NHB 1620.3C NASA Security Handbook


NASA                                        NHB 1620.3C, (PART 3)

HANDBOOK                         Effective Date  February 1, 1993

_________________________________________________________________



Responsible Office: JL



Subject:  NASA Security Handbook  (PART 3 of 5)





PREFACE



                  CHAPTER 26:   SECURITY AREAS



2600 GENERAL



     1.   To ensure the successful accomplishment of the NASA

          mission, certain designated security areas may be

          established and maintained by NASA and component

          Installations to provide  protection for property and

          classified material in NASA or a NASA contractor's

          possession.



     2.   This Chapter discusses the designation and maintenance

          of security areas, the responsibilities and procedures

          in connection with such areas, and the penalties that

          may be enforced through court actions against

          violators.  



2601 DEFINITIONS



     1.   Restricted Area.  An area in which security measures

          are taken to safeguard and control access to property

          and hazardous materials, or to protect operations that

          are vital to the accomplishment of the mission assigned

          to a NASA or component Installation.  All facilities

          designated under the NASA Resource Protection (NRP)

          Program shall be restricted areas (as a minimum

          designation).



     2.   Limited Area.  An area in which security measures are

          taken to safeguard classified material or unclassified

          property warranting special protection in which

          uncontrolled movement would permit access to classified

          information.  To prevent unauthorized access to such

          property, visitors may be escorted or other internal

          restrictions implemented.



     3.   Closed Area.  An area in which security measures are

          taken to safeguard classified material where entry to

          the area alone provides visible or audible access to

          classified material.



     4.   Temporary Security Area.  An area in which security

          measures are needed for 30 days or less.  A temporary

          security area may also be established if approval as a

          permanent security area is pending.



2602 ESTABLISHMENT, MAINTENANCE, AND REVOCATION 



     1.   Establishment.  Directors of NASA Field Installations

          and the Associate Administrator for Management Systems

          and Facilities may establish, maintain, and protect

          such areas as restricted, limited, or closed areas

          depending on an area's vulnerability to unauthorized

          access.



          Note:  The previous requirement to notify the NASA

          Security Office of establishment and revocation of

          security areas has been rescinded.  That informa-tion

          will be requested immediately prior to functional

          management reviews of the Installation, and proper

          designation and control will be an item of interest to

          the functional management reviews team.



     2.   Maintenance.  Security measures may vary according to 

          individual situations, but the following minimum

          security measures will be taken in all security areas:



          a.   Post signs at entrances and at intervals along the

               perimeter of the designated area to provide

               reasonable notice to persons about to enter the

               area. Signs should read as shown in Appendix G;

               however, upon request, the Chief, NASA Security

               Office, NASA Headquarters, may approve signs now

               used pursuant to a State statute.



          b.   Regulation of authorized personnel entry and

               movement within the area, denial of entry to

               unauthorized persons or material, and prevention

               of unauthorized removal of classified material.



     3.   Revocation.  Once the need for a security area no

          longer exists, the area will return to normal

          procedures immediately or as soon as practical.



2603 ACCESS 



     Only those NASA employees, contractors, and visitors who

     need access and who meet the following criteria may enter a

     security area:



     1.   Restricted Area.  Subject of an appropriate

          investigation consistent with the mission/task being

          performed (Automated Information Security [AIS],

          Classified, NRP, Personnel Reliability Program [PRP])

          other individuals must be escorted by an authorized

          NASA employee or contractor.



     2.   Limited Area.  To enter a limited area, individuals

          must have a security clearance equal to the

          classification of material in the area, or have

          received a satisfactory NAC if access to classified

          material is not required.  All other individuals must

          be escorted.  Escorts must be authorized NASA employees

          or contractors who meet access requirements and have

          been formally authorized access to the area.  



     3.   Closed Area.  To enter a closed area, individuals must

          have a security clearance equal to the classification

          of the material in the area and a need-to-know.



     Directors of NASA Field Installations and the Associate

     Administrator for Management Systems and Facilities, NASA

     Headquarters, may rescind previously granted authorizations

     to enter security areas when an individual's clearance

     and/or a need-to-know can no longer be justified, his or her

     presence threatens the security or safety of the property,

     or is no longer required for official purposes.



2604 VIOLATIONS 



     Policy



     1.   Removal of Unauthorized Persons/Removal for Non-

          Compliance.  The Directors of NASA Installations and

          the Associate Administrator for Management Systems and

          Facilities may order the removal of any person who

          violates regulations of security areas.



     2.   Criminal Penalties for Violation.  Anyone who willfully

          violates, attempts to violate, or conspires to violate

          any regulation or order involving a security area may

          be subject to prosecution under 18 U.S.C. 799, which

          provides penalties for a fine of not more than $5,000

          or imprisonment for not more than 1 year, 

          or both.



2605 STANDARDS FOR IMPREST FUND AREAS



     Policy



     1.   NASA will furnish adequate protection for funds and

          personnel involved in imprest fund activities.



     2.   Standards will be implemented as Installation resources

          allow and will be commensurate with such factors as

          threat, location, and amount of funds stored and/or

          handled.



     3.   A cashier will be provided with a separate and enclosed

          work space to ensure protection of funds and vouchers

          and to keep interference by other activities and

          personnel of the office at a minimum.  Where possible,

          an imprest fund cage or room of substantial

          construction with a window for paying and receiving

          will be provided.



2606 DEFINITIONS



     1.   Cashier.  A NASA employee who has been designated as a

          cashier by the officer responsible for making

          disbursements and is thereby authorized to perform

          limited cash disbursements or other cash operations.



     2.   Imprest Fund.  A fixed cash or petty cash fund advanced

          by an official Government disbursing office to duly

          authorized cashiers for cash operations.



2607 IMPREST FUND CAGES 



     1.   Windows.  Windows used for the exchange of funds will

          be constructed to prevent persons outside the window

          from reaching money drawers or storage areas.  The size

          and placement of window openings in relation to

          countershelves will create a physical barrier to

          prevent access from the outside.  Windows will be

          bullet-resistant and equipped with a "passthrough slot"

          that will protect the cashier but permit communication

          and transactions.



     2.   Doors.  The cage doors will be solidly constructed and

          fitted with a built-in dial type, changeable, three-

          position combination lock for after-hours security. 

          The lock's combination will be changed at least every 6

          months or on the departure or transfer of persons who

          know the combination.  It must also be changed when

          compromise is suspected or the door is found open with

          the cage unattended.  During normal business hours, the

          door will be kept locked and controlled by a separate

          locking device, such as a normal key lock, to save wear

          on the combination lock.  Doors will have a bullet-

          resistant peep hole so the cashier can identify persons

          requesting entry.



     3.   Intrusion Alarms.  The cage will be equipped with

          magnetic door switches and a volumetric intrusion

          detection system for after-hours security protection. 

          The control (day/night) box will be located within the

          secured area and feature a ring-back system.  The

          system will be monitored at the nearest location of the

          designated security response force.



     4.   Duress Alarms.  The cage will be equipped with a

          discreet duress alarm, such as a kick-bar, which will

          sound an alarm at the nearest location of the security

          response force.  The trigger mechanism must be placed

          in such a manner that the cashier can activate the

          system without alerting the perpetrator.



     5.   Telephone.  The cage will have a telephone, and

          emergency numbers, including the number of the security

          response force, will be posted in the cage.



     6.   Security Patrols.  Random security patrols of the

          Imprest Fund area during normal operating hours will be

          established. Where feasible, after-hours checks of the

          cage by roving security patrols are recommended.



     7.   Containers.  Safes or Class 5, tool-resistant,

          insulated or un-insulated containers appearing on GSA

          or Federal Supply Schedules will be used to store

          public funds.  When more than one person in the Imprest

          Fund Office has cash in his/her possession, each must

          be provided with a separate security container for

          storage.  Combinations of containers must be changed

          every 6 months or upon the departure or transfer of

          persons who know the combination, and when compromise

          of the combination is suspected.



2608 WAIVERS



     ICS may waiver any of the preceding standards if he or she

     considers them impractical or unnecessary due to

     Installation-unique circumstances.  A written record of the

     waiver, along with justification, must be kept on record in

     the Installation's Security Office.







       CHAPTER 27:   STANDARDS FOR SECURE CONFERENCE ROOMS



2700 GENERAL



     This Chapter provides the necessary criteria to construct or

     modify two types of secure conference rooms:  A "Secure

     Conference Room," which does not  transmit information

     electronically, and a "Secure Conference Processing Room,"

     which does.  See Chapter 48 for additional information. 



2701 SECURE CONFERENCE ROOM CRITERIA



     In a "Secure Conference Room," classified discussions at the

     collateral Secret level or lower may be held if authorized,

     but information is not electronically processed.  The room

     is thoroughly examined by Technical Surveillance

     Countermeasures (TSCM) Specialist(s).  Once the TSCM

     Specialist(s) declares the conference room free of listening

     devices and audio hazards, the room will be kept under

     control to prevent the introduction of Clandestine Listening

     Devices.  The following specifications involving walls,

     doors, ducts, and alarm systems apply to a Secure Conference

     Room:



     1.   Walls.  Perimeter walls, floors, and ceilings may be

          constructed without regard to material or thickness as

          long as such walls show no evidence of any attempt at

          forced entry, and they achieve a minimum of 45 Sound

          Transmission Coefficient sound attenuation.  The

          perimeter walls should extend from slab to slab with no

          windows.



     2.   Doors.  All doors (to include jamb) must be

          soundproofed to achieve a minimum of 45 sound

          attenuation.  Any type of perimeter door is acceptable

          if it is of sufficient strength to prevent forced entry

          without evidence.  The door must have a built-in

          combination lock such as the Sergeant and Greenleaf

          Model SM-8470 or equivalent.  If the door is installed

          with the hinges on the exterior, the hinge pins must be

          spot welded or secured by a set screw threaded through

          one point of the hinge and the hinge pin to prevent

          access to the set screw when the door is closed.  All

          other doors must be sealed or barred on the inside with

          a lockable security deadbolt such as a Sergeant and

          Greenleaf model SM-1.  Doors should be equipped with a

          pneumatic door closer  and peep-hole viewing device.



     3.   Ducts/Miscellaneous Openings.  All openings over 580

          square cm/90 square inches will be protected with steel

          bars, 1.27 cm/1/2 inch in diameter, mounted 15.24 cm/6

          inches on center vertically and horizontally, and

          welded at all intersections.



     4.   Alarms.  The requirements for a security alarm system

          depend on the physical location of the room, number and

          type of guards available, hours of operation, type of

          construction, and the degree of threat. The Secure

          Conference Room should be equipped with the following

          systems as a minimum:



          a.   High-Security Balanced Magnetic Door Switches on

               all doors.



          b.   A Volumetric Intrusion Detection Alarm System

               within the room.



2702 SECURE CONFERENCE PROCESSING ROOM



In a "Secure Conference Processing Room," not only is classified

information at the collateral Secret level or lower discussed,

but it is electronically processed.



     1.   Walls.  All walls must be extended from slab to slab

          with material that will furnish physical protection

          equal to that provided by the rest of the wall.  Walls

          with no windows must be constructed so that any attempt

          at forced entry is evident, and they must achieve a

          minimum of 45 sound attenuation.



     2.   Doors.  The room will have only one entrance with the

          following items installed:



          a.   A dial-type, three-position, built-in, group l-R

               changeable combination lock;



          b.   A pneumatic door closer;



          c.   A peep-hole viewing device; and



          d.   A daytime access control device (e.g., a cipher

               lock).



               All other doors must be sealed or barred on the

               inside with a lockable security deadbolt such as a

               Sergeant and Greenleaf Model SM-l.  All doors (to

               include jamb) must be soundproofed to provide a

               minimum of 45 sound attenuation.



          e.   Ducts.  All ducts must be equipped with sound

               baffles that provide a minimum of 45 sound

               attenuation. Any ducts larger than 580.64 square

               cm (90 square inches) must be fitted with steel

               bars or alarms at the point of egress and be

               equipped with duct traps.



          f.   Alarms.  All doors must be equipped with a

               balanced magnetic door switch, and the entire room

               (above and below the false ceiling) must be

               equipped with a volumetric intrusion detection

               system. All control boxes for the system must be

               located inside the room and the system monitored

               by high security line supervision.



2703 TELEPHONES



     1.   All black (unsecured) telephone systems should be

          removed from the Secure Conference Room and Secure

          Conference Processing Room. 



     2.   If a telephone is absolutely essential, an alternate

          system using Telephone Security Group approved

          equipment and methods may be used.  Selection of the

          system should be coordinated in advance with the NASA

          Security Office TSCM representative.



2704 CLASSIFIED MEETINGS HELD IN ROOMS OTHER THAN SECURE

     CONFERENCE ROOMS



     The following measures will be taken when infrequent

     classified meetings are held in rooms not configured per

     paragraphs 2701 or 2702 above.



     1.   Meetings will be limited to collateral Secret or below.



     2.   Positive access control will be implemented.



     3.   A TSCM Specialist, if available, or Security Officer

          will conduct a prior visual inspection and recommend

          security procedures for the meeting. 



2705 SPECIAL CASES



     The preceding specifications do not apply to conference

     areas where the level of security exceeds the collateral

     Secret level. For these areas, additional guidance is

     available on a case-by-case basis.  The NASA Security

     Office, NASA Headquarters, will be contacted for any

     interpretation of these specifications.







 CHAPTER 28:  NASA RESOURCE PROTECTION (NRP) PROGRAM/PROTECTION



2800 GENERAL



     1.   The NRP Program is established per NMI 1600.2, "NASA

          Security Program."



     2.   All NASA Installations will establish procedures to

          implement the NRP Program.  This Chapter establishes

          NRP policy and provides guidance for its

          implementation.  All Installations under NASA's

          jurisdiction will establish procedures to protect key

          facilities under the NRP Program, as well as those

          facilities approved for additional protection by the

          Field Installation Director.



     3.   For NASA Installations in foreign countries, NRP

          procedures will be as mutually agreed between the

          responsible NASA program office and the host government

          and will be consistent with the applicable

          international agreements.



2801 SCOPE



     The NRP Program is limited to that portion of the NASA

     Security Program directed to the protection of designated

     NRP resources.  The NRP Program includes the planning and

     implementation of security measures involving human threats,

     internal and external. The NRP Program does not counter

     natural disasters.  



2802 DEFINITIONS



     1.   NRP Resources.  Those assets identified by the

          cognizant Program Office to be so crucial to the

          success of NASA missions as to warrant an enhanced

          level of protection over that routinely provided to

          NASA facilities.  Include NASA flight vehicles,

          equipment, facilities, and other elements proposed as

          components of NRP by NASA Installations, concurred with

          by the cognizant program office and forwarded to the

          Associate Administrator for Management Systems and

          Facilities in the NASA-wide NRP Program.  NRP resources

          may include critical components and facilities

          associated with the Space Shuttle, expendable launch

          vehicles, associated upper stages, Spacelab, Space

          Station Freedom, National Aerospace Plane,

          communication and control capabilities, Government-

          owned flight or experimental flight vehicles and

          apparatus, and one-of-a-kind irreplaceable facilities,

          such as, wind tunnels, aerodynamic simulators, unique

          contractor sources of critical parts, propellants, and

          production or assembly facilities.



     2.   Category A - Mission Critical Assets.  Those assets

          whose loss could cause the loss of a flight vehicle or

          crew, the capability to process or launch a flight

          mission, or the ability to conduct a critical program

          of research.



     3.   Category B - Mission Essential Assets.  Those assets

          whose loss would significantly hamper the completion of

          a flight operation or of carrying out an essential

          research program.  A maximum delay of up to 6 months to

          restore lost capability must be acceptable for Category

          B to apply.  Each asset must be evaluated on a case-by-

          case basis; if the above criteria cannot be satisfied,

          then the asset must be upgraded to Category A.



     4.   NRP Program Plan.  Consists of those security

          enhancements prioritized and supported by a budget

          plan, and submitted by a NASA Installation to the

          Program Office for budget approval.  The Plan is

          reviewed by the SMWG and the Associate Administrator

          for Management Systems and Facilities.



2803 POLICY



     It is NASA policy to designate and provide reasonable and

     affordable protection within acceptable risks to those vital

     NRP resources for which the Agency is responsible.  These

     unique resources, which support agency and national goals,

     cannot be reasonably replaced; therefore, they will be

     protected as critical or essential NASA resources.



2804 NRP PROGRAM PLAN



     The following guidance governs the preparation of the NRP

     Program Plan:



     1.   Vulnerability assessments will be conducted for each

          NRP facility/item.  These assessments will categorize

          potential adversary forces and weapons systems and will

          develop probabilities or rankings of attack.  The NASA

          Headquarters postulated threat statements as locally

          supplemented will be the basis for each Field

          Installation in the conduct of the specific threat

          assessments.



     2.   To sustain program survivability based on the

          vulnerability assessment, the facilities and systems

          associated with planning, training, and testing, and

          the logistics and production capabilities that support

          these operations, will be protected to the degree

          necessary to preserve the facility/item.



     3.   The NRP System Security Standard, Appendix H, will be

          used to establish specific security measures for NRP

          resources.



     4.   The security measures will be implemented for the

          duration of the program with appropriate security

          intensification during critical operations.



     5.   Flight resources will be protected to the degree that

          an ongoing flight can maintain safe operations and

          program objectives are not jeopardized.  



     6.   Equivalent levels of protection between NASA Field

          Installations, DoD facilities, or other Government

          agencies will be implemented where applicable.



     7.   When an NRP asset is mobile or temporary, the Program

          Office must designate a responsible facility.



     8.   All NASA Installations must submit to the NASA

          Headquarters Program Office and NASA Security Office

          recommendations on assets proposed for inclusion in the

          NASA NRP Program Plan with justification,

          prioritization, and budget strategy clearly described.



     9.   NASA NRP Program Plan.  Cognizant Program Offices will

          review, prioritize, and incorporate proposed

          Installation security enhancements into Program Office

          plans. These plans will detail all approved

          enhancements and the resources required to implement

          them.  Once approved, the Plan will provide the basis

          for incorporation of NRP enhancements in budget

          formulation and program implementation.



     10.  Installation Reviews.  The adequacy of security

          measures for each NRP resource will be continually

          reviewed by each affected Field Installation.  Any

          reported incident or breach is to be assessed for

          possible NRP impact and reported to the NASA

          Headquarters Program Office and NASA Security Office.



     11.  Biennial Review.  The NASA Security Office will review

          the effectiveness of an Installation's security at

          least every 2 years. 



2805 RESPONSIBILITIES



     1.   The Associate Administrator for Management Systems and

          Facilities is responsible for the NRP Program.  These

          duties include establishing overall policy and

          guidance, and providing a focal point, internal and

          external to NASA, for matters pertaining to NRP.  This

          office has overall responsibility for adjudication of

          NRP issues.



     2.   Institutional Program and programmatic Associate

          Administrators are responsible for reviewing plans for

          NRP proposals, appointing representatives to the SMWG,

          advocating the budget, and implementing enhancements.



     3.   Installation Directors are responsible for conducting

          vulnerability assessments, preparing NRP proposals,

          funding approved enhancements, and implementing

          activities to be carried out at Installations.



     4.   The Chief, NASA Security Office, is responsible for

          functional oversight of all NRP-related security

          activities being carried out within the Agency,

          chairing the SMWG, and conducting effectiveness reviews

          of NRP activities at NASA Installations.



2806 PHYSICAL SECURITY RESPONSIBILITIES FOR NRP AND KEY

     FACILITIES



     1.   The Installation Chief of Security (ICS) has the

          following responsibilities:



          a.   Developing the threat assessment for the

               Installation in accordance with Chapter 42 of this

               Handbook.



          b.   Ensuring that security surveys are conducted to

               determine the level of vulnerability of key

               facilities, including all NRP facilities, to

               theft, sabotage, terrorism, vandalism, and violent

               demonstrations.  The survey will be used to

               establish a requisite level of protection that is

               reasonable, affordable, practical, and

               responsible.



          c.   Ensuring all key facilities are included in the

               Installation security plan.



          d.   Developing countermeasures to specific

               vulnerabilities of key facilities. 



          e.   Seeking advice and assistance in the development

               of specific physical security requirements from

               Program Office Security Officials and Program

               Managers. 



          f.   Ensuring that key facilities are checked

               periodically by the Installation Security Force.



          g.   Reporting threats and unusual incidents to NASA

               Headquarters (per Chapter 41).



     2.   NASA Directors of Field Installations have the

          following responsibilities:



          a.   Informing employees of their responsibility for

               securing the facility;



          b.   Identifying the appropriate level of position

               sensitivity needed for unescorted access to a key

               facility;



          c.   Authorizing access to key facilities and providing

               the means to identify individuals who have access;

               and

 

          d.   Prohibiting unauthorized access to the facility.



     3.   NASA supervisors ensure that they and their personnel

          know the criticality and vulnerability of the key

          facility.



     4.   Employees (NASA and non-NASA) report to their

          supervisors any known or suspected practice or

          condition that does not provide proper safeguarding. 



2807 GENERAL



     Required physical security surveys may be confined to a

     single building or extend to encompass an entire remote

     site.  Therefore, reports must be well written and flexible

     enough to accurately document all survey efforts.  (The ICS

     can determine his/her own survey.)



     1.   Survey Personnel.  Well trained survey teams, headed by

          representatives from the Installation Security Office,

          understand that protection problems are affected by the

          nature of the operation, the criticality of the

          resource, and its vulnerability.  They know there is

          rarely any single solution to the protection problems

          of a given Installation.  (The survey team may consist

          of personnel from other offices.)



     2.   The Survey.  A physical security survey is conducted

          during the regular office hours of the Installation,

          office, or facility being surveyed, and also during

          nonduty hours when the threat of surreptitious entry is

          probably highest.



     3.   Minimum Protection Standards.  The survey team chief

          must consider the minimum protection standards in this

          Handbook and strike a careful balance between what

          exists, what is desirable, and what is immediately

          required to provide an acceptable degree of protection.



     4.   Required Surveys.



          a.   Ideally, initial surveys will be conducted before

               a new activity is operational or as soon as is

               practical to determine its ability to protect

               critical and vulnerable resources.



          b.   Annual surveys will be conducted to determine the

               facility's ability to continue to protect its

               resources.



          c.   Special surveys will be conducted when the

               perceived threat changes, or when changes alter

               the protective capability of a facility, building,

               activity, or Installation or when an Installation

               Director requests it. 



          d.   Followup surveys will be conducted until any

               deficiency identified during a survey is corrected

               or a waiver has been granted from JIS/NASA

               Security Office.



     5.   Risk Assessment



          1.   Based on survey results, a risk assessment will be

               presented to the Field Installation's Risk

               Assessment Authority.



          2.   Directors of Field Installations are designated as

               the RAA for the Installation.  The RAA will decide

               if any security standards will be waived. 

               Security standards for Category A, Mission

               Critical Assets, and Category B, Mission Essential

               Assets, are contained in Appendix H.



     6.   Plan of Action



          1.   Based on approval by the RAA, a plan of action is

               developed to establish security measures for the

               protection of the facility.



          2.   Specific measures are implemented in a programming

               document or in operating procedures.







              CHAPTER 29:  SECURITY CONTROL CENTERS



2900 GENERAL



     A properly configured Security Control Center is required

     for the effective command and control of the security force.



2901 EQUIPMENT



     At a minimum, the Security Control Center should include:



     1.   A radio base station with security force frequencies

          and compatible frequencies with local law enforcement.



     2.   An Installation layout map depicting patrol areas, the

          Installation perimeter, and jurisdictional

          responsibilities.



     3.   Operating plans, checklists, and other documents

          stating  requirements including a copy of the

          Installation security plan.

 

     4.   An intrusion detection system (IDS) annunciator panel. 

          If feasible, all Security Alarm Systems should

          terminate at the Security Control Center.



     5.   A telephone system that includes direct lines to key

          facilities and key law enforcement agencies.



     6.   A duress system that annunciates at another location

          and provides direct response forces.



     7.   A self-initiating emergency power source to ensure

          continued operation of the Security Control Center.



2902 ALARM SYSTEM OPERATIONS



     1.   Alarm Response Time.  Site-specific tests will be made

          periodically to ensure timely responses to alarms.  If

          an intruder can enter and depart within 10 minutes and

          the response time is 15 minutes, then measures need to

          be taken to improve response time.  Results of the

          response times shall be critiqued immediately for

          possible improvement and, later, incorporated in the

          facility's security survey.



     2.   Tests



          a.   Alarm equipment and circuits shall be tested at

               least once a month by actual intrusion of the

               protected area or object.  Test results shall be

               recorded noting the test date and the name of the

               person who conducted the test.



          b.   When volumetric or proximity sensors are used,

               sensitivity and walk tests shall be conducted

               periodically to ensure that the degree of required

               sensitivity is maintained.



          c.   False and nuisance alarm rates shall be recorded

               and results analyzed to determine alarm system

               performance.



          d.   All alarm equipment and circuits shall be serviced

               by qualified personnel.



2903 ALARM SYSTEM POWER SOURCES



     1.   Alarm systems require a primary and auxiliary power

          source.



     2.   Auxiliary power shall be supplied by batteries or

          engine-driven generators.  Switch over to the auxiliary

          power must be automatic upon failure of the primary

          power source.  A signal shall be generated to alert the

          Control Center that the system is operating on standby

          power.  If both power sources fail, a signal shall be

          activated on the Security Control Center monitor to

          indicate this condition. 



     3.   Rechargeable batteries shall be kept fully charged and

          nonrechargeable batteries shall be replaced whenever

          the voltage drops 20 percent below the rated voltage. 

          A signal shall be activated on the Security Control

          Center monitor to indicate when this condition exists.



     4.   Auxiliary power sources must be capable of maintaining

          full operation of the alarm system for at least 8

          hours.



     5.   The power supply, other than public utility, shall be

          vented sufficiently to prevent deterioration of any of

          its components as a result of operation under high

          temperatures.



     6.   Power sources shall be serviced by qualified personnel.



2904 ALARM LINE SUPERVISION



     Line supervision limits and line tamper alarm capability

     shall be specified as follows:



     1.   Underwriter Laboratories' Class AA requirements shall

          be met.



     2.   The line shall be continuously supervised so as to

          detect any attempts to short, open, or substitute a

          bogus signal for the legitimate "no alarm" signal.







             CHAPTER 30:  LOCKS AND LOCKING SYSTEMS



3000 GENERAL



     1.   Locks are the most generally utilized security devices;

          however, with the exception of certain specially

          designed combination locks, they are inadequate for

          serious security applications and should not be

          considered alone as appropriate security for classified

          information or high value material/information.  The

          higher the values at risk, the less one can rely on any

          lock, especially if it is used alone.  In those

          situations, locks, without other protective measures,

          are simply inadequate.



     2.   Locks can, however, contribute to an overall crime

          prevention plan.  Various state-of-the-art lock systems

          are available, but the selection of the lock must

          address the ultimate questions of "What is the

          potential highest value at risk at any given time in

          the future?" and "Will the loss of such materials

          create a requirement for expensive investigations by

          the Inspector General (IG), FBI, or security

          personnel?"



3001 POLICY



     1.   NASA Chiefs of Security normally oversee the lock

          system program on their Centers.



     2.   The cognizant NASA Chief of Security should implement a

          program to oversee the use of lock mechanisms at a NASA

          Installation.  This program should include the

          following elements:



          a.   A rationale, stated purpose, and established

               procedures;



          b.   A balance between security and convenience;



          c.   Selection and use of lock mechanisms;



          d.   Established levels of authorization for issuing

               keys; 



          e.   A current system that records the number of keys

               issued, number of keys lost, and identities of

               persons holding keys; and



          f.   Computerized records of the dates combinations are

               due for change. 



          Note:  For security purposes, records of the

          combinations themselves should not be computerized.







                 CHAPTER 31:  AIRCRAFT SECURITY



3100 PHYSICAL SECURITY RESPONSIBILITIES



     1.   The Installation Chief of Security (ICS) has the

          following responsibilities to protect NASA aircraft:



          a.   Ensure that a security survey is conducted on

               resident aircraft, hangars, ramps, and airfields. 

               The security survey will determine the level of

               criticality and vulnerability of NASA flight

               assets to theft, sabotage, terrorism, vandalism,

               and air piracy.  The survey will be used to

               establish a requisite level of protection that is

               reasonable, affordable, practical, and

               responsible.  Appendices I, J, K, L and M contain

               guidelines which will assist in the accomplishment

               of surveys.



          b.   Ensure that specific security measures for the

               protection of NASA Aircraft are included in the

               Installation Security Plan. 



          c.   With the help of aircraft commanders, the ICS will

               develop physical security requirements tailored to

               the configuration of specific aircraft to be

               included in the Pilot's Aircraft Check List. 



          d.   Develop a system to detect the unauthorized

               movement or taxiing of aircraft. 



          e.   Develop an alerting system that promptly advises

               the tower, fire department, security force, and

               other appropriate authorities of such

               insecurities.



          f.   Develop a response procedure in the event of the

               unauthorized movement of an aircraft.



          g.   Report threat or unusual incidents to NASA

               Headquarters, via the serious incident reporting

               system, Chapter 41.  The NASA Security Office will

               advise the NASA Aircraft Management Office of all

               security incidents involving NASA aircraft.



     2.   Aircraft Commanders have the following

          responsibilities:



          a.   Carry out provisions of the Pilot's Aircraft Check

               List, ensuring security of their aircraft at

               transient domestic and international locations.



          b.   Prohibit unauthorized access to their aircraft.



          c.   Ensure that passengers are properly identified and

               that baggage and packages are either associated

               with passengers or are authorized NASA cargo.  If

               baggage is unaccompanied or cannot be identified,

               it will be rejected.



          d.   Conduct security inspections of their aircraft

               before placing it in service and after it has been

               left unattended.



3101 BOMBS OR AIR PIRACY THREATS



     1.   In the event of a bomb threat, an Aircraft Commander

          will conduct a security inspection on the ground before

          the next flight or, if the aircraft is in flight,

          immediately after its next landing.  If the aircraft is

          on the ground, a security inspection will be done

          immediately.



     2.   If an act or suspected act of air piracy is committed,

          the  Aircraft Commander will notify the air traffic

          controller immediately.



     3.   The ICS will also be notified of all such threats.







           CHAPTER 32:  CRIME PREVENTION PROGRAM (CPP)



3200 BACKGROUND



     This Chapter highlights an Installation Crime Prevention

     Program (ICPP).  Crime prevention attempts to reduce,

     eliminate, or neutralize opportunities and conditions that

     tempt and cause individuals to commit crimes. 



3201 OBJECTIVE



     Although we can curb criminal access to certain "tools," it

     is impossible totally to control capability.  What we can

     control is opportunity.  Therefore, crime prevention within

     NASA, and the ICPP in particular, will focus on reducing

     criminal opportunity. 



3202 CRIME ANALYSIS



     1.   Directly tied to risk assessment and how and where

          security resources can be best applied, crime

          analyses reveal patterns and trends in locations,

          methods of operation (MO), correlations to other

          crimes and MO, and time and profit.



     2.   Security education significantly enhances the success

          of the ICPP.  The key importance of such information is

          its dissemination to all personnel to reduce criminal

          opportunity.



3203 RESPONSIBILITIES



     1.   The Associate Administrator for Management Systems and

          Facilities or the Installation Director ensures that

          there are enough personnel, money, and other resources

          to support the ICPP.



     2.   The Installation Chief of Security (ICS) builds a

          progressive crime prevention program, including a

          security education program. 







          CHAPTER 33:  CONTROL AND ISSUANCE OF FIREARMS



3300 AUTHORITY



     The Associate Administrator for Management Systems and

     Facilities may direct the following officers and employees

     to carry firearms on official duty:



     1.   The Chief, NASA Security Office, and designated

          security personnel;



     2.   The Chief of Security, NASA Headquarters (Code JBF),

          Operations, and designated security personnel;



     3.   The Chief of Security of each NASA Installation and

          designated security personnel; and



     4.   NASA employees assigned to security duties, such as

          couriers, guards, or plant protection personnel; and



     5.   NASA contractors and subcontractors engaged in the

          protection of property owned by the United States and

          located at facilities owned by or contracted to NASA.



3301 DEFINITIONS



     1.   Certifying Officials.  The Chief, NASA Security Office;

          Chief Headquarters Security Branch; Director of a NASA

          Field Installation; or the Installation Chief of

          Security.



     2.   Concealed Firearm.  The carrying of a firearm that

          cannot be detected by direct observation.  For reasons

          of safety, concealed firearms should normally be

          carried in a hip or shoulder holster.   



     3.   Unconcealed Firearm.  The carrying of a firearm that

          can be detected by casual or direct observation.  



3302 RESPONSIBILITIES



     1.   NASA certifying officials (see paragraph 3301.1) must

          ensure that all provisions of this Chapter are complied

          with, and will assist NASA procurement personnel in

          their obligations.



     2.   NASA procurement personnel prepare the statements of

          work to be included in a purchase request for contract

          guard service. 



     3.   NASA employees and contractors to whom firearms are

          issued are responsible for strict compliance with all

          the conditions regarding the carrying and use of

          firearms as established in this Chapter and Chapter 34,



          "Application of Force."



     4.   NASA personnel and contractors will not carry firearms

          outside the 50 states, the District of Columbia, and

          Puerto Rico without the advance approval of the Chief,

          NASA Security Office, NASA Headquarters.



3303 CERTIFICATION TO CARRY FIREARMS



     The certifying official will issue a "Certificate of

     Authority to Carry Firearms" (NASA Form 699A or 699B).  The

     following items define the forms, and their use and

     procedures for certification:



     1.   NASA Form 699A is a certification to carry concealed

          firearms which may be issued only to NASA employees,

          other than uniformed guards.  This form will be

          prepared in triplicate and will indicate the date of

          expiration (not to exceed 2 years).  The original

          certificate will be issued to the employee and a copy

          forwarded to the NASA Security Office, NASA

          Headquarters.  Termination of employment or assignment

          to duties not requiring the continuation of a

          certification to carry firearms will require the return

          of the original certificate to the certifying officer. 

          Exceptions to this requirement may be made only by the

          Chief, NASA Security Office, NASA Headquarters.



     2.   NASA Form 699B is a certification to carry unconcealed

          firearms, which may be issued only to NASA contractor

          employees serving as uniformed guards.  This form will

          be prepared in duplicate and will indicate the date of

          expiration (not to exceed the term of any applicable

          guard service contract; otherwise, not to exceed 1

          year).  The form will also identify the specific nature

          and location of official duties which require the

          carrying of firearms.  The original certificates will

          be issued to the employee and will be retained in the

          employee's possession while on official duty.  One copy

          of the certificate will be retained by the NASA

          certifying official.  All losses of certificates will

          be reported immediately to the certifying official. 

          Upon termination of employment or assignment to duties

          no longer needing certification to carry firearms, the

          original certificate will be returned to the certifying

          official.  Exceptions to this requirement may be made

          only by the certifying official.



     3.   NASA Forms 699A and 699B are serialized for control and

          accountability purposes.  Certifying officials maintain

          appropriate accountability records, including

          certification of destruction, for all forms in their

          custody, and ensure that all unused forms are kept in a

          secure storage container other than the one in which

          the accountability records are stored.



     4.   Certifying officials cannot sign their own

          certificates.  Certificates authorizing the issue of a

          weapon to a certifying official will be forwarded to

          Code JIS for appropriate signature.



3304 CONDITIONS UNDER WHICH FIREARMS MAY BE CARRIED



     1.   Firearms may be carried only when all of the following

          criteria are met:



          a.   When the individual is in immediate physical

               possession of a valid NASA certification to

               carry firearms;



          b.   When the individual has successfully completed a

               qualification course for the firearm being carried

               and the qualification is current (refer to

               Appendices N and O);



          c.   When it is necessary and vital in the performance

               of official NASA duties; and 



          d.   With the knowledge and approval of a certifying

               official.



     2.   The wide range of circumstances under which it may be

          necessary to carry firearms requires consideration of

          all pertinent factors, augmented by common sense and

          good judgment.



3305 WEAPONS ABOARD COMMERCIAL AIRCRAFT



     Federal Aviation Administration (FAA) Regulations prohibit

     the carrying on or about his or her person or property a

     deadly or dangerous weapon either concealed or unconcealed,

     accessible to him or her while aboard a commercial aircraft.



     The transport of classified documents or materials is not

     considered justification for carrying a deadly or dangerous

     weapon aboard a commercial aircraft.  If extremely

     compelling circumstances require a NASA employee to carry a

     firearm aboard a commercial aircraft, the following steps

     will be taken:



     1.   Preflight



          a.   A NASA Security Specialist will document the need

               for an accessible firearm on official duty during

               the period from the time the individual would

               otherwise have checked it until the time it would

               have been returned after deplaning.



          b.   The NASA Security Specialist will notify the

               airline of the flight on which the individual

               intends to have a firearm at least 1 hour prior to

               flight departure or,  in an emergency, as soon as

               practical prior to flight departure.



          c.   The NASA Security Specialist will present the

               documentation discussed above in subparagraph a, a

               NASA Security Officer Credential, and a valid

               Certificate of Authority to Carry Concealed

               Firearms (NASA Form 699A) to the airline

               representative.



          d.   Prior to boarding, the armed NASA Security

               Specialist will request and receive a briefing

               from the airline representative on the procedures

               for carrying firearms aboard its aircraft.  Each

               armed person must be notified of the seat location

               of other armed person(s) aboard the flight. 

               Discretion should be used to protect the

               person's identity.



          e.   The Installation Chief of Security will notify and

               receive concurrence from the Chief, NASA Security

               Office, NASA Headquarters, of each instance where

               it is necessary for armed NASA security personnel

               to board commercial aircraft.



     2.   In-flight



          a.   During flight, an armed NASA Security Specialist

               should never take independent law enforcement

               action or intervene in an incident, such as a

               fight between a crew member and an inebriated

               passenger, or a hijacking, unless the captain

               requests assistance.



          b.   A NASA Security Specialist shall not use

               intoxicants while armed with a firearm.



     3.   Checking Firearms and Ammunition in Baggage.  When not

          required during flight, the firearm will be stored,

          unloaded, in a locked container that the airline

          considers appropriate for air transportation.  Before

          checking the baggage, the NASA Security Specialist must

          declare to the airline representative,  orally or in

          writing, that the firearm is not loaded.  Only the NASA

          Security Specialist checking the baggage will retain

          the key to the container.



3306 FIREARMS INSTRUCTION



     1.   The certifying official may designate a firearms

          instructor, who will inform the certifying official in

          writing of an individual's knowledge of the rules of

          firearm safety and the content of this Handbook.  In

          cases involving a contractor guard force, the firearms

          instructor may be appointed from the guard force

          complement.



     2.   The following minimum standards will be met before a

          firearms instructor or certifying official will

          consider an individual qualified to carry firearms:



          a.   Recent firearms training and experience during

               prior employment, such as the Federal Bureau of

               Investigation, Secret Service, police, military,

               or other significant and qualifying experience, if

               individuals qualify under other provisions of this

               Chapter within 30 days of the effective date. 

               These qualifications may be verified by employment

               history or by a personal interview.



          b.   Appropriate NASA training, including firearms

               safety procedures, followed by obtaining a

               qualifying score on a recognized course as

               specified in the next paragraph (3307).



3307 TRAINING



     1.   Personnel should be trained on firearm ranges

          authorized by Federal, state, or municipal authorities.



          Personnel may be certified after firing a qualifying

          score at a Federally certified firearms course (see

          Appendix O of this Handbook).  The NASA Security

          Office, NASA Headquarters, must approve the course and

          minimum qualifying score selected by each Installation.





     2.   As soon as possible after certification, personnel

          should receive testing/training in judgmental shooting

          (whether to shoot or not to shoot), through NASA's

          Firearms Training System (FATS).



3308 MAINTENANCE OF PROFICIENCY



     1.   Personnel authorized to carry firearms will be required

          to fire a qualifying score on an approved course at

          least once every 6 months.   



     2.   All personnel authorized to carry firearms must

          successfully complete testing/training on the FATS

          annually, if possible, or as often as the system is

          available at that NASA Installation.



3309 RECORDS



     The certifying official or firearms instructor will maintain

     records of personnel certified to carry firearms, including

     the basis for qualification, qualifying scores, rounds

     fired, and all other pertinent data.  Records will be

     maintained for 2 years.



3310 FIREARM STANDARDS



     1.   In the interest of effective performance and public

          safety, firearms should not be less than 9mm and not

          greater than .357 magnum caliber.  Standard,

          commercially manufactured ammunition should be

          appropriate to the firearm.  In the interest of safety

          and accuracy, firearms should be manufactured in the

          U.S.A.  The use of foreign manufactured firearms of

          high quality may be authorized by the certifying

          official.



     2.   The use of personal weapons is prohibited.  The use of

          weapons other than those described above (automatic

          rifles, shotguns, etc), must be justified on a case-by-

          case basis and approved by the Chief, NASA Security

          Office.



     3.   Firearms will be periodically inspected and kept in

          good working order by a qualified gunsmith.  Ammunition

          holsters and related equipment will be periodically

          inspected for deterioration and kept in good working

          order.



3311 ACCOUNTABILITY OF FIREARMS



     1.   The control and custody of all firearms within a NASA

          Installation will be under strict accountability at all

          times and will be the ultimate responsibility of the

          certifying official. The certifying official will

          appoint a custodian of all firearms within the

          Installation Security Office and within each contractor

          guard force of each NASA Installation.  Each custodian

          will indicate the acquisition of all firearms in an

          appropriate record, including the date and method of

          acquisition, and full identifying data, that is,  the

          caliber, make, and serial number of each firearm.



     2.   Within 90 days after the effective date of this

          Handbook, all certifying officials will furnish the

          NASA Security Office, NASA Headquarters, the data

          required in the above subparagraph 1, with the

          exception of firearms possessed by contractor guard

          forces.  The initial report will include a complete

          inventory of firearms.  All subsequent changes will be

          reported as they occur.  Current contractor firearms

          data will be maintained in the Installation Security

          Office.



     3.   A receipt system for recording the issuance, transfer,

          and return of all firearms will be maintained by the

          custodian. Receipts will include the following details:



          a.   Dates of issuance, transfer, or return to custody;



          b.   Serial numbers of firearms;



          c.   Signatures of recipients; and



          d.   Signatures of custodians upon return of the

               firearms.



          Note: Both NASA personnel and contractor receipts will

          be retained by each Installation for 1 year.



     4.   Lost, stolen or missing firearms will be reported

          immediately to the NASA Security Office, NASA

          Headquarters.  The report will include all available

          details concerning the event with a complete

          description of the weapon.  The report should not be

          delayed pending a complete report of the circumstances.



          A description of the lost, stolen, or missing firearm

          will be provided to the FBI, and state and local

          police.



3312 STORAGE AND EXCHANGE OF FIREARMS AND AMMUNITION



     1.   Loaded firearms will never be stored.



     2.   Firearms and ammunition will be stored separately in

          secure places at all times.  Storage containers with

          built-in three-position combination locks are adequate.



          Firearms and ammunition will not be stored with money,

          drugs, precious materials, or classified information.



     3.   Weapons will not be exchanged on a guard post.  Any

          exchange necessary will be done only in an area where a

          "clearing barrel" is provided.



NOTE:     The provisions of this chapter do not apply to NASA

          Inspector General Office personnel, whose authority is

          derived from other sources.







                CHAPTER 34:  APPLICATION OF FORCE



3400 GENERAL



     This Chapter establishes procedures to ensure that NASA

     security force personnel exercise use of force in a manner

     consistent with both NASA's security objectives and

     recognized legal standards.  The provisions of this chapter

     do not apply to the Inspector General Office personnel,

     whose authority is derived from other sources.



3401 DEFINITIONS



     1.   Ordinary Force.  A degree of force which is neither

          likely nor intended to cause death or great bodily

          harm.



     2.   Reasonable Force.  Only that force necessary to

          overcome an opposing force.



     3.   Deadly Force.  A degree of force which a reasonable

          person would consider likely to cause death or serious

          bodily harm. 



     4.   Use of Force Report.  A report used to document details

          of the force exercised.



3402 PROCEDURES FOR DEADLY FORCE



     1.   Deadly force shall be used only in those circumstances

          where the security force officer reasonably believes

          that either he, she, or another person is in imminent

          danger of death or serious bodily harm.



     2.   Use of firearms



          a.   If it becomes necessary to use a firearm in any of

               the circumstances described in Section 1203b.106,

               of NMI 1600.3, NASA security force personnel shall

               comply with the following precautions whenever

               possible:



               (1)  Give an order to halt before firing;



               (2)  Do not fire if shots are likely to harm

                    innocent bystanders; and



               (3)  Shoot to stop.



          b.   Warning shots are not authorized.



          c.   In the event that a security force officer

               discharges a weapon while in a duty status, the

               following steps shall be taken:



               (1)  The incident shall be reported to the

                    Installation Chief of Security who, in turn,

                    will report it to the NASA Security Office as

                    expeditiously as possible, with as many

                    details supplied as are available.



               (2)  The officer shall be promptly suspended from

                    duty with pay or reassigned to other duties

                    not involving the use of a firearm, as the

                    Installation Director or the Associate

                    Administrator for Management Systems and

                    Facilities deems appropriate, pending

                    investigation of the incident.



               (3)  The cognizant Installation Director or, for

                    incidents occurring at NASA Headquarters, the

                    Associate Administrator for Management

                    Systems and Facilities shall appoint an

                    investigating officer to conduct a thorough

                    investigation of the incident.  Additional

                    personnel may also be appointed as needed to

                    assist the investigating officer.  Upon

                    conclusion of the investigation, the

                    investigating officer shall submit a written

                    report of findings and recommendations to the

                    appropriate Installation Director or the

                    Associate Administrator for Management

                    Systems and Facilities.



               (4)  Upon conclusion of the investigation, the

                    Installation Director or the Associate

                    Administrator for Management Systems and

                    Facilities, with the advice of counsel, shall

                    determine the disposition appropriate to the

                    case.



     3.   Firearms will be periodically inspected and kept in

          good working order by a qualified gunsmith. 

          Ammunition, holsters, and related equipment will be

          periodically inspected for deterioration and kept in

          good working order.  Firearms and ammunition will be

          securely stored separately in locked containers. 

          Loaded firearms will not be stored.  Neither firearms,

          nor ammunition, will be stored in the same containers

          as money, drugs, precious materials, or classified

          information.  NASA Headquarters and each Installation

          shall adopt procedures for the maintenance of records

          with respect to the issuance of firearms and

          ammunition.



3403 PROHIBITIONS



     1.   The unreasonable use of force, i.e., the use of force

          in excess of the degree required to overcome

          resistance, is considered misconduct.   Such misconduct

          shall result in administrative, civil, and/or criminal

          action against the perpetrator.



     2.   Verbal abuse, verbal threats of violence, non-physical

          threats, or non-violent resistance cannot be the basis

          under any circumstances for the use of force. 



     3.   Firing into or over crowds is strictly forbidden.



     4.   Firearms shall not be fired from or at a moving

          vehicle.



     5.   Firearms shall not be fired when the safety of innocent

          persons, or of property designated as a NASA Resource,

          is endangered by the discharge of such weapon.



     6.   NASA security force personnel shall not draw a firearm

          unless he or she intends to use deadly force.



     7.   Firearms shall not be discharged at escaping prisoners

          who are handcuffed, regardless of pending charges or

          conditions.



     8.   Firearms shall not be knowingly discharged at

          juveniles, unless there is imminent  danger of bodily

          harm by the juvenile.



     9.   Firearms shall not be discharged while seeking to

          apprehend misdemeanants or non-infamous felons.



3404 SECURITY FORCE EQUIPMENT



     Security force equipment must be approved by the

     Installation Chief of Security, with concurrence of the

     Installation Chief Counsel and authorized by the

     Installation Director or Associate Administrator for

     Management Systems and Facilities.



3405 USE OF FORCE REPORT



     1.   The Installation Chief of Security will be responsible

          for the preparation of the Use of Force Report, for the

          following incidents:



          a.   Use of handcuffs;



          b.   Capstun, Mace, CS/CN;



          c.   K-9 dog bites/attacks;



          d.   Use of baton, straight or PR-24;



          e.   Use of physical force, pressure points, wrist

               locks, etc.; and



          f.   Use of firearms in the line of duty.



     2.   The Use of Force Report is structured except for the

          narrative. The narrative will include the following

          details:



          a.   Specific circumstances that caused force to be

               used and type of force/techniques used;



          b.   Extent of injuries inflicted or received;



          c.   Who inflicted and who received the injuries;



          d.   Witness statements;



          e.   A statement verifying that the amount of force

               used by the security force personnel was in

               keeping with NASA policy; and



          f.   The Use of Force Report will be forwarded within

               24 hours to the Chief, NASA Security Office.







               CHAPTER 35:  ARREST AUTHORITY (AA)



3500 GENERAL



     NASA is responsible for protecting vital national security

     interests. To counteract vulnerabilities, Section 206 of

     Public Law 100-685, November 17, 1988, amended Section 304

     of the National Aeronautics and Space Act of 1958.  This

     Amendment authorized the Administrator to prescribe

     regulations, as approved by the Attorney General, for the

     conduct of Arrest Authority (AA).  This policy is

     established in NMI 1600.3, "Arrest Authority and Use of

     Force by NASA Security Force Personnel,"   The provisions of

     this chapter do not apply to NASA Inspector General office

     personnel, whose authority is derived from other legal

     sources.



3501 RESPONSIBILITIES



     1.   The Associate Administrator for Management Systems and

          Facilities is the designated Senior Agency Official for

          AA and has the following responsibilities:



          a.   Directing the AA Program according to NASA

               policies, objectives, and applicable laws and

               regulations.



          b.   Ensuring compliance with the Attorney General's

               Guidelines for Legislation Involving Federal

               Criminal Law Enforcement Authority dated June 29,

               1984.



          c.   Coordinating NASA requirements for AA with the

               Office of the Attorney General Federal Bureau of

               Investigation, Federal Law Enforcement Training

               Center, and other Government agencies as required.



               All such actions must be coordinated through Code

               G.



          d.   Reviewing all NASA Field Installation nominations

               and plans to implement AA, in consultation with

               representatives designated by the General Counsel,

               the Associate Administrator for Management Systems

               and Facilities, and the appropriate Program

               Associate Administrator.



          e.   Reviewing and approving appropriate administrative

               actions to correct abuse or violations of any

               provisions of this regulation.



     2.   The Chief, NASA Security Office, is designated the AA

          Program Manager.  The AA Program Manager has the

          following responsibilities:



          a.   Informing the Senior Agency Official for AA of any

               unresolved problems or any areas of interest in

               which AA guidance is lacking, and any other

               matters likely to impede NASA objectives.



          b.   Periodically reviewing the AA Program and

               recommending to the Senior Official the

               elimination of duplicative elements. 



          c.   Recommending to the Senior Official of the AA

               adequate internal safeguards and management

               procedures.



          d.   The NASA-wide coordination, management and

               collection of statistics summarizing NASA's use of

               the AA program.



          e.   Accrediting training courses in AA in accordance

               with the qualifications listed in paragraph 3503.



     3.   The Associate General Counsel for General Law or

          designee serves as the Legal Counsel for the AA

          Program.



     4.   Directors of NASA Installations and at Headquarters,

          the Associate Administrator for Management Systems and

          Facilities have the following responsibilities:



          a.   Assigning responsibilities and issuing procedures,

               subject to prior NASA Headquarters approval, which

               will implement these instructions.



          b.   Implementing and maintaining the Installation's AA

               Program.



          c.   Forwarding the Annual Agency Arrest Authority 

               Report for the previous fiscal year no later than

               October 15 through the appropriate Program

               Associate Administrator to the Senior Agency

               Official for AA.



          d.   Immediately reporting any abuse or violation of

               this Handbook in writing through the appropriate

               Program Associate Administrator to the Senior

               Agency Official for AA.



          e.   Suspending immediately from duty with pay or

               reassigning to other duties not involving AA any

               person with AA creditably accused of violations of

               AA procedures or instructions, pending

               investigation of the incident.



          f.   At the conclusion of the investigation,

               determining the case's disposition.



3502 IMPLEMENTATION



     1.   Federal, state, and local law enforcement agencies are

          normally responsible for law enforcement at NASA

          Headquarters and Installations.



     2.   Directors of NASA Installations and the Associate

          Administrator for Management Systems and Facilities may

          nominate NASA security employees or contractors for AA

          when Federal, state, and local law enforcement agencies

          cannot provide essential law enforcement services in a

          timely and effective manner.



     3.   Prior to implementation of AA, Directors of NASA

          Installations and the Associate Administrator for

          Management Systems and Facilities shall coordinate with

          their local FBI or U.S. Marshall Office about

          procedures for the appropriate and timely transfer of

          persons arrested.



     4.   Essential law enforcement services include the

          protection of the lives of employees and contractors

          and the protection of valuable property believed to be

          in danger of espionage, sabotage, destruction,

          terrorism, or robbery.



     5.   Law enforcement jurisdictions at NASA Installations

          shall not be amended without the nondelegable

          authorization of the Administrator.



3503 QUALIFICATIONS



     AA shall not be performed unless the Director of the NASA

     Installation or the Associate Administrator for Management

     Systems and Facilities has the following assurances:



     1.   A written report by a physician within the limits of an

          annual examination that the candidate to perform AA

          duties is physically fit as well as emotionally stable.



     2.   That the candidate is currently a certified graduate in

          accordance with the training described in, but not

          limited to, Appendix N, "Arrest Authority Training

          Curriculum."



     3.   That the candidate has completed required inservice

          training in the following areas:



          a.   Use of Force training, intermediate to deadly

               force;



          b.   Current qualification with assigned firearm,

               Appendix O;



          c.   Judgmental shooting with the FATS or an equivalent

               training system; and



          d.   NASA and Installation regulations concerning AA.



3504 PROCEDURES



     1.   Individuals authorized Arrest Authority will carry the

          appropriate Miranda Advisement of Rights cards.



     2.   Policies on providing legal representation will be

          coordinated with the servicing FBI or U.S. Marshall

          offices, as well as the servicing NASA Legal Counsel's

          office. 



     3.   Procedures will be established for the proper

          accounting and safeguarding of all property seized

          incident to an arrest.  This will include clear claim

          of custody procedures as required.



     4.   Procedures will be established with appropriate U.S.

          Attorney's offices of the process to obtain arrest

          warrant as required.







                 CHAPTER 36:  PATROL PROCEDURES



3600 GENERAL



     1.   Security forces are assigned to Installations to

          protect personnel and property, provide traffic control

          and direction, support crime prevention programs, and

          provide day-to-day patrol services, as required.



     2.   To deter crime, security forces place priority on

          preventive patrolling, but enough resources must be

          available to permit such patrols to respond to

          incidents.



     3.   It is NASA policy that driving under the influence of

          an intoxicant and/or an illegal substance will not be

          condoned on NASA Installations.  Center Directors will

          establish necessary procedures to detect, detain, and

          process individuals reasonably suspected of driving

          under the influence at their Centers.  These procedures

          will be consistent with local laws and established

          agreements. 



3601 SECURITY FORCE RESPONSE



     1.   Installation security forces will respond to reported

          criminal incidents, legitimate requests for security

          force services, duress alarms, calls for assistance,

          and all intrusion detection alarms.  They will respond

          immediately to situations in which an individual's

          safety is jeopardized, or when a crime has been

          committed or is in progress.



     2.   Responses will be monitored at least once a month to

          maintain readiness in protecting NASA personnel and

          property.



     3.   Security forces will provide coverage of patrol zones

          in a systematic but random manner, varying their timing

          and route so there is not a predictable pattern.



3602 TYPES OF PATROLS



     1.   Vehicle Security Patrols.  Under most circumstances

          this is the most effective form of patrol.  The vehicle

          provides mobility and the ability to cover a large area

          and carry equipment and personnel.



     2.   Foot Patrols.  Foot patrols may be assigned to small

          areas at Installations with high concentrations of

          personnel or resources.



     3.   Radio.  Each patrol will be equipped with a portable

          intra-Installation radio.



3603 PATROL METHODS



     1.   Based on the principle that the most effective

          deterrent to crime is security force visibility, and in

          the interest of maintaining a posture of prevention as

          opposed to apprehension, covert observation is

          prohibited except in unusual situations and then only

          when approved by the Installation Chief Counsel.



     2.   When driving patrol vehicles, security personnel will

          demonstrate exemplary driving manners.



     3.   Hot pursuit in excess of the speed limit is not

          authorized on NASA Installations.



     4.   Security force patrols must be certain that their

          actions will not endanger life or property.



3604 PATROL COVERAGE



     1.   Patrol coverage will be based on the ICS assessment of

          a facility's critical need and vulnerability.  However,

          each Installation must have at least one 24-hour

          patrol.



     2.   When there is more than one patrol, each patrol area

          must be designed to avoid duplication of work.  Each

          Installation must develop patrol deployment zones based

          on critical need and vulnerability of facilities at

          risk.



     3.   Security force patrol zones should be designed to

          ensure a no longer than 5-minute response to Center

          emergencies.



     4.   Critical and vulnerable facilities should be viewed at

          least three times per shift.  Where there is low

          visibility due to the lack of protective lighting,

          patrol must be increased significantly.



     5.   Patrol coverage must be provided for the following

          places:



          a.   Flight lines, ramps, and hangars;



          b.   Areas designated under the NRP program; 



          c.   Imprest Funds; 



          d.   Banks and Credit Unions on Installation;



          e.   Nonappropriated funds facilities; and



          f.   Liquid Oxygen, Liquid Hydrogen, Liquid Nitrogen,

               Hydrazine storage areas, and other hazardous

               materials storage areas.



          g.   Controlled access rooms or security areas, as

               described in Section 2603 ACCESS, which are

               normally secured, or secured and alarmed, when

               unattended (e.g., Restricted Areas, Limited Areas,

               and Closed Areas).







        CHAPTER 37:  INSPECTION OF PERSONS AND PROPERTY 



3700 POLICY



     NASA reserves the right to conduct an inspection of any

     person, including any property in the person's possession or

     control, as a condition of admission to, or continued

     presence on, any NASA Installation.



3701 RESPONSIBILITY



     The Director for each Field Installation and the Associate

     Administrator for Management Systems and Facilities are

     responsible for implementing the provisions of this Chapter

     in the event of bomb threats, unexplained loss of Government

     property, drug countermeasures, or other unusual situations.



     In the local implementation of this Chapter, the Directors

     of NASA Installations (and component Installations) located

     on Federal property under the control of other agencies will

     coordinate their action with appropriate officials of the

     other agencies concerned.



3702 PROCEDURES



     1.   All entrances to NASA Installations will be

          conspicuously posted with the following notice:



          PURSUANT TO NASA REGULATIONS, THE ENTRANCE OF

          INDIVIDUALS TO, OR THEIR CONTINUED PRESENCE ON, THIS

          INSTALLATION IS CONDITIONAL UPON THEIR CONSENT TO

          INSPECTION OF THEIR PERSONS, AND OF PROPERTY IN THEIR

          POSSESSION OR CONTROL.



     2.   Inspection pursuant to this Chapter will be conducted

          only by NASA Specialists or members of the Installation

          Security Force. Inspectors may be supplemented with

          detection devices and/or sniffer dogs.  Such

          inspections will be conducted in accordance with the

          following guidelines:



          a.   Consent to inspect regulations covering NASA

               employees, contractors, and visitors to NASA

               Installations can be issued in accordance with the

               authority contained under Section 304(a) of the

               National Aeronautics and Space Act of 1958, as

               amended.  



          b.   Consent to inspect must be obtained from the

               person to be inspected giving permission for

               general exploratory inspection while that person

               is on the grounds of a NASA Installation.  The

               person may change their mind at any time and an

               inspection will not be pursued further.  See

               subparagraphs h and i below.



          c.   The objects of inspection may include persons,

               briefcases, luggage, vehicles, and any other

               object in possession of the person at the time

               inspection is made.



          d.   Certain classes of persons can be exempted from

               inspection at the discretion of the NASA

               Administrator.  



          e.   Care must be taken to ensure that all authorized

               inspecting personnel fully understand these

               instructions.  



          f.   Inspecting personnel should exercise good judgment

               at all times prior to or while conducting an

               inspection.  They should avoid exceeding their

               authority or exercising their authority with undue

               severity.



          g.   When inspections are conducted by nonuniformed

               Security Specialists, such persons will present

               NASA Security Credentials to the subject of the

               inspection.



          h.   If anyone should object to such an inspection,

               that person can then simply be excluded from the

               protected area, until the matter can be resolved. 



          i.   If, during inspection, an individual is found to

               be in unauthorized possession of items believed to

               represent a threat to the safety or security of

               the Installation, the individual will be denied

               admission to, or be escorted from, the

               Installation, and appropriate law enforcement

               authorities will be notified immediately.



          j.   Installation instructions based upon the

               requirements of this Chapter will be approved by

               the Installation Chief Counsel and a copy of

               approved instructions furnished to JIS/NASA

               Security Office.







              CHAPTER 38:  LOST AND STOLEN PROPERTY



3800 PHYSICAL SECURITY



     1.   The NASA ICS has the following responsibilities:



          a.   Ensures that current security surveys are

               conducted in storage areas and on loading docks. 

               The surveys will be used to establish a requisite

               level of protection that is reasonable,

               affordable, practical, and responsible. 

               Indicators of poor property management such as a

               lack of audit trail of property transactions or

               infrequent inventories should be reported to

               logistics managers.



          b.   Ensures ample lighting for shipping and receiving

               areas, including doors, windows, and other

               possible points of entry.



          c.   Installs IDS's and provides patrols in vulnerable

               areas.



          d.   Reports missing or stolen Government property

               equipment to NASA Headquarters, Attn:  JIS/NASA

               Security Office.  The report will be submitted as

               a monthly summary to arrive no later than the 15th

               of the following month.  See Appendix P for the

               Monthly Missing/Stolen Government Property Report

               format.



     2.   Directors of NASA Field Installations will establish a

          program designed to eliminate or reduce pilferage and

          establish support programs to include accountability

          and responsibility for Installation resources.  They

          must ensure that adequate controls and safeguards are

          provided for protecting property.



     3.   All NASA employees are responsible for informing their

          supervisors of conditions that may result in property

          loss or theft.







                   CHAPTER 39:  INVESTIGATIONS



3900 POLICY



     1.   The Inspector General (IG) is the focal point for

          referrals of violations of Federal criminal law (except

          those directly related to national security) to the

          DOJ.



     2.   The IG is the focal point for referrals of violations

          of state and local laws to state, county, and local

          investigative and law enforcement authorities.



     3.   The NASA Security Office is the focal point for

          referrals to the DOJ on matters directly relating to

          violations of national security.



     4.   With the exception of crimes directly related to

          national security (such as espionage, sabotage,

          unauthorized release of classified information,

          falsification of security forms, etc.), the IG is

          responsible for investigating violations of law in

          NASA.  Local agreements may be concluded between the IG

          Office and the Installation Security Office, which

          provide for support of the IG investigative

          responsibility.



     5.   The Installation Security Office may conduct

          investigations of those crimes that the IG decides

          not to investigate.



     6.   Focal points will be designated by the Installation

          Security Office and the IG's Office at each NASA

          Installation to ensure timely and effective

          coordination between the two offices.



     7.   Investigations should be conducted by properly trained

          civil service or contractor personnel.  All actions and

          findings must be thoroughly documented in a report of

          investigation.



3901 RESPONSIBILITIES



     1.   Each Installation Chief of Security (ICS's) should

          designate a point of contact to be responsible for

          ensuring proper coordination with the IG Office.  Local

          IG offices are encouraged to make similar designations.



          Realizing that situations may differ from one NASA

          Installation to another, those designated focal points

          should reach an informal (or formal) agreement

          concerning referrals, notifications, and exchanges of

          information which will satisfy the requirements of both

          offices.



     2.   The Installation Security Office will promptly inform

          and coordinate with the IG any incident which will

          require referral to the DOJ (including the FBI) or

          local law enforcement agencies.  The Installation

          Security Office will also inform the IG, by periodic

          report or otherwise, of any incident involving the

          theft of Government property.  The timing and

          methodology of this coordination should be addressed in

          the working agreement cited above.



     3.   The Installation Security Office should establish

          procedures to accomplish an exchange of relevant

          information in cases that might evolve into situations

          of continuing mutual interest (e.g., an offense

          directly related to security such as compromise of an

          information system, which might give rise to a

          traditional Title 18 offense such as theft or misuse of

          Government property), which could result in a joint

          investigative effort.



     4.   The ICS's (to include Code JBF) will report and

          coordinate matters pertaining to National Security with

          the NASA Security Office.



3902 REFERENCES



     1.   The National Aeronautics and Space Act of 1958, as

          amended.



     2.   The Inspector General Act of 1978, Public Law 95-452,

          as amended.



     3.   NMI 1103.27, "Role and Responsibilities of the

          Inspector General."



     4.   NMI 9950.1, "The NASA Investigations Program."



     5.   Chapter 1, "Personnel Security Program," this Handbook.



     6.   Memorandum of Understanding Between NASA and The

          Inspector General, April 23, 1987.







            CHAPTER 40:  DEALING WITH DEMONSTRATIONS



4000 OBJECTIVES



     The primary objectives in dealing with demonstrations are to

     restrict demonstration activity to areas outside

     Installations and to preserve peace while protecting the

     rights of demonstrators to assemble peacefully and exercise

     free speech.



4001 USE OF FORCE



     1.   Demonstrators who have illegally entered NASA property

          will first be politely requested to leave voluntarily.



     2.   Only the minimum amount of force necessary will be used

          to remove demonstrators who refuse to leave NASA

          buildings or grounds.  In most cases, stretchers,

          gurneys, or wheelchairs shall be used to achieve the

          minimum use of force.



     3.   Verbal abuse or verbal threats alone by a demonstrator

          cannot be the basis for use of physical force by

          security force personnel.



4002 OUTSIDE LAW ENFORCEMENT



     The ICS's shall make reasonable efforts to use nonarrest

     methods to manage crowds.  But if demonstrators are

     disorderly or refuse to leave NASA buildings or grounds,

     then law enforcement officers who have the appropriate

     jurisdiction should be summoned for support.  First, ensure

     that sufficient law enforcement personnel are on hand and

     then inform the demonstrators that they must leave the NASA

     building or grounds within a brief period of time, such as

     15 minutes, or face arrest.  Should the demonstrators still

     refuse to leave, law enforcement personnel may arrest them

     and remove them from the building or grounds as quickly as

     possible.



4003 DECISIONS AND RESPONSIBILITIES



     1.   Directors of NASA Installations and the Associate

          Administrator for Management Systems and Facilities

          make the following decisions:



          a.   When to request outside Federal, State, or County

               officials to enter a NASA Installation to enforce

               the law;



          b.   When to curtail activities, or to close the gates

               of the Installation; and



          c.   When to dispatch response teams to demonstrations.



     2.   The ICS's has the following responsibilities:



          a.   Identify the group leadership and purpose of the

               demonstration;



          b.   Determine the expected size, type, activity, and

               time of planned demonstrations; 



          c.   Evaluate and dispatch information to the JIS/NASA

               Security Office;



          d.   Upon instructions from the Installation Director,

               coordinate a plan of action with local law

               enforcement officials;



          e.   Obtain appropriate support from the Installation

               Public Affairs Office, the Installation Legal

               Counsel, and the U.S. Attorney's Office;



          f.   Ensure that the Statement of Work for the contract

               security force includes training in dealing with

               demonstrators as an annual inservice training, and

               as refersher training immediately prior to a

               demonstration; 



          g.   Ensure that all personnel who are authorized to

               carry firearms under the provisions of Chapter 33,

               and all personnel whose actions are governed by

               the limitations and guidelines of Chapter 34

               "Application of Force", receive training in

               dealing with demonstrators as an annual inservice

               training, and as refresher training immediately

               prior to a demonstration; and



          h.   Maintain an event log commencing at the time

               information is first received of a demonstration

               and detailing thereafter all significant events,

               times, places, and actions with the name of the

               NASA official authorizing such actions.







           CHAPTER 41:  THREAT AND INCIDENT REPORTING



4100 GENERAL



     All NASA Installations will implement a threat and incident

     reporting system as required by NMI 1600.2, "NASA Security

     Program", paragraph 5(i).  Its purpose is to keep the

     Administrator and senior management advised on a timely

     basis of serious security-related incidents or threats that

     may affect the NASA mission.  Reports should be upchanneled

     by security personnel who, by training and experience, are

     able to ascertain pertinent information and deliver accurate

     and complete, yet concise reports.  Such information coming

     to Management's attention from other sources can be

     inaccurate or distorted and cause undue consternation.  In

     the event of serious threat information, this report will be

     secondary to the notification of appropriate law enforcement

     or response agencies.  Refer to Appendix Q for format of

     report.



4101 RESPONSIBILITIES



     1.   The Installation Chief of Security ensures that

          incidents are reported to the NASA Security Office

          during duty hours and followed up with a fax that

          describes the incident. 



     2.   The NASA Security Office will upchannel reported

          information from the Chief, NASA Security Office (or

          designated representative) to the Director, Logistics

          and Security Division (Code JI).  If considered

          appropriate, the Director will in turn brief the

          Associate Administrator for Management Systems and

          Facilities (Code J), giving parallel notification to

          the cognizant Program Office Security Officials(s). 

          The Associate Administrator will then decide whether or

          not to brief either the NASA Administrator's Chief of

          Staff/Executive Officer.



     3.   The cognizant Program Office Security Official is

          responsible for making appropriate notifications within

          their respective Program Office. 



     4.   If a principal or designated representative is

          unavailable at any of the cited levels, the information

          will be automatically passed to the next level.



     5.   The person receiving the information in the NASA

          Security Office will be responsible for initial

          notification and conducting all followup until

          officially relieved of that responsibility.



4102 REPORTABLE INCIDENTS



     The following incidents are reportable.  Any other type of

     incident which might have security implications will also be

     reported:





     1.   Felonies committed at NASA Installations;



     2.   Espionage;



     3.   Sabotage;



     4.   Bombing incidents.  Bomb threats which severely impact

          center activities also should be reported;



     5.   Actual demonstrations or strikes.  Planned

          demonstrations/strikes where violence is threatened

          should be reported.



     6.   Shootings or other violent acts; 



     7.   Incidents occurring on NASA property which result in

          the death of a person;



     8.   Security related incidents in which the media has

          become involved and negative publicity is expected;



     9.   An adverse event in an automated systems environment

          that would be of concern of NASA management due to a

          potential for public interest, embarrassment, or

          occurrence at other access, theft, interruption to

          computer/network services or protective controls,

          damage, disaster, or discovery of a new vulnerability;



     10.  Threats against NASA property;



     11.  Threats that will impact NASA missions; and



     12.  Threats against NASA personnel.







                 CHAPTER 42:  THREAT ASSESSMENT





4200 BACKGROUND AND POLICY



     1.   NASA personnel, facilities, and programs are subject to

          a wide range of internal and external threats.  Such

          threats may be presented by natural forces associated

          with weather, geological, seismic, or ocean-related

          phenomena; by the technological sophistication of NASA

          Research and Development (R&D) and test facilities and

          programs, and the inherent risk of component and system

          failure; and by both internal and external attempts to

          disrupt Agency operations or compromise national

          security.



     2.   Agency personnel must be aware of possible threats and

          associated vulnerabilities to ensure effective

          countermeasures are developed and implemented.



4201 THREAT ASSESSMENTS



     1.   The Chief, NASA Security Office, after

          consultation/input from the Installation Chiefs of

          Security, will publish an annual NASA Postulated Threat

          Statement.  Of significant importance are the Agency's

          resources identified under the NASA Resource Protection

          Program.  However, threat assessments should transcend

          formally designated NRP resources and assets, and cover

          the full realm of NASA personnel and physical resources

          and assets.



     2.   The ICS's will use the NASA Threat Statement in

          developing a localized threat statement for their

          Installation.  These assessments, with analysis and

          insight derived from various sources, will be used in

          developing an Installation's security plan.



4202 THREATS



     1.   Although natural disasters and the extent of damage

          they incur cannot be predicted, NASA security, safety,

          and operational personnel must formulate viable

          contingency plans that may be implemented if necessary.



     2.   Technological threats have increased dramatically with

          advancements in technology.  For instance, electric

          power disruption or failure, or hazardous material

          leaks, can be devastating to Agency personnel and

          facilities.  Likewise, the inherent risk of component

          or system failure can compromise a proposed test, or

          actual space flight, with significant life threatening

          implications.  Security personnel obviously share

          concern with all NASA personnel in maintaining the

          integrity of Agency systems and, fortunately, extensive

          mechanical and human controls and back-up systems exist

          to alert personnel of potential or existing threats to

          minimize the impact of technological accidents.



     3.   Threats of significant concern are those generated

          internally by disgruntled or malcontent civil service

          and contractor employees.  Such employees can cause

          damage when they perceive that sufficient motivation

          exists to warrant such activity.  The range of targets

          may vary considerably to include any of NASA's

          personnel or physical assets, resulting in anything

          from personnel casualties to incidental damage.  The

          growing threat of espionage by both hostile and

          "friendly" sources is also of great concern.



     4.   NASA's activities have been particularly stimulating

          and inviting to our adversaries and competitors, and

          they have committed substantial resources to fund a

          variety of space based signals, electronic

          communications, and human intelligence initiatives. 

          Although much of the technology is disseminated

          properly through established programs and channels,

          much is acquired through covert methods.



     5.   Criminal threats through theft, fraud, corruption, and

          the like, may also target Agency resources and

          personnel. 



     6.   Terrorist threats are very unpredictable.  They are

          best assessed through current intelligence information.

          



4203 COUNTERMEASURES



     1.   NASA employs a sound security program to counter these

          threats through NMI 1600.2., "NASA Security Program."



     2.   The Security Program includes a Security Awareness

          Program and the development of an Installation Security

          Plan.



     3.   To ensure an Agencywide standard for reacting to

          periods of increased security threats, the threat

          conditions established in Chapter 43 will be employed

          as required.







           CHAPTER 43:  THREAT CONDITIONS (THREATCON)



4300 GENERAL  



     The protection of NASA employees and assets from acts of

     violence or coercion at NASA owned or leased property in the

     U.S. or abroad will be given priority, especially during

     periods of heightened threat.  Although absolute protection

     against such acts is not possible, protective procedures

     will be based on the threat level, and reflect a balance

     among the degrees of protection required, the resources

     available, Agency mission requirements, and other pertinent

     factors.  In addition to assistance from the NASA Security

     Office, NASA Installations should obtain support from local

     representatives such as the FBI, Department of State, and

     state and municipal law enforcement agencies.



4301 THREATCON



     1.   This Chapter establishes the NASA Threat Condition

          (THREATCON) program.  It is intended to standardize

          terms and establish basic security policy that can be

          implemented by the Administrator and Installation

          Directors.  These THREATCON's are also used by DoD and,

          since we are co-located with DOD on many Installations,

          this approach provides for a greater consistency to

          threat reactions.



     2.   The Administrator will establish and may change, or

          rescind NASA-wide THREATCON's.  Installation Directors

          may implement THREATCON's for their Center based on the

          threat situation, but they may not change or rescind

          THREATCON's established by the Administrator. 

          Installation Directors will implement THREATCON

          established by the Administrator and may establish

          threatcons for their Center based on a local threat

          situation.



     3.   The NASA Security Office will monitor the threat status

          in the Agency and maintain close liaison with national

          level intelligence and security agencies for threat

          information.



     4.   Field Installation security offices will maintain close

          liaison with their supporting FBI offices and local law

          enforcement agencies for threat information.



4302 DEFINITIONS



     1.   THREATCON Alpha.  Implemented when there is a general

          warning of possible hostile activity, the nature and

          extent of which are unpredictable and response may be

          long-term.



     2.   THREATCON Bravo.  Implemented when there is an

          increased and more predictable threat of hostile

          activity even though no particular target has been

          identified.



     3.   THREATCON Charlie.  Implemented when an incident has

          occurred or a confirmed intelligence report states that

          hostile action is imminent.



     4.   THREATCON Delta.  Implemented when an attack has

          occurred or is underway.



4303 REQUIRED RESPONSE



     1.   THREATCON Alpha



          a.   Advise all employees of the condition; 



          b.   Increase general security awareness;



          c.   Secure buildings, rooms, and storage areas not in

               regular use;



          d.   Increase package security; 



          e.   Check all deliveries; and



          f.   Conduct ID checks for entry. 



     2.   THREATCON Bravo



          a.   Continue all THREATCON Alpha measures; 



          b.   Require all employees to wear badges; 



          c.   Conduct random package inspections; 



          d.   Identify and monitor visitors; 



          e.   Curtail special events and visitors; and 



          f.   Increase guards and patrols.



     3.   THREATCON Charlie



          a.   Continue all THREATCON Bravo measures; 



          b.   Inspect all packages; 



          c.   Admit only essential visitors under escort; 



          d.   Establish random Installation checkpoints;



          e.   Cancel special events; 



          f.   Limit number of entry and exit points; 



          g.   Perform a consent search on all entering vehicles;



          h.   Cancel vacations for security personnel; 



          i.   Establish 24 hour patrols; and  



          j.   Alert local law enforcement agencies. 





     4.   THREATCON Delta



          a.   Continue all THREATCON Charlie measures; 



          b.   Close the Installation to all visitors; 



          c.   Limit entry and exit to a single point; 



          d.   Augment security forces as necessary; 



          e.   Minimize all administrative journeys and visits;

               and



          f.   Frequently check the exterior of buildings and

               parking areas.







   CHAPTER 44:  REFERRALS TO THE UNITED STATES SECRET SERVICE



4400 GENERAL



     The United States Secret Service (U.S.S.S.) has requested

     that NASA provide them with appropriate information to aid

     in completion of their protective mission.  NASA will

     provide information as outlined in this Chapter.



4401 U.S.S.S. RESPONSIBILITIES



     Under the direction of the Secretary of the Treasury, the

     U.S.S.S. is authorized to protect the following persons:



     1.   The President, the Vice President (or other officer

          next in the order of succession to the Office of the

          President), the President-elect, and the Vice

          President-elect.



     2.   The immediate families of those individuals listed in

          paragraph 1 above.



     3.   Former Presidents and their spouses for their

          lifetimes, except that protection of a spouse shall

          terminate in the event of remarriage.



     4.   Children of a former President who are under 16 years

          of age.



     5.   Visiting heads of foreign states or foreign

          governments.



     6.   Other distinguished foreign visitors to the United

          States and official representatives of the United

          States performing special missions abroad when the

          President directs that such protection be provided.



     7.   Major Presidential and Vice Presidential candidates

          and, within 120 days of the general election, the

          spouses of such nominees/candidates.



     8.   Foreign diplomatic missions located in Metropolitan

          D.C. (and others as specified under statutes).



4402 NASA RESPONSIBILITIES



     Any information that originates through NASA and may affect

     the U.S.S.S.'s mission must be brought to the attention of

     the Secret Service Intelligence Division, commercial

     telephone number (202) 535-5731/Secure number: 5310. 

     Information falling in the following categories should be

     promptly provided:



     1.   Information pertaining to a threat, plan, or attempt by

          an individual, a group, or an organization to

          physically harm or kidnap the persons protected by the

          United States Secret Service or any other high

          government officials.



     2.   Information pertaining to threats, incidents, or

          demonstrations against foreign diplomatic missions

          (embassies, chanceries, consulates).



     3.   Information pertaining to individuals, groups, or

          organizations who have plotted, attempted, or carried

          out assassinations or kidnapping of United States or

          foreign senior government officials.



     4.   Information concerning the use of bodily harm,

          assassination, or kidnapping as a political weapon

          (this should include training and techniques used to

          carry out the act).



     5.   Information pertaining to persons who insist upon

          personally contacting high government officials for

          redress of imaginary grievances, etc.



     6.   Information pertaining to any persons who make oral or

          written statements about high government officials in

          the following categories:



          a.   Threatening statements;



          b.   Irrational statements; and



          c.   Statements expressing unusual interest/fixation.



     7.   Information pertaining to terrorists (individuals,

          groups) and their plans, capabilities, and activities

          (bombings, etc.).



     8.   Information pertaining to the ownership or concealment

          by individuals or groups of caches of firearms,

          explosives, or other implements of war when it is

          believed that their intended use is for other than

          legal purposes.



     9.   Information concerning individuals who are perceived to

          be acting irrationally in their efforts to make

          personal contact with high government officials;

          information concerning anti-American or anti-U.S.

          Government demonstrations abroad; information

          concerning anti-American and anti-U.S. Government

          demonstrations in the U.S. involving serious bodily

          injury or destruction of property or an attempt or

          credible threat to commit such acts to further

          political, social, or economic goals by said

          intimidating and coercive tactics.



     10.  Information regarding civil disturbances



          a.   Please provide pertinent information to Secret

               Service Intelligence Division commercial telephone

               number: 202/535-5731. Secure number: 5310.



          b.   The Secret Service does not desire or solicit

               information pertaining to individuals or groups

               expressing legitimate criticism of, or political

               opposition to, the policies and decisions of the

               U.S. Government or its officials.



          c.   Future information that would impact, such as the

               commencing and terminating of protection for

               Presidential candidates, will be forwarded to NASA

               on a timely basis.







               CHAPTER 45:  DEALING WITH THE MEDIA



4500 POLICY



     1.   Under NASA policy, NASA Security Offices will

          disseminate as much information as practical concerning

          its activities and results.  



     2.   Information to the news media will be released

          according to the provisions of NMI 1380.4, "Release of

          Information to News and Information Media."  Questions

          about the application and implementation of NMI 1380.4

          should be directed to the appropriate office cited in

          the NMI.



     3.   NASA security personnel will cooperate with the news

          media to the fullest extent possible while exercising

          both their fiduciary and statutory responsibilities to

          protect security information.



4501 RESPONSIBILITIES



     1.   NASA Installation Chiefs of Security (ICS's) should

          designate a point of contact in their office to

          coordinate any release of information to the news

          media.  This individual should ensure that appropriate

          coordination is effected with both the media and

          appropriate offices specified by NMI 1380.4 to ensure

          that requests are dealt with promptly and that the

          releases are properly made.



     2.   NASA security employees are ultimately responsible for

          their own conduct while dealing with the media.  They

          should exercise caution to not prejudice, through word

          or action, the Agency's security program.  All

          responses to the media should be "on the record" and

          for distribution.



4502 FOREIGN MEDIA



     Operating within any constraints applied to foreign visitors

     by the respective NASA Installation, foreign media

     representatives will be accorded the same courtesy and

     cooperation as that accorded to the U.S. media.







          CHAPTER 46:  COMMUNICATIONS SECURITY (COMSEC)



4600 REFERENCES



     1.   National Security Directive No. 42, July 5, 1990.



     2.   NTISSI 4000 Series On Communications Security (COMSEC).



          (Multiple dates).



     3.   NTISSI No. 7000, "TEMPEST Countermeasures for

          Facilities," October 17, 1988.



     4.   NACSIM 5203, "Guidelines for Facility Design and

          Red/Black Installation,"   June 30, 1982.



     5.   NTISSIP Nr. 1. National Policy on Application of

          Communications Security to U.S. Civil and Commercial

          Space Systems, June 17, 1985.



     6.   National Communications Security Committee (NCSC)-6,

          "National Policy Governing the Disclosure or Release of

          Communications Security Information to Foreign

          Governments and International Organizations," January

          16, 1981.



     7.   National Communications Security Committee (NCSC)-1,

          "National Policy for safeguarding and Control of COMSEC

          Material, January 16, 1991.



4601 GENERAL



     This Chapter establishes the responsibilities and provides

     guidelines for implementation of a totally integrated NASA

     Communications Security Program.



4602 DEFINITIONS



     Communications Security (COMSEC).  The protection resulting

     from all measures designed to deny unauthorized persons

     information of value which might be derived from the

     possession and study of telecommunications, or to mislead

     unauthorized persons in their interpretation of the results

     of such possession and study.  COMSEC includes the following

     types of security:



     1.   Cryptosecurity.  The provision of technically sound

          crypto-systems and their proper use.



     2.   Transmission Security.  All measures designed to

          protect transmissions from interception and

          exploitation by means other than cryptanalysis.



     3.   Physical Security.  All physical measures necessary to

          safeguard classified equipment, material, and documents

          from access thereto or observation thereof by

          unauthorized persons.



     4.   Emission Security.  Frequently referred to as TEMPEST. 

          All measures taken to deny unauthorized persons

          information of value that might be derived from

          intercept and analysis of compromising emanations from

          cryptoequipment and telecommunications systems. TEMPEST

          countermeasures are considered on a case-by-case basis

          consistent with the policy and procedures established

          in NTISSI No. 7000.



4603 BACKGROUND



     1.   Secure Communications.  The security of Federal

          telecommunications is a national responsibility

          requiring all participants' adherence to policy. 

          Experience has shown that failure to plan and integrate

          appropriate telecommunications security measures early

          in a system's life-cycle, whether it be a classic

          acquisition program or a purely research and

          development effort, has caused many problems relating

          to adequacy and optimization of COMSEC measures based

          on limited program funds.  NASA participants

          responsible for COMSEC must satisfy the requirements of

          the National Security Telecommunications and

          Information Systems Security Committee (NSTISSC), and

          the departments and agencies of the Federal Government,

          throughout the life-cycle of various programs.



     2.   The Secretary of Defense is the U.S. Government's

          Executive Agent for COMSEC.  The Director, National

          Security Agency (NSA), is the national manager for

          COMSEC matters.



     3.   All types of nonsecure telecommunications are

          vulnerable to interception and exploitation by foreign

          signals intelligence (SIGINT).  SIGINT incorporates

          communications intelligence (COMINT), electronic

          intelligence (ELINT), and telemetry intelligence

          (TELINT).  COMINT has the greatest impact on NASA

          telecommunications on a day-to-day basis.  Prime

          sources of valuable COMINT include clear voice and

          data, or unencrypted telephone/radio, and unencrypted

          facsimile (Fax) communications.  Foreign Intelligence

          Services, using various intercept platforms, have a

          worldwide COMINT capability.  In addition to the

          traditional nations utilizing Hostile Intelligence

          Services (HoIS) as a threat to our communications, it

          is estimated that a growing number of nations are

          developing SIGINT capabilities to gain an economic and

          technological edge over the United States.  This is

          particularly true as strategic emphases shift from

          military strength to economic competitiveness.  Still

          other elements are using information gained from the

          interception of communications for furthering their

          terrorist and/or criminal activities.



     4.   The application of COMSEC measures protects

          telecommunications from foreign intelligence

          exploitation and ensures the authenticity of such

          communications.  Encryption with an approved

          cryptosystem and radio silence are the best defenses

          against HoIS and adversarial COMINT efforts.



     5.   Communications circuits can be protected by appropriate

          physical, acoustical, electrical or electromagnetic

          safeguards, such that classified data can be

          transmitted on these links in clear text (when

          information is transmitted to or from an area not under

          access controls consistent with that required for the

          classification of the information).  These circuits

          must be formally approved as a Protected Distribution

          System (PDS).  The following COMSEC measures may also

          be required:



          a.   Authentication;



          b.   Proper operator skills, discipline and training;



          c.   Safeguarding and control of COMSEC material;



          d.   Transmission security;



          e.   COMSEC awareness; and



          f.   Command emphasis on COMSEC matters.



     6.   COMSEC measures should be periodically reevaluated

          because of advances in SIGINT technology.



4604 POLICY



     1.   NASA cannot totally protect its communications systems

          and networks from intercept and exploitation.  However,

          NASA will comply fully with national COMSEC policy by

          ensuring that U.S. Government national security systems

          shall be secured by such means as are necessary to

          prevent compromise, denial of service, or exploitation.



          National security systems that are operated and

          maintained by U.S. Government contractors must likewise

          be secured.



     2.   It is NASA policy to comply with national policy and

          measures shall be instituted within NASA to ensure:



          a.   Classified information is transmitted securely by

               telephone, and digital data are exchanged between

               mainframes, personal computers (PC), Fax machines,

               and video teleconferencing.  Classified

               information transmitted from  an area not under

               access controls will be secured by encryption or a

               PDS.  Fiber optic lines can also be adequately

               protected by Intrusion Detection Optical

               Communications Systems approved by NSA.



          b.   Government or Government contractor sensitive

               national security-related information transmitted

               over NASA telecommunications links will be

               protected by approved COMSEC techniques.



          c.   COMSEC requirements for NASA telecommunications

               systems, including space operations, shall be

               identified during preliminary design reviews,

               development, installation, and operation.



     3.   Command uplinks, classified payload information and

          information revealing classified aspects of a mission,

          will be transmitted only by secure means.  NASA

          protection of unclassified satellite and space systems

          command/control uplinks will be determined by the

          responsible NASA program office in coordination with

          Code JIS and the National Security Agency.



     4.   Upon determination by data owners that sensitive

          unclassified information requires cryptographic

          protection, the Data Encryption Standard (DES) should

          be employed except under the following circumstances:



          a.   Compliance with the standard would adversely

               affect the accomplishment of the mission of an

               operation of a Federal computer system.



          b.   Compliance would cause a major adverse financial

               impact on the operator, which is not offset by

               Government savings.



     5.   The following items shall be cryptographically

          protected by the use of NSA-endorsed COMSEC equipment: 

          Classified, Unclassified Government, or Government-

          derived sensitive information involving intelligence

          activities; cryptographic activities; direct command

          and control of military forces; equipment which is an

          integral part of a weapon or weapon system; direct

          fulfillment of a military or intelligence mission; and

          other items  related to national security.



     6.   Commercially developed privacy or security equipment

          using the DES or a commercial algorithm shall not be

          used to protect or encrypt any form of classified data

          within NASA.



     7.   NASA should consider only commercial telecommunications

          equipment that meets Federal Information Processing

          Standard Publication 140 (General Security Requirements

          for Equipment Using the Data Encryption Standard) for

          the protection of unclassified national security-

          related sensitive information.



     8.   NSA- and National Institute of Standards and Technology

          (NIST) approved techniques may be used separately, or

          in various combinations, to protect the transmission of

          unclassified sensitive information.  There are a number

          of cryptographic products and associated keying

          materials acceptable for this purpose:



          a.   Type I Products.  May be used to protect both

               classified and unclassified information.



          b.   Type II Products.  May be used only to protect

               unclassified information and are handled as

               Endorsed for Unclassified Cryptographic Items

               (EUCI).



     9.   Only NSA-produced keying material shall be used to

          encrypt classified information.



     10.  Only NSA-produced or -endorsed authentication systems

          shall be used for NASA telecommunications systems.



     12.  TEMPEST countermeasure(s) determination decisions and

          Red/Black separation criteria will be coordinated with

          the NASA COMSEC Manager prior to the following actions:



          a.   The acquisition and installation of all

               telecommunications and automated information

               systems equipment and facilities which

               electrically or electromagnetically generate,

               store, process, transfer, or communicate NASA

               classified information.



          b.   Installation of an unclassified system in a

               facility that has existing classified processing

               systems.



     13.  The NASA TEMPEST policy is in consonance with national

          policy, requiring the use of TEMPEST countermeasures in

          proportion to the threat of exploitation and the

          associated potential damage to national security.



          a.   NASA and NASA contractors shall strictly adhere to

               NTISSI 7000, TEMPEST Countermeasures For

               Facilities, when determining the applicable

               TEMPEST countermeasures for NASA and NASA-owned

               contractor equipment, systems, and facilities that

               process classified national security information.



          b.   Prior to making a TEMPEST countermeasure(s)

               determination and implementation, the NASA

               Installation TEMPEST Officer/TEMPEST Focal Point

               should always review a security and cost analysis

               and coordinate with the NASA COMSEC Manager.  



     14.  Applicable PDS requirements shall be addressed early in

          the facility design phase, and coordinated with the

          NASA COMSEC Manager prior to approval.



     15.  NASA telecommunications systems shall be continually

          assessed for threat and vulnerability, and should be

          protected through the continuous use of safeguards such

          as COMSEC, computer security, and administrative,

          procedural, physical, and personnel security controls.



4605 RESPONSIBILITIES



     1.   NASA's primary authority for managing an Agencywide

          communications security program has been delegated

          through the Associate Administrator for Management

          Systems and Facilities (Code J), through the Director,

          Logistics and Security Division (Code JI), to the

          Chief, NASA Security Office (Code JIS).



     2.   Code JI is responsible for programming, funding, and

          allocating resources to support NASA COMSEC management

          activities and  ensuring that NASA implements national

          COMSEC policies, directives, criteria, standards, and

          doctrine.



     3.   Code JIS is responsible for overall COMSEC Program

          management, including policy and oversight.  Specific

          responsibilities include designating a management

          official knowledgeable in both communications and

          communications security management principles and

          practices, to serve as the NASA COMSEC Manager and

          apprising Installation Directors, through appropriate

          Associate Administrators, of COMSEC audits and

          recommending appropriate improvements.



     4.   NASA COMSEC Custodian and Alternate COMSEC Custodian

          selection criteria and responsibilities are outlined in

          the NASA Communications Security Manual:



               Receiving, storing, shipping, and accounting for

               all material issued to NASA accounts, and

               maintaining accurate records of these

               transactions.



     5.   NASA Program Managers are responsible for ensuring that

          Government-prescribed communications security policies,

          standards, guidelines, and procedures are promulgated

          and implemented in all organizations under their

          management by: 



          a.   Ensuring compliance with all security

               requirements, standards, and procedures applicable

               to secure communications systems; and ensuring

               only COMSEC materials distributed through the

               COMSEC Material Control System (CMCS) are used.



          b.   Ensuring COMSEC requirements are considered from

               the conceptual stage for all new facilities,

               systems, and applications through which classified

               or unclassified Government or Government-derived

               national security-related information is to be

               processed.



          c.   Ensuring the NASA COMSEC Manager's involvement and

               concurrence is obtained from the conceptual stage

               for all COMSEC systems.



          d.   Ensuring secure communications systems are

               approved by the NASA COMSEC Manager prior to

               commencing classified or unclassified, but

               sensitive, operation.



          e.   Coordinating with the NASA COMSEC Manager, prior

               to the release of any Requests for Proposals

               (RFP), Statements of Work (SOW), or other contract

               packages where COMSEC measures may be required.



          f.   Ensuring that contracts that require the

               transmission of classified and/or sensitive

               Government-derived national security-related

               information, by and between NASA and NASA

               contractors, identify the requirement for COMSEC

               protection.



          g.   Ensuring that contracts involving the electrical

               processing of classified information by NASA

               contractors at Government-owned facilities

               (including Sensitive Compartmented Information

               Facility [SCIF's]), the DD Form 254 (DOD Contract

               Security Classification Specification) and other

               contractual documents will specify that TEMPEST

               control measures will comply with NTISSI 7000.



          h.   Identifying and prioritizing COMSEC requirements

               to protect NASA telecommunications and providing

               such information to the NASA COMSEC Manager.



          i.   Providing validated, qualitative, and quantitative

               operational requirements for COMSEC material,

               equipment, and systems to the COMSEC Central

               Office of Record (COR), Code JIS, through their

               supporting COMSEC Custodians.



          j.   Determining operational requirements for secure

               communications with NASA participants in other

               countries.  Program managers, in coordination with

               the NASA COMSEC Manager, will collaborate with NSA

               and appropriate foreign governments or

               international military authorities to identify and

               recommend the COMSEC material and procedures to be

               used to satisfy validated requirements.  Such

               actions shall be limited to COMSEC matters for

               each specific release authorized by national

               authorities.



     6.   Field Installations.  NASA Field Installations are

          responsible for the following actions:



          a.   Naming a COMSEC representative responsible for

               consulting with the NASA COMSEC Manager on COMSEC

               issues impacting on their respective Field

               Installation operation, and attending any COMSEC

               conferences or working groups prescribed by the

               NASA COMSEC Manager.

     

          b.   Naming a TEMPEST single focal point familiar with

               national TEMPEST threat and vulnerability

               assessment methodology, who shall be responsible

               for coordinating with the NASA COMSEC Manager

               details concerning TEMPEST countermeasure(s)

               applications.



               Note:  NASA Installations with only moderate

               COMSEC requirements may choose to designate their

               primary COMSEC Office as their COMSEC Custodian

               and their TEMPEST single point of contact.  A

               single individual may be designated for these

               functions with the concurrence of the NASA COMSEC

               Manager.



          c.   Ensuring Field Installation COMSEC custodians

               coordinate the following with the NASA COMSEC

               Manager: 



                    All Field Installation COMSEC account-related

                    matters, all day-to-day business with NSA,

                    and those COMSEC account transactions

                    impacting on NASA COMSEC COR operations,

                    along with issues and initiatives that impact

                    on the overall NASA COMSEC program.



4606 COMSEC EVALUATION



     Staff assistance visits including an audit of each NASA

     COMSEC account will be conducted periodically.  NASA

     contractor accounts established solely for the purpose of

     servicing NASA will continue to be audited by NSA.







                 CHAPTER 47:  COMPUTER SECURITY



4700 INTRODUCTION



     1.   NASA has one of the largest, most complex computer

          environments in the Federal Government.  These Centers

          manage computer resources on a decentralized basis at a

          large number of Data Processing Installations (DPI's),

          many of which are operated under contract.  The

          computer system configurations range from the largest

          mainframe and supercomputers to minicomputers,

          microcomputers, and intelligent/engineering

          workstations.  Computing operations support Earth and

          space mission functions ranging from administrative

          computing in office settings to scientific and

          engineering computing in academic, research center,

          production plant, and space vehicle environments. 

          Protecting such diverse environments involves a

          continuing management process of balancing user needs

          for unrestricted access to information with the

          sometimes conflicting requirements to control access

          and preserve integrity.  Increasing incidents of

          international electronic intrusions and electronic

          worm/virus penetrations are expected to become more

          technically complex and widespread.



     2.   Public law (Computer Security Act of 1987 (PL 100-

          235))and national policy require Federal agencies to

          establish security programs for all automated

          information systems, whether maintained in-house or

          commercially.  Not only does NASA's public image depend

          on the reliability and security of computer resources

          but also, and of greatest importance, human life often

          depends on such resources.



4701 LEVEL OF PROTECTION 



     Selection of protective measures should be based on risk

     assessments and cost/benefit ratios in relation to the

     sensitivity, criticality, and/or value of the automated

     information to prevent unauthorized access, alteration,

     destruction, removal (e.g., theft), disclosure, and delays.



4702 BUILT-IN SECURITY



     Some automated systems are acquired "off the shelf" and can

     be used immediately.  Others are specially developed over

     months or even years.  Once a system is fully operational,

     security options are somewhat limited.  However, if security

     is designed into the development of hardware and software,

     security options increase dramatically and security costs

     drop substantially.  Therefore, NASA managers should address

     the security requirements in the early planning stages, and

     throughout the entire life-cycle of automated systems.



4703 RESPONSIBILITIES



     1.   In the development of automated information resources,

          scientists and engineers should focus on NASA's goal of

          cost-effective protection without inhibiting innovative

          technology and its advancement.



     2.   Anyone who manages, designs, programs, operates, or

          uses NASA automated information resources must

          contribute to the security of NASA automated

          information.  



4704 BENEFITS



     Everyone benefits from a secure system:



     1.   Restricting access can greatly contribute to an

          information system's integrity.



     2.   Systems subject to a quality assurance/certification

          process are more efficient.



     3.   Technology used in a controlled environment is more

          reliable.



4705 REFERENCES



     See NHB 2410.9, "NASA Automated Information Security

     Handbook," and NMI 2410.7, "Assuring the Security and

     Integrity of NASA Automated Information Resources," for more

     detailed information.







   CHAPTER 48:  TECHNICAL SURVEILLANCE COUNTERMEASURES (TSCM)



4800 DEFINITIONS



     1.   Technical Surveillance (TS).  Covert installation or

          modification of equipment to monitor (visually or

          audibly) activities within the target areas or to

          acquire classified information by technical means.



     2.   Technical Surveillance Countermeasures (TSCM).  Those

          measures taken to prevent, detect, and neutralize

          efforts to acquire classified information by technical

          surveillance.



4801 PROGRAM



     A TSCM program includes the following three distinct

     categories:



     1.   Nullification.  Measures taken to nullify or prevent

          the placement of technical surveillance devices. 

          Nullification techniques include soundproofing

          conference rooms (including vents); removing telephones

          from security areas or installing protective devices on

          those which cannot be removed; removing excess wiring;

          inspecting utility tunnels and crawl spaces near

          security areas; and using noise generators or music to

          mask sensitive conversation.



     2.   Detection.  TSCM surveys and detailed physical and

          electronic inspections of sensitive areas are conducted

          to detect technical surveillance devices or technical

          security hazards. 



4802 JUSTIFICATION, GUIDANCE AND SUPPORT



     1.   If an ICS decides a TSCM program is warranted, the ICS

          should implement the program. To facilitate training

          and sharing of information, the ICS should ensure that

          all TSCM technicians/specialists are cleared for access

          to Special Intelligence (SI) information.  In support

          of classified projects, reports and administrative

          documents generated by the program will be classified,

          protected, and distributed in accordance with Security

          Classification Guide Number 17 and Policy Guidance

          Memorandum Number 5.



     2.   The Security Operations Office of the NASA Security

          Office, with the assistance of a designated TSCM

          technician from a NASA Field Installation, will provide

          the following support:



          a.   Disseminating pertinent technical security

               information applicable to TSCM operations;



          b.   Coordinating initial and advanced training for

               TSCM technicians/ specialists; and



          c.   Coordinating TSCM support between NASA Field

               Installations as requested.



     3.   The NASA Security Office will review NASA TSCM programs

          at Headquarters and at Field Installations as a part of

          scheduled Functional Management Reviews (FMR's).







    CHAPTER 49:  NASA SYSTEMS ACQUISITION MANAGEMENT PROGRAM



4900 PURPOSE



     This Chapter establishes formats, contents, and procedures

     for a NASA System Acquisition Protection Management Program.



     The objective of the NSAP Management Program is to adopt a

     "systems security" approach in NASA acquisitions by

     introducing provisions for security as early as possible in

     the system design, acquisition or modification processes,

     thereby making such provisions an integral part of future

     NASA systems whenever appropriate. The NSAP Management

     Program is implemented by establishing definitive NASA

     guidance in the acquisition or modification of systems,

     equipment, and facilities; analyzing security design and

     engineering vulnerabilities; and developing recommendations

     consistent with other design and operational considerations.



     NSAP supports the development of programs and standards to

     provide life-cycle security for critical NASA resources. 

     This policy is established in NMI 1600.2, "NASA Security

     Program," paragraph 5d.



4901 APPLICABILITY



     NSAP tasks are selectively applied in contract

     specifications, requests for proposals, statements of work,

     and NASA in-house efforts requiring an NSAP management

     program.  The word "contractor" includes NASA activities

     that develop systems, equipment, and facilities.



4902 TASK DESCRIPTIONS AND APPLICATION



     1.   Task descriptions are tailored as needed and applied to

          system acquisition protection management programs. 

          When preparing a proposal, the contractor may include

          additional and modified tasks as long as supporting

          rationale is provided.



     2.   NASA and industrial organizations responsible for

          system acquisition protection management programs must

          select tasks which can materially aid in attaining

          overall security objectives in a cost-effective manner.



          Once tasks have been selected, they may be tailored. 

          Further, the timing and depth required during the

          various acquisition phases are often driven by

          interface with other ongoing program activities.  For

          these reasons, specific rules are not defined for all

          task requirements.



4903 DEFINITIONS



     1.   Acquisition Program.  Directed procurement efforts for

          a NASA program, facility, or institution funded through

          NASA appropriations.  This program may include

          development or modifications to existing systems.



     2.   Adversary Models.  Composites of adversary mission or

          program objectives, adversary mission or program

          scenarios, and success criteria which could threaten

          each potential design of an operational or support

          system.



     3.   Adversary Scenario.  A set of tactics which a potential

          adversary could use to accomplish a mission or program

          objective.



     4.   Concept Exploration.  Beginning at Mission/Program Need

          Determination, the initial phase of the system

          acquisition process.  During this phase, the

          acquisition strategy is developed, system alternatives

          are proposed and examined, and the systems program

          requirements document is expanded to support subsequent

          phases.  Successful completion of this phase

          constitutes milestone I.



     5.   Configuration Item (CI).  Hardware and software, or any

          of its discrete portions, designated by NASA for

          configuration management.  CI's may vary widely in

          complexity, size, and type, from an aircraft,  or an

          electronic or space system, to a test meter.  During

          development and initial production, CI's are only those

          specification items referenced directly in a contract

          (or an equivalent in-house agreement).  During the

          operation and maintenance period, any repairable item

          designated for separate procurement is a configuration

          item.



     6.   Contract Data Requirements List (CDRL).  Document used

          to order ("buy") and request delivery of data.  Tells

          contractor what data to deliver, when and how it will

          be accepted, and where to look for instructions.



     7.   Contract Work Breakdown Structure (CWBS).  The complete

          work breakdown structure for a contract, developed and

          used by a contractor in accordance with the contract

          statement of work.



     8.   Cost Tradeoffs.  The tradeoffs between nonrecurring and

          recurring costs accrued in system acquisition and the

          operational life cycle.



     9.   Countermeasure.  A design or procedural measure taken

          to counter a known or postulated covert or overt

          vulnerability. It includes deterrence, detection,

          discrimination, alarm, and response activities.



     10.  Critical Design Review (CDR).  Determines if the detail

          design satisfies the performance and engineering

          specialty requirements of the development. 

          Specification establishes detail design compatibility

          between the item and other items of equipment

          facilities.  Computer programs and personnel assess

          producibility and risk areas, and review the

          preliminary product specifications.  The CDR is

          conducted during full scale development.



     11.  Demonstration and Validation.  Normally, the second

          phase in the acquisition process, following Milestone

          I.  Consists of the following steps necessary to

          resolve or minimize problems identified during concept

          exploration; verify preliminary design and engineering,

          build prototypes, accomplish necessary planning, fully

          analyze tradeoff proposals, and prepare contract.  The

          objective is to validate the choice of alternatives and

          to provide the basis for determining whether or not to

          proceed into full-scale development.



     12.  Electronic Security.  The protection resulting from all

          measures designed to deny unauthorized persons

          information of value which might be derived from the

          interception and study of friendly noncommunications

          electromagnetic radiations.



     13.  Facilities.  Land, buildings, structures, or other real

          property improvements separately identified on the real

          property records.  Facilities are categorized as

          technical support real property, critical subsystems,

          nontechnical support real property (NSRP), and

          industrial facilities.  Refer to NHB 8831.2.



     14.  Full-Scale Development (FSD).  Normally the third phase

          in the acquisition process, following Milestone II. 

          The systems/equipment and the principal items necessary

          for its support are fully developed, engineered,

          designed, fabricated, tested, and evaluated.  The

          intended output is, as a minimum, a preproduction

          system which closely approximates the final product,

          the documentation necessary to enter the production

          phase, and the test results which demonstrate that the 

          product will meet stated requirements.



     15.  Integrated Logistics Support.  A composite of all the

          support considerations necessary to ensure a system is

          effectively and economically supported for its life

          cycle.  An integral part of all other aspects of system

          acquisition and operations.



     16.  Life Cycle Cost (LCC).  Includes all categories, both

          contract and in-house, and all related appropriations. 

          It is the total cost to NASA for a system over its full

          life, and includes the cost of development,

          procurement, operation, support and, where applicable,

          disposal.



     17.  Maintainability.  A measure of the time or maintenance

          resources needed to keep an item operating or to

          restore it to operational status (or serviceable

          status).  Maintainability may be expressed as the time

          to do maintenance (for example, maintenance downtime

          per sortie); as a usage rate (for example, maintenance

          work hours per flying hour); as the number of staff

          members required (for example, maintenance personnel

          per operational unit); or as the time to restore a

          system to operational status (for example, mean

          downtime).



     18.  Maintenance Concept.  A description of maintenance

          considerations and constraints.  The operating

          activity, with the help of implementing and supporting

          activities, develops a preliminary maintenance concept

          and submits it as part of the preliminary system

          operational concept for each alternate solution.  The

          preliminary maintenance concept is refined during the

          validation phase and becomes the system maintenance

          concept during full-scale engineering development.  The

          maintenance concept is expanded in scope and detail and

          becomes the maintenance plan.



     19.  Operational Test and Evaluation (OT&E). Test and

          evaluation, initial operational test and evaluation,

          and follow-on OT&E conducted in as realistic and

          operational environment as possible to estimate the

          prospective system utility, operational effectiveness,

          and operational suitability.  In addition, OT&E

          provides information on organization, personnel

          requirements, and policy.  It may also provide data to

          support or verify material in operating instructions,

          publications, and handbooks.



     20.  Preliminary Design Review (PDR).  Conducted on each

          configuration item to evaluate the progress, technical

          adequacy and risk resolution of the selected design

          approach. Conducted to also determine its compatibility

          with performance and engineering specialty requirements

          of the development specification, and to establish the

          existence and compatibility of the physical and

          functional interfaces between the item and other items

          of equipment, facilities, computer programs, and

          personnel.



     21.  Production and Deployment.  Normally the fourth phase

          in the acquisition process following Milestone III. 

          Systems are procured, items are manufactured,

          operational elements are trained, and the systems are

          deployed.



     22.  Program Area Analysis (PAA).  Continuous analysis of

          assigned program responsibilities to identify

          deficiencies in the current or projected capabilities

          to meet essential program needs, and to identify

          opportunities for the enhancement of capability through

          more effective systems and less costly methods.



     23.  Program Security Official (PSO).  The PSO serves as the

          first point of contact externally, and as the focal

          point internally, on program security matters within

          the responsibility of the Program Office Associate

          Administrator.  Primary responsibility for program

          security rests with the Program Office Associate

          Administrators.



     24.  Security Criteria.  The set of requirements that should

          be met to enable the security system to provide a

          maximum degree of effective deterrence at the lowest

          cost.



     25.  Security Subsystem.  That part of a system which is

          added specifically for the performance of security

          functions and not categorized as components of other

          subsystems.



     26.  Security System.  The aggregate of all mechanical and

          electronic equipment countermeasures and security

          disciplines in a system which contribute to its

          security.



     27.  Subsystem.  An element of a system that, in itself, may

          constitute a system.



     28.  System Acquisition Protection. An element of system

          engineering that applies scientific and engineering

          principles to identify security risks and minimize or

          contain vulnerabilities associated with these risks. 

          It uses mathematical, physical, and related scientific

          disciplines, and the principles and methods of

          engineering design and analysis to specify, predict,

          and evaluate the invulnerability of systems to security

          threats.



     29.  System Acquisition Protection Management.  An element

          of program management that ensures system security

          tasks are completed.  These tasks include developing

          security requirements and objectives; planning,

          organizing, identifying, and controlling the efforts

          that help achieve maximum security and survivability of

          the system during its life cycle; and interfacing with

          other program elements to ensure security functions are

          effectively integrated into the total system

          engineering effort.



     30.  System Acquisition Protection Management Plan (SAPMP).

          A formal document that fully describes the planned

          security tasks required to meet system security

          requirements, including organizational

          responsibilities, methods of accomplishment,

          milestones, depth of effort, and integration with other

          program engineering, design and management activities,

          and related systems.



     31.  Technology Tradeoffs.  Tradeoffs among risks; that is,

          the effect of technology on the development of new

          hardware, software, or procedures.



     32.  Threat Validation.  A documented confirmation by NASA

          or other Government agencies that the intelligence

          contained in a threat assessment applies to the program

          tasks and is consistent with current intelligence

          community estimates.



     33.  Vulnerability.  In system acquisition protection, the

          susceptibility of systems or components to overt or

          covert security threats that would result in the loss

          of resources. Security vulnerability is measured in

          terms of function or absence of function design.



     34.  Work Breakdown Structure (WBS).  A product-oriented

          family tree division of hardware, software, services,

          and other work tasks which organizes, defines, and

          graphically displays the product to be produced, as

          well as the work to be accomplished to achieve the

          specified product.



4904 REQUIREMENTS



     1.   A NASA System Acquisition Protection (NSAP) Management

          Program shall be developed, consistent with other

          design and operational considerations, for all major

          systems to support economical achievement of overall

          program objectives.  All NASA in-house efforts and

          contracts for major systems shall require a NSAP

          Management Program tailored for each program in

          coordination with the PSO.  To be considered efficient,

          the NSAP management program accomplishes the following:

          



          a.   Enhances the operational readiness and program

               success of the resource;



          b.   Identifies and reduces potential vulnerabilities

               to security threats;



          c.   Provides management information essential to

               system security planning; and



          d.   Minimizes its own impact on overall program cost,

               schedule, and performance.



     2.   Systems acquisition is divided into the following four

          phases: concept exploration, demonstration and

          validation, full-scale development, and production and

          deployment.  During each of the four phases, the

          following general NSAP requirements are accomplished:



          a.   In the concept exploration phase, develop system

               security criteria, describe the baseline security

               system design, and conduct security threat and

               vulnerability studies.



          b.   In the demonstration and validation phase, through

               a series of analyses, validate the baseline

               security system design described during the

               concept exploration phase, and prepare preliminary

               performance specifications for security hardware

               and software.  Identified threats and

               vulnerabilities are processed through system

               design modifications and risk management.



          c.   In the full-scale development phase, the security

               system should be fully designed and integrated. 

               Security system hardware and software should be

               acquired or developed against the specifications

               prepared in the demonstration and validation

               phase.



          d.   In the production and deployment phase, implement

               the security system design via production and

               conduct deployment planning.



     3.   Purpose.  The NSAP program establishes, as part of each

          major acquisition development and upgrade program,

          appropriate procedures to identify security risks and

          resulting actions to eliminate or contain associated

          vulnerabilities.  Further, it provides a means to

          ensure that necessary security requirements (physical,

          personnel, technical, communications, and information

          security, etc.) are adequately considered and, when

          appropriate, incorporated in the overall system

          development program.



     4.   Application Guidance.  NSAP requirements exist, in

          various degrees, throughout the life cycle of a major

          development and/or upgrade program.  As such, the NSAP

          program shall be tailored to facilitate continuation of

          the NSAP objectives through each of the following

          acquisition phases:  Concept Exploration, Demonstration

          and Validation, Full-Scale Development, and Production

          and Deployment.  It shall also accommodate

          modifications, test and evaluation, and research and

          development.



     5.   Task Requirements



          a.   Concept Exploration Phase.  The primary output of

               the NSAP program during this phase is the

               identification of a broad range of security

               criteria and concepts which satisfy operational

               conditions and program requirements. These

               criteria are conceptualized early in the system

               acquisition process.  At the beginning of the

               Concept Exploration Phase, the managing activity

               will evaluate available information from

               operational requirements documentation used to

               explore concepts for integrated security

               solutions.  During this early phase, all possible

               security requirements shall be consolidated and

               evaluated to achieve a defined security concept.

               Ultimately these system security requirements

               shall be validated (Demonstration and Validation

               Phase) as part of the definition of system

               security criteria.



               (l)  System Acquisition Protection Management Plan

                    (SAPMP).  The SAPMP shall be developed to

                    describe the contractor's security

                    engineering and management approach,

                    including how the contractor will interact

                    with NASA subcontractors and vendors, and the

                    anticipated level of contribution from each. 

                    The contractor shall also describe methods

                    which shall be implemented to ensure program

                    schedules are maintained.  The SAPMP applies

                    to these requirements.



               (2)  Threat Definition and Analysis.  Threat

                    definition is, in most cases, provided by

                    intelligence sources in the form of a

                    statement and/or scenarios which identify

                    anticipated adversaries, their skills,

                    capabilities, dedication, and size.  A threat

                    analysis is accomplished to further identify

                    adversary program objectives as they pertain

                    to the system and provide a preliminary

                    estimate of the effect of the threat on each

                    conceptual system baseline or design

                    alternative.  This analysis shall include a

                    credible worst case threat extending over the

                    projected life of the system.  The threat

                    environment, as defined at this point,

                    represents a best quantitative estimate

                    available, on the basis of current threat

                    information, and is used to validate system

                    acquisition protection criteria.



               (3)  Preliminary System Acquisition Protection

                    Concept (PSAPC).  Based on the threat

                    definition, vulnerability analysis, and

                    existing security systems already in place,

                    if any, a preliminary system acquisition

                    protection concept shall be developed.  The

                    PSAPC is generally prepared by NASA and will

                    be provided to the contractor for use and

                    possible update during subsequent program

                    phases.  However, NASA may task the

                    contractor to prepare this document.  The

                    PSAPC may be general in nature, but as a

                    minimum shall describe program task,

                    operational systems, operational environment,

                    and personnel/human resources, equipment and

                    employment issues.  The PSAPC, coupled with

                    threat definitions and operational

                    requirements documents provided by the

                    managing activity, serves as source material

                    for further defining system acquisition

                    protection requirements.  Data Item

                    Description-2 (DID-2), PSAPC, applies to

                    these requirements.  See Appendix R.



               (4)  Acquisition Protection Requirements

                    Definition.  Acquisition protection program

                    requirements shall be developed to support

                    the proposed system acquisition protection

                    security concept, including a discussion on

                    each security element identified in the

                    SAPMA.  Documents made available by the

                    managing activity include threat assessments,

                    operational concepts, program statements,

                    etc. General system characteristics or

                    capabilities that might be required to

                    adequately secure the system are also

                    identified.



               (5)  Technology Assessments and Cost Studies.

                    Ultimately, security technologies must be

                    deployed which will satisfy defined

                    requirements, support the operational

                    concepts, and secure the system against

                    defined threats and vulnerabilities.  To do

                    this, both Government developed and

                    commercially available hardware shall be

                    assessed.  Preliminary assessments shall be

                    made of hardware and/or software

                    applicability, operability, suitability,

                    supportability, and/or affordability of

                    various technological options.



               (6)  Logistics Support.  Prepare a Logistics

                    Support Plan or an appendix to the overall

                    system logistics support plan.  The plan

                    shall identify management objectives and

                    procedures for accommodating logistics

                    requirements associated with security systems

                    and subsystems.



               (7)  Security Training Requirements.  Training

                    requirements and anticipated skill levels

                    necessary to effectively operate and maintain

                    security systems shall be identified.  Course

                    material to support training requirements

                    shall be developed.



               (8)  Preliminary Security Vulnerability Analysis. 

                    A vulnerability analysis of the preliminary

                    baseline design shall be conducted.  DID-3,

                    Security Vulnerability Analysis, applies to

                    these requirements.  See Appendix R.  This

                    analysis includes the following actions:



                    (a)  Identifying logical security

                         vulnerabilities of the system in its

                         projected operational environments and

                         addressing general threats stated in

                         threat definition documents;



                    (b)  Defining security system functional

                         requirements which may effectively

                         secure the system from exploitation; and



                    (c)  Choosing candidate safeguards and

                         safeguard configurations to mitigate or

                         reduce identified vulnerabilities. 



               (9)  Security Classification Requirements.  A

                    security classification guide is provided by

                    NASA and used to identify specific

                    classification decisions for contractor

                    prepared deliverables.



          b.   Demonstration and Validation Phase.  The goal of

               the Demonstration and Validation Phase is to

               translate qualitative security criteria, developed

               during the Concept Exploration Phase, into

               quantitative security criteria for specifications

               that can be used during the Full-Scale Development

               Phase.  This phase is concerned with "validating"

               the system acquisition protection concept and

               selecting specific "design-to" requirements on the

               basis of a series of analyses, trade studies, and

               prototypes, etc.



               (1)  Threat Assessment and Adversary Program

                    Analysis.  An adversary program analysis

                    shall be conducted.  DID-4, Adversary Program

                    Analysis, applies to these requirements.  See

                    Appendix R.  This analysis shall include the

                    following tasks:



                    (a)  Adversary program scenarios.  Using the

                         information from the threat analysis

                         conducted in the Conceptual Phase,

                         program objectives shall be determined

                         and approaches that potential

                         adversaries could use shall be

                         described.  Physical paths by which the

                         adversary could execute each scenario

                         shall be analyzed.



                    (b)  Estimating adversary success criteria.



                    (c)  Cataloging adversary program objectives

                         and success criteria according to each

                         variation in the design of the system.



                    (d)  Synthesizing adversary models.



                    (e)  Recommending safeguards and

                         configurations for security tradeoff

                         analysis.



               (2)  Preliminary System Acquisition Protection

                    Concept (PSAPC).  The PSAPC prepared during

                    the Conceptual Phase shall be updated and

                    expanded. DID-2, PSAPC, applies to these

                    requirements.  See Appendix R.



               (3)  Review Security Regulatory Requirements. 

                    NASA security program regulatory requirements

                    shall be evaluated and potential deviations

                    identified, assessed, and validated.



               (4)  Security Vulnerability Analysis.  Update the

                    security vulnerability analysis of each

                    candidate safeguard and each adversary model.



                    Security vulnerabilities of each proposed

                    safeguard shall be evaluated, and the

                    candidates ranked according to their

                    effectiveness.  DID-3, Security Vulnerability

                    Analysis, applies to these requirements.  See

                    Appendix R.



               (5)  Security System Tradeoff Analysis.  A

                    security system tradeoff analysis shall be

                    conducted using approved candidate

                    safeguards.  Variables to be considered shall

                    include security effectiveness and cost of

                    facilities, manpower, equipment, schedule,

                    system performance impacts, supportability,

                    maintainability, technology, etc.  The

                    program schedule will be the ultimate

                    discriminator.



               (6)  Subsystem and System Specification Inputs.

                    Preliminary specification inputs shall be

                    developed to identify general system security

                    requirements, specific security hardware and

                    software definition, and security

                    qualification requirements.  These inputs

                    shall be designed to be incorporated into

                    system development and product

                    specifications.  DID-5, System/Subsystem

                    Specification, applies to these requirements.



                    See Appendix R.



               (7)  Manpower Impact Assessments.  Human resources

                    requirements associated with the deployment

                    of security systems shall be identified.



          c.   Full-Scale Development Phase.  The primary goals

               of the NSAP program in this phase are to develop

               the hardware, firmware, and software components of

               the pre-production prototype system according to

               system specification; verify compliance with

               specification requirements supported by

               engineering development tests; qualify security

               subsystems; and document the information required

               to enter the production phase.



               (1)  System Acquisition Protection Requirements

                    Definition.  System acquisition protection

                    requirements shall be defined.  This task is

                    part of the system requirements analysis that

                    implements the system acquisition protection

                    and logistics support analysis objectives. 

                    It shall include the NSAP program

                    requirements as derived from an operational

                    analysis and an assembly, installation, and

                    checkout technical analysis.  The results of

                    this task shall be included in the system

                    design review.



               (2)  System Acquisition Protection Management Plan

                    (SAPMP).  This plan, which is initially

                    developed in the Concept Exploration Phase

                    and updated in the Validation Phase, shall be

                    further expanded during Full-Scale

                    Development.  The plan describes the

                    contractor's system acquisition protection

                    management approach in detail.  It shall

                    include an approach for analytical

                    verification analysis.  DID-l, System

                    Acquisition Protection Management Plan,

                    applies to these requirements.  See Appendix

                    R.



               (3)  Subsystem and Interface Specifications. 

                    Develop subsystem and interface

                    specifications.  Subsystem and interface

                    specifications detail components and piece

                    parts procured separately and define the

                    design, function, and procedural interfaces

                    in the development and operation of the

                    Government Furnished Equipment

                    (GFE)/subsystem.



               (4)  System Acquisition Protection Design.  This

                    task uses system acquisition protection

                    requirements to perform a preliminary design

                    of the major subsystems that comprise the

                    overall security system.  The following

                    analysis and testing shall be performed to

                    validate components that may be required to

                    ensure functional performance of the

                    preliminary designs.



                    (a)  Component Screening.  Candidate GFE and

                         Contractor Furnished Equipment (CFE)

                         security system components performing

                         given functions shall be identified and

                         selected for analysis to satisfy

                         specification requirements.



                    (b)  Component Response Analysis.  Selected

                         components shall be analyzed to

                         determine if their response to the

                         specified environments and stimuli are

                         acceptable.



                    (c)  Engineering Test.  At the preliminary

                         design stage, tests shall be performed

                         on simulated components such as

                         breadboard circuits, nonproduction

                         assemblies, etc., to provide data that

                         complements or supplements the response

                         analysis.



               (5)  Subsystem Verification Analysis.  This

                    analysis verifies that each subsystem meets

                    the requirements of the system acquisition

                    protection criteria and security requirements

                    in applicable subsystem, interface,

                    component, and test specifications.  It shall

                    be performed to assess the inherent

                    capability of the security system at the

                    subsystem level.



                    (a)  Threat Rejection Logic.  During the

                         Validation Phase, a number of adversary

                         models that might possibly engage the

                         system were synthesized.  The number of

                         adversary models used to perform

                         tradeoff analysis was probably large

                         initially.  However, many alternatives

                         will have since been discarded because

                         they have ceased to be relevant for one

                         of three possible reasons:  (a) the

                         adversary program objective is now out

                         of scope as a practical goal; (b) there

                         are no longer any plausible means to

                         satisfy program objectives; or (c) the

                         adversary threat is not (or is no

                         longer) officially considered viable.

                         The first two reasons may be related to

                         the system design or operational

                         concepts as presently defined.  The

                         third is related to the official

                         estimate of the vulnerability incident

                         to threat and risk assessments. 

                         Adversary models shall be evaluated and

                         a small number of them selected for

                         detailed analysis.



                    (b)  Detailed Adversary Modeling.  The

                         remaining adversary models shall be

                         revised according to current threat

                         projections and developed in sufficient

                         detail to model all the important

                         variables.  These models may be used

                         again in system level verification

                         analysis.



                    (c)  Subsystem Response Modeling.  During the

                         period between preliminary design review

                         and critical design review, the design

                         of the security system is in a continual

                         state of detailed development.  The

                         process of screening components,

                         software, procedures, etc., is an

                         interactive process.  Promising

                         components shall be selected for

                         response modeling.  This modeling shall

                         be of sufficient detail to permit a

                         thorough description of subsystem

                         critical functional and subsystem

                         responses to specified environments and

                         threat stimuli.



                    (d)  Subsystem Qualification Testing. 

                         Subsystem qualification testing shall be

                         performed as directed by the appropriate

                         NASA Headquarters Program Office.



                    (e)  System Verification Analysis.  This

                         analysis shall be conducted to verify

                         compliance with security requirements in

                         system specification and to assess the

                         capability of the system as a whole to

                         counter the specified security threats

                         and contain associated vulnerabilities.



                    (f)  System Response Modeling.  System

                         response modeling shall be conducted. 

                         The inputs to these models include the

                         subsystem response models that have been

                         performed in the subsystem verification

                         analysis and modified to account for the

                         physical and functional interfaces

                         between subsystems.  Engineering

                         development testing is required to model

                         total response.



                    (g)  System Response Analysis.  System

                         response analysis shall be conducted

                         using the detailed adversary models of

                         the subsystem verification analysis and

                         the system response models.



          d.   Production and Deployment Phases.  The goal of the

               NSAP program during this phase is to ensure that

               defined security requirements are met in the

               operational system.



               (1)  Acceptance Testing.  Acceptance testing shall

                    be monitored and supported as necessary to

                    ensure Configuration Items (CI's), including

                    changes, meet security requirements.  Test

                    methods, as well as results, shall be

                    examined.



               (2)  Training.  Initial training on security

                    systems shall be monitored and analyzed to

                    ensure a system is adequate and that

                    personnel with appropriate skill levels can

                    operate and maintain the system.



               (3)  Program Management Responsibility Transfer

                    (PMRT) Support.  PMRT shall be supported as

                    necessary.  This support shall include the

                    following tasks:



                    (a)  Preparing the security portion of the

                         agreement to transfer program management

                         support to NASA.



                    (b)  Analyzing feedback from the operational

                         activity's experience in actually

                         operating the system.



               (4)  Product Security.  Security must be provided

                    for essential products at key assembly plants

                    and facilities.  NASA outlines protection

                    criteria for assembly plants, facilities, and

                    critical components not yet delivered.  The

                    contractor provides input to the Product

                    Security Programs and may be tasked to

                    include product security requirements in the

                    SSMP.  If this tasking is to take place after

                    contract formation, it must be done through

                    the contracting officer.  DID-l applies to

                    these requirements.  See Appendix R.



4905 DATA ITEM DESCRIPTION (DID)



     1.   Intended Use.  These DID's are used by NASA and NASA

          contractors for those programs that require selective

          application of acquisition protection program

          management.



     2.   Data Requirements.  When these DID's are used in an

          acquisition, the data requirements will all be

          developed as specified by an approved DID (see Appendix

          R) and delivered in accordance with instructions

          incorporated into the contract.  When the provisions of

          these data requirements are invoked, the data specified

          in Appendices R and S shall be delivered by the

          contractor in accordance with the contract or purchase

          order requirements.







            CHAPTER 50:  OPERATIONS SECURITY (OPSEC)



5000 BACKGROUND



     On January 22, 1988, the President signed National Security

     Decision Directive (NSDD) 298, which established a National

     OPSEC program and required executive departments or

     agencies, assigned or supporting national security missions

     with classified or sensitive activities, to establish a

     formal OPSEC program.  Agencies with minimal activities

     affecting national security are not required to establish a

     formal program; however, they must cooperate with other

     departments and agencies to minimize damage to national

     security when OPSEC problems arise.



5001 OBJECTIVE



     Security programs and procedures already exist to protect

     classified information.  However, items of information

     generally available to the public and certain detectable

     activities can reveal the existence of, and sometimes

     details about, classified or sensitive information or

     undertakings.  Such indicators may assist those seeking to

     neutralize or exploit U.S. actions in the area of national

     security.  OPSEC is a systematic and proven process through

     which the Government and its supporting contractors can

     promote operational effectiveness.  The process can deny

     potential adversaries information by identifying,

     controlling, and protecting generally unclassified evidence

     concerning the planning and execution of sensitive

     activities.



5002 POLICY



     1.   NASA Headquarters has few activities that could affect

          national security; therefore, it does not require a

          formally established organizational OPSEC program.



     2.   Some NASA Installations may now, or will at a later

          date, have programs which could require the application

          of OPSEC procedures.



     3.   NASA programs should be reviewed on a case-by-case

          basis for the possible inclusion of OPSEC in program

          security.



5003 RESPONSIBILITIES



     1.   The ICS's are responsible for the following activities:



          a.   Identifying, in conjunction with program managers

               and program security officials, projects which may

               require implementation of OPSEC measures.



          b.   Designing and implementing a project OPSEC plan,

               as required, through application of the following

               steps:



               (l)  Identification of critical information;



               (2)  Analysis of threat;



               (3)  Analysis of vulnerabilities;



               (4)  Assessment of risks; and



               (5)  Application of appropriate countermeasures.



          c.   Appointing an OPSEC coordinator to work closely

               with the program manager to ensure that OPSEC

               measures are considered at all stages of the

               project.



          d.   Submitting a copy of the project OPSEC plan to the

               NASA Security Office and to their Program Office

               Security Official.



     2.   The NASA Security Office is responsible for the

          following activities:



          a.   Representing NASA at the Interagency OPSEC Support

               Staff.



          b.   Reviewing OPSEC plans and making suggestions for

               changes or improvements if required;



          c.   Providing inter-Agency support and cooperation

               with respect to OPSEC programs;



          d.   Conducting a review of OPSEC procedures and

               projects to assist in the improvement of any OPSEC

               measures as part of the functional review program

               in coordination with the program security

               officials;



          e.   Coordinating OPSEC matters involving more than one

               NASA Installation; and



          f.   Furnishing OPSEC coordinators current threat

               information.



5004 PROGRAM DEVELOPMENT



     1.   The Interagency OPSEC Support Staff (IOSS) is tasked by

          the Executive Agent for Interagency OPSEC training,

          National Security Agency, to provide national level

          OPSEC training and act as a consultant to executive

          departments and agencies establishing OPSEC programs. 

          NASA Installations developing OPSEC programs may call

          upon this group for advice or assistance as necessary.



     2.   The IOSS OPSEC Program Development Procedural Guide

          serves as an excellent guide when establishing programs

          and is attached as Appendix T to this Handbook. 

          Appendix U defines appropriate terms.



     3.   To aid standardization of terms in NASA OPSEC programs,

          a glossary of OPSEC terms, definitions, and acronyms is

          included as Appendix F of this Handbook.  Installation

          Security Offices establishing OPSEC projects should

          adopt these terms whenever possible.



     4.   The Security Operations Section of the NASA Security

          Office will maintain national level liaison with other

          agencies involved with OPSEC and will act as a

          coordinator for contact with those agencies as

          requested.