Effective Date: September 11, 2019
Expiration Date: September 11, 2024
|| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | AppendixC | AppendixD | ALL ||
5.1.1 This chapter provides procedural requirements for implementation of the industrial security program in accordance with E.O. 12829, 32 CFR pt. 2004, and DoD 5220.22.
5.1.2 The NASA NISP ensures the proper protection of classified information when released to current, prospective, or former contractors, licensees, or grantees of NASA. The Agency meets the requirements associated with regulations, classified contract administration rules and requirements, and the processing and control of classified visits for cleared Government and contractor employees involved in its programs/projects.
5.1.3 The SAO for the NISP is the Associate Administrator for Protective Services.
5.1.4 The processing and control of classified and unclassified visits to a Center in relation to classified contracts and meetings is the responsibility of the CCPS/CCS. See local Center security procedures.
5.2.1 The Defense Security Service (DSS) will act as the Cognizant Security Agency for the NASA Industrial Security Program. DSS serves as the Executive Agent for inspecting and monitoring the contractors, licensees, and grantees who require access to, or who (will) store classified information; and for determining the eligibility for access to CNSI of contractors, licensees, and grantees and their respective employees.
5.2.2 Contractors support a NASA classified contract are required to possess or be eligible to possess a Facility Security Clearance (FCL) at a classification level equal to or greater than the work to be performed. If the prime contractor does not possess a valid FCL or possess the proper classification level required for contract performance, the CCPS/CCS may sponsor the contractor for an FCL at the required FCL level through DSS. The contractor will possess an active Commercial and Government Entity code (CAGE) code, receive/abide by the security guidelines of a NASA issued DD Form 254, and complete other applicable industrial security forms that require compliance with the NISPOM for industrial security matters. A DD Form 254 will not be issued to any Foreign contractors, foreign governments or North Atlantic Treaty Organization (NATO) activities which require access to classified information..
5.2.3 NASA holds authority to inspect contractor operations approved to access and/or safeguard NASA classified information. Authority details are located on contract specific DD Form 254 as well as contract specifications.
5.3.1 The SAO for the NISP shall:
a. Identify the Senior Official for insider threat to ISOO to facilitate information sharing.
b. Enter into and maintain an agreement with the Office of the Secretary of Defense, DSS.
c. Submit cost reports to ISOO.
d. Ensure agency personnel who implement the NISP receive appropriate education and training.
e. Ensure that adverse information and insider threat activity pertaining to contractor, licensee, or grantee employees having access to classified information are reported to the CSA, DSS.
5.3.2 NASA program or project management personnel contemplating offers or estimates for a classified contract, negotiating or awarding a classified contract, or bearing responsibility for the performance of a classified contract shall:
a. Ensure the CCPS/CCS is fully engaged in supporting the development of security requirements for the contract.
b. Provide adequate resources to the CCPS/CCS for program security oversight, as required.
c. Ensure the contractor's designated facility security officer (FSO) passes a Visit Authorization Letter (VAL) to the CCPS/CCS. At a minimum, a new VAL will be passed on a yearly basis, pursuant to the NISPOM, or when a contractor personnel are added or deleted from the contract.
5.3.3 The Procurement Officer of each Center is responsible for the following:
a. Ensuring that the request for proposals or offers includes a statement that the contractor or prospective contractor will or will not require access to classified information and will or will not generate classified information in the performance of such contract. If the contract involves access to classified information or the generation of classified information, a letter requiring each contractor to comply with the National Industrial Security Program Operating Manual (NISPOM) DoD 5220.22-M as required, will be attached to the material submitted to the individual negotiating the contract.
b. Ensuring that each classified contract contains the standard security requirements clauses prescribed by FAR subpt. 4.4 and NASA FAR Supplement subpt. 1804.4.
c. Ensuring that a DD Form 254 is included in the solicitation phase and that the Center CCPS/CCS is involved in the completion of the form.
d. Ensuring that any proposed deviation in this standard security provision (elimination, addition, or substitution) is forwarded to the Office of Procurement for approval by the Assistant Administrator for Procurement, with concurrence by the AA for Protective Services and the NASA Office of General Counsel (OGC).
5.3.4 The CCPS/CCS shall:
a. Implement the Government Contracting Agency responsibilities of the NISP for industrial security services of contractors on NASA Centers and facilities, excluding personnel security clearances.
(1) Ensure that NASA recommendations affecting the contractor’s security program are made primarily through the cognizant security office DSS for the contractor concerned, since DSS is primarily responsible for ensuring that the contractor complies with all security recommendations. When it becomes apparent that full and satisfactory action on a specific NASA recommendation has not been taken by the cognizant security office or by the contractor, a detailed report of the circumstances will be forwarded to the AA for Protective Services for appropriate action with a copy to the contracting officer.
b. Process and control classified and unclassified visits to a Center in relation to classified contracts as covered in written local security procedures tailored to that Center.
c. Ensure contractors operating under a DD Form 254 provide the appropriate “Classified Visit” documentation, pursuant to the NISPOM, on all “cleared” contractor personnel working under the DD Form 254 and ensure updates are provided on an as needed basis. Classified visit requests are mandatory for all NASA Classified Contracts.
d. Coordinate with the contracting officer and contracting officer’s technical representative, to develop local written security procedures to ensure that the following requirements are met:
(1) The NASA contracting officer has the responsibility to include the DD 254 in the requests for proposal (RFP) and contracts. The Center Security Office has the responsibility for generating the DD-254 and signing the document. Center Security reviews each RFP and/or contract to fully understand the requirements and implications of the procurement action with regard to security.
(2) In item 12 of the DD Form 254, delete the words: “To the Directorate For Freedom of Information and Security Review, Office of the Assistant Secretary of Defense (Public Affairs) for review in accordance with the Industrial Security Manual,” and insert the words: “To the Office of Communications, National Aeronautics and Space Administration, Washington, DC 20546, for review.”
(3) In the case of prime contracts, also specify “the Office of Communications Public Information Office of the NASA contracting Center” in item 12 to indicate that proposed publicity releases will be submitted through that office to the Office of Communications.
(4) In the case of subcontracts, the publicity office of the prime contractor will be specified, in addition to the Office of Communications Public Information Office of the NASA Contracting Center, to indicate that proposed publicity releases will be submitted through those two offices to the NASA Office of Communications.
5.3.5 All changes to a contractor’s security program that may affect the cost, performance, or delivery of a contract are submitted to the contracting officer and, where appropriate, contract modifications will be processed accordingly.
5.4.1 Center Security Offices may find it necessary to take action to suspend, or deny a NASA contract employee’s access to CNSI or, in coordination with the NASA contracting officer, to suspend operation of the entire contract. To ensure uniformity and consistency, the following applies:
a. In the rare cases NASA has granted a contractor’s clearance, only the AA for Protective Services or designee may deny or revoke a cleared contractor’s access to classified information.
b. The AA for Protective Services, Center Director, CCPS/CCS, or the OPS Security Management Division Director shall suspend a contractor’s access for cause.
5.4.2 Each action will be fully documented. Information developed during the security inquiry will not be shared with the contracting officer or contractor management while the inquiry is ongoing. The Office of Protective Service/OPS Security Management Division Director or CCPS/CCS may override this principle, if in their judgment the information suggests that the subject poses an immediate and serious threat to the health or safety of other individuals, is a threat to a critical mission, or may otherwise be ineligible for continued access to classified information.
5.4.3 Center security officials shall ensure coordination is effected with the local or regional Industrial Security investigative organization (OPM and DSS) to obtain direction and to ensure information is provided to enable them to properly adjudicate for continued clearance eligibility.
5.4.4 During the investigative and adjudicative process, all reasonable efforts will be pursued to fully develop potential issue information, as well as potentially favorable or mitigating information.
5.4.5 The CCPS/CCS shall propose denials and revocations of contractor access to the AA for Protective Services. The AA for Protective Services will make final denial or revocation determinations after consultation with the NASA Central Adjudication Facility and the OGC.
5.4.6 Subjects of adjudication will be allowed to review and refute any information developed during the investigation process that makes him or her ineligible for access to NASA CNSI, unless release of that information jeopardizes national security.
5.5.1 The CCPS/CCS shall also include a contract security classification specification, DD Form 254, with each contract or agreement and solicitation that requires access to classified information. The DD Form 254 identifies the specific elements of classified information involved in each phase of the contract or agreement life-cycle, such as:
a. Level of classification;
b. Where the entity will access or store the classified information, and any requirements or limitations on transmitting classified information outside the entity;
c. Any special accesses;
d. Any classification guides or other guidance the entity needs to perform during that phase of the contract or agreement;
e. Any authorization to disclose information about the classified contract or agreement; and
f. GCA personnel responsible for interpreting and applying the contract security specifications (or equivalent guidance).
5.5.2 The CCPS/CCS shall revise the contract security classification specification throughout the contract or agreement life-cycle as security requirements change.
a. Classification guidance is the exclusive responsibility of the CCPS/CCS. The CCPS/CCS prepares classification guidance in accordance with 32 CFR § 2001.15, and provides appropriate security classification and declassification guidance to entities.
b. The CCPS/CCS responds to requests for clarification and classification challenges.
c. Instructions upon contract or agreement termination.
(1) The CCPS/CCS provides instructions to the contractor, licensee, or grantee for returning or disposing of classified information upon contract or agreement termination or when an entity no longer has a legitimate need to retain or possess classified information.
(2) The CCPS/CCS also determines whether the contractor, licensee, or grantee may retain classified information for particular purposes after the contract or agreement terminates, and if so, provides written authorization to the entity along with any instructions or limitations (such as which information, for how long, etc).
5.5.3 Each approved DD Form 254, Contract Security Classification Specification, or other written notification, issued in lieu thereof, is reviewed at least annually by CCPS/CCS with the assistance of the procurement office.
5.5.4 The individual(s) responsible for this review is identified by the CCPS/CCS in local written security procedures.
5.5.5 When a change is made in a security classification specification pertaining to a prime contract, that change will be reflected in all applicable DD Form 254s or other classification documents pertaining to subcontractors.
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | AppendixC | AppendixD | ALL |
|| NODIS Library | Organization and Administration(1000s) | Search ||
This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.