[Federal Register: November 30, 2009 (Volume 74, Number 228)]
[Proposed Rules]
[Page 62531-62532]
=======================================================================
-----------------------------------------------------------------------
NATIONAL ARCHIVES AND RECORDS ADMINISTRATION
Information Security Oversight Office
32 CFR Part 2004
[NARA-09-0005]
RIN 3095-AB34
National Industrial Security Program Directive No. 1
AGENCY: Information Security Oversight Office, NARA.
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: The Information Security Oversight Office (ISOO), National
Archives and Records Administration (NARA), is proposing to amend
National Industrial Security Program Directive No. 1. This proposed
amendment to Directive No. 1 provides guidance to agencies on release
of certain classified information (referred to as ``proscribed
information'') to contractors that are owned or under the control of a
foreign interest and have had the foreign ownership or control
mitigated by an arrangement known as a Special Security Agreement.
Currently, there is no Federal standard across agencies on release of
proscribed information to this group. The proposed amendment will
provide standardization and consistency to the process across the
Federal Government, and will enable greater efficiency in determining
the release of the information as appropriate. This proposed amendment
also moves the definitions section to the beginning of the part for
easier use, and adds definitions for the terms ``Cognizant Security
Office,'' ``National Interest Determination,'' and ``Proscribed
Information,'' to accompany the new guidelines. Finally, this proposed
amendment makes a minor typographical change to the authority citation
to make it more accurate.
DATES: Submit comments on or before January 29, 2010.
ADDRESSES: NARA invites interested persons to submit comments on this
proposed rule. Please include ``Attn: 3095-AB34'' and your name and
mailing address in your comments. Comments may be submitted by any of
the following methods:
Federal eRulemaking Portal: Go to: http://
www.regulations.gov. Follow the instructions for submitting comments.
Fax: Submit comments by facsimile transmission to 301-837-
0319.
Mail: Send comments to Regulations Comments Desk (NPOL),
Room 4100, Policy and Planning Staff, National Archives and Records
Administration; Policy and Planning Office; Attn: Laura McCarthy, Room
4100, 8601 Adelphi Road, College Park, MD 20740.
Hand Delivery or Courier: Deliver comments to 8601 Adelphi
Road, College Park, MD.
FOR FURTHER INFORMATION CONTACT: William J. Bosanko, Director, ISOO, at
202-357-5250.
SUPPLEMENTARY INFORMATION: As of November 17, 1995, ISOO became a part
of NARA and subsequently published Part 2004, National Industrial
Program Directive No. 1, pursuant to section 102(b)(1) of E.O. 12829,
January 6, 1993 (58 FR 3479), as amended by E.O. 12885, December 14,
1993, (58 FR 65863). The Executive Order established a National
Industrial Security Program (NISP) to safeguard Federal Government
classified information released to contractors, licensees, and grantees
(collectively referred to here as ``contractors'') of the United States
Government. This amendment to Directive No. 1 proposes to add
guidelines on release of proscribed information to this category of
contractors.
ISOO maintains oversight over E.O. 12958, as amended, and policy
oversight over E.O. 12829, as amended, and issuing this proposed
amendment fulfills one of the ISOO Director's delegated
responsibilities under these Executive Orders. Nothing in Directive No.
1 or this proposed amendment shall be construed to supersede the
authority of the Secretary of Energy or the Nuclear Regulatory
Commission under the Atomic Energy Act of 1954, as amended (42 U.S.C.
2011, et seq.), or the authority of the Director of National
Intelligence under the National Security Act of 1947, as amended, E.O.
12333, December 8, 1981, and the Intelligence Reform and Terrorism
Prevention Act of 2004.
The interpretive guidance contained in this proposed amendment will
only assist agencies to implement E.O. 12829, as amended; users of
Directive No. 1 shall refer concurrently to the Executive Order for
guidance.
This proposed amendment is not a significant regulatory action for
the purposes of E.O. 12866. The proposed amendment is also not a major
rule as defined in 5 U.S.C. Chapter 8, Congressional Review of Agency
Rulemaking. As required by the Regulatory Flexibility Act, we certify
that the proposed amendment will not have a significant impact on a
substantial number of small entities because it applies only to Federal
agencies.
[[Page 62532]]
List of Subjects in 32 CFR Part 2004
Classified information.
For the reasons stated in the preamble, NARA proposes to amend
Title 32 of the Code of Federal Regulations, Part 2004, as follows:
PART 2004--NATIONAL INDUSTRIAL SECURITY PROGRAM DIRECTIVE NO. 1
1. Revise the authority citation for part 2004 to read as follows:
Authority: Executive Order 12829, January 6, 1993, 58 FR 3479,
as amended by Executive Order 12885, December 14, 1993, 58 FR 65863.
2. Amend Sec. 2004.22 by adding new paragraph (c) to read as
follows:
Sec. 2004.22 Operational Responsibilities [202(a)]
* * * * *
(c) National Interest Determinations (NIDs). Executive branch
departments and agencies shall make a National Interest Determination
(NID) before authorizing contractors, cleared or in process for
clearance under a Special Security Agreement (SSA), to have access to
proscribed information. To make a NID, the agency shall assess whether
release of the proscribed information is consistent with the national
security interests of the United States.
(1) The requirement for a NID applies to new contracts, including
pre-contract activities in which access to proscribed information is
required, and to existing contracts when contractors are acquired by
foreign interests and an SSA is the proposed foreign ownership,
control, or influence mitigation method.
(i) If access to proscribed information is required to complete
pre-contract award actions or to perform on a new contract, the
Government Contracting Activity (GCA) shall determine if release of the
information is consistent with national security interests.
(ii) For contractors that have existing contracts that require
access to proscribed information, have been or are in the process of
being acquired by foreign interests, and have proposed an SSA to
mitigate foreign ownership, the Cognizant Security Office (CSO) shall
notify the GCA of the need for a NID.
(iii) The GCA(s) shall determine, ordinarily within 30 days, per
Sec. 2004.22(c)(4)(i), or 60 days, per Sec. 2004.22(c)(4)(ii),
whether release of the proscribed information is consistent with
national security interests.
(2) In accordance with 10 U.S.C. 2536, DoD and the Department of
Energy (DOE) cannot award a contract involving access to proscribed
information to a contractor effectively owned or controlled by a
foreign government unless a waiver has been issued by the Secretary of
Defense or Secretary of Energy.
(3) NIDs may be program-, project-, or contract-specific. For
program and project NIDs, a separate NID is not required for each
contract. The CSO may require the GCA to identify all contracts covered
by the NID. NID decisions shall be made by officials as specified by
CSA policy or as designated by the agency head.
(4) NID decisions shall ordinarily be made within 30 days.
(i) Where no interagency coordination is required because the
department or agency owns or controls all of the proscribed information
in question, the GCA shall provide a final documented decision to the
applicable CSO, with a copy to the contractor, ordinarily within 30
days of the date of the request for the NID.
(ii) If the proscribed information is owned by, or under the
control of, a department or agency other than the GCA (e.g., National
Security Agency (NSA) for Communications Security, the Office of the
Director of National Intelligence (ODNI) for Sensitive Compartmented
Information, and DOE for Restricted Data), the GCA shall provide
written notice to that department or agency that its written
concurrence is required. Such notice shall be provided within 30 days
of being informed by the CSO of the requirement for a NID. The GCA
shall ordinarily provide a final documented decision to the applicable
CSO, with a copy to the contractor, within 60 days of the date of the
request for the NID.
(iii) If the NID decision is not provided within 30 days, per Sec.
2004.22(c)(4)(i), or 60 days, per Sec. 2004.22(c)(4)(ii), the CSA
shall intercede to request the GCA to provide a decision. In such
instances, the CSO will provide the contractor with updates at 30-day
intervals until the NID decision is made.
(5) The CSO shall not delay implementation of an SSA pending
completion of a GCA's NID processing, provided there is no indication
that a NID will be denied either by the GCA or the owner of the
information (i.e., NSA, DOE, or ODNI). However, the contractor shall
not have access to additional proscribed information under a new
contract until the GCA determines that the release of the information
is consistent with national security interests and issues a NID.
(6) The CSO shall not upgrade an existing contractor clearance
under an SSA to Top Secret unless an approved NID covering the
prospective Top Secret access has been issued.
Sec. 2004.24 [Redesignated as Sec. 2004.5]
3. Redesignate Sec. 2004.24 as Sec. 2004.5, and transfer newly
designated Sec. 2004.5 from subpart B to subpart A.
4. In newly designated Sec. 2004.5, redesignate paragraph (b) as
paragraph (c), and add new paragraphs (b), (d), and (e), to read as
follows:
Sec. 2004.5 Definitions.
* * * * *
(b) ``Cognizant Security Office (CSO)'' means the organizational
entity delegated by the Head of a CSA to administer industrial security
on behalf of the CSA.
* * * * *
(d) ``National Interest Determination (NID)'' means a determination
that access to proscribed information is consistent with the national
security interests of the United States.
(e) ``Proscribed information'' means Top Secret; Communications
Security, except classified keys used for data transfer; Restricted
Data; Special Access Program; or Sensitive Compartmented Information.
Dated: November 23, 2009.
William J. Bosanko,
Director, Information Security Oversight Office.
David S. Ferriero,
Archivist of the United States.
[FR Doc. E9-28517 Filed 11-27-09; 8:45 am]
BILLING CODE 7515-01-P
