[Back] |
[Index] |
[Next] |
CHAPTER 3
NATIONAL DISCLOSURE POLICY
A. INTRODUCTION
1. The National Disclosure Policy (NDP), the policy that governs the disclosure of United States CMI to foreign governments and international organizations, stems from NSDM 119 (reference t). The Secretaries of State and Defense, consulting as appropriate with other Department and Agency heads, are jointly assigned the responsibility for implementing NSDM 119. NDP-1 (reference s) is the interagency document which implements this policy. It is issued by the Secretary of Defense with the concurrence of the Secretaries of State and Energy and the Director of Central Intelligence (DCI). This assignment of responsibility includes:
a. The establishment and management of an interagency mechanism (the National Military Information Disclosure Policy Committee (NDPC)) and implementing procedures.
b. The promulgation of specific disclosure criteria and limitations, definitions of terms, and other guidance governing decisions on the disclosure of CMI.
c. The continuing review of intelligence and the conduct of on-site surveys to determine the capability of foreign recipients to provide CMI the requisite degree of security protection.
d. The submission of an annual report to the NSC covering the highlights of the program, including exceptions to policy that were approved during the reported year.
e. The negotiation of General Security Agreements (GSAs) or other bilateral security arrangements with foreign governments, outlining the responsibilities of both parties pertaining to the safeguarding of classified information provided by the other party. These agreements are described under Section H, below.
f. The development and issuance of instructional guidance to be uniformly applied by all personnel involved in any manner with international programs through which classified military information (CMI) may be disclosed.
2. DoD Directive 5230.11 (reference dd) implements the National Disclosure Policy within the Department of Defense.
B. CLASSIFIED MILITARY INFORMATION (CMI)
a. Category 1 - Organization, Training And Employment Of Military Forces. Military information of a general nature necessary to the organization of military, paramilitary or irregular forces. It includes those tactics, techniques and tactical doctrine (including military intelligence and counterintelligence doctrine and techniques) necessary to train and employ those forces. This category does not include specific technical data and training needed to operate and maintain individual items of military material and munitions.
b. Category 2 - Military Materiel And Munitions. All military materiel, arms and munitions procured and controlled by the U.S. Government for the equipage, operation, maintenance and support of its military forces or the military, paramilitary or irregular forces of its allies. This category includes items developed by U.S. private interests as a result of U.S. Government contracts or derived from technology paid for by the U.S. Government. Items on the USML proposed for sale by U.S. private interests under the ITAR (reference c) or items specifically covered by other U.S. Government prescribed export control regulations fall within this definition. (Items under development fall under Category 3.) This category also comprises information to include technical data and training necessary to operate, maintain or support specific military materiel, arms or munitions. It does not include information and techniques used to produce, coproduce or manufacture the item.
c. Category 3 - Applied Research And Development Information. Classified military information resulting from the extension of fundamental theories, designs and data from purely theoretical or experimental investigation into possible military applications. This includes research, the construction and testing of prototypes and design changes affecting qualitative performance during the service life of an item. This also includes engineering data, general operational requirements, concepts and military characteristics required to adopt the item for production. Development ceases when materiel has completed operational suitability testing or has for all practical purposes been adopted for military use or production. It includes tactics, techniques and tactical doctrine pertaining to specific equipment not yet in production or not yet approved for adoption of U.S. forces. It includes military information, materiel or munitions under development by U.S. private interests as a result of U.S. Government contracts, or derived from technology paid for by the U.S. Government.
d. Category 4 - Production Information. Designs, drawings, chemical and mathematical equations, specifications, models, manufacturing techniques, software source code and related information (excluding Category 2 and 3 information) necessary to manufacture or substantially upgrade military materiel and munitions. The following information is furnished to further clarify the definition of Production Information:
(1) Manufacturing information (more sensitive than Build-to-Print or Assembly information): This includes the know-how, techniques and processes required to produce or substantially upgrade military materiel and munitions. A manufacturing process or technique is a set of instructions for transforming natural substances into useful materials (metals, plastics, combustibles, explosives, etc.) or for fabricating materials into aerodynamic, mechanical, electronic, hydraulic or pneumatic systems, subsystems and components. Software source code including related documentation that describes software or development know-how for a particular U.S. warfare system which has completed Acquisition Milestone II (Development Approval) or documentation used for production thereof are considered to be design and manufacturing data and equivalent to Category 4 Production Information. A manufacturing data package describes how to manufacture, test and accept the item being produced and what tools and processes are required. Types of manufacturing information include drawings, process sheets, wiring diagrams, instructions, test procedures and other supporting documentation. Software source code and software documentation that contain or allows access/insight to classified algorithms or design rationale are considered to be manufacturing information requiring NDPC review and approval. Unclassified software source code and software documentation that is required for minor software maintenance, interface/integration, or to make administrative changes to tables, symbology, markers, displays will be handled through normal technology transfer channels and does not require NDPC review. Such information will normally be considered for release to foreign customers who possess an indigenous weapon system or verifiable country unique operation or maintenance requirement the United States is willing to support. Manufacturing information classified solely because of related Category 2 information should be handled as Category 2 information.
(2) Build-to-Print Information (more sensitive than Assembly information): Assumes the country receiving the information has the capability to replicate an item, sub-system or component from technical drawings and specifications alone without technical assistance. Release of supporting documentation (e.g. acceptance criteria, object code software for numerical controlled machines) is permissible. Release of any information which discloses design methodology, engineering analysis, detailed process information or manufacturing know-how associated with the end item, its subsystems or components is excluded. Build-to-Print information is not considered NDP Category 4 information. Disclosure of Build-to-Print information is approved through normal technology transfer channels unless other NDP categories are involved which require NDPC review and approval.
(3) Assembly Information. Normally associated with hardware (parts or kits to be assembled, special tooling or test equipment to accomplish specific tasks) and information which allows assembly and testing of the finished product. Only top level drawings will be released. Detailed assistance is not to be provided if such assistance would provide production or manufacturing techniques. The level and depth of assembly or coassembly allowed is subject to negotiation and defined in the coassembly or coproduction agreement. Assembly information is not considered Category 4 Production Information. Disclosure of Assembly information must be approved through normal technology transfer channels unless other NDP categories are involved which require NDPC review and approval.
e. Category 5 - Combined Military Operations, Planning And Readiness. That information necessary to plan, assure readiness for and provide support to the achievement of mutual force development goals or participation in specific combined tactical operations and exercises. Includes installations and facilities located within territory under the jurisdiction of, or of direct concern to, the recipient foreign government or international organization. This category is limited to that information on installations and facilities as well as readiness, planning and operational information which is necessary to further specific multilateral or bilateral plans and agreements for common defense purposes between the United States and the recipient. It does not include strategic planning and guidance or North American Defense information.
f. Category 6 - U.S. Order Of Battle. Information pertaining to U.S. forces located within territory which is under the jurisdiction of a recipient government or is otherwise of direct concern to a foreign government or international organization. In general, authorization is limited to U.S. Order of Battle in the recipient countries or in adjacent geographical areas.
g. Category 7 - North American Defense. North American Defense Information is that which concerns plans, programs, projects, operations and certain specific technical data pertaining to equipment directly related to North American Defense, especially when it is originated by or under the mission and control of the Space Command (formerly the North American Aerospace Defense Command (NORAD)). North American Defense Information includes, but is not limited to:
(1) Plans and related documents prepared by combined United States/Canada defense agencies.
(2) Information concerning U.S. operational and logistical plans for employment of reserve forces.
(3) Information revealing the vulnerability of a North American Defense area, or a vulnerability or official appraisal of the combat readiness of any unit or facility, or the effectiveness of North American Defense systems.
h. Category 8 - Military Intelligence. Information of a military character pertaining to foreign nations. This category of information does not include national intelligence or sensitive compartmented information under the purview of the Director of Central Intelligence (DCI).
C. DISCLOSURES NOT COVERED BY THE NDP
The NDP does not govern the disclosure of the following types of information:
1. Classified information the disclosure of which is prohibited by Federal law or international agreement.
2. Naval nuclear propulsion information, except under an agreement negotiated under the Atomic Energy Act of 1954, as amended (reference g).
3. Proprietary information owned by private firms or citizens without the owner's consent. If release is authorized by legislation, that legislation will govern the release. (Note: While the private firm may retain property rights, foreign disclosure of any classified information is governed by the NDP-1.)
4. National or interdepartmental intelligence produced within the National Foreign Intelligence Board structure without the permission of the Director of Central Intelligence (DCI).
5. National security telecommunications and information systems security information (INFOSEC), communications security (COMSEC) and signals intelligence (SIGINT). The National Security Telecommunications and Information Systems Security Committee (NSTISSC) controls the release of INFOSEC. The Director of Central Intelligence SIGINT Committee controls the release of SIGINT information. Information that has been sanitized to delete the controlled INFOSEC and SIGINT information is governed by NDP-1.
6. Operational counterintelligence information, the disclosure of which is the responsibility of the DCI
7. Atomic information, disclosures of which are made in accordance with the Atomic Energy Act of 1954. The Joint Atomic Information Exchange Group (JAIEG) organized under the Defense Nuclear Agency (DNA) is responsible for reviewing these releases.
8. Strategic planning and guidance. Only the Secretary of Defense or the Deputy Secretary of Defense may authorize the disclosure of this information.
D. DISCLOSURE AUTHORITY
1. The Secretary of Defense and the Deputy Secretary of Defense hold original authority to disclose classified military information (CMI) and grant exceptions to disclosure policy.
2. The Secretary of Defense, through DoD Directive 5230.11, has delegated authority to the following DoD officials to disclose CMI originated by or under the control of their organizations.
a. The Secretaries of the Military Departments.
b. The Chairman of the Joint Chiefs of Staff.
c. The Under Secretary of Defense for Policy.
d. The Under Secretary of Defense for Acquisition and Technology.
e. The Assistant Secretary of Defense for Command, Control, Communications and Intelligence.
f. The Director, Defense Intelligence Agency.
g. The Director, National Security Agency/Central Security Service.
3. Each of these officials must appoint a senior official in writing to be the Principal Disclosure Authority (PDA) within that Component. The officials or their PDA may also delegate disclosure authority to the heads of commands, agencies and major staff elements under their authority. These heads of commands, agencies and major staff elements must then in turn appoint a Designated Disclosure Authority (DSA) to control disclosures of CMI by his or her organization.
4. The Principal Disclosure Authorities for the above organizations are listed at Appendix A. They are responsible for:
a. Controlling disclosures within their respective Component.
b. Ensuring the competency of subordinate officials appointed as designated disclosure officials.
c. Ensuring coordination of their proposed disclosure actions with other DoD Components having a joint or shared interest in the information.
d. Appointing a member and alternate to represent their Component on the National Military Information Disclosure Policy Committee (NDPC).
e. Ensuring that their Component enters disclosure decisions into the Foreign Disclosure and Technical Information System (FORDTIS) in accordance with DoD Instruction 5230.18 (reference nn).
f. Coordinating requests for disclosures of CMI involved in litigation with the DoD or Component General Counsel, as appropriate.
g. Ensuring that persons traveling overseas receive disclosure guidance and are knowledgeable of and comply with overseas travel policy in DoD 5200.1-R, (reference oo).
5. The delegation of disclosure authority must be in writing and clearly state the limits of the authority. The means of delegating disclosure authority normally is by a Delegation of Disclosure Authority Letter (DDL) or a Component regulation. Broad disclosure authority normally is promulgated in Component regulations. The DDL normally is used for individual programs and is discussed in detail in Chapter 8.
E. DISCLOSURE DECISIONS
1. General. The National Disclosure Policy establishes the framework in which foreign disclosure decisions are made by Principal or Designated Disclosure Authorities. In making a disclosure decision these officials must assure that:
a. The proposed disclosure is in support of a lawful and authorized Government purpose.
b. Their Component is the originator of the information. If another DoD Component or U.S. Government Department is the originator, the request or proposal must be forwarded to that Component or Department for a decision.
c. The disclosure meets all disclosure criteria (see Subsection 2, below).
d. The classification level of the CMI does not exceed the classification level that has been delegated for the subject matter category and specific nation or organization as described in Annex A, NDP-1 or Component implementing regulations or Delegation of Disclosure Authority Letter (DDL).
e. The disclosure is consistent with applicable Disclosure Policy Statements in Annexes B and C, NDP-1.
f. Other DoD Components having joint or shared interest in the information must be consulted and agree to the disclosure.
2. Disclosure Criteria.
a. A decision to disclose CMI must satisfy each of the following five criteria. Failure to satisfy any one of the criteria is cause for denial unless the proponent of the disclosure believes disclosure would result in a clearly defined benefit to the United States and an exception to the NDP is obtained as described in Section G, below. The criteria are:
(1) Disclosure of the information is consistent with U.S. foreign policy objectives toward the recipient nation or organization or geographical region. For example, explain how:
(a) The disclosure supports a mutual security or similar agreement.
(b) The prospective recipient government cooperates with the United States in pursuance of military or political objectives that are compatible with those of the United States and the proposed disclosure contributes to the furtherance of those objectives.
(2) Disclosure of the information is consistent with, and will not jeopardize, U.S. military and security objectives. To ensure that this criteria is met, the decision-maker must:
(a) Determine if disclosure would result in any possible damage to U.S. military capabilities or plans if a compromise occurs.
(b) Determine the level of technology or sensitivity of information involved, its foreign availability and its criticality to U.S. systems or plans.
(c) Determine the susceptibility of the information or technology to compromise or reverse engineering and the capability of the recipient to exploit the knowledge that is gained.
(d) Use the above assessment results to formulate an analysis of the risks versus gains and develop alternatives to minimize or prevent damage, such as time-phasing of disclosures, withholding of certain information or developing an export version of the hardware.
(3) The prospective recipient will afford the information substantially the same degree of protection as the United States provides it. This criterion is based on the AECA and E.O. 12356, as discussed in Chapter 2. It requires an evaluation of the proposed recipient government's or organization's capability and intent to protect the information.
(a) The existence of a General Security Agreement (GSA) is normally sufficient to infer the intent of the recipient. Annex A of NDP-1, lists the countries covered by such agreements. (The list is classified and is releasable to Government Agencies only. Contractors can verify the existence of these agreements with their Defense Investigative Service (DIS) Cognizant Security Office (CSO)).
(b) Validation of the capability of the recipient to provide the necessary degree of protection is generally based on three sources of information. First, the NDPC periodically visits the countries with which the U.S. Government shares CMI. The NDPC reports on these visits contain a description of each country's security program. Copies of the reports are provided to each Department or Agency represented on the NDPC. Second, the NDPC also tasks the intelligence community to provide an assessment of foreign government security programs and their compliance therewith. These reports are also provided to NDPC member Departments and Agencies. Third, the intelligence community can be tasked to provide special reports related to specific technologies and capabilities.
(4) Disclosure will result in benefits to the United States which are at least equivalent to the value of the information disclosed.
(a) The benefits may be a contribution to U.S. political, military, or economic objectives in relation to the recipient(s) or region. Primary issues to be considered are standardization and interoperability of equipment; increased defensive capability for an important ally; or support of an important political objective.
(b) Economic benefit alone is not an acceptable basis for sharing CMI. However, programs that satisfy other requirements and have a positive impact on the U.S. industrial and technology bases generally will receive a favorable review.
(c) Establishment of, or continued good relations with the recipient is normally not an acceptable benefit in a single disclosure or export. Such relations rarely hinge on a single decision. However, foreign government support or participation in a specified military objective may result in an important advantage to the United States.
(5) The information to be disclosed must be limited to that which is necessary to fulfill the purpose of the disclosure. For example, if the purpose of the disclosure is to support the sale of an item of equipment, the recipient government is entitled to receive information necessary for operating and maintaining it and for training. Other information, such as research and development and production information would be withheld.
3. Disclosure Conditions
a. Once the decision has been made that CMI can be disclosed to a foreign government or international organization, actual release is dependent upon the recipient agreeing to certain minimal conditions. These conditions are:
(1) The recipient will not reveal the information to a third-country government, national, organization or other entity of a third country without the written permission of the originator.
(2) The recipient will afford the information substantially the same degree of security protection as the United States affords to it.
(3) The recipient will use the information only for the purpose for which it was provided.
(4) The recipient will report promptly and fully to U.S. authorities any known or suspected loss or compromise of U.S. CMI released to it.
(5) Individuals who are to be given access will have a need to know and security clearances granted by their government at a level at least equal to that of the CMI. Facilities must have at least an equal level of facility clearance and storage capability, if applicable, granted by their government (See Chapter 6).
(6) Transfer of the information will be through government-to-government channels (See Chapter 6).
(7) Visits will be permitted by security experts to review and discuss each other's security policies and practices for protecting CMI.
(8) The recipient must agree to abide by or meet U.S.-specified special terms and conditions for the release of U.S. information or material.
b. If there is a general security agreement (see Section H., below) with the intended recipient government, the above conditions normally will be satisfied by the terms of that agreement. Therefore, for bilateral government-to-government programs (e.g., FMS, coproduction, cooperative research and development) the security requirement normally can be satisfied by referencing the applicable security agreement in the sales contract or program agreement. However, in those cases where there is no security agreement with the intended recipient government, and in the case of commercial sales, other solutions are necessary, as described below.
c. When there is no general security agreement or equivalent agreement with the intended recipient government, the specific security conditions must be included in the government sales contract or program agreement, or in a separate program security agreement. The contract or agreement must specify that the security conditions will apply as long as the recipient has the U.S. information or system in its custody.
d. Requests for commercial export authorizations that will involve the transfer of significant military equipment (see definitions) or classified information must be accompanied by a Department of State form DSP-83, Non-transfer and use Certificate, with all items properly completed and signed. If classified information is involved, the form must be signed by an official of a foreign government agency that has the authority to commit the government to compliance with the certification contained therein (see Sections 124.10 and 125.3(a) of the ITAR. The foreign end-user should be consulted to identify the responsible government agency. The signature of an appropriate foreign government official is accepted as recognition that the transfer is for government purposes and, therefore, that the classified material will be protected in compliance with a general security agreement, or other legally binding government-to-government security agreement with the recipient government. However, if there is no general security agreement or other government-to-government agreement containing required security principles, such agreement will be necessary prior to the transfer of the material. This can be achieved by an exchange of diplomatic notes or by a security MOU for the specific transaction. The CSO or U.S. designated government representative will provide information to contractors on the existence of specific agreements, as required. If a foreign government refuses to sign the Form DSP-83, citing an existing agreement as the basis for its refusal, that government should be requested to contact the Department of State, Office of Defense Trade Controls, in writing, through its embassy in Washington, DC to address the requirement. The correspondence must cite the pertinent agreement and certify that the material to be transferred is for government purposes and will be protected in compliance with the cited agreement.
4. Limitations On Disclosure Authority. The disclosure authority delegated to Principal and Designated Disclosure Authorities is limited as follows:
a. Classified information officially obtained from a foreign government may not be disclosed unless the originating government specifically agrees in writing to further disclosure.
b. Combined military information may not be disclosed unless all parties agree in writing.
c. Joint information may not be disclosed without prior written agreement of all Departments and Agencies having control or jurisdiction.
d. Information originated by or for another Department or Agency may not be disclosed unless that Department or Agency consents in writing to the disclosure.
e. Disclosures of intelligence information shall be governed by the requirements of section I, subparagraph 5.c.(2) and section II, subparagraph 5.b.(7) of NDP-1. (NOTE: These requirements are classified and therefore cannot be described in this Handbook.)
f. Disclosure under subparagraph a. through c., above, must be reported to the Foreign Disclosure and Technical Information System (FORDTIS) by the organization that makes the disclosure; disclosures under subparagraphs d. and e. must be reported by the organization that authorizes the disclosure. The FORDTIS is discussed in paragraph 8, below.
5. Security Assurances. Designated disclosure authorities shall not authorize the disclosure of CMI to a foreign national prior to the receipt of a security assurance from the sponsoring foreign government or international organization concerning the facilities and individuals that ultimately are to receive the information (see Chapters 6 and 7).
6. False Impressions. There are two policies which prohibit disclosures or releases that might create a false impression that the DoD is willing to provide defense articles or information to foreign entities. The first concerns the disclosure of classified information, material or technology. The second deals with the furnishing of funds, goods and services to foreign governments and international organizations in a foreign assistance program.
a. NDP-1 prohibits creating false impressions of the U.S. Government's readiness to make available CMI, including classified equipment and technology. Accordingly, proposals to or discussions with representatives of foreign governments and international organizations which result from either U.S. or combined initial planning and which will lead to the eventual disclosure of classified military equipment, technology, or information, including intelligence threat data or countermeasures information, must be authorized in advance by designated disclosure officials in the Departments and Agencies originating the information, or if the disclosure of any CMI to be involved will require an exception to NDP-1, by the Secretary of Defense, Deputy Secretary of Defense or the NDPC, in accordance with DoD Directive 5230.11.
b. DoD Directive 2100.3 (reference pp) prohibits "*** an individual representing the U.S. [from making] commitments, express or implied, to furnish funds, including long term credit arrangements, goods or services to foreign governments (the terms foreign government and foreign official shall include officials of any international organization or supra-national authority as well as of any foreign national government) without:
(1) Appropriate governmental clearances;
(2) Satisfactory assurance that such commitments (a) can and will be met, and (b) do take into account the best interests of the U.S. in the use of its resources; and
(3) A clear understanding with the recipient about the nature, scope and time-span of the commitment."
7. Disclosures Related To Actual Or Potential Hostilities. Under conditions of actual or imminent hostilities, any Unified Commander may disclose CMI through TOP SECRET to an actively participating allied force when support of combined combat operations requires it. The U.S. Commander must notify the Chairman of the Joint Chiefs of Staff (JCS) immediately of such disclosures. The Chairman of the JCS, in turn, must notify the Office of the Under Secretary of Defense for Policy, ATTN: Chair, NDPC. The Chair will determine whether any limitations are necessary on continuing disclosure of the information. The U.S. Commander will receive appropriate instructions through the Chairman, JCS.
8. Reporting Of Disclosure Decisions. All disclosures and denials of CMI must be reported in the Foreign Disclosure and Technical Information System (FORDTIS). DoD Instruction 5230.18 applies.
a. FORDTIS is an automated system used to staff and record cases and provide reference data support in fulfilling Department of Defense responsibilities assigned by the NDP-1, the AECA, and the EAA (reference e). It supports the implementation of departmental policies contained in DoD Directive 2040.2, (reference qq, DoD Directive 5230.11, DoD Directive C-5230.23 (reference q), and DoD Instruction 5230.20, (reference ff). Decisions on the release of CMI; liaison officer certifications; personnel exchanges; munitions, Commerce Control List (CCL), and international export control regime license applications whwn they are required; and NDP exception cases (NDPE) are recorded in FORDTIS. Foreign government visit requests are processed and recorded in the separate Foreign Visit System (FVS).
b. The purpose of FORDTIS is to assist decision-makers and analysts in reviewing, coordinating and reaching decisions on proposals to release classified military information and technology to foreign nations and international organizations. If the system is to satisfy this purpose, the reporting requirements of DoD Instruction 5230.18 must be satisfied by all DoD components.
F. THE NDPC
1. Functions. The NDPC is responsible for formulating, issuing, administering and monitoring the implementation of the NDP. It may grant exceptions to the NDP under the authority granted by the Secretary of Defense. Normally, only committee members may sponsor requests for exceptions to policy. Agencies that are not represented on the Committee must obtain disclosure authority from the Deputy to the Under Secretary of Defense (Policy) for Policy Support (DTUSD(P)PS). The NDPC also conducts security survey visits to perform evaluations of the security programs of foreign governments and international organizations.
2. Committee Membership. By agreement between the Secretaries of State and Defense, a representative of the Secretary of Defense chairs and provides administrative support for the NDPC. The Under Secretary of Defense (Policy) designates the Chairperson. The Director, International Security Programs, Office of the DTUSD(P)PS provides the Executive Director, Executive Secretary and administrative support of the Committee. There are two categories of Committee members.
a. General members have a broad interest in all aspects of Committee deliberations and therefore, vote on all issues that come before the committee. They are:
(1) The Secretary of State.
(2) The Secretary of Defense.
(3) The Secretaries of Army, Navy, and Air Force.
(4) The Chairman of the Joint Chiefs of Staff (also represents the Commanders of the Unified Commands).
b. Special members have a significant interest in some, but not all, aspects of committee deliberations. They normally vote only on those issues in which they have a direct interest. They are:
(1) The Secretary of Energy.
(2) The Director of Central Intelligence.
(3) The Under Secretary of Defense for Policy (USD(P)).
(4) The Under Secretary of Defense for Acquisition and Technology (USD(A&T)).
(5) The Assistant Secretary of Defense for Command, Control, Communications and Intelligence (ASD (C3I)).
(6) The Assistant to the Secretary of Defense (Atomic Energy).
(7) The Director, Defense Intelligence Agency.
(8) The Director, Ballistic Missile Defense Organization.
(9) The Director, U.S. Arms Control and Disarmament Agency.
G. REQUESTS FOR AN EXCEPTION TO NATIONAL DISCLOSURE POLICY
1. A proposed disclosure would have to be denied or, if the proponent of the disclosure desires to pursue a disclosure, an exception to the disclosure policy would be required for one or more of the following reasons.
a. A proposed disclosure may not satisfy NDP disclosure criteria described in subparagraph E.2., above.
b. The proposed disclosure may be inconsistent with one or more of the policy statements in Annexes B and C in NDP-1.
c. The classification assigned to the information to be disclosed may exceed the delegated disclosure authority level in NDP-1.
d. The proposed recipient cannot comply with the conditions listed in section E.3., above.
e. The information to be disclosed may be under the jurisdiction of, or shared by another Department or Agency which does not support the disclosure.
2. If one or more of the above situations apply, but it is believed that a disclosure will result in a clearly defined benefit to the United States, an exception to policy may be requested. Requests for exceptions to policy must be forwarded through channels to the official who represents the requester's organization on the NDPC. Departments and Agencies of the U.S. Government that do not have access to any of the NDPC members may address their requests to the Chair, NDPC. A request for an exception to the NDP must include the information required in Appendix B. The request must represent a fully coordinated position of the requesting Department or Agency. The NDPC Executive Secretary ensures that all members having an interest in the request for exception to policy receive a copy. The members must respond with a fully coordinated position of their Department or Agency within 10 working days. If there is not unanimous agreement on the proposed disclosure, the Committee Chairman must formulate a proposed "Chairman's decision" and inform the members of the decision, again within 10 working days. The decision of the Chair will become final unless successfully appealed to the Secretary or Deputy Secretary of Defense by the cognizant Department or Agency head or PDA within 10 working days.
H. SECURITY AGREEMENTS.
After a favorable disclosure decision is made, actual transfer of CMI cannot occur until the intended recipient government agrees to the conditions described in Subsection E.3., above. The existence of a General Security Agreement (GSA) or equivalent, and, if applicable, an Industrial Security Agreement normally will satisfy this requirement. (Note: The General Security Agreement also is known as a General Security of Information Agreement (GSOIA) and General Security of Military Information Agreement (GSOMIA). In general, agreements negotiated prior to 1970 cover all classified information. The agreements negotiated since 1970, in most cases, cover only classified military information. Confidentiality requested by some of the foreign governments prevents a listing of the countries that have executed these agreements. However, this Handbook contains the pertinent requirements for such agreements. Additional information on the agreements may be obtained from the responsible Designated Disclosure Authority or Cognizant Security Office.
1. The GSA, negotiated through diplomatic channels, requires each party to the agreement to afford to the classified information provided by the other substantially the same degree of security protection afforded it by the releasing government. (Note: It is for this reason that, in some cases, foreign government information must be protected differently than U.S. classified information.) It contains provisions concerning limits on the use of each government's information, including restrictions on third party transfers and proprietary rights. It provides for the reporting of losses or compromises or possible losses or compromises of classified information. It does not commit governments to share classified information, and the existence of such an agreement with a particular country does not constitute authority to release classified material to that government. It does commit each government to protect the other's classified information if a decision is made to provide the information. It also satisfies, in part, the eligibility requirements of the AECA (reference b) concerning the agreement of the recipient government to protect U.S. classified defense articles and technical data.
2. The Industrial Security Agreement is negotiated by the DoD as an annex to the GSA with those foreign governments with which DoD has entered into arrangements involving industry participation, such as the reciprocal procurement agreements. Other Federal Departments and Agencies also may be a party to this agreement. It includes provisions for information handling, security classification guidance, visits, and the exchange of security assurances, and it designates a responsible government agency to administer the agreement. Authority to negotiate the agreements and to negotiate amendments or approve exceptions to the provisions of these agreements rests with the Office of the Under Secretary of Defense (Policy). The Director, DIS, has been delegated authority to administer implementation of the provisions of this agreement.
I. SECURITY SURVEYS
1. The purpose of security surveys is to enable the NDPC to establish by on-site review whether a foreign government or international organization has the capability to protect CMI in a manner substantially the same as that protection provided to it by the United States as required by the AECA, E.O. 12356, and NSDM 119. They also permit the parties to exchange information on each others programs to ensure proper implementation of the security agreements as well as cooperative agreements and sales contracts. The review consists of discussions with responsible foreign officials, including foreign security personnel, concerning their procedures for protecting classified information. The views of U.S. Embassy personnel are also obtained.
2. The surveys concentrate on developing information on the foreign government security program (including the organizational, legal, and regulatory basis for the program) and procedures as well as any changes since the previous visit. The team evaluates the methods and procedures used by the government and industry in:
a. Personnel security, including clearance and investigations.
b. All aspects of document and information control, including the use of U.S. information, the flow of information from national level to user, and methods to protect the information and restrict access to properly cleared persons.
c. Physical security.
3. The security officials of the foreign country also conduct similar reviews of the U.S. security program.