1 / 20

Contract Security Classification Specification

Contract Security Classification Specification. DD-254 Guidance. DD 254 Roadmap. Justification Step by Step Common DSS findings. Why a DD-254?. The document provides the basis for a contractor to have a facility clearance (FCL) and have access to classified information.

owen-zimmerman
Download Presentation

Contract Security Classification Specification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Contract Security Classification Specification DD-254 Guidance

  2. DD 254 Roadmap Justification Step by Step Common DSS findings

  3. Why a DD-254? • The document provides the basis for a contractor to have a facility clearance (FCL) and have access to classified information. • DD-254 is the GCA’s direction for how to handle classified at the contractor’s location. • The document may be the only classification guidance provided to a contractor for a government contract. • The document may be used by a contractor to flow down classified requirements to a cleared sub-contractor or use as a basis to sponsor an uncleared sub-contractor. • The DD-254 can be used to have GCA’s concurrence when a contractor needs to flow down certain information to a sub-contractor, i.e. NATO, COMSEC, Top Secret, SAP, SCI, CNWDI. • DD-254s can be classified or unclassified as required. Normally they are unclassified.

  4. Examples of DD-254s • Block 1b is checked “N/A”. This indicates that there will be no classified work performed at the sub-contractor’s cleared facility. • If this block is “N/A” blocks 11b, c, and d should be checked “NO”.

  5. Examples of DD-254s • Block 2a should show the Prime Contract number but should not be checked for a sub-contract DD-254. • Block 2b should be checked and show the sub-contract number. • Block 2c is normally not used with a sub-contract.

  6. Examples of DD-254s • Block 3a should be checked and show the date the original DD-254 was signed. • Block 3b should be checked if it is a revised DD-254, show a revision number and a date that the revision was issued. • Block 3a in a revised DD-254 should show the original date of the DD-254 but with no check mark.

  7. Examples of DD-254s • These two blocks are self-explanatory.

  8. Examples of DD-254s Blocks 6a, b, & c should show the prime contractor’s name, cage code and CSA. Blocks 7a, b, & c should show the sub-contractor’s name, cage code and CSA. Blocks 8a, b, & c should show the actual place of performance. If it this a Military base then the cage code is left blank and the CSA will be a military Security office. The Military normally has security cognizance on military installations. Block 8 can have “See attached” or “See Block 13” if there are multiple places of performance.

  9. Examples of DD-254s Block 9 gives an unclassified description of the work to be performed.

  10. Examples of DD-254s Requires GCA approval – NISPOM 9-304 • Blocks 10a if checked “YES” requires GCA approval for access to classified COMSEC – NISPOM 9-407 • Blocks c, e (1), and g, if checked “yes” require GSA approval – NISPOM 9-204, 9-304, and 10-708 respectively. • Block e(2) checked “yes” gives the contract authority to access “NOFORN”. • Blocks 10f may require PSO approval prior to sub-contracting.

  11. Examples of DD-254s • This sub-contract was issued for work to be performed on a military installation. Blocks 11a should be checked “YES”. • 11c should be checked “NO”. Block 1b of this sub-contract is checked “N/A”. • 11e is always be checked “YES” if block 11a is checked “YES”. • 11j is checked yes and OPSEC guidance should be provided the sub-contractor by the prime contractor.

  12. Examples of DD-254s • This is a self-explanatory box.

  13. Examples of DD-254s • Block 13 is used to provide security guidance to the sub-contractor. • It can also be used to show additional locations of performance and any securityrelevant information.

  14. Examples of DD-254s Block 14 is used to provide additional security guidance.

  15. Examples of DD-254s This block provides guidance on who has security oversite of the contract or sub-contract. This block may be checked “yes” when there is SAP or SCI.

  16. Examples of DD-254s • These blocks are self-explanatory.

  17. Conclusion A prime contractor can never flow to a sub-contractor greater responsibility than what is listed on the prime contract DD-254. A prime contractor can flow down lesser responsibilities. All classified work performed at a “other contractor’s facility or government activity” is “services only” unless the contractor or sub-contractor has a cleared facility at the other site. Do not flow down requirements to your sub-contractor if that sub-contractor has no reason to have the information at that facility.

  18. DSS Noted DD-254 Errors • Contracting Officers and Contractors writing DD-254s showing that work will be on a government location or other contractor’s facility but show that possessing of classified will not be required at the contractor or sub-contractor facility. • Conflicting information within the DD-254s. • No indication where the actual performance will conducted. • No actual guidance is provided by the DD-254 to the contractor. • Contractors using incorrect DD-254s received from the GCA’s Contracting Officer to flow down incorrect information to the sub-contractor. • Sub-contract DD-254s giving the sub-contractor more that is shown on the prime contract DD-254. • Flowing down requirements to the sub-contractor that is not required or necessary. • Generating prime and sub-contract DD-254s that are for unclassified work. • GCA’s approval to flow down to sub-contractors not granted for COMSEC, CNWDI, SCI, SAP, NATO, & LIMDIS. • Requirements for DTIC, COMSEC Account, Tempest and OPSEC at the contractor’s facility but really required at the remote location, i.e. government activity or other contractor’s facility.

  19. Questions?

  20. Brought to you by: ISR Tom Morgan ISR Kathi Varner Ronald Dimicco

More Related