| NODIS Library | Organization and Administration(1000s) | Search |

NASA Ball NASA
Procedural
Requirements
NPR 1600.2A
Effective Date: September 11, 2019
Expiration Date: September 11, 2024
COMPLIANCE IS MANDATORY FOR NASA EMPLOYEES
Printable Format (PDF)

(NASA Only)

Subject: NASA Classified National Security Information (CNSI)

Responsible Office: Office of Protective Services


| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | AppendixC | AppendixD | ALL |

Chapter 1. Introduction

1.1 Overview

1.1.1 NASA generates, receives, disseminates, and maintains an enormous amount of information, much of which is of an unclassified nature with few restrictions on its use and dissemination.

1.1.2 NASA also generates, receives, stores, disseminates, and maintains CNSI under a variety of Agency programs, projects, partnerships, collaboration with other Federal agencies, academia, and private enterprises.

1.1.3 NASA establishes agency-wide procedures for the proper implementation and management of a uniform system for classifying, accounting, safeguarding, and declassifying national security information generated by, for, or in the possession of NASA.

1.1.4 Nothing in this chapter or E.O. 13526 limits the protection afforded any information by other provisions of law, including the exemptions to the 5 U.S.C. § 552, 50 U.S.C. § 3001, or 5 U.S.C. § 552a.

1.1.5 Furthermore, this chapter defines the security review requirements for programs and projects, pursuant to NPR 7120.5 and 7120.8. It establishes procedures for the creation of security classification guides (SCG), as well as requirements for reviewing permanent historical documents, pursuant to E.O. 13526, 32 CFR pt. 2001, and NPR 1441.1, before retirement into the Federal Records Centers or the National Archives and Records Administration (NARA).

1.2 Responsibilities

1.2.1 Pursuant to E.O. 13526 and 32 CFR pt. 2001, the Administrator shall demonstrate personal commitment, commit senior management, and commit necessary resources to the successful implementation of the program established under this NPR.

1.2.2 The Administrator shall designate a senior agency official (SAO) to direct and administer the information security program for managing and safeguarding CNSI in accordance with the E.O.

1.2.3 The Assistant Administrator for Protective Services has been designated as the SAO responsible for providing direction, oversight, and implementation for an Agency-wide information security program , 14 CFR pt. 1203, E O. 13526, and 32 CFR pt. 2001 for the protection of CNSI in NASA's custody. The AA for OPS shall:

a. Direct and administer the NASA program under which information is classified, safeguarded, and declassified.

b. Establish Agency-wide procedures pertaining to the management of CNSI and material generated by or in the custody of NASA.

c. Establish Agency procedures for formal classification challenges by developing a system for processing, tracking and recording formal classification challenges made by authorized holders.

d. Periodically review procedures and systems of Headquarters, Centers, (including Component Facilities), technical support centers, and service support centers to ensure CNSI is properly protected against unauthorized disclosure or access.

e. Be responsible for the funding, maintenance, and operation of Information Technology systems supporting CNSI.

f. Provide direction, oversight, and implementation of the NASA North Atlantic Treaty Organization (NATO) program in accordance with USSAN Instruction 1-07.

g. Provide direction, oversight, and implementation of 50 U.S.C. § 2672 et seq, by developing a plan to prevent the inadvertent release of records containing Restricted Data (RD) or Formerly Restricted Data (FRD) during the automatic declassification review of records under section 3.3 of E.O. 13526.

h. Provide direction, oversight, and implementation of E.O. 12829 and 32 CFR pt. 2004 by ensuring all the responsibilities of the Cognizant Security Agency (CSA) are met.

1.2.4 Center Directors shall, through the respective Center Chief of Protective Services (CCPS)/Center Chief of Security (CCS):

a. Ensure proper planning and resources for the implementation of E.O. 13526 and 32 CFR pt. 2001, and managing classified information and material under the jurisdiction and custody of their respective Centers. This responsibility includes component activities at facilities or locations geographically separated from the parent Center.

b. Ensure appropriate sanctions for security violations are coordinated with respective Center Office of Human Capital and Management, documented in Center policies, and notify OPS.

c. Ensure the implementation of the CSA requirements at the Center level is incorporated in the acquisition and maintenance of classified contracts process.

1.2.5 The CCPS/CCS shall:

a. Ensure an information security program for CNSI is developed, implemented, and maintained at a level sufficient to meet the requirements of this NPR and national-level requirements.

b. Develop and implement appropriate processes and procedures for ensuring that classified NASA information meets the requirements E.O. 13526 and 32 CFR pt. 2001, and this NPR.

c. Develop and implement appropriate processes and procedures for automatic, systematic, and mandatory review of declassification pursuant to E.O. 13526 and 32 CFR pt. 2001 subpt. D.

d. Develop and implement procedures for the appropriate safeguarding of CNSI.

e. Develop and implement a Center internal annual self-inspection program.

f. Maintain the accountability of the costs associated with implementing this NPR, the E.O. 13526 and 32 CFR pt. 2001.

g. Investigate and report sanctions, security violations, security infractions, loss, possible compromise, or unauthorized disclosure of CNSI pursuant to this NPR. Immediately notify the servicing NASA Counterintelligence office and the OPS Security Management Division Director of all actual or suspected compromises of CNSI.

h. Raise the security threat level or develop temporary procedures to handle national security incidents when necessary.

i. Develop and administer a security education and training program that encompasses initial training, specialized training as required (e.g., derivative classification, courier, and safe custodian training), and termination briefings for all NASA civil service employees and for contractor personnel as required in accordance with an official NASA contract.

j. Ensure the requirements of the National Industrial Security Program (NISP) are incorporated in the acquisition and maintenance of classified contracts.

1.2.6 NASA supervisors shall:

a. Ensure that performance plans for personnel whose duties significantly involve the creation or handling of classified information, including personnel who apply derivative classification markings, are appropriately designated and rated on at least one performance element related to the execution of work required for managing classified information as required by Section 5.4(7) of E.O. 13526.

b. Ensure that personnel entrusted with or handling classified information attend the required briefings, security education, and training provided by the Center Protective Services Office, the Office of Protective Services, or other Government agencies that provide classified information to NASA personnel.

1.2.7 The Center Communications Security (COMSEC) Officer shall serve as the focal point for all COMSEC issues. The Center COMSEC Account Manager (CAM) and Alternate CAM serve as the focal point for all Center COMSEC issues, in accordance with the requirements of NPR 1600.6.

1.2.8 All cleared NASA employees and contractor personnel shall:

a. Protect classified national security information from unauthorized disclosure, to include securing it in approved equipment or facilities whenever it is not under the direct control of an authorized person.

b. Meet safeguarding requirements prescribed by this NPR.

c. Ensure that classified information is not communicated over unsecured voice or data circuits, in public conversations, public places, or in any other manner that permits interception by unauthorized persons.

d. Maintain an annual count of all derivative classification decisions made.

e. Immediately report the following to the CCPS/CCS:

(1) Loss, possible compromise, or unauthorized disclosure of classified information or material.

(2) Known or suspected practice or condition that compromises the proper safeguarding and handling of classified information or material.

(3) Attempts by non-cleared personnel or personnel without a need-to-know to gain access to CNSI.

(4) Security violations or infractions.

f. Initial classification, downgrading, or declassification actions associated with NASA-generated information or material. Immediately report the following to their servicing NASA Counterintelligence office:

(1) Unusual or suspicious overtures by foreign nationals or representatives of a foreign entity to acquire CNSI or other sensitive information outside established official channels.

(2) Contact between cleared employees and known or suspected intelligence officers from any foreign country.

(3) Any contact that suggests a cleared employee may be the target of an attempted exploitation by a foreign intelligence entity.

(4) Any information regarding suspected or actual threats related to espionage.

g. Challenge classification, when necessary, as a means for promoting proper and thoughtful classification actions.

h. Forward information believed to be improperly classified to the Original Classification Authority (OCA), the Office of Protective Services, or the Center Protective Services Office for further guidance.

i. Ensure all required training outlined in E.O. 13526, 32 CFR pt. 2001, and this NPR established for governing, accessing, protecting, accounting for, and safeguarding classified information and material is completed.



| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | AppendixC | AppendixD | ALL |
 
| NODIS Library | Organization and Administration(1000s) | Search |

DISTRIBUTION:
NODIS


This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.