Effective Date: September 11, 2019
Expiration Date: September 11, 2024
|| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | AppendixC | AppendixD | ALL ||
4.1.1 Security education plays a critical role in the effectiveness of NASA’s information security program. This chapter provides an overview of the required security education and training required by Section 5.4 of the E.O. 13526 and 32 CFR pt. 2001 subpt. G.
4.2.1 The CCPS/CCS shall develop, issue, and document initial training. Personnel who have been the subject of a personnel security investigation and granted a security clearance based upon a favorable determination of the investigation results have met the requirements necessary to have access to classified information.
4.2.2 Training is conducted in conjunction with the execution of the most current version of the SF-312. The training should be supplemented with the ISOO SF-312 Briefing Booklet. This booklet provides a brief discussion of the background and purpose of the SF-312; the text of pertinent legislative and executive authorities; a series of questions and answers on its implementation; and a copy of the SF-312.
4.2.3 Clearance holders shall execute the SF-312 by reviewing and signing the form immediately following initial security education training.
4.2.4 All cleared Agency personnel will receive initial training on basic security policies, principles, and practices, as well as criminal, civil and administrative penalties.
4.3.1 CCPS/CCS will ensure Center clearance holders have completed annual refresher training for employees who create, process, or handle classified information. CCPS/CCS will also reinforce CNSI policies, principles and procedures covered in initial, annual and specialized training periodically throughout the year.
4.3.2 OPS will ensure the annual refresher training remains up-to-date and addresses policies and procedures for properly handling CNSI. The training will also address the identification and handling of other agency-originated information and foreign government information, as well as the threat and the techniques employed by foreign intelligence activities attempting to obtain classified information, and advise personnel of penalties for engaging in espionage activities. Annual refresher training will be updated periodically to include issues or concerns identified during agency self-inspections.
4.4.1 All OCAs will receive initial training and at least annually, in proper classification and declassification with an emphasis on the avoidance of over-classification as provided in E.O. 13526 and 32 CFR § 2001.71. At a minimum, the training will cover:
a. Classification standards.
b. Classification levels.
c. Classification authority.
d. Classification categories.
e. Duration of classification.
f. Identification and markings.
g. Classification prohibitions and limitations.
i. Classification challenges.
j. Security classification guides.
k. Information sharing.
4.4.2 OCAs who do not receive such mandatory training will have their classification authority suspended by the SAO until such training is completed. A waiver may be granted by the SAO if an individual is unable to receive training due to unavoidable circumstances. Whenever a waiver is granted, the individual will receive training as soon as practicable. The Administrator and the Deputy Administrator will coordinate with the SAO before using their authority to suspend or grant a waiver for training so that appropriate records are maintained.
4.5.1 The CCPS/CCS will develop, issue, and document derivative classification training in accordance with E.O. 13526 and 32 CFR § 2001.71 for new individuals authorized to process derivative classification actions and procedures. CCPS/CCS may use DSS or ISOO training to meet this requirement. Prior to performing derivative classification activities, authorized individuals will receive training in the proper application of the derivative classification principles of E.O. 13526 and at least once every 2 years thereafter. At a minimum, this training should include:
a. Principles of derivative classification.
b. Classification levels.
c. Duration of classification.
d. Identification and markings.
e. Avoidance of over-classification.
f. Prohibitions and limitations of classification.
h. Classification challenges.
i. Classification guides.
j. Information sharing.
4.5.2 The annual training for clearance holders issued by OPS is considered refresher training for Derivative classifiers. Derivative classifiers who do not receive this training at least once every 2 years will have their authority to apply derivative classification markings suspended by the SAO until the training is completed. A waiver may be granted by the SAO if an individual is unable to receive the training due to unavoidable circumstances. Whenever a waiver is granted, the individual is to receive training as soon as practicable. The Administrator and Deputy Administrator have the authority to suspend and waive training, but the SAO has the primary responsibility for this function.
4.5.3 Derivative classifiers will also be advised of the requirements for marking in the electronic environment (to include email). Documents and emails created in the electronic environment are subject to the same marking requirements as hard copy CNSI as described in Section 1.6 of the E.O. 13526 and 32 CFR § 2001.21. The ISOO Marking Booklet should be used as a supplemental training tool.
4.6.1 Classification management officers, security managers, and security specialists. CCPS/CCS shall ensure that personnel whose duties significantly involve the creation or handling of classified information receive more detailed or additional training immediately after assumption of duties that require other specialized training. Individuals designated to perform these duties will receive specialized training on the specific requirements of each position.
4.6.2 Department of Energy Clearance Holders. Upon approval in NAMS, the clearance holder shall be required to take training in SATERN. Refresher training for DOE clearance holders is once every 2 years thereafter.
4.6.3 Declassification Authorities. After a CCPS/CCS designates an individual as DCA, they shall ensure that the DCA attends the required NASA OPS Declassification Authority Training and the DOE Historical RD/FRD Records Reviewer Training within one year as per 2.11.2a. of this NPR. Additionally, certified DCAs are required to attend refresher training every 3 years provided by NASA OPS.
4.6.4 Safe Custodians. The CCPS/CCS shall ensure personnel designated as a safe custodian or alternate safe custodians be briefed on their responsibilities related to the handling, storage, and protection of CNSI. Additionally, custodians are briefed on the importance of protecting safe combinations, not writing them down or sharing with anyone other than approved personnel. Custodians will receive refresher briefings on their responsibilities annually.
4.6.5 Courier Briefings. The CCPS/CCS shall ensure personnel designated as couriers be briefed that classified material remains in their physical possession at all times, taken from point A to point B in the most direct manner (i.e., not in checked baggage, left unattended in a hotel room or vehicles, safeguarded in hotel safety boxes, or taken to bars, dining, or places of entertainment) and protected from opening, examination, or inspection. Furthermore, designated couriers will be briefed and acknowledge that their authorization to courier CNSI is only valid within the U.S. and its Territories. Couriers will be briefed on their responsibilities annually.
4.6.6 Classified Information Technology Briefings.
a. NASA OPS shall ensure personnel granted system access and privileges to process, store and transmit classified on certified and accredited NASA National Security Systems receive an initial User Briefing regarding their responsibilities.
b. Users will also receive initial training of the classification marking tool used when sending classified emails on certified and accredited NASA National Security Systems.
4.6.7 Inadvertent Exposure Briefings.
a. The CCPS/CCS shall perform an inadvertent exposure briefing. This type of briefing should be performed when an individual is inadvertently exposed to classified information. A document detailing the individual’s name, date of exposure, date of signature, signature and a statement that the individual understands their responsibility to not further distribute or discuss the classified information that was inadvertently disclosed will be created. This can occur when a non-cleared person is exposed to classified information or when a cleared person is exposed to classified information at a level higher than what they are briefed for.
b. An inadvertent exposure briefing can also be directed at the direction of the Director, Security Management Division.
4.7.1 Except in extraordinary circumstances, each employee who is granted access to classified information and who leaves the service of NASA or no longer requires access to classified information will receive a termination briefing. Additionally, each employee whose clearance is withdrawn or revoked will receive such a briefing. At a minimum, termination briefings inform each employee of their continuing responsibility not to disclose any classified information to which the employee had access and the potential penalties for non-compliance, and the obligation to return to the appropriate agency official all classified documents and materials in the employee’s possession.
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | AppendixC | AppendixD | ALL |
|| NODIS Library | Organization and Administration(1000s) | Search ||
This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.