1.42k likes | 1.72k Views
2009 FSO Conference. Welcome. Psychology of a Spy. Ron Olive. Break. Non-Possessing Facility Reviews. Gary Jantz. Non-Possessing Reviews (NPR) Content. Security Agreements Facility Data Approval Records (FDARs) Contract Security Classification Specification (CSCS) forms
E N D
Psychology of a Spy Ron Olive
Non-Possessing Facility Reviews Gary Jantz
Non-Possessing Reviews (NPR) Content • Security Agreements • Facility Data Approval Records (FDARs) • Contract Security Classification Specification (CSCS) forms • Central Personnel Clearance Index (CPCI) • Security Briefings
NPR Conduct • Scheduling • How • E-mail • Telephone • Snail Mail
NPR Results • Written report • Safeguards and Security Information Management System (SSIMS) • Distribution
Facility Clearance What is it? Administrative determination by the DOE/NNSA that a company is authorized to have access to classified information in performance of work on a classified contract at a DOE/NNSA and/or other approved site.
Facility Clearance Also referred to as: - Company Clearance - Contractor Company Clearance No Facility Clearance = No Classified Contract = No Personnel Security Access Authorizations
FSO Responsibilities All topics in this presentation are the responsibility of the FSO
Today’s Topics • Initial facility clearance processing • Maintaining a facility clearance • Terminating a facility clearance • Potential pitfalls • Additional considerations
Possessing Facility vs. Non-Possessing Facility • Possessing Facility: A contractor company that stores classified matter at its facility (reflected in Box 10b of the CSCS form) • Non-Possessing Facility: A contractor company that may access classified matter at DOE or other approved possessing facilities, but is not authorized to store classified matter at its facility.
Initial Facility Clearance–Required Elements – Majority of elements are processed concurrently: • Classified contract with CSCS form • Favorable Foreign Ownership, Control, or Influence (FOCI) determination • Key Management Personnel (KMP) access authorizations (i.e., clearances) and exclusions
Initial Facility Clearance– Required Elements – Continued • FSO designation and training • Security plan • Initial survey (possessors only) • Approved FDAR
CSCS Form–1st Required Element – • The CSCS form is referenced in contract security clauses, defining the security requirements of each contract. It shows the level and category of classified work/access required, classification guidance, place of performance, etc. • When a contract requires access authorization (i.e., classified contract), the Sandia Delegated Representative (SDR)/Sandia Contracting Representative (SCR) must complete a CSCS form and submit it to the Facility Clearance Team. • The completed CSCS form drives the initiation of the facility clearance.
Reciprocity • When does reciprocity apply? • If the contractor company already has an active Facility Clearance at another DOE/NNSA site (e.g., LANL, LLNL). • If the contractor company already has an active facility clearance with DoD (e.g., DSS). • If already cleared, the Facility Clearance Program only requires a CSCS form.
Favorable FOCI Determination– 2nd Required Element – • An invitation e-mail is sent to the company to request an e-FOCI account. • The FOCI submission is reviewed and—when the package is complete, including signed hard copies—it is sent to DOE/NNSA for determination. • Additional information may be requested from SNL and/or DOE/NNSA. • DOE/NNSA renders FOCI determination.
Question What happens if FOCI exceeds thresholds? The request for Facility Clearance is sent to DOE for determination. The company will work directly with DOE to mitigate the FOCI, if possible.
KMP Access Authorizations–3rd Required Element – • DOE/NNSA designates KMP (including the FSO) who require access authorizations. • The FSO works with the SDR to complete access authorization request forms. • KMP must be in process for access authorizations before the Facility Clearance can be granted. • KMP must be cleared at the same level as the Facility Clearance (i.e., level of highest contract).
KMP Access Authorizations–3rd Required Element – Continued • Excluded KMP • Certain KMP may be excluded from access to classified information and therefore do not require an access authorization • A Resolution for Exclusion is executed for these KMP by the board of directors or a similar body
FSO Designation–4th Required Element – • FSO Appointment Letter is required. • FSO must successfully complete FSO training. • Revised FSO Training is being developed for non-possessing facilities—deployment TBD.
Security Plan–5th Required Element – • Security Plans are currently required for Possessing Facilities. • Security Plans will soon be required for Non-Possessing Facilities (TBD): • Template is in development and will be added to the Annual FOCI Certification requirements
Initial Survey–6th Required Element – • Possessors – Satisfactory Initial Survey required before granting Facility Clearance • Survey performed by Sandia Site Office (SSO) • Non-possessors – Initial Survey not required. • Reviews are required every 5 years
FDAR–7th Required Element – • The FDAR documents the registration of a company’s Facility Clearance. • FDARs are registered in the DOE Safeguards & Security Information Management System (SSIMS) database. • SSIMS is the equivalent to the DoD Industrial Security Facilities Database (ISFD).
All Required Elements Met–Now What? – • FSO/SDR/SCR is notified that the Facility Clearance has been granted • Classified contract is awarded • Employee access authorizations are requested/granted • Classified work begins • FSO receives: • Notification of favorable FOCI determination – Keep for your records • Copy of FDAR for review • Copy of CSCS for review
FDAR Form–What to Look for – • Verify information on FDAR form is correct, particularly in blocks: • 5a, 5b - Facility Legal Name and any “Doing Business As” (DBA) name • 9 - Location • 13, 17 - Classified Mail Channel/Shipping, if appropriate • 16 - Appropriate Clearance Levels • 18 - Storage Capability of your Facility • 21 - FSO Contact Information • Provide copies of FDAR forms to auditors upon request.
CSCS Form–What to Look for – • Verify information on CSCS form is correct, particularly in blocks: • 4b/c - Verify the contract number and end date • 6 - General Statement of work identified • 7 - Name and address • 9b (DOE) and 9b (Non-DOE) - Actual place of performance of contract • 10 - Clearance and storage (level and category).Note: 10b indicates storage level at the contractor facility. If a category/level (other than “U”) is in this block, SNL- or DOE-owned classified information or matter is stored at the contractor’s facility. • 12 - Classified matter location • Provide copies of CSCS forms to auditors upon request
Maintaining a Facility Clearance • Annual FOCI certification • 5-Year FOCI recertification • Significant FOCI changes • Contract extensions • Changes to CSCS form • Changes to FDAR • Non-possessing facility reviews
Annual FOCI Certification • A reminder notice is sent to the company to complete the Annual FOCI Certification through e-FOCI • Review FDAR and CSCS forms provided to you for accuracy (new process) • Verification of all information on an SF 328, Certificate Pertaining to Foreign Interests • Report changes and provide documentation, such as: • Changes in KMP (needs new KMP list) • Changed financial conditions • Changes to company name and/or address • Changes that affect FOCI status
Annual FOCI Certification Continued • Mail original forms that require signature to the SNL Facility Clearance Team. • Non-possessing facility security plans will be requested in future Annual Certification reminder e-mails. • The Facility Clearance Team will send an e-mail to the FSO upon receipt of favorable DOE/NNSA determination.
5-Yr FOCI Recertification • A reminder notice is sent to the company to complete the 5-Year FOCI Recertification through e-FOCI. • Review FDAR and CSCS forms provided to you for accuracy. • A separate Annual FOCI Certification is not required when 5-Yr Recertification is due. • The full FOCI package must be submitted including all documents that were provided in the initial package. • A new KMP list is required. • Resolutions for Exclusion must be re-executed.
5-Yr FOCI Recertification • Mail original forms that require signature to the SNL Facility Clearance Team. • A non-possessing facility security plan will be requested in future 5-Year Recertification reminder e-mails. • You will be notified if and when your company’s Facility Clearance has been re-approved. When approved, you should receive: • Notification of favorable FOCI determination (Keep for your records) • Copy of FDAR for review • Copy of CSCS for review
Significant FOCI Changes • Significant Changes are those that could affect your Facility Clearance. • Changes in KMP (including FSO) • Mergers/buyouts (VERY IMPORTANT) • Company name and address change • Changed financial conditions (increased foreign indebtedness/revenue, bankruptcy) • Other changes that affect FOCI • Report as soon as possible via e-FOCI when changes are known, if between Annual and 5-Year cycle. • If you are unsure, call us. • Stay informed – Talk to your management about significant changes that may be on the horizon.
Contracts • Subsequent new contracts • New CSCS form generated • Contract extensions • Initiated by the SCR • Updated CSCS form generated and distributed to SCR/SDR/FSO. In both instances, review the CSCS form for accuracy and notify the Facility Clearance Team of any discrepancies.
Terminating a Security Activity vs. Terminating a Facility Clearance
Termination of Security Activity • Termination of a security activity only terminates the classified work on the contract. This occurs when the company/facility has other classified contracts (CSCS forms) tied to it. • Certificate of Non-Possession for that contract • Terminating CSCS form for that contract • Termination of access authorizations associated with that contract. Note: Access authorizations may be transferred to another active contract if personnel will be working on new contract. Note: Unclassified work may continue even if the classified portion of the contract is terminated.
Termination of Facility Clearance • Termination of the Facility Clearance occurs when there are no longer any classified contracts (security activities) tied to the company/facility. • Certificate of Non-Possession • Terminating CSCS form • Termination of access authorizations Note: Unclassified work may continue even if the classified portion of the contract is terminated.
Certificate of Non-Possession • A “Certificate of Non-Possession” or “Closeout Certificate” will be e-mailed to the FSO once a contract has terminated or classified portion of work has ended. This form MUST be filled out by the FSO and returned to the Facility Clearance Office within 48 hours. Note: If the Closeout Certificate reflects “LAST SNL INTEREST,” the certificate indicates that this is the last remaining contract with SNL. If no other contracts with DOE/NNSA exist, the company’s facility clearance (FOCI) will terminate. If other classified contracts with DOE/NNSA exist, responsibility for facility clearance will be transferred from SNL to the appropriate site (e.g., LANL).
Potential Pitfalls Could Affect Facility Clearance • Potential Pitfalls: • Unreported changes in FOCI information • FOCI issues • Failure to comply with Personnel Security requests • KMP not cleared • Failure to submit Annual Certification and 5-Year FOCI recertifications • Mergers/buyouts • Result – Suspension of Facility Clearance • Contract and badge extensions on a case-by-case basis • No new classified contracts or access authorizations • Potential Result – Termination of Facility Clearance • All classified work stops on all classified contracts • All access authorizations terminated
Additional Considerations • Company’s legal name vs. DBA name • Multiple facility organization • Home office vs. branch office • Tier parents • Subcontractors
Company Name • Legal name as recorded on company’s business registration paperwork • DBA names added separately • These names are recorded on the FDAR
Multiple Facility Organizations • Home office submits FOCI information for favorable determination and facility clearance. This clearance flows down to the branch office. • Branch office submits its own KMP list (Manager and FSO). • Branch office is assigned its own facility code.
Tier Parent Organizations • Parent companies must submit FOCI information for a favorable determination • Exclusions determined by DOE • Subsidiary submits its own FOCI information for its own facility clearance