| NODIS Library | Organization and Administration(1000s) | Search |

NPR 1600.2A
Effective Date: September 11, 2019
Expiration Date: September 11, 2024
Printable Format (PDF)

(NASA Only)

Subject: NASA Classified National Security Information (CNSI)

Responsible Office: Office of Protective Services

| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | AppendixC | AppendixD | ALL |

Chapter 2. CNSI Management

2.1 General

2.1.1 All personnel accessing classified information are required to have a “need-to-know” to access that level of information.

2.1.2 All personnel accessing classified information are required to have a favorable personnel security investigation, equivalent to or above the level of access required, completed in accordance with NPR 1600.3.

2.1.3 All personnel accessing classified information shall complete training, annually, in the proper procedures for handling, storing, and safeguarding classified information in accordance with the requirements of this policy.

2.1.4 Classified information is always the property of the U.S. Government and may never be perceived or construed as personal property.

2.1.5 Facility security control requirements for all CNSI areas are identified in NPR 1620.3.

2.2 Original Classification

2.2.1 Information is classified pursuant to E.O. 13526 and 32 CFR § 2001.21 by an OCA.

2.2.2 Information may be originally classified under the terms of E.O. 13526 only if all of the following conditions are met:

a. An OCA is classifying the information.

b. The information is owned by, produced by or for, or is under the control of NASA;

c. The information falls within one or more of the categories of information listed in section 1.4 of E.O. 13526;

d. The OCA determines that an unauthorized disclosure of the information would reasonably be expected to result in damage to the national security, which includes defense against transnational terrorism, and the OCA is able to identify or describe the damage.

2.2.3 If there is significant doubt about the need to classify information, do not classify it and consult OPS for guidance. This provision does not:

a. Amplify or modify the substantive criteria or procedures for classification; or

b. Create any substantive or procedural rights subject to judicial review.

2.2.4 Classified information is not automatically declassified because of unauthorized disclosure of identical or similar information. Do not use information that has been improperly disclosed to make classification determinations.

2.2.5 OCAs shall ensure the proper protection of foreign government information (FGI). The unauthorized disclosure of FGI is presumed to cause damage to the national security. FGI will be protected at the U.S. Government level equivalent.

2.3 Classification Levels

2.3.1 In accordance with Section 1.2 of E.O. 13526, information may be classified at one of the three levels described in Figure 1.

Figure 1. Classification Levels

2.4 NASA Original Classification Authority

2.4.1 Pursuant to the provisions of section 1.3 of E.O. 13526, the President has designated the Administrator as an original classification authority (OCA). Only the Administrator can delegate OCA authority to other NASA personnel. Per delegation of the Administrator in this NPR, the following NASA personnel possess OCA designation up to and including Top Secret:

a. Deputy Administrator,

b. Associate Administrator,

c. Assistant Administrator for Protective Services, and

d. Deputy Assistant Administrator for Protective Services.

2.4.2 When designated in writing by the NASA Administrator, personnel with sufficient justification may possess OCA designation up to and including Top Secret (non-delegable).

2.4.3 OCAs shall receive training in proper classification and declassification prior to originally classifying information and at least once each calendar year thereafter. Security education requirements are in Chapter 3 of this NPR.

2.5 Classification Categories

2.5.1 In accordance with Section 1.4 of E.O. 13526, specific information will only be considered for classification when its unauthorized disclosure is reasonably expected to cause identifiable or describable damage to the national security, as described in Figure 2.

Figure 2. Classification Categories

2.6 Application of Original Classification Authority

2.6.1 At the time of original classification of both hard copy and electronic records, OCAs will indicate the following in a manner that is immediately apparent:

a. Classification level. The OCA shall decide which of the three classification levels defined in E.O. 13526 Section 1.2 most appropriately applies to the information.

b. “Classified By” line. The name and position of the OCA shall be written on the “Classified By” line.

c. Reason for the classification. The OCA shall identify the reason(s) for the decision to classify on the “Reason” line with the number 1.4 plus the letter(s) that corresponds to that classification category in section 1.4 of the E.O. 13526 (e.g. 1.4(a)).

d. Declassification instructions. The duration of the original classification decision will be placed on the “Declassify On” line, which indicates one of the following: the date (YYYYMMDD) or event for declassification as prescribed in section 1.5 (a) of the E.O., the date that is 10 years from the date of original classification as prescribed in 1.5 (b) of the E.O., or the date that is up to 25 years from the date of original classification as prescribed in section 1.5 (b) of the E.O.

e. Establishing duration. If the classified information should clearly and demonstrably be expected to reveal the identity of a confidential human source or a human intelligence source or key design concepts of weapons of mass destruction, an original classification authority will follow the sequence listed in 32 CFR pt. 2001.12 (a)(1) (i)-(iii).

(1) In accordance with the E.O. 13526, no information may remain classified indefinitely. At the time of original classification, the OCA shall establish a specific date or event for declassification based on the duration of the national security sensitivity of the information. Upon reaching the date or event, the information will be automatically declassified.

(2) If the OCA cannot determine a specific date or event for declassification, the information will be marked for declassification 10 years from the date of the original decision, unless the OCA otherwise determines that the sensitivity of the information requires that it be marked for declassification for up to 25 years from the date of the original decision.

(3) An OCA may extend the duration of classification up to 25 years from the date of original of the document, change the level of classification, or reclassify specific information only when the standards and procedures for classifying information under the E.O. 13526 are followed.

f. Date of origin of the document. The date of origin of the document will be indicated in a manner that is immediately apparent within the record.

g. A sample classification authority block for an original classification:

Classified By: <insert name and title or position of the OCA>

Reason: <insert the reason for the classification (e.g., 1.4 followed by the letter that corresponds to that classification category)>

Declassify On: <insert declassify instructions>

2.6.2 The OCA shall issue classification guidance. The OCA classification guidance may be issued in the form of an action memorandum, source document, or security classification guide (SCG). Security classification guides are the primary format for classification guidance when possible. However, other forms are acceptable when a SCG is deemed excessive or unnecessary.

2.6.3 Whenever practicable, use a classified addendum when classified information constitutes a small portion of an otherwise unclassified document or prepare a product to allow for dissemination at the lowest level of classification possible or in unclassified form.

2.6.4 Overall markings along with page, component, portion markings, and use of cover sheets will conform to guidelines in accordance with E.O. 13526, 32 CFR pt. 2001, and the ISOO Booklet “Marking Classified National Security Information”. If you are required to mark documents on a classified information system, classified equipment or some other unique classified item, please contact your Center Protective Services Office for specific instructions on how to mark and label each item. CNSI in the electronic environment is subject to all marking requirements.

2.6.5 Exceptional classification cases. Personnel shall not designate information as classified Confidential, Secret, or Top Secret without specific guidance from an OCA or official classification guidance. When an employee, Government contractor, licensee, certificate holder, or grantee of NASA not designated as an original classification authority obtains information believed to require original classification, the information will be protected in a manner consistent with the E.O. 13526, 32 CFR pt. 2001 and this NPR. The individual will contact the Office of Protective Services by way of their CCPS/CCS for determination by a subject matter expert and classification authority with respect to this information.

2.6.6 In some cases, an aggregation of pre-existing unclassified items of information may require that a classification action be initiated. This act is called compilation or mosaic. Contact the Office of Protective Services by way of your CCPS/CCS to determine if a classification action is warranted.

2.7 Derivative Classification

2.7.1 The CCPS/CCS shall develop procedures for the identification, appointment, and authorization of personnel at their Center which will perform derivative classification actions.

2.7.2 Persons authorized to perform derivative classification shall be identified in writing by the CCPS/CCS, and will receive required initial and annual refresher training courses.

2.7.3 CCPS/CCS shall report all appointments of derivative classifiers to the Office of Protective Services, Security Management Division (SMD).

2.7.4 All persons with access to classified systems will be designated as derivative classifiers. Prior to gaining access to classified systems and performing derivative classification activities, authorized individuals shall:

a. Initiate the Derivative Classifier role and the request for access to classified systems in the NASA Access Management System (NAMS); and

b. Receive training in the proper application of the derivative classification principles.

2.7.5 Derivative classifiers will receive initial training upon designation of authority and annual refresher training thereafter. Security education requirements for the training are in Chapter 4 of this NPR.

2.7.6 Derivative classifiers who fail to take the annual clearance holder training annually will have their authority and access to classified systems suspended by the SAO until the training is completed. A waiver may be granted by the SAO if an individual is unable to receive the training due to unavoidable circumstances. Whenever a waiver is granted, the individual will receive training as soon as practicable.

2.8 Application of Derivative Classification Authority

2.8.1 At the time of derivative classification, the following will be indicated in a manner that is immediately apparent. These marking instructions apply to both hard copies and electronic records. Information derivatively classified will:

a. Be derived from a source document(s) or SCG.

b. Bear standard markings under the uniform security classification system and as prescribed in this NPR.

c. Carry forward the markings, the classification authority, and declassification instructions from the source document(s) or the SCG.

2.8.2 Derivative classifiers shall not designate information as Confidential, Secret, or Top Secret without specific guidance from an OCA in the form of a source document or SCG.

2.8.3 Derivative Classifiers shall apply the following to all derivatively classified documents:

a. Identify the person performing the derivative classification action by position and title or badge number.

b. Identify the source documents or SCG, including the agency or office of origin and the date of the source document. In the case of multiple sources, all sources will be listed on the document or in an attachment.

c. A sample classification authority block for derivative classifiers should appear as:

Classified By: <insert name and title or position of the derivative classifier>

Derived From : < source document, office of origin, date> or <multiple sources>

Declassify On: <insert declassify instructions>

2.8.4 Overall markings along with page, component, portion markings, and use of cover sheets will conform to guidelines in accordance with E.O. 13526, 32 CFR pt. 2001, and the ISOO Booklet “Marking Classified National Security Information”. If you are required to mark documents on a classified information system, classified equipment or some other unique classified item, please contact your Center Protective Service Office for specific instructions on how to mark and label each item. CNSI in the electronic environment is subject to all marking requirements.

2.8.5 Guidance on what is considered a derivative classification action in the electronic media realm is included in the appendix of this NPR.

2.8.6 Derivative classifiers shall track and report the number of derivative classification actions annually to ISOO in conjunction with SF 311 reporting.

2.9 Identification, Designation and Markings

2.9.1 Marking. Marking is the principal way of letting holders of information know the specific protection requirements for that information. Markings and designations serve the following purposes:

a. Alert holders to the presence of classified information and information with restrictions on its dissemination.

b. Identify, as specifically as possible, the exact information needing protection.

c. Provide guidance on information sharing.

d. Provide guidance on downgrading (if any) and declassification.

e. Give information on the source(s) and reason(s) for classification and other restrictions.

f. Warn holders of special access, control, or safeguarding requirements.

2.9.2 Portion Marking. A portion is ordinarily defined as a paragraph, but also includes: subjects, titles, graphics, tables, charts, illustrations, pictures, bullet statements, sub-paragraphs, classified signature blocks, and other portions within slide presentations will be marked with the appropriate classification marking.

2.9.3 Classification designations for portion markings are:

a. (U) for Unclassified.

b. (C) for Confidential.

c. (S) for Secret.

d. (TS) for Top Secret.

2.9.4 These abbreviations are placed in parentheses before the portion to which they apply. Whenever possible, use an unclassified title or subject line.

2.9.5 Markings other than “Top Secret”, “Secret”, and “Confidential”, such as “For Official Use Only”, “Sensitive But Unclassified”, “Controlled Unclassified Information”, “Limited Official Use”, or “Sensitive Security Information”, are not to be used to identify CNSI.

2.9.6 Special Access Program (SAP) Markings. NASA employs SAP markings that are authorized and prescribed by the NASA SAP Security Guide concerning national security information for limiting access to cleared personnel having a need-to-know in the performance of their official duties.

2.9.7 Sensitive Compartmented Information (SCI). The NASA Special Security Office shall review for appropriate classification and marking any document for interagency use (MOU/MOA, memorandum, or general correspondence) involving SCI or suspected SCI produced without the benefit of a specific classification guide.

2.9.8 Foreign Government Information (FGI). Mark documents containing FGI with: “This document contains (country of origin) Information.” Mark the portions that contain the FGI to indicate the country of origin and the classification level (e.g., (Country of Origin S)). Use the Office of the Director of National Intelligence Controlled Access Program Coordination Office (CAPCO) register to locate the official abbreviation for a particular country. Substitute the country name with the words “Foreign Government Information” or “FGI” in situations where the identity of the specific government requires concealing. If the fact that information is FGI needs to be concealed, please contact the Office of Protective Services for specific instructions on how to apply appropriate markings.

2.9.9 Banner Markings. Banner markings represent the overall classification of the document. The banner markings should appear on the top and bottom of each page. Identifying the proper classification for each portion is the primary way to determine the overall classification level of a document. The banner line will specify the highest level of classification (Confidential, Secret, or Top Secret) of information contained within the document and the most restrictive control and handling markings contained within the document.

a. The highest level of classification is determined by the highest level of any one portion within the document.

b. The classification level in the banner line is printed in English and spelled out completely. Only the highest classification level is used on the banner line.

c. Any other control markings (e.g., disseminating control markings) included may be spelled out or abbreviated.

d. Banner markings always use uppercase letters.

e. If a document contains more than one page, the banner marking will be placed at the top and bottom of the front cover (if any), the title page (if any), the first page and on the outside of the back cover (if any). Each interior page of a classified document is marked with a banner line at the top and bottom of the page. Interior pages may be marked with the highest classification level of the information contained on that page, whereas the first page of a classified document’s banner reflects the highest classification level of information within the whole document.

2.10 Working Papers

2.10.1 Working papers are documents and material accumulated or created in the preparation of finished documents and material. Classifying as “working papers” is not intended as a way around the original classification procedure or temporary classification. The derivative classifier shall notify the CCPS/CCS of all working paper documents. The CCS/CCPS will ensure that the proper markings and safeguarding are being utilized to protect the information. Required markings for working papers containing classified information are:

a. Creation date.

b. “Working Paper” Annotation at the top and bottom.

c. The highest level of classification contained within.

2.10.2 Working papers are required to be handled in the following manner:

a. Protected in a manner consistent with the highest level of classification contained within the document.

b. Controlled and marked in the manner prescribed for a finished document of the same classification when:

(1) Retained more than 180 days from the date of origin,

(2) Released by the originator outside NASA, or

(3) Filed permanently.

c. Destroyed when no longer needed.

2.11 Classification Prohibitions and Limitations

2.11.1 The OCA, Declassification Authority (DCA), or derivative classifiers shall not classify information, continue to maintain a classification, or fail to declassify information in accordance with Section 1.7 of E.O. 13526.

2.11.2 Classification is prohibited when attempting to classify basic scientific research information not clearly related to the national security.

2.11.3 Classification is prohibited when attempting to reclassify information after declassification and release to the public under proper authority unless it is compliant with Section 1.7 (c) - (e) E.O. 13526.

2.12 Classification Challenges

2.12.1 In order to challenge the classification status of information, authorized holders of the classified information shall present such challenges to the OPS Security Management Division Director to the SAO. Once the challenge is received, the SMD will establish an ad-hoc committee to review the challenge and make the final Agency determination.

2.12.2 A formal challenge under this provision will be submitted in writing, but need not be any more specific than to question why information is or is not classified or is classified at a certain level.

2.12.3 Anyone with access to the information in question may challenge the classification without reprisal. Herein after the individual(s) that challenge the classification of information will be referenced as the challenger.

2.12.4 The SAO shall provide an initial written response to a challenge within 60 days. The initial written responses will acknowledge the challenge in writing and provide a date, not to exceed 120 days, by which the decision will be made. The acknowledgement will include the statement that if NASA is unable to come to a decision within the 120 days, the challenger has the right to forward the request to the Interagency Security Classification Appeals Panel (ISCAP).

2.12.5 The ad-hoc committee shall review, deliberate and decide on the classification challenge request within 120 days of receipt of the challenge.

2.12.6 Challengers and the NASA Information Security Program Committee will attempt to keep all challenges, appeals, and responses unclassified.

2.12.7 For external appeals, if no agency response is received by the challenger within 120 days, the challenger has the right to forward the challenge to the Interagency Security Classification Appeals Panel (ISCAP) for a decision. The challenger may also forward the challenge to the ISCAP if NASA has not responded to an internal appeal within 90 days of the Agency’s receipt of the appeal.

2.12.8 If the challenge is denied, a rationale for denial and appeal rights will be provided to the individual that submitted the challenge.

2.12.9 If the challenger does not agree with the NASA decision, he/she may refer the challenge to the ISOO for a secondary review and final determination.

2.12.10 Individuals are not subject to retribution for bringing such actions to the attention of the appropriate official or office. The classification challenge provision is not intended to prevent an authorized holder from informally questioning the classification status or particular information. Such informal inquiries should be encouraged as a means of minimizing the number of formal challenges.

2.12.11 Whenever an agency receives a classification challenge for information that has been the subject of a challenge within the past two years or that is the subject of a pending litigation, NASA is not required to process the challenge. NASA is only required to inform the challenger of this fact and of the challenger’s appeal rights.

2.12.12 Classified information that is the subject of a classification challenge will remain classified until a final decision is made to declassify it. Unclassified information will remain unclassified until a final decision made to classify it.

2.13 Declassification Authority

2.13.1 Only OCAs and persons designated as Declassification Authorities (DCA) are allowed to declassify CNSI.

2.13.2 OCAs have the authority to downgrade or declassify NASA-originated CNSI. Additionally, the originator’s successor may also declassify if the successor has OCA.

2.13.3 Declassification Authorities shall meet the following criteria:

a. The employee is nominated in writing by the Center Director/CCPS/CCS to perform functions of a NASA Declassification Authority (DCA).

b. The DCA role is initiated in NAMS.

c. All nominated NASA DCAs attend and successfully complete the NASA/OPS approved Declassification Authority Training Program class and the Department of Energy (DOE) training on the recognition of Restricted Data and Formerly Restricted Data (RD/FRD). Each DCA will receive a Certificate of Training approved by the OPS Assistant Administrator for Protective Services. Certified DCAs are also required to attend refresher training every three years thereafter.

d. Additionally, each Center will have at least one DCA certified as a DOE Historical Records Restricted Data Reviewer (HRRDR). This requires attendance and successful completion of the DOE HRRDR 4-day course pursuant to the 42 U.S.C. § 2011 et seq, 50 U.S.C. §2671 et seq, and the Special Historical Records Review Plan (Supplement).

2.13.4 Classified information that has been declassified without proper authority remains classified and administrative actions will be taken to restore markings and controls, as appropriate. All such actions will be reported to the senior agency official who will promptly provide a written report to the Director of ISOO.

2.14 Declassification

2.14.1 The OPS Security Management Division Director has developed the NASA Declassification Management Plan that provides the framework for NASA compliance with E.O. 13526.

2.14.2 Automatic Declassification. All classified records determined to have permanent historical value under title 44, United States Code, will be automatically declassified on December 31 of the year they becomes 25 years old regardless of whether it has or has not been reviewed, with the exception of the following:

a. Information determined to fall within one or more of the nine exemption categories outlined in Section 3.3(b) of E.O. 13526.

b. Information in the NASA Historical Records Declassification Guide; or

c. Information contained within a treaty or international agreement as determined by the Department of State and official of a foreign government requires protection beyond 25 years.

d. Information concerning nuclear weapons and foreign nuclear programs. Restricted Data and Formerly Restricted Data are excluded from automatic declassification. Additionally, the Secretary of Energy determines when information concerning foreign nuclear programs may be declassified. NASA may exempt a group or file series “Exempt File Series” of records from automatic declassification CNSI, if a substantial portion of the records within the file series would be expected to remain exempt based on the provisions of E.O. 13526, Section 3.3(b) and (c). (“File series” is also described in ISOO guidance as an “integral file block.”) The NASA SAO shall notify the Interagency Security Classification Appeals Panel and the Director of the ISOO, serving as Executive Secretary of the Panel, of any specific information beyond that included in a notification to the President under paragraph (c) E.O. 13526, Section 3.3 that the Agency proposes to exempt from automatic declassification. File series exemption criteria include the following:

a. A description of the information, either by reference to information in specific records or in the form of a declassification guide.

b. An explanation of why the information is exempt from automatic declassification and should remain classified for a longer period of time.

c. Except for the identity of a confidential human source or a human intelligence source and information regarding weapons of mass destruction, as provided in E.O. 13526 and 32 CFR pt. 2001, a specific date or event for declassification of the information is determined, not to exceed 50 years from the date of origin. The panel may direct the Agency not to exempt the information or to declassify it at an earlier date than recommended. The Agency head may appeal such a decision to the President through the Assistant to the President for National Security Affairs. The information will remain classified while such an appeal is pending.

2.14.3 Information approaching 24 years and potentially meeting the requirements of and for automatic declassification will be submitted to OPS, SMD for review and submission to ISOO.

2.14.4 Systematic Declassification Review. The Office of Protective Services, Security Management Division shall conduct a periodic review of NASA classified programs to determine if information of permanent historical value should be declassified. This periodic review will be conducted in conjunction with the NASA fundamental classification guide review.

2.14.5 Mandatory Declassification Review (MDR). All MDR requests are received by NASA Headquarters, Central Registry and processed through the OPS Classification/Declassification Office. A valid mandatory declassification review request will be of sufficient specificity to allow agency personnel to locate the records containing the information sought with a reasonable amount of effort. Requests for broad types of information, entire file series of records, or similar non-specific requests will be denied for processing under 32 CFR 2001 Section 2001.33. An initial response is sent to the requestor within 60 days of receipt of the request acknowledging or denying the request. All MDRs are processed and a final determination made within one year from the date of receipt. The MDR process includes:

a. Conducting a line by line review of the records.

b. Redacting information that is not releasable to the public or remains classified. The specific reason for redaction will be included for each redaction.

c. Releasing information to the requestor, if possible. The release of information will be coordinated with reviews by other appropriate offices for sensitive but unclassified information such as export controlled data and information, personally identifiable information, etc.

d. Coordinating referrals to other government agencies and tracking the review and referral process in the NASA Declassification Database.

2.14.6 Denials are provided to the requestor in writing, and include the reason for denial and the requestor’s appeal rights. The requestor’s appeal rights are as follows:

a. Upon denial, in whole or in part, of an initial request, the requestor has the right to file an administrative appeal within 60 days of receipt of the denial.

b. If NASA fails to respond to the request within one calendar year, then the requestor has the right to appeal to the Interagency Security Classification Appeals Panel.

2.14.7 The CCPS/CCS shall ensure Centers conduct and document annual reviews of classified holdings for automatic declassification in compliance with E.O. 13526 and 32 CFR pt. 2001.

2.14.8 When conducting annual reviews of classified holdings for automatic declassification the CCPS/CCS shall ensure DCAs are assigned to a qualified NASA Federal employee subject-matter expert that will assist them in declassification efforts.

2.15 Access to CNSI

2.15.1 At a minimum, NASA personnel and other individuals associated by contract or other agreement shall meet the following criteria for accessing CNSI in accordance with E.O. 12968 and E.O. 13526:

a. Possess a personnel security clearance commensurate with the required access.

b. Have a justified need-to-know.

c. Sign an official nondisclosure statement (SF 312) witnessed by a NASA security official, an approved facility security officer, or other approved official.

2.15.2 Access to Restricted Data and Formerly Restricted Data. NASA cleared personnel requiring access to DOE RD/FRD shall submit a request through NAMS. Specific justification for access is required for approval. When the NAMS process is initiated and the justification is accepted, the NASA RD Management Official will prompt the requestor to complete DOE form 5631.18. The RD Management Official will forward the signed form and the justification to the NASA Central Adjudication Facility for submission to DOE. All personnel granted DOE Q or L clearances will receive training.

2.16 Limited Access to CNSI by Non-U.S. Citizens

2.16.1 The AA, OPS, or designee, may authorize the granting of a Limited Access Authorization (LAA) to a non-U.S. citizen (including lawful permanent residents (LPR)) for specific information up to the Secret level if: It has been determined that the non-U.S. citizen possesses unique or unusual skills or expertise that is urgently needed to support a specific NASA mission; or, It has been determined that no cleared or clearable U.S. citizen can support the NASA mission.

2.16.2 Process for Requesting an LAA. NASA organizations shall submit a written request for an LAA to the CCS/CCPS. The request will include:

a. The individual’s name, date and place of birth, position title, and current citizenship.

b. A statement explaining the compelling reasons for the request and why it is impractical or unreasonable to use U.S. citizens to perform the required work or function, including any time constraints.

c. A statement of the individual's special expertise.

d. A statement explaining how access will be limited to a specific program or project, and how access will be limited and physical custody of CNSI precluded.

e. A statement that the CNSI to be accessed is releasable to the individual’s country of citizenship or that an export license has been obtained.

2.16.3 The CCS/CCPS shall evaluate the request with the Center International Visitor Coordinator (IVC) and Center Export Administrator (CEA) to identify any potential issues and make an endorsement recommendation and forward to the AA, OPS for LAA review. The AA, OPS shall coordinate with OIIR and other relevant offices or Agencies to determine concurrence or non-concurrence prior to granting the LAA. The AA, OPS shall provide a final response to the CCS/CCPS and the requesting organization.

2.16.4 If an LAA is initiated by a NASA cleared contractor performing on a NASA classified contract, only the DSS/DoD CAF or successor organization has the authority to grant the LAA. The following procedures shall apply. The cleared contractor’s Facility Security Officer shall submit a written request for an LAA to the CCS/CCPS that includes all information from section The CCS/CCPS shall ensure the contract is current and has a current DD-254 in place. The requirements in sections through shall be followed. If acceptable, the AA, OPS shall endorse and submit the request to DSS to grant the LAA. The AA, OPS will receive the DSS endorsement and forward the final response to the CCS/CCPS and the contractor.

2.16.5 Center OPS shall ensure:

a. An investigation sufficient for access to Secret and a favorable adjudication is obtained before access is granted. The granting of interim or temporary access pending completion of the investigation is prohibited.

b. Denied requests are returned to the requestor with an explanation of the denial.

c. A copy of the concurrence or non-concurrence will be retained by OPS.

d. The non-U.S. citizen nominated for the LAA signs a nondisclosure agreement if the LAA is granted.

2.16.6 Requests for access to CNSI owned by another agency shall be coordinated with and approved by that agency.

2.17 Accountability and Control of CNSI

2.17.1 All classified information is strictly accounted for and, for Top Secret only, covered by a continuous chain of signature receipts and inventory records. This chapter details the minimum requirements for accountability and control. Centers are encouraged to implement additional controls when appropriate.

2.17.2 Each Center will have have an information management system and set of written procedures to control the classified information in its possession. The system or procedures will contain specific requirements to account for and safeguard CNSI. The system will be sufficient to reasonably preclude the possibility of the loss or compromise of CNSI.

2.17.3 A trained Top Secret Control Officer (TSCO) and alternate shall be designated, in writing, by the CCPS/CCS. The TSCO will ensure that all Center Top Secret material is accounted for, protected, and transmitted under a chain of receipts using NF 387, or other Office of Protective Services approved documentation, identifying each individual with custody of the material.

2.17.4 Each item of Top Secret material, will be numbered in series. The copy number is placed on Top Secret documents and on all associated transaction documents. This is applicable to all media types, i.e. electronic and paper.

2.17.5 A record of Top Secret material produced is maintained when the material is: a. Completed as a finished document,

b. Retained for more than 180 days after creation, regardless of the stage of development, or

c. Transmitted outside the facility.

2.17.6 A trained Classified Material Control Officer (CMCO) and alternate shall be designated in writing by the CCPS/CCS. The CMCO will ensure that all Center CNSI material is received by an authorized person and safeguarded in accordance with E.O. 13526, and this NPR.

2.17.7 The CMCO is responsible to the CCPS/CCS for the Center Security Control Point (SCP) and oversight of the Document Control Points (DCP) within the Center and/or facilities.

2.17.8 Establishment of SCP. One SCP, operated by the CMCO, is established within each Center or facility that has a requirement to handle classified information. The SCP will be designated in writing within the local security procedural requirements. All incoming and outgoing classified information will be processed through the SCP with the following exceptions: SCI material and classified messages that are handled, processed, and stored within secure telecommunications spaces.

2.17.9 Document Control Point (DCP). Centers with significant volumes of classified material and where the SCP serves many organizations, each organization which has custody of classified material will establish a Document Control Station Official (DCSO) run by a Document Control Point Officer. Organizationally, this station may be established at the office, division, staff, or lower level, depending upon the circumstances. Creation of such stations will be coordinated with the CMCO and approved in writing by the CCPS/CCS.

2.18 Accountability Logs

2.18.1 NASA does not require the continuous chain accountability logs of Confidential or Secret material other than accounting for its receipt, creation, and destruction. However, the OPS Security Management Division Director recognizes that continuous chain accountability is a best practice in order to ensure and account for all classified material during a suspected or actual loss or compromise.

2.18.2 All Top Secret material will be accounted for throughout its life cycle. Records will be maintained for all Top Secret material and retained for five years after final disposition. These records will be maintained at the SCP for any accountable information, which is received, generated, reproduced, transmitted, downgraded, or destroyed. A Classified Document Control Log will be used for this purpose.

2.18.3 The Classified Document Control Log maintained at the SCP will, at a minimum, reflect the following for Top Secret:

a. Date of receipt and date of origination.

b. Agency/installation from which received or by which originated.

c. Classification level of the material.

d. A brief unclassified title or description of the material.

e. The date of declassification or downgrading.

f. Page count.

g. Control number assigned. Each copy of a classified document or item will have its own control number. Copy numbers will not be used as part of the control number.

h. Information indicating the location or local holder of the material. (Local holders/custodians shall have some form of signature receipt on file acknowledging that they have custody of the material.)

i. Disposition and date for all material destroyed, downgraded, declassified, or dispatched outside the installation.

2.18.4 The Classified Document Control Log maintained at the SCP will, at a minimum, reflect the following of Secret and Confidential:

a. Classification level of the material.

b. Control number assigned.

c. Disposition and date for all material destroyed, downgraded, declassified, or dispatched outside the DCSO.

2.18.5 Signed receipts, destruction reports and accountability logs will be retained for five years after final disposition.

2.18.6 Top Secret disclosure records. A disclosure record of all persons who are afforded access (including visual, oral, and record copies) to Top Secret information (except safe combinations) is maintained. This record will show the names of all individuals given access and the date of such access. To comply with this requirement, a Top Secret Cover Sheet (Form SF 703) will be attached to all Top Secret information in document form. For access given orally, a log listing the required information will be maintained. At a minimum, the Disclosure Record Sheet will provide:

a. Information reflecting the document being disclosed.

b. Individual to whom the information is being disclosed.

c. Organization and telephone number.

d. Date the information is disclosed. Records are retained for five years from the date of final disposition.

2.19 Handling of Incoming Classified Material

2.19.1 The CCPS/CCS shall provide written procedures for the handling of incoming classified material. When a Center/facility receives incoming mail, bulk shipments, and other classified materials delivered by messenger, the following controls are implemented:

a. All classified material is logged and delivered immediately to the SCP or properly safeguarded in accordance with this NPR until delivery to the SCP can be affected.

b. All Registered, USPS Express Mail, and contract overnight delivery packages are delivered unopened to the SCP and protected as Secret material until determined otherwise.

c. All personnel who open official mail of any sort shall immediately deliver any classified material to the SCP. Outer wrappers along with the unopened inner wrapper will be delivered to the SCP. If an individual opens mail, which is not correctly packaged, causing exposure to non-cleared or unauthorized individuals, the material will be delivered to the SCP, and the CCPS/CCS will be notified. The CCPS/CCS will investigate and submit a report of incidents involving classified material outlined in paragraph of this NPR.

d. All incoming packages containing classified material will be inspected for tampering. If tampering is discovered, it will be reported to the CCPS/CCS who will conduct necessary inquires. The contents of the package will be checked against the enclosed receipt.

e. Incoming classified material that does not fall under the Classified Management Computer system, such as a large device or piece of equipment, will be processed in accordance with the local Center security procedures established for that type of material.

2.20 Record of Destruction

2.20.1 An accurate record of destruction of classified material is as important as the manner of its destruction. Proper accounting procedures, together with accurate records of destruction, provide evidence of the proper disposition of classified material. Records of destruction are retained for five years from the date of destruction. Approved methods for destruction are in section 2.32.6 of this NPR.

2.20.2 A record of destruction is required for all Top Secret material designated for destruction. The destruction record will indicate the date the material was actually destroyed, the control number, the short title or a description of the material destroyed consistent with the description indicated in the control log, and the printed names and signatures of the official actually performing the destruction and a witness.

a. Two-person integrity is implemented for the destruction of Top Secret material and will be accomplished by at least one Center Security Specialist and one other person authorized with the need to know to access the information. Both individuals will sign the destruction receipt. Either the control log or a separate destruction report may be used for this purpose.

2.20.3 Secret and Confidential material is destroyed only by an authorized individual approved by the Center Protective Services Office.

2.21 Inventory Requirements

2.21.1 Two appropriately cleared individuals shall conduct inventories for Top Secret material. One of the individuals should be the control officer for the material.

2.21.2 An inventory is a visual sighting of each item of accountable material. All documents held are checked to ensure that they are entered into accountability, and all documents entered into accountability will be sighted, including those items signed out on local custody. If no disposition can be determined, a security incident report involving classified material will be submitted in accordance with section 2.35 of this NPR.

2.21.3 All Top Secret materials are inventoried upon change of custodian or semiannually. Semiannual inventories may be combined with change of custodian inventories. Accountability records will also be reviewed for accuracy and continuity. Section 2.18 contains a complete listing of required page checks.

2.21.4 Secret and Confidential material will be protected and safeguarded from persons without authorized access or need to know in accordance with E.O. 13526, 32 CFR pt. 2001 and this NPR.

2.21.5 The Center shall retain a record of all Top Secret inventories for at least five years. An inventory and a report of the results, including any discrepancies discovered, will be forwarded annually to the cognizant CCPS/CCS. Although an inventory of Top Secret holdings is required on a semiannual basis, a written report to the CCPS/CCS is only required annually unless discrepancies are discovered. Although the Top Secret inventory is only reported annually, local documentation of all inventories will be maintained at the installation as described above.

2.21.6 Upon change of custodian, all Top Secret material is transferred to the new custodian. A joint inventory will be conducted, accounting for each item. Both parties will sign the report documenting the completion of the inventory.

2.21.7 Changes and corrections. The custodian, under the direction of the CMCO, shall be responsible for the entry of all changes and corrections to the material in their custody. A Publication Change Checklist is used for all changes entered. Completed checklists will be retained until the publication is destroyed or superseded.

2.22 Top Secret Inventory

2.22.1 A page check will be conducted on all Top Secret material. Page checks involve visually sighting each page in a document, verifying its presence against a list of effective pages (if applicable), and ensuring that the page is from the original document. In the absence of a list of effective pages, the document will be examined for continuity. After each page check, the individual will sign the page check record (except for page checks prior to destruction). If one does not exist, a page check record will be produced locally and kept with the publication. The record will identify the publication, the name of the individual conducting the page check, discrepancies noted, and the date of the check.

2.22.2 Page checks on Top Secret material are conducted at least annually and on the following occasions: initial receipt, page change, classification change, change of custodian, inventory, and destruction.

2.22.3 No page checks are required for Secret or Confidential material.

2.23 Guidelines for Electronic Classified Information Processing

2.23.1 CNSI in the electronic environment is:

a. Subject to all the requirements of the E.O. 13526, 32 CFR pt. 2001, and this NPR.

b. Marked with proper classification markings to the extent that such marking is practical, including portion marking, overall classification, “Classified By,” “Derived From,” “Reason” for classification (originally classified information only), and “Declassify On.”

c. Marked with proper classification markings when appearing in an electronic output (e.g., database query) in which users of the information will need to be alerted to the classification status of the information.

d. Marked in accordance with derivative classification procedures, maintaining traceability of classification decisions to the original classification authority. In cases where classified information in an electronic environment cannot be marked in this manner, a warning will be applied to alert users that the information may not be used as a source for derivative classification and to provide a point of contact and instructions for users to receive further guidance on the use and classification of the information.

2.23.2 Markings on Classified E-mail.

a. E-mail transmitted on, or prepared for transmission, on classified systems or networks is configured to display the overall classification at the top and bottom of the body of each message. The overall classification marking string for the e-mail reflects the classification of the header and body of the message. This includes the subject line, the text of the email, a classified signature block, attachments included in the messages, and any other information conveyed in the body of the e-mail. A single linear text string showing the overall classification and markings is included in the first line of text and at the end of the body of the message after the signature block.

b. Classified e-mail is portion marked to reflect the highest level of information contained in that portion. A text portion containing a uniform resource locator (URL) or reference (i.e., link) to another document will be portion marked based on the classification of the content of the URL or link text, even if the content to which it points reflects a higher classification marking.

c. Subject lines are portion marked to reflect the sensitivity of the information in the subject line itself and not reflect any classification markings for the e-mail content or attachments. Subject lines and titles are portion marked before the subject or title.

d. When forwarding or replying to an e-mail, individuals shall ensure that, in addition to the markings required for the content of the reply or forward e-mail itself, the markings for the overall classification and declassification instructions of the entire string of e-mails and attachments are also reflected. This will include any newly drafted material, material received from previous senders, and any attachments.

2.23.3 Each CCP/CCS is responsible for providing a count of all original (where applicable) and derivative classification actions electronically processed throughout the year in accordance with SF 311 at the end of the fiscal year. Do not count products classified by another agency and do not count any reproductions or copies. Instruction “Guidelines for SF 311 Data Collection” should be referenced for assistance.

a. The CCPS/CCS shall establish written procedures to ensure that an accurate record of electronic processing done throughout the year is maintained by each derivative classifier to assist in the completion the SF 311 at the end of the fiscal year.

2.23.4 Marking Web Pages with Classified Content.

a. Web pages are classified and marked on their own content regardless of the classification of the pages to which they link. Any presentation of additional web material links are also marked based on its own content.

b. The overall classification marking string for every web page will reflect the overall classification markings (and any dissemination control or handling markings) for the information on that page.

c. Classified web pages are portion marked and contain a classification authority block. The block may appear as a single linear text string instead of the traditional appearance of the three lines of text.

2.24 Storage of CNSI – Security Containers and Vaults

2.24.1 The General Services Administration (GSA) establishes and publishes minimum standards, specifications, and supply schedules for containers, vault doors, modular vaults, and other associated security devices suitable for the storage and protection of CNSI against forced, covert, and surreptitious entry.

2.24.2 All classified documents and material under the jurisdiction, possession, control, and ownership of NASA are stored in a “General Services Administration Approved” security container with a combination lock meeting Federal Specification FF-L-2740 or a facility/room with sufficient physical and procedural security measures to preclude unauthorized access.

2.24.3 Whenever new security equipment is procured, it will conform to the standards and specifications established by GSA and will, when available, be procured through the Federal Supply System.

2.24.4 Deployment, use, and maintenance of security containers, vaults, and secure areas designed for storage or daily use and discussion of CNSI is centrally managed by the CCPS/CCS to ensure their use is consistent with Agency and Center policies and procedures for storage and accountability of CNSI. The CCPS/CCS will:

a. Ensure only GSA-approved security containers, designed specifically for storage of CNSI, are used for the storage of CNSI.

b. Ensure GSA-approved security containers and vaults clearly display the following labels:

(1) GSA-approved label.

(a) Indicates that the container has been tested and certified by the GSA.

(b) On containers manufactured after October 1990, label is silver with red lettering.

(c) On containers manufactured prior to October 1990, label is either silver with black lettering or black with silver lettering.

(2) Test certification label.

(a) Identifies the class of container and the amount of time the container protects against forced, covert, and surreptitious entry.

(b) Displayed on the external side of the control door (drawer or drawer with the lock).

(3) Number label.

(a) Serves as container serial number.

(b) Displayed on front face of container.

c. Maintain a current database of all Center-wide security containers and vaults to include (at a minimum):

(1) Assigned Center-specific security container or vault.

(2) Location of container or vault.

(3) Custodian/Alternate custodian.

(4) Highest classification level of information stored.

d. Ensure repair and recertification of a GSA-approved container as required by Federal Standard 809-B if its GSA-approved label is missing or if the structural integrity of the container has been compromised.

e. Ensure approved containers and vaults are used only for storage of CNSI and necessary unclassified reference materials. Storage of unclassified materials is kept to the absolute minimum.

f. Ensure high-value items that are targets of theft such as funds, weapons, and precious metal are not to be stored in the same container as classified materials.

g. Ensure approved security containers and vaults are properly tagged “Not for Storage of Classified Material” by the CCPS/CCS prior to use in storage of non-classified material.

h. Establish procedures to remove unneeded security containers that are removed from service and retained for future use or properly disposed of and ensure combinations are set back to “factory settings”, 50-25-50.

i. Ensure locking mechanisms are properly outfitted with or upgraded to appropriate federally mandated “X” series locks under the following circumstances:

(1) When the security container or vault is newly procured or reentered into service.

Note: For storage of classified material: containers and vaults are inspected, reconditioned as necessary, recertified, and designated in writing by the Center locksmith and acknowledged by the CCPS/CCS prior to being reentered into service.

(2) When the locking system requires replacement.

(3) When the container or vault is used to store Top Secret, COMSEC, Special Access Required, or SCI information and material.

2.24.5 Combinations. Combinations are changed when first placed in service and then as needed whenever a person knowing the combination is transferred or terminated from employment or is no longer authorized access to the classified material stored in the equipment or area; whenever it is possible that the combination may have been subjected to compromise; or whenever the security storage equipment or security area has been found unsecured and unattended. Combinations are recorded on SF 700, Security Container Information.

a. The SF 700 provides the names, addresses, and telephone numbers of employees who are to be contacted if the security container to which the form pertains is found open and unattended.

(1) Part 1 is affixed on the inside of the locking drawer of the security container.

b. The form also includes the means to maintain a current record of the security container’s combination and provides the envelope to be used for storage of the combination (parts 2 and 2A).

c. Combinations are classified at the highest level of the classification of the information authorized for storage in the security container.

d. SF 700 combination envelopes (parts 2 and 2A) are maintained by the CCPS/CCS. Different storage requirements may apply when the combinations are for information at the SCI/SAP levels.

e. A new SF 700 is completed each time the combination to the security container is changed.

2.25 Forms

2.25.1 Records are kept for all security containers, vaults, and secure rooms that are used to store classified material. The SF 700 and SF 702 are required for every storage container. The SF 701 is required for all work areas where CNSI is processed.

a. SF 700, Security Container Information.

(1) Section 2.23.7 of this NPR describes proper implementation of this required form.

b. SF 701, Activity Security Checklist.

(1) Provides a systematic means to make a thorough end-of-day security inspection for a particular work area where CNSI is processed to ensure that the work areas are secured at the end of each working day.

(2) Allows for employee accountability in the event that irregularities are discovered.

(3) Is intended to be used for secure areas where CNSI is processed.

c. SF 702, Security Container Check Sheet.

(1) Provides a record of the names and times that persons have opened, closed, or checked a particular container that holds classified information.

(2) Is used to log each opening and closing of a security container or vault. It is placed on the container or on the door of the secure area.

(3) Is also used for the purpose of security checks of a container or vault.

d. Cover Sheets. Cover sheets serve as a shield to protect classified information from inadvertent disclosure and to alert observers that classified information is attached to it.

(1) SF-703 is used for Top Secret information.

(2) SF-704 is used for Secret information.

(3) SF 705 is used for Confidential information.

e. Labels. Labels are used to identify and protect electronic media and other media that contains or processes classified information. These labels are used instead of cover sheets for media other than documents. Labels are also used to identify information systems, printers, copiers and facsimile machines that are approved to process classified information. Use the label that is the highest classification of the information contained on the media or approved to process.

(1) SF 706 is used for Top Secret media.

(2) SF 707 is used for Secret media.

(3) SF 708 is used for Confidential media.

(4) SF 710 is used for Unclassified media. A mixed environment in which classified and unclassified information are being processed or stored, the SF 710 is used to identify electronic media and other media (information systems, printers, copiers, multifunction devices, and facsimile machines) that contain unclassified information.

2.26 Storage of NATO Classified Information and FGI

2.26.1 NASA has been designated as a NATO Sub registry by the U.S. Army Headquarters, Central U.S. Registry. NASA also has designated NATO User Offices at approved Centers. The NATO Control Officer and Alternate Control Officer are located in the OPS Security Management Division. If your work requires access to NATO classified information, please contact your Center Protective Services Office or the OPS Security Management Division Director.

2.26.2 Safeguard NATO classified information in compliance with USSAN Instruction 1-07. NATO and FGI should be stored separately from other classified information. To avoid additional costs, separate storage may be accomplished by methods such as separate drawers of a container. Safeguarding standards may be modified if required or permitted by treaties or agreements or for other obligations, with prior written consent of the National Security Authority of the originating government. 32 CFR § pt. 2001.54 should be referenced for more detail on how to protect FGI.

2.27 Emergency Authority

2.27.1 Senior Agency management or any designee may prescribe special provisions for the dissemination, transmission, safeguarding, and destruction of classified information during certain emergency situations. In emergency situations in which there is an imminent threat to life or in defense of the Homeland, Agency heads or designees may authorize the disclosure of classified information to an individual or individuals who are otherwise not routinely eligible for access under the following conditions:

a. Limit the amount of classified information disclosed to the absolute minimum to achieve the purpose.

b. Limit the number of individuals who receive it.

c. Transmit the classified information via approved Federal Government channels by the most secure and expeditious method to include those required in 32 CFR pt. 2001, subpt. C or other necessary means when time is of the essence.

d. Provide instructions on safeguarding information. Physical custody of classified information will remain with an authorized Federal Government entity in all but the most extraordinary circumstances.

e. Provide appropriate briefings to the recipients on their responsibilities not to disclose the information. Obtain a signed nondisclosure agreement.

f. All disclosures of classified information will be reported to the CCPS/CCS and the originator immediately or at the earliest opportunity. The CCPS/CCS will notify the OPS Security Management Division Director and provide the following information as soon as possible:

(1) A description of the disclosed information.

(2) Identity of the individual who authorized the disclosure.

(3) To whom the information was disclosed.

(4) How the information was disclosed and transmitted.

(5) Reason for the emergency release.

(6) How the information is being safeguarded.

(7) A description of the briefing provided and a copy of the signed nondisclosure agreements.

2.28 Reproduction of CNSI

2.28.1 Reproduction of classified information and material is kept to a minimum. Only equipment designated by the CCPS/CCS is authorized to reproduce classified information. Each Center CCPS/CCS shall develop and implement written procedures to ensure that the following requirements, as a minimum, are met:

a. Reproduction is accomplished by authorized persons knowledgeable of the procedures for classified reproduction.

b. Protect classified information during reproduction.

c. Adequately clear equipment after reproduction.

d. Copies of classified information are subject to the same controls as the original information and incorporated into the Center CNSI accountability system.

e. Safeguard overruns, waste, and blank copies generated during the clearing of reproduction equipment by handling material as “classified” and destroy copies accordingly.

f. Ensure security procedures are provided for reproducing classified information by other technical means.

2.28.2 The CCPS/CCS shall ensure that all equipment hard drives used in machines for reproduction are wiped or destroyed in accordance with standards used to erase classified information.

2.29 Hand-Carrying and Receipting of Classified Material

2.29.1 CNSI is transmitted in a manner that ensures protection of the material. A receipt will be required whenever CNSI material is transmitted using an authorized NASA official, entered into the U.S. Postal System or via authorized contract courier, transmitted off the Center by any means, transmitted to a non-NASA activity, or when the transmitting custodian wishes to verify change of custody.

2.29.2 The CCPS/CCS shall develop courier briefings as described in Chapter 4 of this NPR.

2.29.3 The OPS Security Management Division Director or the CCPS/CCS shall appoint a NASA employee or contractor to be a designated courier of CNSI when it is essential for that NASA employee or contractor to hand-carry such information within or outside HQ or a Center. The hand-carrying of CNSI on an airplane is pre-coordinated with the CCPS/CCS at least 3 weeks prior to departure.

2.29.4 Couriers may also be required for symposiums where transport, control, and access to CNSI may be necessary, for “cleared” conference or symposium attendees, including other Agency personnel or for NASA contractors holding NASA security clearances for a classified contract under a DD Form 254.

2.29.5 Authorization is provided to the designated courier on a NASA-approved Courier Authorization Card or NASA letterhead stationery, marked “Valid only in the United States of America,” and will include a specific expiration date and the names and home telephone numbers of one NASA Security Specialist who may be contacted if the designated courier is challenged to open the materials by non-NASA personnel (police, other Government officials, or airline personnel).

2.29.6 While the NASA Courier is going through or awaiting approval to clear airport security, the classified information will be kept within an appropriate container and within the custody of the courier at all times and not opened. The NASA Security Specialist will work with the airport security manager to resolve the situation or instruct the individual to return the classified material to the Center if the situation cannot be resolved in a timely manner.

2.29.7 Methods of Transportation within a Center. The TSCO, custodian, or other employee having a Top Secret clearance and designated by either TSCO or the CCPS/CCS, shall personally hand-carry Top Secret information within a Center. SF 703 will be attached to all Top Secret information in document form or SF 706 will be attached to all Top Secret media. Classified information is transmitted and received in an authorized manner which ensures that evidence of tampering can be detected, that inadvertent access can be precluded, and that timely delivery to the intended recipient is accomplished. Persons transmitting classified information are responsible for ensuring that intended recipients are authorized to store classified information in accordance with this directive. When traveling within a building, classified material is hand-carried, covered with the appropriate coversheets or labels with the recipient and sender name written on the cover page, enclosed in a single envelope or other suitable package, and carried in a briefcase or other container. When hand carrying classified material, the individual shall proceed directly to the intended destination. Restroom breaks, coffee breaks, and any other detour, are not permitted when hand carrying classified material. Transmitting between buildings of a Center or outside the facility, Top Secret, Secret, and Confidential information is double-wrapped, appropriately marked, addressed with the recipient and sender address on the inner envelope, and appropriate cover sheets or labels attached to the classified material. Additional measures may be established by the CCPS/CCS to control access to any CNSI by an unauthorized person during transmission. Such material is transmitted inside a Center by hand-delivery from a courier briefed employee possessing a clearance at least as high as the category of classification of the material involved.

2.29.8 Hand Carrying Outside a Center. The hand carrying of CNSI outside a Center is coordinated with the SCP or DCP so the appropriate receipting and wrapping of the material can take place. CNSI transmitted outside a Center is enclosed in two layers, both of which provide reasonable evidence of tampering and which conceal the contents. The inner cover is a sealed wrapper or envelope plainly marked with the assigned classification and addresses of both sender and addressee. The outer cover is sealed and addressed with no identification of the classification of its contents. A receipt is attached to or enclosed in the inner cover. The receipt will identify the sender, the addressee, and an unclassified description of the materials being transmitted. The receipt will be signed by the recipient and returned to the sender, who will retain it for five years. A suspense system is established to track transmitted documents until a signed copy of the receipt is returned. If signed receipts are not received within 30 days of transmission of the material, the CMCO will report the non-receipt to the CCPS/CCS. When the material is of a size, weight, or nature that precludes the use of envelopes, the materials used for packaging will be of such strength and durability to ensure the necessary protection while the material is in transit.

2.30 Transmission of Classified Material

2.30.1 The term “transmission” refers to any movement of classified material or material from one place to another. Unless a specific kind of transportation is restricted, the means of transportation is not significant.

2.30.2 Classified material is transmitted and received in an authorized manner, which ensures that evidence of tampering can be detected; inadvertent access can be precluded; and provides a method that assures timely delivery to the intended recipient. Persons transmitting classified material are responsible for ensuring that intended recipients are authorized persons with the capability to store classified information in accordance with the E.O. 13526, 32 CFR pt. 2001 and this NPR.

2.30.3 Classified material is transmitted either in the custody of an appropriately cleared individual, by an approved system or courier, or otherwise in accordance with the provisions of this NPR. The NASA Special Security Officer (SSO) is responsible for providing instructions concerning the transmission of Sensitive Compartmented Information (SCI) material. Contact your Center Special Security Officer to receive policy and guidance for SCI.

2.30.4 The carrying of classified material across international borders is not permitted unless arrangements have been made that precludes customs, postal, or other inspections. In addition, foreign carriers will not be used unless the U.S. escort has physical control of the classified material.

2.30.5 Transmittal documents and Agency-prescribed special markings will indicate on their face/cover the highest classification level of any classified information attached or enclosed. The transmittal is to also include, conspicuously, on its face/cover the following or similar instructions as appropriate:

a. “Unclassified When Classified Enclosure Removed.”

b. “Upon Removal of Attachments, This Document Is (Classification Level).”

2.30.6 Top Secret transmission. Internal mail and messenger system of an installation, U. S. Postal Service, and commercial delivery services are not authorized for the transmission of Top Secret material. Top Secret material is only transmitted by:

a. Defense Courier Service (DCS).

b. Department of State Courier System.

c. Appropriately cleared NASA civilian personnel or cleared NASA contractor specifically designated as a courier.

d. Telecommunications systems specifically approved for transmission of Top Secret material.

2.30.7 Secret transmission. Transmission of Secret material may be affected by:

a. Any of the means approved for the transmission of Top Secret, except that Secret material, other than that containing cryptologic information, which may be introduced into the DCS only when the control of such material cannot otherwise be maintained in U.S. custody. When the Department of State Courier System is used for transmission of Secret material, the Secret material will be sent by registered mail to the State Department Pouch Room.

b. U.S. Postal Service (USPS) registered mail within and between the 50 states and territories of the U.S.

c. USPS Express Mail Service, which may be used between NASA units and contractors within and between the 50 United States and its Territories. USPS Express Mail is authorized only when it is the most cost effective method or when time/mission constraints require it. The package will be properly prepared for mailing. The USPS Express Mail envelope will not serve as the outer wrapper. The package will be double wrapped as required then placed in the USPS Express Mail envelope. Under no circumstances will the sender execute the “Waiver of Signature and Indemnity” section of the USPS Express Mail Label for classified material. This action can result in drop-off of a package without the receiver’s signature and possible loss of control.

d. Federal Express (FedEx), which the CCPS/CCS may authorize for overnight delivery of material for the Executive Branch when an urgent requirement exists for overnight delivery within the 50 United States and its Territories. The sender is responsible for ensuring that an authorized person be available to receive the delivery. The package will only be addressed to the recipient by name. The release signature block on the receipt label will not be executed under any circumstances. The use of street-side collection boxes is prohibited. COMSEC, NATO, and FGI will not be transmitted in this manner.

e. Secret material will be transmitted by USPS registered mail, Army, Navy, or Air Force Postal Service facilities and will not pass through a foreign postal system, any foreign inspection, or via foreign airlines. The material will remain under U.S. control. The Center Protective Services Information Security Specialist will ensure that classified material sent to U.S. activities overseas will be appropriately prepared and transported by an approved carrier. If the material is introduced into a foreign postal system, it has been subjected to compromise.

f. Qualified carriers authorized to transport Secret material via a Protective Security Service under the 32 CFR pt. 2004, within U.S. boundaries only. This method is authorized only when the size, bulk, weight, nature of the shipment, or escort considerations make the use of other means impractical.

g. Other carriers under escort of appropriately cleared personnel. The Center Protective Services Information Security Specialist will determine what carrier service should be used based on the availability of service providers in the area. Carriers include Government and Government contract vehicles, aircraft, ships of the U.S. Navy, Federal employee-manned U.S. Naval Ships, and ships of U.S. registry. Appropriately cleared operators of vehicles, officers of ships, or pilots of aircraft who are U.S. citizens may be designated as escorts, provided the control and surveillance of the carrier is maintained on a 24-hour basis. The escort will protect the shipment at all times, through personal observation or authorized storage to prevent inspection, tampering, pilferage, or unauthorized access until delivery to the consignee. However, observation of the shipment is not required during the period if stored in an aircraft or shipped in connection with flight or sea transit, provided the shipment is loaded into a compartment that is not accessible to any unauthorized persons aboard or loaded in specialized shipping containers, including closed cargo containers.

h. Telecommunications systems specifically approved for the transmission of Secret material.

2.30.8 Confidential transmission. Transmission of Confidential material may be effected by:

a. Any of the means approved for the transmission of Secret material.

b. USPS registered mail.

2.30.9 Transmission of NATO classified information. The NASA Sub registry is the only entity that can transmit (send and/or receive) NATO classified information. Please contact the OPS Security Management Division Director for further guidance.

2.30.10 Release of U.S. Classified Information to Foreign Governments. Subsequent to a determination by the OPS Security Management Division Director that classified material may be released to a foreign government, the material is transferred between authorized representatives of each government in compliance with the provisions of this chapter. To ensure compliance, each contract, agreement, or other arrangement that involves the release of classified material to foreign entities will either contain transmission instructions or require that a separate transportation plan be approved by the OPS Security Management Division Director prior to release of the material. Classified material is transmitted only:

a. To an embassy or other official agency of the recipient government that has extraterritorial status.

b. For on-loading aboard a ship, aircraft, or other carrier designated by the recipient government at the point of departure from the U.S. or its Territories or possessions. At the time of delivery, a duly authorized representative of the recipient government will be present at the point of departure to accept delivery, ensure immediate loading, and to assume security responsibility for the classified material. Classified material to be released directly to a foreign government representative is delivered or transmitted only to a person who has been designated in writing by the recipient government as its officer, agent, or employee. This written designation will contain assurances that such person has a security clearance at the appropriate level and that the person will assume full security responsibility for the material on behalf of the foreign government. The recipient will be required to execute a receipt for the material, regardless of the level of classification. Each contract, agreement, or arrangement, which contemplates transfer of U.S. classified material to a foreign government within the U.S. or its Territories, will designate a point of delivery in accordance with subparagraph 2.13.1.a or 2.13.1.b. If delivery is to be made at a point described in subparagraph 2.13.1a the contract, agreement, or arrangement will provide for U.S. Government storage or storage by a cleared contractor at or near the delivery point. U.S. classified material may be temporarily stored in the event the carrier designated by the recipient foreign government is not available for loading. Any storage facility used or designated for this purpose will afford the U.S. classified material the appropriate level of protection required. If U.S. classified material is to be delivered to a foreign government within the recipient country, it will be transmitted in accordance with this chapter. Unless a designated or approved courier or escort accompanies the material, it will, upon arrival in the recipient country, be delivered to a U.S. Government representative who will arrange for transfer to an authorized representative of the recipient foreign government.

2.31 Receipt System

2.31.1 Top Secret material is transmitted under a continuous chain of signed receipts.

2.31.2 Secret and Confidential material are covered by a receipt between installations and other authorized addressees outside of NASA.

2.31.3 Receipts are provided by the transferring installation, and the forms will be attached or enclosed in the inner envelope or cover. NF 387 will be used for this purpose.

2.31.4 Receipt forms are unclassified and contain only information necessary to identify the material being transmitted.

2.31.5 A duplicate copy of the receipt is retained in a suspense file until the signed original is returned. If a signed receipt is not received within 45 days, follow-up action will be initiated and the cognizant CCPS/CCS will be informed.

2.31.6 Copies of signed receipts will be retained for a period of five years.

2.32 Defense Courier Service Reimbursement Program

Upon request of the AA for Protective Services, the CCPS/CCS shall provide information on the Center’s use of the reimbursable service of the Defense Courier Service for transmitting CNSI outside the Center. These costs should also be accounted for annually on the SF 716.

2.33 Disposition or Destruction of Classified Material

2.33.1 Inactive CNSI shall be disposed of in accordance with NPR 1441.1. Each Center will employ security procedures and methods for destruction, witnessing, certification, and retention of CNSI in accordance with this NPR.

2.33.2 Classified information identified for destruction is destroyed to preclude recognition or reconstruction of the classified information.

2.33.3 Centers and other NASA Installations shall continuously review their classified holdings. Classified information will be destroyed when determined to be no longer required for operational or administrative purposes. The Center CCPS/CCS will establish annual Center-wide classified material destruction events to ensure classified holdings are properly reviewed and unneeded CNSI disposed of in accordance with NPR 1441.1. Prior to any classified information or document being disposed of, the Center Records Manager and the organization that controls the document, in coordination with the Center Protective Services Office, will determine whether the record is a permanent or temporary document, which will determine the disposition of the document. Once the document has been labeled as temporary or permanent, the record will be destroyed or sent to the NASA Records Center or the NARA for storage. Collecting or hoarding CNSI is prohibited.

2.33.4 Additional policy is followed when destroying COMSEC material as contained in NPR 1600.6.

2.33.5 Unclassified material, including formerly classified material that has been declassified and unclassified messages, does not require the same assurances of complete destruction. To avoid overloading an installation’s classified material destruction system, unclassified material is introduced only when the CCPS/CCS or higher authority requires it because of unusual security considerations or efficiency.

2.33.6 Approved destruction methods. Only equipment listed on an Evaluated Products List (EPL) issued by the National Security Agency (NSA) may be utilized to destroy classified information using any method covered by an EPL. Only paper-based products are destroyed by pulping. Classified material in microform, that is, microfilm, microfiche, or similar high-data density material, will be destroyed by burning or chemical decomposition or other methods as approved by the cognizant CCPS/CCS. Equipment approved for the destruction of classified material will be operated properly and provided with regular maintenance, as suggested by the manufacturer. The following are the approved methods for the destruction of classified material:

a. Burning. When burning is used for destruction of classified information, ensure that the wind or draft does not carry portions of burned material away and that the resulting ash is broken up sufficiently to preclude reconstruction.

b. Shredding. Any crosscut shredder whose residue particle size is equal to or smaller than 1/32 of an inch in width by 1/2 inch in length (1/32 x ½) is approved for the destruction of all classified paper material, magnetic tape, and cards. Do not use shredders to destroy classified microfilm, microfiche, or similar high-information density human readable material. This does not include COMSEC items that are destroyed in accordance with established NSA requirements contained in Committee on National Security Systems (CNSS) Policy No. 16. NSA requirements will be maintained at the Center Security/Protective Services Office.

c. Pulping (Wet Process). Wet process pulpers with a 1/4 inch or smaller security screen will be used to destroy classified water-soluble material. Since pulpers only destroy paper products, staples, paper clips, and other fasteners will be removed to prevent clogging the security screens.

d. Pulverizing (Dry Process). Pulverizers and disintegrators designed for destroying classified material are usually too noisy and dusty for office use, unless installed in a noise- and dust-proof enclosure. Some pulverizers and disintegrators may be used to destroy photographs, film, typewriter ribbons, magnetic tape, flexible diskette (floppy disk), glass slides, and offset printing plates. Pulverizers and disintegrators are required to have a 3/32-inch or smaller security screen.

e. Chemical Process. Classified microfilm or microfiche will be destroyed by chemical process.

2.33.7 Destruction of Classified Equipment. All components of classified equipment will be destroyed by any method that destroys them beyond recognition.

2.33.8 Eradication of Magnetic Media. Destruction of classified Automated Information System magnetic media will be done in accordance with NSA/Central Security Service Policy 9-12 and established NASA COMSEC requirements. A record of destruction will be executed upon eradication of the classified information. The Center Protective Services Office will provide specific guidance on how to destroy newer forms of media as required.

2.34 Destruction Procedures

2.34.1 Classified material will only be destroyed by authorized means by individuals cleared to the level of the material being destroyed. A minimum of two individuals will be responsible for destroying Top Secret material and a minimum of one for Secret and Confidential. These individuals have a need to know and are authorized to destroy the material.

2.34.2 The personnel tasked with the destruction or preparation for destruction of classified material shall be thoroughly familiar with the requirements and procedures for safeguarding classified information. They will be thoroughly briefed on the following:

a. Safeguarding all classified material entrusted to them for destruction.

b. Conducting a thorough page check of Top Secret material before destruction is accomplished.

c. Observing all documents destroyed or being prepared for destruction and checking the residue of locally destroyed material to ensure that destruction is complete and reconstruction is impossible.

d. Taking precautions to prevent classified material or burning portions of classified material from being carried away by wind or draft.

e. Completing and signing all appropriate records of destruction.

2.34.3 Classified waste will be destroyed as soon as practicable. Containers used for the accumulation of Secret classified waste will be dated when the first item of classified waste is deposited. If, after 30 days, the classified waste has not been destroyed, a review will be conducted to determine why the information is still being stored and arrangements should be made immediately to destroy the material. When destruction is completed, a record of destruction will be prepared.

2.34.4 The CCPS/CCS shall review or direct a review, at least annually, of Center classified material holdings expressly in order to reduce classified holdings to an absolute minimum.

2.35 Sanctions

2.35.1 NASA Personnel, and its contractors, licensees, certificate holders, and grantees are subject to appropriate sanctions if they knowingly, willfully, or negligently:

a. Disclose to unauthorized persons information properly classified under this NPR, E.O. 13526 or predecessor orders and 32 CFR pt. 2001;

b. Classify or continue the classification of information in violation of this NPR, E.O. 13526 and 32 CFR pt. 2001;

c. Create or continue a special access program contrary to the requirements of the E.O.; or

d. Contravene any other provision of this NPR, the E.O. and 32 CFR pt. 2001.

2.35.2 Sanctions may include reprimand, suspension without pay, removal, termination of classification authority, loss or denial of access to classified information, or other sanction in accordance with applicable law and NASA policy.

2.35.3 The Administrator or SAO, at a minimum, shall promptly remove the classification authority of any individual who demonstrates reckless disregard or a pattern of error in apply the classification standards of this NPR, the E.O. and 32 CFR pt. 2001.

a. The Administrator or SAO shall;

(1) Take appropriate and prompt corrective action when a violation or infraction occurs; and

(2) Notify the Director of the Information Security Oversight Office when a violation occurs.

2.36 Security Violations, Security Infractions and Compromise of CNSI

2.36.1 The CCPS/CCS shall ensure that written procedures exist for the following:

a. Emergency action and reporting requirements for the loss of CNSI.

b. Action to be taken by the CCPS/CCS in the event of the loss of control over CNSI.

c. Action required in the event that the lost CNSI was not compromised.

d. Action required in the event of possible compromise of CNSI.

e. Action required in the event of unauthorized disclosure of CNSI by NASA personnel.

f. Documenting unfavorable systemic trends of security violations in order to alert NASA personnel during annual security education.

g. Notifying the OPS Security Management Division Director, the servicing NASA Counterintelligence office, the Central Adjudication Facility (CAF), and, as appropriate, Center management officials when classified information is presumed compromised.

h. Notifying the NASA Security Operations Center and Center Chief Information Officer when the incident involves an information system or electronic media as described in ITS-HBK-2810.09-04,

i. Loss, possible compromise or unauthorized disclosure of classified information or material will be reported immediately to the CCPS/CCS upon discovery of the incident. The CCPS/CCS will appoint a lead from the Center Protective Services Office to head the investigation and to contact the appropriate organizations required to complete this action. This includes data-spillages on the NASA unclassified network.

2.36.2 A written incident report will be made to the OPS Security Management Division Director on all issues as described in 2.19.1. An initial report of incidents involving classified material requires an immediate notification and presentation of the facts for the purpose of limiting and assessing the damage to the national security. The initial report is due to the OPS Security Management Division Director within two working days. The intent is to notify all critical officials as soon as possible to limit further damage, assess weaknesses, and correct a discrepancy, if appropriate. If a formal report cannot be accomplished in two working days, the OPS Security Management Division Director will be provided with electronic mail that briefly describes the incident, immediate actions taken, and those planned. When a security incident involves the simultaneous compromise of CNSI, sensitive but unclassified information, personally identifiable information (PII), 22 CFR pts. 120-130, 15 CFR pts. 730-774, etc., the Information Security Specialist will take the lead since the CNSI is the highest level of information involved in the incident. A team will be formed consisting of the Center Privacy Manager, ITAR/EAR Manager, and the Center Chief Information Officer Representative to handle and coordinate the other information that falls outside the CNSI arena. Immediate reports of incidents involving classified information will contain the following information:

a. Type of report.

(1) Compromise.

(2) Possible compromise.

(3) Administrative discrepancy.

b. Type of incident:

(1) Compromise.

(2) Possible compromise.

(3) Improper destruction.

(4) Unauthorized access.

(5) Improper transmission (transmission via non-secure means or use of unauthorized equipment).

(6) Improper storage.

(7) Loss of material.

(8) Found material (material not in accountability system or previously reported as lost) not subjected to possible compromise.

(9) Other (explain).

c. Administrative discrepancy:

(1) Mailed via non-registered/certified mail.

(2) Sent in single container.

(3) Markings on outer container divulged classification of contents.

(4) Classification not marked on inner container.

(5) No return receipt.

(6) Inadequate wrapping: not securely wrapped or protected.

(7) Received in poor condition: compromise improbable.

(8) Addressed improperly.

(9) Classified by unauthorized original classifier.

(10) Markings incorrect.

(11) Classified by, reason for classification, or declassify on, incorrect or missing (originally classified documents).

(12) Derived from or declassify on line incorrect or missing (derivatively classified documents).

(13) Other (explain).

d. Complete identification of all material involved including:

(1) Unclassified title.

(2) Classification.

(3) Originator.

e. Identity of all personnel involved including:

(1) Full name.

(2) Social Security Number.

(3) Security Clearance.

(4) Basis of Security Clearance.

f. A statement of actions taken upon discovery of incident and description of events.

g. Weakness leading to the incident.

h. Corrective actions taken and actions taken to preclude recurrence.

i. Disciplinary action taken, if any.

j. Unit incident number, to include:

(1) Fiscal year.

(2) Sequential number.

2.36.3 The CCPS/CCS shall submit a final incident report within 30 days of the incident. The report will include:

a. Likelihood CNSI was compromised (provide details supporting determination).

b. General comments (may include authority to remove material from accountability or request further information).

c. Incident closure or further investigation required.

d. Center incident number (to include fiscal year and sequential number).

2.36.4 .The CCPS/CCS shall track security infractions to identify systemic trends. Security Infractions are administrative errors that do not result in the compromise of CNSI. Unfavorable systemic trends will be addressed in annual security education training and with remedial training for repeat offenders.

2.36.5 The Office of Protective Services will report all security violations and corrective actions to ISOO.

2.37 CNSI Meetings

2.37.1 Any meeting (conference, seminar, symposium or exhibit) sponsored by NASA or held at a NASA Center where classified information is disclosed will meet the minimum-security standards established in paragraph 2.20.3 and be coordinated by the Center OPS.

2.37.2 NASA may host meetings held by an association, society, or other group whose membership consists of cleared personnel. The membership and NASA CCPS/CCS will ensure the following:

a. An authorized contract is in place.

b. An appropriately trained clearance holder is designated and responsible for furnishing all security measures for the meeting.

2.37.3 The Center OPS shall request approval from the OPS SMD approval for a NASA-sponsored meeting involving CNSI discussion and presentations. The request will include an event security plan detailing physical and industrial security procedures to be enforced.

2.37.4 The OPS SMD shall approve classified meetings requiring foreign national or foreign representative attendance in accordance with NPR 1600.4.

2.37.5 The CCPS/CCS shall ensure the following minimum security standards are met:

a. A classified meeting is restricted to appropriate areas at Government or contractor facilities approved for classified discussions.

b. Supervisors and meeting hosts shall ensure that all attendees possess the appropriate personnel security clearances and a need-to-know.

c. A request for security approval for a CNSI meeting is forwarded through the CCPS/CCS to the OPS Security Management Division Director. The request will include the following items: date(s) and specific location for the proposed meeting (Government or cleared contractor facility), identification of CNSI subject matter and highest classification level involved, and the identification and status of any non-U.S. citizen (Foreign National or resident alien) and foreign representative invited to attend during any classified or unclassified session.

d. If any non-U.S. citizen or foreign representative is in attendance, the following information will be submitted to OPS SMD: complete name, date, place of birth, current citizenship status, type of personnel security clearance (if any), identification of each foreign government and/or entity represented, date(s) of attendance, nature of participation, and the reason why attendance is considered to be in the U.S. national interest.

e. Foreign nationals or foreign representatives will not be invited to attend or permitted to attend any classified meetings unless advance approval has been obtained from the OPS SMD. Refer to NPR 1600.4 for more detailed requirements on facilitating foreign national visits.

f. The CCPS/CCS or staff shall implement necessary security measures; conduct a visual and physical inspection of the meeting room to help preclude any unauthorized disclosures of classified information.

2.38 Security Areas

2.38.1 Requests for collateral-level secure vault areas/conference rooms are submitted to the CCPS/CCS for approval and are constructed to meet Intelligence Community Directive (ICD) 705. At a minimum, these areas are designated “Limited Areas.”

2.38.2 Requests for unattended open storage areas containing collateral-level Confidential or Secret level CNSI materials are submitted to the CCPS/CCS for approval. Approval can only be granted when construction standards meet ICD 705. These areas are designated “Exclusion Areas.”

2.38.3 Requests for open storage areas containing collateral-level Top Secret level materials are submitted to OPS SMD for review and approval. Approval can only be granted when construction standards meet ICD 705. These areas are designated “Exclusion Areas.”

2.39 Classified Material Ownership

2.39.1 Classified information is always official U.S. Government information and never personal property of the individual. Confusion sometimes arises about classified notes from a training course or conference. Classified material is official U.S. government property that will be safeguarded, transmitted, and destroyed in accordance with this NPR. Classified notes cannot be removed from a NASA installation without the approval of the Center Director or CCPS/CCS. Classified notes are not working papers but official information for which the Center/facility is responsible. Classified notes are transmitted by one of the authorized transmittal methods for classified material. When an individual leaves one NASA installation and transfers to another, the installation may officially transfer his/her notes as classified material to the new NASA installation where the material will again be available for his/her use. If the individual desires to have material transferred to another U.S. Government agency, the CCPS/CCS will facilitate the transfer of physical information. However, CCPS/CCS will inform OPS, SMD to facilitate technology transfers. Derivative classifiers may share information with other U.S. Government agencies if they have met the requirements outlined in 2.7 of this NPR.

2.39.2 CNSI is always the property of the United States Government. Individuals who remove CNSI without proper authorization may be subject to disciplinary action up to and including criminal prosecution under Titles 18 and 50 of the United States Code and other applicable laws.

2.40 Security Classification Reviews for NASA Programs and Projects

2.40.1 Pursuant to NPR 7120.5, NPR 7120.7, and NPR 7120.8, programs and projects conduct formal security reviews that, in addition to personnel, physical, and information technology security, include reviews for traditional information classification security needs. Security reviews will be undertaken to determine if information used or produced as part of a program or project, meets the requirements for designation as CNSI controlled information. Program and project managers will contact their local Center Protective Services Office for classification assistance at the beginning of all new projects as required. Project managers will:

a. Complete NF 1733. The local Center Security Protective Services Office Information Security Specialist should be consulted for assistance with this form and the classification process.

b. Take the completed form to the Center Protective Services Office for review and approval.

c. Include the NF 1733 as permanent program documentation and in any procurement-related documentation.

2.40.2 Upon the conclusion of the security review, if the information surrounding or concerning the program or project, or portions thereof, meet one or more of the categories of information presented in E.O. 13526, a subject matter expert (SME) with assistance from OPS and the CCPS/CCS, as appropriate, develops an appropriate SCG. The SME and project officials shall consider the level of classification needed for specific information. APPENDIX A provides a definition of each. SMEs specifically identify what particular information is under consideration for classification. The SME will provide a recommendation of the classification level (Top Secret, Secret, or Confidential) and duration of protection to OPS. The “NASA Handbook for Writing Security Classification Guides” formally prescribes information that is contained in an SCG and can be obtained from the OPS Information Security Program Manager. Duration of classification will be considered within the following guidelines:

a. The SME shall attempt to determine a date or event that is less than 10 years from the date of original classification and that coincides with the lapse of the information’s national security sensitivity and will assign such date or event as the declassification instruction.

b. If unable to determine a date or event of less than 10 years, the SME shall ordinarily assign a declassification date that is 10 years from the date of the original classification decision.

c. If unable to determine a date or event of 10 years, the SME shall assign the declassification date not to exceed 25 years from the date of the original classification decision.

2.40.3 All SCGs are approved by OPS. The CCPS/CCS and the OPS Security SMD shall assist program and project managers in the development of SCGs. All SCGs are signed by a NASA OCA with Technical Concurrence from the Associate Administrator for the appropriate Mission Directorate.

2.40.4 The OPS will establish and maintain a central repository for all NASA-originated SCGs and declassification guides. The OPS will also obtain and maintain SCGs and declassification guides from other Agency programs in which NASA is working or supporting. The CCPS/CCS will ensure the OPS Security Management Division Director has the most recent version of program SCGs for their Center.

Pursuant to 32 CFR 2001.16 and section 2.42.1.d. of this NPR, the CCPS/CCS will conduct a fundamental classification review of NASA SCGs every 5 years by for SCGs under their Center. The fundamental classification review focuses on:

a. Evaluation of content.

(1) Determining if the guidance conforms to current operational and technical circumstances.

(2) Determining if the guidance still meets the standards for classification under section 1.4 of the E.O. and the assessment of likely damage under section 1.2 of the E.O.

b. Evaluation of use.

(1) Determining if the dissemination and availability of the guidance is appropriate, timely, and effective.

(2) An examination of recent classification decisions to ensure that classification decisions reflect the intent of the guidance as to what is classified, the appropriate level, the duration, and associated markings.

2.40.5 Upon completion, termination, or cancellation of a program or project, a declassification guide is produced to provide the necessary requirements for declassifying the project information. The declassification guide is approved by the OPS. 32 CFR 2001.32 contains additional details pertaining to declassification guides.

2.40.6 If information surrounding or concerning the program or project is considered unclassified, a letter of transmittal is produced that reflects this determination. The project office will maintain the original letter with copies sent to the appropriate responsible Mission Directorate and to the OPS Security Management Division Director.

2.40.7 All CNSI information should be reviewed by a records manager, the responsible program manager/office head, and a Declassification Authority (DCA), if the information is classified, to determine the disposition of the records before they are sent to the Federal Records Centers or the NARA for temporary or permanent storage.

2.41 Access to Classified National Security Information Granted by Another Government Agency

2.41.1 All NASA employees receiving access to classified information from other government agencies such as the Department of Energy, Department of Defense, National Security Agency, Department of Homeland Security, Nuclear Regulatory Agency, State Department or any other Government agency shall protect and control the classified information in accordance with the regulations and policies provided to them by the agency granting the access and need to know. The employee will contact their NASA Center Protective Service Office to receive assistance with safeguarding and protecting the information if they are required to maintain the classified information at a NASA Center, Component Facility, or location.

2.41.2 CCPS/CCS shall report to OPS, SMD all other government programs performed at their Center and ensure that Center employees are properly handling and safeguarding other government classified information.

2.42 Special Access Program (SAP)

2.42.1 A SAP may be created within NASA only upon specific written approval of the Administrator and coordinated with the Office of Protective Service Intelligence Division Director to ensure required security protocols are implemented and maintained. The Administrator, along with SAO and the Office of Protective Services Intelligence Division Director, reviews each SAP annually to determine whether it continues to meet the requirements of E.O. 13526.

2.42.2 All personnel security requirements for NASA personnel to establish and participate in SAP external to NASA is coordinated with the OPS Intelligence Division Director to ensure accountability of NASA equities.

2.42.3 All NASA security activity associated with SAPs are authorized and prescribed by the NASA Special Access Program Security Guide (SAPSG). All NASA SAPs will adhere to the standards in the SAPSG. Other Federal Agency SAPs supported at NASA facilities will adhere to the NASA SAPSG when there is no policy or direction provided from the other agencies.

2.43 Information Systems (IS)

2.43.1 Information systems (IS) that are used to capture, create, store, process, or distribute CNSI will be properly managed to protect against unauthorized disclosure of classified information, loss of data integrity, and to ensure the availability of the data and system. OPS shall be responsible for the certification and accreditation for all NASA National Security Systems, networks, and Protected Distribution Systems.

2.43.2 Protection requires a balanced approach, including information systems security features to include, but are not limited to, administrative, operational, physical, computer, communications, and personnel controls. Protective measures commensurate with the classification of the information, the threat, and the operational requirements associated with the environment of the information systems are required. Information will not be downloaded onto memory sticks, jump drives, USB flash drives, or any other type of device without specific documented approval from the information system owner or the authorized security official that controls access to the system.

2.43.3 The CCPS/CCS will submit the request for Authorization to Operate (ATO) to the Office of Protective Service Authorizing Official (AO) at HQ for approval.

2.43.4 The CCPS/CCS shall follow the National Institute of Standards and Technology (NIST) Risk Management Framework when establishing information systems and networks that access, process, store, or transmit CNSI. The CCPS/CCS will ensure that the information system is secured in accordance with the Committee on National Security Systems (CNSS) Instruction 1253, NIST Special Publication 800-53, and NIST Special Publication 800-37.

2.44 ISOO Reporting Requirements

2.44.1 OPS is responsible for compiling data received from CCPS/CCS and completing the following annual reports to ISOO in accordance with E.O. 13526 and 32 CFR pt. 2001:

a. ISOO SF 311.

b. ISOO SF 716. The CCPS/CCS will work with the appropriate personnel to ensure that the best estimates are collected for inclusion on the Annual ISOO Cost Estimates for Security Classification Activities for each fiscal year. The cost estimates will be incorporated and consolidated into the Agency’s external reporting requirement to ISOO as described in Section 2.42 of this NPR. The costs estimates reported to the OPS Security Management Division Director on the SF 716 will only be associated with the protection of classified information, not security costs for the protection of property or unclassified information. The following categories will be included:

(1) Personnel Security.

(2) Physical Security.

(3) Classification Management.

(4) Declassification.

(5) Protection and Maintenance for Classified Information Systems.

(6) Operations Security and Technical Surveillance Countermeasures.

(7) Professional Education, Training and Awareness.

(8) Security Management, Oversight and Planning; and

(9) Unique Items.

c. ISOO Senior Official Self-Inspection Program Report.

d. Fundamental Classification Guidance Review.

e. Security Violations and Sanctions. In accordance with Section 5.5 of E.O. 13526 and 32 CFR pts. 2001.48(d) & 2001.91(d), the OPS will report to ISOO any violation or sanction that is prohibited by the E.O. that:

(1) Is reported to oversight committees in the Legislative branch;

(2) May attract significant public attention;

(3) Involves large amounts of classified information; or

(4) Reveals a potential systemic weakness in classification, safeguarding, or declassification policy or practices.

2.45 Self-Inspections

2.45.1 The CCS/CCPS will conduct internal self-inspections at least once annually and report the results to OPS, SMD Information Security Program Manager.

a. The internal annual self-inspection program will be documented and maintained for a period of three (3) years. The internal annual self-inspection includes evaluation and effectiveness of Center programs covering:

(1) Original classification.

(2) Derivative classification.

(3) Declassification.

(4) Safeguarding (to include telecommunications, automated information systems, and network security).

(5) Security violations and security infractions.

(6) Security education and training.

(7) Management and oversight of internal self-inspections.

(8) Include regular reviews of representative samples of Centers’ original (where applicable) and derivative classification actions; these samples will encompass all Center activities that generate classified information and evaluate the appropriateness of classification and proper application of document markings. This review will also include interviews with personnel that produce and use classified and classified electronic records pursuant to 32 CFR pt. 2001.

b. Center self-inspection programs will use the Agency Self-Inspection Program Data form to facilitate the annual ISOO reporting requirement. The Agency Self-Inspection Program Data form will be completed and reported annually to the OPS Security Management Division Information Security Program Manager for incorporation and consolidation of the Agency’s external reporting requirement to ISOO.

c. The CCPS/CCS shall conduct regular and periodic reviews of NASA organizational units involved in original (where applicable) and derivative classification, storage, and processing of classified material under the jurisdiction and custody of their respective Center, to ensure compliance with E.O. 13526, 32 CFR, pt. 2001, this NPR, and any applicable local procedures.

(1) Reviews will meet the intent of 32 CFR pt. 2001 and be reported annually to the OPS Security Management Division Information Security Program Manager on SF 311. The annual SF 311 form is not an audit and is used to report all classification decisions (declassification, original and derivative actions), inspections, and other classification management statistics at the Center. As with the Center Self-Inspections, classification management statistics will also include classified electronic records pursuant to 32 CFR § 2001.23.

| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | AppendixC | AppendixD | ALL |
| NODIS Library | Organization and Administration(1000s) | Search |


This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.