| NODIS Library | Organization and Administration(1000s) | Search |

NPR 1620.2A
Effective Date: October 07, 2015
Expiration Date: October 07, 2024
Printable Format (PDF)

(NASA Only)

Subject: Facility Security Assessments (Revalidated on December 13, 2019)

Responsible Office: Office of Protective Services

| TOC | Change | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | AppendixA | AppendixB | ALL |


P.1 Purpose

a. This NASA Procedural Requirement (NPR) establishes NASA requirements for determining a Center/facility security level for NASA facilities, except Classified National Security Information (CNSI) and nuclear and chemical materials.

b. This security assessment procedure supports NASA's Center management in meeting the responsibility of protecting NASA's assets in a cost-effective manner. It is designed to assist security officers who support management and the NASA Security Program. The results of the physical security assessments are used to determine the appropriate level of protection needed to safeguard NASA's Center's/facilities adequately and economically.

c. The level of security adopted is based upon applicable physical security measures and security procedures contained in NPR 1600.1 and 1620.3. The methodology used in this document meets the Interagency Security Committee (ISC) Standards as outlined in "The Risk Management Process for Federal Facilities: an Interagency Security Committee Standard" published by the Department of Homeland Security (DHS). The results of the physical security vulnerability risk assessment are to be used to satisfy the requirements of Homeland Security Presidential Directive (HSPD)-7. The results of this assessment should also determine the corresponding criteria written in NPR 1620.3.

d. When completed, the results of the security assessment and mitigation plans is labeled and handled as Sensitive But Unclassified (SBU) in accordance with current policy and procedure (NID 1600.55).

[Note: Marking requirements for NASA sensitive unclassified information will be changed in FY 2016 (approximately) as Executive Order 13556 is executed and the current SBU program is replaced by the federally mandated Controlled Unclassified Information (CUI) program.] Until the CUI program is fully implemented, use of the CUI designation is not authorized. At the time of this version of NPR 1620.2, the policy for CUI has not been received from higher authority and is not implemented.

e. The overall purpose of this NPR and its sister document, NPR 1620.3, is to establish a baseline physical security posture for each assessed facility based on its mission criticality, symbolism, facility population, facility size, and undesirable event. Thereafter, subsequent changes in threat indicators could require the Center Security Chief to implement temporary security measures designed to mitigate threats based on current intelligence.

f. This assessment tool is a living document and will occasionally be updated to ensure its continued application and viability, based on direction from the DHS.

P.2 Applicability

a. This directive is applicable to NASA Headquarters and NASA Centers, including Component Facilities and Technical and Service Support Centers. This directive applies to the Jet Propulsion Laboratory, other contractors, grant recipients, or parties to agreements only to the extent specified or referenced in the appropriate contracts.

b. "Facility Security Level Determinations for Federal Facilities - An Interagency Security Committee Standard" (the Standard) defines the criteria and process to be used in determining the facility security level (FSL) of a Federal facility, a categorization which then serves as the basis for implementing protective measures under other ISC standards. Consistent with the authority contained in Executive Order (EO) 12977, dated October 19, 1995, the Standard is applicable to all buildings and facilities in the United States occupied by Federal employees for non-military activities. These include existing buildings, new construction, or major modernizations; facilities owned, to be purchased, or leased; stand-alone facilities, Federal campuses, and, where appropriate, individual facilities on Federal campuses; and special-use facilities.

c. This NPR is applicable to all NASA leased and owned facilities excluding CNSI, nuclear, and chemical storage facilities mentioned in Section P1 of this NPR.

d. Address comments regarding this NPR to the:

Office of Protective Services
NASA Headquarters
300 E ST SW
Washington, DC 20546.

e. Refer questions concerning the application of these standards at NASA Centers to the appropriate NASA Center Security Office.

P.3 Authority

a. National Space Program, 42 U.S.C. ยง 2473(c) (1).

b. Interagency Security Committee, E.O. 12977.

c. National Aeronautics and Space Administration, 14 CFR pt. 1203a.

d. NPD 1600.2, NASA Security Policy.

P.4 Applicable Documents and Forms

a. Critical Infrastructure Security and Resilience, PPD-21.

b. Implement Controlled Unclassified Information, E.O. 13556.

c. DHS-ISC, The Risk Management Process: An Interagency Security Committee Standard

d. DHS-ISC, The Design-Basis Threat

e. HSPD-7, Critical Infrastructure Identification, Prioritization, and Protection.

f. NPR 1600.1, NASA Security Program Procedural Requirements.

g. NPR 1620.3, Physical Security Requirements for NASA Facilities and Property.

h. NID 1600.55, Sensitive But Unclassified (SBU) Information.

i. NHQ Form 1805, Facility Security Level Determination Matrix

P.5 Measurement / Verification

Verification of this NPR will be documented on NASA Form 1805, Facility Security Level Determination Matrix. All authorized signatures on the NF 1805 will be completed and the form maintained by the Center Office of Protective Services. Upon request of the Headquarters Office of Protective Services, copies of Form 1805 will be electronically sent.

P.7 Cancellation

NPR 1620.2, Physical Security Vulnerability Risk Assessments, dated July 15, 2004

Revalidated on December 13, 2019.

Woodrow Whitlow, Jr.
Associate Administrator
Mission Support Directorate

| TOC | Change | Preface | Chapter1 | Chapter2 | Chapter3 | Chapter4 | AppendixA | AppendixB | ALL |
| NODIS Library | Organization and Administration(1000s) | Search |


This document does not bind the public, except as authorized by law or as incorporated into a contract. This document is uncontrolled when printed. Check the NASA Online Directives Information System (NODIS) Library to verify that this is the correct version before use: https://nodis3.gsfc.nasa.gov.