200 likes | 347 Views
Contract Security Classification Specification. DD-254 Guidance. DD 254 Roadmap. Justification Step by Step Common DSS findings. Why a DD-254?. The document provides the basis for a contractor to have a facility clearance (FCL) and have access to classified information.
E N D
Contract Security Classification Specification DD-254 Guidance
DD 254 Roadmap Justification Step by Step Common DSS findings
Why a DD-254? • The document provides the basis for a contractor to have a facility clearance (FCL) and have access to classified information. • DD-254 is the GCA’s direction for how to handle classified at the contractor’s location. • The document may be the only classification guidance provided to a contractor for a government contract. • The document may be used by a contractor to flow down classified requirements to a cleared sub-contractor or use as a basis to sponsor an uncleared sub-contractor. • The DD-254 can be used to have GCA’s concurrence when a contractor needs to flow down certain information to a sub-contractor, i.e. NATO, COMSEC, Top Secret, SAP, SCI, CNWDI. • DD-254s can be classified or unclassified as required. Normally they are unclassified.
Examples of DD-254s • Block 1b is checked “N/A”. This indicates that there will be no classified work performed at the sub-contractor’s cleared facility. • If this block is “N/A” blocks 11b, c, and d should be checked “NO”.
Examples of DD-254s • Block 2a should show the Prime Contract number but should not be checked for a sub-contract DD-254. • Block 2b should be checked and show the sub-contract number. • Block 2c is normally not used with a sub-contract.
Examples of DD-254s • Block 3a should be checked and show the date the original DD-254 was signed. • Block 3b should be checked if it is a revised DD-254, show a revision number and a date that the revision was issued. • Block 3a in a revised DD-254 should show the original date of the DD-254 but with no check mark.
Examples of DD-254s • These two blocks are self-explanatory.
Examples of DD-254s Blocks 6a, b, & c should show the prime contractor’s name, cage code and CSA. Blocks 7a, b, & c should show the sub-contractor’s name, cage code and CSA. Blocks 8a, b, & c should show the actual place of performance. If it this a Military base then the cage code is left blank and the CSA will be a military Security office. The Military normally has security cognizance on military installations. Block 8 can have “See attached” or “See Block 13” if there are multiple places of performance.
Examples of DD-254s Block 9 gives an unclassified description of the work to be performed.
Examples of DD-254s Requires GCA approval – NISPOM 9-304 • Blocks 10a if checked “YES” requires GCA approval for access to classified COMSEC – NISPOM 9-407 • Blocks c, e (1), and g, if checked “yes” require GSA approval – NISPOM 9-204, 9-304, and 10-708 respectively. • Block e(2) checked “yes” gives the contract authority to access “NOFORN”. • Blocks 10f may require PSO approval prior to sub-contracting.
Examples of DD-254s • This sub-contract was issued for work to be performed on a military installation. Blocks 11a should be checked “YES”. • 11c should be checked “NO”. Block 1b of this sub-contract is checked “N/A”. • 11e is always be checked “YES” if block 11a is checked “YES”. • 11j is checked yes and OPSEC guidance should be provided the sub-contractor by the prime contractor.
Examples of DD-254s • This is a self-explanatory box.
Examples of DD-254s • Block 13 is used to provide security guidance to the sub-contractor. • It can also be used to show additional locations of performance and any securityrelevant information.
Examples of DD-254s Block 14 is used to provide additional security guidance.
Examples of DD-254s This block provides guidance on who has security oversite of the contract or sub-contract. This block may be checked “yes” when there is SAP or SCI.
Examples of DD-254s • These blocks are self-explanatory.
Conclusion A prime contractor can never flow to a sub-contractor greater responsibility than what is listed on the prime contract DD-254. A prime contractor can flow down lesser responsibilities. All classified work performed at a “other contractor’s facility or government activity” is “services only” unless the contractor or sub-contractor has a cleared facility at the other site. Do not flow down requirements to your sub-contractor if that sub-contractor has no reason to have the information at that facility.
DSS Noted DD-254 Errors • Contracting Officers and Contractors writing DD-254s showing that work will be on a government location or other contractor’s facility but show that possessing of classified will not be required at the contractor or sub-contractor facility. • Conflicting information within the DD-254s. • No indication where the actual performance will conducted. • No actual guidance is provided by the DD-254 to the contractor. • Contractors using incorrect DD-254s received from the GCA’s Contracting Officer to flow down incorrect information to the sub-contractor. • Sub-contract DD-254s giving the sub-contractor more that is shown on the prime contract DD-254. • Flowing down requirements to the sub-contractor that is not required or necessary. • Generating prime and sub-contract DD-254s that are for unclassified work. • GCA’s approval to flow down to sub-contractors not granted for COMSEC, CNWDI, SCI, SAP, NATO, & LIMDIS. • Requirements for DTIC, COMSEC Account, Tempest and OPSEC at the contractor’s facility but really required at the remote location, i.e. government activity or other contractor’s facility.
Brought to you by: ISR Tom Morgan ISR Kathi Varner Ronald Dimicco