When all of the groups have finished their
reviews and initial drafts of their topical
areas, the drafts will be combined and reviewed
by an implementation focused "red team."
A review of the approach DOE uses for safeguards and security planning,
which began in late 2007, delayed the final draft and review of the by the "red team".
It is anticipated that the new planning document will be accepted in early July
and work on the Manual will resume in mid-summer.
Q: Several DOE 470.4 series Manuals
use the term "Departmental element."
What does that term mean?
A: The term "Departmental Element" is a common-use
term from the DOE directives system. DOE M 251.1-1B, Departmental
Directives Program Manual defines Departmental Element:
"First-tier organizations reporting directly to the
Secretary, Deputy Secretary, or Under Secretaries. The
National Nuclear Security Administration is a Departmental
element. First-tier organizations at Headquarters include
the Secretary, Deputy Secretary, Under Secretaries, and
Secretarial Officers (Assistant Secretaries and staff
Office Directors). First-tier organizations include managers
of the field offices and Administrators of the Power Marketing
Administrations." The latest list of Departmental
Elements can be found at: http://www.directives.doe.gov/pdfs/reftools/org-list.pdf.
Q: Are there any resources available
within DOE for people involved in developing
and managing a security awareness program
as required in DOE M 470.4-1?
A: Yes. The National Training Center (NTC) offers a four and
one-half day introductory course, Safeguards and Security
Awareness Coordinators' Training, for individuals
who are involved in developing, implementing, and maintaining
security awareness programs. More information on the course
is available on the NTC website at http://www.ntc.doe.gov/docs/NTCCourseCatalog_Final.pdf.
The Security Awareness Special Interest Group (SASIG)
is an active networking group of Federal and contractor
personnel involved with safeguards and security awareness
programs. The members of SASIG work to promote safeguards
and security awareness within the DOE, assist sites and
facilities in carrying out the security awareness program
requirements and share security awareness resources. Membership
is open to anyone with a work-related interest in promoting
security awareness, and there is no membership fee. More
information about SASIG, including how to join the group,
is available on the SASIG website at http://www.orau.gov/sasig/.
Q: What is expected of an organization
which assumes security cognizance for another
site? Are there specific duties and services
that the organization with security cognizance
has to provide?
A: An organization which is listed as the cognizant security
authority for another location is expected to be able
to perform specific security functions on behalf of the
client location. Those security duties and services include
but may not be limited to surveys to determine security
requirements, review and storage of safeguards and security
plans and other documents, oversight activities, FOCI
considerations, registration of a facility clearance,
personnel security clearance activities, and SSIMS entries.
In accordance with DOE M 470.4-1 and the requirements
of the NISPOM, the security authority must possess a facility
security clearance at the same level or higher as an office
over which it exercises responsibility. This means that
the cognizant security organization must be surveyed and
registered in SSIMS, and must set up a limited area and
classified processing capabilities. The organization must
meet the requirements and be capable of undertaking the
security activities itself; there is no provision for
establishing a Memorandum of Agreement or other vehicle
as a "paper" designation to allow the security
activities to be performed by another organization on
behalf of the organization with security cognizance.
Q: Some forms that DOE uses in connection
with various activities (such as the Visit
Request form and the Security Acknowledgement
and Termination Statements) are really outdated.
Are there any plans to revise these forms
and bring them up to date?
A: As the zero-based policy review proceeds, some review of
the forms used in connection with specific activities
is being conducted. The Security Acknowledgment and Terminations
Statements, which are used primarily in connection with
the DOE personnel security program but which also have
security awareness applications, are currently being revised
to reflect changes to the DOE personnel security program
(new drug testing requirements, revised personnel security
and foreign travel reporting requirements), and to reflect
current requirements pertaining to prepublication review
of materials prepared by individuals who hold or previously
held a DOE security clearance. Since questions have been
raised concerning the Visit Request form, used in the
classified visits program, we will review this form and
update it as necessary. Questions pertaining to other
forms which are referenced in the security directives
may be addressed to HS-71.
Q: I have a question regarding the Outside
Director (OD) for a company under a Security
Control Agreement. Can the OD do consultant
work for one of the foreign owners after
he has been approved by the Office of Security?
DOE M 470.4-1 Part 2, Section H, Chapter
IV, FOCI Mitigation Action Plans, 3.,c.,(2)
Security Control Agreement, (b) 1: "Appointment
of one or more outside directors who must
meet the eligibility requirements set forth
in paragraph 3.b(1)(b), above. This reference
reads: "Be completely disinterested
individuals with no prior involvement with
the cleared U. S. organization, its foreign-owned
tier parent(s), or any of its foreign-owned
affiliate(s). This reference, as stated,
applies to "before" approval,
but, what about after approval? Is this
a conflict of interest? We have been told
that one of our ODs has been doing consulting
work for one of the parents in his company.
A: Based on the situation you've described, it appears there
may be a conflict of interest here. As you have stated
above, the Manual requires that when setting up the Security
Control Agreement one of the stipulations for the Outside
Director (OD) is that he/she must, "Be completely
disinterested individuals with no prior involvement with
the cleared U.S. organization, its foreign-owned tier
parent(s), or any of its foreign-owned affiliate(s)."
If the OD is getting paid to do work for a foreign parent,
he/she is no longer a "completely disinterested individual."
I think the term completely disinterested is the key to
the requirement. "No prior involvement" is one
characteristic of being completely disinterested. However,
I don't believe it is the sole characteristic. The key
to being disinterested is that the person must be unbiased
by personal interest. If the OD is hired by the foreign
parent, he/she is no longer disinterested.
Q: What is meant by the term
cognizant security authority used in the
DOE 470.4 series? Can this authority be
further delegated? Does this need to be
a formal appointment?
A: As used in the Manuals in this series, the term
Cognizant security authority refers to DOE and NNSA Federal
and contractor employees who have been granted the authority
to commit security resources or direct the allocation
of security personnel or approve security implementation
plans and procedures in the accomplishment of specific
work activities. "DOE cognizant security authority"
is used when intended to apply specifically to a Federal
authority. When specifically requiring a contractor to
fulfill the role, the phrase "contractor cognizant
security authority" is used, and when neither DOE
nor contractor is specified, the authority may be assigned
to either. Further delegation is typically acceptable
by definition (Federal/Contractor constraints maintained)
since DOE and contractor line management designate their
cognizant security authorities. Any exceptions to this
will be specified in the corresponding sections of the
manuals. Likewise formal appointment is not required,
although delegations of authority must be documented in
the appropriate safeguards and security management plan.
Whether the cognizant security authority role can be delegated
or requires formal appointment for any particular action
is determined on a Program/site-specific basis according
to applicable contracts, directives, and/or security plans.
Under DOE O 470.4A, the Under Secretary for Science, the
Under Secretary for Energy, and the Associate Administrator
for Defense Nuclear Security are designated as the DOE
cognizant security authorities for their organizations
and may delegate this authority as necessary to carry
out the associated responsibilities.
Q: Why does the Office of Security Policy
(HS-70), Office of Health, Safety and Security,
need a copy of our approved S&S deviations?
A: HS-70 is responsible for establishing
the requirements and responsibilities found
in S&S directives, including the requirements
for the deviations process. HS-70 must be
aware of deviations from these provisions
for the following reasons: 1) to assure
that the deviations process is being implemented
correctly; e.g., that a deviation is not
labeled a "variance" because of
its easier requirements, when, in fact,
it is a waiver or an exception; 2) to assure
that the provision is one from which a deviation
is allowed; e.g., that it is not a statutory,
regulatory, Executive order, or Presidential
directive requirement from which no deviation
is allowed without further process; and
3) to evaluate the portion of the directive
from which a deviation is requested to determine
if the directive needs to be revised or
Q: Former policy addressed recurring
classified visits by local FBI personnel;
however, current policy does not. Why was
this language removed? Can we establish
local procedures to allow such recurring
A: Current policy for the Classified Visits
provisions is found in DOE M 470.4-1,
Section L. Under this section "continuing
visitor access approval" is now required
when it is known that an individual's classified
visits will be frequent. DOE M 470.4-1,
Section L, paragraph 2.a.(3) reads: "Line
management must establish local procedures
for the control of classified visits. Procedures
must ensure... (3) Continuing visitor access
approval is necessary for individuals who
frequently visit DOE facilities. However,
the locally approved access approval cannot
exceed a period of 1 year or the final day
of a contract, whichever is less. The approval
may be renewed annually (at least every
12 months)." This provision would apply to recurring visits by local FBI personnel.
Q: Can local implementation be more
restrictive than DOE S&S policy?
A: The S&S directives establish
the minimum requirements. Local implementation
may be more restrictive, but any action
beyond what is required may have to be justified
by a cost/benefit analysis to satisfy financial
Q: Can a DOE Site/Office receive a
deviation from an Executive Order or a regulation?
A: If there is a process for deviating
from the requirements of a higher directive,
that process must be followed. The deviations
process in DOE M 470.4-1 covers only deviations
from a DOE S&S policy requirement. When
the S&S requirement is also an Executive
or regulatory requirement from which a deviation
is not authorized, the DOE M 470.4-1 process
can be used in a limited manner only. A
deviation may be considered from a DOE-originated
requirement that is intended to implement
a general requirement of a national-level
directive, so long as the modified implementation
achieves the full implementation of the
national-level requirement. A deviation
from an Executive or regulatory requirement
can only be considered under the specific
processes, if any, included in the Executive
or regulatory language
Q. When the Office of Health, Safety
and Security was established, the Office
of Security no longer existed organizationally.
Who should I contact to complete actions
required in the DOE 470.4 directive series
since there is no longer a position identified
as the Director of Security?
A: The Office of Security Directors'
responsibilities, with the establishment
of the Office of Health, Safety and Security,
fall under the Chief Health, Safety and
Security Officer, Glenn S. Podonsky and
the Deputy Chief for Operations, Michael
Q: If there is a change in policy, will
official documentation be sent through the
proper channels and forwarded to all NNSA
and DOE sites?
A: Any changes to DOE S&S policy
will be made through the DOE Directives
System, which is established by DOE P 251.1A,
Departmental Directives Program Policy,
DOE O 251.1, Departmental Directives Program,
and DOE M 251.1-1B, Departmental Directives
Program Manual. Notifications can be received
when actions are taken on DOE directives
of interest by signing up for E-Mail Notification
in the middle of the Directives Home Page.
The web address is http://directives.doe.gov/alertmain.html.
You may also want to let your Directives
Point of Contact (DPC) know of your interest
in particular directives. The DPC list is
found on the Directives Home Page under
"References" (bottom of the left
side). The web address is http://www.directives.doe.gov/pdfs/doegeninfo/final/dpclist.pdf.
NNSA has statutory authority to establish
NNSA-specific policy (including changes
to DOE policy), unless disapproved by the
Secretary. If you have questions concerning
the process for changes in policy by NNSA,
you may wish to contact NNSA. NNSA Policy
Letter (NAP)-1 describes the process, and
it is available on the NNSA website http://hq.na.gov/default.aspx?L=ITEM&ITEM=2375&CA=30&OT=86&PI=2317.
Q: On December 3, 2007, the DOE Chief Health, Safety
and Security Officer signed out a memorandum establishing
policy panels to increase feedback from the implementers
of DOE policy. How will the PPM policy panel be organized?
A: The PPM panel will be a new policy panel, as
there has not been a quality panel in this topical area.
Because so many possible topics fall under the broad topic
of "program planning and management" (safeguards and security
planning, surveys and assessments, facility clearances
and FOCI, awareness and training, etc.), it will probably
be necessary to organize sub-panels or interest groups
within the larger panel. One organization which may serve
as a model is the existing Security Awareness Special
Interest Group (SASIG). The steering committee for that
group also serves as the quality panel for security awareness,
and it is planned that this group will continue to fill
its traditional policy assistance role. HS-70 will provide
additional information as we continue to develop this
new topical policy panel.
Q: The terms "critical system element" and "essential
element" are used in many contexts in DOE M 470.4-1, Safeguards
and Security Program Planning and Management. When
these terms are used in the context of vulnerability analyses
and performance assurance program evaluations, what is
the difference between them, or are they interchangeable?
A: The connection between planning and the performance
assurance program is important to understand. As we plan,
we have the opportunity to identify protection system
elements that are of greatest importance to the overall
success of the site/facility protection system. If additional
testing of these elements, beyond that required for topical
compliance, would provide additional assurance that these
elements will perform as expected, these additional tests
are incorporated into a formal Performance Assurance Program
Plan. The terms "critical system element" and "essential
element" used in DOE Manual 470.4-1 Chg. 1, Safeguards
and Security Protection Program Planning and Management,
to establish requirements governing this process are broadly
synonymous. HSS believes that, to eliminate confusion,
it is acceptable to use a single term, "critical element,"
when discussing system elements identified during vulnerability
analyses that are then required to be tested under the
performance assurance program. The use of this term will
be incorporated into the re-write of DOE M-470.4-1 to
replace the two existing terms.
Q: There are all kinds of testing of security system
elements required to meet compliance requirements under
Protective Force, physical protection, and other programs.
Isn't the testing required by the Performance Assurance
Program (PAP) redundant?
A: The PAP has been established specifically to
provide for additional testing above compliance-level
requirements. The purpose of testing done under the PAP
is to demonstrate effective performance of protection
measures that have been determined to fall into the category
of "critical elements" as described above. Tests conducted
under the PAP are intended to ensure that all identified
essential elements are performing as represented in safeguards
and security plans and in any supporting analyses for
those plans. The intent is to demonstrate that the elements
identified as "critical elements", separately and together,
do in fact provide the required levels of performance.
Q: Why should DOE field activities be required to
conduct comprehensive periodic surveys of their security
activities and those of their contractors, if they and
their contractors are already subject to testing, special
surveys, self-assessments of specific activities, and
reviews or inspections by other DOE elements?
A: The periodic survey provides an opportunity
for local DOE management to form a comprehensive view
of a site's entire security posture and to understand
the mutual dependencies among the various components of
its protection program. The survey is designed to identify
areas of redundancy which will allow better use of resources,
identify conflicts between components that may lead to
weaknesses not readily apparent when only one of the components
is considered, and identify areas in which correction
of identified problems in one component creates unexpected
performance issues in another component. While reports
of special inspections and reviews may be useful in developing
the comprehensive periodic survey and evaluating the survey
results, taken individually they do not provide the "big
picture" overview of a site's security posture which allows
identification of a program's overall strengths and weaknesses
and produces results which can correct and improve the
program as a whole. Even when "continuous" or "rolling"
special surveys are conducted to spread the survey activity
more uniformly over a survey period, a comprehensive review
and analysis of these "point-in-time" data points should
be made to complete each required survey period to provide
a truly integrated review of site protection.
Q: In processing a request for a facility clearance
(FCL), must personnel security clearances be in place
for company officials designated as key management personnel
(KMPs) before the FCL is granted?
A: Certain company officials must be in process
or possess active security clearances in order for a company
to be eligible for an FCL involving classified information
or matter or special nuclear material (SNM). These company
officials include the owners, officers, directors, partners,
regents, trustees, or executive personnel (i.e., those
individuals considered to be KMPs.) The clearances held
by these individuals may be pre-existing from another
classified contract, or the individuals may be submitted
for security clearances concurrently with the processing
of the FCL.
Return to Top of Page
Q: If an error is made while dialing the X-07 combination lock and it will not power up, is it broken?
A: Not necessarily. After 10 successive failed attempts on the X-07, the LCD will blank out. Wait a few minutes for the unit to power down and try again.
Q: What does a lighting bolt on the LCD of an X-07, X-08, or X-09 lock mean?
A: A lighting bolt is caused by any of the following improper techniques:
Entering the combination too quickly (in less than 10 or 15 seconds).
Turning the dial more than 1-1/3 revolutions without pausing at least ¼ second.
Reversing the dialing direction without pausing at least ¼ second.
Entering an incorrect combination.
Q: I am having a problem with my X-09 lock. I correctly entered the combination and turned the dial to the right and the "OP" is displayed on the LCD. However, continued dialing to the right indefinitely does not open/unlock the lock. What could be the problem and what can I do about it?
A: The "OP" display means you have entered the correct combination. Remember to turn the dial with full wrist turns. This will keep the lock fully powered. The problem may be that the combo motor is an early version, which should be replaced. Try varying the speed of dialing after achieving the "OP" display. Dialing either more rapidly or more slowly will often retract the bolt.
Q: Are Level III locks/keys (DOE M 470.4-2 C1, Physical Protection) required for doors to offices/areas that contain a GSA-approved security container(s) that store classified matter?
A: No. An additional level of locking protection is not needed if the classified matter is stored in a GSA approved security container and the office/area is within a Limited Area or higher.
Q: What is the date upon which the requirements, described in Appendix C, DOE M 470.4-2-2 Chg1, Safeguards and Security Alarm Management and Control Systems (SAMACS), must be implemented?
A: The appendix applies to all new physical protection systems installed or made operational after January 1, 2008, that protect Category I and II quantities of SNM.
Q: Has Underwriter's Laboratory (UL) revised the balanced magnetic switch (BMS) standard, UL 634, Connectors and Switches for Use with Burglar-Alarm Systems, to establish a Level 2 standard to define more stringent requirements?
A: Yes. The requirement evolved from requests from certain government departments and agencies for an improved version for high security applications but existing BMS will not necessarily have to be replaced. It depends on the results of a vulnerability analysis and the existing and/or offsetting security measures to mitigate the vulnerability. If the asset is located in an area where there are no other protection measures present, then the Level 2 BMS would be appropriate. The BMS is manufactured by a single source and costs considerably more than prior generation BMSs, so a judicious approach should be taken before making an arbitrary decision to replace existing high security BMSs.
Q: Is the Secondary Alarm Station (SAS) to be fully redundant to the Central Alarm Station (CAS)?
A: No. However, without advance notice, it must be capable of assuming the command and control functions should the CAS become unable to fulfill its security monitoring and control role. The SAS does not have to receive all of the alarms and perform complete assessment of the intrusion detection alarm zones/devices. It must be capable of providing command and control of site response forces and provide security status reports to the facility's Emergency Command Post/Operations Center. The CAS and SAS requirements relate to the protection of Category I and II SNM and other high consequence assets.
Q: What is a SF-700?
A: The first part of this two-part form contains information on the
responsible organization, container, type of lock, and names,
addresses, and telephone numbers of employees who are to be
contacted if the container is found open and unattended. This
portion is attached to the inside of the control drawer or
vault door. The second part (comprised of Parts 2 and 2A)
is a sealed combination record that is turned over to the
designated person responsible for the central storage of the
SF-700 forms. Parts 2 and 2A of each completed SF-700 must
be classified and marked front and back with the highest classification
level (and category, if RD or FRD) of information authorized
for storage in the security container. These parts are to
be stored in a different security container that only permits
access to individuals who possess the same security clearance,
any required formal access approval, and need to know for
all of the information that may be protected by the enclosed
Q: Why do I need to use SF-700?
A: Title 32, Code of Federal Regulations requires that the SF-700 be
used in all situations that call for the use of a security
container information form. Aside from being required by DOE
policy, there is always a possibility with any combination
lock that the combination could be lost or forgotten. If this
ever happens, you can easily recover the combination if you
have a SF-700 on file. Having this combination record readily
available may save you the cost of forcibly opening the container
and having to spend money to protect the classified information
while the container is being repaired.
Q: Must I install high-security padlocks on gates providing access to public and property protection areas?
A: No, high security padlocks are not required;
but, DOE M 470.4-2, provides security criteria for Level
III security locks and keys that are required for use
on gates in fences, cargo containers, and storage areas
for the protection of Government property.
Q: Where can I find information about the Levels of federally approved locks and keys?
A: Federal specifications, appropriate for high
security locks and keys securing public and property protection
areas, are available at the Department of Defense Lock
Program Technical Support organization. They provide information
to DOE on security hardware and are available by accessing
their web site at https://portal.navfac.navy.mil/go/locks
or by calling (800) 290-7607 or (805) 982-1212.
Q: Is there an inventory requirement
for Level IV locks and keys?
A: No. There are no DOE requirements to inventory
Level IV locks and keys. However, a locally developed
procedure addressing the issue, turn-in, loss, compromise,
and control of Level IV locks and keys is a sound business
Q: I know that there is a new badge
being issued - when can I expect to receive
my new badge and how long will my current
DOE badge remain effective?
A: DOE and DOE contractor employees possessing
a DOE badge will be contacted when the identity verification
processing is completed. This will be followed by the
turn-in of the current badge in exchange for the new DOE
badge. The current DOE badge will remain active until
the new badge is issued.
Q: What are the national drivers for
the posting of trespassing signs at DOE
facilities, installations, and real property
as prescribed by DOE M 470.4-2?
A: Section 229 of the Atomic Energy Act of 1954
(42 U.S.C. 2278a) as implemented by 10 CFR 860-Trespassing
on Department of Energy Property provides details for
posting the regulations and penalties. Those DOE activities
located on property under the charge and control of the
General Services Administration, 41 CFR 101-20.3, Conduct
on Federal Property, and 41 CFR 102- 81, Security, provide
the guidance on the rules and regulations involving the
property. Chapter XIV, Posting Notices, DOE M 470.4-2,
describes the requirements for the Posting of property
owned by or contracted to the United States for DOE.
Q: Does the DOE-approved combination
lock on my vault door require modification
to permit one-handed operation for egress
in the event of an emergency?
A: No. If the lock meets the requirement
for installation on vault and vault-type-room
(VTR) doors, it does not require modification.
The approved lock has a built-in safety
release which must be engaged upon opening
the lock. It automatically releases the
latch when the door is opened. Thus, there
is no modification required to the existing
lock. Before someone is allowed to work
in a vault, he/she should be instructed
in the operating procedures, including the
opening, closing, and alarm shunting/activating,
the notification procedures when the alarm
is shunted/activated upon arriving/departing
the vault/VTR, and the response procedures
Q: What's DOE policy concerning leaving
a badge in a vehicle? Could I leave it in my car, so I don't forget and leave
it at home because it will always be in
my vehicle when I return to work.
A: Paragraph 3.e of Chapter XV,
DOE M 470.4-2, requires each badge-holder
to protect "the security badge against
loss, theft, or misuse" and to report
"a lost, stolen, or misused badge to
the cognizant security authority within
24 hours of discovery." It is a poor
security practice to leave a DOE badge in
your vehicle. DOE badges should be protected
the same as you would protect/secure cash,
check book or credit card. Under isolated,
unavoidable circumstances, leaving the badge
in your locked vehicle, out of sight may
be necessary, but any available means must
be employed to eliminate unauthorized access
to the badge (e.g. placed in a glove box,
kept out of sight, car parked in an access-controlled
Q: While on official travel, hotel personnel
ask to make a copy of my DOE badge (in addition
to my official orders) to verify my DOE
status in order to receive the official
government rate. Should I allow them to
make a copy of my DOE badge?
A: No. Your DOE travel orders, your
Government credit card, and when asked,
showing your DOE badge, are sufficient to
validate the individual's status as a person
on official government travel. Title 18
U.S. Code, Section 701, prohibits the photography,
engraving, printing, or impression in the
likeness of any such badge, identification
card, or any colorable imitation. Violations
of this Code may result in a fine or imprisonment
Q: On December 3, 2007, the DOE Chief Health, Safety
and Security Officer signed out a memorandum establishing
policy panels to increase feedback from the implementers
of DOE policy. How will the Physical Protection policy
panel be organized?
A: At this point, we are looking to use the organization
structure previously utilized on physical protection quality
panels but modified through the experience we have had
in performing the zero-based policy review and it's resultant
re-write of DOE M 470.4-2. This may be modified further
as we do not plan to have the number of individual policy
panels as we did quality panels and we will not be able
to have as many face-to-face meetings. We will attempt
to leverage current technology, such as video conferencing,
to have meaningful panels without the resource drain resulting
from many face-to face meetings requiring large numbers
of people to travel. As this is in the early "conceptual"
stage future updates will be available upon request.
Q: What is the most significant change in the draft
DOE M 470.4-2?
A: The most significant change is that the manual
has been reorganized into what are being referred to as
"tiers". The attempt is to have all the physical protection
requirements that apply to everyone in DOE/NNSA appear
in the first tier. Sites that do not have classified documents,
classified matter, or SNM would only have to apply relevant
requirements in this tier, and would not need to delve
deeper into the document. The next tier would include
all those requirements that apply to sites that have classified
matter and no more than CAT III SNM. These requirements,
as well as those for the first tier, would be what security
personnel at those sites would be required to implement.
Finally the third tier would have requirements that apply
only to CAT I and CAT II sites. These major facilities
would be responsible for implementing all the DOE physical
Q: What are the most significant changes in DOE M
470.4-2 the requirements regarding physical protection?
A: The most significant changes are associated
with the implementation of Homeland Security Presidential
Directive 12 (HSPD-12). In 2005, President Bush signed
out HSPD-12 requiring a common identification badge or
credential for all government employees and contractors.
A working group has developed DOE's implementation plan
for HSPD-12 and the draft physical protection manual has
been updated as these plans have been provided to HSS.
As the technical specifications for the HSPD-12 badges
have been made public, DOE will no longer have an OUO
section of the physical protection manual where these
specifications have been published in the past.
Return to Top of Page
Q: DOE Directives allow for reduced frequency of inventory and maintenance checks for stored firearms. What is meant by the term "stored firearms"?
A: To qualify as "stored firearms," the weapons cannot be designated as available to support "contingency operations;" e.g., M-4s that could be issued for an emergency response would need to be inspected semiannually. They could not be defined as "stored firearms". In other words, "stored firearms" cannot be part of the active inventory available for duty, training, qualifications, or contingency response operations.
Q: Federalization of the Department's protective force is an option which has been discussed for many years. What is the official DOE position on this option?
A: Since 2004, several studies have been conducted by the DOE and the National Nuclear Security Administration (NNSA) regarding this issue. After jointly reviewing the results of the studies, on January 19, 2009, the Administrator, National Nuclear Security Administration, and the Chief, Health, Safety and Security Officer issued a joint memorandum stating that, "…federalizing the protective force is no longer a viable option that should be pursued" in the current environment. This decision, however, was not meant to foreclose further action to improve the situation of protective force members. On the contrary-the leadership of the Department is committed to exploring every feasible protective force career option and is further committed to developing both near- and long-term actions on behalf of the protective forces. There is a need to consider every aspect of the issue while giving due consideration to previously proposed actions. This will require the collective insight of the senior technical staff of the Department's security community.
Q: How does DOE determine what modifications should be authorized for its weapon systems (both duty weapons and those modified for electronic simulation system use) and how is that information promulgated?
A: When a site identifies a new weapon modification, a package outlining the change is developed and provided to the Office of Security Policy and the National Training Center. After review and discussion with subject matter experts, e.g., at the Armorer's Policy Panel, if the modification is approved, it is added to the Firearms Modification List posted on the HSS website in the Protective Force Supplemental document section at http://www.hss.energy.gov/SecPolicy/pfs/FML.pdf. Additionally, the Firearms Modification List is reviewed annually at the policy panel held in conjunction with annual armorer training.
Q: During a review of the new Contractor Protective Force Manual (DOE M 470.4-3A) it was noted in Attachment 1, Chapter II, paragraph 7.a.(3) that instructors must have the ability to develop course objectives, lesson plans, training aids, and student evaluations. Does this mean that instructors need a course in curriculum development in addition to Basic Instructor Training in order to fulfill the "ability to develop" requirement?
A: No. The intent is that instructors should understand the basic principles and techniques involved in curriculum development, which enables them not only to assist in that process, but also to be able to conduct effective reviews of lesson plans--all designed to make them more proficient in delivery. National Training Center's Curriculum Development (CD) course would be an excellent professional development vehicle, but it is by no means required that instructors attain that skill level. Obviously, if an instructor functions also as a curriculum developer then the formal CD course would be advisable.
Q: Given the publication of DOE M 470.4-3A, Contractor Protective Force, why hasn't the old DOE M 470.4-3, Chg.1, Protective Force, been canceled?
A: The old protective force manual addresses both contractor and Federal protective force requirements. The associated Contractor Requirement Document was canceled by the issuance of DOE M 470.4-3A. However, until the publication of Draft DOE M 470.4-8, Federal Protective Force, the old directive must remain in force.
Q: Department of Energy (DOE) protective force (PF) operations have been satisfactory and
stable for years. Why is the change to an “elite force” or Tactical Response Force
A: As the events of 9/11 and subsequent events worldwide have shown, the adversary that we
have consistently projected since 1983 is not likely to be the adversary we now expect to
face. Today, we can anticipate facing an adversary with more resources and enhanced
capabilities, and who routinely plans to use suicidal tactics as a portion of their overall
tactical plan. In the past, we were able to demonstrate an adequate level of site defense by
using a large number of PF personnel in dispersed positions to overwhelm the adversary
upon detection. Even a small increase in projected adversary numbers makes this tactic
unfeasible, both tactically and from a resource standpoint.
Q: What policy directives were changed to affect the Secretary’s vision of an elite PF for the
A: Page change revisions to implement the elite PF initiative were made to the three most
applicable manuals to ensure an integrated, systems approach to implementation of Tactical
Response Forces at Category I/rollup and Threat Level 2 facilities (facilities where a denial
strategy is applicable):
- DOE M 470.4-1 Chg1, Safeguards and Security Program Planning and Management, now contains the new DOE Tactical Doctrine and other requirements for protection
- DOE M 470.4-2 Chg1, Physical Protection, addresses physical security enhancements
and more reliance on technology to augment PFs.
- DOE M 470.4-3 Chg1, Protective Force, focuses on changes to PF structure,
organization, deployment, training, supervision, equipment, performance testing, and
tactical exercises. A career progression plan and new Rules of Engagement for the
application of deadly force have been included within this manual.
Q: What is the Tactical Response Force concept of employment?
A: The tactical response force concept, combined with the integrated use of security technology
and a well designed barrier plan, provides a solution that is less manpower intensive and, at
the same time, is less sensitive to the number of adversaries encountered. It recognizes that
there traditionally have been PF duties and posts that are primarily intended to support
routine operations and, because of location or other considerations, are of secondary tactical
value during an attack on a special nuclear material (SNM) location. The tactical response
force concept redirects highly trained and tactically skilled PFs toward their primary mission.
Similarly, the defense of an SNM location involves three equally important functions: early
detection and assessment capabilities to enable early interdiction as far away from the target
as possible; establishment of a formidable protective perimeter around the target before the
adversary arrives; and deployment of highly mobile, heavily armed forces who assess early
alarms, engage adversaries sufficiently to evaluate their main assault, and maneuver
decisively against them when the assault team is fixed by fire from the defensive perimeter.
Mobility and firepower for the maneuver forces are provided primarily by lightly armored
vehicles with weapons providing high rates of fire, and secondarily by dismounted forces
with lighter, high rate of fire weapons such as the squad automatic weapon. In general,
mobile units will be covered by overwatch elements with long range weapons on vehicles or
within the static defensive perimeter.
Q: What are the primary duties of the Tactical Response Force?
A: Application of the Tactical Response Force principles is dependent upon site-specific defense
strategies, but tends to lead naturally to three categories of armed combatant: 1) armed
personnel who are primarily assigned to routine duties but who assume key blocking
positions upon attack; 2) armed personnel near target locations who assume prepared
defensive positions upon attack; and 3) mobile forces who carry the fight to the adversary.
The first two of these categories will generally not be required to move long distances under
tactical conditions and are categorized as Special Police Officers (SPO)-I in the revised
policy. Members of the mobile force whose primary duty is to fight using the capabilities
and armament of the vehicle could also be designated as SPO-I. Mobile force members
whose primary mission is to maneuver on and attack adversary forces on foot should be
designated as SPO-II and therefore subject to more rigorous physical fitness standards.
Members of either the static or mobile force who are designated as special response team
members with responsibility for reentering areas defended by an adversary or other special
response team duties, such as hostage rescue and pursuit, should be designated as SPO-III,
with the accompanying training and physical fitness requirements.
Q: Is every site required to have a Tactical Response Force?
A: No. A Tactical Response Force is required only at sites where the PF is responsible for the
security of Category I quantities of SNM; credible rollup of SNM to a Category I quantity;
and those facilities that meet or exceed the Threat Level 2 criteria specified in DOE O
470.3A, Design Basis Threat Policy, for chemical, radiological, or biological thresholds. (At
this time, none have been communicated)
Q: Who determines which categories of SPOs are needed at a site and in what numbers?
A: DOE line management ultimately is responsible for the determination of numbers and
categories of PF personnel needed to provide the level of security required by their site. This
determination is based on mission, vulnerability analyses, protection strategy, and response
Q: Are all DOE PF personnel required to complete a one-mile run as part of their physical
A: No. DOE M 470.4-3 Chg1, Protective Force, requires that those personnel designated as
SPO-II or SPO-III must meet the Offensive Combative Standard (OCS) specified in Title 10,
CFR, Part 1046, “Physical Protection of Security Interests.” Those designated as SPO-I are
required only to meet the Defensive Combative Standard (DCS). The most significant
difference between the OCS and DCS is a 1-mile run in 8 minutes 30 seconds for OCS
versus the half-mile run in 4 minutes 40 seconds for DCS. Unarmed security officers have
no physical fitness standard.
Q: What is the difference between offensive and defensive posts?
A: In general, offensive posts are those manned by individuals who take the fight to adversaries
and who meet the OCS fitness requirement. These are members of the active defense, or
maneuver element, and would deploy from a vehicle or post with expectations of moving
greater than 50 yards from that vehicle or post. Defensive posts are situated such that the
adversaries must come to them and are staffed by personnel who meet the DCS fitness
requirements. As part of the static or fixed defense, they may deploy from a vehicle or post
with expectations of moving less than 50 yards from that vehicle or post. The cited distances
associated with deployment are intended as general guidelines and are dependent upon the
most tactically advantageous maneuver options available from the post or patrol at the time
of deployment. They distinguish relatively short distances that could be negotiated by less
physically-capable SPOs, as opposed to longer distances that might require more stamina.
Line management is responsible for determining the likelihood of extended deployment
zones for each assigned post.
Q: Why is there no longer a “grandfather clause” for the OCS so that PF personnel with age,
illness, or injury issues can keep their jobs as SPO-IIs?
A: With the publication of DOE M 473.2-2, Protective Force Program Manual, on
6-30-00, the fitness requirement for SPO-IIs was established at the OCS as described in Title
10 CFR 1046, “Physical Protection of Security Interests.” A “grandfather clause” was
inserted that allowed incumbent SPO-II personnel to remain at the DCS. When DOE M
470.4-3, Protective Force, was published on 8-26-05, the grandfather clause was not
included, because the original intent of the CFR was spelled out in more detail, noting that
the fitness standard for an individual depended on assignment. DOE sites were to designate
posts as either offensive or defensive in nature, with the intent that less physically demanding
defensive posts could be staffed by those who could not meet the OCS.
Q: How do the new designations of SPO-I, II, and III relate to the old ones, especially with
regard to physical fitness standards?
A: Previously, few sites used the SPO-I designation, but those who were so designated were
required to meet the DCS contained in Title 10 CFR. The SPO-II designation was applied to
more highly-trained PF personnel who, depending on duty assignment, might be required to
meet either the DCS or the OCS specified in 10 CFR 1046. SPO-IIIs were even more highly
trained, including certain specialized training, and required to meet the OCS. The revised
categories and physical fitness standards are shown in the table below.
|Position Designation||Physical Fitness Standard||Position Designation||Physical Fitness Standard
|SPO-I||Defensive Combative Standard||SPO-1||Defensive Combative Standard
|SPO-II (Defensive)||Defensive Combative Standard
|SPO-II (Offensive)||Offensive Combative Standard||SPO-1I||Offensive Combative Standard
|SPO-III ||Offensive Combative Standard||SPO-1II||Offensive Combative Standard
Q: How are the older and more senior PF personnel supposed to be able to qualify as
A: The ability to qualify as a SPO-II at the OCS is not so much a function of age, seniority, or
gender as it is of physical conditioning resulting from a disciplined individual wellness and
fitness program. Injuries or illness can produce exceptions, of course. The Secretary’s elite
force initiative resulted in a Tactical Doctrine and a Career Progression Plan that combine to
provide DOE sites the opportunity to develop protection plans that include the establishment
of both offensive and defensive posts. Personnel who can meet the OCS may be categorized
as SPO-IIs or -IIIs and assigned to the offensive posts, while those who can qualify only at
the DCS may be categorized as SPO-Is and assigned to defensive posts. This policy changes
mainly the title, or categorization, of PF personnel. Those persons who previously worked
SPO-II defensive posts may continue to be eligible to work those posts and remain valued
and essential members of the PF; the new policy simply redesignates them as SPO-Is.
Q: Does DOE policy dictate which categories of PF personnel, and in what numbers, are to be
assigned to a site?
A: No. DOE policy provides sites/facilities the latitude, based on mission, vulnerability
analyses, protection strategy, and response plans, to decide how many SPOs are needed in
each category. Those decisions are made in conjunction with respective Headquarters
Q: If circumstances warrant the designation of most or all PF personnel as SPO-IIs, thereby
requiring the OCS, must all qualify at that standard immediately?
A: If management is committed to designating all or most of their PF personnel as SPO-IIs, then
those so designated will be required to meet the OCS. Even at that, management will have
the latitude to establish compliance milestones in their implementation plans to allow phasein
of the OCS. Paragraph 8 of the introductory section of DOE M 470.4-3, Chg. 1, states:
"Requirements that cannot be implemented within 6 months of the effective date of this
Manual or within existing resources must be documented by the cognizant security authority
and submitted to the relevant program officers…" That provision allows the sites time to
prepare PF personnel who will be assigned to offensive posts to attain the ability to complete
Q: Why do the DOE physical fitness standards not allow for age and gender variations?
A: DOE policy does not discriminate based on age or gender with regard to the performance of
assigned duties. All SPOs within specific categories, regardless of age or gender, must be
able to perform the essential tasks of their assigned positions, whether offensive or defensive.
This concept has been accepted within the DOE since the mid-1980s.
Q: Why doesn’t the DOE adopt an approach to fitness standards such as that used by the
A: The military, although similar in some respects, is structured differently. With some
exceptions, older, more senior individuals and females are generally more remote from direct
engagement with the enemy than younger males. The vast infrastructure of the military
demands that more experienced personnel advance into less tactically-oriented, and thus less
physically demanding, roles; therefore, their fitness standards adjust accordingly. DOE PF
organizations are not structured to accommodate large numbers of personnel whose primary
duties do not revolve around tactical defense of a nuclear site. Any modifications to the
current standards will comply with rulemaking requirements, to include addressing all public
Q: Are the mile and half-mile run standards legitimate tests of a person’s fitness to perform
DOE PF duties?
A: The present standards were derived from a correlation between observed performance of a
series of tactical scenarios and the selected evaluative criteria. The DOE Office of Security
Policy is evaluating a revised standard that will be equally demanding, but will consist of
tasks more closely resembling current PF duty requirements.
Q: Must the assignment of automatic weapons, particularly, crew-served firearms, be limited
to PF personnel who have qualified at the OCS?
A: No. DOE policy does not limit the employment of automatic weapons to sites or posts
designated as offensive. In fact, DOE Tactical Doctrine encourages the placement of
crew-served automatic weapons in defensive emplacements protecting sensitive targets.
Q: Did the elite force policy revisions change the requirement for possession of a “Q”
clearance to be assigned an automatic weapon?
A: No. The issue of the requirement to have a “Q” clearance to be armed with an automatic
weapon was not affected by the elite force policy revisions. Title 10 Code of Federal
Regulations (CFR) 1046.14 conveys two stipulations: "SPOs possessing less than "Q" access authorization shall not be assigned to offensive positions or (emphasis added) duties where fully automatic firearms are required." "Offensive positions" and "duties where fully automatic firearms are required" are not synonymous. It makes no difference whether an automatic weapon is deployed in a defensive or an offensive position; the SPO to which the
weapon is assigned must have a "Q" clearance according to the CFR.
Q: What has been done to clarify the circumstances under which deadly force may be applied
at the site level?
A: The March 2006 policy revisions included, for the first time, guidelines for rules of
engagement (ROE) that require the development of site- and post-specific ROE incorporating
the concept of “hostile intent.” Such ROE must consider the type of materials being
protected, site geography, building construction, PF strength and capability, adversary task
times, adversary characteristics as described in the current DOE Design Basis Threat, and
consequences of asset loss. The ROE must clearly state under what conditions the
circumstances of hostile intent have been met for each post in order for deadly force to be
applied. The posting of perimeter signage that states, “Halt, Deadly Force is Authorized
Beyond This Point” is authorized. Completed ROE must be submitted to the DOE cognizant
security authority for review and approval. The National Nuclear Security Administration
requires that site ROE be reviewed by the local DOE Chief Counsel. Upon approval,
examples of likely scenarios where the use of deadly force may and may not be authorized
must be included in General and Post Orders.
Return to Top of Page
Q: Why was the timing for CMPC refresher training removed from the Information Security Manual?
A: The timing element was removed to provide CMPC POCs with sufficient latitude to manage and implement their program. The Manual requires each site/facility to establish its own CMPC Program with a CMPC Point-of-Contact (POC). There is a national requirement for individuals to have an initial security briefing and/or training when they receive a clearance or access authorization. There is also a national requirement for an annual security refresher briefing based on that initial security briefing/training. In addition, individuals who work with classified information on a routine basis are required to receive detailed CMPC briefing/training as it applies to his or her duties prior to their taking on those tasks.
Since the CMPC POC is knowledgeable about the activities and missions at his or her site/facility, the POC is responsible for determining when CMPC briefing/training should be provided based on his or her knowledge of the national requirements, the information provided at the initial security briefing/training, the activities of individuals at his or her site/facility, and whether the specific skills are perishable or not. They are also responsible for disseminating new information as policies or other factors change. Depending on the information that needs to be promulgated, the CMPC POC may choose to add that information to the annual security refresher briefing or they may choose individually developed briefing/training based on the specific topical areas within CMPC.
Q: Why was the one-hour rule not included in DOE M 470.4-4A?
A: The one-hour provision was removed as a result of the comment and resolution period within the RevCom process for DOE M 470.4-4A. DOE and National policy requires that classified matter be protected from unauthorized access and for it to be provided appropriate storage when not in use or under the control of an authorized individual. Anything that does not meet those requirements would require a deviation. Additionally, one of the objectives in revising the information security manual was to reduce or eliminate "how-to" direction for local program implementation and the one-hour rule was a how-to. Local procedures to implement classified matter storage and in-use requirements must be documented as part of your CMPC program plan and included in your local site/facility security plan.
Q: There was a change in the length of time a Top Secret working paper could remain a working paper, decreasing from 180 days to 30 days. Does the 180 days still apply for Confidential and Secret working papers?
A: Yes, each Confidential and Secret working paper must be marked as a final document no later than 180 days after creation. Only Top Secret working papers must be brought into final marking condition within 30 days. Also, once something is determined to possibly be Top Secret, it becomes accountable, even if it is still a working paper.
Q: I have a piece of Accountable Classified Removable Electronic Media (ACREM) that has been degaussed and is awaiting physical destruction, so do I still have to inventory it as accountable matter?
A: Yes, unless it is verified that the item no longer contains any of the information that required it to be accountable and no such information is recoverable from the item, it must still be considered accountable and subject to inventory requirements. DOE M 470.4-4A states, "Inventories must consist of a physical comparison of each item against the current inventory listing. Discrepancies must be resolved, if possible using the previously reconciled inventory and receipts, transfers and destruction records. Each item listed in an accountability record must be verified visually."
However, since 32 C.F.R. Parts 2001 and 2004, and the National Industrial Security Program Operating Manual (NISPOM) do not specify the "physical" and "visual" aspects of inventories, it may be acceptable to develop an acceptable substitute to DOE's requirements, provided:
The media remain adequately protected;
The current and previous individual assigned control/possession of the media at any given time are documented and this information remains available throughout record retention periods;
The media remain accessible for inspection; and
Inventories and resolution of discrepancies are used to validate the location and status of the media.
For example, if multiple appropriately degaussed media are inventoried and placed into a container that is sealed with an adequate tamper indicating device, and the sealed container is stored in a security area cleared for open storage of the highest level/category of the media, with the container being configured and located such that there is high assurance the media have not been accessed since being placed, it may be acceptable to base the subsequent inventory of the media on verification of the sealed container rather than by access to the individual media. Approval of this type of deviation must also consider the potential to access the information on the media, including presence and recoverability of information and all applied protection measures. Destruction requirements remain applicable for all accountable matter.
Q: What role do HSS and/or the Office of Security Policy have in the DOE OPSEC Program?
A: Our goal is to provide OPSEC managers and practitioners in DOE with policy direction, interpretation of its requirements, and other assistance as requested. This policy focus will enable the DOE Program Offices to concentrate on their various operational implementation responsibilities.
Q: What is Controlled Unclassified Information (CUI) and does it apply in DOE?
A: Controlled Unclassified Information (CUI) refers to unclassified information that does not meet the standards for National Security Classification under Executive Order 12958, as amended, but is:
Pertinent to the national interests of the United States or to the important interests of entities outside the Federal Government, or
Under law or policy requires protection from unauthorized disclosure, special handling safeguards, or prescribed limits on exchange or dissemination.
On May 9, 2008, President Bush issued a memorandum mandating the use of the term "Controlled Unclassified Information" within the Information Sharing Environment (ISE) and mandating Government-wide policies for the identification and safeguarding of CUI within the ISE. Policies for CUI are being developed by the CUI Office within the National Archives and Records Administration with the assistance of a CUI Council. The Office of Classification (HS-90) is the DOE representative to the CUI Council and is the lead for CUI policy in DOE. Because CUI policies under the May 2008 memorandum are under interagency development, no action should be taken by DOE employees until CUI requirements are finalized and promulgated. Employees should continue to follow Unclassified Controlled Nuclear Information and Official Use Only directives.
Additional information regarding CUI may be found on http://www.archives.gov/cui
Q: Is the Department of Energy Authorized to create Special Access Programs (SAPs)?
A: Executive Order 12958, Classified National Security Information Act, as amended, (March 28, 2003) states, "Unless otherwise authorized by the President, the Secretary of Energy, or the principal deputy, may create a special access program."
Q: When are Special Access Programs established?
A: Special Access Programs are established only when the program is required by statute or upon a specific finding that:
(1) the vulnerability of, or threat to, specific information is exceptional; and
(2) the normal criteria for determining eligibility for access applicable to information classified at the same level are not deemed sufficient to protect the information from unauthorized disclosure.
Q: Are there Special Access Program limitations?
A: Special access programs are limited to programs in which the number of persons who have access is reasonably small and commensurate with the objective of providing enhanced protection for the information involved.
Q: Why were many of the national requirements removed from the new DOE M 470.4-4A, Information Security?
A: Secretary Bodman's memo of September 10, 2007 required: "Departmental
directives shall not duplicate or be inconsistent with applicable
laws or regulations. To the extent possible, directives also
should be written so that they are consistent with or incorporate
widely accepted national standards." Requirements were removed
to comply with this Secretarial initiative.
Q: How do I know which laws and regulations are applicable?
A: DOE M 470.4-7, Safeguards and Security Program References, lists
applicable references for the DOE 470-Series Security Manuals.
In addition, applicable references for DOE M 470.4-4A, Information
Security, have been added to that Manual and its Contractor
Requirements Document for easy reference. Further, the Office
of Security Policy is developing a web application to maintain
a current list of these references, provide a limited search
feature, and give a current web-based link to these national
level policies/references. The Office of Health, Safety and
Security (HSS) plans to place this application on its web
site in 2009.
Q: Why should I have a new or updated document reviewed by a classifier
if it only contains information that was marked as Unclassified, even though the
information was extracted or copied from a classified document?
A: The review provides a protection for the author as well as for the
information. Whenever information is taken from a classified
document to be placed into another document it obviously came
from a classified subject area. If you are not an expert in
the subject area, you may not realize that adding that particular
unclassified information with other unclassified information
may result in a compilation - which is where pieces of information,
which are unclassified when separate, become classified when
joined together. For example, a date and location may not
be classified when included by themselves. However, if you
add a third fact, such as a planned meeting topic to the mix,
it may become classified.
Q: Why does the Department establish and require specifically-defined
protection of Accountable Classified Removable Electronic Media (ACREM) when
other U.S. Government agencies do not?
A: Based on several past incidents at the Department, and the potential
for losing large quantities of classified information regarding
nuclear weapons via one or a small number of electronic media,
the Deputy Secretary of Energy established additional requirements
for protecting and accounting for classified electronic media
that contain the most sensitive information for which DOE
Q: The Information Security manual states, "ACREM may be reproduced
when any of the data that resides on a piece of ACREM is to be copied onto
a piece of media that has already been placed into the formal accountability
system, provided there are no other limitations. Permission is required from
the DOE cognizant security authority before copying any of the data that
resides on a piece of ACREM onto a piece of media that has not already been
placed into the formal accountability system." This appears to be unnecessary
and does not increase security or accountability for these assets; why am I
required to place such media into accountability before copying any information
A: CREM is an acronym for Classified Removable Electronic Media, and
ACREM is Accountable CREM. This particular requirement applies
to certain cases that were identified subsequent to CREM/ACREM
requirements being established at the direction of the Deputy
Secretary of Energy. Generally, ACREM is copied onto other
ACREM. If, for example, unclassified information is copied
from ACREM to non-ACREM, this requires DOE CSA authority,
approval and accountability. However, to clarify the intent
of this requirement, proposed Manual 470.4-4A, Information
Security, contains the following replacement for this paragraph.
"When any of the data that reside on a piece of ACREM (source media, in this case)
is moved to, or reproduced on, another piece of media, the receiving media immediately
becomes (or remains) accountable because it must be assumed to contain that which
made the source media accountable, until proven otherwise and approved by the DOE CSA."
Q: Why do I have to have Classified Matter Protection and Control (CMPC)
training if I don't have responsibility for a safe or repository?
A: Training is required by various National directives, such as the
National Industrial Security Program Operating Manual, and
32 CFR Parts 2001 and 2004, Classified National Security Information
Directive No. 1, the latter which states in part:
- General. Each department or agency shall
establish and maintain a formal security education
and training program which provides for initial
and refresher training, and termination briefings.
This subpart establishes security education
and training standards for original classification
authorities, declassification authorities,
security managers, classification management
officers, security specialists, and all other
personnel whose duties significantly involve
the creation or handling of classified information.
These standards are not intended to be all-inclusive.
The official responsible for the security
education and training program may expand
or modify the coverage provided in this part
according to the agency's program and policy
- Elements of initial coverage. All cleared
agency personnel shall receive initial training
on basic security policies, principles, practices,
and criminal, civil, and administrative penalties.
Such training must be provided in conjunction
with the granting of a security clearance,
and prior to granting access to classified
information. The following areas should be
considered for inclusion in initial briefings.
- Roles and responsibilities,
- Elements of classifying and declassifying
- Elements of safeguarding.
security education and training. Original
classification authorities, authorized classification
authorities, individuals specifically designated
as responsible for derivative classification,
classification management officers, security
managers, security specialists, and all other
personnel whose duties significantly involve
the creation or handling of classified information
should receive more detailed training. This
training should be provided before or concurrent
with the date the employee assumes any of
the positions listed above, but in any event
no later than six months from that date.
Q: Why was non-standard storage removed
from the Information Security Manual?
A: By definition, non-standard storage
(NSS) differs from normal storage conditions
and ability to meet typical requirements. Given
this divergence from the norm and the wide dissimilarities
from one instance of NSS conditions to the next,
policy was previously changed such that NSS
was intended to be treated as a deviation rather
than an ordinary process. However, the current
information security manual (DOE M 470.4-4A)
contains sections on 1) Non-conforming Storage:
to address classified matter that cannot be
protected by the established standards and requirements
due to its size, nature, operational necessity,
or other factors; and 2) Permanent Burial: to
address permanent placement of classified matter.
Q: Regarding the reproduction section of
the Information Security manual, why not just
recognize that all accountable CREM will be
placed into accountability?
A: The associated requirement was written
as a result of extensive discussions with individuals
from various sites and programs regarding their
local implementations. There were occasions
when it was asserted that it was possible to
copy some of the data from a piece of ACREM
onto separate media in such a way as for that
new media to not contain information that requires
it to be placed into accountability and that
it would not need to be marked at the accreditation
level of the system where the source ACREM resided.
The expanded language in the Reproduction section
is, in part, responsive to this scenario.
So, if someone creates a new piece of ACREM,
he or she must place it into accountability
before writing any information to it that would
make the media accountable or placing it into
an information system which is accredited for
S/RD or higher. No CSA action is required in
these cases. However, to EXTRACT a file (say
an unclassified document or appendix) from a
piece of ACREM - to media that will not be designated
as ACREM, the process for doing so, and ensuring
that ACREM is not inadvertently created, requires
Classification Officer and Designated Approving
Authority involvement and CSA approval.
To clarify the intent of this topic, proposed
Manual 470.4-4A, Information Security, contains
the following: "When any of the data that
reside on a piece of ACREM (source media, in
this case) is moved to, or reproduced on, another
piece of media, the receiving media immediately
becomes (or remains) accountable because it
must be assumed to contain that which made the
source media accountable, until proven otherwise
and approved by the DOE CSA."
Q: Does classified matter that is going to be destroyed have to be protected (but not stored) and controlled until it is finally destroyed?
A: Yes, classified matter must be protected and controlled until
it is finally destroyed. For classified matter to be protected
and controlled, it must either be "in use" (constantly
attended by, or under the control of, a person possessing
the proper security clearance and need-to-know) or securely
stored in an approved secure storage repository (i.e.
vault, safe or vault-type room).
Q: I am the ACREM Custodian, do I have
to destroy my ACREM or can I delegate it
A: As ACREM Custodian, you would not have to destroy your ACREM
personally unless it is required by local procedures.
However, an individual who is authorized access to the
ACREM must accompany the matter to the destruction site
and witness the destruction to include inspecting the
residue. To remove the ACREM from accountability, a copy
of the destruction certificate certifying the ACREM was
destroyed would have to be presented to you as the ACREM
Custodian. The certificate must include the name of the
individual who validated the destruction.
Q: What is the NISPOM and how does it apply to DOE?
A: The National Industrial Security Program Operating
Manual (NISPOM) is the implementing directive for the
National Industrial Security Program (NISP), which was
established by Executive Order 12829, to achieve common
standards for protecting classified information that is
held by contractors, licensees, and grantees of the Federal
Government. National security requires that this information
be safeguarded equivalent to its protection within the
executive branch. The NISP is applicable to all executive
branch departments and agencies. Under the Atomic Energy
Act of 1954, as amended (AEA), DOE is responsible for
controlling the protection, classification, dissemination
and declassification of Restricted Data and Formerly Restricted
Data. Concurrently, under the NISPOM, the Secretary of
Energy retains authority over the information classified
under the provisions of the Atomic Energy Act of 1954,
as amended. Moreover, the security cognizance over the
Department remains with the Department of Energy. Thus,
DOE retains responsibility for security administration
regarding classified activities and contracts under its
Q: Why must I remove my DOE/Site parking
pass/DOE Badge from open view when I leave
A: Your parking pass and badge reveal
information about you. There are several
reasons to remove parking passes from open
view (and similarly protecting badges).
These include considerations of personal
safety as well as personal and organizational
security. From a safety perspective, a parking
pass hanging from a rear-view mirror can
obstruct a driver's vision. Additionally,
the parking pass or badge provides information
about you that may be useful to a stranger
who intends you harm, or to an adversary
or competitor of your organization or the
Federal Government. Significant concerns
include turning you and/or your car and
its contents into a target of opportunity
(breaking into your vehicle to steal the
pass; or creating a counterfeit pass or
badge based on visual access to yours).
Such release of relatively small amounts
of information (e.g. parking passes, individuals
who possess them and how they are used)
may be combined with other public or unprotected
information to permit an aggressor to defeat
access control processes, disrupt missions/operations,
or otherwise compromise important activities.
Q: What is the difference between the
terms Electronic Storage Media (ESM) and
Classified Removable Electronic Media (CREM),
as used in DOE M 470.4-4, Information Security?
A: Electronic storage media (ESM)
refers to all electronic storage media.
It does not have to be classified or removable,
whereas CREM must be both classified and
removable. Additionally, the term ACREM
is used for accountable classified removable
electronic media. Given these definitions,
ACREM is a subset of CREM and CREM is a
subset of ESM.
Q: When may I consider classified electronic
storage media (ESM) to be unclassified?
A: Generally, DOE M 470.4-4A, Information Security, does not
permit classified ESM to be removed from accountability,
downgraded, or declassified if the ESM provides any potential
access to information that made/makes it accountable or
classified at a specific level and/or category. The basic
performance requirement is that no classified information
is present or recoverable before any of these actions
are permissible. The DOE Office of the Chief Information
Officer promulgates policy indicating approved methods
for accomplishing the sanitization, clearing, and destruction
of electronic media for use in determining the proper
classification and accountability status of ESM.
Q: On December 3, 2007, the DOE Chief Health, Safety
and Security Officer signed out a memorandum establishing
policy panels to increase feedback from the implementers
of DOE policy. How will the Information Security policy
panel be organized?
A: The Information Security Policy Panel (ISPP)
is divided into three separate Policy Panels: Classified
Matter Protection and Control (CMPC), Operations Security
(OPSEC), and Technical Surveillance Countermeasures (TSCM).
The policy panels are organized to provide expert opinion
to the Office of Security Policy on policy implementation
issues, legal, and technology factors that affect information
security policy and other relevant topics as they are
identified. Temporary or permanent subcommittees may be
formed as needed to provide specific input to issues raised,
and participants or topics may span across more than one
of the ISPP sub-elements as needed. HSS will attempt to
leverage technology to conduct meaningful panels without
the financial and administrative burden posed by many
face-to-face meetings. Meetings may consist of teleconferences,
videoconferences, and in-person events.
Q: Does the Information Security manual apply to anything
besides paper documents?
A: Yes, the Information Security manual applies
to all classified information, in all forms. These forms
include, but are not limited to paper, electronic, parts,
waste, and auditory (for example, spoken information).
Although this manual provides requirements for all classified
information, there are other DOE directives that provide
additional requirements for certain forms of classified
information. Two prime examples are requirements for protecting
classified special nuclear material (SNM), which are found
in DOE M 470.4-2, Physical Protection and DOE M 470.4-6,
Nuclear Material Control and Accountability, and cyber
security requirements (for classified information in electronic
form), that are promulgated by the DOE Office of the Chief
Information Officer (OCIO).
For information in electronic format, the Information Security manual provides general requirements
for protecting classified information that apply, and provides requirements for protecting the physical
aspects of classified (cyber) information. Please note that the following examples do not include all
relevant requirements as they are just provided here for illustration.
Examples of General Requirements:
- Classified information and matter that is generated, received, transmitted, used, stored, reproduced, or destroyed must be protected and controlled.
- Controls must be established to prevent, deter, and detect unauthorized access to classified matter.
- Classified information may be disclosed only to individuals who have appropriate access authorization for the level and category of the information involved, all required formal access approval(s), and a legitimate need-to-know.
Examples of Physical Aspect Requirements:
- All classified information systems media must be marked with the accreditation level of the information system unless an appropriate classification review has been conducted. All classified electronic storage media (ESM) must have the overall classification level and category (if RD or FRD) visible on the front and back.
- Classified Removable Electronic Media (CREM) that contain Sigma 1, 2, 14, or 15; a combination of nuclear weapons design/test data; or Top Secret or Special Access Program (SAP) matter must be separated from and not commingled with other classified information/media.
- Vaults or VTRs that are used to store ACREM must be configured to provide limited access to ACREM by only the ACREM custodian(s) or alternate ACREM custodian(s).
Q: Does the Information Security manual address verbal
discussion of classified information?
A: Yes, the Information Security manual addresses
the auditory form of classified information in Section
A, Paragraph 2, which states, in part:
- Classified information and matter that is generated, received, transmitted, used, stored, reproduced, or destroyed must be protected and controlled.
- Buildings and rooms containing classified matter must be provided the security measures necessary to deter unauthorized persons from gaining access to classified matter; specifically, security measures that prevent unauthorized visual and/or aural access.
- Classified information may be disclosed only to individuals who have appropriate access authorization for the level and category of the information involved, all required formal access approval(s), and a legitimate need-to-know.
Q: What is an "Ad Hoc Working Group" as used in the
Information Security Manual?
A: An Ad Hoc Working Group (AHWG), in the context
of the manual, is a formally defined (documented by or
in accordance with line management) group of individuals
participating in a specific activity, project, or group
of activities in which all members have been determined
to have the appropriate access authorization, any required
formal access approvals, and need-to-know. The AHWG must
have the ability to limit access to on-line activities
to only those members of the AHWG and use that ability
when transmitting classified information which is not
marked as a final document. Limiting access to on-line
information is essentially a cyber security issue. Questions
regarding requirements and guidance for such access limitations
should be directed to the DOE Office of the Chief Information
This terminology was developed primarily to allow a defined group of individuals the ability to work
together on draft documents without requiring any individual document to be marked as a final document
just because control of the document changed from one person to another in the same working group.
Each AHWG is required to be formally defined to increase the assurance that all marking and other
requirements are met and that individuals are accountable for classified matter entrusted to them.
Q: What were the major changes for the Information
Security manual when DOE M 470.4-4 Change 1 was published?
A: The manual was changed to reflect input from
various field/program activities and updates to CMPC requirements.
These changes were designed to allow more efficient application
and management of program resources and to provide increased
flexibility in implementation of departmental security
requirements, bounded by required performance levels.
- Requirements for protection, handling, and accountability of Classified Removable Electronic Media (CREM) were changed to eliminate unnecessary resource burdens while maintaining protection and accountability by:
- modifying the number of allowable custodians/alternate custodians based on site specific procedures, operational need, and associated risk;
- providing for appropriate temporary storage of ACREM when necessary;
- modifying required inventory frequency, depending on risk and other site-specific factors,
- The current Confidential Foreign Government Information-Modified Handling Authorized (C/FGI-MOD) coversheet was replaced with an updated version.
- Marking requirements for automated information system hard copy output were clarified.
- A new intelligence dissemination marking, Releasable by Information Disclosure Official (RELIDO), was added.
- Office names were changed to conform with DOE organizational changes (e.g. Office of Security to Office of Health, Safety and Security).
Q: The Operations Security section of the Information
Security manual refers to Critical Program Information
(CPI). Is this just a form of Official Use Only information?
A: Critical Information is not a subset of OUO
or FOUO. Qualifying for either marking is not a prerequisite
for information to be Critical in this context. CPI has
its basis in National Security Decision Directive (NSDD)
298, National Operations Security Program. This
information includes specific facts about friendly intentions,
capabilities, and activities vitally needed by adversaries
for them to plan and act effectively and guarantee failure
or unacceptable consequences for friendly mission accomplishment.
Further, this information may be OUO, UCNI and/or classified
and still meet the CPI threshold.
Q: If a document is received from another agency (e.g.,
DOD) and the classification markings do not meet current
requirements, is the receiving organization required to
re-mark the document? (Implicit in the question is that
the document has been properly classified, just the marking
is in question).
A: As long as the classification level and category
is correctly marked on the document, DOE is not required
to re-mark other agency documents. If it is necessary
to completely and correctly mark a document from another
agency, the other agency should be contacted regarding
the marking, or the document should be returned to that
agency for correct markings. There may be cases where
the corrections are minor or the other agency has a waiver
from the requirement in question. Contacting the sender
would be necessary to determine whether or not they had
a waiver or how to make the appropriate corrections to
Q: Where on NSI-only documents should we put the new
"Derivative Declassifier Review Required Prior to Declassification"
A: According to the Office of Classification,
there is no requirement for the exact placement of the
marking. However, for clarity, it is suggested that it
be placed on the first page of the document near the classification
stamp that has the "Declassify On" line. That way it serves
as a reminder that it is not automatically declassified
as it may seem to indicate. The marking should be legible
and should stand out apart from both the classifier stamp
and any other text.
Return to Top of Page
Nuclear Material Control and Accountability
Q: Can material from two Reporting Identification Symbols (RISs) be used and stored in the same Material Balance Area (MBA)?
A: Yes, you can have materials associated with multiple RISs (location and/or programmatic RISs) in a single MBA.
Q: What are L-RIS and P-RIS?
A: Location Reporting Identification Symbols (L-RIS) can be assigned to represent an entire site such using AWA to represent Pantex, a particular facility at a single site such as the KAMS area at SRS, or for multiple facilities operated by the same contractor at the same site (e.g., Hanford used to have a different L-RIS for the PNNL, Fuel Fabrication operations, Reactor operations, and Chemical Separations reflecting different operating contractors). These L-RISs are assigned at the discretion of the field office with oversight responsibilities for the facilities and materials.
Programmatic Reporting Identification Symbols (P-RIS) are also assigned at the discretion of the field office (usually coordinated with the headquarters program office) based on the funding responsibility for the projects used in reporting the materials assigned to those projects.
Q: Do L-RIS and P-RISs have to be the same?
A: Location Reporting Identification Symbols (L-RIS) and Programmatic Reporting Identification Symbols (P-RIS) for a particular project can be the same but do not have to be the same. P-RISs are associated with projects rather than locations and are established at the same time the project number is established in the NMMSS. For example if PNNL were doing work on tritium research and development in support of Defense Programs programmatic activities at Los Alamos. Any tritium physically located at PNNL would have a PNNL L-RIS of HYA and a PNNL project number but the PNNL project number might have a LANL P-RIS of AUA indicating the tritium located at PNNL is in support of the LANL activities.
Q: How is P-RIS used in NMMSS?
A: The Programmatic Reporting Identification Symbols (P-RIS) is used to sort and total material in programmatic project reports (e.g., P-111's). Therefore, NMMSS reports are able to be produced, based on programmatic responsibility for materials across the entire DOE complex.
Q: Who uses P-RIS information?
A: HQ program offices and materials managers are the typical users of the Programmatic Reporting Identification Symbols (P-RIS) information based reports. NMMSS operations also use this information to respond to requests from site representatives about what materials they have at their site that "belong" to other sites.
Q: How is the P-RIS information collected?
A: Programmatic Reporting Identification Symbols (P-RIS) Information is entered/updated during an annual data call to the field offices, which is done for updating the project numbers, and/or when a new project number is established within the NMMSS.
Q: What are Technical Standards?
A: Technical Standards are developed and adopted by voluntary consensus
standards bodies as a means to carry out policy objectives
or activities as determined by the agencies and departments.
Q: Why are we making a technical standard for MC&A?
A: This technical standard on Nuclear Material Control and Accountability
(MC&A) is being developed to provide site facilities with
an accepted means of meeting the performance objectives and
metrics specified in the policy requirements for MC&A.
Q: What is the purpose of an MC&A
A: MC&A plans can serve as a planning document for the facility
to use in carrying out its MC&A program and budgeting
for its operations. Additionally, MC&A plans have