INDEX
U.S. Department of Energy ORDER
Washington, D.C. DOE 5639.8A
7-23-93
SUBJECT: SECURITY OF FOREIGN INTELLIGENCE INFORMATION AND SENSITIVE
COMPARTMENTED INFORMATION FACILITIES
1. PURPOSE. To establish responsibilities and authorities for protecting
Foreign Intelligence Information (FII) and Sensitive Compartmented
Information Facilities (SCIFs) within the Department of Energy (DOE).
2. CANCELLATION. DOE 5639.8, SECURITY OF FOREIGN INTELLIGENCE INFORMATION
AND SENSITIVE COMPARTMENTED INFORMATION FACILITIES, of 9-15-92.
3. SCOPE. The provisions of this Order apply to all Departmental Elements
and contractors performing work for the Department as provided by law
and/or contract and as implemented by the appropriate contracting
officer.
4. APPLICABILITY. This Order applies to all DOE Elements, including
DOE-owned, contractor-operated and/or subcontractor-operated activities
performing work for the Department which require access, receipt,
storage, processing and/or handling of Foreign Intelligence
Information. DOE Elements shall follow the provisions, policies,
procedures, responsibilities and authorities detailed in this Order,
which are applicable to properly establish, manage, and operate
facilities which receive, store, process, and disseminate FII,
including Sensitive Compartmented Information (SCI).
5. REFERENCES. See Attachment 1.
6. DEFINITIONS. See Attachment 2.
7. POLICY. The security afforded DOE foreign intelligence information and
activities shall not pose an unacceptable risk to the national
security, and security shall conform to the applicable provisions of
Executive Order 12333, "United States Intelligence Activities," of
12-4-81; Executive orders as may supersede it; and to applicable
Director of Central Intelligence Directives (DCID).
8. RESPONSIBILITIES AND AUTHORITIES.
a. The Secretary is the Senior Official of the Intelligence Community
(SOIC).
b. Heads of Departmental Elements shall:
(1) Require contractors, through the contracting officer(s), to
conduct FII activities in accordance with this Order and
other appropriate policy and procedural documents published
by the DOE for management and operation of facilities and
activities associated with control and accountability of FII,
to include SCI.
(2) Designate an individual(s) to be responsible for bringing to
the attention of the contracting officer each procurement
falling within the scope of this Order. Unless another
individual is designated, the responsibility is that of the
procurement request originator (the individual responsible
for initiating a requirement on DOE F 4200.33, "Procurement
Authorization Request").
c. Director of Intelligence and National Security through:
(1) Director of Security Affairs shall, in coordination with the
Director of Intelligence:
(a) Develop overall Departmental security policy and
procedures for the protection of FII and SCI in
accordance with DCIDs 1/7, 1/14, 1/16, 1/19, 1/20, 1/21,
1/22, and associated appendices.
(b) In the area of personnel security:
1 Develop security policy and procedures applicable
to SCI access eligibility.
2 Adjudicate background investigations and
reinvestigations and provide security
determinations to the Director of Intelligence on
individual's eligibility for access to SCI.
3 Manage the continuing security education briefing
and awareness program through development of
educational materials and ensure refresher
briefings are conducted in compliance with
established Orders.
(c) In the area of information security:
1 Develop security policy and procedures for the
protection of classified information containing
foreign intelligence information.
2 Conduct security inquiries involving actual or
suspected incidents involving a possible or
probable compromise of FII, including SCI.
3 Conduct periodic inspections at Headquarters to
ensure compliance with security procedures for the
receipt, control, dissemination, transmission, and
destruction of FII. These inspections will not
include access to specific compartmented
information or program activities unless specified
by the SOIC.
(d) In the area of physical/technical/automated information
systems (AIS):
1 Develop security policy, procedures, standards, and
criteria for new construction or modification of
existing SCIFs, and advise the Director of
Intelligence on the status of new construction or
modifications to existing SCIFs.
2 Conduct preconstruction review and formally
inspect/evaluate new construction or modifications
to existing SCIFs, and provide the final
accreditation package and certification to the
Director of Intelligence for final accreditation.
3 Develop security policy and procedures for the
physical, technical, AIS and networks which support
SCIFs as they apply to DOE and its
contractor-operated facilities relative to FII.
4 Review and approve written certification of
compliance with approved AIS and general security
plans, equipment, and installation criteria and
associated SCIF standard operating procedures and
emergency plans, and provide these plans and
certifications as part of the final SCIF
accreditation package to the Director of
Intelligence for final accreditation or
reaccreditation as appropriate.
(e) In addition to the above responsibilities, carry out the
responsibilities outlined in paragraph 8b, above.
(2) Director of Intelligence, as the Senior Intelligence Officer
(SIO) and the Secretary's executive agent for implementation
and monitoring the provisions of Executive Order 12333,
shall:
(a) Develop intelligence policy and procedures for FII and
SCI.
(b) Approve access to FII, including SCI, for DOE and DOE
contractor personnel.
(c) Control the use and dissemination of foreign
intelligence, including SCI, by DOE Elements and their
contractors in accordance with directives from and/or
agreements with the Intelligence Community (IC).
(d) Approve requests for construction of new SCIFs or
modifications to existing SCIFs in accordance with
directives from and/or agreements with the IC.
(e) Accredit all DOE SCIFs and their inherent systems which
have been certified by the Director of Safeguards and
Security, in accordance with directives from and/or
agreements with the IC.
(f) Maintain a master security file on each SCIF.
(g) In the area of personnel security:
1 Receive all requests from DOE Elements and their
contractors for SCI access; approve or disapprove
the need-to-know; and formally request eligibility
data from the Director of Safeguards and Security.
2 Receive security determinations from the Director
of Safeguards and Security relative to background
investigations; determine individual eligibility
for access to SCI; and direct indoctrination
proceedings for DOE and its contractor personnel.
3 Maintain formal records of SCI indoctrinations and
special accesses for DOE and its contractor/
subcontractor personnel and acts as the formal
channel for receiving and passing SCI security
clearance information.
4 Assist the Director of Security Affairs, as
required, in developing educational materials
designed to provide an adequate and effective
security awareness and education program for those
persons who have been authorized access to FII.
5 Coordinate with the Director of Security Affairs to
establish channels for the exchange of information
bearing on the security posture of persons having
access to FII.
(h) In the area of information security:
1 Develop, in coordination with the Director of
Security Affairs, procedures and systems for
protection of FII held within DOE and contractor/
subcontractor facilities.
2 Provide substantive inputs to the Director of
Security Affairs on new or revised IC security
policies and procedures relative to FII.
3 Conduct periodic inspections of document markings,
accountability, and inventory of SCI holdings in
accordance with established policy and procedural
guidance.
(i) In the area of physical/technical/AIS security:
1 Coordinate with the Director of Security Affairs on
requests for new construction or modifications to
existing SCIFs, and assist the Director of Security
Affairs in the evaluation process relative to
certification of DOE SCIFs.
2 Support the Deputy Assistant Secretary for Security
Evaluations in the conduct of SCIF inspections and
evaluations by assisting with that portion of the
evaluation dealing with the receipt, control,
dissemination, storage, and destruction of SCI.
(j) In coordination wi!h the Director of Security Affairs
and the Deputy Assistant Secretary for Security
Evaluations, prepare a master schedule of inspections/
evaluations for DOE accredited SCIFs and ensure the
conduct of inspections/evaluations of the security
posture of each SCIF a minimum of once every year.
(k) Provide copies of SCIF inspection/evaluation reports to
affected Secretarial Officers, the Director of Security
Affairs, Heads of Field Elements, and affected SCIFs.
(l) In addition to the above responsibilities, carry out the
responsibilities outlined in paragraph 8b, above.
d. Deputy Assistant Secretary for Security Evaluations shall:
(1) Direct, manage, and conduct independent inspections,
performance tests, and evaluations to assess the protection
program and the effectiveness of the levels of protection and
compliance with regulations, requirements, and Orders at DOE
facilities.
(2) Evaluate the effectiveness of DOE policies and programs for
meeting requirements of applicable statutes and Executive
orders.
(3) Advise Heads of Departmental Elements on the security posture
of DOE Elements and their contractor-operated facilities with
respect to compliance with DOE policies and directives.
(4) In addition to the above responsibilities, carry out the
responsibilities outlined in paragraph 8b, above.
e. Assistant Secretary for Human Resources and Administration shall:
(1) Assist the Director of Intelligence in the development and
execution of viable communications security (COMSEC) and
TEMPEST activities related to FII and SCI.
(2) Provide technical advice and assistance relative to the
installation of equipment used to process or store foreign
intelligence information, to include SCI, and assist the
Director of Security Affairs to properly analyze and evaluate
the security risks associated with approving the facility for
continued operation.
(3) Assist the Director of Security Affairs during inspections,
evaluations, surveys, and assessments to verify adequate
installation of equipment and other technical areas.
(4) Assist the Director of Security Affairs during the Internal
Review Budget process by assuring that adequate integrated
security systems are planned, designed, and constructed for
all DOE facilities.
(5) In addition to the above responsibilities, carry out the
responsibilities outlined in paragraph 8b, above.
f. Heads of Field Elements shall:
(1) Ensure requests for SCI access from their organizations,
including contractors, provide the information required,
including the need-to-know justification, prior to being
forwarded to the Director of Intelligence.
(2) Ensure the inspection of DOE security facilities to assure
the security of DOE and DOE-owned, contractor-operated, and
subcontractor-operated facilities, including SCIFs, under
their jurisdiction in accordance with established policy and
procedural guidance.
(3) Develop, in coordination with the Director of Security
Affairs, policy and procedures to ensure that an adequate and
viable security program exists for the protection of FII, to
include SCI, located in DOE and DOE-owned contractor-operated
and subcontractor-operated facilities under their
jurisdiction.
(4) Provide to the Director of Security Affairs site approved,
preconstruction architectural and engineering design
materials, and results of the local DOE security element
review. Any recommendations developed through the local
review of proposed construction of new SCIFs or modifications
to existing SCIF(s) shall be submitted to the Director of
Security Affairs for approval prior to beginning any
construction or modification activities.
(5) Review cognizant SCIF AIS and general security plans and
standard operating procedures and any changes/revisions to
existing plans for adequacy and compliance with established
policies and directives, and forward plans to the Director of
Security Affairs and the Director of Intelligence for
appropriate action.
(6) Provide local support to the Deputy Assistant Secretary for
Security Evaluations, the Director of Security Affairs, and
the Director of Intelligence during the conduct of
evaluations of cognizant SCIF(s), as required.
(7) Request the Director of Security Affairs support in
correcting any physical, technical, or operational security
deficiencies on DOE-owned facilities under their
jurisdiction.
(8) Ensure the immediate notification of the Director of Security
Affairs and the Director of Intelligence on possible or
probable compromises of both collateral FII and SCI.
(9) In addition to the above responsibilities, carry out the
responsibilities outlined in paragraph 8b, above.
g. Director, Naval Nuclear Propulsion Program shall, in accordance
with the responsibilities and authorities assigned by Executive
Order 12344 (statutorily prescribed by Public Law 98-525 (42
United States Code (U.S.C.), 7158, note) and to ensure consistency
throughout the joint Navy/DOE organization of the Naval Nuclear
Propulsion Program, implement and oversee all policy and practices
pertaining to this Order for activities under the Director's
cognizance.
h. Procurement Request Originators (the individuals responsible for
initiating a requirement on DOE F 4200.33), or such other
individual(s) as designated by the cognizant Head of the
Departmental Element, shall bring to the attention of the
cognizant contracting officer the following: (1) each procurement
requiring the application of this Order; (2) requirement for flow
down of provisions of this Order to a subcontractor; and (3)
identification of the paragraphs of this Order with which the
contractor or, if different, subcontractor is to comply.
i. Contracting Officers, based on advice received from the
procurement request originator or other designated individual,
shall apply applicable provisions of this Order to contracts
falling within its scope. For contracts other than management and
operating contracts, this shall be by incorporation or reference
using explicit language in a contractual action, usually
bilateral.
BY ORDER OF THE SECRETARY OF ENERGY:
ARCHER L. DURHAM
Assistant Secretary for Human
Resources and Administration
REFERENCES
NOTE: Director of Central Intelligence Directives (DCIDs) are provided to
DOE field elements for reference only. The applicable portions of these
documents are or will be incorporated in Orders or procedural guides as
appropriate.
1. Executive Order 12333, "United States Intelligence Activities," of
12-4-81, which sets forth the goals, direction, duties, and
responsibilities with respect to the National Intelligence effort.
2. Executive Order 12356, "National Security Information," of 4-2-82,
which provides requirements for safeguarding National Security
Information, and Information Security Oversight office Directive No. 1,
of 6-25-82, Which assists in implementing Executive Order 12356.
3. Title 42, United States Code (U.S.C.), 2011 et seq., Atomic Energy Act
of 1954, as amended, which describes requirements for the protection of
classified information relating to atomic energy.
4. DOE 5670.1A, MANAGEMENT AND CONTROL OF FOREIGN INTELLIGENCE, of
1-15-92, which establishes guidelines for management of, and assigns
responsibilities for, the foreign intelligence activities of DOE.
5. DOE 5631.1B, SECURITY EDUCATION BRIEFING AND AWARENESS PROGRAM, of
12-31-91, which establishes policies, responsibilities, and
requirements for the implementation of a security education program for
the Department of Energy.
6. DOE 5631.2C, PERSONNEL SECURITY PROGRAM, of 9-15-92, which establishes
the policies, responsibilities, and authorities for implementing the
personnel security program.
7. DOE 5632.1B, PROTECTION PROGRAM OPERATIONS, of 9-8-92, which
establishes policy, responsibilities, and authorities for the physical
protection of security interests.
8. DOE 5639.5, TECHNICAL SURVEILLANCE COUNTERMEASURES PROGRAM, of 8-3-92,
which establishes the technical surveillance countermeasures program.
9. DOE 5639.6, CLASSIFIED COMPUTER SECURITY PROGRAM, of 9-15-92, which
establishes responsibilities and procedures for developing and
implementing a program to ensure the security of information stored in
classified ADP systems.
10. DOE 5300.2D, TELECOMMUNICATIONS: EMISSION SECURITY (TEMPEST), of
5-18-92, which establishes the telecommunications program for emission
security.
11. DOE 5300.3C, TELECOMMUNICATIONS: COMMUNICATIONS SECURITY, of 5-18-92,
which establishes policy, responsibilities, and guidance related to
communications security.
12. DOE 5300.4C, TELECOMMUNICATIONS: PROTECTED DISTRIBUTION SYSTEMS, of
5-18-92, which provides guidance on systems used to transmit classified
or sensitive unclassified information.
13. DOE Procedural Guide, "Security of Foreign Intelligence Information and
Sensitive Compartmented Information Facilities" (Formerly Security
Standards for Sensitive Compartmented Information and Facilities), of
1-1-85, which implements the appropriate portions of DCIDs. This guide
is available from the Headquarters Office of Safeguards and Security.
14. Director of Central Intelligence Directive (DCID) 1/7, "Security
Controls on the Dissemination of Intelligence Information," of 1-7-84,
which establishes policies, controls, and procedures for the
dissemination and' use of intelligence information and materials
bearing the Director of Central Intelligence (DCI) authorized control
markings.
15. DCID 1/14, "Minimum Personnel Security Standards and Procedures
Governing Eligibility for Access to Sensitive Compartmented
Information," of 11-27-84, which enhances the security protection of
SCI through standards, procedures, security programs, and a facilitated
security certification process among Department/agencies.
16. DCID 1/16, "Security Policy on Intelligence Information in Automated
Systems and Networks," of 1-4-83, which establishes policies and
procedures for the security of classified intelligence information
processed or stored in automated systems and networks.
17. DCID 1/19, "Security Policy for Sensitive Compartmented Information,"
of 6-28-82, which establishes policies and procedures for the security,
use, and dissemination of SCI.
18. DCID 1/20, "Security Policy Concerning Travel and Assignment of
Personnel with Access to Sensitive Compartmented Information," of
3-11-85, which establishes the minimum policy concerning assignment and
travel of U.S. Government civilian and military personnel, government
consultants and employees of government contractors who have, or who
have had, access to SCI.
19. DCID 1/21, "Physical Standards for Sensitive Compartmented Information
Facilities," of 9-1-87, which establishes minimum construction and
security protection for all U.S. Government facilities or U.S.
Government-sponsored contractor facilities where SCI may be stored,
used, discussed, and/or processed.
20. DCID 1/22, "Technical Surveillance Countermeasures," of 7-3-85, which
establishes the policy and procedures for the conduct and coordination
of technical surveillance countermeasures.
DEFINITIONS
1. CLASSIFIED INFORMATION. Certain information requiring protection
against unauthorized disclosure in the interests of national defense
and security or foreign relations of the United States pursuant to
Federal statute or Executive order. The term includes Restricted Data,
Formerly Restricted Data, and National Security Information. The
potential damage to the national security of each is denoted by the
classification levels Top Secret, Secret, or Confidential.
2. CONTRACTORS AND SUBCONTRACTORS. For the purpose of this Order,
contractors and subcontractors are those contractors performing work
for the Department of Energy (DOE) which is associated with DOE foreign
intelligence activities.
3. FOREIGN INTELLIGENCE INFORMATION (FII). For the purpose of this Order,
Foreign Intelligence Information is National Security Information
relating to the capabilities, intentions and activities of foreign
powers, organizations or persons, which carry the following special
caveats for control and access:
a. WNINTEL = Warning Notice - Intelligence Sources and Methods
Involved.
b. NOCONTRACT = Not Releasable to Contractors/Consultants.
c. ORCON = Dissemination and Extraction of Information Controlled by
Originator.
4. FORMERLY RESTRICTED DATA (FRD). Classified information jointly
determined by DOE or its predecessors and DOD to be related primarily
to the military utilization of atomic weapons, and removed by DOE from
the Restricted Data category pursuant to Section 142(d) of the Atomic
Energy Act of 1954, as amended, and safeguarded as National Security
Information, subject to the restrictions on transmission to other
countries and regional defense organizations that apply to Restricted
Data.
5. INTELLIGENCE COMMUNITY. Those United States Government organizations
and activities identified in Executive Order 12333 or successor orders
as comprising the intelligence community.
6. NATIONAL SECURITY INFORMATION (NSI). Any information that has been
determined pursuant to Executive Order 12356 or any predecessor order
to require protection against unauthorized disclosure and that is so
designated. The levels TOP SECRET, SECRET, AND CONFIDENTIAL are used
to designate such information.
7. RESTRICTED DATA (RD). All data concerning: design, manufacture, or
utilization of atomic weapons; the production of special nuclear
material; or the use of special nuclear material in the production of
energy, but shall not include data declassified or removed from the
Restricted Data category pursuant to Section 142 of the Atomic Energy
Act of 1954, as amended.
8. SENSITIVE COMPARTMENTED INFORMATION (SCI). Classified information
concerning or derived from intelligence sources, methods, or analytical
processes, which is required to be handled within formal access control
systems established by the Director of Central Intelligence.
9. SENSITIVE COMPARTMENTED INFORMATION FACILITY (SCIF). An accredited
area, room, group of rooms, or installation where Sensitive
Compartmented Information may be stored, used, discussed, and/or
electronically processed.
10. SPECIAL ACCESS PROGRAM (SAP). Any program established under Executive
Order 12356 or the Atomic Energy Act of 1954, as amended, that imposes
additional controls governing access to classified information involved
with such programs beyond those required by normal management and
safeguarding practices. These additional controls may include, but are
not limited to, access approval, adjudication or investigative
requirements, special designation of officials authorized to determine
a need-to-know, or special lists of persons determined to have a
need-to-know.