PDF Version

[Federal Register: November 30, 2009 (Volume 74, Number 228)]
[Proposed Rules]               
[Page 62531-62532]



Information Security Oversight Office

32 CFR Part 2004

RIN 3095-AB34

National Industrial Security Program Directive No. 1

AGENCY: Information Security Oversight Office, NARA.

ACTION: Proposed rule.


SUMMARY: The Information Security Oversight Office (ISOO), National 
Archives and Records Administration (NARA), is proposing to amend 
National Industrial Security Program Directive No. 1. This proposed 
amendment to Directive No. 1 provides guidance to agencies on release 
of certain classified information (referred to as ``proscribed 
information'') to contractors that are owned or under the control of a 
foreign interest and have had the foreign ownership or control 
mitigated by an arrangement known as a Special Security Agreement. 
Currently, there is no Federal standard across agencies on release of 
proscribed information to this group. The proposed amendment will 
provide standardization and consistency to the process across the 
Federal Government, and will enable greater efficiency in determining 
the release of the information as appropriate. This proposed amendment 
also moves the definitions section to the beginning of the part for 
easier use, and adds definitions for the terms ``Cognizant Security 
Office,'' ``National Interest Determination,'' and ``Proscribed 
Information,'' to accompany the new guidelines. Finally, this proposed 
amendment makes a minor typographical change to the authority citation 
to make it more accurate.

DATES: Submit comments on or before January 29, 2010.

ADDRESSES: NARA invites interested persons to submit comments on this 
proposed rule. Please include ``Attn: 3095-AB34'' and your name and 
mailing address in your comments. Comments may be submitted by any of 
the following methods:
     Federal eRulemaking Portal: Go to: http://
www.regulations.gov. Follow the instructions for submitting comments.
     Fax: Submit comments by facsimile transmission to 301-837-
     Mail: Send comments to Regulations Comments Desk (NPOL), 
Room 4100, Policy and Planning Staff, National Archives and Records 
Administration; Policy and Planning Office; Attn: Laura McCarthy, Room 
4100, 8601 Adelphi Road, College Park, MD 20740.
     Hand Delivery or Courier: Deliver comments to 8601 Adelphi 
Road, College Park, MD.

FOR FURTHER INFORMATION CONTACT: William J. Bosanko, Director, ISOO, at 

SUPPLEMENTARY INFORMATION: As of November 17, 1995, ISOO became a part 
of NARA and subsequently published Part 2004, National Industrial 
Program Directive No. 1, pursuant to section 102(b)(1) of E.O. 12829, 
January 6, 1993 (58 FR 3479), as amended by E.O. 12885, December 14, 
1993, (58 FR 65863). The Executive Order established a National 
Industrial Security Program (NISP) to safeguard Federal Government 
classified information released to contractors, licensees, and grantees 
(collectively referred to here as ``contractors'') of the United States 
Government. This amendment to Directive No. 1 proposes to add 
guidelines on release of proscribed information to this category of 
    ISOO maintains oversight over E.O. 12958, as amended, and policy 
oversight over E.O. 12829, as amended, and issuing this proposed 
amendment fulfills one of the ISOO Director's delegated 
responsibilities under these Executive Orders. Nothing in Directive No. 
1 or this proposed amendment shall be construed to supersede the 
authority of the Secretary of Energy or the Nuclear Regulatory 
Commission under the Atomic Energy Act of 1954, as amended (42 U.S.C. 
2011, et seq.), or the authority of the Director of National 
Intelligence under the National Security Act of 1947, as amended, E.O. 
12333, December 8, 1981, and the Intelligence Reform and Terrorism 
Prevention Act of 2004.
    The interpretive guidance contained in this proposed amendment will 
only assist agencies to implement E.O. 12829, as amended; users of 
Directive No. 1 shall refer concurrently to the Executive Order for 
    This proposed amendment is not a significant regulatory action for 
the purposes of E.O. 12866. The proposed amendment is also not a major 
rule as defined in 5 U.S.C. Chapter 8, Congressional Review of Agency 
Rulemaking. As required by the Regulatory Flexibility Act, we certify 
that the proposed amendment will not have a significant impact on a 
substantial number of small entities because it applies only to Federal 

[[Page 62532]]

List of Subjects in 32 CFR Part 2004

    Classified information.
    For the reasons stated in the preamble, NARA proposes to amend 
Title 32 of the Code of Federal Regulations, Part 2004, as follows:


    1. Revise the authority citation for part 2004 to read as follows:

    Authority: Executive Order 12829, January 6, 1993, 58 FR 3479, 
as amended by Executive Order 12885, December 14, 1993, 58 FR 65863.

    2. Amend Sec.  2004.22 by adding new paragraph (c) to read as 

Sec.  2004.22  Operational Responsibilities [202(a)]

* * * * *
    (c) National Interest Determinations (NIDs). Executive branch 
departments and agencies shall make a National Interest Determination 
(NID) before authorizing contractors, cleared or in process for 
clearance under a Special Security Agreement (SSA), to have access to 
proscribed information. To make a NID, the agency shall assess whether 
release of the proscribed information is consistent with the national 
security interests of the United States.
    (1) The requirement for a NID applies to new contracts, including 
pre-contract activities in which access to proscribed information is 
required, and to existing contracts when contractors are acquired by 
foreign interests and an SSA is the proposed foreign ownership, 
control, or influence mitigation method.
    (i) If access to proscribed information is required to complete 
pre-contract award actions or to perform on a new contract, the 
Government Contracting Activity (GCA) shall determine if release of the 
information is consistent with national security interests.
    (ii) For contractors that have existing contracts that require 
access to proscribed information, have been or are in the process of 
being acquired by foreign interests, and have proposed an SSA to 
mitigate foreign ownership, the Cognizant Security Office (CSO) shall 
notify the GCA of the need for a NID.
    (iii) The GCA(s) shall determine, ordinarily within 30 days, per 
Sec.  2004.22(c)(4)(i), or 60 days, per Sec.  2004.22(c)(4)(ii), 
whether release of the proscribed information is consistent with 
national security interests.
    (2) In accordance with 10 U.S.C. 2536, DoD and the Department of 
Energy (DOE) cannot award a contract involving access to proscribed 
information to a contractor effectively owned or controlled by a 
foreign government unless a waiver has been issued by the Secretary of 
Defense or Secretary of Energy.
    (3) NIDs may be program-, project-, or contract-specific. For 
program and project NIDs, a separate NID is not required for each 
contract. The CSO may require the GCA to identify all contracts covered 
by the NID. NID decisions shall be made by officials as specified by 
CSA policy or as designated by the agency head.
    (4) NID decisions shall ordinarily be made within 30 days.
    (i) Where no interagency coordination is required because the 
department or agency owns or controls all of the proscribed information 
in question, the GCA shall provide a final documented decision to the 
applicable CSO, with a copy to the contractor, ordinarily within 30 
days of the date of the request for the NID.
    (ii) If the proscribed information is owned by, or under the 
control of, a department or agency other than the GCA (e.g., National 
Security Agency (NSA) for Communications Security, the Office of the 
Director of National Intelligence (ODNI) for Sensitive Compartmented 
Information, and DOE for Restricted Data), the GCA shall provide 
written notice to that department or agency that its written 
concurrence is required. Such notice shall be provided within 30 days 
of being informed by the CSO of the requirement for a NID. The GCA 
shall ordinarily provide a final documented decision to the applicable 
CSO, with a copy to the contractor, within 60 days of the date of the 
request for the NID.
    (iii) If the NID decision is not provided within 30 days, per Sec.  
2004.22(c)(4)(i), or 60 days, per Sec.  2004.22(c)(4)(ii), the CSA 
shall intercede to request the GCA to provide a decision. In such 
instances, the CSO will provide the contractor with updates at 30-day 
intervals until the NID decision is made.
    (5) The CSO shall not delay implementation of an SSA pending 
completion of a GCA's NID processing, provided there is no indication 
that a NID will be denied either by the GCA or the owner of the 
information (i.e., NSA, DOE, or ODNI). However, the contractor shall 
not have access to additional proscribed information under a new 
contract until the GCA determines that the release of the information 
is consistent with national security interests and issues a NID.
    (6) The CSO shall not upgrade an existing contractor clearance 
under an SSA to Top Secret unless an approved NID covering the 
prospective Top Secret access has been issued.

Sec.  2004.24  [Redesignated as Sec.  2004.5]

    3. Redesignate Sec.  2004.24 as Sec.  2004.5, and transfer newly 
designated Sec.  2004.5 from subpart B to subpart A.
    4. In newly designated Sec.  2004.5, redesignate paragraph (b) as 
paragraph (c), and add new paragraphs (b), (d), and (e), to read as 

Sec.  2004.5  Definitions.

* * * * *
    (b) ``Cognizant Security Office (CSO)'' means the organizational 
entity delegated by the Head of a CSA to administer industrial security 
on behalf of the CSA.
* * * * *
    (d) ``National Interest Determination (NID)'' means a determination 
that access to proscribed information is consistent with the national 
security interests of the United States.
    (e) ``Proscribed information'' means Top Secret; Communications 
Security, except classified keys used for data transfer; Restricted 
Data; Special Access Program; or Sensitive Compartmented Information.

    Dated: November 23, 2009.
William J. Bosanko,
Director, Information Security Oversight Office.
David S. Ferriero,
Archivist of the United States.
[FR Doc. E9-28517 Filed 11-27-09; 8:45 am]