[Directives and Handbooks]
![[NASA Logo]](nasaball.gif)
| NASA |
Directive: |
NMI 1600.2 |
| MANAGEMENT |
Effective Date: | December 31, 1991 |
| INSTRUCTION | Expiration Date: | May 31, 1998 |
Responsible Office: JL / Security, Logistics, & Industrial Relations Division
Subject: NASA SECURITY PROGRAM
1. PURPOSE
This Instruction establishes NASA policy and
responsibilities for the NASA Security Program.
2. APPLICABILITY
This Instruction applies to NASA Headquarters and all Field
Installations.
3. SCOPE
This Instruction provides the Agencywide basic security
policy. Implementing guidance will be provided in NHB
1600.X, NASA Security Handbook. Matters of computer
security are further addressed in NMI 2410.7, Assuring the
Security and Integrity of NASA Automated Information
Resources, and NHB 2410.9, NASA Automated Information
Security Handbook. Basic policy on arrest authority and use
of force will be contained in a separate NMI. This NMI does
not provide policy on special access programs, which will be
addressed in separate NMI's.
4. AUTHORITY
a. 42 U.S.C. 2451 et seq.
b. 5 U.S.C. 552.
c. 40 U.S.C. 759.
d. 5 U.S.C. 7312.
e. 5 U.S.C. 7511-7514.
f. 5 U.S.C. 7531-7533.
g. E.O. 10450.
h. E.O. 10865.
i. E.O. 12356.
5. POLICY
It is NASA policy to implement a security program throughout
the Agency which is consistent with the NASA mission,
national policy, and the following requirements:
a. NASA resources will be protected against loss, theft,
vandalism, espionage, sabotage, and other threats or
acts of violence. Entry to NASA facilities will be
controlled consistent with the mission being performed,
existing vulnerabilities, and the existing threat.
b. Mission essential resources will be protected
consistent with the NASA Resource Protection Program as
further described in the NASA Security Handbook.
c. NASA will provide appropriate and adequate protection
or security for facilities, property, and information
in its possession or custody. NASA reserves the right
to conduct an inspection of any person, including any
property in the person's possession or control, as a
condition of admission to or continued presence on any
NASA Installation consistent with local law and/or
international agreements.
d. A system security engineering (SSE) approach will be
employed within NASA that incorporates all security
disciplines (information, industrial, personnel,
physical, operational, communication, and computer
security). The SSE program integrates required
security disciplines into a program/system at the
design phase and ensures a viable security posture for
the life-cycle of the program/system. Cost,
performance, and schedule are primary considerations of
the SSE program.
e. NASA shall apply appropriate levels of communications
security (COMSEC) to NASA telecommunications systems,
including those operated by NASA contractors, and to
the electrical transmission of all classified and
sensitive unclassified information consistent with
Public Law 100-235, The Computer Security Act of 1987.
Procedures shall be established which provide for the
adequate control and safeguard of NASA-held COMSEC
material.
f. In all instances when TEMPEST countermeasures
determination is required, a risk assessment consisting
of a security and cost analysis shall be made before
making a final determination. All TEMPEST risk
assessments and cost analysis will be reviewed and
approved by the NASA Security Office and the
appropriate Program Office Security Official.
g. All NASA employees will be subject to an appropriate
security investigation consistent with their duties.
Personnel will be employed or retained in employment in
a position that requires a personnel security clearance
only when such is found to be clearly consistent with
the interests of the National Security. In carrying
out the foregoing activities, care shall be exercised
to ensure the protection of individual rights.
h. To ensure only those employees with a clear and
demonstrated need are granted a security clearance, the
continued need for individuals to retain their security
clearances will be validated on an annual basis.
i. NASA will employ a security reporting and alerting
system to provide timely reporting of security threats
and serious security incidents involving NASA
Installations and/or people.
j. NASA will use a security education and motivation
program to solicit the support and involvement of all
NASA employees in the NASA Security Program. Types and
content of programs will be tailored to specific,
targeted audiences.
k. All NASA and contractor security officers performing
security functions at NASA Installations will be
properly trained to carry out their duties, and
training will be kept current.
l. NASA will impose official controls on all foreign
travel by its employees when such controls are required
in the interest of National Security.
m. The NASA Security Office will conduct functional
reviews of the Installation security programs.
Functional reviews will be coordinated with the
Security Management Working Group (SMWG) prior to the
conduct of the reviews.
n. Each Installation will develop an Installation security
plan which will provide security policies and
procedures for the Installation consistent with overall
NASA security policies and objectives. It will be
prepared by the Installation Chief of Security,
reviewed by the appropriate Program Office Security
Official, and approved by the Installation Director.
o. Industrial Security.
(1) By agreement between NASA and the Department of
Defense (DOD), the Industrial Security Program of
DOD has been extended to include NASA classified
contracts. The standard security provisions of
NASA contracts require the contractor to execute a
DOD Security Agreement (DD Form 441) which binds
the contractor to observe the provisions of the
DOD Industrial Security Manual For Safeguarding
Classified Information, DOD 5220.22-M.
(2) The assignment of security responsibilities and a
listing of other procedures, requirements, and
regulations applicable to NASA are set forth in
the Industrial Security Regulation, which is
available in the security office at each NASA
Installation.
(3) Under the Industrial Security Program of the DOD,
certain basic security responsibilities for a
particular contractor facility are assigned to the
Defense Investigative Service (DIS). This
assignment is referred to as "security
cognizance." The cognizant security office
conducts security inspections and investigates and
grants security clearances and facility
clearances. When a contractor activity is located
at a NASA Installation, a decision must be made by
the Director of that NASA Installation to either
retain security cognizance or request DIS to
exercise security cognizance.
p. Classified Material Control.
(1) Top Secret information must be accountable and
controlled by the Installation's Top Secret
Control Officer in accordance with the NASA
Security Handbook.
(2) Secret information. Administrative procedures
shall be established by each NASA Installation for
controlling Secret information and material
originated or received. Secret material does not
require accountability. However, such measures
may be warranted for all, limited distribution, or
other secret information so deemed by the
Installation Director. Accountability and/or
control measures shall be outlined in the
Installation Security Plan.
(3) Confidential information is nonaccountable, but is
controlled in accordance with the NASA Security
Handbook.
6. DELEGATION AND REDELEGATION OF AUTHORITY
a. Installation Directors are authorized to:
(1) Grant security clearances to employees under their
jurisdiction subject to the eligibility standards
set forth in the Security Handbook as amended, and
based realistically on the access requirements of
the person concerned. This authority may be
redelegated to the Installation Chief of Security.
(2) Deny, suspend, or remove an employee's security
clearance (except under 5 U.S.C. 7532).
Procedures for the suspension, revocation, and
denial of NASA personnel security clearances are
set forth in the Security Handbook, as amended.
This authority may not be redelegated.
b. The Associate Administrator for Management Systems and
Facilities is delegated the authority, appearing in 42
U.S.C. 2456, to authorize such NASA employees and
contractor and subcontractor employees as deemed
necessary in the public interest to carry firearms
while in the conduct of their official duties.
c. Authority is delegated to the officials designated
below to make the determination and certification
required by Section 304(b) of the National Aeronautics
and Space Act of 1958, as amended, for access by NASA
representatives to Restricted Data in the possession of
personnel of the Nuclear Regulatory Commission (NRC)
and the Department of Energy and their contractors, and
NRC and DOD-cleared personnel of other Federal
departments and agencies (except that access to
Restricted Data within NASA and the DOD based on a NASA
or DOD clearance is handled in the same manner as
access to other classified information) and their
contractors:
(1) Directors of Field Installations.
(2) Manager, NASA Resident Office-JPL.
(3) Chief, NASA Security Office, NASA Headquarters.
(4) The officials designated above may authorize, in
writing, subordinate officials under their
jurisdiction to exercise the authority in their
names. Such a certification will identify, by
position title, the official in whose name the
subordinate is acting.
d. The NASA officials listed in the following
subparagraphs are authorized to make, modify, or
eliminate security classification assignments to
information under their jurisdiction for which NASA has
original classification authority. Such actions shall
be in accordance with currently applicable criteria,
guidelines, laws, and regulations, and they shall be
subject to any contrary determination that has been
made by the Chairperson of the NASA Security Management
Working Group or by any other NASA official authorized
to make such a determination.
(1) TOP SECRET Classification Authority
(a) Administrator.
(b) Deputy Administrator.
(c) Associate Deputy Administrator.
(d) Chairperson, NASA Security Management Working
Group.
(2) SECRET AND CONFIDENTIAL Classification Authority
(a) Officials listed in subparagraph 6.d.(1).
(b) Associate Administrator for Space Flight.
(c) Associate Administrator for Space Science and
Applications.
(d) Associate Administrator for Aeronautics and
Space Technology.
(e) Associate Administrator for Space
Communications.
(f) Associate Administrator for Space Systems
Development.
(g) Associate Administrator for Exploration.
(h) NASA Special Security Officer.
(i) Headquarters Program Office Security
Officials.
(j) Such other officials as may be delegated
original classification authority by the
Administrator.
(3) Redelegation of TOP SECRET, SECRET, or
CONFIDENTIAL original classification authority is
not authorized.
7. RESPONSIBILITIES
The Associate Administrator for Management Systems and
Facilities is responsible for the overall management of the
NASA Security Program. The Chief, NASA Security Office,
through the Director, Logistics, Aircraft, and Security
Division, is delegated the functional management
responsibility for implementing the NASA Security Program.
a. The Chief, NASA Security Office, will:
(1) Exercise functional management authority for the
classified (collateral) and unclassified NASA
Security Program.
(2) Develop and issue NASA security policies and
procedures in coordination with the NASA SMWG.
(3) Develop and conduct functional reviews of
Installation security programs.
(4) Serve as the focal point for matters related to
espionage, sabotage, and security, and for
reporting such matters to the Department of
Justice.
(5) For the purpose of identifying and handling
potential threats to NASA, maintain liaison with
national intelligence/threat agencies (Federal
Bureau of Investigations, Central Intelligence
Agency, Defense Intelligence Agency, Office of
Personnel Management, Secret Service, and Customs
Service).
(6) Publish the NASA Postulated Threat Statement.
(7) Manage the NASA security education and motivation
program and provide assistance to the
Installations in the development of their local
programs.
(8) Establish the NASA Serious Incident Reporting
system.
(9) Chair the NASA SMWG and appoint an Executive
Secretary for the SMWG.
(10) Maintain a current information data base adequate
to manage the NASA Security Program.
(11) Provide an annual report to the Administrator on
the status of the NASA Security Program.
b. A NASA SMWG is established as part of the permanent
administrative structure of NASA. The SMWG will
consist of the Chief, NASA Security Office, the Program
Office Security Officials, the NASA Special Security
Officer, and the Chief, Headquarters Security Branch.
It will be chaired by the Chief, NASA Security Office,
who will also provide an Executive Secretary. The SMWG
provides a forum for the review of NASA security
management policies. The SMWG supports the Security
Coordinating Committee (SCC) which has been established
by the Administrator.
c. Program Offices have the principal operational
responsibility for security within their programs, with
the full support of the NASA Security Office and, in
certain instances, the Defense Affairs Division, Office
of Policy Coordination and International Relations.
d. The Program Office Associate Administrators promote and
have primary responsibility for implementation of
security policy for national security activities in
their organizations. Consistent with the Charter of
the Administrator's SCC, the Associate Administrators
participate with other NASA officials in the activities
of the Committee. Together with their Program Office
Security Officials, and in partnership with the
sponsoring agencies, they assure compliance with the
security requirements of any Special Access Programs.
e. The Center Directors, and the Director of the Jet
Propulsion Laboratory, promote and have primary
responsibility for implementation of security policy
for national security activities in their
organizations. Consistent with the charter of the
Administrator's SCC, the Directors support the
activities of the Committee as may be required.
Together with the Program Office Associate
Administrators and the Program Office Security
Officials, and in partnership with the sponsoring
agencies, the Directors assure compliance with the
security requirements of any Special Access Programs.
8. CANCELLATION:
NMI 1152.19G dated February 8, 1989; NMI 1600.1C dated
January 12, 1989; NMI 1620.1C dated October 20, 1988; NMI
1620.4D dated November 21, 1988; NMI 1630.2F dated September
28, 1988; NMI 1640.7G dated November 3, 1988; NMI 1650.1A
dated February 11, 1986; NMI 8610.22 dated December 5, 1989.
/s/Richard H. Truly
Administrator
DISTRIBUTION:
SDL 1