NHB 1620.3C NASA Security Handbook
NASA NHB 1620.3C, (PART 5)
HANDBOOK Effective Date February 1, 1993
_________________________________________________________________
Responsible Office: JL
Subject: NASA Security Handbook (PART 5 of 5)
PREFACE
APPENDIX M: SECURITY LIGHTING
1. REQUIREMENTS
a. Security lighting needs at each NASA Installation or
facility depend on each situation and area to be
protected. Each situation requires careful study to
provide the best visibility practical for security
duties, such as identification of badges and people
at gates, inspection of vehicles, prevention of
illegal entry, detection of intruders outside and
inside of buildings and other structures, and
inspection of unusual or suspicious circumstances.
b. When such lighting is impractical, additional
security posts, patrols, sentry dog patrols, or
other security means may be necessary.
c. Lighting should not be used as a deterrent only. It
should be used on a perimeter fence line only where
the fence is under continuous or periodic
observation.
d. Lighting may be desirable for those sensitive areas
or structures within the perimeter (property lines)
that are under specific observation. Such areas or
structures include pier and dock areas, launch or
test pads, vital buildings, storage areas, and
vulnerable control points in communications, power,
and water distribution systems. In interior areas
where night operations are conducted, adequate
lighting of the area facilitates detection of
unauthorized persons approaching or attempting
malicious acts within the area.
2. CHARACTERISTICS
a. Lighting is inexpensive to maintain and, when used
properly, may reduce the need for security forces.
It may provide personal protection for security
forces by reducing the advantages of concealment and
surprise for a determined intruder. Security forces
thus relieved may be used to better advantage
elsewhere.
b. Security lighting usually requires less intensity
than work lighting, except for identification and
inspection at portals and in emergencies. Each
Installation or facility presents its particular
problem based on physical layout, terrain,
atmospheric and climatic conditions, and protective
requirements. Data are available from the
manufacturers of lighting equipment that will assist
in designing a lighting system. Included in these
data are:
(l) Descriptions, characteristics, and
specifications of various incandescent,
arc, and gaseous discharge lamps;
(2) Lighting patterns of various luminaries;
(3) Typical layouts showing the most efficient
height and spacing of equipment; and
(4) Minimum protective lighting intensities
required for various applications.
3. RESPONSIBILITY
a. Each NASA security manager must determine perimeter
lighting needs depending on the threat, perimeter
extremities, surveillance capabilities, and the
available security forces. Protective lighting must
be designed to effect the following:
(l) To discourage unauthorized entry;
(2) To detect intruders approaching or
attempting to gain entry into protected
areas;
(3) To operate continuously during periods of
reduced visibility; and
(4) To maintain and periodically test for use
during times of emergency, to include
standby lighting.
4. PLANNING CONSIDERATIONS
In planning a protective lighting system, the security
manager must give specific consideration to the following
areas:
a. Cleaning and replacement of lamps and luminaries,
particularly with respect to costs and means (such
as ladders and mechanical buckets), ensuring
required equipment is available.
b. Advisability of including mercury and photoelectric
controls.
c. The effects of local weather conditions on various
types of lamps and luminaries.
d. Fluctuating or erratic voltages in the primary power
source.
e. Requirement for grounding of fixtures and the use of
a common ground on an entire line to provide a
stable ground potential.
f. Establishment of a ledger to maintain a burning-time
(80 percent) record based on the life expectancy of
the lamp. The ledger should contain the following
as a minimum:
(l) Type and wattage of lamp;
(2) Area, facility, or utility pole used;
(3) Date of insertion; and
(4) Programmed date (based on life expectancy)
for extraction.
g. Security Areas
(1) All security areas should have protective
lighting on a permanent basis at perimeter
and access control points. The lighting
must be positioned to prevent the
following:
(a) Temporarily blinding the guards with
glare.
(b) Silhouetting or highlighting the
guards.
(2) Lighting in these areas must be under the
control of the security force.
(3) The perimeter band of lighting must provide
a minimum intensity of .2 foot candles,
measured horizontally 15.24cm/6 inches
above ground level, at least 9.144m/ 30
feet outside the security area barrier.
Lighting inside security areas should be of
sufficient intensity to enable detection of
persons in the area. Lighting at entrance
control points must be of sufficient
intensity to enable guards to compare and
identify bearers and badges.
(4) Protective lighting systems should be
operated continuously during hours of
darkness.
(5) Protective lights should be used so that
the failure of one or more lights will not
affect the operation of remaining lights.
5. PRINCIPLES OF PROTECTIVE LIGHTING
Protective lighting should enable security force
personnel to observe activities around or inside an area
without disclosing their presence. Adequate lighting for
all approaches to an area not only discourages attempted
unauthorized entry, but also can identify persons within
the area. However, lighting should not be used alone.
It should be used with other measures such as fixed
security posts or patrols, fences, and alarms. Other
principles of protective lighting are listed below:
a. Good protective lighting is achieved by adequate,
even light upon bordering areas, glaring lights in
the eyes of the intruder, and relatively little
light on security patrol routes. In addition to
seeing long distances, security forces must be able
to spot an intruder who may be exposed to view for
only a few seconds. All of these abilities are
improved by higher levels of brightness.
b. In planning protective lighting, higher brightness
to contrast between intruder and background is an
important consideration. When the same amount of
light falls on an object and its background, the
observer must depend on contrasts in the amount of
light reflected to discern an intruder's silhouette.
More light is needed to produce the same brightness
around Installations and buildings with
predominantly dark, dirty surfaces than when clean
concrete, light brick, or grass predominate.
c. When the intruder is darker than his background, the
observer sees primarily the outline or silhouette.
Intruders who depend on dark clothing and even
darkened face and hands may be foiled by using light
finishes on the lower parts of buildings and
structures. Stripes on walls have also been used
effectively because they provide recognizable breaks
in outlines or silhouettes.
d. Two basic systems or a combination of both may be
used to provide practical and effective lighting.
The first method is to light the boundaries and
approaches. The second is to light the area and
structures within the general boundaries of the
property.
6. TYPES OF LIGHTING
The type of lighting system to be used depends on the
overall security requirements of the area concerned.
Lighting units of four general types are used for
protective lighting systems: continuous, standby,
movable, and emergency.
a. Continuous lighting (stationary luminary) is the
most common protective lighting system. It consists
of a series of fixed luminaries arranged to flood a
given area continuously during the hours of darkness
with overlapping cones of light. Two primary
methods of employing continuous lighting are glare
projection and controlled lighting:
(1) The glare projection lighting method is
useful where the glare of lights directed
across surrounding territory will not be
annoying nor interfere with adjacent
operations. It is a strong deterrent to a
potential intruder because it makes it
difficult to see the inside of the area.
It also protects the guards by keeping them
in comparative darkness and enabling them
to observe intruders at considerable
distances beyond the perimeter. Glare
protection perimeter lighting may be
inappropriate in some instances.
(2) Controlled lighting is best when it's
necessary to limit the width of the lighted
strip outside the perimeter because of
adjoining property or nearby highways,
railroads, navigable waters, or airports.
In controlled lighting, the width of the
lighted strip can be controlled and
adjusted to fit the particular need, such
as illumination of a wide strip inside a
fence and a narrow strip outside; or
floodlighting a wall or roof. But this
method of lighting often illuminates or
silhouettes security personnel as they
patrol their routes.
b. Standby lighting. The layout of this system is
similar to continuous lighting. However, the
luminaries are not continuously lighted, but are
either automatically or manually turned on by the
security force or alarm systems when suspicious
activity is detected.
c. Movable lighting. This type of system consists of
manually operated, moveable searchlights that may be
either lighted during hours of darkness or lighted
only as needed. The system normally is used to
supplement continuous or standby lighting.
d. Emergency lighting. This system may duplicate any
or all of the above systems. Its use is limited to
times of power failure or other emergencies that
render the normal system inoperative. It depends on
alternative power sources, such as installed or
portable generators or batteries.
7. OTHER LIGHTING
a. Fenced Perimeters
(1) Isolated fenced perimeters are fence lines
around areas where the fence is 30.48m/100
feet or more from buildings or operating
areas, and the approach area is clear of
obstruction for 30.48 m/100 feet or more
outside the fence and is not used by other
personnel. Both glare protection and
controlled illumination are accepted for
these perimeters. Patrol roads and paths
should be kept unlighted.
(2) Semi-isolated fenced perimeters are fence
lines where approach areas are clear of
obstructio for18.288m/60 feet to 30.48m/100
feet outside the fence, and the general
public or Installation personnel seldom
have reason to be in the area. Patrol
roads and paths should be kept in relative
darkness.
(3) Nonisolated fence perimeters are fence
lines immediately adjacent to operating
areas within the Installation or other
Installations, or to public thoroughfares,
where outsiders or Installation personnel
may move about freely in the approach area.
The width of the lighted strip in this case
depends on the relative clear zone inside
and outside the fence. It may not be
practical to keep the patrol area dark.
b. Building face perimeters consist of faces of
buildings on or within 6.09m/20 feet of the property
line or area to be protected, and where the public
may approach the buildings. Security forces may be
stationed inside or outside the buildings. Doorways
or other insets in the buildings' face should
receive special attention for lighting to eliminate
shadows.
c. Active entrances for pedestrians and vehicles should
have two or more lighting units with adequate
illumination for recognition of persons and
examination of credentials. All vehicle entrances
should have two lighting units positioned to
facilitate complete inspection of passenger cars,
trucks, and freight cars, as well as their contents
and passengers. Semi-active and inactive entrances
should have the same degree of continuous lighting
as the remainder of the perimeter, with standby
lighting of sufficient illumination to be used when
the entrance becomes active. Gate houses at
entrances should have a low level of interior
illumination to enable guards to see better,
increase their night vision adaptability and avoid
making them targets.
(l) Open yards (defined as unoccupied land
only) and outdoor storage spaces should be
illuminated as follows:
(a) An open yard adjacent to a perimeter
should be illuminated in accordance
with the illumination requirements of
the perimeter. Where lighting is
deemed necessary in other open yards,
illumination should not be less than
.2 foot candles at any point.
(b) Lighting units should be placed in
outdoor storage spaces to provide an
adequate distribution of light in
aisles, passageways, and recesses to
eliminate shadowed areas where
unauthorized persons may conceal
themselves.
(2) Piers and docks located on an Installation
should be safeguarded by illuminating both
water approaches and the pier area. Decks
on open piers should be illuminated to at
least 1.0 foot candles and the water
approaches to at least .5 foot candles.
The area beneath the pier floor should be
lighted with small wattage floodlights
arranged to the best advantage with respect
to piling. Movable lighting capable of
being directed as required by the guards is
recommended as part of the protective
lighting system for piers and docks. The
lighting must not in any way violate marine
rules and regulations. The U.S. Coast
Guard should be consulted for approval of
proposed protective lighting adjacent to
navigable waters.
(3) Critical structures and areas should be the
first consideration in designing protective
fencing and lighting. Power, heat, water,
communications, explosive materials,
critical materials, delicate machinery,
areas where highly classified material is
stored or produced, and valuable finished
products need special attention. Critical
structures or areas classified as
vulnerable from a distance should be kept
dark, and those that can be damaged close
at hand should be well lighted. The
surroundings should be well lighted to
force an intruder to cross a lighted area,
and any walls should be lighted to a height
of 24.4384m/8 feet to facilitate silhouette
vision.
8. WIRING SYSTEMS
Both multiple and series circuits may be advantageous in
protective lighting systems, depending on the type of
luminary used and other design features of the system.
The circuit should be arranged so that failure of any one
lamp will not leave a large portion of the perimeter line
or a major segment of a critical or vulnerable position
in darkness. Connections should be such that normal
interruptions caused by overloads, industrial accidents,
and building or brush fires will not interrupt the
protective system. In addition, feeder lines should be
located underground to minimize the possibility of
sabotage or vandalism from outside the perimeter. The
design should provide for simplicity and economy in
system maintenance and should require a minimum of
shutdowns for routine repairs, cleaning, and lamp
replacement. It is necessary in some instances to
install a duplicate wiring system.
9. MAINTENANCE
a. Periodic inspections should be made of all
electrical circuits to replace or repair worn parts,
tighten connections, and check insulation.
Luminaries should be kept clean and properly aimed.
b. Replacement lamps can be used in less sensitive
locations. The actuating relays on emergency lines,
which remain open when the system is operating from
the primary source, need to be cleaned frequently
since dust and lint collect on their contact points
and can prevent their operation when closed.
c. The intensity of illumination and specification for
protective lighting for fences or other
antipersonnel barriers should meet the minimum
requirements.
10. POWER SOURCES
Power sources should meet the following criteria:
a. Primary - usually a local public utility.
b. Alternate - the following should be provided:
(l) Standby batteries or gasoline-driven
generators may be used.
(a) If cost-effective, a system should
start automatically upon failure of
outside power.
(b) Must ensure continuous lighting.
(c) May be inadequate for sustained
operations; therefore, additional
security precautions must be
considered.
(d) Tested to ensure efficiency and
effectiveness. The frequency and
duration of the test depend on the
following factors:
i. Mission and operational factors.
ii. Location, type, and condition of
equipment.
iii. Weather (temperature affects
batteries very strongly).
(2) Located within a security area for
additional security.
(3) Generator or battery-powered portable
and/or stationary lights.
(a) For use in a complete power failure.
(b) Includes alternate power supply.
(c) Available at designated control points
for security personnel.
c. Security is a must.
(l) Starts at the points where feeder lines
enter the Installation or activity.
(2) Security emphasis goes to sources in terms
of mission essential/vulnerable activity.
(3) Continual physical security inspections of
power sources are required to determine
security measures and replacement of
equipment.
APPENDIX N: ARREST AUTHORITY TRAINING CURRICULUM
SUBJECTS LECTURE EXAMPLE TOTAL
Legal Studies33 2 35
Constitutional Law
Criminal Law
Title 18 U.S. Code
Laws of Arrest & Detention
Crimes Against Property
Crimes Against Persons
Jurisdiction
Arrest Authority
Probable Cause
Search & Seizure 6 2 8
Levels of Force 3 3
Officer Ethics & Conduct 2 2
Mechanics of Arrest 6 8 14
Handcuffing Techniques
Officer Survival & Safety
Intermediate Force
Firearms Qualification 2 6 8
Psychology of Human Behavior 4 4
Preliminary Interviews 2 2
Terrorist Tactics 2 2
TOTALS 60 18 78
ADMINISTRATIVE 10
GRAND TOTAL 88
The selected training contractor will be given latitude in the
formulation of courses to afford the Agency maximum benefit
from the expertise and experience of the instructors. One
concept of what courses should include, but not be limited to,
is as follows:
1. LEGAL STUDIES
This block of subjects will define, describe, and discuss
various aspects of law as they directly apply to officers
working within the framework of the Arrest Authority (AA)
program. The contractor will use the NASA Handbook (NHB)
as a guide to an appropriate course of study. The course
will include two examinations on material presented.
2. SEARCH AND SEIZURE
This course will cover the concept, definition, and
application of legal search without a warrant conducted
incident to an arrest, and the proper control and
inventory of property confiscated during that arrest. It
will include a 2-hour practical exercise on the safe and
proper search of persons arrested.
3. LEVELS OF FORCE
This course will cover the different levels of force,
such as Ordinary, Reasonable, and Deadly Force, and their
application in compliance with NASA policies.
4. OFFICER ETHICS AND CONDUCT
This course will discuss the Law Enforcement Code of
Ethics, the Federal Employees Code of Ethics, and the
NASA Employees Code of Ethics and Conduct, as they apply
to persons with AA.
5. MECHANICS OF ARREST
This course includes lectures and demonstrations of
procedures and techniques necessary to effect a safe
arrest. It will cover subjects such as handcuffing,
take-downs, control holds, and officer safety. The 8-
hour practical exercise and evaluation included gives
students hands-on practice in these techniques.
6. FIREARMS QUALIFICATION
This course presents a 2-hour review of proper use of
firearms and requires students to demonstrate their
proficiency with handguns during a 6-hour practical
exercise on a live-fire range.
7. PSYCHOLOGY OF HUMAN BEHAVIOR
The course discusses different types of human behavior
and personalities, including their potential reactions to
stressful and traumatic conditions.
8. PRELIMINARY INTERVIEWS
The course will cover the importance of knowing when and
how and who is to conduct an interview incident to an
arrest and interviewing and report-writing techniques.
9. TERRORIST TACTICS
The course introduces the student to contemporary
domestic terrorism threats from right- or left-wing
groups or individuals and provides specifics of the
domestic threat.
10. PREREQUISITES
a. To preclude injury in strenuous portions of the
course, students must report in top physical
condition and maintain that level throughout the
class.
b. Students must be completely proficient with handguns
and have qualified in a federally accredited "live-
fire" range program within the past 6 months.
c. Students should be trained thoroughly in the job
specialty to which they will be assigned.
d. Because the course is short but intensive, full
student cooperation is essential. Only persons
willing and properly motivated to undergo this
training should attend. The Head Instructor will
immediately remove from the course any student
unwilling or unable to perform.
11. MISCELLANEOUS
a. Class hours will be 50 minutes in length and will
allow for breaks.
b. The normal workday will be 8:00 a.m. to 5:00 p.m.
Lunch breaks are 1 hour.
c. The first week of the course is a 6-day week with
classes conducted on Saturday.
d. Indoctrination and "in processing" will be held the
Sunday evening prior to the first Monday morning
class.
e. Graduation is the last hour of the final day of the
course.
f. Absences for reasons other than emergencies are not
authorized. Students missing classes because of
emergencies must make up the classes before
graduating.
g. Successful completion of this course is required to
receive AA. Students failing to complete the course
may attend a subsequent course at the discretion of
the funding Field activity and subject to
availability of space in the class. This course is
designed to be "core" training required for everyone
authorized with AA under the provisions of that
program. Additional training may be necessary to
meet unique requirements for duty at a particular
Field Installation. That training is termed
"Installation specific training" and is the
responsibility of the Field Installation.
APPENDIX O: HANDGUN QUALIFICATION COURSE
WEAPON Revolver or Semiautomatic pistol
TARGETS B-27 and B-34 silhouettes
TOTAL ROUNDS 60
SCORING 5 point system (maximum score 300)
QUALIFICATION 210 (70 percent)
Stage I. (3m/3-yard line) - 6 rounds total.
1. Draw and fire 2 rounds in 3 seconds (repeat
twice).
Stage II. (6m/7-yard line) - 6 rounds total.
1. Draw and fire 2 rounds center mass, 1 round head
in five seconds (repeat once).
Stage III (6m/7-yard line) - 6 rounds total.
1. With weapon in weak hand and in low ready
position fire 2 rounds center mass with 1 hand
in 4 seconds (repeat twice).
Stage IV (9m/10-yard line) - 12 rounds total.
1. Draw and fire 2 rounds in 4 seconds and come to
low ready position.
2. Fire 2 rounds from the low ready position in 3
seconds.
3. Draw and fire 2 rounds, reload and fire 2 rounds
and reholster (revolvers - 12 seconds,
semiautomatics - 10 seconds).
4. Draw and fire 2 rounds in 4 seconds and
come to the low ready position.
5. Fire 2 rounds in 3 seconds.
Stage V (14m/15-yard line) - 12 rounds total.
1. From standing to kneeling position, fire 2
rounds in 5 seconds.
2. Same as above.
3. Standing, fire 2 rounds, reload, move to
kneeling and fire 2 rounds and reholster
(revolvers - 14 seconds, semiautomatics - 12
seconds).
4. Standing, draw and fire 2 rounds in 5 seconds
and come to low ready position.
5. Fire2 rounds in 3 seconds.
Stage VI (23m/25-yard line) - 12 rounds total.
1. Standing, draw and fire 2 rounds from left side
of barricade in 5 seconds.
2. Standing, draw and fire 2 rounds from the right
side of barricade in 5 seconds.
3. Standing to kneeling, fire 2 rounds from the
left side of barricade, reload and fire 2 rounds
from right side of barricade (revolvers - 15
seconds, semiautomatics - 12 seconds).
4. Standing to prone, fire 2 rounds in 10 seconds.
5. Same as paragraph 2 above.
Stage VII (46m/50-yard line) - 6 rounds total
1. Standing, fire 2 rounds from barricade in 8
seconds.
2. Standing to kneeling, fire 2 rounds from
barricade in 10 seconds.
3. Standing to prone, fire 2 rounds in 12 seconds.
APPENDIX P: MISSING/STOLEN GOVERNMENT PROPERTY REPORT
1. GOVERNMENT CUSTODIAN
(a) Month/Year, e.g., 1/90.
(b) NASA #., e.g., 129888.
(c) Item, e.g., IBM Model 80 CPU.
(d) Value, e.g., $5,800.
(e) Source, e.g., Survey Rep. or telephone.
(f) Value Recovered, e.g., $5,800.
(g) Value Loss, e.g., $0.00.
(h) Investigative Time, e.g., 10 man-hours.
(i) Cumulative Value, e.g., 5,800.
(j) Cumulative Value Recovered, e.g., $5,800.
(k) Cumulative Value Loss, e.g., $0.00.
(l) Cumulative Investigative Time, e.g., 10 man-
hours.
2. BASE OPERATING CONTRACTOR CUSTODIAN
(a) Month/Year, e.g., 1/90.
(b) NASA #., e.g., 134111.
(c) Item, e.g., Portable Power Generator.
(d) Value, e.g., $9,000.
(e) Source, e.g., Telephone or Survey Rep.
(f) Value Recovered, e.g., $0.00.
(g) Value Loss, e.g., $9,000.
(h) Investigative Time, e.g., 3 man-hours.
(i) Cumulative Value, e.g., 9,000.
(j) Cumulative Value Recovered, e.g., $0.00
(k) Cumulative Value Loss, e.g., $9,000.
(l) Cumulative Investigative Time, e.g., 3 man-hours.
3. INSTALLATION MONTH'S CUMULATIVE TOTALS
(a) Cumulative Value, e.g., $14,800.
(b) Cumulative Value Recovered, e.g., $5,800.
(c) Cumulative Value Loss, e.g., $9,000.
(d) Cumulative Investigative Time, e.g., 13 man-
hours.
(e) Investigative Time, e.g., 13 man-hours.
APPENDIX Q: NASA SERIOUS INCIDENT REPORT FORMAT
TO: J/Associate Administrator for Management Systems and
Facilities
J/Deputy Associate Administrator for Management Systems
and Facilities
JI/Director, Logistics, and Security Division
JIS/Chief, NASA Security Office
FROM: Installation Security Chief
SUBJECT: NASA Threat and/or Incident Report
1. Recipient evaluation of threat/incident criticality
(SIGNIFICANT - IMPORTANT - ROUTINE).
2. Date/Time report was received by NASA:
3. Report received from: (Name-agency-location-telephone).
4. Date/Time/Location of Incident:
5. NASA Installations involved/impacted:
6. Summary of Threat/Incident: (Who-What-When-Where-Why-
How).
7. Responses to Threat/Incident:
a. Actions Completed: (Including notifications made)
b. Action in Progress (Including notifications)
c. Actions Pending/Anticipated: (Including
notifications)
8. Employment of Resources:
a. NASA (Security Office-IG-AIS Managers-Others)
b. Local, State, Federal Agencies
c. Note which agency has assumed
control/responsibility.
9. Coordination with NASA Public Affairs Office:
(Anticipated Media response/ interest).
10. Actions for NASA Senior Management:
11. Security comments/evaluation of report/recommendations.
PRIMARY POINT OF CONTACT:
APPENDIX R: DATA ITEM DESCRIPTIONS (DID)
DATA ITEM DESCRIPTION - 1
TITLE:
SYSTEM ACQUISITION PROTECTION MANAGEMENT PLAN (SAPMP)
DESCRIPTION/PURPOSE:
Outlines and defines the contractor's System Acquisition
Protection Management Program (SAPMP). The SAPMP describes
the methods used to (l) identify security requirements, (2)
synthesize and evaluate proposed solutions, and (3) provide
security inputs to the system acquisition process. Specific
paragraphs from the preparation instructions below may be
cited to satisfy limited program requirements.
APPLICATION/INTERRELATIONSHIP:
Security Vulnerability Analysis is used with this Data Item
Description (DID) when paragraphs 6b through 6g are cited.
PREPARATION INSTRUCTIONS:
The SAPMP shall include the following:
1. Applicable Documents. A list of documents that apply as
a directive or guidance during execution of the SAPMP.
These documents include pertinent legal, regulatory, and
other published or draft security contract requirements
applicable to the system under development. System
acquisition protection requirements and objectives are
drawn from these documents.
2. Purpose. Self explanatory. Explain principles and
approaches applied to the system acquisition protection
program that are departures from these requirements.
3. Organization. Describe the organizational placement and
manning of the contractor's security and acquisition
protection management organization. Use charts or
diagrams to show organizational and functional
relationships.
4. SAPMP. Describe the activities planned to satisfy
system acquisition protection program objectives. Use
charts and/or diagrams to illustrate the program's
functional interfaces, engineering and design
requirements, activity milestones, management process,
and levels of effort for each program phase.
5. Program Data Flow. Illustrate the manner in which basic
program data flows. Ensure the system acquisition
protection organization maintains continuous review of
all program efforts and makes inputs to decisionmaking
processes.
6. System Acquisition Protection Functions. Describe the
principal functions and specific tasks to be performed
and their assignment within the system security and
acquisition protection organization. Integrate all
security disciplines tasked in the Statement of Work. The
following security disciplines should be included as a
minimum:
a. Establishing the Security Requirements and
Objectives Baseline. Describe how security
regulations and other program guidance will be
identified, evaluated, and synthesized into a set of
system acquisition protection requirements and
objectives. Illustrate how these requirements and
objectives will be used to measure the effectiveness
of security system arrangements and how required
policy revisions to NASA security programs will be
processed. Include applicable information,
personnel, industrial, operations, product,
communications, and physical security,
survivability, anti-terrorism, and
counterintelligence aspects.
b. Threat Analysis. Describe how the threat analysis
will be evaluated and integrated, along with
adversary program objectives.
c. Conducting the Adversary Program Analysis and
Constructing the Preliminary Threat Logic Tree.
Describe the technical and analytical methods used
to identify criteria for success in adversary
program objectives and to synthesize threat models.
Scope system security technology research tasks and
explain how this research will be documented.
d. Applying Threat Rejection Logic and Documenting the
Initial Threat Logic Tree. Describe how
quantitative and qualitative values will be
established for threats and countermeasures and the
method used to document threat rejection logic.
e. Synthesizing Countermeasures. Describe the process
by which countermeasures will be synthesized.
Explain how this activity and the security system
synthesis and evaluation task will be coordinated.
f. Adversary Vulnerability Measurement. Describe
fully the method used to identify and conduct
quantitative and qualitative analysis of risks
associated with each adversary program objective.
Include the application of candidate countermeasures
and the manner in which preferred countermeasures
will be selected and documented.
g. Computing and Constructing the Summary Threat
Matrix. Describe how the completed Threat Logic Tree
will be analyzed and system security effectiveness
computed. Include the method used to document the
Summary Threat Matrix.
h. Integrating Security Functions with the System
Engineering Process. Describe the process by which
security inputs will be applied to system functional
design, requirements allocation, trade-off study,
and design specification process.
i. Security System Synthesis and Evaluation. Describe
the method by which security system hardware,
facilities, procedures, and personnel subsystems
will be synthesized and evaluated. Specify the
scope and type of research to be conducted of
existing material. Include techniques to evaluate
their applicability to security requirements.
j. Test and Evaluation. Describe the process used to
identify security test requirements and proposed
test methods.
k. Configuration Control. Describe the manner in
which system security engineering efforts will be
integrated with system configuration control
activities. Explain how proposed changes to the
system will affect security efforts.
1. With Other Contractors. Outline the methods by
which system acquisition protection efforts of
associate system contractors, subcontractors, and
vendors will be integrated within the SAPMP.
m. System Installation and Check-out. Describe how
SAP, Industrial, and Product Security efforts will
be coordinated to ensure no security vulnerability
is created during system installation and check-out.
n. Product Security. Describe how major system
components/ products will be secured at the
contractor's assembly plants. Explain the security
manpower, facilities, equipment and procedures to be
used. Include product security interface with
associate contractors, subcontractors, and vendors.
7. Other. Present any other information and
recommendations determined necessary to satisfy the
requirements of the Statement of Work.
DATA ITEM DESCRIPTION - 2
TITLE:
PRELIMINARY SYSTEM ACQUISITION PROTECTION CONCEPT (PSAPC)
DESCRIPTION/PURPOSE:
This Data Item Description (DID) is used by the contractor to
prepare the Preliminary System Acquisition Protection Concept
(PSAPC).
APPLICATION/INTERRELATIONSHIP:
Security Vulnerability Analysis is used with this DID when
paragraphs 5f through 5j are cited.
PREPARATION INSTRUCTIONS:
The PSAPC shall include the following information:
1. Program Data
a. Title. Include the complete PSAPC title.
b. Submitting Installation. List the name and address
of the NASA Center submitting the report and the
name and telephone number of a project officer or
point of contact.
c. Contract Citation. Identify the contract number and
date as listed by NASA.
d. Security Tasks. Briefly describe major security
tasks cited in the Statement of Work and related
contract documents.
e. Distribution. List the names and addresses of
government organizations and contractors receiving
copies of this concept. If necessary, list them in
an appendix and make reference to it here.
2. System Concept
a. Description. Briefly describe the system and its
major components. Cite separate configurations for
initial operational capability (IOC) and full
operational capability (FOC), if different.
b. Performance Requirements. Cite the major
performance and deployment criteria listed in the
applicable Statements of Work and other related
contract documents that affect security.
c. Reliability and Maintainability. Identify security
issues affecting system reliability, logistics
reliability, availability, and maintainability.
d. System Survivability. Show self-protection
capabilities or subsystem designs that may enhance
security (e.g., devices against tampering and
spoofing, chemical or biological radiation hardness,
nuclear hardness, nuclear and non-nuclear
electromagnetic pulse hardness, and use of passive
detection technology).
e. Preplanned Product Improvements. Describe
provisions or security implications for subsystem
growth or improvements such as modifications and
upgrades.
3. Security Subsystem Employment Data
a. General Employment Description. Describe how,
where, when, and what security subsystems will be
used and how they will be integrated with the
system(s) they support.
b. Management Structure. Describe the management data
that must be exchanged. Explain how security
subsystems will be integrated into the management
structure projected to exist when it is deployed.
c. Information Systems. Identify other information
that must be exchanged between this subsystem and
other systems, subsystems or components. Cite the
expected length of each communication link,
anticipated flow rate across each link, required
availability of each link, and so forth.
d. Security Subsystem Standardization,
Interoperability, and Commonality. Describe
requirements for joint interface and
interoperability with existing systems and
subsystems. Identify procedural and technical
interface standards incorporated in subsystem
design.
e. Operational Environment. Describe climatic and
atmospheric environmental effects and
considerations. If applicable, define the chemical
and biological environment in which equipment must
function.
4. Security Subsystem Support
a. Maintenance Planning. Outline the actions, support,
and documentation necessary to establish maintenance
concepts and requirements. Include maintenance
tasks to be accomplished for on-and-off-equipment
maintenance; and NASA and contractor mix, workloads,
and time phasing for depot maintenance. Explain the
management strategies for selecting and integrating
contractor and government furnished equipment.
b. Manpower and Personnel. Outline the projected
manpower requirements envisioned to support this
subsystem(s). Include such items as civil service
job-series codes and skill levels required and time-
phased reporting.
c. Supply Support. Show the proposed approach for
providing initial support and acquiring,
distributing, and replenishing inventory spares and
repair parts.
d. Support Equipment. Identify equipment required to
support this subsystem(s). Include ground handling
and maintenance equipment, tools, metrology and
calibration equipment, and related computer hardware
and software.
e. Training and Training Devices. Describe the
training support concept from security subsystem
design through deployment. Identify the office
responsible for developing and conducting each phase
of training. Show inventory items and training
devices by projected type, number, use, and
locations required. Outline initial and recurring
training requirements by location, type, specialty,
and fiscal year.
f. Computer Resources Support. Define special computer
program documentation, related software, source
data, facilities, hardware, etc., required for
subsystem support.
g. Facilities. Specify facility, shelter, and housing
external to system-designed survivability features.
h. Packaging, Handling, Storage, and Transportation.
Describe the requirements, resources, processes,
procedures, design considerations, and methods to
ensure security subsystems are properly preserved,
packaged, handled, and transported.
i. Related Support Factors. Describe those pertinent
support factors, considerations, or requirements not
covered elsewhere, but deemed important to the
effectiveness of the security system.
5. General Provisions for System Security. Address the
following security issues relative to overall system
deployment and operation:
a. Threat Assessment. Address security threats to the
system for design, development, and production at
IOC and throughout its projected life. Include
foreign government capabilities, peace and wartime
threats, and system-unique vulnerabilities. Make
reference to government threat documents. In
addition, cite requirements for threat analysis and
security vulnerability assessments.
b. Security Force and Procedural Requirements. These
apply to operations in support of the physical
security program.
c. Security Personnel, Facility, and Equipment
Requirements. Expressed in the quantities, type,
and configuration necessary to support the system
when deployed.
d. Emergency Security Response Planning. Reflects the
general design of the security force posture
calculated to produce the greatest invulnerability
to terrorism, sabotage, overt, and covert
penetration. It is supported by the threat and
vulnerability assessments cited in 5a, above. In
addition, briefly describe how a security reporting
and alerting system will be implemented.
e. Security Priorities for all Applicable Systems and
Components. Include security priorities for all
operational phases, including maintenance. Explain
how waivers, exceptions, and variances to security
criteria will be identified, submitted, approved,
and corrected.
f. Security Requirements from Related Security
Disciplines. Include applicable information,
personnel, product, industrial, operations,
communications and electronic security and
survivability, anti-terrorism and
counterintelligence aspects.
g. Facility and Equipment Requirements. The following
items are incorporated into the system to support
system security:
(l) The security control facility, surveillance
and control facility, security force
response facility, and entry control
facilities.
(2) Barrier systems and warning signs.
(3) Alarm annunciation and display equipment.
(4) Security force armament and duty equipment.
(5) Security force communications. Include
fixed, portable and landline requirements.
(6) Interior and exterior intrusion detection
systems.
h. Personnel Standard. Identifies security force
requirements for normal operations.
i. Security Force Logistics and Material Requirement.
Includes vehicles and associated equipment, special
purpose equipment, training aids, tool kits,
nonstandard armament, and so forth.
j. System Entry Control Requirements for All Restricted
Areas. Includes:
(l) General criteria and unique requirements
for entry control.
(2) Qualification requirements for the various
categories of people who must enter.
(3) Personnel clearance and investigative
requirements.
(4) Special training or briefing and debriefing
requirements.
(5) Authentication and duress code techniques
and procedures.
(6) Dispatch Control Procedures. Unattended or
minimally staffed locations.
(7) Description. Badge system, emergency
procedures, and personnel escort
requirements.
DATA ITEM DESCRIPTION - 3
TITLE:
SECURITY VULNERABILITY ANALYSIS
DESCRIPTION/PURPOSE:
Provides the result of contractor's actions in quantitatively
and qualitatively defined system security functional
requirements and residual security vulnerabilities. It will
be classified no lower than Secret NOFORN or Secret Restricted
Data, as applicable.
APPLICATION/INTERRELATIONSHIP:
This Data Item Description (DID) contributes to the
survivability/ vulnerability analyses. It contains the
content preparation instructions for data generated under NASA
Management Instruction .
PREPARATION INSTRUCTIONS:
1. The contractor will prepare a report summarizing the
security vulnerability analysis, including the threat
analysis, adversary program analysis, and the adversary
vulnerability measurement process. The report will
include, as a minimum:
a. A preface with narrative description of the system.
Information concerning each form of external overt
or covert method of penetration against the system
considered during system development.
b. Threat models in Threat Logic Tree format showing
their transition from preliminary to initial Threat
Logic Trees and thereafter into Summary Threat
matrix form.
c. Rationale used for threat rejection in developing
the initial Threat Logic Tree.
d. An evaluation of the conditional probabilities for
achieving each adversary program objective.
e. An assessment of security vulnerabilities related to
information, personnel, industrialization,
operations, communications, physical, computer and
product security, and TEMPEST.
DATA ITEM DESCRIPTION - 4
TITLE:
ADVERSARY PROGRAM ANALYSIS
DESCRIPTION/PURPOSE:
This Data Item Description (DID) is used by the contractor to
quantitatively describe how potential adversaries may attack
the system.
APPLICATION/INTERRELATIONSHIP:
This DID contains the content preparation instructions for
that data generated under the task described by 4c(2)(a) of
Attachment 1, NASA Management Instruction 2410.7.
PREPARATION INSTRUCTIONS:
1. The adversary program analysis will include:
a. Development of adversary program scenarios.
Information resulting from the threat analysis
(conceptual phase) will be used as the basis for the
scenarios. For each program objective, the
contractor should describe a set of approaches (a
scenario) that potential adversaries could use to
accomplish that objective.
b. Adversary success criteria should be estimated. The
estimates will be prerequisites for system
vulnerabilities.
c. Adversary models shall be synthesized and used as a
basis for evaluating security technologies and
accomplishing trade-off analysis.
DATA ITEM DESCRIPTION - 5
TITLE:
SYSTEM/SUBSYSTEM SPECIFICATION
DESCRIPTION/PURPOSE:
The System/Subsystem Specification (SS) is a technical
document prepared for systems personnel that provides
environment and design elements to provide guidance to the
program design effort.
APPLICATION/INTERRELATIONSHIP:
An SS may be prepared to guide the development of large
projects. If the system breaks down readily into subsystems,
this document may be used to prepare individual subsystem
specifications.
PREPARATION INSTRUCTIONS:
The System/Subsystem Specification shall meet the content and
format requirements of NASA Management Instruction 2410.7 and
NASA Handbook 2410.1.
DATA ITEM DESCRIPTION - 6
TITLE:
SYSTEM ACQUISITION PROTECTION STANDARD
DESCRIPTION/PURPOSE:
This Data Item Description (DID) is used to implement NASA
systems acquisition protection program operations and
procedures and as the basis for NASA security workforce,
facility, and equipment authorizations.
APPLICATION/INTERRELATIONSHIP:
In this section, explain that the proposed system acquisition
protection standard is submitted through the program office
(or designated manager) for transmittal to NASA HQ/JIS.
Explain further that the program office requires the proposed
standard no later than 12 months before the system initial
operating capability (IOC).
PREPARATION INSTRUCTIONS:
This section directs the contractor to prepare and document a
proposed system acquisition protection standard. Explain that
this standard must reflect the results of analyses and
decisions made during the execution of the SAP portion of the
Statement of Work (SOW). Explain further that its contents
must be organized and captioned according to the following
format:
1. Cover Page. On this page, give the title of the system,
state the purpose of the standard, and list the contents
of the standard, the office of primary responsibility
(OPR), and the distribution of the standard.
2. Chapter l-Security Priorities and Concepts. This
Chapter briefly describes the system and its planned
operational environment. It specifically identifies
system characteristics that generated special safety
requirements for the protection of operating,
maintenance, and security personnel. It also includes a
classification statement if necessary.
3. Chapter 2-General Provisions for Standards. This Chapter
covers the following Provisions for Standards:
a. Security requirements that apply to normal day-to-
day aerospace security support.
b. Resource applicability, which gives the basis for
funding, equipment, staffing, and personnel actions.
c. Security posture design, which reflects the general
design of the force posture calculated to produce
the greatest invulnerability to overt or covert
attack. It is supported and based on the
vulnerability analysis.
d. Priority resources.
e. Personnel security.
f. Physical security and facility requirements, which
detail the physical security facilities that are
incorporated into the system. For example, this
section describes:
(l) The central security control building.
(2) Personnel and vehicle entry control
facilities.
(3) Barrier systems.
(4) Restricted area signs.
(5) Alarm annunciation and data display
equipment.
(6) Ordnance for aerospace security forces.
(7) Security communications.
(8) Intrusion detection systems.
g. Standards for security of priority resources, which
contain facility, personnel, equipment, and
procedural standards that apply to management
systems designated as priority resources.
h. Manpower standard, which identifies and justifies
security personnel requirements based on optimum
environmental and normal system operating
conditions. The operating activity identifies local
variations in site layout and in climatic
conditions, which need not be treated in this
section.
i. Security logistics support, which justifies
logistical and material support. Subparagraphs to
this section identify requirements for:
(l) Vehicles (type, number, and use).
(2) Communications (radio [fixed, portable, remote,
or vehicular], telephone, landline, etc.).
(3) Specialized equipment (tool kits, training aids,
etc.).
j. Security entry control procedures, which describe
how to enter restricted areas that contain critical
system components and facilities. These procedures
include ways to physically control entry into
critical facilities at remote or unattended sites,
and ways to control the information individuals need
to gain entry. Personnel who have a need to enter
must positively identify themselves, by means of
secure communications, to the agency that is
monitoring security of the facility. If they
properly identify themselves, then the monitoring
agency will operate the entry system by remote
control or will give entering personnel the
information they need to operate mechanical entry
control systems at the site. However, if personnel
do not properly identify themselves, then the
security reaction system will respond, which may
mean that selective or controlled penalty techniques
are imposed.
These procedures may also rely on built-in
deterrence capabilities of the facility. Security
entry control procedures also include:
(l) General criteria and unique requirements for
entry control.
(2) Qualification standards for the various
categories of personnel who need to enter or to
have access.
(3) Personnel clearance and investigative
requirements for such personnel.
(4) Special training or briefing and debriefing
requirements. Personnel deployed in support
of the system are trained to recognize,
report, and respond properly to alarms.
Training programs for all categories of
personnel within the personnel subsystem
include security procedures based on the
premise that an attack can take place at
any time.
(5) Code and duress code techniques and
procedures.
(6) Dispatch control procedures (apply to only
unattended sites) that make sure that both
the right and the need for persons to enter
and to have access have been officially
established and that personnel who are
dispatched possess the material or
knowledge needed to gain entry or access at
their destination.
(7) Emergency procedures.
(8) Badge systems in effect.
(9) Personnel escort requirements.
k. Security force reaction procedures, which tell how
the security force or the expanded force will react
under normal or emergency conditions to security
alarms or other situations that need a response.
The measure of effectiveness of any response is
whether or not the threat is eliminated, and the
secure environment is preserved or restored. To
achieve this goal, these procedures tell how to
respond to violations of system parts that are
vulnerable to attack. Before developing these
procedures, determine the following conditions:
(l) The inherent vulnerabilities of the system.
(2) The probable nature and effect of attacks on the
system.
(3) Who will decide when to initiate a response,
notify the control agency, and monitor the
situation.
(4) Whether or not the responding elements are
thoroughly familiar with the extent of their
authority to use force, to challenge, and to
take into custody persons who violate the
security of the system.
(5) How civil law enforcement and investigative
agencies can help. Is the relationship between
responding elements and the local population
clearly set?
(6) If armed mobile response forces are needed.
(7) Where the resources available for immediate
response are currently located and what
communications they have for getting response
directions.
(8) Whether or not a central agency must be set up
to control and direct security response
procedures.
(9) If the control agency will have detailed alarm
information in time to respond effectively.
(10) If the response force can use all vehicles
(on land, at sea, or in the air).
l. The security reporting and alerting system, which
details an effective high-speed security reporting
and alerting communications network that permits a
substantial counteraction against widespread
coordinated enemy clandestine operations. This
system is associated with priority resources. This
section should specify how each level of management
will collect, transmit, display, store, and evaluate
information.
m. The waivers, exceptions, and variances, which detail
an effective system for identifying, submitting and
approving, or correcting deficiencies that could not
be corrected during the full-scale engineering
development phase.
n. Planning, which covers details for day-to-day
operations in support of the system. This section
provides general guidelines for the system security
plan, center security regulations, and combined
operating instructions. The centers security plan
serves as a basis for developing effective NASA
system security operations at centers and sites
where such resources to be protected are located.
It defines basic objectives and depicts the general
design of the operations.
o. Inspections, which detail security evaluation
criteria and procedures and set up minimum
acceptable time and performance criteria for
security exercises and tests. These inspections are
used to evaluate the effectiveness of each
activity's security program.
4. Chapter 3-Security Response Actions. This chapter
covers the means by which the security force adjusts to a
situation or event that necessitates enhancement of or a
dramatic change to the normal security posture. These
situations or events may be actual or anticipated hostile
ground actions, air attack, natural disaster, civil
disturbances, political tensions, or terrorists' attacks.
This Chapter includes formal planning criteria and
minimum security requirements, which may consist of
additional security facilities, equipment, and personnel.
5. Chapter 4-Other Essential or Unique Security Elements.
This Chapter covers all essential system-unique
requirements not covered elsewhere. It identifies
program-essential unique facilities and equipment and
support requirements and established security
requirements for these resources.
APPENDIX S: DATA ITEM DESCRIPTION (DID) FORMAT
DATA ITEM DESCRIPTION
1. Title
2. Identification No.
3. Approval Date
4. Office of Primary Responsibility (OPR)/(MMDDYY)
Action Officer/Phone Number
5. Concurrences (Office Codes)
6. Approval Limitation
7. Preparation Instructions
8. Distribution/Distribution Statement
APPENDIX T: OPSEC PLANNING GUIDE
1. BACKGROUND
a. The President signed the National Security Decision
Directive (NSDD) establishing the National
Operations Security (OPSEC) Program on January 22,
1988. The NSDD requires each executive department
and agency assigned or supporting national security
missions with classified or sensitive activities to
establish a formal Operations Security (OPSEC)
program.
b. The responsibility for the development,
implementation, and maintenance of the OPSEC program
rests with the head of each executive department or
agency. The NSDD requires heads of executive
departments and agencies to assume the following
responsibilities:
(1) Establish organizational OPSEC programs;
(2) Issue, as appropriate, OPSEC policies,
procedures, and planning guidance;
(3) Designate departmental and agency planners
for OPSEC; and
(4) Advise the National Security Council (NSC)
on OPSEC measures required of other
executive departments and agencies to
achieve and maintain effective operations
or activities.
c. Each OPSEC program is to have the following common
features:
(1) Specific assignment and responsibility for
OPSEC direction and implementation.
(2) Specific requirements to plan for and
implement OPSEC in anticipation of and,
where appropriate, during departmental or
agency activity.
(3) Direction to use OPSEC analytic techniques
to assist in identifying vulnerabilities
and to select appropriate OPSEC measures.
(4) Enactment of measures to ensure that all
personnel, commensurate with their
positions and security clearances, are
aware of hostile intelligence threats and
understand the OPSEC process.
(5) An annual review and evaluation of OPSEC
procedures in order to assist in the
improvement of OPSEC programs.
(6) Provision for interagency support and
cooperation with respect to OPSEC programs.
Note: The NSDD also directs the establishment
of the Interagency OPSEC Support Staff (IOSS) to
act as a consultant to executive departments and
agencies in establishing OPSEC programs, and
OPSEC surveys, and analyses.
2. NATIONAL OPSEC PROGRAM OBJECTIVES
a. Implement an OPSEC program within the department or
agency in satisfying NSDD requirements and instruct
subordinate organizations on their responsibilities
within the departmental or agency program.
b. Create a departmental or agency program with
sufficient flexibility to allow each subordinate
organization to establish a program suitable to its
structure and mission.
c. Provide awareness and training programs to ensure
all personnel, commensurate with their position and
security clearances, are aware of the adversaries'
capabilities and understand the OPSEC process.
Ensure that heads of subordinate organizations
implement awareness and training that is relevant to
their assigned missions and, where possible, use
case studies or lessons-learned as key instructional
tools.
d. Ensure that OPSEC is addressed from initiation
through all planning, programming, and budgeting
actions.
e. Designate an OPSEC Program Manager for the
department or agency and ensure that each
subordinate organization designates an individual as
the OPSEC Coordinator and establishes sufficient
work groups to maintain the program.
f. Identify those areas, activities, functions, data,
or information about an activity or facility of the
department or agency deemed most important to keep
from an adversary, i.e., core secrets, critical
information, sensitive operations.
g. Identify adversaries who could use the critical
information for their benefit or to the detriment of
the departmental or agency mission.
h. Identify key questions likely to be asked by
adversaries about department or agency intentions,
capabilities, or activities so they can obtain
answers critical to their operational effectiveness.
i. Identify detectable actions and information from
open sources that can be interpreted or pieced
together by an adversary to derive critical
information about departmental or agency activities
or operations.
j. Understand the adversaries' (hostile intelligence
threat) capabilities, i.e., ability to collect
indicators through observation, infiltration,
bribery, or conventional intelligence collection
means such as signals intelligence, human
intelligence, and imagery intelligence.
k. Be aware of countermeasures that can be used to deny
the adversaries the critical information.
1. Prioritize OPSEC initiatives, including surveys,
implementation of countermeasures or other OPSEC
activities, based on the relative importance of the
activity or operation, the sensitivity of the
information involved, and the capabilities of the
adversaries.
m. Understand the department's or agency's overall
OPSEC posture, that is, the extent to which OPSEC is
integrated into all of the departmental or agency
activities.
n. Be aware of problems encountered in establishing and
sustaining the department or agency OPSEC
program.
3. PROGRAM ELEMENTS-COMPONENT LEVEL
a. Issue a component directive that implements NSDD 298
and the department or agency directive.
b. Ensure that all component personnel, commensurate
with their positions and security clearances, are
aware of the hostile intelligence threat and
understand the OPSEC process.
c. Delegate, as appropriate, authority to plan, direct,
and implement OPSEC measures to the operations
element or that equivalent element of the component
primarily responsible for the accomplishment of the
component's overall mission, and designate an
official in that element as the OPSEC Coordinator
for the component. This normally should not be the
security or other support element.
d. Require each element of the component to designate
an individual whose responsibilities include
specific requirements to plan for and implement
OPSEC prior to, during, and after the execution of
operations and other activities that influence the
effectiveness of the component's mission.
e. Require each element to identify core secrets,
critical information, and sensitive operations to be
protected from the adversary intelligence threat.
f. Require each element to follow OPSEC planning
guidance, taking into account those aspects of their
activities or operations that should be protected in
light of friendly and adversary goals, estimated key
adversary questions, probable adversary knowledge,
desirable and harmful adversary appreciations, and
pertinent adversary intelligence threats.
g. Require elements to use systematic OPSEC analysis
developed for OPSEC surveys to identify
vulnerabilities and select appropriate OPSEC
measures to support specific organizational missions
and activities.
h. Establish a sufficient number of OPSEC work groups,
with multidisciplined and cross-component
representation, to perform the necessary support
functions required for an effective OPSEC program.
The working groups should develop and set priorities
for the component's OPSEC program objectives, meet
on a regular basis, and maintain records of
meetings.
i. Require elements to provide a report at least
annually on the OPSEC posture of the element and
OPSEC activities carried out.
j. Require the official designated as the OPSEC
Coordinator for the component to perform the
following tasks:
(1) Develop componentwide OPSEC policy,
guidance, and instructions.
(2) Publish an OPSEC planning guide that
establishes minimum standards for
conducting OPSEC activities.
(3) Represent the head of the component at the
departmental or agency level on OPSEC-related
matters.
(4) Manage the componentwide OPSEC program by
performing the following tasks:
(a) Planning and programming technical and
other OPSEC support for the elements,
including the conduct of OPSEC
vulnerability assessments of
componentwide or multielement
activities.
(b) Analyzing vulnerabilities detected in
the course of componentwide or
multielement assessments and
recommending potential countermeasures
as appropriate.
(5) Oversee the component OPSEC program by
performing the following tasks:
(a) Establishing and chairing a work group
to coordinate in the componentwide
OPSEC program. Ensuring that the work
group represents appropriate program
offices and field elements to provide
an active forum to discuss and assess
generic and specific OPSEC concerns.
(b) Coordinating with field elements on
OPSEC matters and providing assistance
as requested.
(c) Assessing the effectiveness of the
componentwide OPSEC program by
performing periodic reviews.
(6) Operate the componentwide office of record
for OPSEC plans and program files to assist
in developing an active OPSEC program for
component operations and other activities.
(7) Develop and maintain an OPSEC plan that
includes, at a minimum, goals, milestones,
and a timetable.
(8) Advise the head of the component of the
status of the component's OPSEC program,
including plans, developments innovations,
problems, and solutions.
k. Require the official in charge of training to
establish OPSEC awareness and training programs to
ensure that all employees are aware of their
adversaries' capabilities and understand the OPSEC
process.
SAMPLE DIRECTIVE
DATE:
NUMBER:
DIRECTIVE:
SUBJECT: Operations Security Program (cite NASA Installation)
REFERENCE: National Security Decision Directive 298,
"National Operations Security Program," dated
January 22, 1988.
A. PURPOSE
This Directive establishes the operations security
(OPSEC) program, provides policy, assigns
responsibilities, and implements reference.
B. APPLICABILITY
1. This Directive applies to (cite NASA Installation)
(hereafter referred to collectively as elements).
2. The (cite NASA Installation) OPSEC program shall be
applied to contractors when it has been determined
that such measures are necessary for the adequate
protection of critical or sensitive information,
activities or operations of the (cite Installation),
its elements directly or indirectly associated with
a specific contract.
C. DEFINITIONS
1. Operations Security (OPSEC). A systematic and
analytic process by which the U.S. Government and
its supporting contractors can deny to potential
adversaries information about capabilities and
intentions by identifying, controlling, and
protecting evidence of the planning and execution of
sensitive activities and operations.
2. Critical Information. Information that must be
protected from loss to keep an adversary from
gaining a significant operational, economic,
political, or technological advantage and prevent
adverse impact on friendly mission accomplishment.
D. POLICY
1. In accordance with reference, each element shall
establish a formal OPSEC program with the following
common features:
a. Specific assignment of responsibility for OPSEC
direction and implementation;
b. Specific requirements to plan for and implement
OPSEC in anticipation of and, where appropriate,
during element activity;
c. Use of OPSEC analytical techniques to assist in
identifying OPSEC vulnerabilities and to select
appropriate OPSEC measures; and
d. Measures to ensure that all personnel,
commensurate with their positions and security
clearances, are aware of hostile intelligence
threats and understand the OPSEC process.
e. Requirement for an annual review and evaluation
of this OPSEC program to determine its
effectiveness in the preceding year and to
develop recommendations on improvements for the
next year and the longer term. The annual
report shall be submitted to the Chief, NASA
Security Office for review and approval.
f. Provisions for cross element and interagency
support and cooperation with respect to OPSEC
programs.
2. The Chief, NASA Security Office must be advised on
OPSEC measures required of other NASA Installations
or other departments and agencies of the U.S.
Government to achieve and maintain effective
operations or activities.
3. OPSEC is a management responsibility. Supervisors
at all levels are responsible for maintaining their
organization's OPSEC program.
4. Authority to plan, direct, and implement OPSEC
measures may be delegated, as appropriate, to the
operation's unit or an equivalent unit of the
element primarily responsible for the accomplishment
of the element's overall mission. This normally
should not be the Installation Security or other
support unit.
5. OPSEC must be addressed from initiation of all
planning, programming, and budgeting actions.
E. RESPONSIBILITIES
1. The (cite title) for (cite element) is hereby
appointed as (cite NASA Installation) OPSEC Program
Manager and shall perform the following tasks:
a. Develop OPSEC policy, guidance, and
instructions.
b. Publish an OPSEC planning guide that establishes
minimum standards for conducting OPSEC
activities.
c. Provide representation at agency level on OPSEC-
related matters.
d. Operate the office of record for OPSEC plans and
program files.
e. Develop and maintain an OPSEC plan that
includes, at a minimum, goals, milestones, and a
timetable.
f. Advise the Installation Director of the status
of the (cite NASA Installation) OPSEC Program,
to include plans, developments, innovations,
problems, and solutions.
g. Manage the (cite NASA Installation)-OPSEC
Program by performing the following tasks:
(l) Planning and programming technical and
other OPSEC support for the elements,
including the conduct of OPSEC
vulnerability assessments of (cite
Installation)-wide or multi-element
activities.
(2) Analyzing vulnerabilities detected in
the course of (cite NASA
Installation)-wide assessments, and
recommending potential countermeasures
as appropriate.
h. Conduct oversight of the OPSEC Program by
performing the following tasks:
(l) Establishing and chairing a working
group to manage the OPSEC Program.
The working group should be composed
of members from all major elements
and, as appropriate, support elements,
and provide an active forum to discuss
and assess generic and specific OPSEC
concerns. The working group should
develop and set priorities for the
OPSEC program objectives, meet on a
regular basis, and maintain records of
meetings.
(2) Coordinating with all elements on
OPSEC matters and providing assistance
as requested.
(3) Assessing the effectiveness of the
OPSEC program by performing periodic
reviews.
2. Installation Directors shall perform the following
tasks:
a. Designate an individual whose responsibilities
shall include specific requirements to plan for
and implement OPSEC prior to, during and after
execution of operations and other activities
that impact on mission effectiveness.
b. Identify its core secrets, critical information
and sensitive operations that must be protected
from the adversary intelligence threat.
c. Follow NASA Security Office OPSEC planning
guidance taking into account those aspects of
activities or operations that should be
protected in light of friendly and adversary
goals, estimated key adversary questions,
probable adversary knowledge, desirable and
harmful appreciations, and pertinent adversary
intelligence threats.
d. Use systematic OPSEC analysis developed for
OPSEC surveys to identify vulnerabilities and
select appropriate OPSEC measures to support
specific missions and activities.
e. Establish OPSEC working groups, with
multidisciplined and cross representation, to
perform the necessary support functions required
for an effective OPSEC program.
f. Provide a report at least annually on the OPSEC
posture and the OPSEC activities of the
Installation.
3. The ICS shall perform the following tasks:
a. Establish training programs that will ensure
that all employees understand the OPSEC process
and are aware of the adversaries' intelligence
capabilities.
b. Provide technical OPSEC training to those
individuals who are involved in the conduct of
OPSEC surveys.
APPENDIX U: OPERATION SECURITY GLOSSARY
1. DEFINITIONS
Acceptable Level of Risk. The level at which an Automated
Information System (AIS) is deemed to meet the minimum
requirements of applicable security directives as determined
by an assessment made by the appropriate designated approving
authority (National INFOSEC Glossary, October 1988).
Access Control Mechanism. Hardware or software features,
operating procedures, management procedures, and various
combinations of these designed to prevent unauthorized access,
and to permit authorized access to information within an
automated system (National INFOSEC Glossary, October 1988).
Acoustical Intelligence (ACOUSTINT). Intelligence information
derived from analysis of acoustic waves radiated either
intentionally or unintentionally by the target into
surrounding medium (Glossary of Intelligence Terms and
Definitions, June 1989). NOTE: In Naval usage, the acronym
ACINT is used and usually refers to intelligence derived
specifically from analysis of underwater acoustic waves from
ships and submarines. The technical and intelligence
information derived from foreign sources that generate waves.
Administratively Controlled Information. Privileged but
unclassified material bearing designations such as FOR
OFFICIAL USE ONLY or LIMITED OFFICIAL USE to prevent
disclosure to unauthorized persons (Glossary of Intelligence
Terms and Definitions, June 1978).
Administrative Security. The management constraints and
supplemental controls established to provide an acceptable
level of protection for data (National INFOSEC Glossary,
October 1988). NOTE: Synonymous with procedural security.
Adversary. Those individuals or organizations that must be
denied critical information to maintain friendly mission
effectiveness.
Agent. A person who engages in clandestine intelligence
activity under the direction of an intelligence organization
but who is not an officer, employee, or co-opted worker of
that organization (Glossary of Intelligence Terms and
Definitions, June 1989).
Appreciations. Personal conclusions, official estimates, and
assumptions about another party's intentions, capabilities,
and activities used in planning and decisionmaking.
1. Desired Appreciations. Adverse personal conclusions
and official estimates, valid or invalid, that
result in adverse behaviors and official actions
advantageous to friendly interests and objectives.
2. Harmful Appreciations. Adverse personal
conclusions, official estimates, or assumptions,
valid or invalid, that result in adverse behaviors
and official actions harmful to friendly interests
and objectives (JCS MOP 199, March 1989).
Assessment. An analysis of the threat to or the
vulnerabilities of a telecommunications or automated
information processing system or activity (National INFOSEC
Glossary, October 1988).
Audit. The independent review and examination of records and
activities to test for adequacy of system controls, to ensure
compliance with established controls, to ensure compliance
with established policy and operational procedures, and to
recommend any indicated changes in controls, policy, or
procedures (National INFOSEC Glossary, October 1988). NOTE:
An audit may be conducted by personnel responsible to the
management of the organization being audited (internal) or by
an organization independent of the one being audited (external).
Automated Data Processing. See automated information systems.
Automated Information Systems. Systems that collect, create,
prepare, or manipulate information in electronic form for
purposes other than device control or telecommunications
(National INFOSEC Glossary, October 1988). NOTE: Includes
computers, word processing systems, other electronic
information handling systems, and associated equipment.
Automated Information Systems Security. The totality of
security safeguards used to provide a defined level of
protection to an automated information system and data handled
by it (National INFOSEC Glossary, October 1988). NOTE: See
telecommunications and automated information systems security.
Carve-out. A classified contract issued in connection with an
approved Special Access Program in which the Defense
Investigative Service has been relieved of inspection
responsibility in whole or in part under the Defense
Industrial Security Program (DoD Directive 5200.lR,
Information Security Program Regulation).
Category. A restrictive label that has been applied to
classified or unclassified data as a means of increasing the
protection of the data by further restricting access to the
data (National INFOSEC Glossary, October 1988). NOTE:
Examples include Sensitive Compartmented Information (SCI),
Proprietary Information (PROPIN), and NATO Information.
Individuals are granted access to special category information
only after being granted formal access authorization.
Categories of Data. In the context of perception management
and its constituent approaches, data obtained by adversarial
individuals, groups, intelligence systems, and officials are
categorized in two ways:
1. Information. A compilation of data provided by
secret or open sources that would provide a
substantially complete picture of friendly
intentions, capabilities, or activities.
2. Indicators. Data derived from open sources or from
detectable actions that adversaries can piece together or
interpret to reach personal conclusions or official
estimates concerning friendly intentions, capabilities,
or activities.
NOTE: For OPSEC purposes, actions that convey indicators
exploitable by adversaries, but that must be carried out
regardless, to plan, prepare for, and execute activities,
are called "observable" (JCS MOP l9g, March 1989).
Classified Information. Official information regarding the
national security that has been designated Top Secret, Secret,
or Confidential in accordance with Executive Order 12356
(National INFOSEC Glossary, October 1988).
Communications Cover. The concealing or altering of
characteristic communications patterns to hide information
that could be of value to an adversary (National INFOSEC
Glossary, October 1988).
Communications Deception. Deliberate transmission,
retransmission, or alteration of communications to mislead an
adversary in his interpretation of the communications
(National INFOSEC Glossary, October 1988).
Communications Intelligence (COMINT). Technical and
intelligence information derived from interception of foreign
communications by other than the intended recipients; it does
not include the monitoring of foreign public media or the
interception of communications obtained during the course of
counterintelligence investigations within the United States.
COMINT includes the fields of traffic analysis, cryptanalysis,
and direction finding (Glossary of Intelligence Terms and
Definitions, June 1989).
Communications Profile. An analytic model of communications
associated with an organization or activity (National INFOSEC
Glossary, October 1988). NOTE: The model is prepared from a
systematic examination of communications content and patterns,
their reflections, and the COMSEC measures applied.
Communications Security (COMSEC). Measures taken to deny
unauthorized persons information derived from
telecommunications of the U.S. Government concerning national
security, and to ensure the authenticity of such
telecommunications (National INFOSEC Glossary, October 1988).
NOTE: COMSEC includes cryptosecurity, emission security,
transmission security, and physical security of COMSEC
material and information. See also telecommunications and
automated information systems security.
Communications Security Monitoring. The act of listening to
or recording telecommunications transmissions of a U.S.
organization to provide material for analysis to determine the
degree of security being provided to those transmissions
(National INFOSEC Glossary, October 1988).
Communications Security Survey. The organized collection of
COMSEC and communications data relative to a given operation,
system, or organization (National INFOSEC Glossary, October
1988).
Compartmentation. Formal system of restricted access to
intelligence activities, such systems established by and/or
managed under the cognizance of the Director of Central
Intelligence to protect the sensitive aspects of sources,
methods, and analytical procedures of foreign intelligence
programs (Glossary of Intelligence Terms and Definitions, June
1989). NOTE: See also decompartmentation.
Compromise. The exposure of classified official information
or activities to persons not authorized access thereto, i.e.,
unauthorized disclosure (Glossary of Intelligence Terms and
Definitions, June 1989). NOTE: See classified information.
Compromising Emanations. Unintentional data-related or
intelligence-bearing signals emitted from telecommunications
or information processing equipment or systems (National
INFOSEC Glossary, October 1988). NOTE: If intercepted and
analyzed, compromising emanations can disclose classified or
sensitive unclassified information transmitted, received, or
processed by equipment or system. Also referred to as
TEMPEST.
Computer Security (COMPUSEC).
1. The protection resulting from all measures designed
to prevent deliberate or inadvertent unauthorized
access, disclosure, acquisition, manipulation,
modification, or loss of information in a computer
system.
2. The computer-driven aspects of automated information
system security encompassing the mechanisms and
techniques that control access to or use of the
computer or information stored in it.
3. The technical, administrative, and programmatic
means to ensure correct, timely, and accountable
delivery of appropriate information to authorized
customers to ensure accountable delivery of
appropriate information to authorized customers
through automation. See also automated information
systems security (Glossary of Intelligence Terms and
Definitions, June 1989).
Computer Security Technical Vulnerability Reporting Program
(CSTVRP). A program that focuses on technical vulnerabilities
in commercially available hardware, firmware, and software
products acquired by the Department of Defense (DoD) (National
INFOSEC Glossary, October 1988). NOTE: CSTVRP provides
reporting, cataloging, and discreet dissemination of technical
vulnerability and corrective information to DoD components on
a need-to-know basis.
Confidentiality. The concept of holding sensitive data in
confidence, limited to an appropriate set of individuals or
organizations (National INFOSEC Glossary, October 1988).
Confidential Source. Any individual or organization that has
provided, or that may reasonably be expected to provide,
information to the United States on matters pertaining to the
national security with the expectation, expressed or implied,
that the information or relationship, or both, be held in
confidence (DoD Directive 5200.lR Information Security Program
Regulation).
Confinement. The prevention of the leaking of sensitive data
from a program (National INFOSEC Glossary, October 1988).
Controlled Information. Information conveyed to an adversary
in a deceptive operation to evoke desired appreciations (JCS
PUB 18, Dec. 1982).
Counterintelligence. Information gathered and activities
conducted to protect against espionage, other intelligence
activities, sabotage, or assassinations conducted for or on
behalf of foreign powers, organizations, persons, or terrorist
activities, but not including personnel, physical, document,
or communications security programs. See foreign
counterintelligence (Glossary of Intelligence Terms and
Definitions, June 1989).
Critical Information. Information that must be protected from
loss to keep an adversary from gaining a significant
operational, economic, political, or technological advantage,
and prevent adverse impact on friendly mission accomplishment.
Cryptanalysis. The operations performed in converting
encrypted messages to plain text without initial knowledge of
the algorithm and/or key employed in the encryption (National
INFOSEC Glossary, October 1988).
Cryptology. The science and activities that deal with hidden,
disguised, or encrypted communications (National INFOSEC
Glossary, October 1988). NOTE: Cryptology includes COMSEC
and COMINT.
Deception Means. Methods, resources, and techniques that can
be used to convey or deny information:
1. Administrative Means. Resources, methods, and techniques
designed to convey or deny oral, pictorial, documentary,
or other physical evidence.
2. Physical Means. Activities and resources used to
convey or deny selected information. (Examples:
military operations, including exercises,
reconnaissances, training activities, and movement
of forces; the use of dummy equipment and devices;
tactics; bases, logistic actions, stockpiles,
maintenance, and repair activities; and test and
evaluation activities.)
3. Technical Means. Military material resources and their
associated operating techniques used to convey or deny
selected information through the deliberate radiation,
reradiation, alteration, absorption, or reflection of
energy; the emission or suppression of chemical
biological odors; and the emission or suppression of
nuclear particles (JCS PUB 18, Dec. 1982).
Declassification. Removal of official information from the
protective status afforded by security classification; it
requires a determination that disclosure no longer would be
detrimental to national security (Glossary of Intelligence
Terms and Definitions, June 1989).
Decompartmentation. The removal of materials, information or
products from a compartmented system without altering them to
conceal sources, methods, or analytical procedures (Glossary
of Intelligence Terms and Definitions, June 1989).
Detectable Actions. Physical actions or entities that can be
observed, imaged, or detected by human senses or by active and
passive technical sensors, including emissions that can be
intercepted (JCS MOP 199, March 1989).
Direction Finding (DF). A procedure for obtaining bearings on
radio frequency emitters with the use of a directional antenna
and a display unit with an intercept receiver or ancillary
equipment (Glossary of Intelligence Terms and Definitions,
June 1989).
Disclosure. The authorized release of classified information
through approved channels (Glossary of Intelligence Terms and
Definitions, June 1989).
Eavesdropping. The unauthorized interception of information-
bearing emanations through the use of methods other than
wiretapping (National INFOSEC Glossary, October 1988).
Economic Assessment. A detailed study of security measures,
their technical and operational feasibility, and their
associated costs and benefits (National INFOSEC Glossary,
October 1988). NOTE: Economic assessments aid in planning
and selecting security measures.
Economic Intelligence. Intelligence regarding foreign
economic resources, activities, and policies including the
production, distribution, and consumption of goods and
services, labor, finance, taxation, and other aspects of the
international economic system (Glossary of Intelligence Terms
and Definitions, June 1989).
Electro-optical Intelligence (ELECTRO-OPTINT). Intelligence
information derived from the optical monitoring of the
electromagnetic spectrum from ultraviolet (0.01 micrometers)
through far (long wavelength) infrared (1,000 micrometers)
(Glossary of Intelligence Terms and Definitions, June 1989).
NOTE: Also see optical intelligence.
Electronic Intelligence (ELINT). Technical and intelligence
information derived from foreign noncommunications
transmissions by other than the intended recipients.
Technical and intelligence information derived from foreign
noncommunications electromagnetic radiations emanating from
other than atomic detonation or radioactive sources (Glossary
of Intelligence Terms and Definitions, June 1989).
Electronics Security (ELSEC). The protection resulting from
all measures designed to deny unauthorized persons information
of value that might be derived from the interception and
analysis of noncommunications electromagnetic radiations, such
as radar (National INFOSEC Glossary, October 1988).
Emissions Security (EMSEC). The protection resulting from all
measures taken to deny unauthorized persons information of
value that might be derived from the interception and analysis
of compromising emanations from crypto-equipment, automated
information systems, and telecommunications systems (National
INFOSEC Glossary, October 1988).
Energy Intelligence. Intelligence relating to the technical,
economic, and political capabilities and programs of foreign
countries to engage in development, utilization, and commerce
of basic and advanced energy technologies. This includes the
location and extent of foreign energy resources and their
allocation; foreign government energy policies, plans, and
programs; new and improved foreign energy technologies; and
economic and security aspects of foreign energy supply,
demand, production, distribution, and utilization (Glossary of
Intelligence Terms and Definitions, June 1989).
Espionage. Intelligence activity directed toward the
acquisition of information through clandestine means and
proscribed by the laws of the country against which it is
committed (Glossary of Intelligence Terms and Definitions,
June 1989).
Essential Elements of Friendly Information (EEFI). Key
questions about friendly intentions and military capabilities
likely to be asked by opposing planners and decision makers
(JCS PUB 18, Dec. 1982).
Essential Secrecy. Adversary unknowns or uncertainties about
specific factual friendly intentions, capabilities, and
activities vitally needed by adversaries for them to plan and
act effectively so as to guarantee failure or unacceptable
consequences for friendly mission accomplishment.
Exploitation. The process of obtaining intelligence
information from any source and taking advantage of it for
intelligence purposes. NOTE: Also see source (Glossary of
Intelligence Terms and Definitions, June 1989).
Foreign Counterintelligence (FCI). Intelligence activity,
with its resultant product, intended to detect, counteract,
and/or prevent espionage and other clandestine intelligence
activities, sabotage, international terrorist activities, or
assassinations conducted for or on behalf of foreign powers,
organizations, or persons; it does not include personnel,
physical, document, or communications security programs
(Glossary of Intelligence Terms and Definitions, June 1989).
Foreign Government Information. Information that is:
1. Provided to the United States by a foreign
government or governments, an international
organization of governments, or any element thereof
with the expectation, expressed or implied, that the
information, the source of the information, or both,
are to be held in confidence; or
2. Produced by the United States pursuant to or as a
result of a joint arrangement with a foreign
government or governments or an international
organization of governments, or any element thereof,
requiring that the information, the arrangement, or
both, are to be held in confidence (DoD 5200.lR
Information Security Program Regulation).
Foreign Instrumentation Signals (FIS). Electromagnetic
emissions associated with the testing and operational
deployment of non-U.S. aerospace, surface, and subsurface
systems that may have either military or civilian application;
it includes but is not limited to the signals fromtelemetry,
beaconry, electronic interrogators, tracking/fusing/
arming/command systems, and video data links (Glossary of
Intelligence Terms and Definitions, June 1989).
Foreign Instrumentation Signals Intelligence (FISINT).
Technical and intelligence information derived from intercept
of foreign instrumentation signals (Glossary of Intelligence
Terms and Definitions, June 1989).
Foreign Material (FORMAT) Intelligence. Intelligence derived
from the exploitation of foreign equipment, subsystems,
components, or other material (Glossary of Intelligence Terms
and Definitions, June 1989).
Friendly. Those individuals or organizations involved in the
specific sensitive operation or activity who have a need-to-
know.
Geographic(al) Intelligence. Foreign intelligence dealing
with the location, description, and analysis of physical and
cultural factors of the world (e.g., terrain, climate, natural
resources, transportation, boundaries, population
distribution) and their changes through time (Glossary of
Intelligence Terms and Definitions, June 1989).
Hostile Cognizant Agent. A person who is authorized access to
classified or sensitive unclassified information and who
intentionally makes that information available to a member of
a hostile intelligence service or other group whose goals are
inimical to the interests of the United States Government or
its allies (National INFOSEC Glossary, October 1988).
Hostile Threat Environment. An area that contains known
threats over which one possesses little or no control
(National INFOSEC Glossary, October 1988). NOTE: Some
diplomatic facilities and tactical military units may be
located in a hostile threat environment.
Human Intelligence (HUMINT). A category of intelligence
information derived from human sources (Glossary of
Intelligence Terms and Definitions, June 1989).
Human Source. A person who wittingly or unwittingly conveys
by any means information of potential intelligence value
(Glossary of Intelligence Terms and Definitions, June 1989).
Imagery. Representations of objects reproduced electronically
or by optical means on film, electronic display devices, or
other media (Glossary of Intelligence Terms and Definitions,
June 1989).
Imagery Intelligence (IMINT). The products of imagery and
photographic interpretation processed for intelligence use
(Glossary of Intelligence Terms and Definitions, June 1989).
Imagery Interpretation (II). The process of locating,
recognizing, identifying, and describing objects, activities,
and terrain represented by imagery; it includes photographic
interpretation (Glossary of Intelligence Terms and
Definitions, June 1989).
Imitative Communications Deception. Introduction of deceptive
messages or signals into an adversary's telecommunications
signals (National INFOSEC Glossary, October 1988).
Inadvertent Disclosure. Accidental exposure of sensitive
information to a person not authorized access (National
INFOSEC Glossary, October 1988). NOTE: This may result in a
compromise or a need-to-know violation.
Indicator. An event, observation, or value used to measure an
abstract concept. An item of information that reflects the
intention or capability of a potential enemy to adopt or
reject a course of action. An action-specific, generalized,
or theoretical-that an enemy might be expected to take in
preparation for an aggressive act (Glossary of Intelligence
Terms and Definitions, June 1989).
Information and Indicator Sources. Data, material, and
actions that provide information and indicators. The sources
are categorized as follows:
1. Secret Sources. Friendly personnel, documents, material,
etc., possessing classified or sensitive information.
2. Open Sources. Oral, documentary, pictorial, and physical
materials accessible to the public, or overt contacts
with adversary parties.
3. Detectable Actions. Physical actions or entities that
can be observed, imaged, or detected by active or passive
sensors. Also includes emissions that can be
intercepted.
Information Security (INFOSEC). The discipline covering the
protection of classified national security information by the
application of the rules and procedures established by
Executive Order 12356. It includes classification,
declassification, marking, mandatory review, oversight, etc.
The procedures pertaining to both communications security and
computer security (Glossary of Intelligence Terms and
Definitions, June 1989).
Information Systems Security. The protection afforded
information systems to preserve the availability, integrity,
and confidentiality of the systems and the information
contained within the systems. Such protection is the
application of the combination of all security disciplines
that will at a minimum include: COMSEC, TEMPEST, COMPUSEC,
personnel security, industrial security, resource protection,
and physical security (Glossary of Intelligence Terms and
Definitions, June 1989). NOTE: Others define this as
INFOSEC. See also telecommunications and automated
information systems security (TIASS).
Infrared Imagery. A likeness or impression produced as a
result of sensing electromagnetic radiations emitted or
reflected from a given target surface in the infrared portion
of the electromagnetic spectrum (Glossary of Intelligence
Terms and Definitions, June 1989).
Intelligence Cycle. The processes by which information is
acquired and converted into intelligence and made available to
customers. There are usually five steps in the cycle:
1. Planning and Direction. Determination of
intelligence requirements, preparation of a
collection plan, issuance of orders, requests to
information collection entities, and a continuous
check on the productivity of collection entities.
2. Collection. Acquisition of information or intelligence
information and the provision of this to processing
and/or production elements.
3. Processing. Conversion of collected information
and/or intelligence information into a form more
suitable for the production of intelligence.
4. Production. Conversion of information or
intelligence information into finished intelligence
through the integration, analysis, evaluation,
and/or interpretation of all available data and the
preparation of intelligence products in support of
known or anticipated customer requirements.
5. Dissemination. Timely conveyance of intelligence in
suitable form to customers (Glossary of Intelligence
Terms and Definitions, June 1989).
Intelligence Information. Information of potential
intelligence value concerning the capabilities, intentions,
and activities of any foreign power, organization, or
associated personnel (Glossary of Intelligence Terms and
Definitions, June 1989).
Intelligence Life. The length of time during which
information remains important enough to protect (National
INFOSEC Glossary, October 1988).
Intelligence System. Any formal or informal system to manage
data gathering, to obtain and process the data, and to provide
reasoned judgments to decision makers as a basis for action.
The term is not limited to intelligence organizations or
services, but includes any system in all its parts that
accomplishes the listed tasks.
Intrusion Detection System (IDS). A system designed to detect
and signal the entry of unauthorized persons into a protected
area, such as security alarms, sensor systems, or video
systems (National INFOSEC Glossary, October 1988).
Laser Intelligence (LASINT). Technical and intelligence
information derived from laser systems; it is a subcategory of
electro-optical intelligence (Glossary of Intelligence Terms
and Definitions, June 1989).
Limited Access Area. An area in which uncontrolled movement
of persons would allow access to classified information, but
in which such access is prevented by escort or other internal
restrictions or controls (National INFOSEC Glossary, October
1988).
Low Probability of Detection (LPD). Measures used to hide or
disguise intentional electromagnetic transmissions (National
INFOSEC Glossary, October 1988).
Manipulative Communications Deception. The alteration or
simulation of friendly telecommunications for the purpose of
deception (National INFOSEC Glossary, October 1988). NOTE:
May consist of any or all of the following: establishment of
bogus communications structures, transmission of deception
messages, expansion or creation of communications schedules on
existing structures to display an artificial volume of
messages.
Meaconing. A system for receiving radio beacon signals and
retransmitting them on the same frequency to confuse
navigation and cause inaccurate bearings to be obtained by
beacon users (National INFOSEC Glossary, October 1988).
Meaconing, Intrusion, Jamming and Interference (MIJI). A
collective name for all of the types of jamming or other
interference that may be used against electromagnetic
equipment or systems (National INFOSEC Glossary, October
1988).
Measurement and Signature Intelligence (MASINT). Scientific
and technical intelligence information obtained by
quantitative and qualitative analysis of data (metric, angle,
spatial, wavelength, time dependence, modulation, plasma, and
hydromagnetic) derived from specific technical sensors for the
purpose of identifying any distinctive features associated
with the source emitter or sender and to facilitate subsequent
identification and/or measurement of the same (Glossary of
Intelligence Terms and Definitions, June 1989).
Medical Intelligence (MEDINT). Medical scientific, technical,
and biological intelligence that assesses and predicts
technological advances of medical significance to include
defense against chemical, biological, and radiological
warfare; it applies to both tactical and strategic planning
and operations, including military and humanitarian efforts
(Glossary of Intelligence Terms and Definitions, June 1989).
National Computer Security Assessment Program (NCSAP). A
program designed to evaluate the interrelationship of
empirical data of computer security infractions and that of
critical systems profiles, while comprehensively incorporating
information from the Computer Security Technical Vulnerability
Reporting Program (National INFOSEC Glossary, October 1988).
NOTE: Assessments build threat and vulnerability scenarios
that are based on a collection of facts from relevant reported
cases. Such scenarios are a powerful, dramatic, and concise
form of representing the value of loss experience analysis.
National Security Information. Classified information related
to the national defense or foreign relations of the United
States (National INFOSEC Glossary, October 1988).
Need-to-Know. The necessity for access to, knowledge of, or
possession of specific information required to carry out
official duties (National INFOSEC Glossary, October 1988).
Nuclear Intelligence (NUCINT). Intelligence derived from the
collection and analysis of radiation and other effects
resulting from radioactive resources (Glossary of Intelligence
Terms and Definitions, June 1989).
Nuclear Proliferation Intelligence. Foreign intelligence
relating to:
1. Scientific, technical, and economic capabilities and
programs and the political plans and intentions of
non-nuclear weapon states or foreign organizations
to acquire nuclear weapons and/or to acquire the
requisite special nuclear materials and to carry on
research, development, and the manufacturing of
nuclear explosive devices; and
2. The attitudes, policies, and actions of foreign
nuclear supplier countries toward provision of
technologies, facilities, or special nuclear
materials that could assist non-nuclear weapon
states or foreign organizations to acquire or
develop nuclear explosive devices (Glossary of
Intelligence Terms and Definitions, June 1989).
Open Sources. Overt contacts between people or oral,
documentary, pictorial, and physical materials accessible by
the public (JCS MOP 199, Dec. 1989).
Open Source Information. Information of potential
intelligence value (i.e., intelligence information) available
to the general public such as papers, books, periodicals, and
other printed information. It also includes information
derived from radio and television transmissions, press
agencies, maps, and photography (Glossary of Intelligence
Terms and Definitions, June 1989).
Operational Intelligence (OPINTEL). Intelligence required for
planning and executing operations (Glossary of Intelligence
Terms and Definitions, June 1989).
Operations Security Problem. When activities or procedures of
one organization create vulnerabilities to another
organization's critical information.
Operations Security (OPSEC). A systematic and analytic
process by which the U.S. Government and its supporting
contractors can deny to potential adversaries information
about capabilities and intentions by identifying, controlling,
and protecting evidence of the planning and execution of
sensitive activities and operations.
Operations Security Appraisal. A type of OPSEC assessment
where a desktop review is made of an operation or activity of
an organization or facility to determine vulnerabilities and
possible countermeasures.
Operations Security Assessment. A process of analyzing
information and indicator sources associated with operations
and other activities to evaluate and improve the effectiveness
of an organization in protecting its critical information from
adversaries using the following three steps:
1. Identifying critical information that must be
protected.
2. Identifying indicators or information that can be
observed or obtained by adversaries that could be
interpreted or pieced together to derive critical
information in time to be useful to adversaries.
3. Selecting and recommending measures that eliminate
or reduce the vulnerabilities of friendly actions or
information to adversary exploitation.
Operations Security Indicators. Friendly detectable actions
and information that can be interpreted or pieced together by
an adversary to derive critical information.
Operations Security Measures. Countermeasures that will deny
adversaries the ability to collect, process, analyze, or
utilize indicators.
Operations Security Planning Guidance. Guidance that serves
as the blueprint for OPSEC planning by all functional elements
throughout the organization. It defines the critical
information that requires protection from adverse
appreciations, taking into account friendly and adversarial
goals, estimated key adverse questions, probable adverse
appreciations, and pertinent intelligence system threats. It
also should outline provisional OPSEC measures to ensure the
requisite essential secrecy.
Operations Security Process. A systems analysis methodology
involving five steps: identification of critical information,
analysis of threats, analysis of vulnerabilities, assessment
of risks, and application of appropriate countermeasures.
Operations Security Survey. A thorough on-site examination of
an operation or activity to determine if there are
vulnerabilities that would permit adversary exploitation of
critical information during the planning, preparation,
execution, and postexecution phases of any operation or
activity.
Operations Security Vulnerability. A condition when friendly
actions provide OPSEC indicators that may be obtained and
accurately evaluated by an adversary in time to provide a
basis for effective adversary decisionmaking.
Operations Security Working Group. A formally designated body
representing a broad range of administrative and programmatic
activities that provides review, support, and participation
with management in the implementation and furtherance of their
operational security program.
Optical Intelligence (OPINT). That portion of electro-optical
intelligence that deals with visible light (Glossary of
Intelligence Terms and Definitions, June 1989).
Overt Collection. The acquisition of intelligence information
from public media, observation, government-to-government
dialogue, elicitation, and from the sharing of data openly
acquired; the process may be classified or unclassified; the
target and host governments as well as the sources involved
normally are aware of the general collection activity,
although the specific acquisition, sites, and processes may be
successfully concealed (Glossary of Intelligence Terms and
Definitions, June 1989).
Penetration. The recruitment of agents within or the
infiltration of agents or introduction of technical monitoring
devices into an organization or group or physical facility for
the purpose of acquiring information or influencing its
activities (Glossary of Intelligence Terms and Definitions, 15
June 1978). The successful act of bypassing the security
mechanisms of a cryptographic or automated information system
(National INFOSEC Glossary, October 1988).
Penetration Signature. The description of a situation or set
of conditions or events in which a penetration could occur, or
the characteristics or identifying marks that may be produced
to indicate a successful or unsuccessful attempt at
penetration (National INFOSEC Glossary, October 1988).
Penetration Study. A study to determine the feasibility and
methods for defeating controls on an automated information
system (National INFOSEC Glossary, October 1988).
Penetration Testing. The portion of security testing in which
evaluators attempt to circumvent the security features of a
system (National INFOSEC Glossary, October 1988). NOTE: The
testing team, consisting of data processing, communications,
and security specialists, may use all design and
implementation documentation, including listings of system
source code, manuals, and circuit diagrams to identify any
system security weaknesses.
Personnel Insecurity. The capture, unauthorized absence,
defection, or control by an adversary of an individual having
knowledge of or access to classified or sensitive information
or material.
Personnel Security
1. The means or procedures--such as selective
investigations, record checks, personal interviews,
and supervisory controls--designed to provide
reasonable assurance that persons being considered
for or granted access to classified information are
loyal and trustworthy (Glossary of Intelligence
Terms and Definitions, 15 June 1978).
2. The procedures established to ensure that all
personnel who have access to sensitive or classified
information have the required authority as well as
appropriate clearances (National INFOSEC Glossary,
October 1988).
Photographic Intelligence (PHOTOINT). The collected products
of photographic interpretation classified and evaluated for
intelligence use; it is a category of imagery intelligence
(Glossary of Intelligence Terms and Definitions, June 1978).
Photographic Interpretation (PI). The process of locating,
recognizing, identifying, and describing objects, activities,
and terrain represented on photography; it is a category of
imagery intelligence (Glossary of Intelligence Terms and
Definitions, June 1978).
Physical Security
1. Physical measures--such as safes, vaults, perimeter
barriers, guard systems, alarms, and access
controls--designed to safeguard Installations
against damage, disruption, or unauthorized entry;
information or material against unauthorized access
or theft; and specified personnel against harm
(Glossary of Intelligence Terms and Definitions, 15
June 1978).
2. The application of physical barriers and control
procedures to prevent unauthorized access to
resources, information, or material (National
INFOSEC Glossary, October 1988).
Political Intelligence. Intelligence concerning the dynamics
of the internal and external political affairs of foreign
countries, regional groupings, multilateral treaty
arrangements, and organizations, and foreign political
movements directed against or affecting established
governments or authority (Glossary of Intelligence Terms and
Definitions, June 1989).
Privileged Data. Data not subject to the usual rules because
of some special circumstance, such as legal and medical files
(National INFOSEC Glossary, October 1988).
Procedural Security. See administrative security.
Proprietary Data. Data that are created, used, and marketed
by individuals or organizations having exclusive legal rights
(National INFOSEC Glossary, October 1988).
Protective Security. Responds to general vulnerabilities and
threats. It includes personnel security (background
investigations, security clearances, and polygraphs); physical
security (physical safeguards and security barriers); document
security (distinctive markings, classification, and document
destruction procedures); security procedures
(compartmentalization, the "need-to-know principle," and two-
person control); and security awareness efforts (vulnerability
and threat briefings, morale, discipline, and education
programs).
Radar Intelligence (RADINT). Intelligence information derived
from data collected by radar (Glossary of Intelligence Terms
and Definitions, June 1989).
Radiation Intelligence (RINT). The functions and
characteristics derived from information obtained from
unintentional electromagnetic energy emanating from foreign
devices; excludes nuclear detonations or radioactive source.
(Glossary of Intelligence Terms and Definitions, June 1989).
Radio Fingerprinting. The process of recording and studying
the characteristics of the emissions of a radio transmitter to
identify the transmitting station (National INFOSEC Glossary,
October 1988).
Restricted Area. Any area to which access is subject to
special restrictions or controls for reasons of security or
safeguarding of property or material (National INFOSEC
Glossary, October 1988).
Risk Analysis. See risk assessment.
Risk Assessment. The process of identifying security risks
based on an analysis of threats to and vulnerabilities of a
system, the determination of the magnitude of the risk, and
measures needed to safeguard against the risk (National
INFOSEC Glossary, October 1988). NOTE: Risk analysis is the
preferred term when referring to automated information
systems.
Risk Evaluation. Any document that contains an evaluation of
the vulnerabilities of an Installation to the compromise of
classified or sensitive Government information (National
INFOSEC Glossary, October 1988). NOTE: A risk evaluation may
be in-depth or limited in scope. It will generally reflect
administrative, physical access, personnel, environmental,
technical, and electronic safeguards to prevent compromise.
Risk Management. The element of managerial science concerned
with the identification, measurement, control, and
minimization of uncertain events.
Sanitize. To remove or edit sensitive data so that the
remaining data are of lower sensitivity than the original
aggregate.
Scientific and Technical Intelligence (STI). Intelligence
concerning foreign developments in basic and applied
scientific and technical research and development, including
engineering and production techniques, new technology, and
weapon systems and their capabilities and characteristics; it
also includes intelligence that requires scientific or
technical expertise on the part of the analyst, such as
medicine, physical health studies, and behavioral analyses
(Glossary of Intelligence Terms and Definitions, June 1989).
Secure Communications. Telecommunications that are
effectively secured against adversary exploitation by COMSEC.
Secure Working Area. An accredited facility that is used for
handling, discussing, or processing sensitive information
(National INFOSEC Glossary, October 1988).
Securing. The safeguarding with COMSEC devices, equipment, or
techniques of telecommunications systems that transmit
classified or sensitive but unclassified government
information (National INFOSEC Glossary, October 1988).
Security Countermeasures. Countermeasures that are aimed at
specific threats and vulnerabilities (operational security
procedures, camouflage, concealment, and other denial
techniques) or involve more active techniques (counterimagery
programs, counter-SIGNIT operations; and telecommunications
and computer security) as well as activities traditionally
perceived as security.
Security Evaluation. A product evaluation or a system
evaluation performed to assess the degree of trust that can be
placed in an automated information system for the secure
handling of sensitive information (National INFOSEC Glossary,
October 1988).
Security Incident. An incident involving classified
information in which there is a deviation from the
requirements of the governing security regulations (National
INFOSEC Glossary, October 1988). NOTE: Compromise,
inadvertent disclosure, need-to-know violation, and
administrative deviation are examples of security incidents.
Security Level. The combination of a hierarchical
classification and a set of nonhierarchical categories that
represents the sensitivity of information (National INFOSEC
Glossary, October 1988).
Sensitive Business Data. Data that require protection under
Title 18, USC 1905, and other business data that by their
nature require controlled distribution or access for reasons
other than classification such as personal data. NOTE:
Sensitive business data appear in the following categories:
1. Financial. Requiring protection to ensure the integrity
of funds or other fiscal assets.
2. Sensitive Management. Requiring protection against
the loss of property, material or supplies, or to
defend against the disruption of operations or
normal management practices.
3. Proprietary. Requiring protection for data or
information in conformance with a limited rights
agreement or that are the exclusive property of a
civilian corporation or individual and that are on
loan to the government for evaluation or for its
proper use in educating contracts.
4. Privilege. Requiring protection for conformance
with business standards or as required by law, as
with government information involving award of a
contract (National INFOSEC Glossary, October 1988).
Sensitive Compartmented Information (SCI). All information
that requires special information controls for restricted
handling within compartmented intelligence systems and for
which compartmentation is established (National INFOSEC
Glossary, October 1988).
Sensitive Compartmented Information Facility (SCIF). An
accredited area, room, group of rooms, or Installation where
SCI may be stored, used, discussed, and/or processed (Glossary
of Intelligence Terms and Definitions, June 1989).
Sensitive Defense Information. Classified or sensitive
information designated by the Secretary of Defense (National
INFOSEC Glossary, October 1988). NOTE: All items on the
Critical Military Technologies List fall into this category.
Sensitive Information. Any information, the loss, misuse, or
unauthorized access to or modification of which could
adversely affect the national security interest or the conduct
of Federal programs, or the privacy to which individuals are
entitled under section 552a of Title 5, United States Code
(the Privacy Act), but which has not been specifically
authorized under criteria established by an Executive Order or
an Act of Congress to be kept secret in the interest of
national defense or foreign policy (National INFOSEC Glossary,
October 1988).
Sensitive/Unclassified. Data requiring a degree of protection
due to the risk and magnitude of loss or harm that could
result from inadvertent or deliberate disclosure (DOE Sources,
December 1989).
Signal Intelligence (SIGINT). Intelligence information
derived from signals intercept comprising, either individually
or in combination, all communications intelligence, electronic
intelligence, and foreign instrumentation signals
intelligence, however transmitted (Glossary of Intelligence
Terms and Definitions, June 1989).
Signals Security (SIGSEC). A generic term encompassing COMSEC
and ELSEC (National INFOSEC Glossary, October 1988).
SIGSEC Signals Analysis. Analysis of the external signal
parameters of U.S. official electronic emissions (National
INFOSEC Glossary, October 1988). NOTE: This analysis
includes the identification of signals anomalies that might be
exploited by an adversary SIGINT effort.
Software Security. General purpose (executive, utility, or
software development tools) and applications programs and
routines which protect data handled by an automated
information system (National INFOSEC Glossary, October 1988).
Surveillance. The systematic observation or monitoring of
places, persons, or things by visual, aural, electronic,
photographic, or other means (Glossary of Intelligence Terms
and Definitions, June 1989).
Survey. A comprehensive formal evaluation of a facility, area
or activity to determine its physical or technical strengths
or weaknesses and to propose recommendations for improvement.
Systems Security. The measure of security provided by a
system as determined by evaluation of the totality of all
system elements and COMSEC measures that support
telecommunications and automated information systems
protection (National INFOSEC Glossary, October 1988).
Systems Security Evaluation. Determination of the risk
associated with the use of a given system, considering the
vulnerabilities in the system and the threat against it
(National INFOSEC Glossary, October 1988).
TEAPOT. An unclassified name referring to hostile induced,
enhanced, and/or facilitated compromising emanations (National
INFOSEC Glossary, October 1988).
Technical Security. Those measures taken to detect and
prevent efforts to acquire classified or
sensitive/unclassified information by means of technical
surveillance. Technical security includes technical
surveillance countermeasures and audio countermeasures, which
are measures to ensure that security areas are devoid of
technical surveillance devices, technical security hazards,
and related physical security weaknesses (DOE Sources, Dec.
1989).
Technical Surveillance Countermeasures (TSCM). Techniques and
measures to detect and neutralize a wide variety of hostile
penetration technologies that are used to obtain unauthorized
access to classified and sensitive information. Technical
penetrations include the use of optical, electro-optical,
electromagnetic, fluidics, and acoustic means, as the sensor
and transmission medium, or the use of various types of
stimulation of or modification to equipment or building
components for the direct or indirect transmission of
information meant to be protected (Glossary of Intelligence
Terms and Definitions, June 1989).
Telecommunications. The preparation, transmission,
communication, or related processing of information (writing,
images, sounds or other data) by electromagnetic,
electromechanical, electro-optical, or electronic means
(National INFOSEC Glossary, October 1988).
Telecommunications and Automated Information Systems Security
(TAISS). Protection afforded to telecommunications and
automated information systems to prevent exploitation through
intercept, unauthorized electronic access, or related
technical intelligence threats, and to ensure authenticity
(National INFOSEC Glossary, October 1988). NOTE: Such
protection results from the application of security measures
(including cryptosecurity, transmission security, emission
security, and computer security) to systems which generate,
store, process, transfer, or communicate information of use to
an adversary, and also includes the physical protection of
sensitive material and sensitive technical security
information.
Telemetry Intelligence (TELINT). Technical and intelligence
information derived from intercept, processing, and analysis
of foreign telemetry; a subcategory of foreign instrumentation
signals intelligence (Glossary of Intelligence Terms and
Definitions, June 1989).
Teleprocessing. The overall function of an information
transmission system that combines telecommunications,
automated data processing, and man-machine interface equipment
and their interaction as a whole (National INFOSEC Glossary,
October 1988).
Teleprocessing Security. The protection resulting from all
measures designed to prevent deliberate or inadvertent
unauthorized disclosure, acquisition, manipulation, or
modification of information in a teleprocessing system
(National INFOSEC Glossary, October 1988).
TEMPEST. The investigation, study, and control of
compromising emanations from electrical and electronic
equipment (National INFOSEC Glossary, October 1988). NOTE:
Often used as a synonym for compromising emanations, as in
"TEMPEST test" or "TEMPEST inspection." Also used as a verb
meaning "To insulate against compromising emanations."
Traffic Analysis. The cryptologic discipline that develops
information from communications about the composition and
operation of communications structures and the organizations
they serve. The process involves the study of traffic and
related materials, and the reconstruction of communication
plans, to produce intelligence signals (Glossary of
Intelligence Terms and Definitions, June 1989).
Transmission Security (TRANSEC). The component of COMSEC that
consists of all measures designed to protect radio
transmission from intercept and exploitation by means other
than cryptanalysis (National INFOSEC Glossary, October 1988).
Vulnerability Assessment. An analysis of an organization or
activity to identify information sources potentially
exploitable by hostile services and to recommend actions to
negate or minimize vulnerabilities (DOE Sources, December 1989).
Wiretapping. An act or technique of tapping telephone,
telegraph, or other communications wires for the purpose of
gathering information or evidence.
2. COMMONLY USED ABBREVIATIONS AND ACRONYMS
ACINT Acoustical Intelligence
ACOUSTINT Acoustical Intelligence
ADP Automated Data Processing
COMSEC Communications Security
COMINT Communications Intelligence
CSTVRP Computer Security Technical
Vulnerability Reporting Program
DF Direction Finding
EEFI Essential Elements of Friendly
Information
ELECTRO-OPTINT Electro-optical Intelligence
ELINT Electronic Intelligence
ELSEC Electronics Security
EMSEC Emissions Security
FCI Foreign Counterintelligence
FIS Foreign Instrumentation Signals
FISINT Foreign Instrumentation Signals
Intelligence
FORMAT Foreign Material
HUMINT Human Intelligence
IDS Intrusion Detection System
IMINT Imagery Intelligence
II Imagery Interpretation
INFOSEC Information Systems Security
LASINT Laser Intelligence
LPD Low Probability of Detection
MASINT Measurement and Signature
Intelligence
MEDINT Medical Intelligence
MIJI Meaconing, Intrusion, Jamming, and
Interference
NCAP National Computer Security
Assessment Program
NUCINT Nuclear Intelligence
OPINTEL Operational Intelligence
OPSEC Operations Security
PHOTINT Photographic Intelligence
PI . Photographic Interpretation
RADINT Radar Intelligence
RINT Radiation Intelligence
SCI Sensitive Compartmented Information
SIGINT Signals Intelligence
SIGSEC Signals Security
TA Traffic Analysis
TAISS Telecommunications and Automated
Information Systems Security
TELINT Telemetry Intelligence
TEMPEST Compromising Emanations
TRANSEC Transmission Security
3. ALTERNATE DEFINITIONS
Appreciations. Assumptions, estimates, and facts about an
opponent's intentions and military capabilities used in
planning and decisionmaking.
1. Desired Appreciations. Adversary estimates that
result in adversary intentions and military
capabilities to friendly advantage.
2. Essential Secrecy. Specific unknowns or
uncertainties that prevent or hinder adversary
derivation of accurate estimates or knowledge of
facts, and effective planning and decisionmaking.
3. Harmful Appreciations. Adversary assumptions or
estimates to provide for unknowns or uncertainties,
or necessary and sufficient known facts, that
result in adversary intentions and military
capabilities to friendly disadvantage (JCS PUB 18,
Dec. 1982).
Communications Security (COMSEC). The protection resulting
from the application of cryptosecurity, transmission security,
emissions security, and physical security measures to
electronically transmit information. These measures are taken
to deny unauthorized persons information of value that might
be derived from the possession and study of such
telecommunications (DOE Sources, Dec. 1989).
Computer Security. The computer-driven aspects of automated
data processing systems security, encompassing the mechanisms
and techniques that control access to or use of the computer,
or information contained in or handled by it (DOE Sources,
Dec. 1989).
Critical Information. Specific facts about friendly
intentions, capabilities, and activities vitally needed by
adversaries for them to plan and act effectively so as to
guarantee failure or unacceptable consequences for friendly
mission accomplishment (JCS MOP 199, March 1989).
Human Intelligence (HUMINT). Intelligence collection activity
conducted through the use of human resources (DOE Sources,
Dec. 1989).
Imagery Intelligence (IMINT). Information derived from
interpretation of photography (DOE Sources, Dec. 1989).
Operations Security (OPSEC).
1. A countermeasures program designed to disrupt or defeat
the ability of foreign intelligence or other adversaries
to exploit sensitive DOE activities or information and to
secure against the inadvertent release of such activities
or information outside established control procedures
(DOE Sources, Dec. 1989).
2. The protection of military operations and activities
resulting from the identification and subsequent
elimination or control of intelligence indicators
(vulnerabilities) that are susceptible to hostile
exploitation (U.S. Army AR 530-1, May 1978).
3. The process of denying adversaries information about
friendly capabilities and intentions by identifying,
controlling, and protecting indicators associated
with planning and conducting military operations and
other activities (JCS PUB 18, Dec. 1982).
Operations Security Indicators. Actions or information
classified or unclassified, obtainable by an adversary, that
would result in adversary appreciations, plans, and actions
harmful to achieving friendly intentions and preserving
friendly military capabilities (JCS PUB 18, Dec. 1982).
Operations Security Survey. An investigation of the
intelligence indicators projected by an operation or activity
to determine what the enemy can perceive and what his
potential sources of information are (U.S. Army AR 5301, May
1978).
TEMPEST. An unclassified short name referring to
investigations and studies of "compromising emanations," e.g.,
TEMPEST Test or TEMPEST inspections (DOE Sources, Dec. 1989).
Working Group. A formally designated body representing a
broad range of administrative and programmatic activities at
Headquarters, Field Elements, or contractor facilities that
provide review and support to senior management in furtherance
of their operations security program (DOE Sources, Dec. 1989).
APPENDIX V: CRITERIA FOR APPLICATION OF SECURITY STANDARD
The ultimate decision resulting from the application of the
security standard set forth in this Appendix must be an
overall common sense determination based on all available
facts. Facts that would make an employee ineligible for a
clearance include, but are not limited to, the following:
1. Commission of any act of sabotage, espionage, treason,
terrorism, anarchy, sedition, or attempts thereof or
preparation therefor, or conspiring with or aiding or
abetting another to commit or attempt to commit any such
act.
2. Establishing or continuing a sympathetic association with
a saboteur, spy, traitor, seditionist, anarchist,
terrorist, revolutionist, or with an espionage or other
secret agent or similar representative or a foreign
nation whose interests may be inimical to the interests
of the United States, or with any person who advocates
the use of force or violence to overthrow the Government
of the United States or to alter the form of Government
of the United States by unconstitutional means.
3. Advocacy or use of force or violence to overthrow the
Government of the United States or to alter the form of
Government of the United States by unconstitutional
means.
4. Knowing membership with the specific intent of furthering
the aims of, or adherence to and active participation in,
any foreign or domestic organization, association,
movement, group, or combination of persons hereafter
referred to as organizations that unlawfully advocate or
practice the commission of acts of force or violence to
prevent others from exercising their rights under the
Constitution or laws of the United States or of any
State, or that seek to overthrow the Government of the
United States or any State or subdivision thereof by
unlawful means.
5. Unauthorized disclosure to any person of classified
information, or of other information, disclosure of which
is prohibited by statute, Executive order, or regulation.
6. Performing or attempting to perform one's duties,
acceptance and active maintenance of dual citizenship, or
other acts conducted in a manner that serve or that could
be expected to serve the interests of another government
in preference to the interests of the United States.
7. Disregard of public law, statutes, Executive orders, or
regulations, including violation of security regulations
or practices.
8. Criminal or dishonest conduct.
9. Acts of omission or commission that indicate poor
judgment, unreliability, or untrustworthiness.
10. Any behavior or illness, including any mental condition,
which, in the opinion of competent medical authority, may
cause a defect in judgment or reliability with due regard
to the transient or continuing effect of the illness and
the medical findings in such case.
11. Vulnerability to coercion, influence, or pressure
that may cause conduct contrary to national
interest, such as in the following circumstances:
a. The presence of immediate family members or other
persons to whom the applicant is bonded by affection
or obligation in a nation or areas under its
domination whose interests may be inimical to those
of the United States; or
b. Any other circumstances that could cause the
applicant to be vulnerable.
12. Excessive indebtedness, recurring financial difficulties,
or unexplained affluence.
13. Habitual or episodic use of intoxicants to excess.
14. Illegal or improper use, possession, transfer, sale, or
addiction to any controlled or psychoactive substance,
narcotic, cannabis, or other dangerous drug.
15. Any knowing and willful falsification, coverup,
concealment, misrepresentation, or omission of a material
fact from any written or oral statement, document, form,
or other representation or device used by NASA or any
other Federal agency, the Department of Defense (DoD), or
any military department.
16. Failing or refusing to answer or to authorize others to
answer questions or provide information required by a
congressional committee, court, or agency in the course
of an official inquiry whenever such answers or
information concern relevant and material matters
pertinent to an evaluation of the individual's
trustworthiness, reliability, and judgment.
17. Acts of sexual misconduct or perversion indicative of
moral turpitude, poor judgment, or lack of regard for the
laws of society.
APPENDIX W: PROCEDURES FOR SUSPENSION, REVOCATION, AND
DENIAL OF NASA PERSONNEL SECURITY
CLEARANCES
1. PURPOSE
The purpose of this Appendix is to establish procedures
regarding the suspension and revocation of personnel
security clearances held by employees, the denial of
security clearances to current and prospective employees,
and related actions. These policies and procedures do
not apply to administrative withdrawals of security
clearances from employees otherwise eligible for a
security clearance when withdrawal is based upon a
determination that the employee no longer requires access
to information or material classified under Executive
Order 12356.
2. POLICY
a. Personnel will be employed or retained in employment
in a position that requires a personnel security
clearance only when such is found to be clearly
consistent with the interests of national security.
b. Each current or prospective employee whose duties
require or will require access to classified
information must qualify for the appropriate level
of security clearance before he/she can perform
those duties.
c. If an individual is selected for or assigned to a
position involving access to classified information
and does not possess the requisite security
clearance, that individual must be assigned to
nonsensitive duties only until he/she does obtain
the clearance.
d. The decision to grant any current employee or
selectee a security clearance constitutes a
determination that, based upon all available
information, the person's loyalty, reliability, and
trustworthiness are such that entrusting the person
with classified information or assigning the person
to sensitive duties is clearly consistent with the
interests of national security.
e. In determining whether an individual qualifies for a
security clearance, the adjudicator shall consider,
but not be limited to, the criteria set forth in
Appendix U and the adjudication policy set forth in
this Handbook.
f. It is also NASA policy that due process procedures
are to be utilized to ensure that the constitutional
rights of each individual are protected. These
procedures are set forth below.
g. Installation Personnnel Offices should be consulted
to help determine appropriate courses of action.
3. DENIAL OF APPLICATION FOR SECURITY CLEARANCE
a. If the evidence available to the designated Agency
official indicates that the requested clearance
should be denied, then the following procedures
shall be applied as appropriate:
(1) The employee or selectee shall be provided a
statement of the reasons for the denial of the
clearance. This statement shall be as complete
as is consistent with interests of national
security.
(2) The employee or selectee shall be afforded the
right to request, orally or in writing, that the
designated Agency official reconsider the denial
of the clearance, and to submit matters in
rebuttal. Prior to rendering a decision on the
request for reconsideration, the designated
Agency official shall consult with the General
Counsel or Chief Counsel, as appropriate.
(3) If the designated Agency official sustains the
determination that the employee or selectee is
not qualified for the security clearance, then
the official may take one of the following
actions, as appropriate.
(a) Revoke the offer of employment made to the
selectee;
(b) Reassign the employee or selectee to other
nonsensitive duties, if available, for
which the employee or selectee is
qualified; or
(c) Order the employee removed in accordance
with 5 U.S.C. 7513.
(4) If the designated Agency official determines
that the employee or selectee is qualified for
the security clearance, the clearance shall be
granted, and the employee or selectee shall be
permitted to perform the sensitive duties of the
position for which he or she was selected.
4. SUSPENSION/REVOCATION OF SECURITY CLEARANCE -
GENERAL
a. Information may become available that will indicate
that an employee currently holding a security
clearance may not be qualified to retain that
clearance.
b. This information should be referred to the Security
Office for further investigation and evaluation.
Based upon preliminary investigation and evaluation,
the Installation Chief of Security (ICS) shall refer
the case and make a recommendation, as follows:
(1) The ICS shall refer all cases evident of a
threat to national security to the Chief, NASA
Security Office. The Associate Administrator for
Management Systems and Facilities, in
consultation with the NASA Security Office and
the Office of the General Counsel, shall
determine if the case shall be referred to the
Administrator for action in accordance with 5
U.S.C. 7532.
(2) The ICS shall refer all other cases to the
designated agency official for action in
accordance with 5 U.S.C. 7513.
(3) The General Counsel shall be consulted with
respect to all cases described in this
paragraph.
c. In developing a recommendation to the appropriate
Agency official, the Security Officer shall take
into account all relevant factors, including but not
limited to the following:
(1) The seriousness of the derogatory information
developed;
(2) The possible access, authorized or unauthorized,
of the employee to classified information or
material; and
(3) The opportunity, by reason of the nature of the
position, for the employee to commit acts
adversely affecting national security.
4.5 ACTION IN ACCORDANCE WITH 5 U.S.C. 7513
a. Upon receipt of the allegations against the
employee, the designated Agency official must decide
whether to suspend the employee's security clearance
pending completion of the investigation.
b. If the designated Agency official determines that
suspension of the employee's security clearance is
not necessary, a written determination to that
effect must be placed in the employee's
investigation file. In that event, the employee may
continue to perform the duties requiring the
security clearance.
c. If the designated Agency official determines that
suspension of the employee's security clearance is
appropriate, then the following actions must be taken:
(1) Provide the employee with as complete a written
statement of the reasons for such suspension as
is consistent with the interests of national
security, and the opportunity to respond orally
or in writing to those reasons.
(2) Determine whether the employee may be assigned
temporarily to a position not requiring a
security clearance. If this is not possible,
the employee shall be permitted to take leave,
be carried in an appropriate leave status
(annual, sick, leave without pay, or absent
without leave), or be suspended from duty with
pay if the employee has absented himself or
herself from the work site without requesting
leave.
(3) Promptly notify the Associate Administrator for
Management Systems and Facilities, NASA
Headquarters, through the Chief, NASA Security
Office, of the suspension and the reasons
therefor.
(4) The designated Agency official may determine
upon due consideration of all the evidence,
including the matters submitted by the employee,
that the security clearance should be restored.
In that case, the employee shall be restored to
the duties requiring the clearance.
(5) In the event that the designated Agency official
may determine that the employee's security
clearance should be revoked, the official must
take the following actions:
(a) Render in writing the decision to revoke,
which is final and not subject to further
administrative or judicial review;
(b) Determine whether the employee may be
reassigned to nonsensitive duties not
requiring a security clearance and for
which the employee is qualified; and
(c) If reassignment is not possible or not in
the best interests of national security,
the designated Agency official shall order
the employee removed in accordance with 5
U.S.C. 7513 and other implementing
regulations.
5. ACTION IN ACCORDANCE WITH 5 U.S.C. 7532
a. General
(1) This provision gives the NASA Administrator the
nondelegable authority to suspend summarily an
employee's security clearance, and suspend the
employee from duty without pay when the
Administrator determines that the action is
necessary in the interests of national security.
The Administrator is also authorized to remove
that employee from Federal service if necessary
or advisable in the interests of national
security.
(2) In taking action under this provision, the
Administrator should take into consideration
those factors set forth in paragraph 4c.
b. Suspension of Security Clearance and from Duty
Status
(1) The Administrator shall provide the affected
employee with as complete a statement of the
reasons for such suspension as national security
considerations permit. Prior to presentation to
the employee, this statement shall be
coordinated with the Department of Justice.
(2) Within 30 days after the receipt of the
notification, the suspended employee is entitled
to submit to the Administrator statements or
affidavits to show why the security clearance
should be reinstated and the employee should be
restored to duty.
(3) If the Administrator determines that the
employee does not present a security risk, the
Administrator may restore the employee's
security clearance and duty status, and
compensate the employee for the period of
suspension, in accordance with 5 U.S.C. 5596.
(4) Should subsequent investigation and evaluation
of the data thus obtained lead to the conclusion
that the employee does present a security risk,
the Administrator shall revoke the employee's
security clearance. The Administrator must then
decide whether to reassign the employee to
nonsensitive duties or to remove the employee.
c. Removal In Accordance With 5 U.S.C. 7532
(1) The Administrator is authorized to remove an
employee suspended previously in accordance with
paragraph 5b. The Administrator's authority is
nondelegable, and the decision is final and not
subject to administrative or judicial review.
(2) After suspension and prior to removal, the
Administrator shall provide the employee with
the following:
(a) A written statement of the charges against
the employee within 30 days after
suspension, which may be amended within 30
days thereafter and shall be stated as
specifically as security considerations
permit. This statement and any amendment
thereof shall be coordinated with the
Department of Justice prior to being
presented to the employee;
(b) An opportunity within 30 days thereafter,
plus an additional 30 days if the charges
are amended, to answer the charges and
submit affidavits;
(c) A hearing, at the request of the employee,
the procedure for which is set forth in
Attachment A of Appendix W;
(d) A review of the case by the Administrator
or designee, before a decision adverse to
the employee is made final; and
(e) A written statement of the Administrator's
decision.
(3) In the event the Administrator decides to
restore the employee to duty, with or without
restoration of his or her security clearance,
the employee shall be compensated for the period
of suspension, as provided in 5 U.S.C. 5596.
Attachment A
SECURITY HEARING BOARD
1. COMPOSITION
a. NASA Security Hearing Board will be composed of no
fewer than three civilian officers or employees of
the Federal Government, selected by the Associate
Administrator for Management Systems and Facilities
from rosters maintained for that purpose by the
Office of Personnel Management (OPM), Washington,
DC, and at OPM regional offices.
b. No NASA officer or employee shall serve as a member
of a Security Hearing Board hearing the case of an
employee of NASA.
c. No person will serve as a member of a Security
Hearing Board hearing the case of an employee with
whom the person is acquainted.
d. Requirements are listed in NMI 1610.3c, Attachment
B, Suspension, Revocation, and Denial of NASA
Personnel Security Clearances.
2. PROCEDURE
a. A person designated by the General Counsel shall be
responsible for the presentation to the Security
Hearing Board of evidence in support of the charges,
provided, however, that no such evidence may be
presented unless the Chief, NASA Security Office, or
designee, in his or her discretion, determines that
it will in no way be inconsistent with or in any way
compromise the interests of the national security,
that it will not tend to disclose investigative
sources or methods, and that it will not tend to
reveal the identity of confidential informants.
b. The following rights shall be accorded the employee
in connection with his/her hearing before the Board:
(1) To participate in and be present throughout the
entire hearing;
(2) To be represented by his or her counsel or other
representative of the employee's choice;
(3) To cross-examine those witnesses testifying
against the employee;
(4) To present the employee's case in such order or
sequence as he or she chooses;
(5) To present such evidence as the Board deems
relevant and material;
(6) To request and be granted reasonable
continuances upon a showing of good cause; and
(7) To obtain, without cost, a copy of the verbatim
transcript of the hearing.
c. Upon convening, the Board shall choose one of its
members to act as chairperson for each particular
case. The chairperson shall announce rulings on the
relevancy, materiality, and competency of the
evidence offered, or such other rulings or decisions
as are necessary. If requested by the Board, there
shall be present at the hearing a legal advisor,
designated by the General Counsel, who will advise
the Board on procedure and legal matters arising in
connection with the hearing.
d. The hearing shall be closed to all, with the
exception of the following: the members of the
Board; the Board's legal adviser, if any; the
employee and his or her counsel or other
representative, if any; the stenographer; the
Government's representative; the Chief, NASA
Security Office, or designee; and each witness, for
the period of his or her testimony only. Other
persons whose presence appears to be necessary may
be admitted at the discretion of the Board.
e. Testimony before the Board shall be under oath or
affirmation. The employee, the Government's
representative, and the Board may examine and cross-
examine all witnesses.
f. The Board has no authority to subpoena witnesses.
NASA will cooperate to the maximum extent practical
to make available as witnesses for either party its
current employees.
g. Rules of evidence shall not be binding upon the
Board, but reasonable restrictions shall be imposed
as to the relevancy, materiality, and competency of
the matters considered.
h. During the hearing or in its consideration of the
case, the Board may determine that further
investigation of the case is warranted. The Board
shall request the Chief, NASA Security Office, or
designee, to cause such additional investigation to
be conducted. The Board's request should be as
specific as possible concerning the scope of the
additional information required. The Board shall
continue the hearing, pending completion of the
supplemental investigation.
i. During the course of the hearing, the Board or the
Agency may find that the allegations in the
"Statement of Charges" are not sufficient to cover
all matters into which inquiry should be made. In
such case, the Board or the Agency should amend the
"Statement of Charges" as appropriate. At that
point the hearing shall be continued so that the
employee may prepare to defend against the amended
charges.
j. At the conclusion of the hearing, the Board shall
render its decision, which is advisory only, and
which shall be based upon the entire record. This
decision shall be by a majority vote, in writing,
and signed by all concurring members. Any member
who dissents from the decision of the majority shall
make a statement, in writing, of the reasons for his
or her dissent and shall sign it.
k. The recommended decision of the Board, together with
the dissenting opinion, if any, and the complete
record in the case shall then be forwarded by the
Chief, NASA Security Office, to the NASA
Administrator for final decision. The employee
shall not be advised of the decision of the Board or
of the dissenting opinion of any of its members.
l. The Administrator shall render a decision in
writing, after reviewing the record and consulting
with the General Counsel and any other appropriate
staff officer. This decision shall be in writing
and shall be delivered promptly to the employee
concerned.