[Directives and Handbooks]
[NASA Logo]
NASA Directive: NMI 1600.2
MANAGEMENT Effective Date:December 31, 1991
INSTRUCTIONExpiration Date:May 31, 1998


Responsible Office: JL / Security, Logistics, & Industrial Relations Division

Subject: NASA SECURITY PROGRAM

1.   PURPOSE

     This Instruction establishes NASA policy and
     responsibilities for the NASA Security Program.

2.   APPLICABILITY

     This Instruction applies to NASA Headquarters and all Field
     Installations.

3.   SCOPE

     This Instruction provides the Agencywide basic security
     policy.  Implementing guidance will be provided in NHB
     1600.X, NASA Security Handbook.  Matters of computer
     security are further addressed in NMI 2410.7, Assuring the
     Security and Integrity of NASA Automated Information
     Resources, and NHB 2410.9, NASA Automated Information
     Security Handbook.  Basic policy on arrest authority and use
     of force will be contained in a separate NMI.  This NMI does
     not provide policy on special access programs, which will be
     addressed in separate NMI's.

4.   AUTHORITY

     a.   42 U.S.C. 2451 et seq.

     b.   5 U.S.C. 552.

     c.   40 U.S.C. 759.

     d.   5 U.S.C. 7312.

     e.   5 U.S.C. 7511-7514.

     f.   5 U.S.C. 7531-7533.

     g.   E.O. 10450.

     h.   E.O. 10865.

     i.   E.O. 12356.

5.   POLICY

     It is NASA policy to implement a security program throughout
     the Agency which is consistent with the NASA mission,
     national policy, and the following requirements:

     a.   NASA resources will be protected against loss, theft,
          vandalism, espionage, sabotage, and other threats or
          acts of violence.  Entry to NASA facilities will be
          controlled consistent with the mission being performed,
          existing vulnerabilities, and the existing threat.

     b.   Mission essential resources will be protected
          consistent with the NASA Resource Protection Program as
          further described in the NASA Security Handbook.

     c.   NASA will provide appropriate and adequate protection
          or security for facilities, property, and information
          in its possession or custody.  NASA reserves the right
          to conduct an inspection of any person, including any
          property in the person's possession or control, as a
          condition of admission to or continued presence on any
          NASA Installation consistent with local law and/or
          international agreements.

     d.   A system security engineering (SSE) approach will be
          employed within NASA that incorporates all security
          disciplines (information, industrial, personnel,
          physical, operational, communication, and computer
          security).  The SSE program integrates required
          security disciplines into a program/system at the
          design phase and ensures a viable security posture for
          the life-cycle of the program/system.  Cost,
          performance, and schedule are primary considerations of
          the SSE program.

     e.   NASA shall apply appropriate levels of communications
          security (COMSEC) to NASA telecommunications systems,
          including those operated by NASA contractors, and to
          the electrical transmission of all classified and
          sensitive unclassified information consistent with
          Public Law 100-235, The Computer Security Act of 1987. 
          Procedures shall be established which provide for the
          adequate control and safeguard of NASA-held COMSEC
          material.

     f.   In all instances when TEMPEST countermeasures
          determination is required, a risk assessment consisting
          of a security and cost analysis shall be made before
          making a final determination.  All TEMPEST risk
          assessments and cost analysis will be reviewed and
          approved by the NASA Security Office and the
          appropriate Program Office Security Official.

     g.   All NASA employees will be subject to an appropriate
          security investigation consistent with their duties.
          Personnel will be employed or retained in employment in
          a position that requires a personnel security clearance
          only when such is found to be clearly consistent with
          the interests of the National Security.  In carrying
          out the foregoing activities, care shall be exercised
          to ensure the protection of individual rights.

     h.   To ensure only those employees with a clear and
          demonstrated need are granted a security clearance, the
          continued need for individuals to retain their security
          clearances will be validated on an annual basis.

     i.   NASA will employ a security reporting and alerting
          system to provide timely reporting of security threats
          and serious security incidents involving NASA
          Installations and/or people.

     j.   NASA will use a security education and motivation
          program to solicit the support and involvement of all
          NASA employees in the NASA Security Program.  Types and
          content of programs will be tailored to specific,
          targeted audiences. 

     k.   All NASA and contractor security officers performing
          security functions at NASA Installations will be
          properly trained to carry out their duties, and
          training will be kept current.

     l.   NASA will impose official controls on all foreign
          travel by its employees when such controls are required
          in the interest of National Security.

     m.   The NASA Security Office will conduct functional
          reviews of the Installation security programs. 
          Functional reviews will be coordinated with the
          Security Management Working Group (SMWG) prior to the
          conduct of the reviews.

     n.   Each Installation will develop an Installation security
          plan which will provide security policies and
          procedures for the Installation consistent with overall
          NASA security policies and objectives.  It will be
          prepared by the Installation Chief of Security,
          reviewed by the appropriate Program Office Security
          Official, and approved by the Installation Director.

     o.   Industrial Security.

          (1)  By agreement between NASA and the Department of
               Defense (DOD), the Industrial Security Program of
               DOD has been extended to include NASA classified
               contracts.  The standard security provisions of
               NASA contracts require the contractor to execute a
               DOD Security Agreement (DD Form 441) which binds
               the contractor to observe the provisions of the
               DOD Industrial Security Manual For Safeguarding
               Classified Information, DOD 5220.22-M.
 
          (2)  The assignment of security responsibilities and a
               listing of other procedures, requirements, and
               regulations applicable to NASA are set forth in
               the Industrial Security Regulation, which is
               available in the security office at each NASA
               Installation.

          (3)  Under the Industrial Security Program of the DOD,
               certain basic security responsibilities for a
               particular contractor facility are assigned to the
               Defense Investigative Service (DIS).  This
               assignment is referred to as "security
               cognizance."  The cognizant security office
               conducts security inspections and investigates and
               grants security clearances and facility
               clearances.  When a contractor activity is located
               at a NASA Installation, a decision must be made by
               the Director of that NASA Installation to either
               retain security cognizance or request DIS to
               exercise security cognizance.

     p.   Classified Material Control.

          (1)  Top Secret information must be accountable and
               controlled by the Installation's Top Secret
               Control Officer in accordance with the NASA
               Security Handbook.

          (2)  Secret information.  Administrative procedures
               shall be established by each NASA Installation for
               controlling Secret information and material
               originated or received.  Secret material does not
               require accountability.  However, such measures
               may be warranted for all, limited distribution, or
               other secret information so deemed by the
               Installation Director.  Accountability and/or
               control measures shall be outlined in the
               Installation Security Plan.

          (3)  Confidential information is nonaccountable, but is
               controlled in accordance with the NASA Security
               Handbook.

6.   DELEGATION AND REDELEGATION OF AUTHORITY

     a.   Installation Directors are authorized to:

          (1)  Grant security clearances to employees under their

               jurisdiction subject to the eligibility standards
               set forth in the Security Handbook as amended, and
               based realistically on the access requirements of
               the person concerned.  This authority may be
               redelegated to the Installation Chief of Security.

          (2)  Deny, suspend, or remove an employee's security
               clearance (except under 5 U.S.C. 7532). 
               Procedures for the suspension, revocation, and
               denial of NASA personnel security clearances are
               set forth in the Security Handbook, as amended. 
               This authority may not be redelegated.

     b.   The Associate Administrator for Management Systems and
          Facilities is delegated the authority, appearing in 42
          U.S.C. 2456, to authorize such NASA employees and
          contractor and subcontractor employees as deemed
          necessary in the public interest to carry firearms
          while in the conduct of their official duties.

     c.   Authority is delegated to the officials designated
          below to make the determination and certification
          required by Section 304(b) of the National Aeronautics
          and Space Act of 1958, as amended, for access by NASA
          representatives to Restricted Data in the possession of
          personnel of the Nuclear Regulatory Commission (NRC)
          and the Department of Energy and their contractors, and
          NRC and DOD-cleared personnel of other Federal
          departments and agencies (except that access to
          Restricted Data within NASA and the DOD based on a NASA
          or DOD clearance is handled in the same manner as
          access to other classified information) and their
          contractors:
 
          (1)  Directors of Field Installations.

          (2)  Manager, NASA Resident Office-JPL.

          (3)  Chief, NASA Security Office, NASA Headquarters.

          (4)  The officials designated above may authorize, in
               writing, subordinate officials under their
               jurisdiction to exercise the authority in their
               names.  Such a certification will identify, by
               position title, the official in whose name the
               subordinate is acting.

     d.   The NASA officials listed in the following
          subparagraphs are authorized to make, modify, or
          eliminate security classification assignments to
          information under their jurisdiction for which NASA has
          original classification authority.  Such actions shall
          be in accordance with currently applicable criteria,
          guidelines, laws, and regulations, and they shall be
          subject to any contrary determination that has been
          made by the Chairperson of the NASA Security Management
          Working Group or by any other NASA official authorized
          to make such a determination.

          (1)  TOP SECRET Classification Authority

               (a)  Administrator.
               (b)  Deputy Administrator.                
               (c)  Associate Deputy Administrator.
               (d)  Chairperson, NASA Security Management Working
                    Group.                          

          (2)  SECRET AND CONFIDENTIAL Classification Authority

               (a)  Officials listed in subparagraph 6.d.(1).
               (b)  Associate Administrator for Space Flight.
               (c)  Associate Administrator for Space Science and
                    Applications.
               (d)  Associate Administrator for Aeronautics and
                    Space Technology.
               (e)  Associate Administrator for Space
                    Communications.
               (f)  Associate Administrator for Space Systems
                    Development.
               (g)  Associate Administrator for Exploration.
               (h)  NASA Special Security Officer.
               (i)  Headquarters Program Office Security
                    Officials.
               (j)  Such other officials as may be delegated
                    original classification authority by the
                    Administrator.

          (3)  Redelegation of TOP SECRET, SECRET, or
               CONFIDENTIAL original classification authority is
               not authorized.

7.   RESPONSIBILITIES

     The Associate Administrator for Management Systems and
     Facilities is responsible for the overall management of the
     NASA Security Program.  The Chief, NASA Security Office,
     through the Director, Logistics, Aircraft, and Security
     Division, is delegated the functional management
     responsibility for implementing the NASA Security Program.

     a.   The Chief, NASA Security Office, will:

          (1)  Exercise functional management authority for the  
               classified (collateral) and unclassified NASA
               Security Program.

          (2)  Develop and issue NASA security policies and
               procedures in coordination with the NASA SMWG.

          (3)  Develop and conduct functional reviews of
               Installation security programs.

          (4)  Serve as the focal point for matters related to
               espionage, sabotage, and security, and for
               reporting such matters to the Department of
               Justice.

          (5)  For the purpose of identifying and handling 
               potential threats to NASA, maintain liaison with
               national intelligence/threat agencies (Federal
               Bureau of Investigations, Central Intelligence 
               Agency, Defense Intelligence Agency, Office of
               Personnel Management, Secret Service, and Customs
               Service).

          (6)  Publish the NASA Postulated Threat Statement.

          (7)  Manage the NASA security education and motivation
               program and provide assistance to the
              Installations in the development of their local
               programs. 

          (8)  Establish the NASA Serious Incident Reporting
               system.

          (9)  Chair the NASA SMWG and appoint an Executive
               Secretary for the SMWG.

          (10) Maintain a current information data base adequate 
               to manage the NASA Security Program.

          (11) Provide an annual report to the Administrator on
               the status of the NASA Security Program.

     b.   A NASA SMWG is established as part of the permanent
          administrative structure of NASA.  The SMWG will
          consist of the Chief, NASA Security Office, the Program
          Office Security Officials, the NASA Special Security
          Officer, and the Chief, Headquarters Security Branch. 
          It will be chaired by the Chief, NASA Security Office,
          who will also provide an Executive Secretary.  The SMWG
          provides a forum for the review of NASA security
          management policies.  The SMWG supports the Security
          Coordinating Committee (SCC) which has been established
          by the Administrator.

     c.   Program Offices have the principal operational
          responsibility for security within their programs, with
          the full support of the NASA Security Office and, in
          certain instances, the Defense Affairs Division, Office
          of Policy Coordination and International Relations.

     d.   The Program Office Associate Administrators promote and
          have primary responsibility for implementation of
          security policy for national security activities in
          their organizations.  Consistent with the Charter of
          the Administrator's SCC, the Associate Administrators
          participate with other NASA officials in the activities
          of the Committee.  Together with their Program Office
          Security Officials, and in partnership with the
          sponsoring agencies, they assure compliance with the
          security requirements of any Special Access Programs.

     e.   The Center Directors, and the Director of the Jet
          Propulsion Laboratory, promote and have primary
          responsibility for implementation of security policy
          for national security activities in their
          organizations.  Consistent with the charter of the
          Administrator's SCC, the Directors support the
          activities of the Committee as may be required. 
          Together with the Program Office Associate
          Administrators and the Program Office Security
          Officials, and in partnership with the sponsoring      
          agencies, the Directors assure compliance with the
          security requirements of any Special Access Programs.

8.   CANCELLATION:

     NMI 1152.19G dated February 8, 1989; NMI 1600.1C dated
     January 12, 1989; NMI 1620.1C dated October 20, 1988; NMI
     1620.4D dated November 21, 1988; NMI 1630.2F dated September
     28, 1988; NMI 1640.7G dated November 3, 1988; NMI 1650.1A
     dated February 11, 1986; NMI 8610.22 dated December 5, 1989.




                                             /s/Richard H. Truly
                                             Administrator

DISTRIBUTION:
SDL 1