NHB 1620.3C NASA Security Handbook


NASA                                        NHB 1620.3C, (PART 5)

HANDBOOK                         Effective Date  February 1, 1993

_________________________________________________________________



Responsible Office: JL



Subject:  NASA Security Handbook (PART 5 of 5)





PREFACE



APPENDIX M:   SECURITY LIGHTING





1.   REQUIREMENTS



     a.   Security lighting needs at each NASA Installation or

          facility depend on each situation and area to be

          protected.  Each situation requires careful study to

          provide the best visibility practical for security

          duties, such as identification of badges and people

          at gates, inspection of vehicles, prevention of

          illegal entry, detection of intruders outside and

          inside of buildings and other structures, and

          inspection of unusual or suspicious circumstances.



     b.   When such lighting is impractical, additional

          security posts, patrols, sentry dog patrols, or

          other security means may be necessary.



     c.   Lighting should not be used as a deterrent only.  It

          should be used on a perimeter fence line only where

          the fence is under continuous or periodic

          observation.



     d.   Lighting may be desirable for those sensitive areas

          or structures within the perimeter (property lines)

          that are under specific observation.  Such areas or

          structures include pier and dock areas, launch or

          test pads, vital buildings, storage areas, and

          vulnerable control points in communications, power,

          and water distribution systems.  In interior areas

          where night operations are conducted, adequate

          lighting of the area facilitates detection of

          unauthorized persons approaching or attempting

          malicious acts within the area.



2.   CHARACTERISTICS



     a.   Lighting is inexpensive to maintain and, when used

          properly, may reduce the need for security forces. 

          It may provide personal protection for security

          forces by reducing the advantages of concealment and

          surprise for a determined intruder.  Security forces

          thus relieved may be used to better advantage

          elsewhere.



     b.   Security lighting usually requires less intensity

          than work lighting, except for identification and

          inspection at portals and in emergencies.  Each

          Installation or facility presents its particular

          problem based on physical layout, terrain,

          atmospheric and climatic conditions, and protective

          requirements.  Data are available from the

          manufacturers of lighting equipment that will assist

          in designing a lighting system.  Included in these

          data are:



          (l)       Descriptions, characteristics, and

                    specifications of various incandescent,

                    arc, and gaseous discharge lamps;



          (2)       Lighting patterns of various luminaries;



          (3)       Typical layouts showing the most efficient

                    height and spacing of equipment; and



          (4)       Minimum protective lighting intensities

                    required for various applications.



3.   RESPONSIBILITY 



     a.   Each NASA security manager must determine perimeter

          lighting needs depending on the threat, perimeter

          extremities, surveillance capabilities, and the

          available security forces.  Protective lighting must

          be designed to effect the following:



          (l)       To discourage unauthorized entry;



          (2)       To detect intruders approaching or

                    attempting to gain entry into protected

                    areas;



          (3)       To operate continuously during periods of

                    reduced visibility; and



          (4)       To maintain and periodically test for use

                    during times of emergency, to include

                    standby lighting.



4.   PLANNING CONSIDERATIONS



     In planning a protective lighting system, the security

     manager must give specific consideration to the following

     areas:



     a.   Cleaning and replacement of lamps and luminaries,

          particularly with respect to costs and means (such

          as ladders and mechanical buckets), ensuring

          required equipment is available.



     b.   Advisability of including mercury and photoelectric

          controls.



     c.   The effects of local weather conditions on various

          types of lamps and luminaries.



     d.   Fluctuating or erratic voltages in the primary power

          source.



     e.   Requirement for grounding of fixtures and the use of

          a common ground on an entire line to provide a

          stable ground potential.



     f.   Establishment of a ledger to maintain a burning-time

          (80 percent) record based on the life expectancy of

          the lamp.  The ledger should contain the following

          as a minimum:



          (l)       Type and wattage of lamp;



          (2)       Area, facility, or utility pole used;



          (3)       Date of insertion; and



          (4)       Programmed date (based on life expectancy)

                    for extraction.



     g.    Security Areas



          (1)       All security areas should have protective

                    lighting on a permanent basis at perimeter

                    and access control points.  The lighting

                    must be positioned to prevent the

                    following:



               (a)       Temporarily blinding the guards with

                         glare.



               (b)       Silhouetting or highlighting the

                         guards.



          (2)       Lighting in these areas must be under the

                    control of the security force.



          (3)       The perimeter band of lighting must provide

                    a minimum intensity of .2 foot candles,

                    measured horizontally 15.24cm/6 inches

                    above ground level, at least 9.144m/ 30

                    feet outside the security area barrier. 

                    Lighting inside security areas should be of

                    sufficient intensity to enable detection of

                    persons in the area.  Lighting at entrance

                    control points must be of sufficient

                    intensity to enable guards to compare and

                    identify bearers and badges.



          (4)       Protective lighting systems should be

                    operated continuously during hours of

                    darkness.



          (5)       Protective lights should be used so that

                    the failure of one or more lights will not

                    affect the operation of remaining lights.



5.   PRINCIPLES OF PROTECTIVE LIGHTING



     Protective lighting should enable security force

     personnel to observe activities around or inside an area

     without disclosing their presence.  Adequate lighting for

     all approaches to an area not only discourages attempted

     unauthorized entry, but also can identify persons within

     the area.  However, lighting should not be used alone. 

     It should be used with other measures such as fixed

     security posts or patrols, fences, and alarms.  Other

     principles of protective lighting are listed below:



     a.   Good protective lighting is achieved by adequate,

          even light upon bordering areas, glaring lights in

          the eyes of the intruder, and relatively little

          light on security patrol routes.  In addition to

          seeing long distances, security forces must be able

          to spot an intruder who may be exposed to view for

          only a few seconds.  All of these abilities are

          improved by higher levels of brightness.



     b.   In planning protective lighting, higher brightness

          to contrast between intruder and background is an

          important consideration.  When the same amount of

          light falls on an object and its background, the

          observer must depend on contrasts in the amount of

          light reflected to discern an intruder's silhouette. 

          More light is needed to produce the same brightness

          around Installations and buildings with

          predominantly dark, dirty surfaces than when clean

          concrete, light brick, or grass predominate.  



     c.   When the intruder is darker than his background, the

          observer sees primarily the outline or silhouette. 

          Intruders who depend on dark clothing and even

          darkened face and hands may be foiled by using light

          finishes on the lower parts of buildings and

          structures.  Stripes on walls have also been used

          effectively because they provide recognizable breaks

          in outlines or silhouettes.

 

     d.   Two basic systems or a combination of both may be

          used to provide practical and effective lighting. 

          The first method is to light the boundaries and

          approaches.  The second is to light the area and

          structures within the general boundaries of the

          property.

          

6.   TYPES OF LIGHTING



     The type of lighting system to be used depends on the

     overall security requirements of the area concerned. 

     Lighting units of four general types are used for

     protective lighting systems: continuous, standby,

     movable, and emergency.



     a.   Continuous lighting (stationary luminary) is the

          most common protective lighting system.  It consists

          of a series of fixed luminaries arranged to flood a

          given area continuously during the hours of darkness

          with overlapping cones of light.  Two primary

          methods of employing continuous lighting are glare

          projection and controlled lighting:



          (1)       The glare projection lighting method is

                    useful where the glare of lights directed

                    across surrounding territory will not be

                    annoying nor interfere with adjacent

                    operations.  It is a strong deterrent to a

                    potential intruder because it makes it

                    difficult to see the inside of the area. 

                    It also protects the guards by keeping them

                    in comparative darkness and enabling them

                    to observe intruders at considerable

                    distances beyond the perimeter.  Glare

                    protection perimeter lighting may  be

                    inappropriate in some instances.



          (2)       Controlled lighting is best when it's

                    necessary to limit the width of the lighted

                    strip outside the perimeter because of

                    adjoining property or nearby highways,

                    railroads, navigable waters, or airports. 

                    In controlled lighting, the width of the

                    lighted strip can be controlled and

                    adjusted to fit the particular need, such

                    as illumination of a wide strip inside a

                    fence and a narrow strip outside; or

                    floodlighting a wall or roof.  But this

                    method of lighting often illuminates or

                    silhouettes security personnel as they

                    patrol their routes.



     b.   Standby lighting.  The layout of this system is

          similar to continuous lighting.  However, the

          luminaries are not continuously lighted, but are

          either automatically or manually turned on by the

          security force or alarm systems when suspicious

          activity is detected.



     c.   Movable lighting.  This type of system consists of

          manually operated, moveable searchlights that may be

          either lighted during hours of darkness or lighted

          only as needed.  The system normally is used to

          supplement continuous or standby lighting.



     d.   Emergency lighting.  This system may duplicate any

          or all of the above systems.  Its use is limited to

          times of power failure or other emergencies that

          render the normal system inoperative.  It depends on

          alternative power sources, such as installed or

          portable generators or batteries.



7.   OTHER LIGHTING



     a.   Fenced Perimeters



          (1)       Isolated fenced perimeters are fence lines

                    around areas where the fence is 30.48m/100

                    feet or more from buildings or operating

                    areas, and the approach area is clear of

                    obstruction for 30.48 m/100 feet or more

                    outside the fence and is not used by other

                    personnel.  Both glare protection and

                    controlled illumination are accepted for

                    these perimeters. Patrol roads and paths

                    should be kept unlighted.



          (2)       Semi-isolated fenced perimeters are fence

                    lines where approach areas are clear of

                    obstructio for18.288m/60 feet to 30.48m/100

                    feet outside the fence, and the general

                    public or Installation personnel seldom

                    have reason to be in the area.  Patrol

                    roads and paths should be kept in relative

                    darkness.



          (3)       Nonisolated fence perimeters are fence

                    lines immediately adjacent to operating

                    areas within the Installation or other

                    Installations, or to public thoroughfares,

                    where outsiders or Installation personnel

                    may move about freely in the approach area. 

                    The width of the lighted strip in this case

                    depends on the relative clear zone inside

                    and outside the fence.  It may not be

                    practical to keep the patrol area dark.



     b.   Building face perimeters consist of faces of

          buildings on or within 6.09m/20 feet of the property

          line or area to be protected, and where the public

          may approach the buildings.  Security forces may be

          stationed inside or outside the buildings.  Doorways

          or other insets in the buildings' face should

          receive special attention for lighting to eliminate

          shadows.



     c.   Active entrances for pedestrians and vehicles should

          have two or more lighting units with adequate

          illumination for recognition of persons and

          examination of credentials.  All vehicle entrances

          should have two lighting units positioned to

          facilitate complete inspection of passenger cars,

          trucks, and freight cars, as well as their contents

          and passengers.  Semi-active and inactive entrances

          should have the same degree of continuous lighting

          as the remainder of the perimeter, with standby

          lighting of sufficient illumination to be used when

          the entrance becomes active.  Gate houses at

          entrances should have a low level of interior

          illumination to enable guards to see better,

          increase their night vision adaptability and avoid

          making them targets.



          (l)       Open yards (defined as unoccupied land

                    only) and outdoor storage spaces should be

                    illuminated as follows:



               (a)       An open yard adjacent to a perimeter

                         should be illuminated in accordance

                         with the illumination requirements of

                         the perimeter.  Where lighting is

                         deemed necessary in other open yards,

                         illumination should not be less than

                         .2 foot candles at any point.



               (b)       Lighting units should be placed in

                         outdoor storage spaces to provide an

                         adequate distribution of light in

                         aisles, passageways, and recesses to

                         eliminate shadowed areas where

                         unauthorized persons may conceal

                         themselves.



          (2)       Piers and docks located on an Installation

                    should be safeguarded by illuminating both

                    water approaches and the pier area.  Decks

                    on open piers should be illuminated to at

                    least 1.0 foot candles and the water

                    approaches to at least .5 foot candles. 

                    The area beneath the pier floor should be

                    lighted with small wattage floodlights

                    arranged to the best advantage with respect

                    to piling.  Movable lighting capable of

                    being directed as required by the guards is

                    recommended as  part of the protective

                    lighting system for piers and docks.  The

                    lighting must not in any way violate marine

                    rules and regulations.  The U.S. Coast

                    Guard should be consulted for approval of

                    proposed protective lighting adjacent to

                    navigable waters.



          (3)       Critical structures and areas should be the

                    first consideration in designing protective

                    fencing and lighting.  Power, heat, water,

                    communications, explosive materials,

                    critical materials, delicate machinery,

                    areas where highly classified material is

                    stored or produced, and valuable finished

                    products need special attention.  Critical

                    structures or areas classified as

                    vulnerable from a distance should be kept

                    dark, and those that can be damaged close

                    at hand should be well lighted.  The

                    surroundings should be well lighted to

                    force an intruder to cross a lighted area,

                    and any walls should be lighted to a height

                    of 24.4384m/8 feet to facilitate silhouette

                    vision.



8.   WIRING SYSTEMS 



     Both multiple and series circuits may be advantageous in

     protective lighting systems, depending on the type of

     luminary used and other design features of the system. 

     The circuit should be arranged so that failure of any one

     lamp will not leave a large portion of the perimeter line

     or a major segment of a critical or vulnerable position

     in darkness.  Connections should be such that normal

     interruptions caused by overloads, industrial accidents,

     and building or brush fires will not interrupt the

     protective system.  In addition, feeder lines should be

     located underground to minimize the possibility of

     sabotage or vandalism from outside the perimeter.  The

     design should provide for simplicity and economy in

     system maintenance and should require a minimum of

     shutdowns for routine repairs, cleaning, and lamp

     replacement.  It is necessary in some instances to

     install a duplicate wiring system.



9.   MAINTENANCE



     a.   Periodic inspections should be made of all

          electrical circuits to replace or repair worn parts,

          tighten connections, and check insulation. 

          Luminaries should be kept clean and properly aimed.



     b.   Replacement lamps can be used in less sensitive

          locations.  The actuating relays on emergency lines,

          which remain open when the system is operating from

          the primary source, need to be cleaned frequently

          since dust and lint collect on their contact points

          and can prevent their operation when closed.



     c.   The intensity of illumination and specification for

          protective lighting for fences or other

          antipersonnel barriers should meet the minimum

          requirements.



10.  POWER SOURCES



     Power sources should meet the following criteria:



     a.   Primary - usually a local public utility.



     b.   Alternate - the following should be provided:



          (l)       Standby batteries or gasoline-driven

                    generators may be used.



               (a)       If cost-effective, a system should

                         start automatically upon failure of

                         outside power.



               (b)       Must ensure continuous lighting.



               (c)       May be inadequate for sustained

                         operations; therefore, additional

                         security precautions must be

                         considered.



               (d)       Tested to ensure efficiency and

                         effectiveness.  The frequency and

                         duration of the test depend on the

                         following factors:         



                     i.       Mission and operational factors.



                    ii.       Location, type, and condition of

                              equipment.



                    iii.      Weather (temperature affects

                              batteries very strongly).



          (2)       Located within a security area for

                    additional security.



          (3)       Generator or battery-powered portable

                    and/or stationary lights.



               (a)       For use in a complete power failure.



               (b)       Includes alternate power supply.



               (c)       Available at designated control points

                         for security personnel.



     c.   Security is a must.



          (l)       Starts at the points where feeder lines

                    enter the Installation or activity.



          (2)       Security emphasis goes to sources in terms

                    of mission essential/vulnerable activity.



          (3)       Continual physical security inspections of

                    power sources are required to determine

                    security measures and replacement of

                    equipment.







APPENDIX N:    ARREST AUTHORITY TRAINING CURRICULUM







SUBJECTS  LECTURE   EXAMPLE   TOTAL



Legal Studies33    2   35

     Constitutional Law  

     Criminal Law

     Title 18 U.S. Code

     Laws of Arrest & Detention

     Crimes Against Property

     Crimes Against Persons

     Jurisdiction

     Arrest Authority

     Probable Cause



Search & Seizure         6         2         8



Levels of Force          3                   3



Officer Ethics & Conduct      2                   2



Mechanics of Arrest           6         8          14

     Handcuffing Techniques

     Officer Survival & Safety

     Intermediate Force



Firearms Qualification        2         6           8



Psychology of Human Behavior       4                     4



Preliminary Interviews   2                     2



Terrorist Tactics        2                     2



TOTALS              60        18        78



ADMINISTRATIVE                                    10



GRAND TOTAL                                       88





The selected training contractor will be given latitude in the

formulation of courses to afford the Agency maximum benefit

from the expertise and experience of the instructors. One

concept of what courses should include, but not be limited to,

is as follows:



1.   LEGAL STUDIES



     This block of subjects will define, describe, and discuss

     various aspects of law as they directly apply to officers

     working within the framework of the Arrest Authority (AA)

     program.  The contractor will use the NASA Handbook (NHB)

     as a guide to an appropriate course of study.  The course

     will include two examinations on material presented.



2.   SEARCH AND SEIZURE



     This course will cover the concept, definition, and

     application of legal search without a warrant conducted

     incident to an arrest, and the proper control and

     inventory of property confiscated during that arrest.  It

     will include a 2-hour practical exercise on the safe and

     proper search of persons arrested.



3.   LEVELS OF FORCE



     This course will cover the different levels of force,

     such as Ordinary, Reasonable, and Deadly Force, and their

     application in compliance with NASA policies.



4.   OFFICER ETHICS AND CONDUCT



     This course will discuss the Law Enforcement Code of

     Ethics, the Federal Employees Code of Ethics, and the

     NASA Employees Code of Ethics and Conduct, as they apply

     to persons with AA.



5.   MECHANICS OF ARREST



     This course includes lectures and demonstrations of

     procedures and techniques necessary to effect a safe

     arrest.  It will cover subjects such as handcuffing,

     take-downs, control holds, and officer safety.  The 8-

     hour practical exercise and evaluation included gives

     students hands-on practice in these techniques.



6.   FIREARMS QUALIFICATION



     This course presents a 2-hour review of proper use of

     firearms and requires students to demonstrate their

     proficiency with handguns during a 6-hour practical

     exercise on a live-fire range.



7.   PSYCHOLOGY OF HUMAN BEHAVIOR



     The course discusses different types of human behavior

     and personalities, including their potential reactions to

     stressful and traumatic conditions.



8.   PRELIMINARY INTERVIEWS



     The course will cover the importance of knowing when and

     how  and who is to conduct an interview incident to an

     arrest and interviewing and report-writing techniques.



9.   TERRORIST TACTICS



     The course introduces the student to contemporary

     domestic terrorism threats from right- or left-wing

     groups or individuals and provides specifics of the

     domestic threat.



10.  PREREQUISITES



     a.   To preclude injury in strenuous portions of the

          course, students must report in top physical

          condition and maintain that level throughout the

          class.





     b.   Students must be completely proficient with handguns

          and have qualified in a federally accredited "live-

          fire" range program within the past 6 months.



     c.   Students should be trained thoroughly in the job

          specialty to which they will be assigned.



     d.   Because the course is short but intensive, full

          student cooperation is essential. Only persons

          willing and properly motivated to undergo this

          training should attend.  The Head Instructor will

          immediately remove from the course any student

          unwilling or unable to perform.



11.  MISCELLANEOUS



     a.   Class hours will be 50 minutes in length and will

          allow for breaks.



     b.   The normal workday will be 8:00 a.m. to 5:00 p.m. 

          Lunch breaks are 1 hour.



     c.   The first week of the course is a 6-day week with

          classes conducted on Saturday.



     d.   Indoctrination and "in processing" will be held the

          Sunday evening prior to the first Monday morning

          class.



     e.   Graduation is the last hour of the final day of the

          course.



     f.   Absences for reasons other than emergencies are not

          authorized. Students missing classes because of

          emergencies must make up the classes before

          graduating.



     g.   Successful completion of this course is required to

          receive AA. Students failing to complete the course

          may attend a subsequent course at the discretion of

          the funding Field activity and subject to

          availability of space in the class.  This course is

          designed to be "core" training required for everyone

          authorized with AA under the provisions of that

          program.  Additional training may be necessary to

          meet unique requirements for duty at a particular

          Field Installation.  That training is termed

          "Installation specific training" and is the

          responsibility of the Field Installation.







APPENDIX O:   HANDGUN QUALIFICATION COURSE





WEAPON    Revolver or Semiautomatic pistol

TARGETS   B-27 and B-34 silhouettes

TOTAL ROUNDS   60

SCORING   5 point system (maximum score 300)

QUALIFICATION  210 (70 percent)





Stage     I.   (3m/3-yard line) - 6 rounds total.



          1.   Draw and fire 2 rounds in 3 seconds (repeat

               twice).





Stage     II.  (6m/7-yard line) - 6 rounds total.



          1.   Draw and fire 2 rounds center mass, 1 round head

               in five seconds (repeat once).





Stage     III  (6m/7-yard line) - 6 rounds total.



          1.   With weapon in weak hand and in low ready

               position fire 2 rounds center mass with 1 hand

               in 4 seconds (repeat twice).





Stage     IV   (9m/10-yard line) - 12 rounds total.



          1.   Draw and fire 2 rounds in 4 seconds and come to

               low ready position.



          2.   Fire 2 rounds from the low ready position in 3

               seconds.



          3.   Draw and fire 2 rounds, reload and fire 2 rounds

               and reholster (revolvers - 12 seconds,

               semiautomatics - 10 seconds).



          4.        Draw and fire 2 rounds in 4 seconds and

                    come to the low ready position.



          5.   Fire 2 rounds in 3 seconds.





Stage     V    (14m/15-yard line) - 12 rounds total.



          1.   From standing to kneeling position, fire 2

               rounds in 5 seconds.



          2.   Same as above.



          3.   Standing, fire 2 rounds, reload, move to

               kneeling and fire 2 rounds and reholster

               (revolvers - 14 seconds, semiautomatics - 12

               seconds).



          4.   Standing, draw and fire 2 rounds in 5 seconds

               and come to low ready position.



          5.   Fire2 rounds in 3 seconds.





Stage     VI   (23m/25-yard line) - 12 rounds total.



          1.   Standing, draw and fire 2 rounds from left side

               of barricade in 5 seconds.



          2.   Standing, draw and fire 2 rounds from the right

               side of barricade in 5 seconds.



          3.   Standing to kneeling, fire 2 rounds from the

               left side of barricade, reload and fire 2 rounds

               from right side of barricade  (revolvers - 15

               seconds, semiautomatics - 12 seconds).



          4.   Standing to prone, fire 2 rounds in 10 seconds.



          5.   Same as paragraph 2 above.





Stage     VII  (46m/50-yard line) - 6 rounds total



          1.   Standing, fire 2 rounds from barricade in 8

               seconds.



          2.   Standing to kneeling, fire 2 rounds from

               barricade in 10 seconds.



          3.   Standing to prone, fire 2 rounds in 12 seconds.







APPENDIX P:    MISSING/STOLEN GOVERNMENT PROPERTY REPORT





1.   GOVERNMENT CUSTODIAN 



     (a)       Month/Year, e.g., 1/90. 



     (b)       NASA #., e.g., 129888. 



     (c)       Item, e.g., IBM Model 80 CPU. 



     (d)       Value, e.g., $5,800. 



     (e)       Source, e.g., Survey Rep. or telephone. 



     (f)       Value Recovered, e.g., $5,800. 



     (g)       Value Loss, e.g., $0.00. 

     

     (h)  Investigative Time, e.g., 10 man-hours. 



     (i)       Cumulative Value, e.g., 5,800. 



     (j)       Cumulative Value Recovered, e.g., $5,800. 



     (k)       Cumulative Value Loss, e.g., $0.00. 



     (l)       Cumulative Investigative Time, e.g., 10 man-

hours.



2.   BASE OPERATING CONTRACTOR CUSTODIAN



     (a)       Month/Year, e.g., 1/90. 



     (b)   NASA #., e.g., 134111.



     (c)       Item, e.g., Portable Power Generator. 



     (d)       Value, e.g., $9,000. 

     

     (e)       Source, e.g., Telephone or Survey Rep. 



     (f)       Value Recovered, e.g., $0.00. 



     (g)       Value Loss, e.g., $9,000. 



     (h)  Investigative Time, e.g., 3 man-hours. 



     (i)       Cumulative Value, e.g., 9,000. 



     (j)       Cumulative Value Recovered, e.g., $0.00 



     (k)  Cumulative Value Loss, e.g., $9,000. 

     

     (l)  Cumulative Investigative Time, e.g., 3 man-hours.



3.   INSTALLATION MONTH'S CUMULATIVE TOTALS



     (a)       Cumulative Value, e.g., $14,800. 



     (b)       Cumulative Value Recovered, e.g., $5,800. 



     (c)       Cumulative Value Loss, e.g., $9,000. 



     (d)       Cumulative Investigative Time, e.g., 13 man-

hours. 



     (e)       Investigative Time, e.g., 13 man-hours.







APPENDIX Q:   NASA SERIOUS INCIDENT REPORT FORMAT





TO:  J/Associate Administrator for Management Systems and

     Facilities

     J/Deputy Associate Administrator for Management Systems

     and Facilities

     JI/Director, Logistics, and Security Division

     JIS/Chief, NASA Security Office



FROM:     Installation Security Chief



SUBJECT:       NASA Threat and/or Incident Report



1.   Recipient evaluation of threat/incident criticality

     (SIGNIFICANT - IMPORTANT - ROUTINE).



2.   Date/Time report was received by NASA: 



3.   Report received from:  (Name-agency-location-telephone).



4.   Date/Time/Location of Incident:



5.   NASA Installations involved/impacted:



6.   Summary of Threat/Incident:  (Who-What-When-Where-Why-

     How).



7.   Responses to Threat/Incident:



     a.   Actions Completed:  (Including notifications made)

     b.   Action in Progress (Including notifications)

     c.   Actions Pending/Anticipated:  (Including

          notifications)



8.   Employment of Resources:



     a.   NASA (Security Office-IG-AIS Managers-Others)



     b.   Local, State, Federal Agencies



     c.   Note which agency has assumed

          control/responsibility.



9.   Coordination with NASA Public Affairs Office: 

     (Anticipated Media response/ interest).



10.  Actions for NASA Senior Management:



11.  Security comments/evaluation of report/recommendations.



PRIMARY POINT OF CONTACT:







APPENDIX R:   DATA ITEM DESCRIPTIONS (DID)



DATA ITEM DESCRIPTION - 1



TITLE:



SYSTEM ACQUISITION PROTECTION MANAGEMENT PLAN (SAPMP)



DESCRIPTION/PURPOSE:



Outlines and defines the contractor's System Acquisition

Protection Management Program (SAPMP).  The SAPMP describes

the methods used to (l) identify security requirements, (2)

synthesize and evaluate proposed solutions, and (3) provide

security inputs to the system acquisition process. Specific

paragraphs from the preparation instructions below may be

cited to satisfy limited program requirements.



APPLICATION/INTERRELATIONSHIP:



Security Vulnerability Analysis is used with this Data Item

Description (DID) when paragraphs 6b through 6g are cited.



PREPARATION INSTRUCTIONS:



The SAPMP shall include the following:



1.   Applicable Documents.   A list of documents that apply as

     a directive or guidance during execution of the SAPMP.  

     These documents include pertinent legal, regulatory, and

     other published or draft security contract requirements

     applicable to the system under development.  System

     acquisition protection requirements and objectives are

     drawn from these documents.



2.   Purpose.   Self explanatory.  Explain principles and

     approaches applied to the system acquisition protection

     program that are departures from these requirements.



3.   Organization.   Describe the organizational placement and

     manning of the contractor's security and acquisition

     protection management organization.  Use charts or

     diagrams to show organizational and functional

     relationships.



4.   SAPMP.   Describe the activities planned to satisfy

     system acquisition protection program objectives.  Use

     charts and/or diagrams to illustrate the program's

     functional interfaces, engineering and design

     requirements, activity milestones, management process,

     and levels of effort for each program phase.



5.   Program Data Flow.  Illustrate the manner in which basic

     program data flows.  Ensure the system acquisition

     protection organization maintains continuous review of

     all program efforts and makes inputs to decisionmaking

     processes.



6.   System Acquisition Protection Functions.   Describe the

     principal functions and specific tasks to be performed

     and their assignment within the system security and

     acquisition protection organization. Integrate all

     security disciplines tasked in the Statement of Work. The

     following security disciplines should be included as a

     minimum:



     a.   Establishing the Security Requirements and

          Objectives Baseline. Describe how security

          regulations and other program guidance will be

          identified, evaluated, and synthesized into a set of

          system acquisition protection requirements and

          objectives. Illustrate how these requirements and

          objectives will be used to measure the effectiveness

          of security system arrangements and how required

          policy revisions to NASA security programs will be

          processed.  Include applicable information,

          personnel, industrial, operations, product,

          communications, and physical security,

          survivability, anti-terrorism, and

          counterintelligence aspects.



     b.   Threat Analysis.  Describe how the threat analysis

          will be evaluated and integrated, along with

          adversary program objectives.



     c.   Conducting the Adversary Program Analysis and

          Constructing the Preliminary Threat Logic Tree.  

          Describe the technical and analytical methods used

          to identify criteria for success in adversary

          program objectives and to synthesize threat models.

          Scope system security technology research tasks and

          explain how this research will be documented.



     d.   Applying Threat Rejection Logic and Documenting the

          Initial Threat Logic Tree.   Describe how

          quantitative and qualitative values will be

          established for threats and countermeasures and the

          method used to document threat rejection logic.



     e.   Synthesizing Countermeasures.   Describe the process

          by which countermeasures will be synthesized. 

          Explain how this activity and the security system

          synthesis and evaluation task will be coordinated.



     f.   Adversary Vulnerability Measurement.   Describe

          fully the method used to identify and conduct

          quantitative and qualitative analysis of risks

          associated with each adversary program objective. 

          Include the application of candidate countermeasures

          and the manner in which preferred countermeasures

          will be selected and documented.



     g.   Computing and Constructing the Summary Threat

          Matrix. Describe how the completed Threat Logic Tree

          will be analyzed and system security effectiveness

          computed.  Include the method used to document the

          Summary Threat Matrix.



     h.   Integrating Security Functions with the System

          Engineering Process.   Describe the process by which

          security inputs will be applied to system functional

          design, requirements allocation, trade-off study,

          and design specification process.



     i.   Security System Synthesis and Evaluation.   Describe

          the method by which security system hardware,

          facilities, procedures, and personnel subsystems

          will be synthesized and evaluated.  Specify the

          scope and type of research to be conducted of

          existing material.  Include techniques to evaluate

          their applicability to security requirements.



     j.   Test and Evaluation.   Describe the process used to

          identify security test requirements and proposed

          test methods.



     k.   Configuration Control.   Describe the manner in

          which system security engineering efforts will be

          integrated with system configuration control

          activities.  Explain how proposed changes to the

          system will affect security efforts.



     1.   With Other Contractors.   Outline the methods by

          which system acquisition protection efforts of

          associate system contractors, subcontractors, and

          vendors will be integrated within the SAPMP.



     m.   System Installation and Check-out.   Describe how

          SAP, Industrial, and Product Security efforts will

          be coordinated to ensure no security vulnerability

          is created during system installation and check-out.



     n.   Product Security.   Describe how major system

          components/ products will be secured at the

          contractor's assembly plants. Explain the security

          manpower, facilities, equipment and procedures to be

          used.  Include product security interface with

          associate contractors, subcontractors, and vendors.



7.   Other.   Present any other information and

     recommendations determined necessary to satisfy the

     requirements of the Statement of Work.



DATA ITEM DESCRIPTION - 2



TITLE:



PRELIMINARY SYSTEM ACQUISITION PROTECTION CONCEPT (PSAPC)



DESCRIPTION/PURPOSE:



This Data Item Description (DID) is used by the contractor to

prepare the Preliminary System Acquisition Protection Concept

(PSAPC).



APPLICATION/INTERRELATIONSHIP:



Security Vulnerability Analysis is used with this DID when

paragraphs 5f through 5j are cited.



PREPARATION INSTRUCTIONS:



The PSAPC shall include the following information:



1.   Program Data



     a.   Title.  Include the complete PSAPC title.



     b.   Submitting Installation.  List the name and address

          of the NASA Center submitting the report and the

          name and telephone number of a project officer or

          point of contact.



     c.   Contract Citation.  Identify the contract number and

          date as listed by NASA.



     d.   Security Tasks.  Briefly describe major security

          tasks cited in the Statement of Work and related

          contract documents.



     e.   Distribution.  List the names and addresses of

          government organizations and contractors receiving

          copies of this concept.  If necessary, list them in

          an appendix and make reference to it here.



2.   System Concept



     a.   Description.  Briefly describe the system and its

          major components.  Cite separate configurations for

          initial operational capability (IOC) and full

          operational capability (FOC), if different.

     

     b.   Performance Requirements.  Cite the major

          performance and deployment criteria listed in the

          applicable Statements of Work and other related

          contract documents that affect security.



     c.   Reliability and Maintainability.  Identify security

          issues affecting system reliability, logistics

          reliability, availability, and maintainability.



     d.   System Survivability.  Show self-protection

          capabilities or subsystem designs that may enhance

          security (e.g., devices against tampering and

          spoofing, chemical or biological radiation hardness,

          nuclear hardness, nuclear and non-nuclear

          electromagnetic pulse hardness, and use of passive

          detection technology).



     e.   Preplanned Product Improvements.  Describe

          provisions or security implications for subsystem

          growth or improvements such as modifications and

          upgrades.



3.   Security Subsystem Employment Data



     a.   General Employment Description.  Describe how,

          where, when, and what security subsystems will be

          used and how they will be integrated with the

          system(s) they support.



     b.   Management Structure.  Describe the management data

          that must be exchanged.  Explain how security

          subsystems will be integrated into the management

          structure projected to exist when it is deployed.



     c.   Information Systems.  Identify other information

          that must be exchanged between this subsystem and

          other systems, subsystems or components.  Cite the

          expected length of each communication link,

          anticipated flow rate across each link, required

          availability of each link, and so forth.



     d.   Security Subsystem Standardization,

          Interoperability, and Commonality.  Describe

          requirements for joint interface and

          interoperability with existing systems and

          subsystems. Identify procedural and technical

          interface standards incorporated in subsystem

          design.



     e.   Operational Environment.  Describe climatic and

          atmospheric environmental effects and

          considerations.  If applicable, define the chemical

          and biological environment in which equipment must

          function.



4.   Security Subsystem Support



     a.   Maintenance Planning.  Outline the actions, support,

          and documentation necessary to establish maintenance

          concepts and requirements.  Include maintenance

          tasks to be accomplished for on-and-off-equipment

          maintenance; and NASA and contractor mix, workloads,

          and time phasing for depot maintenance.  Explain the

          management strategies for selecting and integrating

          contractor and government furnished equipment.



     b.   Manpower and Personnel.  Outline the projected

          manpower requirements envisioned to support this

          subsystem(s).  Include such items as civil service

          job-series codes and skill levels required and time-

          phased reporting.



     c.   Supply Support.  Show the proposed approach for

          providing initial support and acquiring,

          distributing, and replenishing inventory spares and

          repair parts.



     d.   Support Equipment.  Identify equipment required to

          support this subsystem(s).  Include ground handling

          and maintenance equipment, tools, metrology and

          calibration equipment, and related computer hardware

          and software.



     e.   Training and Training Devices.  Describe the

          training support concept from security subsystem

          design through deployment. Identify the office

          responsible for developing and conducting each phase

          of training.  Show inventory items and training

          devices by projected type, number, use, and

          locations required. Outline initial and recurring

          training requirements by location, type, specialty,

          and fiscal year.



     f.   Computer Resources Support.  Define special computer

          program documentation, related software, source

          data, facilities, hardware, etc., required for

          subsystem support.



     g.   Facilities.  Specify facility, shelter, and housing

          external to system-designed survivability features.



     h.   Packaging, Handling, Storage, and Transportation. 

          Describe the requirements, resources, processes,

          procedures, design considerations, and methods to

          ensure security subsystems are properly preserved,

          packaged, handled, and transported.



     i.   Related Support Factors.  Describe those pertinent

          support factors, considerations, or requirements not

          covered elsewhere, but deemed important to the

          effectiveness of the security system.



5.   General Provisions for System Security.  Address the

     following security issues relative to overall system

     deployment and operation:



     a.   Threat Assessment.  Address security threats to the

          system for design, development, and production at

          IOC and throughout its projected life.  Include

          foreign government capabilities, peace and wartime

          threats, and system-unique vulnerabilities.  Make

          reference to government threat documents.  In

          addition, cite requirements for threat analysis and

          security vulnerability assessments.



     b.   Security Force and Procedural Requirements.  These

          apply to operations in support of the physical

          security program.



     c.   Security Personnel, Facility, and Equipment

          Requirements.  Expressed in the quantities, type,

          and configuration necessary to support the system

          when deployed.



     d.   Emergency Security Response Planning.  Reflects the

          general design of the security force posture

          calculated to produce the greatest invulnerability

          to terrorism, sabotage, overt, and covert

          penetration.  It is supported by the threat and

          vulnerability assessments cited in 5a, above.  In

          addition, briefly describe how a security reporting

          and alerting system will be implemented.



     e.   Security Priorities for all Applicable Systems and

          Components. Include security priorities for all

          operational phases, including maintenance.  Explain

          how waivers, exceptions, and variances to security

          criteria will be identified, submitted, approved,

          and corrected.



     f.   Security Requirements from Related Security

          Disciplines. Include applicable information,

          personnel, product, industrial, operations,

          communications and electronic security and

          survivability, anti-terrorism and

          counterintelligence aspects.



     g.   Facility and Equipment Requirements.  The following

          items   are incorporated into the system to support

          system security: 



          (l)       The security control facility, surveillance

                    and control facility, security force

                    response facility, and entry control

                    facilities.



          (2)       Barrier systems and warning signs.



          (3)       Alarm annunciation and display equipment.



          (4)       Security force armament and duty equipment.



          (5)       Security force communications.  Include

                    fixed, portable and landline requirements.



          (6)  Interior and exterior intrusion detection

               systems.



     h.   Personnel Standard.   Identifies security force

          requirements for normal operations.



     i.   Security Force Logistics and Material Requirement. 

          Includes vehicles and associated equipment, special

          purpose equipment, training aids, tool kits,

          nonstandard armament, and so forth.



     j.   System Entry Control Requirements for All Restricted

          Areas. Includes:



          (l)       General criteria and unique requirements

                    for entry control.



          (2)       Qualification requirements for the various

                    categories of people who must enter.



          (3)  Personnel clearance and investigative

               requirements.



          (4)  Special training or briefing and debriefing

               requirements.



          (5)       Authentication and duress code techniques

                    and procedures.



          (6)       Dispatch Control Procedures.  Unattended or

                    minimally staffed locations.



          (7)       Description.   Badge system, emergency

                    procedures, and personnel escort

                    requirements.



DATA ITEM DESCRIPTION - 3



TITLE:



SECURITY VULNERABILITY ANALYSIS



DESCRIPTION/PURPOSE:



Provides the result of contractor's actions in quantitatively

and qualitatively defined system security functional

requirements and residual security vulnerabilities.  It will

be classified no lower than Secret NOFORN or Secret Restricted

Data, as applicable.



APPLICATION/INTERRELATIONSHIP:



This Data Item Description (DID) contributes to the

survivability/ vulnerability analyses.  It contains the

content preparation instructions for data generated under NASA

Management Instruction                                .



PREPARATION INSTRUCTIONS:



1.   The contractor will prepare a report summarizing the

     security vulnerability analysis, including the threat

     analysis, adversary program analysis, and the adversary

     vulnerability measurement process.  The report will

     include, as a minimum:



     a.   A preface with narrative description of the system.

          Information concerning each form of external overt

          or covert method of penetration against the system

          considered during system development.



     b.   Threat models in Threat Logic Tree format showing

          their transition from preliminary to initial Threat

          Logic Trees and thereafter into Summary Threat

          matrix form.



     c.   Rationale used for threat rejection in developing

          the initial Threat Logic Tree.



     d.   An evaluation of the conditional probabilities for

          achieving each adversary program objective.



     e.   An assessment of security vulnerabilities related to

          information, personnel, industrialization,

          operations, communications, physical, computer and

          product security, and TEMPEST.



DATA ITEM DESCRIPTION - 4



TITLE:



ADVERSARY PROGRAM ANALYSIS



DESCRIPTION/PURPOSE:



This Data Item Description (DID) is used by the contractor to

quantitatively describe how potential adversaries may attack

the system.



APPLICATION/INTERRELATIONSHIP:



This DID contains the content preparation instructions for

that data generated under the task described by 4c(2)(a) of

Attachment 1, NASA Management Instruction 2410.7.



PREPARATION INSTRUCTIONS:



1.   The adversary program analysis will include:



     a.   Development of adversary program scenarios. 

          Information resulting from the threat analysis

          (conceptual phase) will be used as the basis for the

          scenarios.  For each program objective, the

          contractor should describe a set of approaches (a

          scenario) that potential adversaries could use to

          accomplish that objective.



     b.   Adversary success criteria should be estimated.  The

          estimates will be prerequisites for system

          vulnerabilities.



     c.   Adversary models shall be synthesized and used as a

          basis for evaluating security technologies and

          accomplishing trade-off analysis.



DATA ITEM DESCRIPTION - 5



TITLE:



SYSTEM/SUBSYSTEM SPECIFICATION



DESCRIPTION/PURPOSE:



The System/Subsystem Specification (SS) is a technical

document prepared for systems personnel that provides

environment and design elements to provide guidance to the

program design effort.



APPLICATION/INTERRELATIONSHIP:



An SS may be prepared to guide the development of large

projects.  If the system breaks down readily into subsystems,

this document may be used to prepare individual subsystem

specifications.



PREPARATION INSTRUCTIONS:



The System/Subsystem Specification shall meet the content and

format requirements of NASA Management Instruction 2410.7 and

NASA Handbook 2410.1.



DATA ITEM DESCRIPTION - 6



TITLE:



SYSTEM ACQUISITION PROTECTION STANDARD



DESCRIPTION/PURPOSE:



This Data Item Description (DID) is used to implement NASA

systems acquisition protection program operations and

procedures and as the basis for NASA security workforce,

facility, and equipment authorizations.



APPLICATION/INTERRELATIONSHIP:



In this section, explain that the proposed system acquisition

protection standard is submitted through the program office

(or designated manager) for transmittal to NASA HQ/JIS. 

Explain further that the program office requires the proposed

standard no later than 12 months before the system initial

operating capability (IOC). 



PREPARATION INSTRUCTIONS:



This section directs the contractor to prepare and document a

proposed system acquisition protection standard.  Explain that

this standard must reflect the results of analyses and

decisions made during the execution of the SAP portion of the

Statement of Work (SOW).  Explain further that its contents

must be organized and captioned according to the following

format:



1.   Cover Page.   On this page, give the title of the system,

     state the purpose of the standard, and list the contents

     of the standard, the office of primary responsibility

     (OPR), and the distribution of the standard.



2.   Chapter l-Security Priorities and Concepts.   This

     Chapter briefly describes the system and its planned

     operational environment.  It specifically identifies

     system characteristics that generated special safety

     requirements for the protection of operating,

     maintenance, and security personnel.  It also includes a

     classification statement if necessary.



3.   Chapter 2-General Provisions for Standards.  This Chapter

     covers the following Provisions for Standards:



     a.   Security requirements that apply to normal day-to-

          day aerospace security support.



     b.   Resource applicability, which gives the basis for

          funding, equipment, staffing, and personnel actions.



     c.   Security posture design, which reflects the general

          design of the force posture calculated to produce

          the greatest invulnerability to overt or covert

          attack.  It is supported and based on the

          vulnerability analysis.



     d.   Priority resources.



     e.   Personnel security.



     f.   Physical security and facility requirements, which

          detail the physical security facilities that are

          incorporated into the system.  For example, this

          section describes:



          (l)       The central security control building.



          (2)       Personnel and vehicle entry control

                    facilities.



          (3)       Barrier systems.



          (4)       Restricted area signs.



          (5)       Alarm annunciation and data display

                    equipment.



          (6)       Ordnance for aerospace security forces.



          (7)       Security communications.



          (8)       Intrusion detection systems.



     g.   Standards for security of priority resources, which

          contain facility, personnel, equipment, and

          procedural standards that apply to management

          systems designated as priority resources.



     h.   Manpower standard, which identifies and justifies

          security personnel requirements based on optimum

          environmental and normal system operating

          conditions.  The operating activity identifies local

          variations in site layout and in climatic

          conditions, which need not be treated in this

          section.



     i.   Security logistics support, which justifies

          logistical and material support.  Subparagraphs to

          this section identify requirements for:



          (l)       Vehicles (type, number, and use).



          (2)  Communications (radio [fixed, portable, remote,

               or vehicular], telephone, landline, etc.).



          (3)  Specialized equipment (tool kits, training aids,

               etc.).



     j.   Security entry control procedures, which describe

          how to enter restricted areas that contain critical

          system components and facilities.  These procedures

          include ways to physically control entry into

          critical facilities at remote or unattended sites,

          and ways to control the information individuals need

          to gain entry. Personnel who have a need to enter

          must positively identify themselves, by means of

          secure communications, to the agency that is

          monitoring security of the facility.  If they

          properly identify themselves, then the monitoring

          agency will operate the entry system by remote

          control or will give entering personnel the

          information they need to operate mechanical entry

          control systems at the site.  However, if personnel

          do not properly identify themselves, then the

          security reaction system will respond, which may

          mean that selective or controlled penalty techniques

          are imposed. 



          These procedures may also rely on built-in

          deterrence capabilities of the facility.  Security

          entry control procedures also include:



          (l)  General criteria and unique requirements for

               entry control.



          (2)  Qualification standards for the various

               categories of personnel who need to enter or to

               have access.



          (3)  Personnel clearance and investigative

               requirements for such personnel.



          (4)       Special training or briefing and debriefing

                    requirements. Personnel deployed in support

                    of the system are trained to recognize,

                    report, and respond properly to alarms.

                    Training programs for all categories of

                    personnel within the personnel subsystem

                    include security procedures based on the

                    premise that an attack can take place at

                    any time.



          (5)       Code and duress code techniques and

                    procedures.



          (6)       Dispatch control procedures (apply to only

                    unattended sites) that make sure that both

                    the right and the need for persons to enter

                    and to have access have been officially

                    established and that personnel who are

                    dispatched possess the material or

                    knowledge needed to gain entry or access at

                    their destination.



          (7)       Emergency procedures.



          (8)       Badge systems in effect.



          (9)       Personnel escort requirements.



     k.   Security force reaction procedures, which tell how

          the security force or the expanded force will react

          under normal or emergency conditions to security

          alarms or other situations that need a response. 

          The measure of effectiveness of any response is

          whether or not the threat is eliminated, and the

          secure environment is preserved or restored.  To

          achieve this goal, these procedures tell how to

          respond to violations of system parts that are

          vulnerable to attack.  Before developing these

          procedures, determine the following conditions:



          (l)  The inherent vulnerabilities of the system.



          (2)  The probable nature and effect of attacks on the

               system.



          (3)  Who will decide when to initiate a response,

               notify the control agency, and monitor the

               situation.



          (4)  Whether or not the responding elements are

               thoroughly familiar with the extent of their

               authority to use force, to challenge, and to

               take into custody persons who violate the

               security of the system.



          (5)  How civil law enforcement and investigative

               agencies can help.  Is the relationship between

               responding elements and the local population

               clearly set?



          (6)  If armed mobile response forces are needed.



          (7)  Where the resources available for immediate

               response are currently located and what

               communications they have for getting response

               directions.



          (8)  Whether or not a central agency must be set up

               to control and direct security response

               procedures.



          (9)  If the control agency will have detailed alarm

               information in time to respond effectively.



          (10)      If the response force can use all vehicles

                    (on land, at sea, or in the air).



     l.   The security reporting and alerting system, which

          details an effective high-speed security reporting

          and alerting communications network that permits a

          substantial counteraction against widespread

          coordinated enemy clandestine operations.  This

          system is associated with priority resources.  This

          section should specify how each level of management

          will collect, transmit, display, store, and evaluate

          information.



     m.   The waivers, exceptions, and variances, which detail

          an effective system for identifying, submitting and

          approving, or correcting deficiencies that could not

          be corrected during the full-scale engineering

          development phase.



     n.   Planning, which covers details for day-to-day

          operations in support of the system.  This section

          provides general guidelines for the system security

          plan, center security regulations, and combined

          operating instructions.  The centers security plan

          serves as a basis for developing effective NASA

          system security operations at centers and sites

          where such resources to be protected are located. 

          It defines basic objectives and depicts the general

          design of the operations.



     o.   Inspections, which detail security evaluation

          criteria and procedures and set up minimum

          acceptable time and performance criteria for

          security exercises and tests.  These inspections are

          used to evaluate the effectiveness of each

          activity's security program.



4.   Chapter 3-Security Response Actions.   This chapter

     covers the means by which the security force adjusts to a

     situation or event that necessitates enhancement of or a

     dramatic change to the normal security posture.  These

     situations or events may be actual or anticipated hostile

     ground actions, air attack, natural disaster, civil

     disturbances, political tensions, or terrorists' attacks. 

     This Chapter includes formal planning criteria and

     minimum security requirements, which may consist of

     additional security facilities, equipment, and personnel.



5.   Chapter 4-Other Essential or Unique Security Elements.  

     This Chapter covers all essential system-unique

     requirements not covered elsewhere.  It identifies

     program-essential unique facilities and equipment and

     support requirements and established security

     requirements for these resources.







         APPENDIX S:  DATA ITEM DESCRIPTION (DID) FORMAT



DATA ITEM DESCRIPTION



1.   Title



2.   Identification No.



3.   Approval Date 



4.   Office of Primary Responsibility (OPR)/(MMDDYY)

     Action Officer/Phone Number



5.   Concurrences (Office Codes)



6.   Approval Limitation



7.   Preparation Instructions



8.   Distribution/Distribution Statement







                APPENDIX T:  OPSEC PLANNING GUIDE



1.   BACKGROUND



     a.   The President signed the National Security Decision

          Directive (NSDD) establishing the National

          Operations Security (OPSEC) Program on January 22,

          1988.  The NSDD requires each executive department

          and agency assigned or supporting national security

          missions with classified or sensitive activities to

          establish a formal Operations Security (OPSEC)

          program.



     b.   The responsibility for the development,

          implementation, and maintenance of the OPSEC program

          rests with the head of each executive department or

          agency.  The NSDD requires heads of executive

          departments and agencies to assume the following

          responsibilities:



          (1)       Establish organizational OPSEC programs;



          (2)  Issue, as appropriate, OPSEC policies,

               procedures, and planning guidance;



          (3)       Designate departmental and agency planners

                    for OPSEC; and



          (4)       Advise the National Security Council (NSC)

                    on OPSEC measures required of other

                    executive departments and agencies to

                    achieve and maintain effective operations

                    or activities.



     c.   Each OPSEC program is to have the following common

          features:



          (1)       Specific assignment and responsibility for

                    OPSEC direction and implementation.



          (2)       Specific requirements to plan for and

                    implement OPSEC in anticipation of and,

                    where appropriate, during departmental or

                    agency activity.



          (3)       Direction to use OPSEC analytic techniques

                    to assist in identifying vulnerabilities

                    and to select appropriate OPSEC measures.



          (4)       Enactment of measures to ensure that all

                    personnel, commensurate with their

                    positions and security clearances, are

                    aware of hostile intelligence threats and

                    understand the OPSEC process.



          (5)       An annual review and evaluation of OPSEC

                    procedures in order to assist in the

                    improvement of OPSEC programs.



          (6)  Provision for interagency support and

               cooperation with respect to OPSEC programs.



               Note:  The NSDD also directs the establishment

               of the Interagency OPSEC Support Staff (IOSS) to

               act as a consultant to executive departments and

               agencies in establishing OPSEC programs, and

               OPSEC surveys, and analyses.



2.   NATIONAL OPSEC PROGRAM OBJECTIVES



     a.   Implement an OPSEC program within the department or

          agency in satisfying NSDD requirements and instruct

          subordinate organizations on their responsibilities

          within the departmental or agency program.



     b.   Create a departmental or agency program with

          sufficient flexibility to allow each subordinate

          organization to establish a program suitable to its

          structure and mission.



     c.   Provide awareness and training programs to ensure

          all personnel, commensurate with their position and

          security clearances, are aware of the adversaries'

          capabilities and understand the OPSEC process. 

          Ensure that heads of subordinate organizations

          implement awareness and training that is relevant to

          their assigned missions and, where possible, use

          case studies or lessons-learned as key instructional

          tools.



     d.   Ensure that OPSEC is addressed from initiation

          through all planning, programming, and budgeting

          actions.



     e.   Designate an OPSEC Program Manager for the

          department or agency and ensure that each

          subordinate organization designates an individual as

          the OPSEC Coordinator and establishes sufficient

          work groups to maintain the program.



     f.   Identify those areas, activities, functions, data,

          or information about an activity or facility of the

          department or agency deemed most important to keep

          from an adversary, i.e., core secrets, critical

          information, sensitive operations.



     g.   Identify adversaries who could use the critical

          information for their benefit or to the detriment of

          the departmental or agency mission.



     h.   Identify key questions likely to be asked by

          adversaries about department or agency intentions,

          capabilities, or activities so they can obtain

          answers critical to their operational effectiveness.



     i.   Identify detectable actions and information from

          open sources that can be interpreted or pieced

          together by an adversary to derive critical

          information about departmental or agency activities

          or operations.



     j.   Understand the adversaries' (hostile intelligence

          threat) capabilities, i.e., ability to collect

          indicators through observation, infiltration,

          bribery, or conventional intelligence collection

          means such as signals intelligence, human

          intelligence, and imagery intelligence.



     k.   Be aware of countermeasures that can be used to deny

          the adversaries the critical information.



     1.   Prioritize OPSEC initiatives, including surveys,

          implementation of countermeasures or other OPSEC

          activities, based on the relative importance of the

          activity or operation, the sensitivity of the

          information involved, and the capabilities of the

          adversaries.



     m.   Understand the department's or agency's overall

          OPSEC posture, that is, the extent to which OPSEC is

          integrated into all of the departmental or agency

          activities.



     n.   Be aware of problems encountered in establishing and

               sustaining the department or agency OPSEC

          program.



3.   PROGRAM ELEMENTS-COMPONENT LEVEL



     a.   Issue a component directive that implements NSDD 298

          and the department or agency directive.



     b.   Ensure that all component personnel, commensurate

          with their positions and security clearances, are

          aware of the hostile intelligence threat and

          understand the OPSEC process.



     c.   Delegate, as appropriate, authority to plan, direct,

          and implement OPSEC measures to the operations

          element or that equivalent element of the component

          primarily responsible for the accomplishment of the

          component's overall mission, and designate an

          official in that element as the OPSEC Coordinator

          for the component.  This normally should not be the

          security or other support element.



     d.   Require each element of the component to designate

          an individual whose responsibilities include

          specific requirements to plan for and implement

          OPSEC prior to, during, and after the execution of

          operations and other activities that influence the

          effectiveness of the component's mission.



     e.   Require each element to identify core secrets,

          critical information, and sensitive operations to be

          protected from the adversary intelligence threat.



     f.   Require each element to follow OPSEC planning

          guidance, taking into account those aspects of their

          activities or operations that should be protected in

          light of friendly and adversary goals, estimated key

          adversary questions, probable adversary knowledge,

          desirable and harmful adversary appreciations, and

          pertinent adversary intelligence threats.



     g.   Require elements to use systematic OPSEC analysis

          developed for OPSEC surveys to identify

          vulnerabilities and select appropriate OPSEC

          measures to support specific organizational missions

          and activities.



     h.   Establish a sufficient number of OPSEC work groups,

          with multidisciplined and cross-component

          representation, to perform the necessary support

          functions required for an effective OPSEC program. 

          The working groups should develop and set priorities

          for the component's OPSEC program objectives, meet

          on a regular basis, and maintain records of

          meetings.



     i.   Require elements to provide a report at least

          annually on the OPSEC posture of the element and

          OPSEC activities carried out.



     j.   Require the official designated as the OPSEC

          Coordinator for the component to perform the

          following tasks:



          (1)       Develop componentwide OPSEC policy,

                    guidance, and instructions.



          (2)       Publish an OPSEC planning guide that

                    establishes minimum standards for

                    conducting OPSEC activities.



          (3)  Represent the head of the component at the

               departmental or agency level on OPSEC-related

               matters.



          (4)       Manage the componentwide OPSEC program by

                    performing the following tasks:



               (a)       Planning and programming technical and

                         other OPSEC support for the elements,

                         including the conduct of OPSEC

                         vulnerability assessments of

                         componentwide or multielement

                         activities.



               (b)       Analyzing vulnerabilities detected in

                         the course of componentwide or

                         multielement assessments and

                         recommending potential countermeasures

                         as appropriate.



          (5)       Oversee the component OPSEC program by

                    performing the following tasks:



               (a)       Establishing and chairing a work group

                         to coordinate in the componentwide

                         OPSEC program. Ensuring that the work

                         group represents appropriate program

                         offices and field elements to provide

                         an active forum to discuss and assess

                         generic and specific OPSEC concerns.



               (b)       Coordinating with field elements on

                         OPSEC matters and providing assistance

                         as requested.



               (c)       Assessing the effectiveness of the

                         componentwide OPSEC program by

                         performing periodic reviews.



          (6)       Operate the componentwide office of record

                    for OPSEC plans and program files to assist

                    in developing an active OPSEC program for

                    component operations and other activities.



          (7)       Develop and maintain an OPSEC plan that

                    includes, at a minimum, goals, milestones,

                    and a timetable.



          (8)       Advise the head of the component of the

                    status of the component's OPSEC program,

                    including plans, developments innovations,

                    problems, and solutions.



     k.   Require the official in charge of training to

          establish OPSEC awareness and training programs to

          ensure that all employees are aware of their

          adversaries' capabilities and understand the OPSEC

          process.



SAMPLE DIRECTIVE



DATE:



NUMBER:



DIRECTIVE:



SUBJECT:  Operations Security Program (cite NASA Installation)



REFERENCE:     National Security Decision Directive 298,

               "National Operations Security Program," dated

               January 22, 1988.



A.   PURPOSE



     This Directive establishes the operations security

     (OPSEC) program, provides policy, assigns

     responsibilities, and implements reference.



B.   APPLICABILITY



     1.   This Directive applies to (cite NASA Installation)

          (hereafter referred to collectively as elements).



     2.   The (cite NASA Installation) OPSEC program shall be

          applied to contractors when it has been determined

          that such measures are necessary for the adequate

          protection of critical or sensitive information,

          activities or operations of the (cite Installation),

          its elements directly or indirectly associated with

          a specific contract.



C.   DEFINITIONS



     1.   Operations Security (OPSEC).  A systematic and

          analytic process by which the U.S. Government and

          its supporting contractors can deny to potential

          adversaries information about capabilities and

          intentions by identifying, controlling, and

          protecting evidence of the planning and execution of

          sensitive activities and operations.



     2.   Critical Information.  Information that must be

          protected from loss to keep an adversary from

          gaining a significant operational, economic,

          political, or technological advantage and prevent

          adverse impact on friendly mission accomplishment.



D.   POLICY



     1.   In accordance with reference, each element shall

          establish a formal OPSEC program with the following

          common features:



          a.   Specific assignment of responsibility for OPSEC

               direction and implementation;



          b.   Specific requirements to plan for and implement

               OPSEC in anticipation of and, where appropriate,

               during element activity;



          c.   Use of OPSEC analytical techniques to assist in

               identifying OPSEC vulnerabilities and to select

               appropriate OPSEC measures; and



          d.   Measures to ensure that all personnel,

               commensurate with their positions and security

               clearances, are aware of hostile intelligence

               threats and understand the OPSEC process.



          e.   Requirement for an annual review and evaluation

               of this OPSEC program to determine its

               effectiveness in the preceding year and to

               develop recommendations on improvements for the

               next year and the longer term.  The annual

               report shall be submitted to the Chief, NASA

               Security Office for review and approval.



          f.   Provisions for cross element and interagency

               support and cooperation with respect to OPSEC

               programs.



     2.   The Chief, NASA Security Office must be advised on

          OPSEC measures required of other NASA Installations

          or other departments and agencies of the U.S.

          Government to achieve and maintain effective

          operations or activities.



     3.   OPSEC is a management responsibility.  Supervisors

          at all levels are responsible for maintaining their

          organization's OPSEC program.



     4.   Authority to plan, direct, and implement OPSEC

          measures may be delegated, as appropriate, to the

          operation's unit or an equivalent unit of the

          element primarily responsible for the accomplishment

          of the element's overall mission.  This normally

          should not be the Installation Security or other

          support unit.



     5.   OPSEC must be addressed from initiation of all

          planning, programming, and budgeting actions.



E.   RESPONSIBILITIES



     1.   The (cite title) for (cite element) is hereby

          appointed as (cite NASA Installation) OPSEC Program

          Manager and shall perform the following tasks:



          a.   Develop OPSEC policy, guidance, and

               instructions.



          b.   Publish an OPSEC planning guide that establishes

               minimum standards for conducting OPSEC

               activities.



          c.   Provide representation at agency level on OPSEC-

               related matters.



          d.   Operate the office of record for OPSEC plans and

               program files.



          e.   Develop and maintain an OPSEC plan that

               includes, at a minimum, goals, milestones, and a

               timetable.



          f.   Advise the Installation Director of the status

               of the (cite NASA Installation) OPSEC Program,

               to include plans, developments, innovations,

               problems, and solutions.



          g.   Manage the (cite NASA Installation)-OPSEC

               Program by performing the following tasks:



               (l)       Planning and programming technical and

                         other OPSEC support for the elements,

                         including the conduct of OPSEC

                         vulnerability assessments of (cite

                         Installation)-wide or multi-element

                         activities.



               (2)       Analyzing vulnerabilities detected in

                         the course of  (cite NASA

                         Installation)-wide assessments, and

                         recommending potential countermeasures

                         as appropriate.



          h.   Conduct oversight of the OPSEC Program by

               performing the following tasks:



               (l)       Establishing and chairing a working

                         group to manage the  OPSEC Program. 

                         The working group should be composed

                         of members from all major elements

                         and, as appropriate, support elements,

                         and provide an active forum to discuss

                         and assess generic and specific OPSEC

                         concerns. The working group should

                         develop and set priorities for the

                         OPSEC program objectives, meet on a

                         regular basis, and maintain records of

                         meetings.



               (2)       Coordinating with all elements  on

                         OPSEC matters and providing assistance

                         as requested.



               (3)       Assessing the effectiveness of the

                         OPSEC program by performing periodic

                         reviews.



     2.   Installation Directors shall perform the following

          tasks:



          a.   Designate an individual whose responsibilities

               shall include specific requirements to plan for

               and implement OPSEC prior to, during and after

               execution of operations and other activities

               that impact on mission effectiveness.



          b.   Identify its core secrets, critical information

               and sensitive operations that must be protected

               from the adversary intelligence threat.



          c.   Follow NASA Security Office OPSEC planning

               guidance taking into account those aspects of

               activities or operations that should be

               protected in light of friendly and adversary

               goals, estimated key adversary questions,

               probable adversary knowledge, desirable and

               harmful appreciations, and pertinent adversary

               intelligence threats.



          d.   Use systematic OPSEC analysis developed for

               OPSEC surveys to identify vulnerabilities and

               select appropriate OPSEC measures to support

               specific missions and activities.



          e.   Establish OPSEC working groups, with

               multidisciplined and cross representation, to

               perform the necessary support functions required

               for an effective OPSEC program.



          f.   Provide a report at least annually on the OPSEC

               posture and the OPSEC activities of the

               Installation.



     3.   The ICS shall perform the following tasks:



          a.   Establish training programs that will ensure

               that all employees understand the OPSEC process

               and are aware of the adversaries' intelligence

               capabilities.



          b.   Provide technical OPSEC training to those

               individuals who are involved in the conduct of

               OPSEC surveys.







            APPENDIX U:  OPERATION SECURITY GLOSSARY



1.  DEFINITIONS



Acceptable Level of Risk.  The level at which an Automated

Information System (AIS) is deemed to meet the minimum

requirements of applicable security directives as determined

by an assessment made by the appropriate designated approving

authority (National INFOSEC Glossary, October 1988).



Access Control Mechanism.  Hardware or software features,

operating procedures, management procedures, and various

combinations of these designed to prevent unauthorized access,

and to permit authorized access to information within an

automated system (National INFOSEC Glossary, October 1988).



Acoustical Intelligence (ACOUSTINT).  Intelligence information

derived from analysis of acoustic waves radiated either

intentionally or unintentionally by the target into

surrounding medium (Glossary of Intelligence Terms and

Definitions, June 1989).  NOTE:  In Naval usage, the acronym

ACINT is used and usually refers to intelligence derived

specifically from analysis of underwater acoustic waves from

ships and submarines.  The technical and intelligence

information derived from foreign sources that generate waves.



Administratively Controlled Information.  Privileged but

unclassified material bearing designations such as FOR

OFFICIAL USE ONLY or LIMITED OFFICIAL USE to prevent

disclosure to unauthorized persons (Glossary of Intelligence

Terms and Definitions, June 1978).



Administrative Security.  The management constraints and

supplemental controls established to provide an acceptable

level of protection for data (National INFOSEC Glossary,

October 1988).  NOTE:  Synonymous with procedural security.



Adversary.  Those individuals or organizations that must be

denied critical information to maintain friendly mission

effectiveness.



Agent.  A person who engages in clandestine intelligence

activity under the direction of an intelligence organization

but who is not an officer, employee, or co-opted worker of

that organization (Glossary of Intelligence Terms and

Definitions, June 1989).



Appreciations.  Personal conclusions, official estimates, and

assumptions about another party's intentions, capabilities,

and activities used in planning and decisionmaking.



1.        Desired Appreciations.  Adverse personal conclusions

          and official estimates, valid or invalid, that

          result in adverse behaviors and official actions

          advantageous to friendly interests and objectives.



2.        Harmful Appreciations.  Adverse personal

          conclusions, official estimates, or assumptions,

          valid or invalid, that result in adverse behaviors

          and official actions harmful to friendly interests

          and objectives (JCS MOP 199, March 1989).



Assessment.  An analysis of the threat to or the

vulnerabilities of a telecommunications or automated

information processing system or activity (National INFOSEC

Glossary, October 1988).



Audit.  The independent review and examination of records and

activities to test for adequacy of system controls, to ensure

compliance with established controls, to ensure compliance

with established policy and operational procedures, and to

recommend any indicated changes in controls, policy, or

procedures (National INFOSEC Glossary, October 1988).  NOTE: 

An audit may be conducted by personnel responsible to the

management of the organization being audited (internal) or by

an organization independent of the one being audited (external).



Automated Data Processing.  See automated information systems.



Automated Information Systems.  Systems that collect, create,

prepare, or manipulate information in electronic form for

purposes other than device control or telecommunications

(National INFOSEC Glossary, October 1988).  NOTE:  Includes

computers, word processing systems, other electronic

information handling systems, and associated equipment.  



Automated Information Systems Security.  The totality of

security safeguards used to provide a defined level of

protection to an automated information system and data handled

by it (National INFOSEC Glossary, October 1988).  NOTE:  See

telecommunications and automated information systems security.



Carve-out.  A classified contract issued in connection with an

approved Special Access Program in which the Defense

Investigative Service has been relieved of inspection

responsibility in whole or in part under the Defense

Industrial Security Program (DoD Directive 5200.lR,

Information Security Program Regulation).



Category.  A restrictive label that has been applied to

classified or unclassified data as a means of increasing the

protection of the data by further restricting access to the

data (National INFOSEC Glossary, October 1988).   NOTE: 

Examples include Sensitive Compartmented Information (SCI),

Proprietary Information (PROPIN), and NATO Information. 

Individuals are granted access to special category information

only after being granted formal access authorization.



Categories of Data.  In the context of perception management

and its constituent approaches, data obtained by adversarial

individuals, groups, intelligence systems, and officials are

categorized in two ways:



1.        Information.  A compilation of data provided by

          secret or open sources that would provide a

          substantially complete picture of friendly

          intentions, capabilities, or activities.



2.   Indicators.  Data derived from open sources or from

     detectable actions that adversaries can piece together or

     interpret to reach personal conclusions or official

     estimates concerning friendly intentions, capabilities,

     or activities.



     NOTE:  For OPSEC purposes, actions that convey indicators

     exploitable by adversaries, but that must be carried out

     regardless, to plan, prepare for, and execute activities,

     are called "observable" (JCS MOP l9g, March 1989).



Classified Information.  Official information regarding the

national security that has been designated Top Secret, Secret,

or Confidential in accordance with Executive Order 12356

(National INFOSEC Glossary, October 1988).



Communications Cover.  The concealing or altering of

characteristic communications patterns to hide information

that could be of value to an adversary (National INFOSEC

Glossary, October 1988).



Communications Deception.  Deliberate transmission,

retransmission, or alteration of communications to mislead an

adversary in his interpretation of the communications

(National INFOSEC Glossary, October 1988).



Communications Intelligence (COMINT).  Technical and

intelligence information derived from interception of foreign

communications by other than the intended recipients; it does

not include the monitoring of foreign public media or the

interception of communications obtained during the course of

counterintelligence investigations within the United States. 

COMINT includes the fields of traffic analysis, cryptanalysis,

and direction finding (Glossary of Intelligence Terms and

Definitions, June 1989).



Communications Profile.  An analytic model of communications

associated with an organization or activity (National INFOSEC

Glossary, October 1988).  NOTE:  The model is prepared from a

systematic examination of communications content and patterns,

their reflections, and the COMSEC measures applied.



Communications Security (COMSEC).  Measures taken to deny

unauthorized persons information derived from

telecommunications of the U.S. Government concerning national

security, and to ensure the authenticity of such

telecommunications (National INFOSEC Glossary, October 1988). 

NOTE:  COMSEC includes cryptosecurity, emission security,

transmission security, and physical security of COMSEC

material and information.  See also telecommunications and

automated information systems security.



Communications Security Monitoring.  The act of listening to

or recording telecommunications transmissions of a U.S.

organization to provide material for analysis to determine the

degree of security being provided to those transmissions

(National INFOSEC Glossary, October 1988).



Communications Security Survey.  The organized collection of

COMSEC and communications data relative to a given operation,

system, or organization (National INFOSEC Glossary, October

1988).



Compartmentation.  Formal system of restricted access to

intelligence activities, such systems established by and/or

managed under the cognizance of the Director of Central

Intelligence to protect the sensitive aspects of sources,

methods, and analytical procedures of foreign intelligence

programs (Glossary of Intelligence Terms and Definitions, June

1989).  NOTE:  See also decompartmentation.



Compromise.  The exposure of classified official information

or activities to persons not authorized access thereto, i.e.,

unauthorized disclosure (Glossary of Intelligence Terms and

Definitions, June 1989).  NOTE:  See classified information.



Compromising Emanations.  Unintentional data-related or

intelligence-bearing signals emitted from telecommunications

or information processing equipment or systems (National

INFOSEC Glossary, October 1988).  NOTE:  If intercepted and

analyzed, compromising emanations can disclose classified or

sensitive unclassified information transmitted, received, or

processed by equipment or system.  Also referred to as

TEMPEST.



Computer Security (COMPUSEC).



1.        The protection resulting from all measures designed

          to prevent deliberate or inadvertent unauthorized

          access, disclosure, acquisition, manipulation,

          modification, or loss of information in a computer

          system.



2.        The computer-driven aspects of automated information

          system security encompassing the mechanisms and

          techniques that control access to or use of the

          computer or information stored in it.  



3.        The technical, administrative, and programmatic

          means to ensure  correct, timely, and accountable

          delivery of appropriate information to authorized

          customers to ensure accountable delivery of

          appropriate information to authorized customers

          through automation.  See also automated information

          systems security (Glossary of Intelligence Terms and

          Definitions, June 1989).



Computer Security Technical Vulnerability Reporting Program

(CSTVRP).  A program that focuses on technical vulnerabilities

in commercially available hardware, firmware, and software

products acquired by the Department of Defense (DoD) (National

INFOSEC Glossary, October 1988).  NOTE:  CSTVRP provides

reporting, cataloging, and discreet dissemination of technical

vulnerability and corrective information to DoD components on

a need-to-know basis.  



Confidentiality.  The concept of holding sensitive data in

confidence, limited to an appropriate set of individuals or

organizations (National INFOSEC Glossary, October 1988).



Confidential Source.  Any individual or organization that has

provided, or that may reasonably be expected to provide,

information to the United States on matters pertaining to the

national security with the expectation, expressed or implied,

that the information or relationship, or both, be held in

confidence (DoD Directive 5200.lR Information Security Program

Regulation).



Confinement.  The prevention of the leaking of sensitive data

from a program (National INFOSEC Glossary, October 1988).



Controlled Information.  Information conveyed to an adversary

in a deceptive operation to evoke desired appreciations (JCS

PUB 18, Dec.  1982).



Counterintelligence.  Information gathered and activities

conducted to protect against espionage, other intelligence

activities, sabotage, or assassinations conducted for or on

behalf of foreign powers, organizations, persons, or terrorist

activities, but not including personnel, physical, document,

or communications security programs.  See foreign

counterintelligence (Glossary of Intelligence Terms and

Definitions, June 1989).



Critical Information.  Information that must be protected from

loss to keep an adversary from gaining a significant

operational, economic, political, or technological advantage,

and prevent adverse impact on friendly mission accomplishment.



Cryptanalysis.  The operations performed in converting

encrypted messages to plain text without initial knowledge of

the algorithm and/or key employed in the encryption (National

INFOSEC Glossary, October 1988).



Cryptology.  The science and activities that deal with hidden,

disguised, or encrypted communications (National INFOSEC

Glossary, October 1988).  NOTE:  Cryptology includes COMSEC

and COMINT.



Deception Means.  Methods, resources, and techniques that can

be used to convey or deny information:



1.   Administrative Means.  Resources, methods, and techniques

     designed to convey or deny oral, pictorial, documentary,

     or other physical evidence.



2.        Physical Means.  Activities and resources used to

          convey or deny selected information.  (Examples: 

          military operations, including exercises,

          reconnaissances, training activities, and movement

          of forces; the use of dummy equipment and devices;

          tactics; bases, logistic actions, stockpiles,

          maintenance, and repair activities; and test and

          evaluation activities.)



3.   Technical Means.  Military material resources and their

     associated operating techniques used to convey or deny

     selected information through the deliberate radiation,

     reradiation, alteration, absorption, or reflection of

     energy; the emission or suppression of chemical

     biological odors; and the emission or suppression of

     nuclear particles (JCS PUB 18, Dec.  1982).



Declassification.  Removal of official information from the

protective status afforded by security classification; it

requires a determination that disclosure no longer would be

detrimental to national security (Glossary of Intelligence

Terms and Definitions, June 1989).



Decompartmentation.  The removal of materials, information or

products from a compartmented system without altering them to

conceal sources, methods, or analytical procedures (Glossary

of Intelligence Terms and Definitions, June 1989).



Detectable Actions.  Physical actions or entities that can be

observed, imaged, or detected by human senses or by active and

passive technical sensors, including emissions that can be

intercepted (JCS MOP 199, March 1989).



Direction Finding (DF).  A procedure for obtaining bearings on

radio frequency emitters with the use of a directional antenna

and a display unit with an intercept receiver or ancillary

equipment (Glossary of Intelligence Terms and Definitions,

June 1989).



Disclosure.  The authorized release of classified information

through approved channels (Glossary of Intelligence Terms and

Definitions, June 1989).



Eavesdropping.  The unauthorized interception of information-

bearing emanations through the use of methods other than

wiretapping (National INFOSEC Glossary, October 1988).



Economic Assessment.  A detailed study of security measures,

their technical and operational feasibility, and their

associated costs and benefits (National INFOSEC Glossary,

October 1988).  NOTE:  Economic assessments aid in planning

and selecting security measures.



Economic Intelligence.  Intelligence regarding foreign

economic resources, activities, and policies including the

production, distribution, and consumption of goods and

services, labor, finance, taxation, and other aspects of the

international economic system (Glossary of Intelligence Terms

and Definitions, June 1989).



Electro-optical Intelligence (ELECTRO-OPTINT).  Intelligence

information derived from the optical monitoring of the

electromagnetic spectrum from ultraviolet (0.01 micrometers)

through far (long wavelength) infrared (1,000 micrometers)

(Glossary of Intelligence Terms and Definitions, June 1989). 

NOTE:  Also see optical intelligence.



Electronic Intelligence (ELINT).  Technical and intelligence

information derived from foreign noncommunications

transmissions by other than the intended recipients. 

Technical and intelligence information derived from foreign

noncommunications electromagnetic radiations emanating from

other than atomic detonation or radioactive sources (Glossary

of Intelligence Terms and Definitions, June 1989).



Electronics Security (ELSEC).  The protection resulting from

all measures designed to deny unauthorized persons information

of value that might be derived from the interception and

analysis of noncommunications electromagnetic radiations, such

as radar (National INFOSEC Glossary, October 1988).



Emissions Security (EMSEC).  The protection resulting from all

measures taken to deny unauthorized persons information of

value that might be derived from the interception and analysis

of compromising emanations from crypto-equipment, automated

information systems, and telecommunications systems (National

INFOSEC Glossary, October 1988).



Energy Intelligence.  Intelligence relating to the technical,

economic, and political capabilities and programs of foreign

countries to engage in development, utilization, and commerce

of basic and advanced energy technologies.  This includes the

location and extent of foreign energy resources and their

allocation; foreign government energy policies, plans, and

programs; new and improved foreign energy technologies; and

economic and security aspects of foreign energy supply,

demand, production, distribution, and utilization (Glossary of

Intelligence Terms and Definitions, June 1989).



Espionage.  Intelligence activity directed toward the

acquisition of information through clandestine means and

proscribed by the laws of the country against which it is

committed (Glossary of Intelligence Terms and Definitions,

June 1989).



Essential Elements of Friendly Information (EEFI).  Key

questions about friendly intentions and military capabilities

likely to be asked by opposing planners and decision makers

(JCS PUB 18, Dec.  1982).



Essential Secrecy.  Adversary unknowns or uncertainties about

specific factual friendly intentions, capabilities, and

activities vitally needed by adversaries for them to plan and

act effectively so as to guarantee failure or unacceptable

consequences for friendly mission accomplishment.



Exploitation.  The process of obtaining intelligence

information from any source and taking advantage of it for

intelligence purposes.  NOTE:  Also see source (Glossary of

Intelligence Terms and Definitions, June 1989).



Foreign Counterintelligence (FCI).  Intelligence activity,

with its resultant product, intended to detect, counteract,

and/or prevent espionage and other clandestine intelligence

activities, sabotage, international terrorist activities, or

assassinations conducted for or on behalf of foreign powers,

organizations, or persons; it does not include personnel,

physical, document, or communications security programs

(Glossary of Intelligence Terms and Definitions, June 1989).



Foreign Government Information.  Information that is: 



     1.   Provided to the United States by a foreign

          government or governments, an international

          organization of governments, or any element thereof

          with the expectation, expressed or implied, that the

          information, the source of the information, or both,

          are to be held in confidence; or 



     2.   Produced by the United States pursuant to or as a

          result of a joint arrangement with a foreign

          government or governments or an international

          organization of governments, or any element thereof,

          requiring that the information, the arrangement, or

          both, are to be held in confidence (DoD 5200.lR

          Information Security Program Regulation).



Foreign Instrumentation Signals (FIS).  Electromagnetic

emissions associated with the testing and operational

deployment of non-U.S.  aerospace, surface, and subsurface

systems that may have either military or civilian application;

it includes but is not limited to the signals fromtelemetry,

beaconry, electronic  interrogators, tracking/fusing/

arming/command systems, and video data links (Glossary of

Intelligence Terms and Definitions, June 1989).



Foreign Instrumentation Signals Intelligence (FISINT). 

Technical and intelligence information derived from intercept

of foreign instrumentation signals (Glossary of Intelligence

Terms and Definitions, June 1989).



Foreign Material (FORMAT) Intelligence.  Intelligence derived

from the exploitation of foreign equipment, subsystems,

components, or other material (Glossary of Intelligence Terms

and Definitions, June 1989).



Friendly.  Those individuals or organizations involved in the

specific sensitive operation or activity who have a need-to-

know.



Geographic(al) Intelligence.  Foreign intelligence dealing

with the location, description, and analysis of physical and

cultural factors of the world (e.g., terrain, climate, natural

resources, transportation, boundaries, population

distribution) and their changes through time (Glossary of

Intelligence Terms and Definitions, June 1989).



Hostile Cognizant Agent.  A person who is authorized access to

classified or sensitive unclassified information and who

intentionally makes that information available to a member of

a hostile intelligence service or other group whose goals are

inimical to the interests of the United States Government or

its allies (National INFOSEC Glossary, October 1988).



Hostile Threat Environment.  An area that contains known

threats over which one possesses little or no control

(National INFOSEC Glossary, October 1988).  NOTE:  Some

diplomatic facilities and tactical military units may be

located in a hostile threat environment.  



Human Intelligence (HUMINT).  A category of intelligence

information derived from human sources (Glossary of

Intelligence Terms  and  Definitions, June 1989).



Human Source.  A person who wittingly or unwittingly conveys

by any means information of potential intelligence value

(Glossary of Intelligence Terms and Definitions, June 1989).



Imagery.  Representations of objects reproduced electronically

or by optical means on film, electronic display devices, or

other media (Glossary of Intelligence Terms and Definitions,

June 1989).



Imagery Intelligence (IMINT).  The products of imagery and

photographic interpretation processed for intelligence use

(Glossary of Intelligence Terms and Definitions, June 1989).



Imagery Interpretation (II).  The process of locating,

recognizing, identifying, and describing objects, activities,

and terrain represented by imagery; it includes photographic

interpretation (Glossary of Intelligence Terms and

Definitions, June 1989).



Imitative Communications Deception.  Introduction of deceptive

messages or signals into an adversary's telecommunications

signals (National INFOSEC Glossary, October 1988).



Inadvertent Disclosure.  Accidental exposure of sensitive

information to a person not authorized access (National

INFOSEC Glossary, October 1988).  NOTE:  This may result in a

compromise or a need-to-know violation.



Indicator.  An event, observation, or value used to measure an

abstract concept.  An item of information that reflects the

intention or capability of a potential enemy to adopt or

reject a course of action.  An action-specific, generalized,

or theoretical-that an enemy might be expected to take in

preparation for an aggressive act (Glossary of Intelligence

Terms and Definitions, June 1989).



Information and Indicator Sources.  Data, material, and

actions that provide information and indicators.  The sources

are categorized as follows:



1.   Secret Sources.  Friendly personnel, documents, material,

     etc., possessing classified or sensitive information.



2.   Open Sources.  Oral, documentary, pictorial, and physical

     materials accessible to the public, or overt contacts

     with adversary parties.



3.   Detectable Actions.  Physical actions or entities that

     can be observed, imaged, or detected by active or passive

     sensors.  Also includes emissions that can be

     intercepted.



Information Security (INFOSEC).  The discipline covering the

protection of classified national security information by the

application of the rules and procedures established by

Executive Order 12356.  It includes classification,

declassification, marking, mandatory review, oversight, etc. 

The procedures pertaining to both communications security and

computer security (Glossary of Intelligence Terms and

Definitions, June 1989).



Information Systems Security.  The protection afforded

information systems to preserve the availability, integrity,

and confidentiality of the systems and the information

contained within the systems.  Such protection is the

application of the combination of all security disciplines

that will at a minimum include:  COMSEC, TEMPEST, COMPUSEC,

personnel security, industrial security, resource protection,

and physical security (Glossary of Intelligence Terms and

Definitions, June 1989).  NOTE:  Others define this as

INFOSEC.  See also telecommunications and automated

information systems security (TIASS).



Infrared Imagery.  A likeness or impression produced as a

result of sensing electromagnetic radiations emitted or

reflected from a given target surface in the infrared portion

of the electromagnetic spectrum (Glossary of Intelligence

Terms and Definitions, June 1989).



Intelligence Cycle.  The processes by which information is

acquired and converted into intelligence and made available to

customers.  There are usually five steps in the cycle:



1.        Planning and Direction.  Determination of

          intelligence requirements, preparation of a

          collection plan, issuance of orders, requests to

          information collection entities, and a continuous

          check on the productivity of collection entities.



2.   Collection.  Acquisition of information or intelligence

     information and the provision of this to processing

     and/or production elements.



3.        Processing.  Conversion of collected information

          and/or intelligence information into a form more

          suitable for the production of intelligence.



4.        Production.  Conversion of information or

          intelligence information into finished intelligence

          through the integration, analysis, evaluation,

          and/or interpretation of all available data and the

          preparation of intelligence products in support of

          known or anticipated customer requirements.



5.   Dissemination.  Timely conveyance of intelligence in

     suitable form to customers (Glossary of Intelligence

     Terms and Definitions, June 1989).



Intelligence Information.  Information of potential

intelligence value concerning the capabilities, intentions,

and activities of any foreign power, organization, or

associated personnel (Glossary of Intelligence Terms and

Definitions, June 1989).



Intelligence Life.  The length of time during which

information remains important enough to protect (National

INFOSEC Glossary, October 1988).



Intelligence System.  Any formal or informal system to manage

data gathering, to obtain and process the data, and to provide

reasoned judgments to decision makers as a basis for action. 

The term is not limited to intelligence organizations or

services, but includes any system in all its parts that

accomplishes the listed tasks.



Intrusion Detection System (IDS).  A system designed to detect

and signal the entry of unauthorized persons into a protected

area, such as security alarms, sensor systems, or video

systems (National INFOSEC Glossary, October 1988).



Laser Intelligence (LASINT).  Technical and intelligence

information derived from laser systems; it is a subcategory of

electro-optical intelligence (Glossary of Intelligence Terms

and Definitions, June 1989).



Limited Access Area.  An area in which uncontrolled movement

of persons would allow access to classified information, but

in which such access is prevented by escort or other internal

restrictions or controls (National INFOSEC Glossary, October

1988).



Low Probability of Detection (LPD).  Measures used to hide or

disguise intentional electromagnetic transmissions (National

INFOSEC Glossary, October 1988).



Manipulative Communications Deception.  The alteration or

simulation of friendly telecommunications for the purpose of

deception (National INFOSEC Glossary, October 1988).  NOTE: 

May consist of any or all of the following:  establishment of

bogus communications structures, transmission of deception

messages, expansion or creation of communications schedules on

existing structures to display an artificial volume of

messages.  



Meaconing.  A system for receiving radio beacon signals and

retransmitting them on the same frequency to confuse

navigation and cause inaccurate bearings to be obtained by

beacon users (National INFOSEC Glossary, October 1988).



Meaconing, Intrusion, Jamming and Interference (MIJI).  A

collective name for all of the types of jamming or other

interference that may be used against electromagnetic

equipment or systems (National INFOSEC Glossary, October

1988).



Measurement and Signature Intelligence (MASINT).  Scientific

and technical intelligence information obtained by

quantitative and qualitative analysis of data (metric, angle,

spatial, wavelength, time dependence, modulation, plasma, and

hydromagnetic) derived from specific technical sensors for the

purpose of identifying any distinctive features associated

with the source emitter or sender and to facilitate subsequent

identification and/or measurement of the same (Glossary of

Intelligence Terms and Definitions, June 1989).



Medical Intelligence (MEDINT).  Medical scientific, technical,

and biological intelligence that assesses and predicts

technological advances of medical significance to include

defense against chemical, biological, and radiological

warfare; it applies to both tactical and strategic planning

and operations, including military and humanitarian efforts

(Glossary of Intelligence Terms and Definitions, June 1989).



National Computer Security Assessment Program (NCSAP).  A

program designed to evaluate the interrelationship of

empirical data of computer security infractions and that of

critical systems profiles, while comprehensively incorporating

information from the Computer Security Technical Vulnerability

Reporting Program (National INFOSEC Glossary, October 1988). 

NOTE:  Assessments build threat and vulnerability scenarios

that are based on a collection of facts from relevant reported

cases.  Such scenarios are a powerful, dramatic, and concise

form of representing the value of loss experience analysis.



National Security Information.  Classified information related

to the national defense or foreign relations of the United

States (National INFOSEC Glossary, October 1988).



Need-to-Know.  The necessity for access to, knowledge of, or

possession of specific information required to carry out

official duties (National INFOSEC Glossary, October 1988).



Nuclear Intelligence (NUCINT).  Intelligence derived from the

collection and analysis of radiation and other effects

resulting from radioactive resources (Glossary of Intelligence

Terms and Definitions,     June 1989).



Nuclear Proliferation Intelligence.  Foreign intelligence

relating to:



1.        Scientific, technical, and economic capabilities and

          programs and the political plans and intentions of

          non-nuclear weapon states or foreign organizations

          to acquire nuclear weapons and/or to acquire the

          requisite special nuclear materials and to carry on

          research, development, and the manufacturing of

          nuclear explosive devices; and



2.        The attitudes, policies, and actions of foreign

          nuclear supplier countries toward provision of

          technologies, facilities, or special nuclear

          materials that could assist non-nuclear weapon

          states or foreign organizations to acquire or

          develop nuclear explosive devices (Glossary of

          Intelligence Terms and Definitions, June 1989).



Open Sources.  Overt contacts between people or oral,

documentary, pictorial, and physical materials accessible by

the public (JCS MOP 199, Dec.  1989).



Open Source Information.  Information of potential

intelligence value (i.e., intelligence information) available

to the general public such as papers, books, periodicals, and

other printed information.  It also includes information

derived from radio and television transmissions, press

agencies, maps, and photography (Glossary of Intelligence

Terms and Definitions, June 1989).



Operational Intelligence (OPINTEL).  Intelligence required for

planning and executing operations (Glossary of Intelligence

Terms and Definitions, June 1989).



Operations Security Problem.  When activities or procedures of

one organization create vulnerabilities to another

organization's critical information.



Operations Security (OPSEC).  A systematic and analytic

process by which the U.S.  Government and its supporting

contractors can deny to potential adversaries information

about capabilities and intentions by identifying, controlling,

and protecting evidence of the planning and execution of

sensitive activities and operations.



Operations Security Appraisal.  A type of OPSEC assessment

where a desktop review is made of an operation or activity of

an organization or facility to determine vulnerabilities and

possible countermeasures.



Operations Security Assessment.  A process of analyzing

information and indicator sources associated with operations

and other activities to evaluate and improve the effectiveness

of an organization in protecting its critical information from

adversaries using the following three steps:



1.        Identifying critical information that must be

          protected.



2.        Identifying indicators or information that can be

          observed or obtained by adversaries that could be

          interpreted or pieced together to derive critical

          information in time to be useful to adversaries.



3.        Selecting and recommending measures that eliminate

          or reduce the vulnerabilities of friendly actions or

          information to adversary exploitation.



Operations Security Indicators.  Friendly detectable actions

and information that can be interpreted or pieced together by

an adversary to derive critical information.



Operations Security Measures.  Countermeasures that will deny

adversaries the ability to collect, process, analyze, or

utilize indicators.



Operations Security Planning Guidance.  Guidance that serves

as the blueprint for OPSEC planning by all functional elements

throughout the organization.  It defines the critical

information that requires protection from adverse

appreciations, taking into account friendly and adversarial

goals, estimated key adverse questions, probable adverse

appreciations, and pertinent intelligence system threats.  It

also should outline provisional OPSEC measures to ensure the

requisite essential secrecy.



Operations Security Process.  A systems analysis methodology

involving five steps:  identification of critical information,

analysis of threats, analysis of vulnerabilities, assessment

of risks, and application of appropriate countermeasures.



Operations Security Survey.  A thorough on-site examination of

an operation or activity to determine if there are

vulnerabilities that would permit adversary exploitation of

critical information during the planning, preparation,

execution, and postexecution phases of any operation or

activity.



Operations Security Vulnerability.  A condition when friendly

actions provide OPSEC indicators that may be obtained and

accurately evaluated by an adversary in time to provide a

basis for effective adversary decisionmaking.



Operations Security Working Group.  A formally designated body

representing a broad range of administrative and programmatic

activities that provides review, support, and participation

with management in the implementation and furtherance of their

operational security program.



Optical Intelligence (OPINT).  That portion of electro-optical

intelligence that deals with visible light (Glossary of

Intelligence Terms and Definitions, June 1989).



Overt Collection.  The acquisition of intelligence information

from public media, observation, government-to-government

dialogue, elicitation, and from the sharing of data openly

acquired; the process may be classified or unclassified; the

target and host governments as well as the sources involved

normally are aware of the general collection activity,

although the specific acquisition, sites, and processes may be

successfully concealed (Glossary of Intelligence Terms and

Definitions, June 1989).



Penetration.  The recruitment of agents within or the

infiltration of agents or introduction of technical monitoring

devices into an organization or group or physical facility for

the purpose of acquiring information or influencing its

activities (Glossary of Intelligence Terms and Definitions, 15

June 1978).  The successful act of bypassing the security

mechanisms of a cryptographic or automated information system

(National INFOSEC Glossary, October 1988).



Penetration Signature.  The description of a situation or set

of conditions or events in which a penetration could occur, or

the characteristics or identifying marks that may be produced

to indicate a successful or unsuccessful attempt at

penetration (National INFOSEC Glossary, October 1988).



Penetration Study.  A study to determine the feasibility and

methods for defeating controls on an automated information

system (National INFOSEC Glossary, October 1988).



Penetration Testing.  The portion of security testing in which

evaluators attempt to circumvent the security features of a

system (National INFOSEC Glossary, October 1988).  NOTE:  The

testing team, consisting of data processing, communications,

and security specialists, may use all design and

implementation documentation, including listings of system

source code, manuals, and circuit diagrams to identify any

system security weaknesses.  



Personnel Insecurity.  The capture, unauthorized absence,

defection, or control by an adversary of an individual having

knowledge of or access to classified or sensitive information

or material.



Personnel Security



1.        The means or procedures--such as selective

          investigations, record checks, personal interviews,

          and supervisory controls--designed to provide

          reasonable assurance that persons being considered

          for or granted access to classified information are

          loyal and trustworthy (Glossary of Intelligence

          Terms and Definitions, 15 June 1978).



2.        The procedures established to ensure that all

          personnel who have access to sensitive or classified

          information have the required authority as well as

          appropriate clearances (National INFOSEC Glossary,

          October 1988).



Photographic Intelligence (PHOTOINT).  The collected products

of photographic interpretation classified and evaluated for

intelligence use; it is a category of imagery intelligence

(Glossary of Intelligence Terms and Definitions, June 1978).



Photographic Interpretation (PI).  The process of locating,

recognizing, identifying, and describing objects, activities,

and terrain represented on photography; it is a category of

imagery intelligence (Glossary of Intelligence Terms and

Definitions, June 1978).



Physical Security



1.        Physical measures--such as safes, vaults, perimeter

          barriers, guard systems, alarms, and access

          controls--designed to safeguard Installations

          against damage, disruption, or unauthorized entry;

          information or material against unauthorized access

          or theft; and specified personnel against harm

          (Glossary of Intelligence Terms and Definitions, 15

          June 1978).



2.        The application of physical barriers and control

          procedures to prevent unauthorized access to

          resources, information, or material (National

          INFOSEC Glossary, October 1988).



Political Intelligence.  Intelligence concerning the dynamics

of the internal and external political affairs of foreign

countries, regional groupings, multilateral treaty

arrangements, and organizations, and foreign political

movements directed against or affecting established

governments or authority (Glossary of Intelligence Terms and

Definitions, June 1989).



Privileged Data.  Data not subject to the usual rules because

of some special circumstance, such as legal and medical files

(National INFOSEC Glossary, October 1988).



Procedural Security.  See administrative security.



Proprietary Data.  Data that are created, used, and marketed

by individuals or organizations having exclusive legal rights

(National INFOSEC Glossary, October 1988).



Protective Security.  Responds to general vulnerabilities and

threats.  It includes personnel security (background

investigations, security clearances, and polygraphs); physical

security (physical safeguards and security barriers); document

security (distinctive markings, classification, and document

destruction procedures); security procedures

(compartmentalization, the "need-to-know principle," and two-

person control); and security awareness efforts (vulnerability

and threat briefings, morale, discipline, and education

programs).



Radar Intelligence (RADINT).  Intelligence information derived

from data collected by radar (Glossary of Intelligence Terms

and Definitions, June 1989).



Radiation Intelligence (RINT).  The functions and

characteristics derived from information obtained from

unintentional electromagnetic energy emanating from foreign

devices; excludes nuclear detonations or radioactive source. 

(Glossary of Intelligence Terms and Definitions, June 1989).



Radio Fingerprinting.  The process of recording and studying

the characteristics of the emissions of a radio transmitter to

identify the transmitting station (National INFOSEC Glossary,

October 1988).



Restricted Area.  Any area to which access is subject to

special restrictions or controls for reasons of security or

safeguarding of property or material (National INFOSEC

Glossary, October 1988).



Risk Analysis.  See risk assessment.



Risk Assessment.  The process of identifying security risks

based on an analysis of threats to and vulnerabilities of a

system, the determination of the magnitude of the risk, and

measures needed to safeguard against the risk (National

INFOSEC Glossary, October 1988).  NOTE:  Risk analysis is the

preferred term when referring to automated information

systems.  



Risk Evaluation.  Any document that contains an evaluation of

the vulnerabilities of an Installation to the compromise of

classified or sensitive Government information (National

INFOSEC Glossary, October 1988).  NOTE:  A risk evaluation may

be in-depth or limited in scope.  It will generally reflect

administrative, physical access, personnel, environmental,

technical, and electronic safeguards to prevent compromise.



Risk Management.  The element of managerial science concerned

with the identification, measurement, control, and

minimization of uncertain events.



Sanitize.  To remove or edit sensitive data so that the

remaining data are of lower sensitivity than the original

aggregate.



Scientific and Technical Intelligence (STI).  Intelligence

concerning foreign developments in basic and applied

scientific and technical research and development, including

engineering and production techniques, new technology, and

weapon systems and their capabilities and characteristics; it

also includes intelligence that requires scientific or

technical expertise on the part of the analyst, such as

medicine, physical health studies, and behavioral analyses

(Glossary of Intelligence Terms and Definitions, June 1989). 



Secure Communications.  Telecommunications that are

effectively secured against adversary exploitation by COMSEC.



Secure Working Area.  An accredited facility that is used for

handling, discussing, or processing sensitive information

(National INFOSEC Glossary, October 1988).



Securing.  The safeguarding with COMSEC devices, equipment, or

techniques of telecommunications systems that transmit

classified or sensitive but unclassified government

information (National INFOSEC Glossary, October 1988).



Security Countermeasures.  Countermeasures that are aimed at

specific threats and vulnerabilities (operational security

procedures, camouflage, concealment, and other denial

techniques) or involve more active techniques (counterimagery

programs, counter-SIGNIT operations; and telecommunications

and computer security) as well as activities traditionally

perceived as security.



Security Evaluation.  A product evaluation or a system

evaluation performed to assess the degree of trust that can be

placed in an automated information system for the secure

handling of sensitive information (National INFOSEC Glossary,

October 1988).



Security Incident.  An incident involving classified

information in which there is a deviation from the

requirements of the governing security regulations (National

INFOSEC Glossary, October 1988).  NOTE:  Compromise,

inadvertent disclosure, need-to-know violation, and

administrative deviation are examples of security incidents.  



Security Level.  The combination of a hierarchical

classification and a set of nonhierarchical categories that

represents the sensitivity of information (National INFOSEC

Glossary, October 1988).



Sensitive Business Data.  Data that require protection under

Title 18, USC 1905, and other business data that by their

nature require controlled distribution or access for reasons

other than classification such as personal data.  NOTE: 

Sensitive business data appear in the following categories:



1.   Financial.  Requiring protection to ensure the integrity

     of funds or other fiscal assets.



2.        Sensitive Management.  Requiring protection against

          the loss of property, material or supplies, or to

          defend against the disruption of operations or

          normal management practices.



3.        Proprietary.  Requiring protection for data or

          information in conformance with a limited rights

          agreement or that are the exclusive property of a

          civilian corporation or individual and that are on

          loan to the government for evaluation or for its

          proper use in educating contracts.  



4.        Privilege.  Requiring protection for conformance

          with business standards or as required by law, as

          with government information involving award of a

          contract (National INFOSEC Glossary, October 1988).



Sensitive Compartmented Information (SCI).  All information

that requires special information controls for restricted

handling within compartmented intelligence systems and for

which compartmentation is established (National INFOSEC

Glossary, October 1988).



Sensitive Compartmented Information Facility (SCIF).  An

accredited area, room, group of rooms, or Installation where

SCI may be stored, used, discussed, and/or processed (Glossary

of Intelligence Terms and Definitions, June 1989).



Sensitive Defense Information.  Classified or sensitive

information designated by the Secretary of Defense (National

INFOSEC Glossary, October 1988).  NOTE:  All items on the

Critical Military Technologies List fall into this category.



Sensitive Information.  Any information, the loss, misuse, or

unauthorized access to or modification of which could

adversely affect the national security interest or the conduct

of Federal programs, or the privacy to which individuals are

entitled under section 552a of Title 5, United States Code

(the Privacy Act), but which has not been specifically

authorized under criteria established by an Executive Order or

an Act of Congress to be kept secret in the interest of

national defense or foreign policy (National INFOSEC Glossary,

October 1988).



Sensitive/Unclassified.  Data requiring a degree of protection

due to the risk and magnitude of loss or harm that could

result from inadvertent or deliberate disclosure (DOE Sources,

December 1989).



Signal Intelligence (SIGINT).  Intelligence information

derived from signals intercept comprising, either individually

or in combination, all communications intelligence, electronic

intelligence, and foreign instrumentation signals

intelligence, however transmitted (Glossary of Intelligence

Terms and Definitions, June 1989).



Signals Security (SIGSEC).  A generic term encompassing COMSEC

and ELSEC (National INFOSEC Glossary, October 1988).



SIGSEC Signals Analysis.  Analysis of the external signal

parameters of U.S.  official electronic emissions (National

INFOSEC Glossary, October 1988).  NOTE:  This analysis

includes the identification of signals anomalies that might be

exploited by an adversary SIGINT effort.



Software Security.  General purpose (executive, utility, or

software development tools) and applications programs and

routines which protect data handled by an automated

information system (National INFOSEC Glossary, October 1988).



Surveillance.  The systematic observation or monitoring of

places, persons, or things by visual, aural, electronic,

photographic, or other means (Glossary of Intelligence Terms

and Definitions, June 1989).



Survey.  A comprehensive formal evaluation of a facility, area

or activity to determine its physical or technical strengths

or weaknesses and to propose recommendations for improvement.



Systems Security.  The measure of security provided by a

system as determined by evaluation of the totality of all

system elements and COMSEC measures that support

telecommunications and automated information systems

protection (National INFOSEC Glossary, October 1988).



Systems Security Evaluation.  Determination of the risk

associated with the use of a given system, considering the

vulnerabilities in the system and the threat against it

(National INFOSEC Glossary, October 1988).



TEAPOT.  An unclassified name referring to hostile induced,

enhanced, and/or facilitated compromising emanations (National

INFOSEC Glossary, October 1988).



Technical Security.  Those measures taken to detect and

prevent efforts to acquire classified or

sensitive/unclassified information by means of technical

surveillance.  Technical security includes technical

surveillance countermeasures and audio countermeasures, which

are measures to ensure that security areas are devoid of

technical surveillance devices, technical security hazards,

and related physical security weaknesses (DOE Sources, Dec.

1989).



Technical Surveillance Countermeasures (TSCM).  Techniques and

measures to detect and neutralize a wide variety of hostile

penetration technologies that are used to obtain unauthorized

access to classified and sensitive information.  Technical

penetrations include the use of optical, electro-optical,

electromagnetic, fluidics, and acoustic means, as the sensor

and transmission medium, or the use of various types of

stimulation of or modification to equipment or building

components for the direct or indirect transmission of

information meant to be protected (Glossary of Intelligence

Terms and Definitions, June 1989).



Telecommunications.  The preparation, transmission,

communication, or related processing of information (writing,

images, sounds or other data) by electromagnetic,

electromechanical, electro-optical, or electronic means

(National INFOSEC Glossary, October 1988).



Telecommunications and Automated Information Systems Security

(TAISS).  Protection afforded to telecommunications and

automated information systems to prevent exploitation through

intercept, unauthorized electronic access, or related

technical intelligence threats, and to ensure authenticity

(National INFOSEC Glossary, October 1988).  NOTE:  Such

protection results from the application of security measures

(including cryptosecurity, transmission security, emission

security, and computer security) to systems which generate,

store, process, transfer, or communicate information of use to

an adversary, and also includes the physical protection of

sensitive material and sensitive technical security

information.  



Telemetry Intelligence (TELINT).  Technical and intelligence

information derived from intercept, processing, and analysis

of foreign telemetry; a subcategory of foreign instrumentation

signals intelligence (Glossary of Intelligence Terms and

Definitions, June 1989).



Teleprocessing.  The overall function of an information

transmission system that combines telecommunications,

automated data processing, and man-machine interface equipment

and their interaction as a whole (National INFOSEC Glossary,

October 1988).



Teleprocessing Security.  The protection resulting from all

measures designed to prevent deliberate or inadvertent

unauthorized disclosure, acquisition, manipulation, or

modification of information in a teleprocessing system

(National INFOSEC Glossary, October 1988).



TEMPEST.  The investigation, study, and control of

compromising emanations from electrical and electronic

equipment (National INFOSEC Glossary, October 1988).  NOTE: 

Often used as a synonym for compromising emanations, as in

"TEMPEST test" or "TEMPEST inspection."  Also used as a verb

meaning "To insulate against compromising emanations."



Traffic Analysis.  The cryptologic discipline that develops

information from communications about the composition and

operation of communications structures and the organizations

they serve.  The process involves the study of traffic and

related materials, and the reconstruction of communication

plans, to produce  intelligence signals (Glossary of

Intelligence Terms and Definitions, June 1989).



Transmission Security (TRANSEC).  The component of COMSEC that

consists of all measures designed to protect radio

transmission from intercept and exploitation by means other

than cryptanalysis (National INFOSEC Glossary, October 1988).



Vulnerability Assessment.  An analysis of an organization or

activity to identify information sources potentially

exploitable by hostile services and to recommend actions to

negate or minimize vulnerabilities (DOE Sources, December 1989).



Wiretapping.  An act or technique of tapping telephone,

telegraph, or other communications wires for the purpose of

gathering information or evidence.



2.  COMMONLY USED ABBREVIATIONS AND ACRONYMS



ACINT          Acoustical Intelligence

ACOUSTINT           Acoustical Intelligence

ADP       Automated Data Processing



COMSEC         Communications Security

COMINT         Communications Intelligence

CSTVRP         Computer Security Technical

          Vulnerability Reporting Program



DF        Direction Finding



EEFI           Essential Elements of Friendly

          Information

ELECTRO-OPTINT           Electro-optical Intelligence

ELINT          Electronic Intelligence

ELSEC          Electronics Security

EMSEC          Emissions Security



FCI       Foreign Counterintelligence

FIS       Foreign Instrumentation Signals



FISINT         Foreign Instrumentation Signals

          Intelligence



FORMAT         Foreign Material



HUMINT         Human Intelligence



IDS       Intrusion Detection System

IMINT          Imagery Intelligence

II        Imagery Interpretation

INFOSEC        Information Systems Security



LASINT         Laser Intelligence

LPD       Low Probability of Detection



MASINT         Measurement and Signature

          Intelligence

MEDINT         Medical Intelligence

MIJI           Meaconing, Intrusion, Jamming, and

          Interference



NCAP           National Computer Security

          Assessment Program

NUCINT         Nuclear Intelligence



OPINTEL        Operational Intelligence

OPSEC          Operations Security



PHOTINT        Photographic Intelligence

PI   .    Photographic Interpretation



RADINT         Radar Intelligence

RINT           Radiation Intelligence



SCI       Sensitive Compartmented Information

SIGINT         Signals Intelligence

SIGSEC         Signals Security



TA        Traffic Analysis

TAISS          Telecommunications and Automated

          Information Systems Security

TELINT         Telemetry Intelligence

TEMPEST        Compromising Emanations

TRANSEC        Transmission Security



3.   ALTERNATE DEFINITIONS



Appreciations.  Assumptions, estimates, and facts about an

opponent's intentions and military capabilities used in

planning and decisionmaking.  



1.        Desired Appreciations.  Adversary estimates that

          result in adversary intentions and military

          capabilities to friendly advantage. 

     

2.        Essential Secrecy.  Specific unknowns or

          uncertainties that       prevent or hinder adversary

          derivation of accurate estimates or knowledge of

          facts, and effective planning and decisionmaking.  

     

3.        Harmful Appreciations.  Adversary assumptions or       

          estimates to provide for unknowns or uncertainties,

          or necessary and    sufficient known facts, that

          result in adversary intentions and military

          capabilities to friendly disadvantage (JCS PUB 18,

          Dec. 1982).



Communications Security (COMSEC).  The protection resulting

from the application of cryptosecurity, transmission security,

emissions security, and physical security measures to

electronically transmit information.  These measures are taken

to deny unauthorized persons information of value that might

be derived from the possession and study of such

telecommunications (DOE Sources, Dec.  1989).



Computer Security.  The computer-driven aspects of automated

data processing systems security, encompassing the mechanisms

and techniques that control access to or use of the computer,

or information contained in or handled by it (DOE Sources,

Dec. 1989).



Critical Information.  Specific facts about friendly

intentions, capabilities, and activities vitally needed by

adversaries for them to plan and act effectively so as to

guarantee failure or unacceptable consequences for friendly

mission accomplishment (JCS MOP 199, March 1989).



Human Intelligence (HUMINT).  Intelligence collection activity

conducted through the use of human resources (DOE Sources,

Dec. 1989).



Imagery Intelligence (IMINT).  Information derived from

interpretation of photography (DOE Sources, Dec. 1989).



Operations Security (OPSEC).  



1.   A countermeasures program designed to disrupt or defeat

     the ability of foreign intelligence or other adversaries

     to exploit sensitive DOE activities or information and to

     secure against the inadvertent release of such activities

     or information outside established control procedures

     (DOE Sources, Dec. 1989).  



2.   The protection of military operations and activities

     resulting from the identification and subsequent

     elimination or control of intelligence indicators

     (vulnerabilities) that are susceptible to hostile

     exploitation (U.S.  Army AR 530-1, May 1978).  



3.        The process of denying adversaries information about

          friendly capabilities and intentions by identifying,

          controlling, and protecting indicators associated

          with planning and conducting military operations and

          other activities (JCS PUB 18, Dec.  1982).



Operations Security Indicators.  Actions or information

classified or unclassified, obtainable by an adversary, that

would result in adversary appreciations, plans, and actions

harmful to achieving friendly intentions and preserving

friendly military capabilities (JCS PUB 18, Dec. 1982).



Operations Security Survey.  An investigation of the

intelligence indicators projected by an operation or activity

to determine what the enemy can perceive and what his

potential sources of information are (U.S.  Army AR 5301, May

1978).



TEMPEST.  An unclassified short name referring to

investigations and studies of "compromising emanations," e.g.,

TEMPEST Test or TEMPEST inspections (DOE Sources, Dec. 1989).



Working Group.  A formally designated body representing a

broad range of administrative and programmatic activities at

Headquarters, Field Elements, or contractor facilities that

provide review and support to senior management in furtherance

of their operations security program (DOE Sources, Dec. 1989).







APPENDIX V:   CRITERIA FOR APPLICATION OF SECURITY STANDARD





The ultimate decision resulting from the application of the

security standard set forth in this Appendix must be an

overall common sense determination based on all available

facts.  Facts that would make an employee ineligible for a

clearance include, but are not limited to, the following:



1.   Commission of any act of sabotage, espionage, treason,

     terrorism, anarchy, sedition, or attempts thereof or

     preparation therefor, or conspiring with or aiding or

     abetting another to commit or attempt to commit any such

     act.



2.   Establishing or continuing a sympathetic association with

     a saboteur, spy, traitor, seditionist, anarchist,

     terrorist, revolutionist, or with an espionage or other

     secret agent or similar representative or a foreign

     nation whose interests may be inimical to the interests

     of the United States, or with any person who advocates

     the use of force or violence to overthrow the Government

     of the United States or to alter the form of Government

     of the United States by unconstitutional means.



3.   Advocacy or use of force or violence to overthrow the

     Government of the United States or to alter the form of

     Government of the United States by unconstitutional

     means.



4.   Knowing membership with the specific intent of furthering

     the aims of, or adherence to and active participation in,

     any foreign or domestic organization, association,

     movement, group, or combination of persons hereafter

     referred to as organizations that unlawfully advocate or

     practice the commission of acts of force or violence to

     prevent others from exercising their rights under the

     Constitution or laws of the United States or of any

     State, or that seek to overthrow the Government of the

     United States or any State or subdivision thereof by

     unlawful means.



5.   Unauthorized disclosure to any person of classified

     information, or of other information, disclosure of which

     is prohibited by statute, Executive order, or regulation.



6.   Performing or attempting to perform one's duties,

     acceptance and active maintenance of dual citizenship, or

     other acts conducted in a manner that serve or that could

     be expected to serve the interests of another government

     in preference to the interests of the United States.



7.   Disregard of public law, statutes, Executive orders, or

     regulations, including violation of security regulations

     or practices.



8.   Criminal or dishonest conduct.



9.   Acts of omission or commission that indicate poor

     judgment, unreliability, or untrustworthiness.



10.  Any behavior or illness, including any mental condition,

     which, in the opinion of competent medical authority, may

     cause a defect in judgment or reliability with due regard

     to the transient or continuing effect of the illness and

     the medical findings in such case.



11.       Vulnerability to coercion, influence, or pressure

          that may cause conduct contrary to national

          interest, such as in the following circumstances:



     a.   The presence of immediate family members or other

          persons to whom the applicant is bonded by affection

          or obligation in a nation or areas under its

          domination whose interests may be inimical to those

          of the United States; or



     b.   Any other circumstances that could cause the

          applicant to be vulnerable.



12.  Excessive indebtedness, recurring financial difficulties,

     or unexplained affluence.



13.  Habitual or episodic use of intoxicants to excess.



14.  Illegal or improper use, possession, transfer, sale, or

     addiction to any controlled or psychoactive substance,

     narcotic, cannabis, or other dangerous drug.



15.  Any knowing and willful falsification, coverup,

     concealment, misrepresentation, or omission of a material

     fact from any written or oral statement, document, form,

     or other representation or device used by NASA or any

     other Federal agency, the Department of Defense (DoD), or

     any military department.



16.  Failing or refusing to answer or to authorize others to

     answer questions or provide information required by a

     congressional committee, court, or agency in the course

     of an official inquiry whenever such answers or

     information concern relevant and material matters

     pertinent to an evaluation of the individual's

     trustworthiness, reliability, and judgment.



17.  Acts of sexual misconduct or perversion indicative of

     moral turpitude, poor judgment, or lack of regard for the

     laws of society.







    APPENDIX W:  PROCEDURES FOR SUSPENSION, REVOCATION, AND    

                    DENIAL OF NASA PERSONNEL SECURITY

                 CLEARANCES



1.   PURPOSE



     The purpose of this Appendix is to establish procedures

     regarding the suspension and revocation of personnel

     security clearances held by employees, the denial of

     security clearances to current and prospective employees,

     and related actions.  These policies and procedures do

     not apply to administrative withdrawals of security

     clearances from employees otherwise eligible for a

     security clearance when withdrawal is based upon a

     determination that the employee no longer requires access

     to information or material classified under Executive

     Order 12356.



2.   POLICY



     a.   Personnel will be employed or retained in employment

          in a position that requires a personnel security

          clearance only when such is found to be clearly

          consistent with the interests of national security.



     b.   Each current or prospective employee whose duties

          require or will require access to classified

          information must qualify for the appropriate level

          of security clearance before he/she can perform

          those duties.



     c.   If an individual is selected for or assigned to a

          position involving access to classified information

          and does not possess the requisite security

          clearance, that individual must be assigned to

          nonsensitive duties only until he/she does obtain

          the clearance.



     d.   The decision to grant any current employee or

          selectee a security clearance constitutes a

          determination that, based upon all available

          information, the person's loyalty, reliability, and

          trustworthiness are such that entrusting the person

          with classified information or assigning the person

          to sensitive duties is clearly consistent with the

          interests of national security.



     e.   In determining whether an individual qualifies for a

          security clearance, the adjudicator shall consider,

          but not be limited to, the criteria set forth in

          Appendix U and the adjudication policy set forth in

          this Handbook.



     f.   It is also NASA policy that due process procedures

          are to be utilized to ensure that the constitutional

          rights of each individual are protected.  These

          procedures are set forth below.



     g.   Installation Personnnel Offices should be consulted

          to help determine appropriate courses of action.



3.   DENIAL OF APPLICATION FOR SECURITY CLEARANCE



     a.   If the evidence available to the designated Agency

          official indicates that the requested clearance

          should be denied, then the following procedures

          shall be applied as appropriate:



          (1)  The employee or selectee shall be provided a

               statement of the reasons for the denial of the

               clearance.  This statement shall be as complete

               as is consistent with interests of national

               security.



          (2)  The employee or selectee shall be afforded the

               right to request, orally or in writing, that the

               designated Agency official reconsider the denial

               of the clearance, and to submit matters in

               rebuttal.  Prior to rendering a decision on the

               request for reconsideration, the designated

               Agency official shall consult with the General

               Counsel or Chief Counsel, as appropriate.



          (3)  If the designated Agency official sustains the

               determination that the employee or selectee is

               not qualified for the security clearance, then

               the official may take one of the following

               actions, as appropriate.



               (a)  Revoke the offer of employment made to the

                    selectee;



               (b)  Reassign the employee or selectee to other

                    nonsensitive duties, if available, for

                    which the employee or selectee is

                    qualified; or



               (c)  Order the employee removed in accordance

                    with 5 U.S.C. 7513.



          (4)  If the designated Agency official determines

               that the employee or selectee is qualified for

               the security clearance, the clearance shall be

               granted, and the employee or selectee shall be

               permitted to perform the sensitive duties of the

               position for which he or she was selected.



4.        SUSPENSION/REVOCATION OF SECURITY CLEARANCE -

GENERAL



     a.   Information may become available that will indicate

          that an employee currently holding a security

          clearance may not be qualified to retain that

          clearance.



     b.   This information should be referred to the Security

          Office for further investigation and evaluation. 

          Based upon preliminary investigation and evaluation,

          the Installation Chief of Security (ICS) shall refer

          the case and make a recommendation, as follows:



          (1)  The ICS shall refer all cases evident of a

               threat to national security to the Chief, NASA

               Security Office. The Associate Administrator for

               Management Systems and Facilities, in

               consultation with the NASA Security Office and

               the Office of the General Counsel, shall

               determine if the case shall be referred to the

               Administrator for action in accordance with 5

               U.S.C. 7532.



          (2)  The ICS shall refer all other cases to the

               designated agency official for action in

               accordance with 5 U.S.C. 7513.



          (3)  The General Counsel shall be consulted with

               respect to all cases described in this

               paragraph.



     c.   In developing a recommendation to the appropriate

          Agency official, the Security Officer shall take

          into account all relevant factors, including but not

          limited to the following:



          (1)  The seriousness of the derogatory information

               developed;



          (2)  The possible access, authorized or unauthorized,

               of the employee to classified information or

               material; and



          (3)  The opportunity, by reason of the nature of the

               position, for the employee to commit acts

               adversely affecting national security.



4.5  ACTION IN ACCORDANCE WITH 5 U.S.C. 7513



     a.   Upon receipt of the allegations against the

          employee, the designated Agency official must decide

          whether to suspend the employee's security clearance

          pending completion of the investigation.



     b.   If the designated Agency official determines that

          suspension of the employee's security clearance is

          not necessary, a written determination to that

          effect must be placed in the employee's

          investigation file.  In that event, the employee may

          continue to perform the duties requiring the

          security clearance.



     c.   If the designated Agency official determines that

          suspension of the employee's security clearance is

          appropriate, then the following actions must be taken:



          (1)  Provide the employee with as complete a written

               statement of the reasons for such suspension as

               is consistent with the interests of national

               security, and the opportunity to respond orally

               or in writing to those reasons.



          (2)  Determine whether the employee may be assigned

               temporarily to a position not requiring a

               security clearance.  If this is not possible,

               the employee shall be permitted to take leave,

               be carried in an appropriate leave status

               (annual, sick, leave without pay, or absent

               without leave), or be suspended from duty with

               pay if the employee has absented himself or

               herself from the work site without requesting

               leave.



          (3)  Promptly notify the Associate Administrator for

               Management Systems and Facilities, NASA

               Headquarters, through the Chief, NASA Security

               Office, of the suspension and the reasons

               therefor.



          (4)  The designated Agency official may determine

               upon due consideration of all the evidence,

               including the matters submitted by the employee,

               that the security clearance should be restored. 

               In that case, the employee shall be restored to

               the duties requiring the clearance.



          (5)  In the event that the designated Agency official

               may determine that the employee's security

               clearance should be revoked, the official must

               take the following actions:



               (a)  Render in writing the decision to revoke,

                    which is final and not subject to further

                    administrative or judicial review;



               (b)  Determine whether the employee may be

                    reassigned to nonsensitive duties not

                    requiring a security clearance and for

                    which the employee is qualified; and



               (c)  If reassignment is not possible or not in

                    the best interests of national security,

                    the designated Agency official shall order

                    the employee removed in accordance with 5

                    U.S.C. 7513 and other implementing

                    regulations.



5.        ACTION IN ACCORDANCE WITH 5 U.S.C. 7532



     a.   General



          (1)  This provision gives the NASA Administrator the

               nondelegable authority to suspend summarily an

               employee's security clearance, and suspend the

               employee from duty without pay when the

               Administrator determines that the action is

               necessary in the interests of national security. 

               The Administrator is also authorized to remove

               that employee from Federal service if necessary

               or advisable in the interests of national

               security.



          (2)  In taking action under this provision, the

               Administrator should take into consideration

               those factors set forth in paragraph 4c.



     b.   Suspension of Security Clearance and from Duty

Status



          (1)  The Administrator shall provide the affected

               employee with as complete a statement of the

               reasons for such suspension as national security

               considerations permit.  Prior to presentation to

               the employee, this statement shall be

               coordinated with the Department of Justice.



          (2)  Within 30 days after the receipt of the

               notification, the suspended employee is entitled

               to submit to the Administrator statements or

               affidavits to show why the security clearance

               should be reinstated and the employee should be

               restored to duty.



          (3)  If the Administrator determines that the

               employee does not present a security risk, the

               Administrator may restore the employee's

               security clearance and duty status, and

               compensate the employee for the period of

               suspension, in accordance with 5 U.S.C. 5596.



          (4)  Should subsequent investigation and evaluation

               of the data thus obtained lead to the conclusion

               that the employee does present a security risk,

               the Administrator shall revoke the employee's

               security clearance.  The Administrator must then

               decide whether to reassign the employee to

               nonsensitive duties or to remove the employee.



     c.   Removal In Accordance With 5 U.S.C. 7532



          (1)  The Administrator is authorized to remove an

               employee suspended previously in accordance with

               paragraph 5b.  The Administrator's authority is

               nondelegable, and the decision is final and not

               subject to administrative or judicial review.



          (2)  After suspension and prior to removal, the

               Administrator shall provide the employee with

               the following:



               (a)  A written statement of the charges against

                    the employee within 30 days after

                    suspension, which may be amended within 30

                    days thereafter and shall be stated as

                    specifically as security considerations

                    permit.  This statement and any amendment

                    thereof shall be coordinated with the

                    Department of Justice prior to being

                    presented to the employee;



               (b)  An opportunity within 30 days thereafter,

                    plus an additional 30 days if the charges

                    are amended, to answer the charges and

                    submit affidavits;



               (c)  A hearing, at the request of the employee,

                    the procedure for which is set forth in

                    Attachment A of Appendix W;



               (d)  A review of the case by the Administrator

                    or designee, before a decision adverse to

                    the employee is made final; and



               (e)  A written statement of the Administrator's

                    decision.



          (3)  In the event the Administrator decides to

               restore the employee to duty, with or without

               restoration of his or her security clearance,

               the employee shall be compensated for the period

               of suspension, as provided in  5 U.S.C. 5596.







Attachment A



                     SECURITY HEARING BOARD







1.        COMPOSITION



     a.   NASA Security Hearing Board will be composed of no

          fewer than three civilian officers or employees of

          the Federal Government, selected by the Associate

          Administrator for Management  Systems and Facilities

          from rosters maintained for that purpose by the

          Office of Personnel Management (OPM), Washington,

          DC, and at OPM regional offices.



     b.   No  NASA officer or employee shall serve as a member

          of a Security Hearing Board hearing the case of an

          employee of NASA.



     c.   No person will serve as a member of a Security

          Hearing Board hearing the case of an employee with

          whom the person is acquainted.



     d.   Requirements are listed in NMI 1610.3c, Attachment

          B, Suspension, Revocation, and Denial of NASA

          Personnel Security Clearances.



2.        PROCEDURE



     a.   A person designated by the General Counsel shall be

          responsible for the presentation to the Security

          Hearing Board of evidence in support of the charges,

          provided, however, that no such evidence may be

          presented unless the Chief, NASA Security Office, or

          designee, in his or her discretion, determines that

          it will in no way be inconsistent with or in any way

          compromise the interests of the national security,

          that it will not tend to disclose investigative

          sources or methods, and that it will not tend to

          reveal the identity of confidential informants.



     b.   The following rights shall be accorded the employee

          in connection with his/her hearing before the Board:



          (1)  To participate in and be present throughout the

               entire hearing;



          (2)  To be represented by his or her counsel or other

               representative of the employee's choice;



          (3)  To cross-examine those witnesses testifying

               against the employee;



          (4)  To present the employee's case in such order or

               sequence as he or she chooses;



          (5)  To present such evidence as the Board deems

               relevant and material;



          (6)  To request and be granted reasonable

               continuances upon a showing of good cause; and



          (7)  To obtain, without cost, a copy of the verbatim

               transcript of the hearing.



     c.   Upon convening, the Board shall choose one of its

          members to act as chairperson for each particular

          case.  The chairperson shall announce rulings on the

          relevancy, materiality, and competency of the

          evidence offered, or such other rulings or decisions

          as are necessary.  If requested by the Board, there

          shall be present at the hearing a legal advisor,

          designated by the General Counsel, who will advise

          the Board on procedure and legal matters arising in

          connection with the hearing.



     d.   The hearing shall be closed to all, with the

          exception of the following:  the members of the

          Board; the Board's legal adviser, if any; the

          employee and his or her counsel or other

          representative, if any; the stenographer; the

          Government's representative; the Chief, NASA

          Security Office, or designee; and each witness, for

          the period of his or her testimony only.  Other

          persons whose presence appears to be necessary may

          be admitted at the discretion of the Board.



     e.   Testimony before the Board shall be under oath or

          affirmation. The employee, the Government's

          representative, and the Board may examine and cross-

          examine all witnesses.



     f.   The Board has no authority to subpoena witnesses. 

          NASA will cooperate to the maximum extent practical

          to make available as witnesses for either party its

          current employees.



     g.   Rules of evidence shall not be binding upon the

          Board, but reasonable restrictions shall be imposed

          as to the relevancy, materiality, and competency of

          the matters considered.



     h.   During the hearing or in its consideration of the

          case, the Board may determine that further

          investigation of the case is warranted.  The Board

          shall request the Chief, NASA Security Office, or

          designee, to cause such additional investigation to

          be conducted.  The Board's request should be as

          specific as possible concerning the scope of the

          additional information required.  The Board shall

          continue the hearing, pending completion of the

          supplemental investigation.



     i.   During the course of the hearing, the Board or the

          Agency may find that the allegations in the

          "Statement of Charges" are not sufficient to cover

          all matters into which inquiry should be made.  In

          such case, the Board or the Agency should amend the

          "Statement of Charges" as appropriate.  At that

          point the hearing shall be continued so that the

          employee may prepare to defend against the amended

          charges.



     j.   At the conclusion of the hearing, the Board shall

          render its decision, which is advisory only, and

          which shall be based upon the entire record.  This

          decision shall be by a majority vote, in writing,

          and signed by all concurring members.  Any member

          who dissents from the decision of the majority shall

          make a statement, in writing, of the reasons for his

          or her dissent and shall sign it.



     k.   The recommended decision of the Board, together with

          the dissenting opinion, if any, and the complete

          record in the case shall then be forwarded by the

          Chief, NASA Security Office, to the NASA

          Administrator for final decision.  The employee

          shall not be advised of the decision of the Board or

          of the dissenting opinion of any of its members.



     l.   The Administrator shall render a decision in

          writing, after reviewing the record and consulting

          with the General Counsel and any other appropriate

          staff officer.  This decision shall be in writing

          and shall be delivered promptly to the employee

          concerned.