Research Policy Analysis and Coordination
Chapter 20: Performance of Classified Research
Much of the content in Chapter 20 has become obsolete and is currently under review.
Chapter 20-100 Introduction
The University of California becomes involved in classified research activities in several areas. Campuses need to decide whether to perform classified work in their dealings with certain Federal agencies. Faculty may serve as consultants to external contractors which perform classified work. The University of California performs classified work at the Lawrence Livermore National Laboratory, the Los Alamos National Scientific Laboratory, and off-campus at the Scripps Institution of Oceanography.
Involvement in classified work imposes special obligations on the University to meet the security requirements of the Atomic Energy Act as implemented in Department of Energy (DOE) Security Regulations, and to meet the security requirements of the Department of Defense (DOD) as published in its Industrial Security Manual.
This Manual Chapter describes how the University complies with the special obligations and requirements of the DOE and the DOD.
20-110 Special Requirements and Obligations for the Performance of Classified Work
Special requirements and obligations for the performance of classified work at the University include the following:
--Facility Clearance;
--Cleared Personnel; and
--Approved Security Program.
The above requirements are true for any classified work which is to be conducted, either for DOD or DOE, anywhere in the University, including at the DOE Laboratories.
20-120 General Overview of the Office of the President's Security Program
A general overview of the Office of the President (OP) security program, pursuant to the special requirements and obligations specified under 20-110 above, is as follows:
a. Facility Clearance
OP must have an approved facility clearance before any classified work can be performed anywhere within the University. The DOD requires that OP be approved as a "Home Office Facility" at the Secret level. (See DOD Security Definitions, Section 20-430). Although DOE does not have a comparable requirement, a clearance of the "Headquarters Facility" is required to have effective Presidential and Regental oversight over the DOE Laboratories.
Campus or Laboratory locations must also have facility clearances before any classified work can be performed at those locations. In the case of any DOD-approved campus facility, it cannot be cleared at any higher level than the OP Facility's currently DOD-approved Secret level.
b. Personnel Security Clearances
Members of the Board of Regents, including the President of the University, Principal Officers and certain other Officers of The Regents, Senior Vice Presidents and certain other Vice Presidents of the University, and selected other Office of the President management personnel must hold security clearances at the level of the approved facility clearance before any classified work is conducted anywhere in the University for DOD. DOE does not mandate clearances for individuals, as named above. However, to permit the effective discharge of management oversight responsibilities for the DOE Laboratories by the above-described University officials, DOE clearances at the Q level (Top Secret) are obtained.
Campus or Laboratory personnel who will be engaged in the performance of classified work must also hold an appropriate DOD or DOE personnel security clearance.
For an expanded discussion of University-sponsored personnel security clearances refer to Section 20-340.
c. Approved Research Security Program OP is required as a DOD Contractor, and elects as a DOE Laboratory operator, to have a corporate headquarters level "home office" to implement and manage a Universitywide security program. The Universitywide security program includes an OP headquarters monitoring role over DOD's security program within the University.
The OP security program excludes a monitoring role over DOE classified activities at LLNL and LANL because these Laboratories have their own security program which reports directly to DOE. Campuses wishing to become involved in the performance of DOD classified work must also have a DOD approved Research Security Program. For an expanded discussion of the University's DOD-approved Research Security Program refer to Section 20-400. For additional information concerning DOE's Security Program refer to Section 20-500.
Chapter 20-200 University Policy and Authority
In a resolution approved on July 17, 1970, The Regents reaffirmed the importance of research conducted at the University. (See Chapter 1, Section 1-120.) One benefit was stated as follows:
...research carried out by the University of California makes a vital contribution to the defense of the United States,...
In furtherance of this goal, the University occasionally accepts federal extramural awards that are intended to make a contribution to the defense of the United States but whose purposes might be impeded if the research results were publicly available.
University publication policy (see Chapter 1, Section 1-410) provides that freedom to publish or disseminate results is a major criterion of the appropriateness of a sponsored project, particularly a research project, and that normally a contract or grant is unacceptable if it limits this freedom. Chancellors may make exceptions to this policy under specified conditions including the judgment that security considerations in the national interest warrant an exception.
There are no Universitywide policies prohibiting University personnel from engaging in sponsored research projects or consulting arrangements involving access to classified information. Nor are there Universitywide policies prohibiting campuses from accepting sponsored agreements involving access to classified information. (See Chapter 1, Academic Policy, for policies related to research.) Most campuses have developed local practices and policies that govern campus performance of classified agreements. The authority for Chancellors to develop campus practices and policies pertaining to performance of sponsored research in the interest of national security is derived from their authority to approve exceptions to the University's publication policy for work performed in the national defense (see Chapter 1, Sections 1-410 and 1-420).
See Section 20-310 for additional information on University classification authority.
Chapter 20-300 Security Matters Which May Arise in Campus Activities
(See Section 20-100 for a definition of what currently is within the scope of the University's security responsibility).
20-310 Contract and Grant Office Perspective
A "classified" agreement (usually a contract) may be: (a) one which actually produces classified results, whether originally intended or not; (b) one which permits the Principal Investigator(s) to have access to classified information (in order to ensure access to full information in the field of work); and/or (c) one which permits the Principal Investigator(s) to visit or pass through a classified facility to reach an unclassified site (such as found at the shuttle launch site). Therefore, from a Contract and Grant Office perspective, extramurally sponsored agreements are of two general types: those originally intended to be classified (Section 20-311), and those not originally intended to be classified (Section 20-312).
20-311 Agreements Intended to be Classified
The University has longstanding research security relationships with the Department of Defense (DOD) and the Department of Energy (DOE), which enable personnel on University campuses to participate in two separate categories of research activities requiring access to classified information or restricted data:
(1) those DOD, DOE or other Federally-sponsored research activities requiring access to off-campus classified information, materials, and Governmental facilities, where no on-campus classified research results related to the national defense are either intended or produced; or
(2) in some limited cases, those research activities requiring access to classified information, materials, and Government facilities for the performance of classified work in University facilities (generally off-campus) which is actually intended to produce classified results related to the national defense.
Both categories (1) and (2) above are considered classified research under DOD/DOE definitions and would require DOD- or DOE-issued personnel security clearances to the Principal Investigator and any other project personnel involved in the performance of the research. (Refer to Section 20-430 g. and 20-540 a. for definitions of security clearances.) In the case of DOD category (1) or (2) sponsored research, there is an additional requirement that a DOD facility security clearance must be issued to the campus before performance of classified research would be authorized. If the campus elects not to obtain a DOD facility clearance, the classified work cannot be performed in that location. PIs may have to relocate their classified work to a University location that has a facility clearance or arrange to perform the work under a consulting arrangement (see Sections 20-360 and 20-F01 e.) with a cleared external organization or facility. Sections 20-300 through 20-440 summarize the research security requirements for the administration of DOD and DOE classified agreements.
Only those campuses that have received a Department of Defense "facility clearance" are authorized to accept classified agreements. Each such campus has an appointed Security Supervisor who holds a copy of the DOD Industrial Security Manual and the Universitywide Standard Practice Procedure for Safeguarding Classified Information. The campus Security Supervisor and the University Research Security Officer may be consulted on any questions which may arise concerning the administration of classified agreements, or on the campus's option to elect not to continue with the work under a sponsored agreement that has become classified (see Section 20-312). At present the only University units with a facility clearance are Scripps Institution of Oceanography, Office of the President, LLNL and LANSL.
20-312 Classified/Classifiable Information
If information is produced in the course of performing work on an unclassified sponsored project that the PI believes should be classified because its disclosure might adversely affect the security of the United States, the PI should promptly contact the sponsoring agency and request further guidance.
The sponsored agreement may, at that point, become classified even though the agreement document as initially awarded did not bear a classified designation (see Section 20-430). Notification that an agreement has become classified is normally made by the sponsoring DOD agency by means of a "DD Form 254" (see Section 20-F03). When such a notification is issued it becomes, upon acceptance, as much a part of the agreement to which it pertains as does a formal modification. DOE provides notification of classification via a formal contract/grant modification. In the case of both DOD and DOE, the campus has the option to elect not to continue with the work and to terminate the agreement in accordance with local campus policy covering the performance of classified research on or off campus. Whenever a sponsoring agency sends a classification notification to a campus, the campus Contracts and Grants Office should first send a copy to the University Research Security Officer located in the Research Administration Office, Office of the President, who will provide further guidance.
20-313 Inadvertent Possession of Classified Information
If a campus or Office of the President employee inadvertently comes into the possession of classified material, he or she should immediately contact one of the following offices for assistance:
University Research Security Office/OP
DOE/SAN Safeguards & Security Division (415) 423-0140
DOE/LA Safeguards & Security Division (213) 894-2648
FBI/Northern California: (415) 451-9782 (Day); (415) 552-2155 (Evenings)
FBI/Southern California: (415) 477-6565 (24-hr)
The nearest office of the Federal Bureau of Investigation or campus police should be called to retrieve the material for safekeeping and appropriate disposition. Classified material sent outside a cleared facility is required to be wrapped with an inner cover that prominently displays the classification marking, and an outer cover that is plain except for the sender's and receiver's addresses. Thus an unauthorized person opening a package will only realize that it contains classified material after the outer cover is opened. It is this point that the campus police/FBI should be contacted; the inner cover should not be opened. The individual would be considered a security breach requiring a full-scale Federal investigation.
A written report of the incident must be filed with the University's Research Security Officer, who in turn is required to forward the report by the most expeditious means to the cognizant DOE or DOD Investigative Officer.
20-320 University Research Security Requirements
Classified agreements are subject to various research security requirements which are to be implemented in accordance with the University's Standard Practice Procedures for Safeguarding National Security Information (SPP). The University's SPP manual is the basic statement of University policy and procedures on research security management.
Each campus involved in category (1) or (2) type of research (see Section 20-311) will be issued a copy of the University's SPP manual. In addition, each campus involved in category (1) or (2) type of research must issue its own campus SPP manual for local implementation.
20-330 General Responsibilities for University Research Security Matters
The responsibility for coordinating the campus and Office of the President research security program has been assigned to the Research Security Officer located in the Research Administration Office, Office of the President. Campus management designates Research Security Supervisors to administer campus DOD research-related security matters for their campus.
DOE and DOD research security matters for which the University's Research Security Officer has been assigned responsibility (except when assigned to campus Security Supervisors, LLNL, or LANSL) include the following:
--Processing and approving security clearance applications for University of California personnel who have a justified need for a security clearance (see Section 20-340);
--Providing initial and periodic written security briefings to all University personnel who have received security clearances, commensurate with their anticipated exposure to classified or restricted data (see Section 20-F01 f.);
--Processing visit requests for University-cleared individuals requiring access to cleared Government facilities in the performance of their research activities or University duties;
--Processing the termination of security clearances (access authorizations) when no longer required in the course of University employment;
--Modifying the University's Security Agreement with the Department of Defense to add campus locations approved for the performance of classified research;
--Ensuring compliance with the terms of the University's DOD Security Agreement;
--Submitting required reports; and
--Initiating and overseeing campus facility clearances.
20-340 University-sponsored Security Clearances
University-sponsored security clearances are initiated for University employees and Presidential appointees in accordance with the University's Security Agreement with the Department of Defense, and pursuant to fulfillment of the University's contract management responsibilities for LLNL and LANSL and obligations under any other classified extramural award to The Regents. Personnel who are processed for University-sponsored clearances must have a justified need for such clearance in relation to their assigned responsibilities, and consistent with the University's DOD Security Agreement and applicable local campus policies.
LLNL and LANSL security officers are responsible for DOE security clearances at these laboratories, and the SIO security officer is responsible for DOD security clearances at SIO (not the University Research Security Officer).
Faculty who require security clearances in their consulting arrangements must apply for such clearances through the Government Agency or private company for which they are consulting. (See Section 20-360.)
20-341 University of California Regents and Management Personnel
University-sponsored DOD and DOE security clearances are secured for members of the Board of Regents, including the President of the University, Principal Officers and certain other Officers of The Regents, Senior Vice Presidents and certain other Vice Presidents of the University, and selected other Office of the President management personnel. DOD clearances for this group are mandated in accordance with the University's Security Agreement with the Department of Defense which requires that DOD-Secret clearances (see Section 20-430 d.) be secured for all "Owners, Officers, Directors, and Executive Personnel" (OODEPs) of the corporation. Unless excluded, failure by any persons in this OODEP group to be processed for a DOD-Secret security clearance might disqualify the University (all campuses) from the performance of DOD sponsored classified research.
In addition, DOE-Q clearances (see Section 20-530 a.) are required for The Regents and various Office of the President management personnel in fulfillment of their oversight responsibilities for the University's Management and Operating (M& O) contracts with the Department of Energy for LLNL and LANSL. In fulfillment of those responsibilities, The Regents and University management personnel make trips to and receive classified briefings at the above-mentioned laboratories.
20-342 University Committees
University-sponsored DOE-Q clearances are secured for University faculty and outside appointees to the President's Health, Safety, and Environmental Advisory Committee for LLNL and LANSL (HSEAC), and for University faculty and outside appointees to the President's Scientific and Academic Advisory Committees to LLNL and LANSL (SAAC).
On occasion, University-sponsored DOE-Q clearances are required for faculty serving on Academic Senate committees, e.g., the Advisory Committee of the Academic Senate on the University's Relations with the Department of Energy Laboratories.
20-343 Other Individuals and Groups
Other individuals or groups of individuals may be processed for University-sponsored security clearances as the need arises, consistent with requirements under Section 20-340. These may include various University attorneys assigned to the Office of the General Counsel; various internal auditors assigned to the University Auditor's Office; various personnel assigned to the Office of Risk Management; and various personnel assigned to the Office of Technology Transfer. In addition, DOE-Q clearances may be required for various personnel assigned to campus Environmental Health and Safety offices who are part of emergency nuclear hazards control teams that must visit LLNL and LANSL to discuss classified matters or to receive training.
20-350 The Federal Perspective
In accordance with National Security Decision Directive 189 (September 21, 1985) issued by then President Reagan,
It is [U.S.] policy...that, to the maximum extent possible, the products of fundamental research remain unrestricted. It is also [U.S.] policy...that, where the national security requires control, the mechanism for control of information generated during federally-funded research in science, technology and engineering at colleges, universities and laboratories is classification....
Accordingly, when the government needs to control federally-funded research results, it will classify the information; otherwise the information will remain unrestricted. See Section 20-F02 for additional information on Federal laws and regulations related to classification.
20-360 Performance of Classified Work by Faculty, as Consultants to External Organizations
Individual Faculty members may serve on classified projects as consultants to the Federal government, commercial contractors, or other outside organizations. The University does not keep records of these projects, nor follow them. However, such consulting activities are subject to the general requirements of the University's Policy On Outside Professional Activities of Faculty Members, Section 025, Academic Personnel Manual. (See also Chapter 1, Section 1-700 of this Manual.)
It is the normal practice of the University not to sponsor clearances on behalf of faculty or other personnel who require such clearance solely to satisfy outside consulting obligations to external organizations, unrelated to the individual's assigned day-to-day University responsibilities. In such cases, the Government Agency or private company for which the individual is consulting usually must initiate and sponsor the individual's security clearance. There may be exceptions, however, such as Type C consultants (see Section 20-F01 e.) for whom the University may provide support for classified matters. Examples of individuals and groups for which the University initiates and sponsors security clearances are covered in Sections 20-341 through 20-343. Faculty should be reminded that they must have their own approved facility clearance for certain types of classified consulting.
Chapter 20-400 Department of Defense Research Security Program
20-410 Scope
Section 20-400 summarizes the unique requirements of the DOD's Research Security Program, as established in the DOD Industrial Security Manual (see Section 20-F01). The DOD Research Security Program covers all research involving access to classified materials or cleared facilities, when the research is sponsored by DOD.
20-420 Dod Security Policy and Objectives
The DOD Research Security Program is designed to provide:
--A system for the protection, control and dissemination of information the disclosure of which would be detrimental to national security;
--A system to control the export of arms, ammunition, and implements of war, including unclassified technical data and information relating thereto; and
--A system to control the export of U.S. commodities and unclassified technical data that would make a significant contribution to the military potential of any other nation or nations, and that would prove detrimental to the national security of the U.S.
Subparagraphs b. and c. above are discussed in Chapter 11, Intellectual Property and Related Matters. DOD implements subparagraph a. above at the University through a Security Agreement between DOD and The Regents.
20-430 Dod Security Definitions
a. Classified Agreements
An agreement that requires access to classified information by the contractor or designated employees in the performance of tasks or services specified in the agreement. (The Government may construe the agreement to be classified, even though the agreement document is not classified). (See Section 20-311.)
b. Classified Document
A document containing information, the disclosure of which could damage the national security of the United States.
c. Confidential
The lowest DOD classified level applied to information whose unauthorized disclosure could be expected to cause damage to national security.
d. Secret
The DOD classification level between Confidential and Top Secret that is applied to information whose unauthorized disclosure could be expected to cause serious damage to national security.
e. Top Secret
The DOD highest classification level applied to information whose unauthorized disclosure could be expected to cause exceptionally grave damage to national security.
f. Need-to-Know
A determination made by the possessor of classified information that a prospective recipient, in the interest of national security, has a requirement for access to, knowledge of, or possession of classified information in order to perform tasks or services essential to the fulfillment of a classified contract or program.
g. Personnel Security Clearance
An administrative determination by DOD based on an individual's personal history and National Agency Check or background investigation that the individual is eligible, from a security point of view, for access to classified information of the same or lower category as the level of the personnel security clearance being granted (e.g., Confidential, Secret, or Top Secret).
h. Facility Security Clearance
An administrative determination that, from a security viewpoint, a facility is eligible for access to classified information of a certain category (e.g., Confidential, Secret, or Top Secret).
20-440 DoD Security Responsibilities
The DOD Security Agreement (see Section 20-420) calls for the University to do the following:
--Provide and maintain a system of security controls in accordance with the DOD Industrial Security Manual (see Section 20-F01);
--Prepare Standard Practice Procedures consistent with the DOD Industrial Security Manual;
--Determine that any subcontractor, subbidder, individual, or organization proposed for the furnishing of supplies or services that will involve access to classified information has executed a DOD Security Agreement; and
--Accord authorized DOD representatives the right to inspect at reasonable intervals the procedures, methods, and facilities utilized by the University in complying with the requirements of the DOD Industrial Security Manual.
In return, the Government agrees to do the following:
--Indicate, when necessary, by security classification (Top Secret, Secret, or Confidential) the degree of importance to the national defense of information pertaining to supplies, services, and other matters to be furnished by the University to the Government, or by the Government to the University;
--Indicate by a marking additional to the classification marking that, when atomic energy information is involved, the information is "restricted data" (see Section 20-540a.); and
--Designate, upon written application, University employees who may have access to classified information.
The specific procedures designed to comply with the requirements of the DOD Security Agreement and the DOD Industrial Security Manual are found in the Universitywide Standard Practice Procedures for Safeguarding National Security Information. In addition, campuses issue their own Standard Practice Procedures Safeguarding National Security Information for local implementation in accordance with Section 20-320.
Chapter 20-500 Department of Energy Personnel Security Program
20-510 Introduction: the University's Management Role in Operating Llnl and Lansl
As a public service in the national interest, the University operates LLNL and LANSL where classified work under contracts with the U.S. Department of Energy is performed. These contracts contain significant security requirements (see below). In fulfilling its management role in operating LLNL and LANSL, the University must comply with DOE security regulations. These two Laboratories also perform work for the Department of Defense in accordance with the DOE security requirements. [The Lawrence Berkeley Laboratory is excluded from this section because it does not perform classified work.]
20-520 Scope
This manual Section summarizes the requirements of the DOE's Personnel Security Program as established by the Atomic Energy Act of 1954, as amended, and Executive Order 12356 (see Section 20-F02). The DOE Personnel Security Program applies to DOE contractors, subcontractors, employees and consultants, and access permittees, insofar as such individuals need to have access to classified information under the control of DOE or DOE contractors and subcontractors.
20-530 Doe Security Policy and Objectives
It is DOE policy that DOE contractors, subcontractors, employees and consultants, and access permittees will be allowed access to classified information or to special nuclear materials in Category I or II (see Section 20-540, paragraph g.) after they possess an access authorization or security clearance and a need-to-know basis has been established.
20-540 Doe Security Definitions
a. Access Authorization or Security Clearance
An administrative determination by DOE that an individual who is either a DOE employee, applicant for employment, consultant, assignee, other Federal department or agency employee (and other persons who may be designated by the Secretary of Energy), or a DOE contractor or subcontractor employee is eligible for access to Restricted Data, other classified information, or special nuclear material. Clearances granted by the DOE are designated as "Q(S)" (for sensitive), "Q(N)" (for non-sensitive), and "L". The following chart summarizes the kinds of data, information, or material to which the different clearances allow access.
However, it is important to remember that the overriding factor in determining permitted access in particular cases is the individual's need to know.
Formerly National Possession Restricted Restricted Security of Special Data Data Information Nuclear Material __________ _________ ___________ _____________ Type of DOE Clearance TS S C* TS S C TS S C I II Q Sensitive x x x x x x x x x x x Q Nonsensitive x x x x x x x x x x L x x x x*TS", "S" and "C" stand for the classification grades of Top Secret, Secret and Confidential. See 20-430, paragraph g., for definitions of Category "I" and Category "II" Special Nuclear Material.
b. Access Permittee
An individual or organization which has been issued a permit by the Department of Energy, providing access to Restricted Data applicable to civil uses of atomic energy in accordance with the terms and conditions stated on the permit and in accordance with applicable security regulations.
c. Classified Information
Any information which requires protection against unauthorized disclosure in the interest of the
national defense and security or foreign relations of the United States pursuant to applicable U.S. Statute or Executive Order. The term includes Restricted Data, Formerly Restricted Data, and National Security Information, each of which has degrees of importance denoted by Top Secret, Secret, or Confidential classifications.
d. Formerly Restricted Data
Classified information jointly determined by the Department of Energy (or its predecessors the Atomic Energy Commission and the Energy Research and Development Administration) and the Department of Defense to be related primarily to the military utilization of atomic weapons, and removed by the DOE from the Restricted Data category pursuant to section 142(d) of the Atomic Energy Act of 1954, as amended, and safeguarded as National Security Information, subject to the restrictions on transmission to other countries and regional defense organizations that apply to Restricted Data.
e. Restricted Data
Data defined in section II.y. of the Atomic Energy Act of 1954, as amended, as "all data concerning (1) design, manufacture, or utilization of atomic weapons; (2) the production of special nuclear material; or (3) the use of special nuclear material in the production of energy, but shall not include data declassified or removed from the Restricted Data category pursuant to section 142."
f. National Security Information
Information which requires protection in the interest of national defense or foreign relations of the United States, which does not fall within the definition of Restricted Data or Formerly Restricted Data, and which is classified in accordance with an Executive Order.
g. Special Nuclear Material
Special nuclear material, as defined in section II.aa. of the Atomic Energy Act of 1954, as amended, not subject to a Nuclear Regulatory Commission license. Special nuclear material (SNM) is divided into the following categories:
(a) Category "I" Quantities of SNM
(1) Uranium 235 (contained in Uranium enriched to 20 percent or more in the isotope U-235) alone, or in combination with Plutonium and Uranium 233 when (multiplying the Plutonium and/or Uranium 233 content by 2.5) the total is 5,000 grams or more.
(2) Plutonium and Uranium 233 when the Plutonium and Uranium 233 content is 2,000 grams or more.
(3) SNM in lesser quantities but which is located in the same area or shipment with other SNM with which it could be selectively combined to produce the equivalent quantities in subparagraphs (1) or (2) of this category.
(b) Category "II" Quantities of SNM
(1) Uranium 235 (contained in Uranium enriched to 20 percent or more in the isotope U-235) alone, or in combination with Plutonium and Uranium 233, when (multiplying the Plutonium and/or Uranium 233 content by 2.5) the total is 1,000 to 4,999 grams.
(2) Plutonium and Uranium 233 when the Plutonium and Uranium 233 content is 400 grams to 1,999 grams.
(3) SNM in lesser quantities but which is located in the same area or shipment with other SNM with which it could be selectively combined to produce the equivalent quantities in subparagraphs (1) or (2) of this category.
20-550 University Responsibilities
Under the DOE Personnel Security Program, University responsibilities are specified by terms and conditions of awards issued to The Regents by the Department of Energy, including the Management and Operating (M& O) contracts for LLNL and LANSL. In general, these responsibilities are:
a. To establish procedures to assure that University employees, consultants, or assignees are prevented from access to classified information without the prior written certification that a security clearance has been granted;
b. To control the access of University employees, consultants, or assignees who have security clearances on the basis of established need-to-know;
c. To implement procedures under a supervisory security program to assure that supervisors report to DOE promptly any derogatory information concerning an employee or applicant for employment who possesses or is in the process of receiving a security clearance; and
d. To certify annually to DOE the continued need-to-know of those employees who have security clearances.
The University's Research Security Officer, located in the Office of the President, ensures that the University has programs in place to meet these responsibilities. Each DOE Laboratory has responsibility for its own facilities and Laboratory personnel.
Chapter 20-999 Related University References
- Standard Practice Procedures for Safeguarding National Security Information.
External Requirement Federal
20-F01 Department of Defense (Dod) Industrial Security Manual for Safeguarding Classified Information
Purpose
The DOD Industrial Security Manual (ISM) establishes uniform security practices within industrial plants, educational institutions, and all organizations used by prime contractors and subcontractors having classified information of the Department of Defense, certain other executive departments and agencies, or certain foreign governments.
Applicability
The ISM is issued under the authority of DOD Directive 5220.22, "Department of Defense Industrial Security Program." It is applicable primarily in connection with the performance of a classified contract. It also is applicable to the safeguarding of classified information in connection with all aspects of precontract activity including the preparation of bids and proposals, precontract negotiations, and all aspects of postcontract activity. Classified grants and cooperative agreements are similarly covered. In addition, the ISM applies to the safeguarding of foreign classified information, which has been furnished to U.S. contractors and which the U.S. Government is obligated to protect in the interest of national defense.
Summary of Provisions
The ISM contains specific requirements for dealing with virtually all aspects of research security. Among the principal topics covered are the following:
a. Contractor Responsibilities
(1) appointment of a Facility Security Officer;
(2) controlling access to and disclosure of classified information;
(3) safeguarding of classified information;
(4) briefing of cleared personnel;
(5) performance of security checks;
(6) proper transmission and/or disposition of classified material;
(7) controlling disclosure of classified information at meetings, seminars, symposia, conferences, etc.;
(8) development of standard practice procedures;
(9) reporting of security violations, adverse information concerning contractor employees, and changes in contractor security procedures;
(10) investigating suspected losses or compromise of classified information;
(11) use of badges and identification cards when necessary; and
(12) not disclosing information pertaining to classified contracts or projects except as specified in ISM paragraph 5.0.
b. Handling of Classified Information
This section of the ISM contains requirements for marking, handling, storing, shipping, and destroying documents that have been classified pursuant to DD Form 254, Contract Security Classification Specifications. Extremely detailed instructions are provided. For example, "typewriter and ADP equipment ribbons used in transcribing classified material shall be safeguarded in the manner appropriate for the classification category involved, until the ribbon is cycled through the typewriter or printer a sufficient number of times [at least five] to obliterate information contained thereon."
c. Security Clearances
This section of the ISM addresses in the most part who can or should be given security clearances and at what level. In addition, if a facility, such as a campus or Laboratory, is to store classified materials or be a site where classified work is performed, then the facility itself must be cleared, and this section also contains requirements for obtaining and maintaining a facility clearance.
d. Visitor Control Procedures
This section of the ISM outlines procedures for identifying, recording, categorizing, and controlling visitors to a cleared facility. Other visits that might have security implications which are covered are visits by cleared individuals to foreign countries.
e. Consultants
Different requirements apply depending on whether the consultant does not possess classified material except at the contractor's or agency's cleared facility (Type A); possesses classified material at the consultant's place of business or residence and has full responsibility for the security of that material (Type B); or possesses classified material at the facility of the cleared consultant's employer (Type C). With respect to University employees who do classified consulting work, Type A consultants would be able to have access to classified material only at the the cleared facility where they do their consulting (e.g., DOD, NASA, JPL). Type B consultants maintain their own cleared facility and would be able to have access to classified material at their home or office; they are personally responsible to safely store classified material only in storage containers authorized by the General Services Administration. Type C consultants would be able to have access to classified material only at a cleared University facility (e.g., Scripps Institution of Oceanography) when the University has agreed to be responsible for security of the classified material. (Additional information may be found in the ISM.)
f. Security Briefings
This appendix to the ISM outlines the elements of the security briefing that the contractor is responsible for giving to all its cleared employees, Type A consultants, and temporary help supplier personnel. The typical briefing would summarize the threat posed by the activities of foreign intelligence operatives, how to recognize possible approaches, and when and where to report suspicious activity.
g. Guidance for Contractor Self-Inspection
This appendix to the ISM also contains questions that will help pinpoint any weaknesses in the contractor's research security program and prepare for inspection by the Cognizant Security Officer (i.e., the Director of Industrial Security who has jurisdiction over the geographical area in which the facility is located).
Primary University Responsibility
The University's Research Security Officer, located in the Office of the President, is responsible for ensuring that the requirements of the ISM that apply to the University are met.
University Policy Implementation
The Universitywide Standard Practice Procedures for Safeguarding National Security Information implements the requirements of the ISM.
20-F02 ATOMIC ENERGY ACT OF 1954; EXECUTIVE ORDER 12356 [RESERVED]
20-FO3 Department of Defense Form DD254, Contractor Security Classification Specification (sample)
Chapter 20-400 Department of Defense Research Security Program
20-410 Scope
Section 20-400 summarizes the unique requirements of the DOD's Research Security Program, as established in the DOD Industrial Security Manual (see Section 20-F01). The DOD Research Security Program covers all research involving access to classified materials or cleared facilities, when the research is sponsored by DOD.
20-420 Dod Security Policy and Objectives
The DOD Research Security Program is designed to provide:
--A system for the protection, control and dissemination of information the disclosure of which would be detrimental to national security;
--A system to control the export of arms, ammunition, and implements of war, including unclassified technical data and information relating thereto; and
--A system to control the export of U.S. commodities and unclassified technical data that would make a significant contribution to the military potential of any other nation or nations, and that would prove detrimental to the national security of the U.S.
Subparagraphs b. and c. above are discussed in Chapter 11, Intellectual Property and Related Matters. DOD implements subparagraph a. above at the University through a Security Agreement between DOD and The Regents.
20-430 Dod Security Definitions
a. Classified Agreements
An agreement that requires access to classified information by the contractor or designated employees in the performance of tasks or services specified in the agreement. (The Government may construe the agreement to be classified, even though the agreement document is not classified). (See Section 20-311.)
b. Classified Document
A document containing information, the disclosure of which could damage the national security of the United States.
c. Confidential
The lowest DOD classified level applied to information whose unauthorized disclosure could be expected to cause damage to national security.
d. Secret
The DOD classification level between Confidential and Top Secret that is applied to information whose unauthorized disclosure could be expected to cause serious damage to national security.
e. Top Secret
The DOD highest classification level applied to information whose unauthorized disclosure could be expected to cause exceptionally grave damage to national security.
f. Need-to-Know
A determination made by the possessor of classified information that a prospective recipient, in the interest of national security, has a requirement for access to, knowledge of, or possession of classified information in order to perform tasks or services essential to the fulfillment of a classified contract or program.
g. Personnel Security Clearance
An administrative determination by DOD based on an individual's personal history and National Agency Check or background investigation that the individual is eligible, from a security point of view, for access to classified information of the same or lower category as the level of the personnel security clearance being granted (e.g., Confidential, Secret, or Top Secret).
h. Facility Security Clearance
An administrative determination that, from a security viewpoint, a facility is eligible for access to classified information of a certain category (e.g., Confidential, Secret, or Top Secret).
20-440 DoD Security Responsibilities
The DOD Security Agreement (see Section 20-420) calls for the University to do the following:
--Provide and maintain a system of security controls in accordance with the DOD Industrial Security Manual (see Section 20-F01);
--Prepare Standard Practice Procedures consistent with the DOD Industrial Security Manual;
--Determine that any subcontractor, subbidder, individual, or organization proposed for the furnishing of supplies or services that will involve access to classified information has executed a DOD Security Agreement; and
--Accord authorized DOD representatives the right to inspect at reasonable intervals the procedures, methods, and facilities utilized by the University in complying with the requirements of the DOD Industrial Security Manual.
In return, the Government agrees to do the following:
--Indicate, when necessary, by security classification (Top Secret, Secret, or Confidential) the degree of importance to the national defense of information pertaining to supplies, services, and other matters to be furnished by the University to the Government, or by the Government to the University;
--Indicate by a marking additional to the classification marking that, when atomic energy information is involved, the information is "restricted data" (see Section 20-540a.); and
--Designate, upon written application, University employees who may have access to classified information.
The specific procedures designed to comply with the requirements of the DOD Security Agreement and the DOD Industrial Security Manual are found in the Universitywide Standard Practice Procedures for Safeguarding National Security Information. In addition, campuses issue their own Standard Practice Procedures Safeguarding National Security Information for local implementation in accordance with Section 20-320.
Navigating the Manual
Contract and Grant Manual Home
Chapters
2: Proposal Submission and Award Acceptance/Administration
3: Environmental Health and Safety
10: Internal University Administration
11: Intellectual Property and Related Matters
13: Legal Authorities and Principles
14: Nondiscrimination/Affirmative Action
17: Records/Paperwork Access and Management
18: Protection of Research Subjects
20: Performance of Classified Research