Effective Date: September 11, 2019
Expiration Date: September 11, 2024
|| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | AppendixC | AppendixD | ALL ||
a. This NASA Procedural Requirement (NPR) establishes Agency-wide requirements for the protection of Classified National Security Information (CNSI).
b. This NPR prescribes personnel responsibilities and procedural requirements for the management of CNSI to assist NASA Centers and Component Facilities in executing the NASA security program designed to protect people, property, and information.
c. In accordance with, Classified National Security Information, Executive Order (E.O.) 13526, and 32 CFR pt. 2001, this NPR establishes Agency procedures for the proper implementation and management of a uniform system for classifying, safeguarding, and declassifying national security information generated by, for, or in the possession of NASA.
a. This NPR is applicable to NASA Headquarters and all NASA Centers, including Component Facilities, Technical and Service Support Centers. This language applies to the Jet Propulsion Laboratory (JPL) (a Federally Funded Research and Development Center (FFRDC)), other contractors, recipients of grants and cooperative agreements, and parties to other agreements only to the extent specified or referenced in the applicable contracts, grants, or agreements.
b. This NPR is applicable to all NASA civil service employees, NASA contractor employees, personnel completing work through Space Act Agreements or Memorandums of Agreement (MOA) or Memorandums of Understanding (MOU), those assigned or detailed under the partners, recipients of grants and cooperative agreements, visitors, and other binding transactions in which access to Classified National Security Information is required for performance of the work.
c. Chapter 5 is applicable to contracts, grants, cooperative agreements, and other binding transactions in which performance requires access to CNSI by the contractor, supplier, grantee, or its employees. It does not apply to agreements with other Federal agencies.
d. In this directive, all document citations are assumed to be the latest version unless otherwise noted.
e. In this NPR, all mandatory actions (i.e., requirements) are denoted by statements containing the term "shall." The terms: "may" or "can" denote discretionary privilege or permission, "should" denotes a good practice and is recommended, but not required, "will" denotes expected outcome, and "are/is" denotes descriptive materials.
a. The National Aeronautics and Space Act, 51 United States Code (U.S.C.), Security Requirements § 20132, Dec 18, 2010.
b. Classified National Security Information, E.O. 13526, 75 Fed. Reg.707 (Jan. 5, 2010).
a. Freedom of Information Act, 5 U.S.C. § 552
b. Privacy Act of 1974, 5 U.S.C. § 552a.
c. Intergovernmental Personnel Act, as amended, 5 U.S.C. § 3372.
d. Atomic Energy Act of 1954, 42 U.S.C. § 2011 et seq.
e. Records Management by Federal Agencies, 44 U.S.C. §§ 2905, 3101, and 3102.
f. National Security Act of 1947, 50 U.S.C. § 2671 et seq.
g. National Security Act of 1947, 50 U.S.C. § 3001 et seq.
h. National Industrial Security Program, E.O. 12829, 58 Fed. Reg. 3479 (Jan. 6, 1993).
i. Access to Classified Information, as amended, E.O. 12968, 60 Fed. Reg. 40245 (Aug. 7, 1995).
j. Information Security Program, 14 CFR pt. 1203.
k. Export Administration Regulations, 15 CFR pts. 730-774.
l. International Traffic in Arms Regulations, 22 CFR pts. 120-130.
m. Classified National Security Information, 32 CFR pt. 2001.
n. National Industrial Security Program, 32 CFR pt. 2004.
o. Federal Acquisition Regulation (FAR), 48 CFR subpt. 4.4.
p. NASA FAR Supplement (NFS), 48 CFR subpart 1804.4.
q. NASA Policy Directive (NPD) 1210.2, NASA Surveys, Audits, and Review Policy
r. NPD 1600.4, National Security Programs.
s. NPD 1600.9, NASA Insider Threat Program.
t. NPR 1441.1, NASA Records Management Program Requirements.
u. NPR 1600.3, Personnel Security.
v. NPR 1600.4, Identity and Credential Management.
w. NPR 1600.6, Communications Security (COMSEC).
x. NPR 1620.3, Physical Security Requirements for NASA Facilities and Property.
y. NPR 1660.1C, NASA Counterintelligence and Counterterrorism.
z. NPR 4100.1F, NASA Supply Support and Material Management.
aa. NPR 7120.5, NASA Space Flight Program and Project Management Requirements.
bb. NPR 7120.7, NASA Information Technology and Institutional Infrastructure Program and Project Management Requirements.
cc. NPR 7120.8, NASA Research and Technology Program and Project Management Requirements.
dd. Guidelines for Data Spillages, ITS-HBK-2820.09-04.
ee. NASA Handbook for Writing Security Classification Guides.
ff. NASA Form (NF) 387, Classified Material Receipt.
gg. NF 1733, Information and Technology Classification and/or Sensitivity Level Determination Checklist.
hh. NF 1833, Request for SCI Classified Visit.
ii. Committee on National Security Systems (CNSS) Instruction 1253.
jj. Federal Qualified Products List of Products Qualified Under Federal Specification FF-L-2740A Locks, Combination, Federal Specification FF-L-2740.
kk. Intelligence Community Directive (ICD) 503, Intelligence Community Information Technology Systems Security Risk Management, Certification and Accreditation.
ll. Intelligence Community Directive (ICD) 704, Personnel Security Standards and Procedures Governing Eligibility for Access to Sensitive Compartmented Information and Other Controlled Access Program Information.
mm. Intelligence Community Directive (ICD) 705, Sensitive Compartmented Information Facilities.
nn. ISOO Booklet, Marking Classified National Security Information.
oo. National Industrial Security Program Operation Manual (NISPOM) DoD 5220.22-M.
pp. National Institute of Standards and Technology (NIST) Special Publications 800-53 and 800-37.
qq. NSA/Central Security Service Policy 9-12.
rr. Security Executive Agent Directive 3 (SEAD 3).
ss. Special Historical Records Review Plan (Supplement).
tt. U. S. Security Authority for North Atlantic Treaty Organization Affairs (USSAN) Instruction 1-07.
uu. DD Form 254, Department of Defense Contract Security Classification Specification.
vv. SF 311, Agency Security Classification Management Program Data.
ww. SF, 700, Security Container Information.
xx. SF 701, Activity Security Checklist.
yy. SF 702, Security Container Check Sheet.
zz. SF 703, Top Secret Coversheet.
aaa. SF 704, Secret Cover Sheet.
bbb. SF 705, Confidential Cover Sheet.
ccc. SF 706, Top Secret Label.
ddd. SF 707, Secret Label.
eee. SF 708, Confidential Label.
fff. SF 710, Unclassified Label.
ggg. SF 715, Declassification Review Tab.
hhh. SF 716, Agency Security Classification Costs Estimates.
iii. Special Access Request (SAR) Form 2018a.
a. To determine Center compliance with E.O. 13526, 32 CFR pt. 2001, and this NPR, Center Directors and Center Chiefs of Protective Services/Chief of Security (CCPS/CCS) or their designees will determine and document compliance through annual self-assessments and reviews conducted by the Office of Protective Services (OPS). Each Center Protective Services Office will conduct assessments of select organizations throughout their Center on a yearly basis to determine if Center organizations are in compliance with this NPR. OPS will provide the Centers with an OPS Self-Inspection Checklist to be used in conjunction with the NPR to ensure that all Center reviews will be tailored to include all steps necessary to perform a comprehensive review of all pertinent areas within a Center.
b. OPS will conduct evaluations, by way of the functional review process, of Center compliance and implementation. OPS will evaluate each Center at least every three years, or sooner if required, using the OPS Functional Review Checklist to determine compliance with this NPR. The functional review process will identify non-compliant issues (findings), observations, and best practices. Non-compliance with this NPR, the E.O. 13526, and/or 32 CFR pt. 2001, will result in findings that will be forwarded to the Center Director and the Assistant Administrator (AA) for Protective Services. The findings from the OPS Functional Reviews will be provided to the Center Director no later than 30 days after completion of the review. The Center will be required to submit an action plan outlining the non-compliant area along with the corrective action for compliance. OPS will review the findings within 30 days and inform the Center of the approval or disapproval of the corrective actions.
c. The Information Security Oversight Office (ISOO) maintains continuous relationships with agency counterparts on all matters relating to the Classified National Security Program and 32 CFR pt. 2004. ISOO also conducts on-site assessments to monitor agency compliance with E.O. 13526 and 32 CFR pt. 2001. Each year ISOO gathers relevant statistical data regarding each agency’s security classification program. ISOO analyzes and reports this data, along with other relevant information in its Annual Report to the President. NASA follows ISOO guidance and is subject to ISOO inspections and reviews.
d. Internal and external auditors responsible for ensuring that Agency compliance and effective implementation of the E.O. 13526 will evaluate the NASA CNSI program.
NPR 1600.2, NASA Classified National Security Information (CNSI), dated October 11, 2011.
| TOC | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | Chapter5 | AppendixA | AppendixB | AppendixC | AppendixD | ALL |
|| NODIS Library | Organization and Administration(1000s) | Search ||
This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.