the next business day after the information has been obtained, to the Center counterintelligence office or the NASA Office of Security and Program Protection.

3.10.3. A personal interview or expanded inquiry shall be held with or completed on a NASA employee on whom significant unfavorable or derogatory information has been developed or received during the personnel screening process. The employee shall be offered an opportunity to refute, explain, clarify, or mitigate the information in question.

3.10.3.1. The personal interview or expanded inquiries may be conducted by a qualified NASA security official, by the original investigating agency, or another agency of the Government at NASA's request.

3.11 Reinvestigation Requirements

3.11.1. Under the continuous evaluation program concept, the CCS shall establish processes and procedures for conducting timely reinvestigations of NASA employees to ensure maintenance of employment suitability. At a minimum, all Public Trust positions at the High Risk level shall be reinvestigated every five years or sooner for cause.

3.11.2. Personnel in Positions at the Moderate Risk level shall be reinvestigated every ten years or sooner for cause.

3.11.3. Positions at the Low Risk Level are subject to reinvestigation every ten years or sooner for cause, or at the discretion of the individual Center.

3.11.4. Re-investigations shall also be conducted upon position assignment change when the change involves moving to a higher risk level position. See subparagraph 3.5.2.3.

3.12 Recordkeeping

3.12.1. Records and information related to this chapter shall be managed per procedures established in chapter 2, section 2.18 of this NPR.

DISTRIBUTION:
NODIS