| File Name: | css policy manual no 3 16.pdf |
| Size: | 3325 KB |
| Type: | PDF, ePub, eBook, fb2, mobi, txt, doc, rtf, djvu |
| Category: | Book |
| Uploaded | 17 May 2019, 18:21 PM |
| Interface | English |
| Rating | 4.6/5 from 564 votes |
| Status | AVAILABLE |
| Last checked | 12 Minutes ago! |
For a better experience, please enable JavaScript in your browser before proceeding. It may not display this or other websites correctly. You should upgrade or use an alternative browser. I can find quite a bit on COMSEC, but nothing about NSA Policy Manual No. 3-16. I can find quite a bit on COMSEC, but nothing about NSA Policy Manual No. 3-16.He would like me to look into it to see if we wish to persue it. The Task Work Specification seems to be a draft for the Air Force. I sure wish the NSA would make these a little easier to find! The Task Work Specification seems to be a draft for the Air Force. I sure wish the NSA would make these a little easier to find!You may want to try and email the NSA and ask. Equipment Parts - Eat Drink Policy Equipment Parts - Eat Drink Policy. We’ve made big changes to make the eCFR easier to use. Be sure to leave feedback using the 'Help' button on the bottom right of each page!The Public Inspection page may alsoWhile every effort has been made to ensure thatUntil the ACFR grants it official status, the XMLCounts are subject to sampling, reprocessing and revision (up or down) throughout the day. This information is not part of the official Federal Register document. These can be usefulOnly official editions of theUse the PDF linked in the document sidebar for the official electronic format. Comments must be received by June 9, 2014. DoD-2011-OS-0063 or Regulatory Information Number (RIN) 0790-AI71 by any of the following methods: Follow the instructions for submitting comments. The general policy for comments and other submissions from members of the public is to make these submissions available for public viewing on the Internet at as they are received without change, including any personal identifiers or contact information. This rule does not levy requirements on U.S. contractors. These arrangements require trustees, proxy holders or outside directors to oversee and provide business management of the U.S. contractor.http://ecurieluberonsport.com/userfiles/6gf-ln-manual.xml
The average number of outside directors for a SCA is two. For CY11, 16 contractors were subject to a SSA, of which 12 required access to SECRET information and four required access to TS information. The average number of outside directors for a SSA is three. In CY 11, there were no VTAs and nine PAs that required access to TS information. The average number of proxy holders for a PA is three. The proxy holders, voting trustees, or outside directors must be eligible for access at the level of the FCL. Non-DoD Components issuing contracts requiring access to classified information who are not one of the four designated NISP CSAs (i.e., the Department of Energy, the Office of the Director of National Intelligence, the Nuclear Regulatory Commission and the DoD) must enter into agreements with DOD to establish the terms of oversight on their behalf. Currently, the procedures for assessing initial FCL eligibility for U.S. companies and continued FCL eligibility for U.S. contractors which may be subject to FOCI are not uniform or consistent since these procedures do not apply to the non-DoD Components. Currently, DoD does not have uniform procedures to assess the risks and the potential adverse impact on the performance of contracts requiring access to classified information due to any FOCI information reported by U.S. contractors or U.S. companies in process for an FCL. The rule will provide uniform and effective procedures for DoD to assess the risks associated with reports of material changes to FOCI information which are submitted annually by U.S. contractors. The rule also prescribes responsibilities for FOCI matters, to include assessment of risks which may result from a contractor's FOCI information. Finally, it outlines security measures DoD may consider, implement, and oversee to mitigate or negate the effects of FOCI to an acceptable level for classified contract performance.http://fukuusagi.com/user_data/image/6hk1x-isuzu-engine-service-manual.xml
If there are no procedures as set forth in this rule to evaluate and determine how to negate or mitigate the foreign ownership, there will be nothing to prevent unauthorized disclosures of classified information since the foreign owner will have unfettered control of the U.S. company. This proposed rule provides the baseline requirements for the USG to evaluate the foreign owner's rights and determine whether those rights can be mitigated to effectively protect classified information and preclude its unauthorized disclosure. Depending upon what a foreign-owned U.S. company is working on, unauthorized disclosure of classified information could have an adverse impact on national security. Also, without this rule, Components will not have the ability to consider innovative technologies developed by foreign-owned U.S. companies due to concerns with awarding a classified contract without a uniform process to assess and effectively mitigate or negate existing FOCI. Finally, the lack of a formal, uniform process has created significant delay in the completion of National Interest Determinations (NIDs) for foreign-owned U.S. contractors. These delays increase the costs to Components by preventing contract performance when access to classified information is required. Government Contracting Activities (GCAs) don't know if there are risks, such as foreign ownership or control of a U.S. company before awarding a contract requiring access to classified information or when a U.S. company is acquired by a foreign interest while performing on any contracts requiring access to classified information without these procedures. The uniform procedures in this rule provide the GCAs with analysis of potential adverse impact and mitigation or negation of FOCI information to allow foreign-owned U.S. companies to compete to perform on classified contracts.
DoD and non-DoD Components face an increased probability of the loss or compromise of classified information and subsequent harm to the national security, as a result of the award of classified contracts to foreign-owned U.S. companies without this rule in place for the proper mitigation of FOCI information. Standard Form (SF) 328, “Certificate Pertaining to Foreign Interests” has been assigned OMB Control Number 0704-0194. When the term Government Contracting Activities (GCAs) is used, it applies to both DoD Components and non-DoD Components. As defined in DoD 5220.22-M. As defined in Joint Publication 1-02. As defined in Joint Publication 1-02. As defined in DoD 5220.22-M. For purposes of this part, a signed agreement between a foreign interest and a U.S. contractor or a company in process for an FCL which, based on an assessment of FOCI information, imposes various security measures within an institutionalized set of company practices and procedures. Examples include board resolutions, security control agreements (SCAs) and special security agreements. For purposes of this part, a signed agreement between a foreign interest and U.S. contractor or a company in process for an FCL under which the foreign owner relinquishes most ownership rights to U.S. citizens who are approved by the U.S. Government and have been favorably adjudicated for access to classified information based on the results of a personnel security clearance investigation. Examples include voting trust agreements (VTAs) and proxy agreements (PAs). As defined in E.O. 13526. As defined in DoD 5220.22-M. As defined in DoD 5220.22-M. As defined in 32 CFR part 2004, “National Industrial Security Program Directive No. 1.” As defined in DoD 5220.22-M. A written certification by USG or applicable foreign government industrial security authorities, which certifies the PCL level or eligibility for a PCL at a specified level for their citizens.
The assurance is used, in the case of the United States, to give an LAA to a non-U.S. citizen, provided all other investigative requirements are met. TOP SECRET (TS) information, COMSEC information excluding controlled cryptographic items when unkeyed and utilized with unclassified keys, restricted data (RD), special access program (SAP) information, or sensitive compartmented information (SCI). As defined in DoD 5220.22-M. As defined in Joint Publication 1-02. The security assurance usually will be in a request for visit authorization or with courier orders or a transportation plan; but is not related to the PCL security assurance. As defined in E.O. 13526. Update the guide, as needed, in coordination with the Office of the Under Secretary of Defense for Intelligence (OUSD(I)) Security Directorate. Forward proposed changes and associated justification to the OUSD(I) Security Directorate for consideration as future changes to this part. In addition, the Director, DoD SAPCO, will develop procedures for the consideration of a NID when a contractor cleared under a Special Security Agreement (SSA) requires access to an unacknowledged Special Access Program (SAP). As stated in DoD 5220.22-M, and in accordance with E.O. 12829: Depending on specific circumstances (e.g., extensive minority foreign ownership at a cleared subsidiary in the corporate family), DSS may request one or more of the legal entities that make up a corporate family to submit individual SF 328s and will determine the appropriate FOCI action plan(s) that must be put in place. Invalidation renders the contractor ineligible to receive new classified material or to bid on new classified contracts. If the affected GCA determines that continued access to classified material is required, DSS may continue the FCL in an invalidated status when there is no indication that classified information is at risk of compromise.
If classified information remains at risk of compromise due to the FOCI, DSS will take action to impose appropriate security countermeasures or terminate the FCL, in coordination with the affected GCA. Depending on specific circumstances, DSS may determine that a contractor is no longer under FOCI or, conversely, that a contractor is no longer eligible for an FCL. Start Printed Page 19473 An analysis of some of the FOCI factors may clearly identify risk; while others may result in circumstances that would mitigate or negate risks. Therefore, these factors must be considered in the aggregate with regard to the foreign interest that is the source of the FOCI, the country or countries in which the foreign interest is domiciled and has its principal place of business (if not in the country of domicile), and any other foreign country that is identified by DSS because it is a substantial source of the revenue for, or otherwise has significant ties to, the foreign interest. DSS will consider the following FOCI factors and any other relevant information in the context of threat, vulnerability, and sensitivity of the classified information required for current or prospective contract performance when rendering a risk management assessment and determination of the acceptability of a company's FOCI action plan: DSS will request these assessments as soon as practicable, for the company itself and for all business entities in the company's ownership chain. The company must identify the specific relief sought and grounds for that relief in its appeal. In response, the Director, DSS, may request additional information from the company. At a minimum, DSS will respond to appeals within 30 days, either with a decision or an estimate as to when a decision will be rendered.
DSS will not release pre-decisional information to the company, its legal counsel, or any of its representatives without the express written approval of the applicable GCAs who own the data and any other USG entities with an interest in the company's FOCI action plan. In FOCI cases involving any foreign ownership or control, DSS will advise and consult with the appropriate GCAs, including those with special security needs, regarding the required FOCI mitigation or negation method and provide those GCAs with the details of the FOCI factors and any associated risk assessments. DSS and GCAs will meet to discuss the FOCI action plan, when determined necessary by either DSS or the applicable GCAs. When DSS determines that a company may be ineligible for an FCL by virtue of FOCI, or that additional action by the company may be necessary to mitigate the FOCI or associated risks, DSS will promptly notify the company and require it to submit a FOCI action plan to DSS within 30 calendar days of the notification. In addition, DSS will advise company management that failure to submit the requested plan within the prescribed period of time will result in termination of FCL processing or initiation of action to revoke an existing FCL, as applicable. If an action plan is determined to be unacceptable, DSS can recommend and negotiate an acceptable action plan including, but not limited to, the measures identified in paragraphs (b)(4)(ii) and (b)(4)(iii) of this section. In any event, DSS will provide written feedback to a company or the company's designated representative on the acceptability of the FOCI action plan within 30 calendar days of receipt. Non-exclusive examples of such measures include: Start Printed Page 19474 Some methods that may be applied to mitigate the risk of foreign ownership are outlined in DoD 5220.22-M and further described in this section.
While these methods are mentioned in relation to specific ownership and control thresholds, these descriptions should not be construed as DoD-sanctioned criteria mandating the selection or acceptance of a certain FOCI action plan. DSS retains the authority to reject or modify any proposed FOCI action plan in consultation with the affected GCAs. This method is often used when a foreign interest does not own voting interests sufficient to elect, or otherwise is not entitled to representation on the company's governing board. The resolution will also include a certification that the foreign shareholders and their representatives will not require, will not have, and can be effectively excluded from access to all classified information in the possession of the contractor, and will not be permitted to occupy positions that may enable them to influence the organization's policies and practices in the performance of classified contracts. Copies of such resolutions will be furnished to all board members and principal management officials. When an SCA is implemented, a U.S. citizen serves as an outside director, as defined in DoD 5220.22-M. DSS may determine the need for more than one outside director based on the FOCI analysis and risk assessments. An SSA is based on the analysis of the FOCI factors set forth in paragraph (b)(3) and is often used when a foreign interest effectively owns or controls a company or corporate family. DSS assesses the implications of the FOCI factors in accordance with paragraphs (b)(3) and (b)(4)(iii) of this section. U.S. citizens serve as outside directors in accordance with DoD 5220.22-M. NSA, ODNI, and DOE, as appropriate, will then have 30 calendar days to render a decision. Under a VTA, PA and associated documentation, the foreign owner relinquishes most rights associated with ownership of the company to cleared U.S. citizens approved by DSS.
Both FOCI agreements can effectively negate foreign ownership and control; therefore, neither agreement imposes any restrictions on the company's eligibility to have access to classified information or to compete for classified contracts including contracts with proscribed information.If a subsidiary requires and is eligible for an FCL at the TS level, the company executing the FOCI mitigation agreement and any intermediate parents must be formally excluded from TS access unless they have their own requirement and are otherwise eligible for TS access. In the absence of written objections (signed at the Program Executive Office (PEO) level or higher) from GCAs with an interest in the company or corporate family, DSS may proceed with implementation of what DSS considers in its discretion to be an acceptable FOCI action plan based on available information. Unless other regulatory review processes for mergers or acquisitions have an earlier suspense date, DSS will provide a 30 calendar day period for the GCAs with an interest in the company or corporate family to provide their PEO level or higher written objections. DSS may propose changes to the contents of these template FOCI mitigation or negation agreements. DSS may tailor non-substantive provisions of the template agreement for any particular FOCI case without further approval from the USD(I), provided DSS notifies the OUSD(I) Security Directorate of the deviation from the template. DSS may provide this notification through the electronic submission of an annotated copy of the modified agreement. A NID does not authorize disclosure of classified information to a foreign government, a non-U.S. citizen or a non-U.S. entity. Timelines for NID decisions are set forth in 32 CFR part 2004 and the provisions of this paragraph. NIDs can be program, project, or contract specific, subject to the concurrence of NSA for COMSEC, ODNI for SCI or DOE for RD.
For program and project NIDs, a separate NID is not required for each contract. DSS will inform the DoD SAPCO of NID requirements to allow the SAPCO to advise of awareness of unacknowledged SAPs or any carve-out SAP activity. In such instances, DSS will request that the contractor notify the government contracting officer and Program Security Officer of the need for a NID. The cognizant SAPCO will inform the DoD SAPCO of any unacknowledged SAPs affected by the proposed SSA and consequently the NID requirement. If the NID is not specific to a single program, project, or contract (e.g., a blanket NID), the GCA will also forward a copy of the NID to the OUSD(I) Security Directorate. The GCA will request that NSA, ODNI, or DOE respond within 30 calendar days of the date of the GCA's written request directly to DSS with a copy to the GCA. A GCA's NID decision is not final until NSA, ODNI, or DOE, as applicable, respond regarding access to COMSEC, SCI, or RD. This will include the appointment of a Technology Control Officer and the establishment of Technology Control Plan (TCP). These measures are intended to ensure that GSCs: Start Printed Page 19476 In the case of an SCA, DSS will require the contractor to have at least one outside director, but may require more than one outside director based on an assessment of security risk factors. Access will be at the level necessary for the outside directors to carry out their security or business responsibilities for oversight of the subsidiary company in accordance with DoD 5220.22-M. If the subsidiary has an approved NID for access to SAP or SCI, the applicable GCA may determine that an outside director at the parent contractor requires approved access at the subsidiary. Under a VTA, PA, SSA, SCA, or Limited FCL, DSS will require the contractor to develop and implement a TCP as required in DoD 5220.22-M. DSS will evaluate and, if the plan is adequate, approve the TCP.
The TCP must include a description of all security measures required to prevent the unauthorized disclosure of classified or export-controlled information. Although TCPs must be tailored to the specific circumstances of the contractor or corporate family to be effective, DSS may provide examples of TCPs to the contractor to assist plan creation. Under a VTA, PA, or SSA, DSS will require the contractor to develop and implement an ECP tailored to the contractor's operations. DSS will determine the extent of the ECP and review the plan for adequacy. The ECP must include a detailed network description and configuration diagram that clearly delineates which networks will be shared and which will be protected from access by the foreign parent or its affiliates. The network description will address firewalls, remote administration, monitoring, maintenance, and separate email servers, as appropriate. There may be circumstances when the parties to a transaction propose in the FOCI action plan that the U.S. contractor provides certain services to the foreign interest, or the foreign interest provides services to the U.S. contractor. The services to be provided must be such that there is no violation of the applicable FOCI mitigation or negation agreement. If approved, the extent of such support and limitations on the support will be fully documented in an ASA. DSS will meet at least annually with the GSCs of contractor's operating under a VTA, PA, SSA, or SCA to review and discuss the purpose and effectiveness of the FOCI mitigation or negation agreement; establish a common understanding of the operating requirements and their implementation; answer questions from the GSC members; and provide guidance on matters related to FOCI mitigation and industrial security.
These meetings will also include an examination by DSS, with the participation of the (FSO) and the GSC members, of: For contractors operating under a VTA, PA, SSA, or SCA, DSS will obtain from the Chair of the GSC an implementation and compliance report one year from the effective date of the agreement and annually thereafter. DSS will review the annual report; address, resolve, or refer issues identified in the report; document the results of this review and any follow-up actions; and keep a copy of the report and documentation of related DSS actions on file for 15 years. The GSC's annual report must include: Otherwise, the company is not eligible for access to proscribed information. DSS will periodically review the definition of material change with regard to FOCI and publish updated guidance as to what constitutes a reportable material change in coordination with OUSD(I) Security Directorate. A GCA or a foreign government may sponsor a Start Printed Page 19477 Limited FCL consistent with the provisions of paragraphs (b)(13)(iii)(A) through (b)(13)(iii)(D) of this section. An authorized GCA official, at the PEO level or higher, must certify in writing that the classified information to be provided to the company has been authorized for disclosure to the participating governments in compliance with U.S. National Disclosure Policy NDP-1, “National Policy and Procedures for the Disclosure of Classified Military Information to Foreign Governments and International Organizations,” (available to designated disclosure authorities on a need-to-know basis from the Office of the Deputy Under Secretary of Defense for Policy Integration and Chief of Staff to the Under Secretary of Defense for Policy). Key management personnel (KMPs) and employees may be citizens of the countries of ownership, if DSS is able to obtain security assurances. The non-U.S. citizens retain their foreign government issued personnel security clearances. The company FSO must be a cleared U.S.
citizen as set forth in DoD 5220.22-M. The KMPs must all be U.S. citizens. However, if the U.S. subsidiary is to have access to U.S. classified information in the performance of the contract, the U.S. subsidiary must be considered for one of the FOCI agreements set forth in paragraph (b)(4)(iii) of this section. Access to U.S. classified information or material will be limited to information and material that has been authorized for export to the sponsoring government consistent with an approved direct commercial sale contract or foreign military sales letter of offer and acceptance. KMPs and employees may be citizens of the sponsoring government, if DSS is able to obtain security assurances on the individuals. As non-U.S. citizens, these individuals would not be eligible for a LAA; would be assigned under an extended visit authorization, and would retain their foreign government issued personnel security clearances. The FSO must be a U.S. citizen. The official must fully describe the compelling need and certify in writing that the sponsoring GCA accepts the risk inherent in not negating or mitigating the FOCI. The Limited FCL permits performance only on a classified contract issued by the sponsoring GCA. The regulations defining the CFIUS process are at 31 CFR part 800, “Regulations Pertaining to Mergers, Acquisitions, and Takeovers by Foreign Persons”. DoD procedures for reviewing and monitoring transactions filed with CFIUS are provided in DoD Instruction 2000.25. However, CFIUS may not mitigate national security risks that are adequately addressed by other provisions of law. DSS will provide all relevant information to the OUSD(I) Security Directorate specifically, for any transaction undergoing concurrent CFIUS and DSS reviews. Start Printed Page 19478 The determination must be provided to DSS one day prior to the suspense date established by the MIBP CFIUS Team and must include whether a favorable NID will be provided.
If the GCA does not notify DSS, DSS will not delay implementation of a FOCI action plan pending completion of a GCA's NID process as long as there is no indication that the NID will be denied. Learn how to enable cookies. Best Cities for Jobs 2020 NEW. Jobs Company Reviews Salaries Interviews Salary Calculator Account Settings Account Settings Sign In Notifications Account Settings empty notification btn For Employers For Employers Unlock Employer Account Sign In to Employer Center Post a Job Employer Branding Job Advertising Employer Blog Talk to Sales Post Jobs Write Review Sign In Sorry, we can't find that page. Try searching below for a job that interests you Keyword Location Not sure what to do. The most popular things to do on Glassdoor are: Search for jobs Read employee reviews of companies View employee salaries for any job or company See interview questions and answers that employers have asked Check out awards lists and rankings, such as Glassdoor's annual Best Places to Work and Top Jobs Work in HR or recruiting. Learn about Glassdoor for Employers, create a free employer account, or post a job. Glassdoor has millions of jobs plus salary information, company reviews, and interview questions from people on the inside making it easy to find a job that’s right for you. Policy 1-52, Classified National Security Information, 2012 Nov 16. NSAlCSS CLASSIFICATION GUIDE. PVRPOSE AND SCOPE. ” In 8CCordance with NSAlCSS Policy 1-52.Transmission Security or TRANSEC is the component of COMSEC which is designed to. The selected candidate will perform as a (primary) COMSEC Manager to account for COMSEC materials to support the program and its networks. Candidates must be able to work in a fast moving environment with many moving parts and must be able to juggle several tasks at once. Management will include maintaining security throughout receipt, transfer, inventory, accounting, and destruction.
The selected candidate will work with Alternate COMSEC Custodians and will assist those Alternates in their daily operations. Minimum Qualifications: Requires BS and 4 - 8 years of prior relevant experience or Masters with 2 - 6 years of prior relevant experience. Additional years of experience may be substituted for a Degree. The company's 33,000 employees support vital missions for government and commercial customers. For more information, visit www.Leidos.com. Pay and Benefits Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here. Securing Your Data Leidos will never ask you to provide payment-related information at any part of the employment application process. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws. Answer telephones, direct calls, and take messages. Communicate with customers, employees, and other individuals to answer questions, disseminate or explain information, take orders, and address complaints. Maintain and update filing, inventory, mailing, and database systems, either manually or using a computer. Compile, copy, sort, and file records of office activities, business transactions, and other activities. Review files, records, and other documents to obtain information to respond to requests. Open, sort, and route incoming mail, answer correspondence, and prepare outgoing mail. Compute, record, and proofread data and other information, such as records or reports. Complete work schedules, manage calendars, and arrange appointments. Type, format, proofread, and edit correspondence and other documents, from notes or dictating machines, using computers or typewriters.