[Federal Register: November 30, 2009 (Volume 74, Number 228)] [Proposed Rules] [Page 62531-62532] ======================================================================= ----------------------------------------------------------------------- NATIONAL ARCHIVES AND RECORDS ADMINISTRATION Information Security Oversight Office 32 CFR Part 2004 [NARA-09-0005] RIN 3095-AB34 National Industrial Security Program Directive No. 1 AGENCY: Information Security Oversight Office, NARA. ACTION: Proposed rule. ----------------------------------------------------------------------- SUMMARY: The Information Security Oversight Office (ISOO), National Archives and Records Administration (NARA), is proposing to amend National Industrial Security Program Directive No. 1. This proposed amendment to Directive No. 1 provides guidance to agencies on release of certain classified information (referred to as ``proscribed information'') to contractors that are owned or under the control of a foreign interest and have had the foreign ownership or control mitigated by an arrangement known as a Special Security Agreement. Currently, there is no Federal standard across agencies on release of proscribed information to this group. The proposed amendment will provide standardization and consistency to the process across the Federal Government, and will enable greater efficiency in determining the release of the information as appropriate. This proposed amendment also moves the definitions section to the beginning of the part for easier use, and adds definitions for the terms ``Cognizant Security Office,'' ``National Interest Determination,'' and ``Proscribed Information,'' to accompany the new guidelines. Finally, this proposed amendment makes a minor typographical change to the authority citation to make it more accurate. DATES: Submit comments on or before January 29, 2010. ADDRESSES: NARA invites interested persons to submit comments on this proposed rule. Please include ``Attn: 3095-AB34'' and your name and mailing address in your comments. Comments may be submitted by any of the following methods: Federal eRulemaking Portal: Go to: http:// www.regulations.gov. Follow the instructions for submitting comments. Fax: Submit comments by facsimile transmission to 301-837- 0319. Mail: Send comments to Regulations Comments Desk (NPOL), Room 4100, Policy and Planning Staff, National Archives and Records Administration; Policy and Planning Office; Attn: Laura McCarthy, Room 4100, 8601 Adelphi Road, College Park, MD 20740. Hand Delivery or Courier: Deliver comments to 8601 Adelphi Road, College Park, MD. FOR FURTHER INFORMATION CONTACT: William J. Bosanko, Director, ISOO, at 202-357-5250. SUPPLEMENTARY INFORMATION: As of November 17, 1995, ISOO became a part of NARA and subsequently published Part 2004, National Industrial Program Directive No. 1, pursuant to section 102(b)(1) of E.O. 12829, January 6, 1993 (58 FR 3479), as amended by E.O. 12885, December 14, 1993, (58 FR 65863). The Executive Order established a National Industrial Security Program (NISP) to safeguard Federal Government classified information released to contractors, licensees, and grantees (collectively referred to here as ``contractors'') of the United States Government. This amendment to Directive No. 1 proposes to add guidelines on release of proscribed information to this category of contractors. ISOO maintains oversight over E.O. 12958, as amended, and policy oversight over E.O. 12829, as amended, and issuing this proposed amendment fulfills one of the ISOO Director's delegated responsibilities under these Executive Orders. Nothing in Directive No. 1 or this proposed amendment shall be construed to supersede the authority of the Secretary of Energy or the Nuclear Regulatory Commission under the Atomic Energy Act of 1954, as amended (42 U.S.C. 2011, et seq.), or the authority of the Director of National Intelligence under the National Security Act of 1947, as amended, E.O. 12333, December 8, 1981, and the Intelligence Reform and Terrorism Prevention Act of 2004. The interpretive guidance contained in this proposed amendment will only assist agencies to implement E.O. 12829, as amended; users of Directive No. 1 shall refer concurrently to the Executive Order for guidance. This proposed amendment is not a significant regulatory action for the purposes of E.O. 12866. The proposed amendment is also not a major rule as defined in 5 U.S.C. Chapter 8, Congressional Review of Agency Rulemaking. As required by the Regulatory Flexibility Act, we certify that the proposed amendment will not have a significant impact on a substantial number of small entities because it applies only to Federal agencies. [[Page 62532]] List of Subjects in 32 CFR Part 2004 Classified information. For the reasons stated in the preamble, NARA proposes to amend Title 32 of the Code of Federal Regulations, Part 2004, as follows: PART 2004--NATIONAL INDUSTRIAL SECURITY PROGRAM DIRECTIVE NO. 1 1. Revise the authority citation for part 2004 to read as follows: Authority: Executive Order 12829, January 6, 1993, 58 FR 3479, as amended by Executive Order 12885, December 14, 1993, 58 FR 65863. 2. Amend Sec. 2004.22 by adding new paragraph (c) to read as follows: Sec. 2004.22 Operational Responsibilities [202(a)] * * * * * (c) National Interest Determinations (NIDs). Executive branch departments and agencies shall make a National Interest Determination (NID) before authorizing contractors, cleared or in process for clearance under a Special Security Agreement (SSA), to have access to proscribed information. To make a NID, the agency shall assess whether release of the proscribed information is consistent with the national security interests of the United States. (1) The requirement for a NID applies to new contracts, including pre-contract activities in which access to proscribed information is required, and to existing contracts when contractors are acquired by foreign interests and an SSA is the proposed foreign ownership, control, or influence mitigation method. (i) If access to proscribed information is required to complete pre-contract award actions or to perform on a new contract, the Government Contracting Activity (GCA) shall determine if release of the information is consistent with national security interests. (ii) For contractors that have existing contracts that require access to proscribed information, have been or are in the process of being acquired by foreign interests, and have proposed an SSA to mitigate foreign ownership, the Cognizant Security Office (CSO) shall notify the GCA of the need for a NID. (iii) The GCA(s) shall determine, ordinarily within 30 days, per Sec. 2004.22(c)(4)(i), or 60 days, per Sec. 2004.22(c)(4)(ii), whether release of the proscribed information is consistent with national security interests. (2) In accordance with 10 U.S.C. 2536, DoD and the Department of Energy (DOE) cannot award a contract involving access to proscribed information to a contractor effectively owned or controlled by a foreign government unless a waiver has been issued by the Secretary of Defense or Secretary of Energy. (3) NIDs may be program-, project-, or contract-specific. For program and project NIDs, a separate NID is not required for each contract. The CSO may require the GCA to identify all contracts covered by the NID. NID decisions shall be made by officials as specified by CSA policy or as designated by the agency head. (4) NID decisions shall ordinarily be made within 30 days. (i) Where no interagency coordination is required because the department or agency owns or controls all of the proscribed information in question, the GCA shall provide a final documented decision to the applicable CSO, with a copy to the contractor, ordinarily within 30 days of the date of the request for the NID. (ii) If the proscribed information is owned by, or under the control of, a department or agency other than the GCA (e.g., National Security Agency (NSA) for Communications Security, the Office of the Director of National Intelligence (ODNI) for Sensitive Compartmented Information, and DOE for Restricted Data), the GCA shall provide written notice to that department or agency that its written concurrence is required. Such notice shall be provided within 30 days of being informed by the CSO of the requirement for a NID. The GCA shall ordinarily provide a final documented decision to the applicable CSO, with a copy to the contractor, within 60 days of the date of the request for the NID. (iii) If the NID decision is not provided within 30 days, per Sec. 2004.22(c)(4)(i), or 60 days, per Sec. 2004.22(c)(4)(ii), the CSA shall intercede to request the GCA to provide a decision. In such instances, the CSO will provide the contractor with updates at 30-day intervals until the NID decision is made. (5) The CSO shall not delay implementation of an SSA pending completion of a GCA's NID processing, provided there is no indication that a NID will be denied either by the GCA or the owner of the information (i.e., NSA, DOE, or ODNI). However, the contractor shall not have access to additional proscribed information under a new contract until the GCA determines that the release of the information is consistent with national security interests and issues a NID. (6) The CSO shall not upgrade an existing contractor clearance under an SSA to Top Secret unless an approved NID covering the prospective Top Secret access has been issued. Sec. 2004.24 [Redesignated as Sec. 2004.5] 3. Redesignate Sec. 2004.24 as Sec. 2004.5, and transfer newly designated Sec. 2004.5 from subpart B to subpart A. 4. In newly designated Sec. 2004.5, redesignate paragraph (b) as paragraph (c), and add new paragraphs (b), (d), and (e), to read as follows: Sec. 2004.5 Definitions. * * * * * (b) ``Cognizant Security Office (CSO)'' means the organizational entity delegated by the Head of a CSA to administer industrial security on behalf of the CSA. * * * * * (d) ``National Interest Determination (NID)'' means a determination that access to proscribed information is consistent with the national security interests of the United States. (e) ``Proscribed information'' means Top Secret; Communications Security, except classified keys used for data transfer; Restricted Data; Special Access Program; or Sensitive Compartmented Information. Dated: November 23, 2009. William J. Bosanko, Director, Information Security Oversight Office. David S. Ferriero, Archivist of the United States. [FR Doc. E9-28517 Filed 11-27-09; 8:45 am] BILLING CODE 7515-01-P